Search code examples
google-app-enginegoogle-cloud-platformterraform-provider-gcp

GCP App Engine Firewall not reflected on GCP console when applied using terraform

I am using terraform to import the state of existing GCP App Engine Resource firewall rules so that the firewall rules can be later managed with terraform . Also planning to add one more additional rule on top of it with priority 999.

I imported using below command

terraform import google_app_engine_firewall_rule.newrule <project>/1000

After that I executed terraform show to identify the state of existing resources and created main.tf from it. My existing rules are as follows

 PRIORITY    ACTION     SOURCE_RANGE          DESCRIPTION
 1000        DENY     X.X.X.X/32
 2147483647  ALLOW           *                 The default action.

After adding the information of new firewall in main.tf , the file looks as below

  # google_app_engine_firewall_rule.default:
  resource "google_app_engine_firewall_rule" "default" {
    action       = "ALLOW"
    description  = "The default action."
    priority     = 2147483647
    project      = "<<project>>"
    source_range = "*"

  timeouts {}
 }

 # google_app_engine_firewall_rule.newrule:
 resource "google_app_engine_firewall_rule" "newrule" {
     action       = "DENY"
     priority     = 1000
     project      = "<<project>>"
     source_range = "X.X.X.X/32"

      timeouts {}
    }

 resource "google_app_engine_firewall_rule" "newrule1" {
     action       = "DENY"
     priority     = 999
     project      = "<<project>>"
     source_range = "X.X.X.X/32"

     timeouts {}
   }

terraform plan showed no error and terraform apply executed successfully . Validating with gcloud command looks the rule is added successfully . The first rule from below output with priority 999.

    $ gcloud app firewall-rules list
     PRIORITY    ACTION  SOURCE_RANGE           DESCRIPTION
     999         DENY    X.X.X.X/32
     1000        DENY    X.X.X.X/32
    2147483647   ALLOW       *                 The default action.

But when I check it from front end using GCP-console , I cannot find the rule . It is still showing the old rules.

   PRIORITY     ACTION  SOURCE_RANGE           DESCRIPTION
     1000        DENY    X.X.X.X/32
    2147483647   ALLOW       *                 The default action.

Please clarify on this behaviour.

Solution

  • The issue seems to be related with browser refresh . I was browsing between different menu items from App Engine Dashboard thinking that it will refresh the firewall page too but that is not the case . When I refreshed it from the browser , the new firewall rules are reflected .

    Also , when I add a new firewall rule using gcloud command as shown below , in order to get it reflected in the GUI Console , I need to do a browser refresh

      gcloud app firewall-rules create 997 --action=allow --source-range=35.X.X.X/32

    May be a refresh button in the GUI will be helpful