https://pulumi.com logo
Title
o

orange-dog-73995

10/05/2020, 11:31 AM
Hi Guys! I'm trying to rewrite my stack to azure nextgen. Have some questions on proper NSG config: made 2 security rules -
var rule1 = new SecurityRule("rule1", new Pulumi.AzureNextGen.Network.Latest.SecurityRuleArgs
        
{
            
SecurityRuleName = "RDP_3389",
            
...
        
});
        
var rule2 = new SecurityRule("rule2", new Pulumi.AzureNextGen.Network.Latest.SecurityRuleArgs
        
{
            
SecurityRuleName = "Port_6516",
            
...
        
});
and trying to make a List of them to use in NSG:         
var securityRules = new List<Pulumi.AzureNextGen.Network.Latest.SecurityRuleArgs> { rule1, rule2 };
VSCode says that: Argument 1: cannot convert from 'Pulumi.AzureNextGen.Network.Latest.SecurityRule' to 'Pulumi.AzureNextGen.Network.Latest.SecurityRuleArgs' [Azure.WebServer]csharp(CS1503) What am I doing wrong, please?
t

tall-librarian-49374

10/05/2020, 11:54 AM
Hi Igor, great to see you here!
SecurityRule
is a resource while
SecurityRuleArgs
is its input type, they aren’t the same thing. When building a list of args, you should pass args objects. E.g. this will compile:
var ruleArgs1 = new Pulumi.AzureNextGen.Network.Latest.SecurityRuleArgs
{
    SecurityRuleName = "RDP_3389",
    //...
};
var ruleArgs2 = new Pulumi.AzureNextGen.Network.Latest.SecurityRuleArgs
{
    SecurityRuleName = "Port_6516",
    //...
};
var securityRules = new List<Pulumi.AzureNextGen.Network.Latest.SecurityRuleArgs> { ruleArgs1, ruleArgs2 };
o

orange-dog-73995

10/05/2020, 12:00 PM
ok, so no need to create rules to get that list for NSG?
t

tall-librarian-49374

10/05/2020, 12:09 PM
Azure’s Network resource provider is designed somewhat confusingly. You can either set rules inside the property of NSG or define them as separate resources. If you go for the former option, you only need
args
. If you choose the latter, you create several
SecurityRule
resources but do not pass them to NSG.
Off the top of my head, I do not know the limitations of each approach.
o

orange-dog-73995

10/05/2020, 12:19 PM
I don't see how those rules will get proper names then 🙂, will try and see
t

tall-librarian-49374

10/05/2020, 12:22 PM
You can set
Name
in both cases, can’t you?
o

orange-dog-73995

10/05/2020, 12:23 PM
had to rewrite that piece:
var rule1Args = new Pulumi.AzureNextGen.Network.Latest.Inputs.SecurityRuleArgs
        {             Access = "Allow", //Deny, Allow             //...         };         var rule2Args = new Pulumi.AzureNextGen.Network.Latest.Inputs.SecurityRuleArgs         {             Access = "Allow", //Deny, Allow             //...         };         var securityRulesArgs = new List<Pulumi.AzureNextGen.Network.Latest.Inputs.SecurityRuleArgs> { rule1Args, rule2Args };         var nsg = new NetworkSecurityGroup("nsg", new Pulumi.AzureNextGen.Network.Latest.NetworkSecurityGroupArgs         {             Location = _resourceGroup.Location,             ResourceGroupName = _resourceGroup.Name,             NetworkSecurityGroupName = "nsg",             SecurityRules = securityRulesArgs,         });
and when I make Args as Inputs they can't have names
t

tall-librarian-49374

10/05/2020, 12:26 PM
var rule2Args = new Pulumi.AzureNextGen.Network.Latest.Inputs.SecurityRuleArgs
{
    Access = "Allow", //Deny, Allow
    Name = "myrule",
    //...
};
o

orange-dog-73995

10/05/2020, 12:28 PM
right, now it worked, before VSCode was complaining...