0

I have a terraform to create compute instance in GCP which looks like:

resource "google_compute_address" "static_ip" {
  project = var.project_id
  name = "vm-instance"
}

resource "google_compute_instance" "vm_instance" {
  project       = var.project_id
  name          = "vm-instance"
  machine_type  = "e2-standard-4"
  zone          = "us-east4-c"

  boot_disk {
    device_name = "vm-instance"
    mode = "READ_WRITE"

    initialize_params {
      image = "centos-cloud/centos-7"
      size = 20
    }
  }

  tags = ["web-host","http-server","https-server"]

  network_interface {
    network = var.network
    subnetwork = var.subnetwork
    #subnetwork_project = var.project_id

    access_config {
      nat_ip = google_compute_address.static_ip.address
    }

  }

  service_account {
    scopes = ["cloud-platform"]
  }

  scheduling {
    on_host_maintenance = "MIGRATE"
    #provisioning_model = "STANDARD"
  }

  shielded_instance_config {
    enable_secure_boot = true
    enable_vtpm = true
    enable_integrity_monitoring = true
  }
}

and modules which will use it:

module "sandbox_vm" {
  source     = "./modules/terraform-vm"
  network    = "sandbox-vpc"
  subnetwork = "sandbox-vpc"
  project_id = var.sandbox_project
}

module "dev_vm" {
  source     = "./modules/terraform-vm"
  network    = "dev-vpc"
  subnetwork = "dev-vpc"
  project_id = var.dev_project
}


module "prod_vm" {
  source     = "./modules/terraform-vm"
  network    = "prod-vpc"
  subnetwork = "prod-vpc"
  project_id = var.prod_project
}

but when I will try to apply it will end up with errors:

Error: Error creating instance: googleapi: Error 400: Invalid value for field 'resource.networkInterfaces[0].subnetwork': 'projects/cloud-sandbox/regions/us-east4/subnetworks/dev-vpc'. The referenced subnetwork resource cannot be found., invalid

  on modules/terraform-vm/main.tf line 6, in resource "google_compute_instance" "vm_instance":
   6: resource "google_compute_instance" "vm_instance" {



Error: Error creating instance: googleapi: Error 400: Invalid value for field 'resource.networkInterfaces[0].subnetwork': 'projects/cloud-sandbox/regions/us-east4/subnetworks/prod-vpc'. The referenced subnetwork resource cannot be found., invalid

  on modules/terraform-vm/main.tf line 6, in resource "google_compute_instance" "vm_instance":
   6: resource "google_compute_instance" "vm_instance" {

Why it will try to use subnets from other project IDs when those are strictly specified per module?

PS.

Provider file contains

provider "google" {
  credentials = var.credentials_file
  region      = var.region
}
Improve this question

1 Answer 1

Reset to default
1

It came up that documentation is not correct when it goes towards specifying subnets. It came up that all 3 parameters need to be provided to get it to work correctly:

    network = var.network
    subnetwork = var.subnetwork
    subnetwork_project = var.project_id
Improve this answer
Sign up to request clarification or add additional context in comments.

5 Comments

When you set up the GCP Provider, what project ID was specified. I think the issue is that a default project was used. Your solution overrides that project ID. If that is the case, this would not be a documentation bug but a user error. Double-check and update your solution.
@JohnHanley I have updated PO. So far I did not had any issues like I have described above (with others compute resources) that is why I was kind of confused why is not working when I expected it will.
Each project has its own VPCs and Subnets. Since your HCL is switching projects, you also have to define which subnets.
@JohnHanley Correct, that is why I have specified both in each module and I have expected that network and subnet will be pulled as a resource based on the project_id specified in the module. Terraform docs mentioned subnetwork_project only in case of network is not specified or If the subnetwork is a name and this field is not provided, the provider project is used (so in my case project_id from the modules). In few words - specifying network name should be sufficient in my case but is not.
Also, keep depends_on key so that you will also maintain proper flow..

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.