Fix rule id and names

modules/net-vpc-firewall-policy/main.tf

@@ -17,11 +17,11 @@
 locals {
   _rules_egress = {
     for name, rule in merge(var.egress_rules) :
-    "egress/${name}" => merge(rule, { direction = "EGRESS" })
+    "egress/${name}" => merge(rule, { name = name, direction = "EGRESS" })
   }
   _rules_ingress = {
     for name, rule in merge(var.ingress_rules) :
-    "ingress/${name}" => merge(rule, { direction = "INGRESS" })
+    "ingress/${name}" => merge(rule, { name = name, direction = "INGRESS" })
   }
   rules = merge(
     local.factory_egress_rules, local.factory_ingress_rules,

modules/net-vpc-firewall-policy/net-global.tf

@@ -40,7 +40,7 @@ resource "google_compute_network_firewall_policy_rule" "net-global" {
   )
   project                 = var.parent_id
   firewall_policy         = google_compute_network_firewall_policy.net-global.0.name
-  rule_name               = each.key
+  rule_name               = local.rules[each.key].name
   action                  = local.rules[each.key].action
   description             = local.rules[each.key].description
   direction               = local.rules[each.key].direction

modules/net-vpc-firewall-policy/net-regional.tf

@@ -43,7 +43,7 @@ resource "google_compute_region_network_firewall_policy_rule" "net-regional" {
   project                 = var.parent_id
   region                  = var.region
   firewall_policy         = google_compute_region_network_firewall_policy.net-regional.0.name
-  rule_name               = each.key
+  rule_name               = local.rules[each.key].name
   action                  = local.rules[each.key].action
   description             = local.rules[each.key].description
   direction               = local.rules[each.key].direction

tests/modules/net_vpc_firewall_policy/examples/factory.yaml

@@ -11,15 +11,14 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
-
 values:
   module.firewall-policy.google_compute_firewall_policy.hierarchical[0]:
     parent: folders/1234567890
     short_name: test-1
   module.firewall-policy.google_compute_firewall_policy_association.hierarchical["test"]:
     attachment_target: folders/4567890123
     name: test-1-test
-  module.firewall-policy.google_compute_firewall_policy_rule.hierarchical["icmp"]:
+  module.firewall-policy.google_compute_firewall_policy_rule.hierarchical["egress/icmp"]:
     action: allow
     direction: INGRESS
     disabled: false
@@ -42,7 +41,7 @@ values:
     priority: 1000
     target_resources: null
     target_service_accounts: null
-  module.firewall-policy.google_compute_firewall_policy_rule.hierarchical["smtp"]:
+  module.firewall-policy.google_compute_firewall_policy_rule.hierarchical["ingress/smtp"]:
     action: deny
     direction: EGRESS
     disabled: false
@@ -68,7 +67,7 @@ values:
     priority: 900
     target_resources: null
     target_service_accounts: null
-  module.firewall-policy.google_compute_firewall_policy_rule.hierarchical["ssh"]:
+  module.firewall-policy.google_compute_firewall_policy_rule.hierarchical["ingress/ssh"]:
     action: allow
     direction: INGRESS
     disabled: false
@@ -97,4 +96,3 @@ counts:
   google_compute_firewall_policy: 1
   google_compute_firewall_policy_association: 1
   google_compute_firewall_policy_rule: 3
-

tests/modules/net_vpc_firewall_policy/examples/global-net.yaml

@@ -45,7 +45,7 @@ values:
       src_threat_intelligences: null
     priority: 900
     project: my-project
-    rule_name: egress/smtp
+    rule_name: smtp
     target_secure_tags: []
     target_service_accounts: null
   module.firewall-policy.google_compute_network_firewall_policy_rule.net-global["ingress/icmp"]:
@@ -72,7 +72,7 @@ values:
       src_threat_intelligences: null
     priority: 1000
     project: my-project
-    rule_name: ingress/icmp
+    rule_name: icmp
     target_secure_tags: []
     target_service_accounts: null
   module.firewall-policy.google_compute_network_firewall_policy_rule.net-global["ingress/mgmt"]:
@@ -99,7 +99,7 @@ values:
       src_threat_intelligences: null
     priority: 1001
     project: my-project
-    rule_name: ingress/mgmt
+    rule_name: mgmt
     target_secure_tags: []
     target_service_accounts: null
   module.firewall-policy.google_compute_network_firewall_policy_rule.net-global["ingress/ssh"]:
@@ -127,7 +127,7 @@ values:
       src_threat_intelligences: null
     priority: 1002
     project: my-project
-    rule_name: ingress/ssh
+    rule_name: ssh
     target_secure_tags: []
     target_service_accounts: null
 

tests/modules/net_vpc_firewall_policy/examples/regional-net.yaml

@@ -17,6 +17,7 @@ values:
     name: test-1
     project: my-project
     region: europe-west8
+  module.firewall-policy.google_compute_region_network_firewall_policy_association.net-regional["my-vpc"]:
     firewall_policy: test-1
     name: test-1-my-vpc
     project: my-project
@@ -47,7 +48,7 @@ values:
     priority: 900
     project: my-project
     region: europe-west8
-    rule_name: egress/smtp
+    rule_name: smtp
     target_secure_tags: []
     target_service_accounts: null
   module.firewall-policy.google_compute_region_network_firewall_policy_rule.net-regional["ingress/icmp"]:
@@ -75,11 +76,10 @@ values:
     priority: 1000
     project: my-project
     region: europe-west8
-    rule_name: ingress/icmp
+    rule_name: icmp
     target_secure_tags: []
     target_service_accounts: null
 
-
 counts:
   google_compute_region_network_firewall_policy: 1
   google_compute_region_network_firewall_policy_association: 1