Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unable to create a private connection #821

Open
brunoripa opened this issue May 27, 2022 · 5 comments
Open

Unable to create a private connection #821

brunoripa opened this issue May 27, 2022 · 5 comments
Assignees
@rshade
Labels
awaiting-feedback Blocked on input from the author kind/bug Some behavior is incorrect or out of spec

Comments

@brunoripa
Copy link

What happened?

In GCP, I am trying to create a private connection to a vpc I have to then deploy a CloudSQL instance (which requires a network with private access enabled).

I have the Network, a GlobalAddress, and try to create the Connection, but the script fails reporting that the address cannot be found. If I make a query using gcloud, the address is present.

Steps to reproduce

This is part of the script I am running.

vpc = gcp.compute.Network(
    "default",
    name="default",
    project=project,
    auto_create_subnetworks=False,
    # to allow vpn broadcasting routes
    routing_mode="GLOBAL")

ipv4_address = gcp.compute.GlobalAddress(
  "ipv4-address",
  description="IP address range to be used for private connection",
  network=vpc.id,
  project=project,
  address_type="INTERNAL",
  purpose="PRIVATE_SERVICE_CONNECT",  # Correct ?
)

private_vpc_peering = gcp.servicenetworking.Connection(
  "private-vpc-peering",
  network=vpc.id,
  service="servicenetworking.googleapis.com",
  reserved_peering_ranges=[ipv4_address.name],
)

Expected Behavior

A Connection object should be created.

Actual Behavior

The script fails with the following error:

* Error waiting for Create Service Networking Connection: Error code 9, message: Allocated IP range 'ipv4-address-f7f5e3e' not found in network.
    Help Token: xxx

But if I execute:

NAME                                    ADDRESS/RANGE  TYPE      PURPOSE                  NETWORK  REGION       SUBNET  STATUS
ipv4-address-f7f5e3e                    192.168.3.1    INTERNAL  PRIVATE_SERVICE_CONNECT  default                       RESERVED
...

Versions used

CLI
Version 3.31.0
Go Version go1.17.9
Go Compiler gc

Plugins
NAME VERSION
gcp 6.25.0
google-native 0.19.1
kubernetes 3.19.2
python unknown

Host
OS ubuntu
Version 20.04
Arch x86_64

This project is written in python (/nix/store/5dpzdxcq5vc4dh1kyg9igcailvi1qmlk-python3-3.9.12-env/bin/python3 v3.9.12)

Current Stack: loadtest

TYPE URN
pulumi:pulumi:Stack urn:pulumi:loadtest::::pulumi:pulumi:Stack::-loadtest
pulumi:providers:gcp urn:pulumi:loadtest::::pulumi:providers:gcp::default
pulumi:providers:gcp urn:pulumi:loadtest::::pulumi:providers:gcp::default_6_25_0
gcp:compute/network:Network urn:pulumi:loadtest::::gcp:compute/network:Network::default
gcp:compute/subnetwork:Subnetwork urn:pulumi:loadtest::::gcp:compute/subnetwork:Subnetwork::default
gcp:compute/router:Router urn:pulumi:loadtest::::gcp:compute/router:Router::router
gcp:container/cluster:Cluster urn:pulumi:loadtest::::gcp:container/cluster:Cluster::-cluster-loadtest
gcp:compute/routerNat:RouterNat urn:pulumi:loadtest::::gcp:compute/routerNat:RouterNat::nat
gcp:compute/instance:Instance urn:pulumi:loadtest::::gcp:compute/instance:Instance::bastion
gcp:compute/firewall:Firewall urn:pulumi:loadtest::::gcp:compute/firewall:Firewall::allowiap
gcp:compute/globalAddress:GlobalAddress urn:pulumi:loadtest::***::gcp:compute/globalAddress:GlobalAddress::ipv4-address

Found no pending operations associated with loadtest

Backend
Name DESKTOP-UOHVP03
URL gs://xxxx
User bruno
Organizations

NAME VERSION
pip 22.1.1
pulumi-gcp 6.25.0
pulumi-google-native 0.19.1
pulumi-kubernetes 3.19.2
setuptools 62.3.2
wheel 0.37.1

Pulumi locates its logs in /tmp by default
warning: A new version of Pulumi is available. To upgrade from version '3.31.0' to '3.33.1', visit https://pulumi.com/docs/reference/install/ for manual instructions and release notes.

Additional context

No response

Contributing

Vote on this issue by adding a 👍 reaction.
To contribute a fix for this issue, leave a comment (and link to your pull request, if you've opened one already).
@brunoripa brunoripa added kind/bug Some behavior is incorrect or out of spec needs-triage Needs attention from the triage team labels May 27, 2022
@brunoripa
Copy link
Author

👍

@viveklak
Copy link
Contributor

Does this fail even if you try running the above again (after the initial failure)? I suspect some sort of an eventual consistency issue. The same seems to be alluded to here on the terraform provider: hashicorp/terraform-provider-google#11100 (comment)

@viveklak viveklak added awaiting-upstream The issue cannot be resolved without action in another repository (may be owned by Pulumi). awaiting-feedback and removed needs-triage Needs attention from the triage team labels May 31, 2022
@javamo
Copy link

javamo commented Oct 7, 2022

@brunoripa have you found a solution to this?

@moulip
Copy link

moulip commented Jan 17, 2024
edited
Loading

Hi there,

I'm currently facing the same isssue. I have setup a vpc network, a GlobalAddress and it can't be found in the network when trying to create the Private Connection.

@rshade rshade self-assigned this Dec 6, 2024
@rshade
Copy link
Contributor

rshade commented Dec 12, 2024

This should work:

gcp_config = pulumi.Config("gcp")
project = gcp_config.require("project")
vpc = gcp.compute.Network(
    "default-812",
    name="default-812",
    project=project,
    auto_create_subnetworks=False,
    # to allow vpn broadcasting routes
    routing_mode="GLOBAL",
)

us_west1_subnetwork = gcp.compute.Subnetwork(
    "us-west1-subnetwork",
    name="default-812-us-west1",
    project=project,
    region="us-west1",
    ip_cidr_range="10.1.0.0/16",  # Example CIDR range for the subnetwork
    network=vpc.id,
    private_ip_google_access=True,  # Allow Google API access
)

ipv4_address = gcp.compute.GlobalAddress(
    "ipv4-address",
    description="IP address range to be used for private connection",
    network=vpc.id,
    project=project,
    address_type="INTERNAL",
    prefix_length=16,
    purpose="VPC_PEERING",  # Correct ?
)

private_vpc_peering = gcp.servicenetworking.Connection(
    "private-vpc-peering",
    network=vpc.id,
    service="servicenetworking.googleapis.com",
    reserved_peering_ranges=[ipv4_address.name],
)```

@rshade rshade added awaiting-feedback Blocked on input from the author and removed awaiting-upstream The issue cannot be resolved without action in another repository (may be owned by Pulumi). labels Dec 12, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@rshade rshade

Labels
awaiting-feedback Blocked on input from the author kind/bug Some behavior is incorrect or out of spec
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@javamo @rshade @brunoripa @moulip @viveklak @mikhailshilkov