New List Resource: azurerm_network_security_group

Author: sreallymatt

internal/services/network/network_security_group_list_resource.go

@@ -0,0 +1,160 @@
+package network
+
+import (
+	"context"
+	"fmt"
+	"time"
+
+	"github.com/hashicorp/go-azure-helpers/framework/typehelpers"
+	"github.com/hashicorp/go-azure-helpers/lang/pointer"
+	"github.com/hashicorp/go-azure-helpers/resourcemanager/commonids"
+	"github.com/hashicorp/go-azure-helpers/resourcemanager/resourcegroups"
+	"github.com/hashicorp/go-azure-sdk/resource-manager/network/2025-01-01/networksecuritygroups"
+	"github.com/hashicorp/terraform-plugin-framework/list"
+	"github.com/hashicorp/terraform-plugin-framework/list/schema"
+	"github.com/hashicorp/terraform-plugin-framework/resource"
+	"github.com/hashicorp/terraform-plugin-framework/schema/validator"
+	"github.com/hashicorp/terraform-plugin-framework/types"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/terraform"
+	"github.com/hashicorp/terraform-provider-azurerm/internal/sdk"
+	"github.com/hashicorp/terraform-provider-azurerm/internal/tf/validation"
+)
+
+type NetworkSecurityGroupListResource struct {
+	sdk.ListResourceMetadata
+}
+
+type NetworkSecurityGroupListModel struct {
+	ResourceGroupName types.String `tfsdk:"resource_group_name"`
+	SubscriptionId    types.String `tfsdk:"subscription_id"`
+}
+
+var _ sdk.ListResourceWithRawV5Schemas = new(NetworkSecurityGroupListResource)
+
+func NewNetworkSecurityGroupListResource() list.ListResource {
+	return new(NetworkSecurityGroupListResource)
+}
+
+func (r *NetworkSecurityGroupListResource) Metadata(_ context.Context, _ resource.MetadataRequest, response *resource.MetadataResponse) {
+	response.TypeName = networkSecurityGroupResourceName
+}
+
+func (r *NetworkSecurityGroupListResource) ListResourceConfigSchema(_ context.Context, _ list.ListResourceSchemaRequest, response *list.ListResourceSchemaResponse) {
+	response.Schema = schema.Schema{
+		Attributes: map[string]schema.Attribute{
+			"resource_group_name": schema.StringAttribute{
+				Optional: true,
+				Validators: []validator.String{
+					typehelpers.WrappedStringValidator{
+						Func: resourcegroups.ValidateName,
+					},
+				},
+			},
+			"subscription_id": schema.StringAttribute{
+				Optional: true,
+				Validators: []validator.String{
+					typehelpers.WrappedStringValidator{
+						Func: validation.IsUUID,
+					},
+				},
+			},
+		},
+	}
+}
+
+func (r *NetworkSecurityGroupListResource) List(ctx context.Context, request list.ListRequest, stream *list.ListResultsStream) {
+	client := r.Client.Network.NetworkSecurityGroups
+
+	ctx, cancel := context.WithTimeout(ctx, time.Minute*60)
+	defer cancel()
+
+	var data NetworkSecurityGroupListModel
+	diags := request.Config.Get(ctx, &data)
+	if diags.HasError() {
+		stream.Results = list.ListResultsStreamDiagnostics(diags)
+		return
+	}
+
+	results := make([]networksecuritygroups.NetworkSecurityGroup, 0)
+
+	subscriptionID := r.SubscriptionId
+	if !data.SubscriptionId.IsNull() {
+		subscriptionID = data.SubscriptionId.ValueString()
+	}
+
+	switch {
+	case !data.ResourceGroupName.IsNull():
+		resp, err := client.ListComplete(ctx, commonids.NewResourceGroupID(subscriptionID, data.ResourceGroupName.ValueString()))
+		if err != nil {
+			sdk.SetResponseErrorDiagnostic(stream, fmt.Sprintf("listing `%s`", networkSecurityGroupResourceName), err)
+			return
+		}
+
+		results = resp.Items
+	default:
+		resp, err := client.ListAllComplete(ctx, commonids.NewSubscriptionID(subscriptionID))
+		if err != nil {
+			sdk.SetResponseErrorDiagnostic(stream, fmt.Sprintf("listing `%s`", networkSecurityGroupResourceName), err)
+			return
+		}
+
+		results = resp.Items
+	}
+
+	stream.Results = func(push func(list.ListResult) bool) {
+		for _, nsg := range results {
+			result := request.NewListResult(ctx)
+			result.DisplayName = pointer.From(nsg.Name)
+
+			id, err := networksecuritygroups.ParseNetworkSecurityGroupID(pointer.From(nsg.Id))
+			if err != nil {
+				sdk.SetResponseErrorDiagnostic(stream, "parsing Network Security Group ID", err)
+				return
+			}
+
+			rd := resourceNetworkSecurityGroup().Data(&terraform.InstanceState{})
+			rd.SetId(id.ID())
+
+			if err := resourceNetworkSecurityGroupFlatten(rd, id, &nsg); err != nil {
+				sdk.SetResponseErrorDiagnostic(stream, fmt.Sprintf("encoding `%s` resource data", networkSecurityGroupResourceName), err)
+				return
+			}
+
+			tfTypeIdentity, err := rd.TfTypeIdentityState()
+			if err != nil {
+				sdk.SetResponseErrorDiagnostic(stream, "converting Identity State", err)
+				return
+			}
+
+			if err := result.Identity.Set(ctx, *tfTypeIdentity); err != nil {
+				sdk.SetResponseErrorDiagnostic(stream, "setting Identity Data", err)
+				return
+			}
+
+			tfTypeResourceState, err := rd.TfTypeResourceState()
+			if err != nil {
+				sdk.SetResponseErrorDiagnostic(stream, "converting Resource State", err)
+				return
+			}
+
+			if err := result.Resource.Set(ctx, *tfTypeResourceState); err != nil {
+				sdk.SetResponseErrorDiagnostic(stream, "setting Resource Data", err)
+				return
+			}
+
+			if !push(result) {
+				return
+			}
+		}
+	}
+}
+
+func (r *NetworkSecurityGroupListResource) Configure(_ context.Context, request resource.ConfigureRequest, response *resource.ConfigureResponse) {
+	r.Defaults(request, response)
+}
+
+func (r *NetworkSecurityGroupListResource) RawV5Schemas(ctx context.Context, _ list.RawV5SchemaRequest, response *list.RawV5SchemaResponse) {
+	res := resourceNetworkSecurityGroup()
+	response.ProtoV5Schema = res.ProtoSchema(ctx)()
+	response.ProtoV5IdentitySchema = res.ProtoIdentitySchema(ctx)()
+}

