File: //snap/google-cloud-cli/394/help/man/man1/gcloud_beta_compute_firewall-rules_migrate.1
.TH "GCLOUD_BETA_COMPUTE_FIREWALL\-RULES_MIGRATE" 1
.SH "NAME"
.HP
gcloud beta compute firewall\-rules migrate \- create a new Network Firewall Policy and move all customer defined firewall rules there
.SH "SYNOPSIS"
.HP
\f5gcloud beta compute firewall\-rules migrate\fR \fB\-\-source\-network\fR=\fISOURCE_NETWORK\fR (\fB\-\-bind\-tags\-to\-instances\fR\ |\ \fB\-\-export\-exclusion\-patterns\fR\ |\ \fB\-\-export\-tag\-mapping\fR\ |\ \fB\-\-target\-firewall\-policy\fR=\fITARGET_FIREWALL_POLICY\fR) [\fB\-\-exclusion\-patterns\-file\fR=\fIEXCLUSION_PATTERNS_FILE\fR] [\fB\-\-export\-terraform\-script\fR] [\fB\-\-force\fR] [\fB\-\-skip\-migrate\-target\-service\-accounts\-to\-tags\fR] [\fB\-\-tag\-mapping\-file\fR=\fITAG_MAPPING_FILE\fR] [\fB\-\-terraform\-script\-output\-file\fR=\fITERRAFORM_SCRIPT_OUTPUT_FILE\fR] [\fIGCLOUD_WIDE_FLAG\ ...\fR]
.SH "DESCRIPTION"
\fB(BETA)\fR \fBgcloud beta compute firewall\-rules migrate\fR is used to create
a new Network Firewall Policy that contain all rules defined in already existing
Network Firewall Policy associated with the given VPC Network and all customer
defined VPC Firewall Rules attached to that VPC Network.
.SH "EXAMPLES"
To execute the migration for VPC Network 'my\-network' which stores the result
in 'my\-policy' Network Firewall Policy, run:
.RS 2m
$ gcloud beta compute firewall\-rules migrate \e
\-\-source\-network=my\-network \-\-target\-firewall\-policy=my\-policy
.RE
.SH "REQUIRED FLAGS"
.RS 2m
.TP 2m
\fB\-\-source\-network\fR=\fISOURCE_NETWORK\fR
The VPC Network for which the migration should be performed.
.TP 2m
Exactly one of these must be specified:
.RS 2m
.TP 2m
\fB\-\-bind\-tags\-to\-instances\fR
If set, migration tool will bind secure tags to the instances with the network
tags which match secure tags from the tag mapping file.
.TP 2m
\fB\-\-export\-exclusion\-patterns\fR
If set, migration tool will dump list of regexes used to filter VPC Firewall out
of migration.
.TP 2m
\fB\-\-export\-tag\-mapping\fR
If set, migration tool will inspect all VPC Firewalls attached to
SOURCE_NETWORK, collect all source and target tags, and store them in
TAG_MAPPING_FILE.
.TP 2m
\fB\-\-target\-firewall\-policy\fR=\fITARGET_FIREWALL_POLICY\fR
Name of the new Network Firewall Policy used to store the migration result.
.RE
.RE
.sp
.SH "OPTIONAL FLAGS"
.RS 2m
.TP 2m
\fB\-\-exclusion\-patterns\-file\fR=\fIEXCLUSION_PATTERNS_FILE\fR
Path to a file with exclusion patterns used for VPC Firewall filtering. Each
regular expression describing a single firewall naming pattern must be placed in
a single line. No leading or tailing whitespaces.
.TP 2m
\fB\-\-export\-terraform\-script\fR
If set, migration tool will output a terraform script to create a Firewall
Policy with migrated rules.
.TP 2m
\fB\-\-force\fR
If set, migration will succeed even if the tool detects that original rule
evaluation order cannot be preserved.
.TP 2m
\fB\-\-skip\-migrate\-target\-service\-accounts\-to\-tags\fR
If set, migration will keep target service accounts as they are and will not try
to replace them with secure tags.
.TP 2m
\fB\-\-tag\-mapping\-file\fR=\fITAG_MAPPING_FILE\fR
Path to a JSON file with legacy tags and service accounts to secure tags
mapping.
.TP 2m
\fB\-\-terraform\-script\-output\-file\fR=\fITERRAFORM_SCRIPT_OUTPUT_FILE\fR
Path to a file where to store generated Terraform script.
.RE
.sp
.SH "GCLOUD WIDE FLAGS"
These flags are available to all commands: \-\-access\-token\-file, \-\-account,
\-\-billing\-project, \-\-configuration, \-\-flags\-file, \-\-flatten,
\-\-format, \-\-help, \-\-impersonate\-service\-account, \-\-log\-http,
\-\-project, \-\-quiet, \-\-trace\-token, \-\-user\-output\-enabled,
\-\-verbosity.
Run \fB$ gcloud help\fR for details.
.SH "NOTES"
This command is currently in beta and might change without notice. This variant
is also available:
.RS 2m
$ gcloud alpha compute firewall\-rules migrate
.RE