updated logic

main.tf

@@ -363,26 +363,43 @@ resource "google_compute_subnetwork" "proxy" {
   network       = local.network.id
 }
 
-resource "time_sleep" "wait_seconds" {
-  count = var.create_private_link ? 1 : 0
-  triggers = {
-    always_run = timestamp()
+## In order to support private link required min version 0.13.0 of operator-wandb chart
+
+module "sleep" {
+  source = "matti/resource/shell"
+
+  environment = {
+    TIME = timestamp()
   }
-  depends_on      = [module.wandb]
-  create_duration = "450s"
+  command              = "sleep 450; date +%s"
+  command_when_destroy = "sleep 450"
+  trigger              = timestamp()
+  working_dir          = "/tmp"
+
+  depends = [
+    module.wandb
+  ]
 }
 
-## In order to support private link required min version 0.13.0 of operator-wandb chart
+data "google_compute_forwarding_rules" "my_forwarding_rules" {
+  depends_on = [module.sleep.stdout]
+}
+
+locals {
+  regex_pattern       = "${var.namespace}-internal"
+  filtered_rule_names = [for rule in data.google_compute_forwarding_rules.my_forwarding_rules.rules : rule.name if can(regex(local.regex_pattern, rule.name))]
+  forwarding_rule     = join(", ", local.filtered_rule_names)
+}
 
 module "private_link" {
   count             = var.create_private_link ? 1 : 0
   source            = "./modules/private_link"
   namespace         = var.namespace
-  ingress_name      = "${var.namespace}-internal"
+  forwarding_rule   = local.forwarding_rule
   network           = local.network
   subnetwork        = local.subnetwork
   allowed_projects  = var.allowed_projects
   psc_subnetwork    = var.psc_subnetwork_cidr
   proxynetwork_cidr = var.ilb_proxynetwork_cidr
-  depends_on        = [google_compute_subnetwork.proxy]
-}
+  depends_on        = [google_compute_subnetwork.proxy, data.google_compute_forwarding_rules.my_forwarding_rules]
+}

modules/private_link/main.tf

@@ -1,18 +1,11 @@
 data "google_client_config" "current" {}
-data "google_compute_forwarding_rules" "my_forwarding_rules" {}
-
-locals {
-  regex_pattern = var.ingress_name
-  filtered_rule_names = [for rule in data.google_compute_forwarding_rules.my_forwarding_rules.rules : rule.name if can(regex(local.regex_pattern, rule.name))]
-  forwarding_rule = join(", ", local.filtered_rule_names)
-}
 
 resource "google_compute_service_attachment" "default" {
   name                  = "${var.namespace}-private-link"
   enable_proxy_protocol = false
   connection_preference = "ACCEPT_MANUAL"
   nat_subnets           = [google_compute_subnetwork.default.id]
-  target_service        = "https://www.googleapis.com/compute/v1/projects/${data.google_client_config.current.project}/regions/${data.google_client_config.current.region}/forwardingRules/${local.forwarding_rule}"
+  target_service        = "https://www.googleapis.com/compute/v1/projects/${data.google_client_config.current.project}/regions/${data.google_client_config.current.region}/forwardingRules/${var.forwarding_rule}"
 
   dynamic "consumer_accept_lists" {
     for_each = var.allowed_projects != {} ? var.allowed_projects : {}
@@ -21,7 +14,7 @@ resource "google_compute_service_attachment" "default" {
       connection_limit  = consumer_accept_lists.value
     }
   }
-  depends_on = [data.google_compute_forwarding_rules.my_forwarding_rules]
+  depends_on = [google_compute_subnetwork.default]
 }
 
 resource "google_compute_subnetwork" "default" {

modules/private_link/variables.tf

@@ -38,7 +38,7 @@ variable "proxynetwork_cidr" {
   description = "Internal load balancer proxy subnetwork"
 }
 
-variable "ingress_name" {
+variable "forwarding_rule" {
   type = string
-  description = "Ingress name contains the regex pattern of forwarding rule"
+  description = "forwarding rule name used in private service connect as a target"
 }