Extend tfdoc to generate TOCs

modules/artifact-registry/README.md

@@ -2,6 +2,14 @@
 
 This module simplifies the creation of repositories using Google Cloud Artifact Registry.
 
+<!-- BEGIN TOC -->
+- [Standard Repository](#standard-repository)
+- [Remote and Virtual Repositories](#remote-and-virtual-repositories)
+- [Additional Docker and Maven Options](#additional-docker-and-maven-options)
+- [Variables](#variables)
+- [Outputs](#outputs)
+<!-- END TOC -->
+
 ## Standard Repository
 
 ```hcl

modules/cloud-run/README.md

@@ -4,13 +4,21 @@ Cloud Run management, with support for IAM roles, revision annotations and optio
 
 ## Examples
 
-- [IAM and environment variables](#iam-and-environment-variables)
-- [Mounting secrets as volumes](#mounting-secrets-as-volumes)
-- [Revision annotations](#revision-annotations)
-- [VPC Access Connector creation](#vpc-access-connector-creation)
-- [Traffic split](#traffic-split)
-- [Eventarc triggers](#eventarc-triggers)
-- [Service account](#service-account)
+<!-- BEGIN TOC -->
+- [Examples](#examples)
+  - [IAM and environment variables](#iam-and-environment-variables)
+  - [Mounting secrets as volumes](#mounting-secrets-as-volumes)
+  - [Revision annotations](#revision-annotations)
+  - [VPC Access Connector creation](#vpc-access-connector-creation)
+  - [Traffic split](#traffic-split)
+  - [Eventarc triggers](#eventarc-triggers)
+    - [PubSub](#pubsub)
+    - [Audit logs](#audit-logs)
+    - [Using custom service accounts for triggers](#using-custom-service-accounts-for-triggers)
+  - [Service account](#service-account)
+- [Variables](#variables)
+- [Outputs](#outputs)
+<!-- END TOC -->
 
 ### IAM and environment variables
 

modules/compute-vm/README.md

@@ -9,25 +9,32 @@ In both modes, an optional service account can be created and assigned to either
 
 ## Examples
 
-- [Instance using defaults](#instance-using-defaults)
-- [Service account management](#service-account-management)
-- [Disk management](#disk-management)
-  - [Disk sources](#disk-sources)
-  - [Disk types and options](#disk-types-and-options)
-  - [Boot disk as an independent resource](#boot-disk-as-an-independent-resource)
-- [Network interfaces](#network-interfaces)
-  - [Internal and external IPs](#internal-and-external-ips)
-  - [Using Alias IPs](#using-alias-ips)
-  - [Using gVNIC](#using-gvnic)
-- [Metadata](#metadata)
-- [IAM](#iam)
-- [Spot VM](#spot-vm)
-- [Confidential compute](#confidential-compute)
-- [Disk encryption with Cloud KMS](#disk-encryption-with-cloud-kms)
-- [Instance template](#instance-template)
-- [Instance group](#instance-group)
-- [Instance Schedule](#instance-schedule)
-- [Snapshot Schedules](#snapshot-schedules)
+
+<!-- BEGIN TOC -->
+- [Examples](#examples)
+  - [Instance using defaults](#instance-using-defaults)
+  - [Service account management](#service-account-management)
+  - [Disk management](#disk-management)
+    - [Disk sources](#disk-sources)
+    - [Disk types and options](#disk-types-and-options)
+    - [Boot disk as an independent resource](#boot-disk-as-an-independent-resource)
+  - [Network interfaces](#network-interfaces)
+    - [Internal and external IPs](#internal-and-external-ips)
+    - [Using Alias IPs](#using-alias-ips)
+    - [Using gVNIC](#using-gvnic)
+  - [Metadata](#metadata)
+  - [IAM](#iam)
+  - [Spot VM](#spot-vm)
+  - [Confidential compute](#confidential-compute)
+  - [Disk encryption with Cloud KMS](#disk-encryption-with-cloud-kms)
+  - [Instance template](#instance-template)
+  - [Instance group](#instance-group)
+  - [Instance Schedule](#instance-schedule)
+  - [Snapshot Schedules](#snapshot-schedules)
+- [Variables](#variables)
+- [Outputs](#outputs)
+- [TODO](#todo)
+<!-- END TOC -->
 
 ### Instance using defaults
 

modules/folder/README.md

