Azure · weidongxu-microsoft · Jun 2, 2021 · Jun 1, 2021 · Jun 1, 2021 · Jun 1, 2021
diff --git a/sdk/resourcemanager/azure-resourcemanager-network/CHANGELOG.md b/sdk/resourcemanager/azure-resourcemanager-network/CHANGELOG.md
@@ -3,6 +3,7 @@
 ## 2.6.0-beta.1 (Unreleased)
 
 - Updated `api-version` to `2021-02-01`
+- Supported multiple `ApplicationSecurityGroup` in rules of `NetworkSecurityGroup`.
 
 ## 2.5.0 (2021-05-28)
 - Updated `api-version` to `2020-11-01`

diff --git a/...c/main/java/com/azure/resourcemanager/network/implementation/NetworkSecurityRuleImpl.java b/...c/main/java/com/azure/resourcemanager/network/implementation/NetworkSecurityRuleImpl.java
@@ -19,6 +19,8 @@
 import java.util.List;
 import java.util.Map;
 import java.util.Set;
+import java.util.function.Function;
+import java.util.stream.Collectors;
 
 /** Implementation for {@link NetworkSecurityRule} and its create and update interfaces. */
 class NetworkSecurityRuleImpl
@@ -286,6 +288,21 @@ public NetworkSecurityRuleImpl withSourceApplicationSecurityGroup(String id) {
         return this;
     }
 
+    @Override
+    public NetworkSecurityRuleImpl withoutSourceApplicationSecurityGroup(String id) {
+        sourceAsgs.remove(id);
+        return this;
+    }
+
+    @Override
+    public NetworkSecurityRuleImpl withSourceApplicationSecurityGroup(String... ids) {
+        sourceAsgs = Arrays.stream(ids)
+            .collect(Collectors.toMap(Function.identity(), id -> new ApplicationSecurityGroupInner().withId(id)));
+        innerModel().withSourceAddressPrefix(null);
+        innerModel().withSourceAddressPrefixes(null);
+        return this;
+    }
+
     @Override
     public NetworkSecurityRuleImpl withDestinationApplicationSecurityGroup(String id) {
         destinationAsgs.put(id, new ApplicationSecurityGroupInner().withId(id));
@@ -294,6 +311,21 @@ public NetworkSecurityRuleImpl withDestinationApplicationSecurityGroup(String id
         return this;
     }
 
+    @Override
+    public NetworkSecurityRuleImpl withoutDestinationApplicationSecurityGroup(String id) {
+        destinationAsgs.remove(id);
+        return this;
+    }
+
+    @Override
+    public NetworkSecurityRuleImpl withDestinationApplicationSecurityGroup(String... ids) {
+        destinationAsgs = Arrays.stream(ids)
+            .collect(Collectors.toMap(Function.identity(), id -> new ApplicationSecurityGroupInner().withId(id)));
+        innerModel().withDestinationAddressPrefix(null);
+        innerModel().withDestinationAddressPrefixes(null);
+        return this;
+    }
+
     // Helpers
 
     private NetworkSecurityRuleImpl withDirection(SecurityRuleDirection direction) {
@@ -310,9 +342,14 @@ private NetworkSecurityRuleImpl withAccess(SecurityRuleAccess permission) {
 
     @Override
     public NetworkSecurityGroupImpl attach() {
+        return this.parent().withRule(this);
+    }
+
+    @Override
+    public NetworkSecurityGroupImpl parent() {
         innerModel().withSourceApplicationSecurityGroups(new ArrayList<>(sourceAsgs.values()));
         innerModel().withDestinationApplicationSecurityGroups(new ArrayList<>(destinationAsgs.values()));
-        return this.parent().withRule(this);
+        return super.parent();
     }
 
     @Override

diff --git a/...r-network/src/main/java/com/azure/resourcemanager/network/models/NetworkSecurityRule.java b/...r-network/src/main/java/com/azure/resourcemanager/network/models/NetworkSecurityRule.java
@@ -8,6 +8,7 @@
 import com.azure.resourcemanager.resources.fluentcore.model.Attachable;
 import com.azure.resourcemanager.resources.fluentcore.model.HasInnerModel;
 import com.azure.resourcemanager.resources.fluentcore.model.Settable;
+
 import java.util.List;
 import java.util.Set;
 
