Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add explicit dependencies in VPC module #295

Merged
merged 1 commit into from
May 13, 2022
Merged

Add explicit dependencies in VPC module #295

merged 1 commit into from
May 13, 2022

Conversation

tpdownes
Copy link
Member

  • Most VPC module outputs now depend explicitly upon the firewall rules
    and Cloud Router created by the module. This ensures that any
    resources that depend only upon the VPC or subnetwork names are not
    created until connectivity is active

Take this blueprint:

---

blueprint_name: simple-vm

vars:
  deployment_name: simple-vm
  region: us-central1
  zone: us-central1-c

deployment_groups:
- group: primary
  modules:
  - source: modules/network/vpc
    kind: terraform
    id: network1
  - source: modules/compute/vm-instance
    kind: terraform
    id: compute
    use:
    - network1
    settings:
      machine_type: n2d-standard-4
      disable_public_ips: true

Status quo will build the VM in parallel with router and firewall rules:

module.compute.google_compute_instance.compute_vm[0]: Creating...
module.network1.module.firewall_rules.google_compute_firewall.rules["simple-vm-net-allow-internal-traffic"]: Creation complete after 11s [id=projects/toolkit-demo-not-a-real-project/global/firewalls/simple-vm-net-allow-internal-traffic]
module.network1.module.firewall_rules.google_compute_firewall.rules["simple-vm-net-allow-iap-ssh-ingress"]: Still creating... [20s elapsed]
module.network1.module.cloud_router["us-central1"].google_compute_router_nat.nats["cloud-nat-us-central1"]: Still creating... [10s elapsed]
module.compute.google_compute_instance.compute_vm[0]: Still creating... [10s elapsed]
module.network1.module.firewall_rules.google_compute_firewall.rules["simple-vm-net-allow-iap-ssh-ingress"]: Creation complete after 22s [id=projects/toolkit-demo-not-a-real-project/global/firewalls/simple-vm-net-allow-iap-ssh-ingress]
module.network1.module.cloud_router["us-central1"].google_compute_router_nat.nats["cloud-nat-us-central1"]: Creation complete after 11s [id=toolkit-demo-not-a-real-project/us-central1/simple-vm-net-router/cloud-nat-us-central1]
module.compute.google_compute_instance.compute_vm[0]: Creation complete after 12s [id=projects/toolkit-demo-not-a-real-project/zones/us-central1-c/instances/simple-vm-0]

With the new fix, the VM is not created until the network is truly ready:

module.network1.module.vpc.module.subnets.google_compute_subnetwork.subnetwork["us-central1/simple-vm-primary-subnet"]: Creation complete after 11s [id=projects/toolkit-demo-not-a-real-project/regions/us-central1/subnetworks/simple-vm-primary-subnet]
module.network1.module.firewall_rules.google_compute_firewall.rules["simple-vm-net-allow-iap-ssh-ingress"]: Creation complete after 11s [id=projects/toolkit-demo-not-a-real-project/global/firewalls/simple-vm-net-allow-iap-ssh-ingress]
module.network1.module.firewall_rules.google_compute_firewall.rules["simple-vm-net-allow-internal-traffic"]: Creation complete after 11s [id=projects/toolkit-demo-not-a-real-project/global/firewalls/simple-vm-net-allow-internal-traffic]
module.network1.module.cloud_router["us-central1"].google_compute_router_nat.nats["cloud-nat-us-central1"]: Still creating... [10s elapsed]
module.network1.module.cloud_router["us-central1"].google_compute_router_nat.nats["cloud-nat-us-central1"]: Still creating... [20s elapsed]
module.network1.module.cloud_router["us-central1"].google_compute_router_nat.nats["cloud-nat-us-central1"]: Creation complete after 21s [id=toolkit-demo-not-a-real-project/us-central1/simple-vm-net-router/cloud-nat-us-central1]
module.compute.google_compute_instance.compute_vm[0]: Creating...
module.compute.google_compute_instance.compute_vm[0]: Still creating... [10s elapsed]
module.compute.google_compute_instance.compute_vm[0]: Creation complete after 12s [id=projects/toolkit-demo-not-a-real-project/zones/us-central1-c/instances/simple-vm-0]

Submission Checklist

  • Have you installed and run this change against pre-commit? pre-commit install
  • Are all tests passing? make tests
  • If applicable, have you written additional unit tests to cover this
    change?
  • Is unit test coverage still above 80%?
  • Have you updated any application documentation such as READMEs and user
    guides?
  • Have you followed the guidelines in our Contributing document?

@tpdownes
Add explicit dependencies in VPC module
646e60a 
* Most VPC module outputs now depend explicitly upon the firewall rules
  and Cloud Router created by the module. This ensures that any
  resources that depend only upon the VPC or subnetwork names are not
  created until connectivity is active
@tpdownes tpdownes requested a review from heyealex May 12, 2022 14:08
@heyealex heyealex assigned tpdownes and unassigned heyealex May 13, 2022
@tpdownes tpdownes merged commit a3d8130 into GoogleCloudPlatform:develop May 13, 2022
@tpdownes tpdownes deleted the fix_vpc_deps branch May 13, 2022 02:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@heyealex heyealex heyealex approved these changes

Assignees

@tpdownes tpdownes

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@tpdownes @heyealex