terraform-google-modules
diff --git a/‎Makefile‎
Lines changed: 1 addition & 0 deletions b/‎Makefile‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎metadata.yaml‎
Lines changed: 303 additions & 180 deletions b/‎metadata.yaml‎
Lines changed: 303 additions & 180 deletions
diff --git a/‎modules/fabric-net-firewall/metadata.yaml‎
Lines changed: 188 additions & 180 deletions b/‎modules/fabric-net-firewall/metadata.yaml‎
Lines changed: 188 additions & 180 deletions
@@ -89,6 +89,7 @@ docker_restore_examples:
 .PHONY: docker_generate_docs
 docker_generate_docs:
 	docker run --rm -it \
+		-e ENABLE_BPMETADATA \
 		-v $(CURDIR):/workspace \
 		$(REGISTRY_URL)/${DOCKER_IMAGE_DEVELOPER_TOOLS}:${DOCKER_TAG_VERSION_DEVELOPER_TOOLS} \
 		/bin/bash -c 'source /usr/local/bin/task_helper_functions.sh && generate_docs'
 
@@ -1,4 +1,4 @@
-# Copyright 2022 Google LLC
+# Copyright 2024 Google LLC
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -19,183 +19,191 @@ metadata:
   annotations:
     config.kubernetes.io/local-config: "true"
 spec:
-  title: Google Cloud VPC Firewall
-  source:
-    repo: https://github.com/terraform-google-modules/terraform-google-network
-    sourceType: git
-  version: 9.1.0
-  actuationTool:
-    type: Terraform
-    version: '>= 0.13.0'
-  examples:
-  - name: basic_auto_mode
-    location: examples/basic_auto_mode
-  - name: basic_custom_mode
-    location: examples/basic_custom_mode
-  - name: basic_firewall_rule
-    location: examples/basic_firewall_rule
-  - name: basic_secondary_ranges
-    location: examples/basic_secondary_ranges
-  - name: basic_shared_vpc
-    location: examples/basic_shared_vpc
-  - name: basic_vpc_peering
-    location: examples/basic_vpc_peering
-  - name: delete_default_gateway_routes
-    location: examples/delete_default_gateway_routes
-  - name: firewall_logging
-    location: examples/firewall_logging
-  - name: ilb_routing
-    location: examples/ilb_routing
-  - name: multi_vpc
-    location: examples/multi_vpc
-  - name: network_service_tiers
-    location: examples/network_service_tiers
-  - name: packet_mirroring
-    location: examples/packet_mirroring
-  - name: private_service_connect
-    location: examples/private_service_connect
-  - name: private_service_connect_google_apis
-    location: examples/private_service_connect_google_apis
-  - name: routes
-    location: examples/routes
-  - name: secondary_ranges
-    location: examples/secondary_ranges
-  - name: simple_project
-    location: examples/simple_project
-  - name: simple_project_with_regional_network
-    location: examples/simple_project_with_regional_network
-  - name: submodule_firewall
-    location: examples/submodule_firewall
-  - name: submodule_network_peering
-    location: examples/submodule_network_peering
-  - name: submodule_svpc_access
-    location: examples/submodule_svpc_access
-  - name: submodule_vpc_serverless_connector
-    location: examples/submodule_vpc_serverless_connector
-  variables:
-  - name: admin_ranges
-    description: IP CIDR ranges that have complete access to all subnets.
-    type: list(string)
-    default: []
-    required: false
-  - name: admin_ranges_enabled
-    description: Enable admin ranges-based rules.
-    type: bool
-    default: false
-    required: false
-  - name: custom_rules
-    description: List of custom rule definitions (refer to variables file for syntax).
-    type: |-
-      map(object({
-          description          = string
-          direction            = string
-          action               = string # (allow|deny)
-          ranges               = list(string)
-          sources              = list(string)
-          targets              = list(string)
-          use_service_accounts = bool
-          rules = list(object({
-            protocol = string
-            ports    = list(string)
-          }))
-          extra_attributes = map(string)
-        }))
-    default: {}
-    required: false
-  - name: http_source_ranges
-    description: List of IP CIDR ranges for tag-based HTTP rule, defaults to 0.0.0.0/0.
-    type: list(string)
-    default:
-    - 0.0.0.0/0
-    required: false
-  - name: http_target_tags
-    description: List of target tags for tag-based HTTP rule, defaults to http-server.
-    type: list(string)
-    default:
-    - http-server
-    required: false
-  - name: https_source_ranges
-    description: List of IP CIDR ranges for tag-based HTTPS rule, defaults to 0.0.0.0/0.
