Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

New Data Source: azurerm_network_security_group #623

Merged
merged 1 commit into from
Dec 13, 2017
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
113 changes: 113 additions & 0 deletions azurerm/data_source_network_security_group.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,113 @@
package azurerm

import (
"fmt"

"github.com/hashicorp/terraform/helper/schema"
"github.com/terraform-providers/terraform-provider-azurerm/azurerm/utils"
)

func dataSourceArmNetworkSecurityGroup() *schema.Resource {
return &schema.Resource{
Read: dataSourceArmNetworkSecurityGroupRead,
Schema: map[string]*schema.Schema{
"name": {
Type: schema.TypeString,
Required: true,
},

"resource_group_name": resourceGroupNameForDataSourceSchema(),

"location": locationForDataSourceSchema(),

"security_rule": {
Type: schema.TypeList,
Computed: true,
Elem: &schema.Resource{
Schema: map[string]*schema.Schema{
"name": {
Type: schema.TypeString,
Computed: true,
},

"description": {
Type: schema.TypeString,
Computed: true,
},

"protocol": {
Type: schema.TypeString,
Computed: true,
},

"source_port_range": {
Type: schema.TypeString,
Computed: true,
},

"destination_port_range": {
Type: schema.TypeString,
Computed: true,
},

"source_address_prefix": {
Type: schema.TypeString,
Computed: true,
},

"destination_address_prefix": {
Type: schema.TypeString,
Computed: true,
},

"access": {
Type: schema.TypeString,
Computed: true,
},

"priority": {
Type: schema.TypeInt,
Computed: true,
},

"direction": {
Type: schema.TypeString,
Computed: true,
},
},
},
},

"tags": tagsForDataSourceSchema(),
},
}
}

func dataSourceArmNetworkSecurityGroupRead(d *schema.ResourceData, meta interface{}) error {
client := meta.(*ArmClient).secGroupClient

resourceGroup := d.Get("resource_group_name").(string)
name := d.Get("name").(string)

resp, err := client.Get(resourceGroup, name, "")
if err != nil {
if utils.ResponseWasNotFound(resp.Response) {
d.SetId("")
}
return fmt.Errorf("Error making Read request on Network Security Group %q (Resource Group %q): %+v", name, resourceGroup, err)
}

d.SetId(*resp.ID)

d.Set("name", resp.Name)
d.Set("resource_group_name", resourceGroup)
d.Set("location", azureRMNormalizeLocation(*resp.Location))

if props := resp.SecurityGroupPropertiesFormat; props != nil {
d.Set("security_rule", flattenNetworkSecurityRules(props.SecurityRules))
}

flattenAndSetTags(d, resp.Tags)

return nil
}
164 changes: 164 additions & 0 deletions azurerm/data_source_network_security_group_test.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,164 @@
package azurerm

import (
"fmt"
"testing"

"github.com/hashicorp/terraform/helper/acctest"
"github.com/hashicorp/terraform/helper/resource"
)

func TestAccDataSourceAzureRMNetworkSecurityGroup_basic(t *testing.T) {
dataSourceName := "data.azurerm_network_security_group.test"
ri := acctest.RandInt()
location := testLocation()
config := testAccDataSourceAzureRMNetworkSecurityGroupBasic(ri, location)

resource.Test(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
Providers: testAccProviders,
CheckDestroy: testCheckAzureRMNetworkSecurityGroupDestroy,
Steps: []resource.TestStep{
{
Config: config,
Check: resource.ComposeTestCheckFunc(
resource.TestCheckResourceAttrSet(dataSourceName, "location"),
resource.TestCheckResourceAttr(dataSourceName, "security_rule.#", "0"),
resource.TestCheckResourceAttr(dataSourceName, "tags.%", "0"),
),
},
},
})
}

func TestAccDataSourceAzureRMNetworkSecurityGroup_rules(t *testing.T) {
dataSourceName := "data.azurerm_network_security_group.test"
ri := acctest.RandInt()
location := testLocation()
config := testAccDataSourceAzureRMNetworkSecurityGroupWithRules(ri, location)