internal/services/network/network_security_group_list_resource_test.go

@@ -0,0 +1,78 @@
+package network_test
+
+import (
+	"context"
+	"fmt"
+	"testing"
+
+	"github.com/hashicorp/terraform-plugin-testing/helper/resource"
+	"github.com/hashicorp/terraform-plugin-testing/querycheck"
+	"github.com/hashicorp/terraform-plugin-testing/tfversion"
+	"github.com/hashicorp/terraform-provider-azurerm/internal/acceptance"
+	"github.com/hashicorp/terraform-provider-azurerm/internal/provider/framework"
+)
+
+func TestAccNetworkSecurityGroup_list_basic(t *testing.T) {
+	r := NetworkSecurityGroupResource{}
+
+	data := acceptance.BuildTestData(t, "azurerm_network_security_group", "test1")
+
+	resource.Test(t, resource.TestCase{
+		TerraformVersionChecks: []tfversion.TerraformVersionCheck{
+			tfversion.SkipBelow(tfversion.Version1_14_0),
+		},
+		ProtoV5ProviderFactories: framework.ProtoV5ProviderFactoriesInit(context.Background(), "azurerm"),
+		Steps: []resource.TestStep{
+			{
+				Config: r.basicList(data),
+			},
+			{
+				Query:             true,
+				Config:            r.basicListQuery(data),
+				ConfigQueryChecks: []querycheck.QueryCheck{}, // TODO
+			},
+		},
+	})
+}
+
+func (r NetworkSecurityGroupResource) basicList(data acceptance.TestData) string {
+	return fmt.Sprintf(`
+provider "azurerm" {
+  features {}
+}
+
+resource "azurerm_resource_group" "test" {
+  name     = "acctestRG-%[1]d"
+  location = "%[2]s"
+}
+
+resource "azurerm_network_security_group" "test1" {
+  name                = "acctestNSG1-%[1]d"
+  location            = azurerm_resource_group.test.location
+  resource_group_name = azurerm_resource_group.test.name
+}
+
+resource "azurerm_network_security_group" "tes2" {
+  name                = "acctestNSG2-%[1]d"
+  location            = azurerm_resource_group.test.location
+  resource_group_name = azurerm_resource_group.test.name
+}
+
+resource "azurerm_network_security_group" "test3" {
+  name                = "acctestNSG3-%[1]d"
+  location            = azurerm_resource_group.test.location
+  resource_group_name = azurerm_resource_group.test.name
+}
+`, data.RandomInteger, data.Locations.Primary)
+}
+
+func (r NetworkSecurityGroupResource) basicListQuery(data acceptance.TestData) string {
+	return fmt.Sprintf(`
+list "azurerm_network_security_group" "list" {
+  provider = azurerm
+  config {
+    resource_group_name = "acctestRG-%[1]d"
+  }
+}
+`, data.RandomInteger)
+}