-    type: list(string)
-    default:
-    - 0.0.0.0/0
-    required: false
-  - name: https_target_tags
-    description: List of target tags for tag-based HTTPS rule, defaults to https-server.
-    type: list(string)
-    default:
-    - https-server
-    required: false
-  - name: internal_allow
-    description: Allow rules for internal ranges.
-    type: |-
-      list(object({
-          protocol = string
-          ports    = optional(list(string))
-        }))
-    default:
-    - protocol: icmp
-    required: false
-  - name: internal_ranges
-    description: IP CIDR ranges for intra-VPC rules.
-    type: list(string)
-    default: []
-    required: false
-  - name: internal_ranges_enabled
-    description: Create rules for intra-VPC ranges.
-    type: bool
-    default: false
-    required: false
-  - name: internal_target_tags
-    description: List of target tags for intra-VPC rules.
-    type: list(string)
-    default: []
-    required: false
-  - name: network
-    description: Name of the network this set of firewall rules applies to.
-    type: string
-    required: true
-  - name: project_id
-    description: Project id of the project that holds the network.
-    type: string
-    required: true
-  - name: ssh_source_ranges
-    description: List of IP CIDR ranges for tag-based SSH rule, defaults to 0.0.0.0/0.
-    type: list(string)
-    default:
-    - 0.0.0.0/0
-    required: false
-  - name: ssh_target_tags
-    description: List of target tags for tag-based SSH rule, defaults to ssh.
-    type: list(string)
-    default:
-    - ssh
-    required: false
-  outputs:
-  - name: admin_ranges
-    description: Admin ranges data.
-  - name: custom_egress_allow_rules
-    description: Custom egress rules with allow blocks.
-  - name: custom_egress_deny_rules
-    description: Custom egress rules with allow blocks.
-  - name: custom_ingress_allow_rules
-    description: Custom ingress rules with allow blocks.
-  - name: custom_ingress_deny_rules
-    description: Custom ingress rules with deny blocks.
-  - name: internal_ranges
-    description: Internal ranges.
-  roles:
-  - level: Project
+  info:
+    title: Google Cloud VPC Firewall
+    source:
+      repo: https://github.com/terraform-google-modules/terraform-google-network.git
+      sourceType: git
+      dir: /modules/fabric-net-firewall
+    version: 9.1.0
+    actuationTool:
+      flavor: Terraform
+      version: ">= 1.3"
+    description: {}
+  content:
+    examples:
+      - name: basic_auto_mode
+        location: examples/basic_auto_mode
+      - name: basic_custom_mode
+        location: examples/basic_custom_mode
+      - name: basic_firewall_rule
+        location: examples/basic_firewall_rule
+      - name: basic_secondary_ranges
+        location: examples/basic_secondary_ranges
+      - name: basic_shared_vpc
+        location: examples/basic_shared_vpc
+      - name: basic_vpc_peering
+        location: examples/basic_vpc_peering
+      - name: bidirectional-firewall-rules
+        location: examples/bidirectional-firewall-rules
+      - name: delete_default_gateway_routes
+        location: examples/delete_default_gateway_routes
+      - name: firewall_logging
+        location: examples/firewall_logging
+      - name: global-network-firewall-policy
+        location: examples/global-network-firewall-policy
+      - name: hierarchical-firewall-policy
+        location: examples/hierarchical-firewall-policy
+      - name: ilb_routing
+        location: examples/ilb_routing
+      - name: multi_vpc
+        location: examples/multi_vpc
+      - name: network_service_tiers
+        location: examples/network_service_tiers
+      - name: packet_mirroring
+        location: examples/packet_mirroring
+      - name: private_service_connect
+        location: examples/private_service_connect
+      - name: private_service_connect_google_apis
+        location: examples/private_service_connect_google_apis
+      - name: regional-network-firewall-policy
+        location: examples/regional-network-firewall-policy
+      - name: routes
+        location: examples/routes
+      - name: secondary_ranges
+        location: examples/secondary_ranges
+      - name: simple_ipv6_project
+        location: examples/simple_ipv6_project
+      - name: simple_project
+        location: examples/simple_project
+      - name: simple_project_with_regional_network
+        location: examples/simple_project_with_regional_network
+      - name: submodule_firewall
+        location: examples/submodule_firewall
+      - name: submodule_network_peering
+        location: examples/submodule_network_peering
+      - name: submodule_svpc_access
+        location: examples/submodule_svpc_access
+      - name: submodule_vpc_serverless_connector
+        location: examples/submodule_vpc_serverless_connector
+  interfaces:
+    variables:
+      - name: admin_ranges
+        description: IP CIDR ranges that have complete access to all subnets.