@@ -2,17 +2,22 @@
 
 This module allows the creation and management of folders, including support for IAM bindings, organization policies, and hierarchical firewall rules.
 
-## Features
 
+<!-- BEGIN TOC -->
+- [Basic example with IAM bindings](#basic-example-with-iam-bindings)
 - [IAM](#iam)
-- [Organization Policies](#organization-policies)
-  - [Factory](#organization-policy-factory)
+- [Organization policies](#organization-policies)
+  - [Organization Policy Factory](#organization-policy-factory)
 - [Hierarchical Firewall Policies](#hierarchical-firewall-policies)
-  - [Directly Defined](#directly-defined-firewall-policies)
-  - [Factory](#firewall-policy-factory)
+  - [Directly Defined Firewall Policies](#directly-defined-firewall-policies)
+  - [Firewall Policy Factory](#firewall-policy-factory)
 - [Log Sinks](#log-sinks)
 - [Data Access Logs](#data-access-logs)
 - [Tags](#tags)
+- [Files](#files)
+- [Variables](#variables)
+- [Outputs](#outputs)
+<!-- END TOC -->
 
 ## Basic example with IAM bindings
 

modules/net-lb-app-ext/README.md

@@ -6,20 +6,32 @@ Due to the complexity of the underlying resources, changes to the configuration
 
 ## Examples
 
-- [Minimal HTTP Example](#minimal-http-example)
-- [Minimal HTTPS Examples](#minimal-https-examples)
-- [Health Checks](#health-checks)
-- [Backend Types and Management](#backend-types-and-management)
-  - [Instance Groups](#instance-groups)
-  - [Storage Buckets](#storage-buckets)
-  - [Network Endpoint Groups](#network-endpoint-groups-negs)
-  - [Zonal NEGs](#zonal-neg-creation)
-  - [Hybrid NEGs](#hybrid-neg-creation)
-  - [Internet NEGs](#internet-neg-creation)
-  - [Serverless NEGs](#serverless-neg-creation)
-- [URL Map](#url-map)
-- [SSL Certificates](#ssl-certificates)
-- [Complex Example](#complex-example)
+<!-- BEGIN TOC -->
+- [Examples](#examples)
+  - [Minimal HTTP Example](#minimal-http-example)
+  - [Minimal HTTPS examples](#minimal-https-examples)
+    - [HTTP backends](#http-backends)
+    - [HTTPS backends](#https-backends)
+  - [Classic vs Non-classic](#classic-vs-non-classic)
+  - [Health Checks](#health-checks)
+  - [Backend Types and Management](#backend-types-and-management)
+    - [Instance Groups](#instance-groups)
+    - [Managed Instance Groups](#managed-instance-groups)
+    - [Storage Buckets](#storage-buckets)
+    - [Network Endpoint Groups (NEGs)](#network-endpoint-groups-negs)
+    - [Zonal NEG creation](#zonal-neg-creation)
+    - [Hybrid NEG creation](#hybrid-neg-creation)
+    - [Internet NEG creation](#internet-neg-creation)
+    - [Private Service Connect NEG creation](#private-service-connect-neg-creation)
+    - [Serverless NEG creation](#serverless-neg-creation)
+  - [URL Map](#url-map)
+  - [SSL Certificates](#ssl-certificates)
+  - [Complex example](#complex-example)
+- [Files](#files)
+- [Variables](#variables)
+- [Outputs](#outputs)
+<!-- END TOC -->
+
 
 ### Minimal HTTP Example
 

modules/net-lb-app-int/README.md

@@ -6,14 +6,24 @@ Due to the complexity of the underlying resources, changes to the configuration
 
 ## Examples
 
-- [Minimal Example](#minimal-example)
-- [Cross-project Backend Services](#cross-project-backend-services)
-- [Health Checks](#health-checks)
-- [Instance Groups](#instance-groups)
-- [Network Endpoint Groups](#network-endpoint-groups-negs)
-- [URL Map](#url-map)
-- [SSL Certificates](#ssl-certificates)
-- [Complex Example](#complex-example)
+<!-- BEGIN TOC -->
+- [Examples](#examples)
+  - [Minimal Example](#minimal-example)
+  - [Cross-project backend services](#cross-project-backend-services)
+  - [Health Checks](#health-checks)
+  - [Instance Groups](#instance-groups)
+  - [Network Endpoint Groups (NEGs)](#network-endpoint-groups-negs)
