support application security group in network interface (#52450)

test/integration/targets/azure_rm_networkinterface/aliases

@@ -1,3 +1,4 @@
 cloud/azure
 shippable/azure/group5
 destructive
+azure_rm_applicationsecuritygroup

test/integration/targets/azure_rm_networkinterface/tasks/main.yml

@@ -1,6 +1,9 @@
 - name: Prepare random number
   set_fact:
     rpfx: "{{ resource_group | hash('md5') | truncate(7, True, '') }}{{ 1000 | random }}"
+    applicationsecuritygroup_name1: "asg{{ resource_group | hash('md5') | truncate(5, True, '') }}{{ 1000 | random }}"
+    applicationsecuritygroup_name2: "asg{{ resource_group | hash('md5') | truncate(5, True, '') }}{{ 1000 | random }}"
+    nic_name1: "nic1{{ resource_group | hash('md5') | truncate(5, True, '') }}{{ 1000 | random }}"
   run_once: yes
 
 - name: Create virtual network
@@ -319,6 +322,139 @@
       - output.state.ip_configurations[0].public_ip_address.name == "tn{{ rpfx }}"
       - output.state.enable_accelerated_networking
 
+- name: Create application security group(check mode)
+  azure_rm_applicationsecuritygroup:
+      resource_group: "{{ resource_group }}"
+      name: "{{ applicationsecuritygroup_name1 }}"
+      tags:
+          testing: testing
+  check_mode: yes
+  register: output
+
+- name: Assert check mode creation
+  assert:
+    that:
+      - output.changed
+
+- name: Create Application security group
+  azure_rm_applicationsecuritygroup:
+    resource_group: "{{ resource_group }}"
+    name: "{{ applicationsecuritygroup_name1 }}"
+    tags:
+        testing: testing
+  register: output
+
+- name: Assert application security group creation
+  assert:
+    that:
+      - output.changed
+      - output.id != ''
+
+- name: Create application security group (idempotent)
+  azure_rm_applicationsecuritygroup:
+      resource_group: "{{ resource_group }}"
+      name: "{{ applicationsecuritygroup_name1 }}"
+      tags:
+          testing: testing
+  register: output
+
+- name: Assert idempotent
+  assert:
+    that:
+      - not output.changed
+
+- name: Update application security group
+  azure_rm_applicationsecuritygroup:
+      resource_group: "{{ resource_group }}"
+      name: "{{ applicationsecuritygroup_name1 }}"
+      tags:
+          testing: testing
+          foo: bar
+  register: output
+
+- name: Assert update
+  assert:
+    that:
+      - output.changed
+
+- name: Create Application security group in secondary resource group
+  azure_rm_applicationsecuritygroup:
+    resource_group: "{{ resource_group_secondary }}"
+    name: "{{ applicationsecuritygroup_name2 }}"
+  register: asg
+
+- name: Create Nic with application security groups
+  azure_rm_networkinterface:
+    resource_group: "{{ resource_group }}"
+    name: "{{ nic_name1 }}"
+    virtual_network: "{{ vn.state.id }}"
+    subnet: "tn{{ rpfx }}"
+    create_with_security_group: True
+    public_ip: False
+    ip_configurations:
+      - name: ipconfig1
+        application_security_groups:
+          - "{{ applicationsecuritygroup_name1 }}"
+          - "{{ asg.id }}"
+        primary: True
+  register: output
+
+- name: assert creation succeeded
+  assert:
+    that:
+      - output.changed
+
+- name: Create Nic with application security groups (idempotent)
+  azure_rm_networkinterface:
+    resource_group: "{{ resource_group }}"
+    name: "{{ nic_name1 }}"
+    virtual_network: "{{ vn.state.id }}"
+    subnet: "tn{{ rpfx }}"
+    create_with_security_group: True
+    public_ip: False
+    ip_configurations:
+      - name: ipconfig1
+        application_security_groups:
+          - "{{ asg.id }}"
+          - "{{ applicationsecuritygroup_name1 }}"
+        primary: True
+  register: output
+
+- name: assert idempotent
+  assert:
+    that:
+      - not output.changed
+
+- name: Update Nic with application security groups
+  azure_rm_networkinterface:
+    resource_group: "{{ resource_group }}"
+    name: "{{ nic_name1 }}"
+    virtual_network: "{{ vn.state.id }}"
+    subnet: "tn{{ rpfx }}"
+    create_with_security_group: True
+    public_ip: False
+    ip_configurations:
+      - name: ipconfig1
+        application_security_groups:
+          - "{{ applicationsecuritygroup_name1 }}"
+        primary: True
+  register: output
+
+- name: assert update succeeded
+  assert:
+    that:
+      - output.changed
+
+- name: Get fact of the new created NIC
+  azure_rm_networkinterface_facts:
+    resource_group: "{{ resource_group }}"
+    name: "{{ nic_name1 }}"
+  register: facts
+
+- assert:
+    that:
+      - "facts.networkinterfaces[0].ip_configurations[0].application_security_groups | length == 1"
+
 - name: Delete the NIC (check mode)
   azure_rm_networkinterface:
       resource_group: "{{ resource_group }}"
@@ -364,3 +500,41 @@
     name: "pip{{ rpfx }}"
     resource_group: '{{ resource_group }}'
     state: absent
+
+- name: Delete the NIC
+  azure_rm_networkinterface:
+      resource_group: "{{ resource_group }}"
+      name: "{{ nic_name1 }}"
+      state: absent
+
+- name: Delete the application security group (check mode)
+  azure_rm_applicationsecuritygroup:
+      resource_group: "{{ resource_group }}"
+      name: "{{ applicationsecuritygroup_name1 }}"
+      state: absent
+  check_mode: yes
+  register: output
+
+- name: Assert delete check mode
+  assert:
+      that:
+        - output.changed
+
+- name: Delete the application security group
+  azure_rm_applicationsecuritygroup:
+      resource_group: "{{ resource_group }}"
+      name: "{{ applicationsecuritygroup_name1 }}"
+      state: absent
+  register: output
+
+- name: Assert the deletion
+  assert:
+      that:
+        - output.changed
+
+- name: Delete second application security group
+  azure_rm_applicationsecuritygroup:
+      resource_group: "{{ resource_group_secondary }}"
+      name: "{{ applicationsecuritygroup_name2 }}"
+      state: absent
+  register: output