bbl v9.0.0 fails in combination with the network-lb-gcp plan patch

[tjvman]

We use bbl both directly and via cf-deployment-concourse-tasks, and we're seeing the following failure when running bbl plan:

$ bbl plan --debug --lb-type=cf --lb-cert=certs/load-balancer/server.crt --lb-key=certs/load-balancer/server.key --lb-domain=<our domain>
There are some problems with the configuration, described below.

The Terraform configuration must be valid before initialization so that
Terraform can determine which modules and providers need to be installed.
╷
│ Error: Missing resource to override
│ 
│   on network_lb_override.tf line 5:
│    5: resource "google_compute_address" "cf-address" {
│ 
│ There is no google_compute_address resource named "cf-address". An override
│ file can only override a resource block defined in a primary configuration
│ file.
╵

╷
│ Error: Missing resource to override
│ 
│   on network_lb_override.tf line 13:
│   13: resource "google_compute_forwarding_rule" "cf-http-forwarding-rule" {
│ 
│ There is no google_compute_forwarding_rule resource named
│ "cf-http-forwarding-rule". An override file can only override a resource
│ block defined in a primary configuration file.
╵

╷
│ Error: Missing resource to override
│ 
│   on network_lb_override.tf line 25:
│   25: resource "google_compute_forwarding_rule" "cf-https-forwarding-rule" {
│ 
│ There is no google_compute_forwarding_rule resource named
│ "cf-https-forwarding-rule". An override file can only override a resource
│ block defined in a primary configuration file.
╵

╷
│ Error: Missing resource to override
│ 
│   on network_lb_override.tf line 57:
│   57: resource "google_compute_target_pool" "router-lb-target-pool" {
│ 
│ There is no google_compute_target_pool resource named
│ "router-lb-target-pool". An override file can only override a resource
│ block defined in a primary configuration file.
╵

╷
│ Error: Unsupported override
│ 
│   on network_lb_override.tf line 67, in resource "google_compute_firewall" "cf-health-check":
│   67:   depends_on = ["google_compute_network.bbl-network"]
│ 
│ The depends_on argument may not be overridden.
╵

╷
│ Error: Unsupported override
│ 
│   on network_lb_override.tf line 81, in resource "google_compute_firewall" "firewall-cf":
│   81:   depends_on = ["google_compute_network.bbl-network"]
│ 
│ The depends_on argument may not be overridden.
╵

╷
│ Error: Unsupported override
│ 
│   on network_lb_override.tf line 96, in resource "google_dns_record_set" "wildcard-dns":
│   96:   depends_on = ["google_compute_address.cf-address"]
│ 
│ The depends_on argument may not be overridden.
╵

╷
│ Error: Missing base output definition to override
│ 
│   on network_lb_override.tf line 110:
│  110: output "router_target_pool" {
│ 
│ There is no output named "router_target_pool". An override file can only
│ override an output that was already defined in a primary configuration
│ file.
╵

This seems to be caused by the terraform upgrade, and may be similar to #559.

[ctlong]

Do you manually include the network-lb-gcp plan patch? It might be that you could remove that. I'm honestly not sure what the value of that plan patch is.. I started a discussion in slack about it

[ramonskie]

it seems to be related to that patch as i have not have had the time to go over every patch scenario and we do not have any tests for them at the moment

[ctlong]

@ramonskie do you have an idea of what that patch does? And why folks might want to include it when standing up an environment on GCP with bbl?

[ramonskie]

well the readme says it replace it from a normal load balancer with a regional network load balancer.
makes sense in some scenarios i guess

[rkoster]

@tjvman given that the problem has been identified, would you be able to create a PR with a fix? Given that you have access to an environment to test the changes?

[ctlong]

I talked with some folks who initially worked on adding this plan patch and they speculated that it was primarily added in order to test new GCP functionality (this regional network load balancer). That lends credence to the idea that a workaround is just to stop using the plan patch.

Even taking that rationale with a grain of salt – given the work was done 5 years ago – I was able to get an CF-D environment off this plan patch pretty easily, and haven't seen any ill effects so far.

[ramonskie]

can we close this then?

[ctlong]

I think this can either be closed or renamed. The issue is not that the bbl v9.0.0 fails on GCP, but that the network-lb-gcp plan patch is broken.