As a terraform user I'm interested on allowing ICMP&TCP protocols between 2 virtual machines. In order to achieve that I created adynamic network_security_group but terraform is throwing below error:
│ Error: creating/updating Network Security Group: (Name "***01-tf-SG***" / Resource Group "RG_Terraform"): network.SecurityGroupsClient#CreateOrUpdate: Failure sending request: StatusCode=400 -- Original Error: Code="InvalidRequestFormat" Message="Cannot parse the request." Details=[{"code":"DuplicateResourceName","message":"Resource /subscriptions//resourceGroups//providers/Microsoft.Network/networkSecurityGroups/ has two child resources with the same name (01-tf-SG)."}]
│
│ with azurerm_network_security_group.linux_vm_nsg,
│ on main.tf line 291, in resource "azurerm_network_security_group" "linux_vm_nsg":
│ 291: resource "azurerm_network_security_group" "linux_vm_nsg" {
│
╵
It seems the problem is related the name 01-tf-SG but name field is mandatory and even using different names for resouce_name and content_name the issue still happens.
See the Terraform code from mian.tf file:
resource "azurerm_network_security_group" "linux_vm_nsg" {
depends_on = [azurerm_resource_group.main]
name = "01-tf-SG"
location = azurerm_resource_group.main.location
resource_group_name = azurerm_resource_group.main.name
dynamic "security_rule" {
for_each = toset(["Icmp", "Tcp"])
content {
name = "01-tf-SG"
priority = 100
direction = "Inbound"
access = "Allow"
protocol = security_rule.value
source_port_range = "*"
destination_port_range = "*"
source_address_prefix = "172.16.25.10/32"
destination_address_prefix = "10.0.1.10/32"
}
}
}
CodePudding user response:
You can generate different name for the security_rule. For example as follows:
dynamic "security_rule" {
for_each = {for idx, val in ["Icmp", "Tcp"]: idx => val}
content {
name = "01-tf-SG-${each.security_rule.key}"
priority = 100
direction = "Inbound"
access = "Allow"
protocol = security_rule.value
source_port_range = "*"
destination_port_range = "*"
source_address_prefix = "172.16.25.10/32"
destination_address_prefix = "10.0.1.10/32"
}
}
CodePudding user response:
Thanks Marcin, I've replaced by this code but now getting an error related Priority and Direction. "Rules cannot have the same Priority and Direction"
resource "azurerm_network_security_group" "linux_vm_nsg" {
depends_on = [azurerm_resource_group.main]
name = "01-tf-SG"
location = azurerm_resource_group.main.location
resource_group_name = azurerm_resource_group.main.name
dynamic "security_rule" {
for_each = {for idx, val in ["Icmp", "Tcp"]: idx => val}
#for_each = toset(["Icmp", "Tcp"])
content {
name = "01-tf-SG-${security_rule.value}"
priority = 100
direction = "Inbound"
access = "Allow"
protocol = security_rule.value
source_port_range = "*"
destination_port_range = "*"
source_address_prefix = "172.16.25.10/32"
destination_address_prefix = "10.0.1.10/32"
}
}
}
│ Error: creating/updating Network Security Group: (Name "01-tf-SG" / Resource Group "RG_Terraform"): network.SecurityGroupsClient#CreateOrUpdate: Failure sending request: StatusCode=400 -- Original Error: Code="SecurityRuleConflict" Message="Security rule 01-tf-SG-Icmp conflicts with rule 01-tf-SG-Tcp. ***Rules cannot have the same Priority and Direction***. To learn more, see aka.ms/nsgrules." Details=[]
│
│ with azurerm_network_security_group.linux_vm_nsg,
│ on main.tf line 291, in resource "azurerm_network_security_group" "linux_vm_nsg":
│ 291: resource "azurerm_network_security_group" "linux_vm_nsg" {
│
'''