Add support for Azure Firewall Manager Policy configurations and IP Groups

[lysacor]

SUMMARY

Create a new module, or set of modules, for managing Azure Firewall Manager Policies so Ansible playbooks can manage new style azure firewall policies that Microsoft has released.

ISSUE TYPE

• Feature Idea

COMPONENT NAME

Module name examples:
azure_rm_azurefirewallpolicy
azure_rm_azurefirewallpolicyrulecollectiongroup (or equivalent)
azure_rm_azurefirewallpolicy_info
azure_rm_azurefirewallpolicyrulecollectiongroup_info (or equivalent)
azure_rm_ipgroup
azure_rm_ipgroup_info

Additional documentation for the APIs and implementation processes for these items can be found here:
https://docs.microsoft.com/en-us/rest/api/virtualnetwork/firewallpolicies
https://docs.microsoft.com/en-us/rest/api/virtualnetwork/firewallpolicyrulecollectiongroups
https://docs.microsoft.com/en-us/azure/firewall-manager/quick-firewall-policy
https://docs.microsoft.com/en-us/azure/firewall-manager/ip-groups

I know it is kinda gauche to mention, but Hashicorp has already developed a module for Terraform for this, so similar implementations can be found here:
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/firewall_policy
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/firewall_policy_rule_collection_group
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/ip_group

ADDITIONAL INFORMATION

This feature would be used to manage the new style Azure Firewall Manager Policies to allow administrators to automate the creation and management of Azure Firewall Policy objects. Currently the only Azure Firewall management capabilities in the azcollection only allows management of the classic Azure Firewall rule sets.

Additionally adding an IP group module creation and info module extends the capability of Ansible for classic Azure Firewall rule sets and new Azure Firewall Manager Policy sets as well.

[jdemaree]

It would be nice to not have to switch contexts when Ansible, so far, has outpaced Terraform in usability in Azure networking.

[Fred-sun]

@lysacor azure_rm_ipgroup has been added by #528

[DII-dsward]

Does this include attaching Azure Firewall Policies to Azure Firewall? I checked the azure_rm_firewallpolicy.py and it returns which Azure Firewall it is attached to but there is nothing in the documentation indicating how to attach the policy to the firewall.

azure_rm_firewallpolicy.py

        provisioning_state:
            description:
                - The provisioning state of the resource.
            returned: always
            type: str
            sample: Succeeded
        firewalls:
            description:
                - List of references to Azure Firewalls that this Firewall Policy is associated with.
            returned: always
            type: list
            elements: dict
            sample: [
            {
              "id": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/myAzureResourceGroup/providers/
                     Microsoft.Network/azureFirewalls/azurefirewall"
            }
        ]

I was thinking something like:

# Create an Azure Firewall with pre-existing policy
- name: Create the Azure Firewall
  azure.azcollection.azure_rm_azurefirewall:
    resource_group: "vnet-rsg"
    name: "examplefirewall1"
    firewall_policy:
      id: "/subscriptions/{{ subscription_id }}/resourceGroups/vnet-rsg/providers/Microsoft.Network/firewallPolicies/examplefirewallpolicy1"
    state: "present"

or

# Create an Azure Firewall Policy with pre-existing Azure Firewall
- name: Create the Azure Firewall Policy
  azure.azcollection.azure_rm_firewallpolicy:
    resource_group: "vnet-rsg"
    name: "examplefirewallpolicy1"
    state: "present"
    firewall:
      id: "/subscriptions/{{ subscription_id }}/resourceGroups/vnet-rsg/providers/Microsoft.Network/firewalls/examplefirewall1"