@@ -200,6 +201,14 @@ interface WithDestinationAddressOrSecurityGroup<ParentT> {
              * @return the next stage of the definition
              */
             WithDestinationPort<ParentT> withDestinationApplicationSecurityGroup(String id);
+
+            /**
+             * Sets the application security group specified as destination.
+             *
+             * @param ids the collection of application security group ID
+             * @return the next stage of the definition
+             */
+            WithDestinationPort<ParentT> withDestinationApplicationSecurityGroup(String... ids);
         }
 
         /**
@@ -279,6 +288,14 @@ interface WithSourceAddressOrSecurityGroup<ParentT> {
              * @return the next stage of the definition
              */
             WithSourcePort<ParentT> withSourceApplicationSecurityGroup(String id);
+
+            /**
+             * Sets the application security group specified as source.
+             *
+             * @param ids the collection of application security group ID
+             * @return the next stage of the definition
+             */
+            WithSourcePort<ParentT> withSourceApplicationSecurityGroup(String... ids);
         }
 
         /**
@@ -460,6 +477,14 @@ interface WithSourceAddressOrSecurityGroup<ParentT> {
              * @return the next stage of the update
              */
             WithSourcePort<ParentT> withSourceApplicationSecurityGroup(String id);
+
+            /**
+             * Sets the application security group specified as source.
+             *
+             * @param ids the collection of application security group ID
+             * @return the next stage of the definition
+             */
+            WithSourcePort<ParentT> withSourceApplicationSecurityGroup(String... ids);
         }
 
         /**
@@ -539,6 +564,14 @@ interface WithDestinationAddressOrSecurityGroup<ParentT> {
              * @return the next stage of the definition
              */
             WithDestinationPort<ParentT> withDestinationApplicationSecurityGroup(String id);
+
+            /**
+             * Sets the application security group specified as destination.
+             *
+             * @param ids the collection of application security group ID
+             * @return the next stage of the definition
+             */
+            WithDestinationPort<ParentT> withDestinationApplicationSecurityGroup(String... ids);
         }
 
         /**
@@ -730,6 +763,14 @@ interface WithSourceAddressOrSecurityGroup {
              * @return the next stage of the update
              */
             Update withSourceApplicationSecurityGroup(String id);
+
+            /**
+             * Removes the application security group specified as source.
+             *
+             * @param id application security group id
+             * @return the next stage of the update
+             */
+            Update withoutSourceApplicationSecurityGroup(String id);
         }
 
         /** The stage of the network rule description allowing the source port(s) to be specified. */
@@ -803,6 +844,14 @@ interface WithDestinationAddressOrSecurityGroup {
              * @return the next stage of the update
              */
             Update withDestinationApplicationSecurityGroup(String id);
+
+            /**
+             * Removes the application security group specified as destination.
+             *
+             * @param id application security group id
+             * @return the next stage of the definition
+             */
+            Update withoutDestinationApplicationSecurityGroup(String id);
         }
 
         /** The stage of the network rule description allowing the destination port(s) to be specified. */