resource.Test(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
Providers: testAccProviders,
CheckDestroy: testCheckAzureRMNetworkSecurityGroupDestroy,
Steps: []resource.TestStep{
{
Config: config,
Check: resource.ComposeTestCheckFunc(
resource.TestCheckResourceAttrSet(dataSourceName, "location"),
resource.TestCheckResourceAttr(dataSourceName, "security_rule.#", "1"),
resource.TestCheckResourceAttr(dataSourceName, "security_rule.0.name", "test123"),
resource.TestCheckResourceAttr(dataSourceName, "security_rule.0.priority", "100"),
resource.TestCheckResourceAttr(dataSourceName, "security_rule.0.direction", "Inbound"),
resource.TestCheckResourceAttr(dataSourceName, "security_rule.0.access", "Allow"),
resource.TestCheckResourceAttr(dataSourceName, "security_rule.0.protocol", "Tcp"),
resource.TestCheckResourceAttr(dataSourceName, "security_rule.0.source_port_range", "*"),
resource.TestCheckResourceAttr(dataSourceName, "security_rule.0.destination_port_range", "*"),
resource.TestCheckResourceAttr(dataSourceName, "security_rule.0.source_address_prefix", "*"),
resource.TestCheckResourceAttr(dataSourceName, "security_rule.0.destination_address_prefix", "*"),
resource.TestCheckResourceAttr(dataSourceName, "tags.%", "0"),
),
},
},
})
}

func TestAccDataSourceAzureRMNetworkSecurityGroup_tags(t *testing.T) {
dataSourceName := "data.azurerm_network_security_group.test"
ri := acctest.RandInt()
location := testLocation()
config := testAccDataSourceAzureRMNetworkSecurityGroupTags(ri, location)

resource.Test(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
Providers: testAccProviders,
CheckDestroy: testCheckAzureRMNetworkSecurityGroupDestroy,
Steps: []resource.TestStep{
{
Config: config,
Check: resource.ComposeTestCheckFunc(
resource.TestCheckResourceAttrSet(dataSourceName, "location"),
resource.TestCheckResourceAttr(dataSourceName, "security_rule.#", "0"),
resource.TestCheckResourceAttr(dataSourceName, "tags.%", "1"),
resource.TestCheckResourceAttr(dataSourceName, "tags.environment", "staging"),
),
},
},
})
}

func testAccDataSourceAzureRMNetworkSecurityGroupBasic(rInt int, location string) string {
return fmt.Sprintf(`
resource "azurerm_resource_group" "test" {
name = "acctestRG-%d"
location = "%s"
}

resource "azurerm_network_security_group" "test" {
name = "acctestnsg-%d"
location = "${azurerm_resource_group.test.location}"
resource_group_name = "${azurerm_resource_group.test.name}"
}

data "azurerm_network_security_group" "test" {
name = "${azurerm_network_security_group.test.name}"
resource_group_name = "${azurerm_resource_group.test.name}"
}
`, rInt, location, rInt)
}

func testAccDataSourceAzureRMNetworkSecurityGroupWithRules(rInt int, location string) string {
return fmt.Sprintf(`
resource "azurerm_resource_group" "test" {
name = "acctestRG-%d"
location = "%s"
}

resource "azurerm_network_security_group" "test" {
name = "acctestnsg-%d"
location = "${azurerm_resource_group.test.location}"
resource_group_name = "${azurerm_resource_group.test.name}"

security_rule {
name = "test123"
priority = 100
direction = "Inbound"
access = "Allow"
protocol = "Tcp"
source_port_range = "*"
destination_port_range = "*"
source_address_prefix = "*"
destination_address_prefix = "*"
}
}

data "azurerm_network_security_group" "test" {
name = "${azurerm_network_security_group.test.name}"
resource_group_name = "${azurerm_resource_group.test.name}"
}
`, rInt, location, rInt)
}

func testAccDataSourceAzureRMNetworkSecurityGroupTags(rInt int, location string) string {
return fmt.Sprintf(`
resource "azurerm_resource_group" "test" {
name = "acctestRG-%d"
location = "%s"
}

resource "azurerm_network_security_group" "test" {
name = "acctestnsg-%d"
location = "${azurerm_resource_group.test.location}"
resource_group_name = "${azurerm_resource_group.test.name}"

