# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#      http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

values:
  # the following 4 rules are already tested by simple.yaml
  module.firewall.google_compute_firewall.allow-admins[0]: {}
  module.firewall.google_compute_firewall.allow-tag-http[0]: {}
  module.firewall.google_compute_firewall.allow-tag-https[0]: {}
  module.firewall.google_compute_firewall.allow-tag-ssh[0]: {}
  module.firewall.google_compute_firewall.custom-rules["allow-egress-rfc1918"]:
    allow:
    - ports: []
      protocol: all
    deny: []
    description: Allow egress to RFC 1918 ranges.
    destination_ranges:
    - 10.0.0.0/8
    - 172.16.0.0/12
    - 192.168.0.0/16
    direction: EGRESS
    disabled: false
    log_config: []
    name: allow-egress-rfc1918
    network: my-network
    priority: 1000
    project: my-project
    source_ranges: null
    source_service_accounts: null
    source_tags: null
    target_service_accounts: null
    target_tags: null
  module.firewall.google_compute_firewall.custom-rules["allow-egress-tag"]:
    allow:
    - ports: []
      protocol: all
    deny: []
    description: Allow egress from a specific tag to 0/0.
    destination_ranges:
    - 0.0.0.0/0
    direction: EGRESS
    disabled: false
    log_config: []
    name: allow-egress-tag
    network: my-network
    priority: 1000
    project: my-project
    source_ranges: null
    source_service_accounts: null
    source_tags: null
    target_service_accounts: null
    target_tags:
    - target-tag
  module.firewall.google_compute_firewall.custom-rules["allow-ingress-ntp"]:
    allow:
    - ports:
      - '123'
      protocol: udp
    deny: []
    description: Allow NTP service based on tag.
    direction: INGRESS
    disabled: false
    log_config: []
    name: allow-ingress-ntp
    network: my-network
    priority: 1000
    project: my-project
    source_ranges:
    - 0.0.0.0/0
    source_service_accounts: null
    source_tags: null
    target_service_accounts: null
    target_tags:
    - ntp-svc
  module.firewall.google_compute_firewall.custom-rules["allow-ingress-tag"]:
    allow:
    - ports: []
      protocol: all
    deny: []
    description: Allow ingress from a specific tag.
    direction: INGRESS
    disabled: false
    log_config: []
    name: allow-ingress-tag
    network: my-network
    priority: 1000
    project: my-project
    source_ranges: null
    source_service_accounts: null
    source_tags:
    - client-tag
    target_service_accounts: null
    target_tags:
    - target-tag
  module.firewall.google_compute_firewall.custom-rules["deny-egress-all"]:
    allow: []
    deny:
    - ports: []
      protocol: all
    description: Block egress.
    destination_ranges:
    - 0.0.0.0/0
    direction: EGRESS
    disabled: false
    log_config: []
    name: deny-egress-all
    network: my-network
    priority: 1000
    project: my-project
    source_ranges: null
    source_service_accounts: null
    source_tags: null
    target_service_accounts: null
    target_tags: null

counts:
  google_compute_firewall: 9