From f7df7199e27bbf590eb2f7f1a5711f7c2cbf78d7 Mon Sep 17 00:00:00 2001
From: Jan-Hendrik Boll <jboll@redhat.com>
Date: Fri, 22 Nov 2024 11:19:34 +0100
Subject: [PATCH] MinTLS Version is a read only property

---
 config/config.msft.yaml                                  | 1 -
 config/config.schema.json                                | 7 +------
 config/config.yaml                                       | 1 -
 config/public-cloud-cs-pr.json                           | 1 -
 config/public-cloud-dev.json                             | 1 -
 config/public-cloud-msft-int.json                        | 1 -
 config/public-cloud-personal-dev.json                    | 1 -
 dev-infrastructure/configurations/region.tmpl.bicepparam | 1 -
 dev-infrastructure/modules/maestro/maestro-infra.bicep   | 4 ----
 dev-infrastructure/templates/region.bicep                | 4 ----
 10 files changed, 1 insertion(+), 21 deletions(-)

diff --git a/config/config.msft.yaml b/config/config.msft.yaml
index e8f230b0d..62aeee688 100644
--- a/config/config.msft.yaml
+++ b/config/config.msft.yaml
@@ -52,7 +52,6 @@ defaults:
     eventGrid:
       name: arohcp-maestro-{{ .ctx.regionShort }}
       maxClientSessionsPerAuthName: '4'
-      minTLSVersion: '1.2'
     certDomain: 'selfsigned.maestro.keyvault.azure.com'
     postgres:
       name: arohcp-maestro-{{ .ctx.regionShort }}
diff --git a/config/config.schema.json b/config/config.schema.json
index ebbeb83cb..763072c72 100644
--- a/config/config.schema.json
+++ b/config/config.schema.json
@@ -230,17 +230,12 @@
               },
               "name": {
                 "type": "string"
-              },
-              "minTLSVersion": {
-                "type": "string",
-                "enum": ["1.2"]
               }
             },
             "additionalProperties": false,
             "required": [
               "maxClientSessionsPerAuthName",
-              "name",
-              "minTLSVersion"
+              "name"
             ]
           },
           "imageBase": {
diff --git a/config/config.yaml b/config/config.yaml
index 74cf20329..9b323255f 100644
--- a/config/config.yaml
+++ b/config/config.yaml
@@ -52,7 +52,6 @@ defaults:
     eventGrid:
       name: arohcp-maestro-{{ .ctx.regionShort }}
       maxClientSessionsPerAuthName: '4'
-      minTLSVersion: '1.2'
     certDomain: 'selfsigned.maestro.keyvault.azure.com'
     postgres:
       name: arohcp-maestro-{{ .ctx.regionShort }}
diff --git a/config/public-cloud-cs-pr.json b/config/public-cloud-cs-pr.json
index 035f46ccf..934171de8 100644
--- a/config/public-cloud-cs-pr.json
+++ b/config/public-cloud-cs-pr.json
@@ -58,7 +58,6 @@
     "consumerName": "hcp-underlay-cspr-mgmt-1",
     "eventGrid": {
       "maxClientSessionsPerAuthName": "4",
-      "minTLSVersion": "1.2",
       "name": "arohcp-maestro-cspr"
     },
     "imageBase": "quay.io/redhat-user-workloads/maestro-rhtap-tenant/maestro/maestro",
diff --git a/config/public-cloud-dev.json b/config/public-cloud-dev.json
index dfc19ace6..37c541334 100644
--- a/config/public-cloud-dev.json
+++ b/config/public-cloud-dev.json
@@ -58,7 +58,6 @@
     "consumerName": "hcp-underlay-dev-mgmt-1",
     "eventGrid": {
       "maxClientSessionsPerAuthName": "4",
-      "minTLSVersion": "1.2",
       "name": "arohcp-maestro-dev"
     },
     "imageBase": "quay.io/redhat-user-workloads/maestro-rhtap-tenant/maestro/maestro",
diff --git a/config/public-cloud-msft-int.json b/config/public-cloud-msft-int.json
index 534e7ad5b..18f7df02a 100644
--- a/config/public-cloud-msft-int.json
+++ b/config/public-cloud-msft-int.json
@@ -58,7 +58,6 @@
     "consumerName": "hcp-underlay-int-mgmt-1",
     "eventGrid": {
       "maxClientSessionsPerAuthName": "4",
-      "minTLSVersion": "1.2",
       "name": "arohcp-maestro-int"
     },
     "imageBase": "quay.io/redhat-user-workloads/maestro-rhtap-tenant/maestro/maestro",
diff --git a/config/public-cloud-personal-dev.json b/config/public-cloud-personal-dev.json
index f4e5b4405..4e99c9627 100644
--- a/config/public-cloud-personal-dev.json
+++ b/config/public-cloud-personal-dev.json
@@ -58,7 +58,6 @@
     "consumerName": "hcp-underlay-usw3tst-mgmt-1",
     "eventGrid": {
       "maxClientSessionsPerAuthName": "4",
-      "minTLSVersion": "1.2",
       "name": "arohcp-maestro-usw3tst"
     },
     "imageBase": "quay.io/redhat-user-workloads/maestro-rhtap-tenant/maestro/maestro",
diff --git a/dev-infrastructure/configurations/region.tmpl.bicepparam b/dev-infrastructure/configurations/region.tmpl.bicepparam
index 1ba9037bd..e0cb3940b 100644
--- a/dev-infrastructure/configurations/region.tmpl.bicepparam
+++ b/dev-infrastructure/configurations/region.tmpl.bicepparam
@@ -9,4 +9,3 @@ param regionalDNSSubdomain = '{{ .regionalDNSSubdomain }}'
 param maestroKeyVaultName = '{{ .maestro.keyVaultName }}'
 param maestroEventGridNamespacesName = '{{ .maestro.eventGrid.name }}'
 param maestroEventGridMaxClientSessionsPerAuthName = {{ .maestro.eventGrid.maxClientSessionsPerAuthName }}
-param maestroEventGridMinimumTlsVersionAllowed = '{{ .maestro.eventGrid.minTLSVersion }}'
diff --git a/dev-infrastructure/modules/maestro/maestro-infra.bicep b/dev-infrastructure/modules/maestro/maestro-infra.bicep
index d80d844a1..24ae8cec2 100644
--- a/dev-infrastructure/modules/maestro/maestro-infra.bicep
+++ b/dev-infrastructure/modules/maestro/maestro-infra.bicep
@@ -35,9 +35,6 @@ param maestroKeyVaultName string
 @description('The name for the Managed Identity that will be created for Key Vault Certificate management.')
 param kvCertOfficerManagedIdentityName string
 
