From 1507eeba1bedef1a039fff3c27f5e39cf469a0b3 Mon Sep 17 00:00:00 2001
From: Ludo <ludomagno@google.com>
Date: Thu, 26 Oct 2023 15:48:54 +0200
Subject: [PATCH 1/2] fix logic for default source range in firewall ingress
 rules

---
 modules/net-vpc-firewall/main.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/net-vpc-firewall/main.tf b/modules/net-vpc-firewall/main.tf
index 5f7a95b549..f3faac9f05 100644
--- a/modules/net-vpc-firewall/main.tf
+++ b/modules/net-vpc-firewall/main.tf
@@ -97,7 +97,7 @@ resource "google_compute_firewall" "custom-rules" {
   source_ranges = (
     each.value.direction == "INGRESS"
     ? (
-      each.value.source_ranges == null
+      each.value.source_ranges == null && each.value.sources == null
       ? ["0.0.0.0/0"]
       : each.value.source_ranges
     )

From 0b57e182cbc33bc542c667ace8d1796ba2911588 Mon Sep 17 00:00:00 2001
From: Ludo <ludomagno@google.com>
Date: Thu, 26 Oct 2023 16:31:22 +0200
Subject: [PATCH 2/2] fix test

---
 modules/net-vpc-firewall/README.md                  | 13 +++++++++++++
 .../modules/net_vpc_firewall/examples/factory.yaml  |  2 --
 2 files changed, 13 insertions(+), 2 deletions(-)

diff --git a/modules/net-vpc-firewall/README.md b/modules/net-vpc-firewall/README.md
index 235f1ebc41..8198b100e6 100644
--- a/modules/net-vpc-firewall/README.md
+++ b/modules/net-vpc-firewall/README.md
@@ -7,6 +7,19 @@ This module allows creation and management of different types of firewall rules
 
 The predefined rules are enabled by default and set to the ranges of the GCP health checkers for HTTP/HTTPS, and the IAP forwarders for SSH. See the relevant section below on how to configure or disable them.
 
+<!-- BEGIN TOC -->
+- [Examples](#examples)
+  - [Minimal open firewall](#minimal-open-firewall)
+  - [Custom rules](#custom-rules)
+  - [Controlling or turning off default rules](#controlling-or-turning-off-default-rules)
+    - [Overriding default tags and ranges](#overriding-default-tags-and-ranges)
+    - [Disabling predefined rules](#disabling-predefined-rules)
+  - [Including source & destination ranges](#including-source-destination-ranges)
+  - [Rules Factory](#rules-factory)
+- [Variables](#variables)
+- [Outputs](#outputs)
+<!-- END TOC -->
+
 ## Examples
 
 ### Minimal open firewall
diff --git a/tests/modules/net_vpc_firewall/examples/factory.yaml b/tests/modules/net_vpc_firewall/examples/factory.yaml
index 389fb52a25..73a095dd0d 100644
--- a/tests/modules/net_vpc_firewall/examples/factory.yaml
+++ b/tests/modules/net_vpc_firewall/examples/factory.yaml
@@ -53,8 +53,6 @@ values:
     network: my-network
     priority: 1000
     project: my-project
-    source_ranges:
-    - 0.0.0.0/0
     source_service_accounts:
     - service-1@my-project.iam.gserviceaccount.com
     source_tags: null