tags {
environment = "staging"
}
}

data "azurerm_network_security_group" "test" {
name = "${azurerm_network_security_group.test.name}"
resource_group_name = "${azurerm_resource_group.test.name}"
}
`, rInt, location, rInt)
}
1 change: 1 addition & 0 deletions azurerm/provider.go
Original file line number Diff line number Diff line change
Expand Up @@ -70,6 +70,7 @@ func Provider() terraform.ResourceProvider {
"azurerm_image": dataSourceArmImage(),
"azurerm_key_vault_access_policy": dataSourceArmKeyVaultAccessPolicy(),
"azurerm_managed_disk": dataSourceArmManagedDisk(),
"azurerm_network_security_group": dataSourceArmNetworkSecurityGroup(),
"azurerm_platform_image": dataSourceArmPlatformImage(),
"azurerm_public_ip": dataSourceArmPublicIP(),
"azurerm_resource_group": dataSourceArmResourceGroup(),
Expand Down
4 changes: 4 additions & 0 deletions website/azurerm.erb
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,10 @@
<a href="/docs/providers/azurerm/d/managed_disk.html">azurerm_managed_disk</a>
</li>

<li<%= sidebar_current("docs-azurerm-datasource-network-security-group") %>>
<a href="/docs/providers/azurerm/d/network_security_group.html">azurerm_network_security_group</a>
</li>

<li<%= sidebar_current("docs-azurerm-datasource-platform-image") %>>
<a href="/docs/providers/azurerm/d/platform_image.html">azurerm_platform_image</a>
</li>
Expand Down
63 changes: 63 additions & 0 deletions website/docs/d/network_security_group.html.markdown
Original file line number Diff line number Diff line change
@@ -0,0 +1,63 @@
---
layout: "azurerm"
page_title: "Azure Resource Manager: azurerm_network_security_group"
sidebar_current: "docs-azurerm-datasource-network-security-group"
description: |-
Get information about the specified Network Security Group.
---

# azurerm_network_security_group

Use this data source to access the properties of a Network Security Group.

## Example Usage

```hcl
data "azurerm_network_security_group" "test" {
name = "${azurerm_network_security_group.test.name}"
resource_group_name = "${azurerm_resource_group.test.name}"
}

output "location" {
value = "${data.azurerm_network_security_group.test.location}"
}
```

## Argument Reference

* `name` - (Required) Specifies the Name of the Network Security Group.
* `resource_group_name` - (Required) Specifies the Name of the Resource Group within which the Network Security Group exists


## Attributes Reference

* `id` - The ID of the Network Security Group.

* `location` - The supported Azure location where the resource exists.

* `security_rule` - One or more `security_rule` blocks as defined below.

* `tags` - A mapping of tags to assign to the resource.


The `security_rule` block supports:

* `name` - The name of the security rule.

* `description` - The description for this rule.

* `protocol` - The network protocol this rule applies to.

* `source_port_range` - The Source Port or Range.

* `destination_port_range` - The Destination Port or Range.

* `source_address_prefix` - CIDR or source IP range or * to match any IP.

* `destination_address_prefix` - CIDR or destination IP range or * to match any IP.

* `access` - Is network traffic is allowed or denied?

* `priority` - The priority of the rule

* `direction` - The direction specifies if rule will be evaluated on incoming or outgoing traffic.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nitpick, but is there any reason for all the newlines between each attribute?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

not particularly - I copied this over from the resource docs and updated the descriptions (since the schema's the same) - it's mostly just to help readability when writing docs (this doesn't impact the rendering on the website at all). I can consolidate it if you want?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

chatted offline about this, this is 👍 to merge - merging

2 changes: 1 addition & 1 deletion website/docs/r/network_security_group.html.markdown
Original file line number Diff line number Diff line change
Expand Up @@ -52,7 +52,7 @@ The following arguments are supported:

* `name` - (Required) Specifies the name of the network security group. Changing this forces a new resource to be created.

* `resource_group_name` - (Required) The name of the resource group in which to create the availability set. Changing this forces a new resource to be created.
* `resource_group_name` - (Required) The name of the resource group in which to create the network security group. Changing this forces a new resource to be created.

* `location` - (Required) Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created.

Expand Down