TechQA.

Google Cloud: terraform / gcloud problem with google_service_networking_connection

366 views Asked by At

I tried to create a "google_service_networking_connection" with terraform or gcloud tool. But both options fail cause of Authentication Problems. What i don´t understand why I need the REST API of project 681255809395. Every Ressource should be build in my own project space.
I followed the description of this article https://cloud.google.com/vpc/docs/configure-private-services-access?hl=de

If I configure the private connection via the UI it is working fine

enter image description here

Versions: Terraform v1.6.1 on windows_amd64

  • provider registry.terraform.io/hashicorp/google v4.84.0
  • provider registry.terraform.io/hashicorp/google-beta v4.84.0
  • provider registry.terraform.io/hashicorp/null v3.2.1
  • provider registry.terraform.io/hashicorp/random v3.5.1

I´ve tried the following terraform configuration in the project space chrism-test

variables.tf

variable "project_id" {
  type        = string
  description = "Project id"
  default     = "chrism-test"
}

variable "region" {
  type        = string
  description = "Default Google Region"
  default     = "europe-west3"
}

variable "zone" {
  type        = string
  description = "Default Zone"
  default     = "europe-west3-a"
}

variable "subnetwork-cidr" {
  type    = string
  default = "192.168.0.0/20"
}

variable "pods-cidr" {
  type    = string
  default = "10.0.0.0/20"
}

variable "services-cidr" {
  type    = string
  default = "10.0.16.0/20"
}

main.tf

provider "google" {
  project = var.project_id // chrism-test
  region  = var.region
  zone    = var.zone
}

resource "google_compute_network" "vpc_test" {
  auto_create_subnetworks = false
  mtu                     = 1460
  name                    = "vpc-test"
  routing_mode            = "REGIONAL"
}


resource "google_compute_subnetwork" "private_subnet" {
  ip_cidr_range              = var.subnetwork-cidr
  name                       = "private-subnet"
  network                    = google_compute_network.vpc_test.name
  private_ip_google_access   = true
  private_ipv6_google_access = "DISABLE_GOOGLE_ACCESS"
  purpose                    = "PRIVATE"

  secondary_ip_range {
    ip_cidr_range = var.pods-cidr
    range_name    = "my-pods"
  }

  secondary_ip_range {
    ip_cidr_range = var.services-cidr
    range_name    = "my-services"
  }

  stack_type = "IPV4_ONLY"
}


resource "google_service_networking_connection" "private_vpc_connection" {
  network                 = google_compute_network.vpc_test.self_link
  service                 = "servicenetworking.googleapis.com"
  reserved_peering_ranges = [google_compute_global_address.private_ip_range.name]
}

resource "google_compute_global_address" "private_ip_range" {
  name          = "private-ip-range"
  purpose       = "VPC_PEERING"
  address_type  = "INTERNAL"
  prefix_length = 16
  network       = google_compute_network.vpc_test.name
}

If I try to apply the config i get the following error

╷
│ Error: Error waiting for Create Service Networking Connection: error while ret
rieving operation: googleapi: Error 403: Service Networking API has not been use
d in project 681255809395 before or it is disabled. Enable it by visiting https:
//console.developers.google.com/apis/api/servicenetworking.googleapis.com/overvi
ew?project=681255809395 then retry. If you enabled this API recently, wait a few
 minutes for the action to propagate to our systems and retry.
│ Details:
│ [
│   {
│     "@type": "type.googleapis.com/google.rpc.Help",
│     "links": [
│       {
│         "description": "Google developers console API activation",
│         "url": "https://console.developers.google.com/apis/api/servicenetworki
ng.googleapis.com/overview?project=681255809395"
│       }
│     ]
│   },
│   {
│     "@type": "type.googleapis.com/google.rpc.ErrorInfo",
│     "domain": "googleapis.com",
│     "metadata": {
│       "consumer": "projects/681255809395",
│       "service": "servicenetworking.googleapis.com"
│     },
│     "reason": "SERVICE_DISABLED"
│   }
│ ]
│ , accessNotConfigured
│
│   with module.network.google_service_networking_connection.private_vpc_connect
ion,
│   on modules\network\main.tf line 31, in resource "google_service_networking_c
onnection" "private_vpc_connection":
│   31: resource "google_service_networking_connection" "private_vpc_connection"
 {
│

Problem: Terraform stops apply cause of the error

Expected behaivour: Terraform create sucessfully the private service network connection

google-cloud-platform terraform terraform-provider-gcp google-cloud-networking vpc-peering
Original Q&A
1

There are 1 answers

0
sam On

As John-Hanley mentioned it could be due to API not being enabled. If you have enabled API, kindly wait few mins.

As you are also using variables.tf, do keep a note of Terraform's Variables Precedence. Here is the Precedence order (high to low)

  • Environment Variables
  • terraform.tfvars
  • terrafform.tfvars.json
  • *.auto.tfvars files
  • *.auto.tfvars.json files
  • Command like input using -var or -var-file
  • Variables default values.

Related Questions in GOOGLE-CLOUD-PLATFORM

Related Questions in TERRAFORM

Related Questions in TERRAFORM-PROVIDER-GCP

Related Questions in GOOGLE-CLOUD-NETWORKING

Related Questions in VPC-PEERING

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions