Provision Google Cloud Composer 2 with Terraform

Question

I am trying to provision a Composer 2 cluster using Terraform. I am utilizing CDKTF (to write the code in Python) for initiating the deployment.

The code is succinct:

        shared_network = DataGoogleComputeNetwork(self,
                                                  "shared_network",
                                                  project=NW_PROJECT_ID,
                                                  name="vpc-01")

        shared_subnetwork = DataGoogleComputeSubnetwork(self,
                                                        "shared_subnetwork",
                                                        project=NW_PROJECT_ID,
                                                        name="sub-03",
                                                        region="us-central1")


        ip_allocation_policy = ComposerEnvironmentConfigNodeConfigIpAllocationPolicy(
            cluster_ipv4_cidr_block=str(shared_subnetwork.secondary_ip_range.get(1).ip_cidr_range),
            cluster_secondary_range_name=str(shared_subnetwork.secondary_ip_range.get(1).range_name),
            services_ipv4_cidr_block=str(shared_subnetwork.secondary_ip_range.get(2).ip_cidr_range),
            services_secondary_range_name=str(shared_subnetwork.secondary_ip_range.get(2).range_name),
            use_ip_aliases=True
        )

        node_config = ComposerEnvironmentConfigNodeConfig(
            service_account="[email protected]",
            network=shared_network.id,
            subnetwork=shared_subnetwork.id,
            ip_allocation_policy=[ip_allocation_policy]
        )

        composer_env = ComposerEnvironment(self,
                                           "cbiswal_composer",
                                           labels=labels,
                                           name="cbiswal-composer",
                                           config=environment_config,
                                           project=SOME_PROJECT_ID,
                                           storage_config=storage_config
                                           )

So with the above code, I get the error:

                   │ "config.0.node_config.0.ip_allocation_policy.0.services_ipv4_cidr_block":
                   │ conflicts with
                   │ config.0.node_config.0.ip_allocation_policy.0.services_secondary_range_name

And if I remove one of the params in ip_allocation_policy, I get the below error:

        ip_allocation_policy = ComposerEnvironmentConfigNodeConfigIpAllocationPolicy(           
            cluster_secondary_range_name=str(shared_subnetwork.secondary_ip_range.get(1).range_name),           
            services_secondary_range_name=str(shared_subnetwork.secondary_ip_range.get(2).range_name),
            use_ip_aliases=True
        )

ERROR:
                   │ Inappropriate value for attribute "ip_allocation_policy": element 0:
                   │ attributes "cluster_ipv4_cidr_block" and "services_ipv4_cidr_block" are
                   │ required.

And if I remove the secondary_range_name, then I get the below error:

                   │ Inappropriate value for attribute "ip_allocation_policy": element 0:
                   │ attributes "cluster_secondary_range_name" and "services_secondary_range_name"
                   │ are required.

A few things I have checked:

• I have Network User access on the Host project.
• On the service project I have sufficient access to create and run all the resources being dealt with in the code.
• (TF) Suggests that we either provide a secondary range name or the CIDR.

What else should I be investigating to move forward?