add in the min tls

Author: vilit1

src/azure-cli/azure/cli/command_modules/iot/_params.py

@@ -235,8 +235,9 @@ def load_arguments(self, _):  # pylint: disable=too-many-statements
                         "refer to the system-assigned managed identity or a resource ID to refer to a "
                         "user-assigned managed identity.")
         c.argument('min_tls_version', options_list=['--min-tls-version', '--mintls'],
-                   type=str, help='Specify the minimum TLS version to support for this hub. Can be set to'
-                                  ' "1.2" to have clients that use a TLS version below 1.2 to be rejected.')
+                   type=str, help='Specify the minimum TLS version to support for this hub. Can be set to '
+                                  '"1.0" or "1.2". For example, minimum TLS version set to "1.2" '
+                                  'results in clients that use a TLS version below 1.2 to be rejected.')
         c.argument('tags', tags_type)
         c.argument('system_identity', options_list=['--mi-system-assigned'],
                    arg_type=get_three_state_flag(),

src/azure-cli/azure/cli/command_modules/iot/custom.py

@@ -636,6 +636,7 @@ def update_iot_hub_custom(instance,
                           fileupload_storage_authentication_type=None,
                           fileupload_storage_container_uri=None,
                           fileupload_storage_identity=None,
+                          min_tls_version=None,
                           tags=None):
     from datetime import timedelta
     if tags is not None:
@@ -668,6 +669,8 @@ def update_iot_hub_custom(instance,
     if fileupload_notification_ttl is not None:
         ttl = timedelta(hours=fileupload_notification_ttl)
         instance.properties.messaging_endpoints['fileNotifications'].ttl_as_iso8601 = ttl
+    if min_tls_version is not None:
+        instance.properties.min_tls_version = min_tls_version
     # only bother with $default storage endpoint checking if modifying fileupload params
     if any([
             fileupload_storage_connectionstring, fileupload_storage_container_name, fileupload_sas_ttl,

src/azure-cli/azure/cli/command_modules/iot/tests/latest/test_iot_commands.py

@@ -110,10 +110,12 @@ def test_iot_hub(self, resource_group, resource_group_location, storage_account)
         self.cmd('iot hub update -n {0} -g {1} --fsi test/user/'.format(hub, rg), expect_failure=True)
 
         # Test auth config settings
-        updated_hub = self.cmd('iot hub update -n {0} -g {1} --disable-local-auth --disable-module-sas'.format(hub, rg)).get_output_in_json()
+        updated_hub = self.cmd('iot hub update -n {0} -g {1} --disable-local-auth --disable-module-sas '
+                               '--min-tls-version 1.0'.format(hub, rg)).get_output_in_json()
         assert updated_hub['properties']['disableLocalAuth']
         assert not updated_hub['properties']['disableDeviceSas']
         assert updated_hub['properties']['disableModuleSas']
+        assert updated_hub['properties']['minTlsVersion'] == '1.0'
 
         updated_hub = self.cmd('iot hub update -n {0} -g {1} --disable-module-sas false  --disable-device-sas'.format(hub, rg)).get_output_in_json()
         assert updated_hub['properties']['disableLocalAuth']