No property destination_port_ranges for rules declared in azurerm_network_security_group

[sylr]

Hi,

There is a disparity between what can be done regarding security rules management when you declare rules within a azurerm_network_security_group resource or if you do it by declaring network_security_rule resources rattached to a azurerm_network_security_group, e.g:

resource "azurerm_network_security_group" "xxxx-nsg" {
  name                = "xxxx-nsg"
  resource_group_name = "${azurerm_resource_group.xxxx-RG.name}"
  location            = "${azurerm_resource_group.xxxx-RG.location}"

  security_rule {
    name                        = "allow-ssh"
    description                 = "allow-ssh"
    priority                    = 500
    direction                   = "Inbound"
    access                      = "Allow"
    protocol                    = "TCP"
    source_address_prefix       = "10.101.0.0/28"
    source_port_range           = "*"
    destination_address_prefix  = "*"
    destination_port_range      = "22"
  }
}

Versus

resource "azurerm_network_security_group" "xxxx-nsg" {
  name                = "xxxx-nsg"
  resource_group_name = "${azurerm_resource_group.xxxx-RG.name}"
  location            = "${azurerm_resource_group.xxxx-RG.location}"
}

resource "azurerm_network_security_rule" "allow-ssh" {
  name                        = "allow-ssh"
  resource_group_name         = "${azurerm_resource_group.xxxx-RG.name}"
  network_security_group_name = "${azurerm_network_security_group.xxxx-nsg.name}"
  description                 = "allow-ssh"
  priority                    = 500
  direction                   = "Inbound"
  access                      = "Allow"
  protocol                    = "TCP"
  source_address_prefix       = "10.101.0.0/28"
  source_port_range           = "*"
  destination_address_prefix  = "*"
  destination_port_range      = "22"
}

In the latter the destination_port_range can be replaced by destination_port_range*s* (plural) with a list of port range.

This can't be done in the first exemple as it is not implemented.

Terraform Version

terraform v1.11.3
azurerm 1.1.1

Expected Behavior

Be able to declare the following properties when managing rules within a azurerm_network_security_group resource:

• source_address_prefixe*s*
• destination_address_prefixe*s*
• source_port_ranges*s*
• destination_port_range*s*

[sylr]

@tombuildsstuff I could use your help implementing this in https://github.com/terraform-providers/terraform-provider-azurerm/blob/master/azurerm/resource_arm_network_security_group.go#L219 & https://github.com/terraform-providers/terraform-provider-azurerm/blob/master/azurerm/resource_arm_network_security_group.go#L257

[tombuildsstuff]

Fixed via #781

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 hashibot-feedback@hashicorp.com. Thanks!