Number Of Application Security Groups Referenced In Security Rule Limit Reached

[nirmalparekh1984]

Terraform Azure Provider Version - 0.11.7
NSG Rules with Multiple ASGs in Source and/or Destination application security group id errors out.

Per terraform documentation, source and destination application security group are lists, however when more than 1 asg is provided then it errors out with following error

* azurerm_network_security_rule.allow_in_any_multi_asg: Error Creating/Updating Network Security Rule "allow-in-any-multi-asg" (NSG "my-nsg" / Resource Group "rg-nsg"): network.SecurityRulesClient#CreateOrUpdate: Failure sending request: StatusCode=400 -- Original Error: Code="NumberOfApplicationSecurityGroupsReferencedInSecurityRuleLimitReached" Message="A security rule may have up to 1 Application Security Group in the source or destination fields. The requested configuration has 2 in the DestinationApplicationSecurityGroups field." Details=[]
* azurerm_network_security_rule.allow_in_any_multi_asg: 1 error(s) occurred:

resource "azurerm_application_security_group" "asg_first" {
  name                = "asg-first"
  location            = "East US"
  resource_group_name = "rg-nsg"
}

resource "azurerm_application_security_group" "asg_second" {
  name                = "asg-second"
  location            = "East US"
  resource_group_name = "rg-nsg"
}

resource "azurerm_network_security_rule" "allow_in_any_multi_asg" {
  name                        = "allow-in-any-multi-asg"
  resource_group_name         = "rg-nsg"
  network_security_group_name = "my-nsg"

  direction = "Inbound"
  priority  = "1000"
  access    = "Allow"

  source_address_prefixes                    = ["xx.xx.xx.xx"]
  destination_application_security_group_ids = ["${module.asg_first.id}","${module.asg_second.id}"]
  protocol                                   = "*"
  source_port_range                          = "*"
  destination_port_range                     = "*"
}

Can you please point to the reason for the error?

[katbyte]

Hi @nirmalparekh1984,

The error you are seeing there is coming up from the API not terraform. It appears to be preventing you from having more then 2 ASG in the security group. Is this something you can do via ARM/the Resource Manager?

[nirmalparekh1984]

I haven’t tried with ARM template yet. I will give it a try with ARM template.
However, if this is a genuine error coming from Azure API, it might be good to mentioned in terraform azure_network_security_rule that only a single ASG is currently supported. The parameter defined as a list is bit misleading.

[tombuildsstuff]

Fixed via #1587

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 hashibot-feedback@hashicorp.com. Thanks!