Azure
Azure Firewall policies & rule collections groups
Trying to run aztfexport query -n "resourceGroup =~ 'rg-example' and (type contains 'Microsoft.Network/firewallPolicies' or type contains 'Microsoft.Network/firewallPolicies/ruleCollectionGroups' or type contains 'Microsoft.Network/azureFirewalls')"
It'll export the state file and will show the firewall & firewall policy in the mapping file.. However there isn't any explicit config in the main.tf showing the rule collection groups , network rules , or application rules for us to modify . Seems like the rcgs aren't it's own seperate resource in Azure and nested under firewall policies. Is this possibly a limitation of the aztfexport tool?
I've tried running aztfexport query -n "resourceGroup =~ 'rg-example' and "type contains 'Microsoft.Network/firewallPolicies/ruleCollectionGroups'" and i get "Error: generating Terraform configuration: converting from state to configurations: converting terraform state to config: no state"
@ttaing3 The query command by default only list the resource types that are supported by ARG as it uses ARG query behind the scenes. Based on this, ARG only supports the firewallPolicies. In this case, you can use the --recursive option, to instruct the tool to heuristically discover any child resources under the resource list being queried. Addtionally, if you'd like to include the resource group in the final resource list, you can use the --include-resource-group option.
@magodo Thanks for the reply, I've tried a few variations with adding the flag to the query but no luck. Would you be able to give an example with the --recursive option?
I've used this command in my test:
aztfexport query --include-resource-group -r "resourceGroup =~ 'acctestRG-fwpolicy-RCG-123' and (type contains 'Microsoft.Network/firewallPolicies')"