-@description('Minimum TLS version allowed for the EventGrid Namespace')
-param minimumTlsVersionAllowed string = '1.2'
-
 @description('Allow public network access to the EventGrid Namespace')
 @allowed([
   'Enabled'
@@ -121,7 +118,6 @@ resource eventGridNamespace 'Microsoft.EventGrid/namespaces@2024-06-01-preview'
   properties: {
     isZoneRedundant: true
     publicNetworkAccess: publicNetworkAccess
-    minimumTlsVersionAllowed: minimumTlsVersionAllowed
     topicSpacesConfiguration: {
       state: 'Enabled'
       maximumSessionExpiryInHours: 1
diff --git a/dev-infrastructure/templates/region.bicep b/dev-infrastructure/templates/region.bicep
index 256ce75ab..ae4b8d8ef 100644
--- a/dev-infrastructure/templates/region.bicep
+++ b/dev-infrastructure/templates/region.bicep
@@ -13,9 +13,6 @@ param maestroEventGridNamespacesName string
 @description('The maximum client sessions per authentication name for the EventGrid MQTT broker')
 param maestroEventGridMaxClientSessionsPerAuthName int
 
-@description('Minimum TLS version allowed for the EventGrid Namespace')
-param maestroEventGridMinimumTlsVersionAllowed string = '1.2'
-
 @description('Set to true to prevent resources from being pruned after 48 hours')
 param persist bool = false
 
@@ -70,6 +67,5 @@ module maestroInfra '../modules/maestro/maestro-infra.bicep' = {
     maestroKeyVaultName: maestroKeyVaultName
     kvCertOfficerManagedIdentityName: maestroKeyVaultCertOfficerMSIName
     publicNetworkAccess: 'Enabled'
-    minimumTlsVersionAllowed: maestroEventGridMinimumTlsVersionAllowed
   }
 }