+        varType: list(string)
+        defaultValue: []
+      - name: admin_ranges_enabled
+        description: Enable admin ranges-based rules.
+        varType: bool
+        defaultValue: false
+      - name: custom_rules
+        description: List of custom rule definitions (refer to variables file for syntax).
+        varType: |-
+          map(object({
+              description          = string
+              direction            = string
+              action               = string # (allow|deny)
+              ranges               = list(string)
+              sources              = list(string)
+              targets              = list(string)
+              use_service_accounts = bool
+              rules = list(object({
+                protocol = string
+                ports    = list(string)
+              }))
+              extra_attributes = map(string)
+            }))
+        defaultValue: {}
+      - name: http_source_ranges
+        description: List of IP CIDR ranges for tag-based HTTP rule, defaults to 0.0.0.0/0.
+        varType: list(string)
+        defaultValue:
+          - 0.0.0.0/0
+      - name: http_target_tags
+        description: List of target tags for tag-based HTTP rule, defaults to http-server.
+        varType: list(string)
+        defaultValue:
+          - http-server
+      - name: https_source_ranges
+        description: List of IP CIDR ranges for tag-based HTTPS rule, defaults to 0.0.0.0/0.
+        varType: list(string)
+        defaultValue:
+          - 0.0.0.0/0
+      - name: https_target_tags
+        description: List of target tags for tag-based HTTPS rule, defaults to https-server.
+        varType: list(string)
+        defaultValue:
+          - https-server
+      - name: internal_allow
+        description: Allow rules for internal ranges.
+        varType: |-
+          list(object({
+              protocol = string
+              ports    = optional(list(string))
+            }))
+        defaultValue:
+          - protocol: icmp
+      - name: internal_ranges
+        description: IP CIDR ranges for intra-VPC rules.
+        varType: list(string)
+        defaultValue: []
+      - name: internal_ranges_enabled
+        description: Create rules for intra-VPC ranges.
+        varType: bool
+        defaultValue: false
+      - name: internal_target_tags
+        description: List of target tags for intra-VPC rules.
+        varType: list(string)
+        defaultValue: []
+      - name: network
+        description: Name of the network this set of firewall rules applies to.
+        varType: string
+        required: true
+      - name: project_id
+        description: Project id of the project that holds the network.
+        varType: string
+        required: true
+      - name: ssh_source_ranges
+        description: List of IP CIDR ranges for tag-based SSH rule, defaults to 0.0.0.0/0.
+        varType: list(string)
+        defaultValue:
+          - 0.0.0.0/0
+      - name: ssh_target_tags
+        description: List of target tags for tag-based SSH rule, defaults to ssh.
+        varType: list(string)
+        defaultValue:
+          - ssh
+    outputs:
+      - name: admin_ranges
+        description: Admin ranges data.
+      - name: custom_egress_allow_rules
+        description: Custom egress rules with allow blocks.
+      - name: custom_egress_deny_rules
+        description: Custom egress rules with allow blocks.
+      - name: custom_ingress_allow_rules
+        description: Custom ingress rules with allow blocks.
+      - name: custom_ingress_deny_rules
+        description: Custom ingress rules with deny blocks.
+      - name: internal_ranges
+        description: Internal ranges.
+  requirements:
     roles:
-    - roles/compute.networkAdmin
-    - roles/compute.securityAdmin
-    - roles/iam.serviceAccountUser
-    - roles/vpcaccess.admin
-    - roles/serviceusage.serviceUsageAdmin
-    - roles/dns.admin
-  services:
-  - cloudresourcemanager.googleapis.com
-  - compute.googleapis.com
-  - serviceusage.googleapis.com
-  - vpcaccess.googleapis.com
-  - dns.googleapis.com
+      - level: Project
+        roles:
+          - roles/compute.networkAdmin
+          - roles/compute.securityAdmin
+          - roles/iam.serviceAccountUser
+          - roles/vpcaccess.admin
+          - roles/serviceusage.serviceUsageAdmin
+          - roles/dns.admin
+          - roles/resourcemanager.tagAdmin
+          - roles/iam.serviceAccountAdmin
+          - roles/compute.orgFirewallPolicyAdmin
+    services:
+      - cloudresourcemanager.googleapis.com
+      - compute.googleapis.com
+      - serviceusage.googleapis.com
+      - vpcaccess.googleapis.com
+      - dns.googleapis.com
+      - networksecurity.googleapis.com
+      - iam.googleapis.com