+    - [Zonal NEG creation](#zonal-neg-creation)
+    - [Hybrid NEG creation](#hybrid-neg-creation)
+    - [Serverless NEG creation](#serverless-neg-creation)
+    - [Private Service Connect NEG creation](#private-service-connect-neg-creation)
+  - [URL Map](#url-map)
+  - [SSL Certificates](#ssl-certificates)
+  - [Complex example](#complex-example)
+- [Files](#files)
+- [Variables](#variables)
+- [Outputs](#outputs)
+<!-- END TOC -->
 
 ### Minimal Example
 

modules/net-vpc/README.md

@@ -4,23 +4,24 @@ This module allows creation and management of VPC networks including subnetworks
 
 ## Examples
 
-- [VPC module](#vpc-module)
-  - [Examples](#examples)
-    - [Simple VPC](#simple-vpc)
-    - [Subnet Options](#subnet-options)
-    - [Subnet IAM](#subnet-iam)
-    - [Peering](#peering)
-    - [Shared VPC](#shared-vpc)
-    - [Private Service Networking](#private-service-networking)
-    - [Private Service Networking with peering routes](#private-service-networking-with-peering-routes)
-    - [Subnets for Private Service Connect, Proxy-only subnets](#subnets-for-private-service-connect-proxy-only-subnets)
-    - [DNS Policies](#dns-policies)
-    - [Subnet Factory](#subnet-factory)
-    - [Custom Routes](#custom-routes)
-    - [Private Google Access routes](#private-google-access-routes)
-    - [Allow Firewall Policy to be evaluated before Firewall Rules](#allow-firewall-policy-to-be-evaluated-before-firewall-rules)
-  - [Variables](#variables)
-  - [Outputs](#outputs)
+<!-- BEGIN TOC -->
+- [Examples](#examples)
+  - [Simple VPC](#simple-vpc)
+  - [Subnet Options](#subnet-options)
+  - [Subnet IAM](#subnet-iam)
+  - [Peering](#peering)
+  - [Shared VPC](#shared-vpc)
+  - [Private Service Networking](#private-service-networking)
+  - [Private Service Networking with peering routes](#private-service-networking-with-peering-routes)
+  - [Subnets for Private Service Connect, Proxy-only subnets](#subnets-for-private-service-connect-proxy-only-subnets)
+  - [DNS Policies](#dns-policies)
+  - [Subnet Factory](#subnet-factory)
+  - [Custom Routes](#custom-routes)
+  - [Private Google Access routes](#private-google-access-routes)
+  - [Allow Firewall Policy to be evaluated before Firewall Rules](#allow-firewall-policy-to-be-evaluated-before-firewall-rules)
+- [Variables](#variables)
+- [Outputs](#outputs)
+<!-- END TOC -->
 
 ### Simple VPC
 

modules/organization/README.md

@@ -10,20 +10,26 @@ This module allows managing several organization properties:
 
 To manage organization policies, the `orgpolicy.googleapis.com` service should be enabled in the quota project.
 
-## Features
-
+## TOC
+<!-- BEGIN TOC -->
+- [TOC](#toc)
+- [Example](#example)
 - [IAM](#iam)
 - [Organization Policies](#organization-policies)
-  - [Factory](#organization-policy-factory)
-  - [Custom Constraints](#organization-policy-custom-constraints)
-  - [Custom Constraints Factory](#organization-policy-custom-constraints-factory)
+  - [Organization Policy Factory](#organization-policy-factory)
+  - [Organization Policy Custom Constraints](#organization-policy-custom-constraints)
+  - [Organization Policy Custom Constraints Factory](#organization-policy-custom-constraints-factory)
 - [Hierarchical Firewall Policies](#hierarchical-firewall-policies)
-  - [Directly Defined](#directly-defined-firewall-policies)
-  - [Factory](#firewall-policy-factory)
+  - [Directly Defined Firewall Policies](#directly-defined-firewall-policies)
+  - [Firewall Policy Factory](#firewall-policy-factory)
 - [Log Sinks](#log-sinks)
 - [Data Access Logs](#data-access-logs)
 - [Custom Roles](#custom-roles)
 - [Tags](#tags)
+- [Files](#files)
+- [Variables](#variables)
+- [Outputs](#outputs)
+<!-- END TOC -->
 
 ## Example
 
@@ -524,6 +530,8 @@ module "org" {
 ```
 
