From b8ddf4c8378d9f9e60c1f2c0f333a729bb98fa11 Mon Sep 17 00:00:00 2001
From: Julio Castillo <jccb@google.com>
Date: Tue, 20 Dec 2022 03:57:42 +0100
Subject: [PATCH 1/2] Read ranges from correct fields in firewall factory

---
 modules/net-vpc-firewall/README.md | 23 +++++++++++++++++++++--
 modules/net-vpc-firewall/main.tf   |  4 ++--
 2 files changed, 23 insertions(+), 4 deletions(-)

diff --git a/modules/net-vpc-firewall/README.md b/modules/net-vpc-firewall/README.md
index 44101ce6..38304781 100644
--- a/modules/net-vpc-firewall/README.md
+++ b/modules/net-vpc-firewall/README.md
@@ -143,7 +143,7 @@ module "firewall" {
   }
   default_rules_config = { disabled = true }
 }
-# tftest modules=1 resources=1 files=lbs,cidrs
+# tftest modules=1 resources=3 files=lbs,cidrs
 ```
 
 ```yaml
@@ -151,7 +151,7 @@ module "firewall" {
 ingress:
   allow-healthchecks:
     description: Allow ingress from healthchecks.
-    ranges:
+    source_ranges:
       - healthchecks
     targets: ["lb-backends"]
     rules:
@@ -159,6 +159,25 @@ ingress:
         ports:
           - 80
           - 443
+  allow-service-1-to-service-2:
+    description: Allow ingress from service-1 SA
+    targets: ["service-2"]
+    use_service_accounts: true
+    sources:
+      - service-1@my-project.iam.gserviceaccount.com
+    rules:
+      - protocol: tcp
+        ports:
+          - 80
+          - 443
+egress:
+  block-telnet:
+    description: block outbound telnet
+    deny: true
+    rules:
+      - protocol: tcp
+        ports:
+          - 23
 ```
 
 ```yaml
diff --git a/modules/net-vpc-firewall/main.tf b/modules/net-vpc-firewall/main.tf
index a107565e..708b8844 100644
--- a/modules/net-vpc-firewall/main.tf
+++ b/modules/net-vpc-firewall/main.tf
@@ -29,12 +29,12 @@ locals {
           deny                 = try(rule.deny, false)
           rules                = try(rule.rules, [{ protocol = "all" }])
           description          = try(rule.description, null)
-          destination_ranges   = try(rule.ranges, null)
+          destination_ranges   = try(rule.destination_ranges, null)
           direction            = upper(direction)
           disabled             = try(rule.disabled, null)
           enable_logging       = try(rule.enable_logging, null)
           priority             = try(rule.priority, 1000)
-          source_ranges        = try(rule.ranges, null)
+          source_ranges        = try(rule.source_ranges, null)
           sources              = try(rule.sources, null)
           targets              = try(rule.targets, null)
           use_service_accounts = try(rule.use_service_accounts, false)

From aaf5a9013bb32e037bb950e20793b7c78a95412b Mon Sep 17 00:00:00 2001
From: Ludo <ludomagno@google.com>
Date: Tue, 20 Dec 2022 07:55:03 +0100
Subject: [PATCH 2/2] fix test

---
 .../fixture/config/firewall/load_balancers.yaml                 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tests/modules/net_vpc_firewall/fixture/config/firewall/load_balancers.yaml b/tests/modules/net_vpc_firewall/fixture/config/firewall/load_balancers.yaml
index f74f8e50..9e773273 100644
--- a/tests/modules/net_vpc_firewall/fixture/config/firewall/load_balancers.yaml
+++ b/tests/modules/net_vpc_firewall/fixture/config/firewall/load_balancers.yaml
@@ -15,7 +15,7 @@
 ingress:
   allow-healthchecks:
     description: Allow ingress from healthchecks.
-    ranges:
+    source_ranges:
       - healthchecks
     targets: ["lb-backends"]
     rules: