Does any have some problem with me?
I cannot list the private connection services. But, I can list the allocated ip address ranges.
Below is the error with the gcloud command.
ERROR: (gcloud.services.vpc-peerings.list) User [john.doe@gm.com] does not have permission to access services instance [-] (or it may not exist): Required ‘compute.networks.get’ permission for ‘projects/1234567890/global/networks/default’
Help Token: jashdkjashdjkashdjksa
Hi @martonowibowo ,
Based from that error that you’ve shared, the service accounts in the service project that will use its resouce sub-network must be allowed. To do this, you just have to grant the necessary permissions to the service account(s) by including the ‘roles/compute.networkUser’ role. This role enables access to a shared VPC network.
Hi
Thanks for the reply, but im still face the problem.
Even my user role is owner an editor and also attache the compute.networkUser role.
Please let me know if something wrong with the current roles.
Thanks
2 Likes
Hi.
I am facing the same issue both using gcloud command and in the web UI (VPC Networks > Private Service Connections > PRIVATE CONNECTIONS TO SERVICES).
Is there anyone who has had this problem and has been able to solve it?
1 Like
-
Go to IAM & Admin > IAM section and select Include Google-provided role grants checkbox on the top right
-
Verify that the default account in the format service-(project number)@service-networking.iam.gserviceaccount.com is available and the role servicenetworking.serviceAgent is assigned to it
-
check if the account is missing, create the account and assign the role servicenetworking.serviceAgentO
4)once the account is created, enable the private service connectio n again.
2 Likes
Hello, I would like to share some of my experience in this problem
- I was following this tutorial Connect Cloud Run to Cloud SQL
2 to the point I need to create IP ranges and then Private Connection to Services,
in Console, experiment went very well, no problems,
In gcloud cli, I can create the the IP ranges
gcloud compute addresses create my-vpc-private-address-range
–global --purpose=VPC_PEERING --prefix-length=16
–description=“peering range for Cloud SQL” --network=my-vpc
(I’ve created my-vpc)
this command went well.
Then the command
gcloud services vpc-peerings connect --service=servicenetworking.googleapis.com
–ranges=my-vpc-private-address-range --network=my-vpc
–project=my-project-id-123456
I got this error
ERROR: (gcloud.services.vpc-peerings.connect) The operation “operations/pssn.p24-897188343044-31bb71cb-0f67-42e1-9bd9-b7e9fcdd5b0b” resulted in a failure "Allocated IP range ‘my-vpc-private-address-range’ not found in network.
I am guessing it is because sync latency that the vpc-peerings service hasn’t caught up yet?
Any help would be appreciated.
And yes, I check the IAM and service-@… is having the right permissions as stated.