 <!-- TFDOC OPTS files:1 -->
+
+
 <!-- BEGIN TFDOC -->
 
 ## Files
@@ -583,5 +591,4 @@ module "org" {
 | [sink_writer_identities](outputs.tf#L103) | Writer identities created for each sink. |  |
 | [tag_keys](outputs.tf#L111) | Tag key resources. |  |
 | [tag_values](outputs.tf#L120) | Tag value resources. |  |
-
 <!-- END TFDOC -->

modules/project/README.md

@@ -2,23 +2,30 @@
 
 This module implements the creation and management of one GCP project including IAM, organization policies, Shared VPC host or service attachment, service API activation, and tag attachment. It also offers a convenient way to refer to managed service identities (aka robot service accounts) for APIs.
 
-## Features
+## TOC
 
+<!-- BEGIN TOC -->
+- [TOC](#toc)
 - [Basic Project Creation](#basic-project-creation)
 - [IAM](#iam)
-  - [Authoritative](#authoritative-iam)
-  - [Additive](#additive-iam)
-  - [Additive By Member](#additive-iam-by-member)
+  - [Authoritative IAM](#authoritative-iam)
+  - [Additive IAM](#additive-iam)
+  - [Additive IAM by Member](#additive-iam-by-member)
   - [Service Identities and Authoritative IAM](#service-identities-and-authoritative-iam)
-  - [Using Shortcodes for Service Identities](#using-shortcodes-for-service-identities-in-additive-iam)
-  - [Service Identities and Manual IAM Grants](#service-identities-requiring-manual-iam-grants)
+  - [Using Shortcodes for Service Identities in Additive Iam](#using-shortcodes-for-service-identities-in-additive-iam)
+  - [Service Identities Requiring Manual Iam Grants](#service-identities-requiring-manual-iam-grants)
 - [Shared VPC](#shared-vpc)
 - [Organization Policies](#organization-policies)
-  - [Factory](#organization-policy-factory)
+  - [Organization Policy Factory](#organization-policy-factory)
 - [Log Sinks](#log-sinks)
 - [Data Access Logs](#data-access-logs)
-- [Cloud KMS Encryption Keys](#cloud-kms-encryption-keys)
+- [Cloud Kms Encryption Keys](#cloud-kms-encryption-keys)
 - [Tags](#tags)
+- [Outputs](#outputs)
+- [Files](#files)
+- [Variables](#variables)
+- [Outputs](#outputs)
+<!-- END TOC -->
 
 ## Basic Project Creation
 
@@ -570,8 +577,8 @@ output "compute_robot" {
 ```
 
 <!-- TFDOC OPTS files:1 -->
-<!-- BEGIN TFDOC -->
 
+<!-- BEGIN TFDOC -->
 ## Files
 
 | name | description | resources |
@@ -639,5 +646,5 @@ output "compute_robot" {
 | [project_id](outputs.tf#L75) | Project id. |  |
 | [service_accounts](outputs.tf#L94) | Product robot service accounts in project. |  |
 | [sink_writer_identities](outputs.tf#L110) | Writer identities created for each sink. |  |
-
 <!-- END TFDOC -->
+