Skip to content

Commit

Permalink
azurerm_network_interface - support for attaching to an Application…
Browse files Browse the repository at this point in the history
… Security Group
  • Loading branch information
tombuildsstuff committed Feb 28, 2018
1 parent 87db60c commit 0fe9bbf
Show file tree
Hide file tree
Showing 3 changed files with 94 additions and 0 deletions.
31 changes: 31 additions & 0 deletions azurerm/resource_arm_network_interface.go
Original file line number Diff line number Diff line change
Expand Up @@ -104,6 +104,14 @@ func resourceArmNetworkInterface() *schema.Resource {
Set: schema.HashString,
},

"application_security_group_ids": {
Type: schema.TypeSet,
Optional: true,
Computed: true,
Elem: &schema.Schema{Type: schema.TypeString},
Set: schema.HashString,
},

"primary": {
Type: schema.TypeBool,
Optional: true,
Expand Down Expand Up @@ -480,6 +488,14 @@ func flattenNetworkInterfaceIPConfigurations(ipConfigs *[]network.InterfaceIPCon
}
niIPConfig["load_balancer_inbound_nat_rules_ids"] = schema.NewSet(schema.HashString, rules)

securityGroups := make([]string, 0)
if sgs := props.ApplicationSecurityGroups; sgs != nil {
for _, sg := range *sgs {
securityGroups = append(securityGroups, *sg.ID)
}
}
niIPConfig["application_security_group_ids"] = securityGroups

result = append(result, niIPConfig)
}
return result
Expand Down Expand Up @@ -566,6 +582,21 @@ func expandAzureRmNetworkInterfaceIpConfigurations(d *schema.ResourceData) ([]ne
properties.LoadBalancerInboundNatRules = &natRules
}

if v, ok := data["application_security_group_ids"]; ok {
var securityGroups []network.ApplicationSecurityGroup
rules := v.(*schema.Set).List()
for _, r := range rules {
groupId := r.(string)
group := network.ApplicationSecurityGroup{
ID: &groupId,
}

securityGroups = append(securityGroups, group)
}

properties.ApplicationSecurityGroups = &securityGroups
}

name := data["name"].(string)
ipConfig := network.InterfaceIPConfiguration{
Name: &name,
Expand Down
61 changes: 61 additions & 0 deletions azurerm/resource_arm_network_interface_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -332,6 +332,25 @@ func TestAccAzureRMNetworkInterface_bug7986(t *testing.T) {
})
}

func TestAccAzureRMNetworkInterface_applicationSecurityGroups(t *testing.T) {
resourceName := "azurerm_network_interface.test"
rInt := acctest.RandInt()
resource.Test(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
Providers: testAccProviders,
CheckDestroy: testCheckAzureRMNetworkInterfaceDestroy,
Steps: []resource.TestStep{
{
Config: testAccAzureRMNetworkInterface_applicationSecurityGroup(rInt, testLocation()),
Check: resource.ComposeTestCheckFunc(
testCheckAzureRMNetworkInterfaceExists(resourceName),
resource.TestCheckResourceAttr(resourceName, "ip_configuration.0.application_security_group_ids.#", "1"),
),
},
},
})
}

func testCheckAzureRMNetworkInterfaceExists(name string) resource.TestCheckFunc {
return func(s *terraform.State) error {
// Ensure we have enough information in state to look up in API
Expand Down Expand Up @@ -1012,3 +1031,45 @@ resource "azurerm_network_interface" "test" {
`, rInt, location, rInt, rInt, rInt)
}

func testAccAzureRMNetworkInterface_applicationSecurityGroup(rInt int, location string) string {
return fmt.Sprintf(`
resource "azurerm_resource_group" "test" {
name = "acctest-rg-%d"
location = "%s"
}
resource "azurerm_virtual_network" "test" {
name = "acctestvn-%d"
address_space = ["10.0.0.0/16"]
location = "${azurerm_resource_group.test.location}"
resource_group_name = "${azurerm_resource_group.test.name}"
}
resource "azurerm_subnet" "test" {
name = "testsubnet"
resource_group_name = "${azurerm_resource_group.test.name}"
virtual_network_name = "${azurerm_virtual_network.test.name}"
address_prefix = "10.0.2.0/24"
}
resource "azurerm_application_security_group" "test" {
name = "acctest-%d"
location = "${azurerm_resource_group.test.location}"
resource_group_name = "${azurerm_resource_group.test.name}"
}
resource "azurerm_network_interface" "test" {
name = "acctestnic-%d"
location = "${azurerm_resource_group.test.location}"
resource_group_name = "${azurerm_resource_group.test.name}"
ip_configuration {
name = "testconfiguration1"
subnet_id = "${azurerm_subnet.test.id}"
private_ip_address_allocation = "dynamic"
application_security_group_ids = ["${azurerm_application_security_group.test.id}"]
}
}
`, rInt, location, rInt, rInt, rInt)
}
2 changes: 2 additions & 0 deletions website/docs/r/network_interface.html.markdown
Original file line number Diff line number Diff line change
Expand Up @@ -92,6 +92,8 @@ The `ip_configuration` block supports:

* `load_balancer_inbound_nat_rules_ids` - (Optional) List of Load Balancer Inbound Nat Rules IDs involving this NIC

* `application_security_group_ids` - (Optional) List of Application Security Group IDs which should be attached to this NIC

* `primary` - (Optional) Is this the Primary Network Interface? If set to `true` this should be the first `ip_configuration` in the array.

## Attributes Reference
Expand Down

0 comments on commit 0fe9bbf

Please sign in to comment.