hashicorp / terraform-provider-azurerm

Terraform provider for Azure Resource Manager
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs
Mozilla Public License 2.0
4.59k stars 4.63k forks source link

Support for firewall policy association with security providers- Azure Firewall #16436

Open chanakanissanka opened 2 years ago

chanakanissanka commented 2 years ago

Is there an existing issue for this?

Community Note

Description

Hi There,

This came through during our recent azure firewall module creation via terraform 1.0.11. We are creating AZ firewall, policies all via terraform and once it's deployed still there is a manual-click ops part remains which is adding policy under "security providers" Screenshot 2022-04-19 135544 In the sake of total automation do we have a workaround to this ? or am I missing something here ?

New or Affected Resource(s)/Data Source(s)

azurerm_firewall_policy,azurerm_firewall

Potential Terraform Configuration

resource "azurerm_firewall_policy_associate" "example" {
  name                = "example-policy"
  resource_group_name = azurerm_resource_group.example.name
  location            = azurerm_resource_group.example.location
}

References

No response

sinbai commented 2 years ago

@chanakanissanka thank you for posting this issue here. Could you please provide your terraform config that could help reproduce the above symptom?

chanakanissanka commented 2 years ago

@mbfrahry Apologies for taking the time to come back as I was away on a break. terraform config is as follows 1.) We are creating the firewall as part of the HUB-Spoke deployment model. https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/firewall 2.) Then we create policies for it. https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/firewall_network_rule_collection

Once these steps are done we need to log into GUI to associate our firewall policy with the virtual network. Don't seem to be able to find a terraform code to it.

let me know if this is clear enough. if not I will change the code piece and upload it to make it more sense.

gradinDotCom commented 2 years ago

Specifically, the Security Provider policy assignment that associates a policy to a VNET... image

michaelrechani commented 2 years ago

@sinbai, any update here? This is a bummer to not be able to fully automate the deployment of an Azure Firewall.

chanakanissanka commented 2 years ago

@michaelrechani, No update yet . any possibility to get CLI or SDK details so that we can give it a go

archmangler commented 2 years ago

Any update on this? It looks like 'ClickOps' is the only way to associate AFW policy with an AFW at present.

spcdw commented 1 year ago

Any update on this?

danwernickeFM commented 1 year ago

The firewall_policy_id in the firewall resource seems to solve this?

https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/firewall#firewall_policy_id

EldinEgrlic commented 4 months ago

I can confirm, it works if you associate firewall_policy_id in the firewall resource. You can ignore the virtual hub part of the code (it worked in my case at least)