Add option for forced tunneling through TRE's Firewall

[yuvalyaron]

Resolves #4237

What is being addressed

Added the option for force tunnel TRE's Firewall to an external firewall

How is this addressed

• Added firewall_force_tunnel_ip parameter to rp_bundle_values, when set, the following are created:
  • A route table to direct TRE traffic to the specified IP.
  • A public IP for firewall management.

After that, users have to manually connect TRE's VNet to the external firewall (e.g. through VNet Peering).

[github-actions]

Unit Test Results

0 tests   0 ✅  0s ⏱️
0 suites  0 💤
0 files    0 ❌

Results for commit c8d9dbc.

♻️ This comment has been updated with latest results.

[Copilot]

Copilot reviewed 5 out of 13 changed files in this pull request and generated 2 comments.

Files not reviewed (8)

• Makefile: Language not supported
• templates/shared_services/firewall/parameters.json: Language not supported
• templates/shared_services/firewall/template_schema.json: Language not supported
• templates/shared_services/firewall/terraform/firewall.tf: Language not supported
• templates/shared_services/firewall/terraform/routetable.tf: Language not supported
• templates/shared_services/firewall/terraform/variables.tf: Language not supported
• .github/workflows/build_validation_develop.yml: Evaluated as low risk
• .github/workflows/codeql-analysis.yml: Evaluated as low risk

[marrobi]

LGTM. Thank you!

[yuvalyaron]

/test

[github-actions]

🤖 pr-bot 🤖

🏃 Running tests: https://github.com/microsoft/AzureTRE/actions/runs/12656391688 (with refid 4f77b821)

(in response to this comment from @yuvalyaron)