Terraform-provider-azurerm: Feature Request: Application Security Groups

👋 hey @tomasquith

So I took a look into this last week and started building out support for Application Security Groups in this branch - however given Application Security Groups are still in an invite-only Preview phase, we're not able to support them at this time.

That said, once Application Security Groups enter either Public Preview / GA we'll take another look at supporting them in Terraform, as it's definitely something we want to support. As such I'm going to put this Feature Request on the back burner for the moment - and we'll pick it up again as soon as we can :)

Thanks!

Hi @tombuildsstuff ,
well done !:) we are really passionate to see this feature included in terraform 👍

Microsoft has included this as part of Public Preview already!
https://azure.microsoft.com/en-us/updates/public-preview-features-for-nsgs/

Can you pick it again? :)

thanks,
Alex

Hello @tomasquith , @tombuildsstuff !
Could you review again if possible continue development of ASG support in terraform provider?
The ASG is under public preview which does not require an invitation anymore.

Thanks,

@tombuildsstuff I tested your branch and it seems to work in creating asgs. However, am i correct in assuming that even though your branch implements asgs, we cannot use them because as per https://docs.microsoft.com/en-us/azure/virtual-network/create-network-security-group-preview --source-asgs --destination-asgs are not yet supported in security_rule block?
If so can we bump this up. I would really love to see this feature implemented.

@tombuildsstuff Any updates for ASG?

@tombuildsstuff are there any dates you can share with you for Application Security Group implementation through terraform. we are currently managing it through a null resource and the process is become tedious specially with changes.
Are there any alternative solution on offer to implement this?

hey folks!

I've kicked off a test run against this branch and those tests are now working as expected. There's still several things needed to get this merged:

• [x] Rebasing the PR / upgrading to SDKv12
• [x] Documenting that this feature is Public Preview only at the moment
• [ ] Adding additional tests and use-cases for this PR

(in addition to anything else which comes up in review)

So that we can launch this feature in a fully supported state - we'd be particularly interested to hear how you're using Application Security Groups at present (for instance, if you're currently using them via the azurerm_template_deployment resource - it'd be great to see a sanitized template to ensure we cover your use case). Regarding a rough timeframe - I'd hope that we can pick this up in the next couple of weeks :)

Thanks!

👋 hey folks!

So I had some extra time during a flight this morning and rebased this branch/added the missing documentation - as such I've opened PR #905 which adds support for provisioning Application Security Groups with Terraform :)

Thanks!

:wave: hey folks!

Just to let you know that support for Application Security Groups has just been released in v1.2.0 of the AzureRM Provider - full details of what's included are available here: https://github.com/terraform-providers/terraform-provider-azurerm/blob/v1.2.0/CHANGELOG.md#120-march-02-2018

Thanks!

I was wondering if it makes sense to abstract security constructs like security groups and have specific providers like aws azure etc. This would help with multi cloud use cases and avoid cloud vendor lockin. Any thoughts?

I'm going to lock this issue because it has been closed for _30 days_ ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 [email protected]. Thanks!