I have created two shared VPCs for my organization, one for prod and one for non-prod usage.
For the these shared VPCs I want to create a description and define subnets, but I cannot find the right entries in terraform for these elements.
I.e. Here is how I defined the resource block to specify the host project (and create a shared VPC) :
resource "google_compute_shared_vpc_host_project" "dev-shared-shared-vpc-host" {
provider = google.as_network_admin
project = google_project.dev-shared-vpc-host.project_id
}
Now when I try to create the subnet :
resource "google_compute_subnetwork" "dev-subnetwork" {
provider = google.as_network_admin
name = var.vpc_and_subnet_info.for_dev_env.subnetwork.name
ip_cidr_range = var.vpc_and_subnet_info.for_dev_env.subnetwork.ip_cidr_range
region = var.region
secondary_ip_range {
range_name = var.vpc_and_subnet_info.for_dev_env.subnetwork.secondary_ip_range.name
ip_cidr_range = var.vpc_and_subnet_info.for_dev_env.subnetwork.secondary_ip_range.ip_cidr_range
}
network = google_compute_shared_vpc_host_project.dev-shared-shared-vpc-host.id
project = google_project.dev-shared-vpc-host.id
}
I get an error like
╷
│ Error: Error creating Subnetwork: googleapi: Error 400: Invalid value for field 'resource.network': 'projects/projects/<redacted_project_id>/global/networks/<redacted_project_id>'. The URL is malformed., invalid
│
│ with google_compute_subnetwork.dev-subnetwork,
│ on networking.tf line 5, in resource "google_compute_subnetwork" "dev-subnetwork":
│ 5: resource "google_compute_subnetwork" "dev-subnetwork" {
│
Obviously the projects/projects/..
is messing up the network parameter, but in the documentation for google_compute_shared_vpc_host_project there isn't any other output other than id
. And for the input arguments there is no description
. However, when I try to manually create the shared VPC, I can enter a description, and create a subnet.
Mind you, the google_compute_network that creates regular VPCs is quite well documented and the subnet that I defined above works well with it.
EDIT :
Fixing the project
argument into project = google_project.dev-shared-vpc-host.project_id
instead of id
removes the projects/projects/...
network error, but gives this error instead :
╷
│ Error: Error creating Subnetwork: googleapi: Error 404: The resource 'projects/<redacted_project_id>/global/networks/<redacted_project_id>' was not found, notFound
│
│ with google_compute_subnetwork.dev-subnetwork,
│ on networking.tf line 5, in resource "google_compute_subnetwork" "dev-subnetwork":
│ 5: resource "google_compute_subnetwork" "dev-subnetwork" {
│
╵
I seem to have misunderstood the creation of a shared VPC via google_compute_shared_vpc_host_project
, this does not create a vpc perse, but only designates a project as the host project, thus sharing a vpc that must exist beforehand.
Therefore I should have created a google_compute_network
beforehand, here is the HCL necessary to achieve what I wanted in the question :
resource "google_compute_network" "dev-vpc-network" {
provider = google.as_network_admin
name = var.vpc_and_subnet_info.for_dev_env.vpc.name
auto_create_subnetworks = var.vpc_and_subnet_info.for_dev_env.vpc.auto_create_subnetworks
project = google_project.dev-shared-vpc-host.project_id
description = var.vpc_and_subnet_info.for_dev_env.vpc.description
}
resource "google_compute_shared_vpc_host_project" "dev-shared-shared-vpc-host" {
provider = google.as_network_admin
project = google_project.dev-shared-vpc-host.project_id
}
resource "google_compute_subnetwork" "dev-subnetwork" {
provider = google.as_network_admin
name = var.vpc_and_subnet_info.for_dev_env.subnetwork.name
ip_cidr_range = var.vpc_and_subnet_info.for_dev_env.subnetwork.ip_cidr_range
region = var.region
secondary_ip_range {
range_name = var.vpc_and_subnet_info.for_dev_env.subnetwork.secondary_ip_range.name
ip_cidr_range = var.vpc_and_subnet_info.for_dev_env.subnetwork.secondary_ip_range.ip_cidr_range
}
network = google_compute_network.dev-vpc-network.id
project = google_project.dev-shared-vpc-host.project_id
}
Of course, in these examples I used variables declared in .tfvars to fill in the name, and other arguments needed in the resource blocks.