I am using the following terraform module to create GCP firewall rules.
I have defined my calling definition by using the definition from below link.
the definition looks as follows:
##main.tf
module "fw1" {
source = "../../modules/fw"
project = var.project
network = var.network
rules = var.rules
}
##fw.tfvars
// instance varaibles
project = "gcp-33218"
network = "https://www.googleapis.com/compute/v1/projects/gcp-33218/global/networks/default"
rules = [{
name = "fwr-allow-ssh-ingress"
description = null
direction = "INGRESS"
priority = null
ranges = ["0.0.0.0/0"]
source_tags = null
source_service_accounts = null
target_tags = null
target_service_accounts = null
allow = [{
protocol = "tcp"
ports = ["80"]
}]
}]
##variables.tf
variable "project" {}
variable "network" {}
variable "rules" {
description = "List of custom rule definitions (refer to variables file for syntax)."
default = []
type = list(object({
name = string
description = string
direction = string
priority = number
ranges = list(string)
source_tags = list(string)
source_service_accounts = list(string)
target_tags = list(string)
target_service_accounts = list(string)
allow = list(object({
protocol = string
ports = list(string)
}))
}))
}
I was able to create a firewall rule successfully using the above terraform definition (terraform plan -var-file=fw.tfvars).
Now I tried to create another firewall rule by calling same module again in main.tf and creating a separate fw2.tfvars file for variable declaration. The new definition are as follows:
##main.tf
module "fw1" {
source = "../../modules/fw"
project = var.project
network = var.network
rules = var.rules
}
module "fw2" {
source = "../../modules/fw"
project = var.project
network = var.network
rules = var.rules
}
##fw2.tfvars
// instance varaibles
project = "gcp-33218"
network = "https://www.googleapis.com/compute/v1/projects/gcp-33218/global/networks/default"
rules = [{
name = "fwr-allow-https-ingress"
description = null
direction = "INGRESS"
priority = null
ranges = ["192.168.0.0/29"]
source_tags = null
source_service_accounts = null
target_tags = null
target_service_accounts = null
allow = [{
protocol = "tcp"
ports = ["80","443"]
}]
}]
But when I do a terraform plan -var-file=fw2.tfvars it tries to destroy the existing firewall rule I created earlier .
# module.fw1.google_compute_firewall.rules["fwr-allow-ssh-ingress"] will be destroyed
- resource "google_compute_firewall" "rules" {
- creation_timestamp = "2021-08-07T02:39:04.190-07:00" -> null
- destination_ranges = [] -> null
- direction = "INGRESS" -> null
- disabled = false -> null
- id = "projects/project-id/global/firewalls/fwr-allow-ssh-ingress" -> null
- name = "fwr-allow-ssh-ingress" -> null
- network = "https://www.googleapis.com/compute/v1/projects/project-id/global/networks/default" -> null
- priority = 1000 -> null
- project = "gcp-infrastructure-319318" -> null
- self_link = "https://www.googleapis.com/compute/v1/projects/project-id/global/firewalls/fwr-allow-ssh-ingress" -> null
- source_ranges = [
- "0.0.0.0/0",
] -> null
- source_service_accounts = [] -> null
- source_tags = [] -> null
- target_service_accounts = [] -> null
- target_tags = [] -> null
- allow {
- ports = [
- "80",
] -> null
- protocol = "tcp" -> null
}
}
# module.fw2.google_compute_firewall.rules["fwr-allow-https-ingress"] will be created
+ resource "google_compute_firewall" "rules" {
+ creation_timestamp = (known after apply)
+ destination_ranges = (known after apply)
+ direction = "INGRESS"
+ enable_logging = (known after apply)
+ id = (known after apply)
+ name = "fwr-allow-https-ingress"
+ network = "https://www.googleapis.com/compute/v1/projects/<project id>/global/networks/default"
+ priority = 1000
+ project = (known after apply)
+ self_link = (known after apply)
+ source_ranges = [
+ "192.168.0.0/29",
]
+ allow {
+ ports = [
+ "80",
+ "443",
]
+ protocol = "tcp"
}
}
Plan: 2 to add, 0 to change, 1 to destroy.
Also why it is trying to add the same resource twice ?
Please suggest so that I create new firewall rules without destroying the rules created earlier using terraform