Hello,
I’m currently trying to use the CDK to create a simple Google Cloud architecture, while creating a simple VPC with a firewall rule i encounter this error :
network_stack google_compute_network.main-network: Creating...
network_stack google_compute_firewall.allow-ssh: Creating...
network_stack google_compute_network.main-network: Still creating... [10s elapsed]
network_stack google_compute_network.main-network: Still creating... [20s elapsed]
network_stack google_compute_network.main-network: Creation complete after 22s [id=projects/dev/global/networks/main-network]
network_stack ╷
│ Error: Error creating Firewall: googleapi: Error 404: The resource 'projects/dev/global/networks/main-network' was not found, notFound
│
│ with google_compute_firewall.allow-ssh (allow-ssh),
│ on cdk.tf.json line 41, in resource.google_compute_firewall.allow-ssh (allow-ssh):
│ 41: }
│
╵
The thing is that he is supposed to have createed the network just before, that’s why my questions are :
- Is it a normal behavior ?
- If no, do you know why i get this error ?
- If yes, does that mean i’m supposed to create VPCs in a stack and the firewall rules in another ? Is there a better way to do it ?
Thank you for reading and your time !
Can you please show the resources configurations?
Perhaps adding depends_on meta-argument to the firewall resource will help:
resource "google_compute_firewall" "allow_ssh" {
# your configuration here
depends_on = [google_compute_network.main-network]
}
Since i’m using the cdk my code looks like this :
class NetworkStack(TerraformStack):
def __init__(self, scope: Construct, id: str):
super().__init__(scope, id)
GoogleProvider(self, 'google', project=GOOGLE_PROJECT, region='europe-west1')
GcsBackend(self, bucket=f"tf-state-{PROVIDER}-{ENVIRONMENT}", prefix=f"cdktf/{id}")
for network_config in file_content["projects"][GOOGLE_PROJECT]['networks']:
self.network = ComputeNetwork(self, network_config['name'], name=network_config['name'], auto_create_subnetworks=False)
for network_config in file_content["projects"][GOOGLE_PROJECT]['networks']:
for subnets in network_config['subnets']:
for firewall_rules in subnets['firewall_rules']:
ComputeFirewall(
self,
firewall_rules['name'],
name=firewall_rules['name'],
network=network_config['name'],
allow=[{"protocol": firewall_rules['protocol'], "ports": firewall_rules['ports']}],
source_ranges=firewall_rules['source_ranges'],
)
app = App()
file_content = read_yaml_config('config.yaml')
buckets = BucketStack(app, "bucket_stack")
app.synth()
But adding the depends_on keyword to the function did the trick !
Thank you !
Here is a sample of the final code for those who might find it useful :
class NetworkStack(TerraformStack):
def __init__(self, scope: Construct, id: str):
super().__init__(scope, id)
GoogleProvider(self, 'google', project=GOOGLE_PROJECT, region='europe-west1')
GcsBackend(self, bucket=f"tf-state-{PROVIDER}-{ENVIRONMENT}", prefix=f"cdktf/{id}")
for network_config in file_content["projects"][GOOGLE_PROJECT]['networks']:
network = ComputeNetwork(self, network_config['name'], name=network_config['name'], auto_create_subnetworks=False)
for subnets in network_config['subnets']:
for firewall_rules in subnets['firewall_rules']:
ComputeFirewall(
self,
firewall_rules['name'],
name=firewall_rules['name'],
network=network_config['name'],
allow=[{"protocol": firewall_rules['protocol'], "ports": firewall_rules['ports']}],
source_ranges=firewall_rules['source_ranges'],
depends_on=[network]
)
1 Like