15

I'm trying to replicate a SQL instance in GCP via terraform. The active instance has a public IP, however subnets from a secondary project are shared with the project hosing the SQL instance, and the SQL instance is associated with the secondary project's network.

I've added the private_network setting properly (I think) in the ip_configuration section, however I'm getting the following error:

Error: Error, failed to create instance xxxx: googleapi: Error 400: Invalid request: Incorrect Service Networking config for instance: xxxx:xxxxx:SERVICE_NETWORKING_NOT_ENABLED., invalid

I can't find much documentation when I google that particular error, and I'm relatively new to Terraform, so I'm hoping someone can point out what I'm missing from either this section of my Terraform config, or another resource altogether.

resource "google_sql_database_instance" "cloudsql-instance-qa" {
  depends_on       = [google_project_service.project_apis]
  database_version = "MYSQL_5_7"
  name             = "${var.env_shorthand}-${var.resource_name}"
  project          = var.project_id
  region           = var.region

  settings {
    activation_policy = "ALWAYS"
    availability_type = "ZONAL"

    backup_configuration {
      binary_log_enabled             = "true"
      enabled                        = "true"
      point_in_time_recovery_enabled = "false"
      start_time                     = "15:00"
    }

    crash_safe_replication = "false"
    disk_autoresize        = "true"
    disk_size              = "5003"
    disk_type              = "PD_SSD"

    ip_configuration {
      ipv4_enabled    = "true"
      private_network = "projects/gcp-backend/global/networks/default"
      require_ssl     = "false"
    }

    location_preference {
      zone = var.zone
    }

    maintenance_window {
      day  = "7"
      hour = "4"
    }

    pricing_plan     = "PER_USE"
    replication_type = "SYNCHRONOUS"
    tier             = "db-n1-standard-1"
  }
}
NealR
  • 10,189
  • 61
  • 159
  • 299
  • You are defining both a public IP address (`ipv4_enabled = "true"`) and private (`private_network = "projects/gcp-backend/global/networks/default"`). Use one or the other but not both. – John Hanley Mar 08 '21 at 21:00
  • @JohnHanley I set `ipv4_enalbed` to `false` but am still getting the same error. Do I need to update a setting somewhere else? The current, active/working, instance was both a public and private IP, and it's associated with the network in the secondary project. – NealR Mar 08 '21 at 21:04
  • Are you trying to specify a network in a different project? – John Hanley Mar 08 '21 at 21:10
  • @JohnHanley yeah, it's the default network in another project – NealR Mar 08 '21 at 21:10
  • I am fairly certain you cannot specify a network in a different project. When I enable Private IP in the GUI, I can only select a network in the current project. – John Hanley Mar 08 '21 at 21:14
  • Hm... On the active instance if I look at the `Associated networking` section of the SQL instance in the UI (it's on the `Overview` tab) I see the same value I have in the `private_network` section above. – NealR Mar 08 '21 at 21:16
  • I also forgot that you will also need to set up "Private service access". – John Hanley Mar 08 '21 at 21:18
  • 2
    I think you have an additional problem. Do you have the "Service Networking API" enabled? https://console.cloud.google.com/apis/library/servicenetworking.googleapis.com – John Hanley Mar 08 '21 at 21:26
  • @JohnHanley that was it, ty! – NealR Mar 08 '21 at 21:56

1 Answers1

30

If you see the following error:

Error: Error, failed to create instance xxxx: googleapi: Error 400: Invalid request: Incorrect Service Networking config for instance: xxxx:xxxxx:SERVICE_NETWORKING_NOT_ENABLED., invalid

Enable the Service Networking API:

gcloud services enable servicenetworking.googleapis.com --project=[PSM_PROJECT_NUMBER]

Getting Started with the Service Networking API

John Hanley
  • 74,467
  • 6
  • 95
  • 159