azfw quickstarts

[cshea-msft]

Created two quickstarts for Azure Firewall.

Deploy Azure Firewall with Azure Policy
Deploy Azure Firewall with Azure Policy in a Secure Hub

The plan is to add these two quickstarts to the Firewall Manager docs. https://learn.microsoft.com/en-us/azure/firewall-manager/quick-secure-virtual-hub-bicep?tabs=CLI

[stemaMSFT]

The README.md here seems like a copy paste of the main.tf file, is there something more akin to the Bicep/ARM Template quickstarts? https://learn.microsoft.com/en-us/azure/firewall-manager/quick-secure-virtual-hub-bicep?tabs=CLI
Or was there a different intention for the README? For the code stuff, I think it looks fine, but I'll defer to @lonegunmanb to review and approve before kicking off E2E tests.

[grayzu]

Thanks for the PR!

Looks great. I have a few minor comments and questions.

[grayzu]

Is there a reason to set this to false?

[cshea-msft]

since this is quickstart its mainly used for testing so if they want to destroy and tear it down this will delete everything. I have run into issues in the past where some resources is hanging around and doesnt delete the resource group so this at least forces it all to be removed and customers dont have resources hanging around.

[cshea-msft]

can remove if needed.

[TomArcherMsft]

You're using a pattern where you're specifying a flag at the RG level to delete everything in the RG should the encompassed entity not automatically delete. However, many times, a lower-level entity has its own flag for this purpose. For example, let's say you have a VM with a disk. instead of using prevent_deletion_if_contains_resources at the RG level, you can use delete_data_disks_on_termination at the VM level, which deletes the disk when the VM is deleted. The Terraform PG prefers this latter pattern.

[cshea-msft]

got it thanks Tom, i updated it with the virtual machine feature.

[grayzu]

This should be marked as sensitive. Just add

sensitive = true

after default

[cshea-msft]

added senstive to the admin_password in the output.tf

[TomArcherMsft]

Added my comments.

[TomArcherMsft]

README.md file name needs to be renamed to lowercase.

[cshea-msft]

I did that and it broke it. There seems to be no consistency with other quickstarts since some are lower case and some are upper case.

[TomArcherMsft]

Yes, there is inconsistency as many samples were created before we started defining a standard for the samples. All new samples have a much higher bar than previous samples. However, we don't have the resources to go back and retroactively update every sample. Instead, we enforce the standards on new samples and when we need to fix older samples, we apply the standards then. The lack of consistency across the repo is why I referred to specific examples for you to follow in my comments.

[TomArcherMsft]

Please remove the plan output from this section. This section should just point to the article. See https://github.com/Azure/terraform/tree/master/quickstart/101-front-door-standard-premium. If you don't know the title and URL of the article, I'll update those values when I generate the article from this sample code.

[cshea-msft]

removed code. Doc is not ready yet. Can update once doc is published.

[TomArcherMsft]

To maintain consistency with the sample showing how to create a Windows VM, please generate the password as in the Windows VM creation article. Remember to output the randomly generated password.

[cshea-msft]

I updated the generate password to the main.tf and output.tf password for each vm following the docs. Please let me know if I need to fix it.

[cshea-msft]

README.md file name needs to be renamed to lowercase.

Happy to change it but it seems there is no consistency when looking at the different quickstarts.

[cshea-msft]

Please remove the plan output from this section. This section should just point to the article. See https://github.com/Azure/terraform/tree/master/quickstart/101-front-door-standard-premium. If you don't know the title and URL of the article, I'll update those values when I generate the article from this sample code.

This needs to be updated in other quickstarts because the plan output is in other readme's

[cshea-msft]

The README.md here seems like a copy paste of the main.tf file, is there something more akin to the Bicep/ARM Template quickstarts? https://learn.microsoft.com/en-us/azure/firewall-manager/quick-secure-virtual-hub-bicep?tabs=CLI Or was there a different intention for the README? For the code stuff, I think it looks fine, but I'll defer to @lonegunmanb to review and approve before kicking off E2E tests.

I was following the FIrewall terraform quickstart that had the plan output in the README. I removed the output from the README.

[cshea-msft]

@grayzu @TomArcherMsft Just checking in to see if there are any more changes are needed. Thanks!

[TomArcherMsft]

@grayzu @TomArcherMsft Just checking in to see if there are any more changes are needed. Thanks!

Hi, @cshea15. I wasn't aware that you were ready for another review. I'll do that either today or tomorrow. Thanks!

[cshea-msft]

@grayzu @TomArcherMsft Just checking in to see if there are any more changes are needed. Thanks!

Hi, @cshea15. I wasn't aware that you were ready for another review. I'll do that either today or tomorrow. Thanks!

no problem, I reviewed all the comments, made the changes, and added comments. Let me know if there is anything I missed. Thanks again!

[TomArcherMsft]

@cshea15 Reviewing now. Please do not push any new commits until I'm done. Thanks!

[TomArcherMsft]

@grayzu @lonegunmanb
cc: @cshea15

I've completed my review. Could you please review & merge when you get a chance? Thanks!

[lonegunmanb]

Thanks @cshea15, LGTM!