diff --git a/...er-network/src/test/java/com/azure/resourcemanager/network/NetworkSecurityGroupTests.java b/...er-network/src/test/java/com/azure/resourcemanager/network/NetworkSecurityGroupTests.java
@@ -0,0 +1,117 @@
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License.
+
+package com.azure.resourcemanager.network;
+
+import com.azure.core.management.Region;
+import com.azure.resourcemanager.network.models.ApplicationSecurityGroup;
+import com.azure.resourcemanager.network.models.NetworkSecurityGroup;
+import com.azure.resourcemanager.network.models.SecurityRuleProtocol;
+
+import org.junit.jupiter.api.Assertions;
+import org.junit.jupiter.api.Test;
+
+import java.util.Arrays;
+import java.util.HashSet;
+
+public class NetworkSecurityGroupTests extends NetworkManagementTest {
+
+    @Test
+    public void canCRUDNetworkSecurityGroup()  {
+
+        final String asgName = generateRandomResourceName("asg", 8);
+        final String asgName2 = generateRandomResourceName("asg", 8);
+        final String asgName3 = generateRandomResourceName("asg", 8);
+        final String asgName4 = generateRandomResourceName("asg", 8);
+        final String asgName5 = generateRandomResourceName("asg", 8);
+        final String asgName6 = generateRandomResourceName("asg", 8);
+        final String nsgName = generateRandomResourceName("nsg", 8);
+
+        final Region region = Region.US_SOUTH_CENTRAL;
+
+        ApplicationSecurityGroup asg = networkManager.applicationSecurityGroups().define(asgName)
+            .withRegion(region)
+            .withNewResourceGroup(rgName)
+            .create();
+
+        ApplicationSecurityGroup asg2 = networkManager.applicationSecurityGroups().define(asgName2)
+            .withRegion(region)
+            .withExistingResourceGroup(rgName)
+            .create();
+
+        ApplicationSecurityGroup asg3 = networkManager.applicationSecurityGroups().define(asgName3)
+            .withRegion(region)
+            .withExistingResourceGroup(rgName)
+            .create();
+
+        ApplicationSecurityGroup asg4 = networkManager.applicationSecurityGroups().define(asgName4)
+            .withRegion(region)
+            .withExistingResourceGroup(rgName)
+            .create();
+
+        NetworkSecurityGroup nsg = networkManager.networkSecurityGroups().define(nsgName)
+            .withRegion(region)
+            .withExistingResourceGroup(rgName)
+            .defineRule("rule1")
+                .allowOutbound()
+                .fromAnyAddress()
+                .fromAnyPort()
+                .toAnyAddress()
+                .toPort(80)
+                .withProtocol(SecurityRuleProtocol.TCP)
+                .attach()
+            .defineRule("rule2")
+                .allowInbound()
+                .withSourceApplicationSecurityGroup(asg.id(), asg2.id())
+                .fromAnyPort()
+                .toAnyAddress()
+                .toPortRange(22, 25)
+                .withAnyProtocol()
+                .withPriority(200)
+                .withDescription("foo!!")
+                .attach()
+            .defineRule("rule3")
+                .denyInbound()
+                .fromAnyAddress()
+                .fromAnyPort()
+                .withDestinationApplicationSecurityGroup(asg3.id(), asg4.id())
+                .toPort(22)
+                .withAnyProtocol()
+                .withPriority(300)
+                .attach()
+            .create();
+
+        Assertions.assertEquals(2, nsg.securityRules().get("rule2").sourceApplicationSecurityGroupIds().size());
+        Assertions.assertEquals(2, nsg.securityRules().get("rule3").destinationApplicationSecurityGroupIds().size());
+        Assertions.assertEquals(new HashSet<>(Arrays.asList(asg.id(), asg2.id())), nsg.securityRules().get("rule2").sourceApplicationSecurityGroupIds());
+        Assertions.assertEquals(new HashSet<>(Arrays.asList(asg3.id(), asg4.id())), nsg.securityRules().get("rule3").destinationApplicationSecurityGroupIds());
+
+        ApplicationSecurityGroup asg5 = networkManager.applicationSecurityGroups().define(asgName5)
+            .withRegion(region)
+            .withExistingResourceGroup(rgName)
+            .create();
+
+        ApplicationSecurityGroup asg6 = networkManager.applicationSecurityGroups().define(asgName6)
+            .withRegion(region)
+            .withExistingResourceGroup(rgName)
+            .create();
+
+        nsg.update()
+            .updateRule("rule2")
+                .withoutSourceApplicationSecurityGroup(asg2.id())
+                .withSourceApplicationSecurityGroup(asg5.id())
+                .parent()
+            .updateRule("rule3")
+                .withoutDestinationApplicationSecurityGroup(asg4.id())
+                .withDestinationApplicationSecurityGroup(asg6.id())
+                .parent()
+            .apply();
+
+        Assertions.assertEquals(2, nsg.securityRules().get("rule2").sourceApplicationSecurityGroupIds().size());
+        Assertions.assertEquals(2, nsg.securityRules().get("rule3").destinationApplicationSecurityGroupIds().size());
+        Assertions.assertEquals(new HashSet<>(Arrays.asList(asg.id(), asg5.id())), nsg.securityRules().get("rule2").sourceApplicationSecurityGroupIds());
+        Assertions.assertEquals(new HashSet<>(Arrays.asList(asg3.id(), asg6.id())), nsg.securityRules().get("rule3").destinationApplicationSecurityGroupIds());
+
+        networkManager.networkSecurityGroups().deleteById(nsg.id());
+    }
+}