Hello,
I’m currently trying to use the CDK to create a simple Google Cloud architecture, while creating a simple VPC with a firewall rule i encounter this error :
network_stack google_compute_network.main-network: Creating... network_stack google_compute_firewall.allow-ssh: Creating... network_stack google_compute_network.main-network: Still creating... [10s elapsed] network_stack google_compute_network.main-network: Still creating... [20s elapsed] network_stack google_compute_network.main-network: Creation complete after 22s [id=projects/dev/global/networks/main-network] network_stack ╷ │ Error: Error creating Firewall: googleapi: Error 404: The resource 'projects/dev/global/networks/main-network' was not found, notFound │ │ with google_compute_firewall.allow-ssh (allow-ssh), │ on cdk.tf.json line 41, in resource.google_compute_firewall.allow-ssh (allow-ssh): │ 41: } │ ╵
The thing is that he is supposed to have createed the network just before, that’s why my questions are :
- Is it a normal behavior ?
- If no, do you know why i get this error ?
- If yes, does that mean i’m supposed to create VPCs in a stack and the firewall rules in another ? Is there a better way to do it ?
Thank you for reading and your time !
Can you please show the resources configurations?
Perhaps adding depends_on meta-argument to the firewall resource will help:
resource "google_compute_firewall" "allow_ssh" { # your configuration here depends_on = [google_compute_network.main-network] }
Since i’m using the cdk my code looks like this :
class NetworkStack(TerraformStack): def __init__(self, scope: Construct, id: str): super().__init__(scope, id) GoogleProvider(self, 'google', project=GOOGLE_PROJECT, region='europe-west1') GcsBackend(self, bucket=f"tf-state-{PROVIDER}-{ENVIRONMENT}", prefix=f"cdktf/{id}") for network_config in file_content["projects"][GOOGLE_PROJECT]['networks']: self.network = ComputeNetwork(self, network_config['name'], name=network_config['name'], auto_create_subnetworks=False) for network_config in file_content["projects"][GOOGLE_PROJECT]['networks']: for subnets in network_config['subnets']: for firewall_rules in subnets['firewall_rules']: ComputeFirewall( self, firewall_rules['name'], name=firewall_rules['name'], network=network_config['name'], allow=[{"protocol": firewall_rules['protocol'], "ports": firewall_rules['ports']}], source_ranges=firewall_rules['source_ranges'], ) app = App() file_content = read_yaml_config('config.yaml') buckets = BucketStack(app, "bucket_stack") app.synth()
But adding the depends_on keyword to the function did the trick !
Thank you !
Here is a sample of the final code for those who might find it useful :
class NetworkStack(TerraformStack): def __init__(self, scope: Construct, id: str): super().__init__(scope, id) GoogleProvider(self, 'google', project=GOOGLE_PROJECT, region='europe-west1') GcsBackend(self, bucket=f"tf-state-{PROVIDER}-{ENVIRONMENT}", prefix=f"cdktf/{id}") for network_config in file_content["projects"][GOOGLE_PROJECT]['networks']: network = ComputeNetwork(self, network_config['name'], name=network_config['name'], auto_create_subnetworks=False) for subnets in network_config['subnets']: for firewall_rules in subnets['firewall_rules']: ComputeFirewall( self, firewall_rules['name'], name=firewall_rules['name'], network=network_config['name'], allow=[{"protocol": firewall_rules['protocol'], "ports": firewall_rules['ports']}], source_ranges=firewall_rules['source_ranges'], depends_on=[network] )
1 Like