internal/services/network/network_security_group_resource.go

@@ -300,18 +300,26 @@ func resourceNetworkSecurityGroupRead(d *pluginsdk.ResourceData, meta interface{
 		return fmt.Errorf("retrieving %s: %+v", id, err)
 	}
 
+	if err := resourceNetworkSecurityGroupFlatten(d, id, resp.Model); err != nil {
+		return fmt.Errorf("flattening %s: %+v", id, err)
+	}
+
+	return nil
+}
+
+func resourceNetworkSecurityGroupFlatten(d *pluginsdk.ResourceData, id *networksecuritygroups.NetworkSecurityGroupId, nsg *networksecuritygroups.NetworkSecurityGroup) error {
 	d.Set("name", id.NetworkSecurityGroupName)
 	d.Set("resource_group_name", id.ResourceGroupName)
 
-	if model := resp.Model; model != nil {
-		d.Set("location", location.NormalizeNilable(model.Location))
-		if props := model.Properties; props != nil {
+	if nsg != nil {
+		d.Set("location", location.NormalizeNilable(nsg.Location))
+		if props := nsg.Properties; props != nil {
 			flattenedRules := flattenNetworkSecurityRules(props.SecurityRules)
 			if err := d.Set("security_rule", flattenedRules); err != nil {
 				return fmt.Errorf("setting `security_rule`: %+v", err)
 			}
 		}
-		if err := tags.FlattenAndSet(d, model.Tags); err != nil {
+		if err := tags.FlattenAndSet(d, nsg.Tags); err != nil {
 			return err
 		}
 	}

internal/services/network/network_security_group_resource_test.go

@@ -192,7 +192,7 @@ func TestAccNetworkSecurityGroup_applicationSecurityGroup(t *testing.T) {
 	})
 }
 
-func (t NetworkSecurityGroupResource) Exists(ctx context.Context, clients *clients.Client, state *pluginsdk.InstanceState) (*bool, error) {
+func (r NetworkSecurityGroupResource) Exists(ctx context.Context, clients *clients.Client, state *pluginsdk.InstanceState) (*bool, error) {
 	id, err := networksecuritygroups.ParseNetworkSecurityGroupID(state.ID)
 	if err != nil {
 		return nil, err

internal/services/network/registration.go

@@ -200,6 +200,7 @@ func (r Registration) Actions() []func() action.Action {
 
 func (r Registration) ListResources() []func() list.ListResource {
 	return []func() list.ListResource{
+		NewNetworkSecurityGroupListResource,
 		NewVirtualNetworkListResource,
 	}
 }

website/docs/list-resources/network_security_group.html.markdown

@@ -0,0 +1,43 @@
+---
+subcategory: "Network"
+layout: "azurerm"
+page_title: "Azure Resource Manager: azurerm_network_security_group"
+description: |-
+  Lists Network Security Group resources.
+---
+
+# List resource: azurerm_network_security_group
+
+~> **Note:** The `azurerm_network_security_group` List Resource is in beta. Its interface and behaviour may change as the feature evolves, and breaking changes are possible. It is offered as a technical preview without compatibility guarantees until Terraform 1.14 is generally available.
+
+Lists Network Security Group resources.
+
+## Example Usage
+
+### List all Network Security Groups in the subscription
+
+```hcl
+list "azurerm_network_security_group" "example" {
+  provider = azurerm
+  config {}
+}
+```
+
+### List all Network Security Groups in a specific resource group
+
+```hcl
+list "azurerm_network_security_group" "example" {
+  provider = azurerm
+  config {
+    resource_group_name = "example-rg"
+  }
+}
+```
+
+## Argument Reference
+
+This list resource supports the following arguments:
+
+* `resource_group_name` - (Optional) The name of the resource group to query.
+
+* `subscription_id` - (Optional) The Subscription ID to query. Defaults to the value specified in the Provider Configuration.