Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

3-networks-hub-and-spoke - terraform re apply causes hierarchical firewall policy rule display name collision - either delete or rename attribute - not idempotent #380

Closed
obriensystems opened this issue Apr 13, 2024 · 3 comments
Closed

3-networks-hub-and-spoke - terraform re apply causes hierarchical firewall policy rule display name collision - either delete or rename attribute - not idempotent #380

obriensystems opened this issue Apr 13, 2024 · 3 comments
Assignees
@obriensystems
Labels
Stale tef

Comments

@obriensystems
Copy link
Collaborator

obriensystems commented Apr 13, 2024
edited
Loading

After #379

This is why the clause is stated "only once" because it is not idem potent
"You must manually plan and apply the shared environment (only once) since the development, non-production and production environments depend on it."

https://github.com/GoogleCloudPlatform/pbmm-on-gcp-onboarding/blob/gh360-day0-deploy-example/3-networks-hub-and-spoke/README.md

https://github.com/GoogleCloudPlatform/pbmm-on-gcp-onboarding/blob/main/3-networks-hub-and-spoke/envs/shared/hierarchical_firewall.tf#L21

  name   = "common-firewall-rules"

michael@cloudshell:~/tef-olxyz/github/gcp-networks (tef-olxyz)$ ./tf-wrapper.sh apply shared
*************** TERRAFORM APPLY *******************
      At environment: envs/shared 
***************************************************
module.hierarchical_firewall_policy.google_compute_organization_security_policy.policy: Creating...
module.restricted_shared_vpc.module.access_level_members.google_access_context_manager_access_level.access_level: Creating...
module.restricted_shared_vpc.module.access_level_members.google_access_context_manager_access_level.access_level: Creation complete after 1s [id=accessPolicies/807865857747/accessLevels/alp_c_shared_restricted_members_67f1]
module.restricted_shared_vpc.module.regular_service_perimeter.google_access_context_manager_service_perimeter.regular_service_perimeter: Creating...
module.restricted_shared_vpc.module.regular_service_perimeter.google_access_context_manager_service_perimeter.regular_service_perimeter: Creation complete after 1s [id=accessPolicies/807865857747/servicePerimeters/sp_c_shared_restricted_default_perimeter_67f1]
module.restricted_shared_vpc.module.regular_service_perimeter.google_access_context_manager_service_perimeter_resource.service_perimeter_resource["127928059862"]: Creating...
module.restricted_shared_vpc.module.regular_service_perimeter.google_access_context_manager_service_perimeter_resource.service_perimeter_resource["127928059862"]: Creation complete after 1s [id=accessPolicies/807865857747/servicePerimeters/sp_c_shared_restricted_default_perimeter_67f1/projects/127928059862]

Error: Error creating OrganizationSecurityPolicy: googleapi: Error 400: Invalid value for field 'resource.displayName': 'common-firewall-rules-3q5s'. The display name is already used. Please choose another one, invalid

  with module.hierarchical_firewall_policy.google_compute_organization_security_policy.policy,
  on ../../modules/hierarchical_firewall_policy/main.tf line 27, in resource "google_compute_organization_security_policy" "policy":
  27: resource "google_compute_organization_security_policy" "policy" {
@obriensystems obriensystems self-assigned this Apr 13, 2024
@obriensystems obriensystems mentioned this issue Apr 13, 2024
Closed
@obriensystems obriensystems changed the title 3-networks-hub-and-spoke - terraform re apply causes firewall rule display name collision - either delete or rename attribute 3-networks-hub-and-spoke - terraform re apply causes hierarchical firewall policy rule display name collision - either delete or rename attribute - not idempotent Apr 13, 2024
@obriensystems obriensystems mentioned this issue Apr 13, 2024
Closed
@obriensystems
Copy link
Collaborator Author

see #381
Compute Organization Firewall Policy Admin
required to view policies

just add owner

after enabling compute API on the bootstrap project

plan
Screenshot 2024-04-13 at 18 53 33

@fmichaelobrien fmichaelobrien mentioned this issue Apr 24, 2024
Closed
@fmichaelobrien
Copy link
Contributor

Track terraform-google-modules/terraform-example-foundation#1195

@github-actions GitHub Actions
Copy link

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 7 days

@github-actions github-actions bot added the Stale label Aug 15, 2024
@github-actions github-actions bot closed this as not planned Won't fix, can't repro, duplicate, stale Aug 25, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@obriensystems obriensystems

Labels
Stale tef
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@obriensystems @fmichaelobrien