gcloud alpha compute firewall-rules migrate

NAME
gcloud alpha compute firewall-rules migrate - create a new Network Firewall Policy and move all customer defined firewall rules there
SYNOPSIS
gcloud alpha compute firewall-rules migrate --source-network=SOURCE_NETWORK (--bind-tags-to-instances     | --export-exclusion-patterns     | --export-tag-mapping     | --target-firewall-policy=TARGET_FIREWALL_POLICY) [--exclusion-patterns-file=EXCLUSION_PATTERNS_FILE] [--export-terraform-script] [--force] [--skip-migrate-target-service-accounts-to-tags] [--tag-mapping-file=TAG_MAPPING_FILE] [--terraform-script-output-file=TERRAFORM_SCRIPT_OUTPUT_FILE] [GCLOUD_WIDE_FLAG]
DESCRIPTION
(ALPHA) gcloud alpha compute firewall-rules migrate is used to create a new Network Firewall Policy that contain all rules defined in already existing Network Firewall Policy associated with the given VPC Network and all customer defined VPC Firewall Rules attached to that VPC Network.
EXAMPLES
To execute the migration for VPC Network 'my-network' which stores the result in 'my-policy' Network Firewall Policy, run:
gcloud alpha compute firewall-rules migrate --source-network=my-network --target-firewall-policy=my-policy
REQUIRED FLAGS
--source-network=SOURCE_NETWORK
The VPC Network for which the migration should be performed.
Exactly one of these must be specified:
--bind-tags-to-instances
If set, migration tool will bind secure tags to the instances with the network tags which match secure tags from the tag mapping file.
--export-exclusion-patterns
If set, migration tool will dump list of regexes used to filter VPC Firewall out of migration.
--export-tag-mapping
If set, migration tool will inspect all VPC Firewalls attached to SOURCE_NETWORK, collect all source and target tags, and store them in TAG_MAPPING_FILE.
--target-firewall-policy=TARGET_FIREWALL_POLICY
Name of the new Network Firewall Policy used to store the migration result.
OPTIONAL FLAGS
--exclusion-patterns-file=EXCLUSION_PATTERNS_FILE
Path to a file with exclusion patterns used for VPC Firewall filtering. Each regular expression describing a single firewall naming pattern must be placed in a single line. No leading or tailing whitespaces.
--export-terraform-script
If set, migration tool will output a terraform script to create a Firewall Policy with migrated rules.
--force
If set, migration will succeed even if the tool detects that original rule evaluation order cannot be preserved.
--skip-migrate-target-service-accounts-to-tags
If set, migration will keep target service accounts as they are and will not try to replace them with secure tags.
--tag-mapping-file=TAG_MAPPING_FILE
Path to a JSON file with legacy tags and service accounts to secure tags mapping.
--terraform-script-output-file=TERRAFORM_SCRIPT_OUTPUT_FILE
Path to a file where to store generated Terraform script.
GCLOUD WIDE FLAGS
These flags are available to all commands: --access-token-file, --account, --billing-project, --configuration, --flags-file, --flatten, --format, --help, --impersonate-service-account, --log-http, --project, --quiet, --trace-token, --user-output-enabled, --verbosity.

Run $ gcloud help for details.

NOTES
This command is currently in alpha and might change without notice. If this command fails with API permission errors despite specifying the correct project, you might be trying to access an API with an invitation-only early access allowlist. This variant is also available:
gcloud beta compute firewall-rules migrate