Method: services.addSubnetwork

For service producers, provisions a new subnet in a peered service's shared VPC network in the requested region and with the requested size that's expressed as a CIDR range (number of leading bits of ipV4 network mask). The method checks against the assigned allocated ranges to find a non-conflicting IP address range. The method will reuse a subnet if subsequent calls contain the same subnet name, region, and prefix length. This method will make producer's tenant project to be a shared VPC service project as needed.

HTTP request

POST https://servicenetworking.googleapis.com/v1/{parent=services/*/*/*}:addSubnetwork

The URL uses gRPC Transcoding syntax.

Path parameters

Parameters
parent

string

Required. A tenant project in the service producer organization, in the following format: services/{service}/{collection-id}/{resource-id}. {collection-id} is the cloud resource collection type that represents the tenant project. Only projects are supported. {resource-id} is the tenant project numeric id, such as 123456. {service} the name of the peering service, such as service-peering.example.com. This service must already be enabled in the service consumer's project.

Authorization requires the following IAM permission on the specified resource parent:

  • servicenetworking.services.addSubnetwork

Request body

The request body contains data with the following structure:

JSON representation 
{
  "consumerNetwork": string,
  "subnetwork": string,
  "region": string,
  "ipPrefixLength": integer,
  "description": string,
  "subnetworkUsers": [
    string
  ],
  "consumer": string,
  "requestedAddress": string,
  "secondaryIpRangeSpecs": [
    {
      object (SecondaryIpRangeSpec)
    }
  ],
  "requestedRanges": [
    string
  ]
}
Fields
consumerNetwork

string

Required. The name of the service consumer's VPC network. The network must have an existing private connection that was provisioned through the connections.create method. The name must be in the following format: projects/{project}/global/networks/{network}, where {project} is a project number, such as 12345. {network} is the name of a VPC network in the project.
subnetwork

string

Required. A name for the new subnet. For information about the naming requirements, see subnetwork in the Compute API documentation.
region

string

Required. The name of a region for the subnet, such europe-west1.
ipPrefixLength

integer

Required. The prefix length of the subnet's IP address range. Use CIDR range notation, such as 30 to provision a subnet with an x.x.x.x/30 CIDR range. The IP address range is drawn from a pool of available ranges in the service consumer's allocated range.
description

string

Optional. Description of the subnet.
subnetworkUsers[]

string

A list of members that are granted the compute.networkUser role on the subnet.
consumer

string

Required. A resource that represents the service consumer, such as projects/123456. The project number can be different from the value in the consumer network parameter. For example, the network might be part of a Shared VPC network. In those cases, Service Networking validates that this resource belongs to that Shared VPC.
requestedAddress

string

Optional. The starting address of a range. The address must be a valid IPv4 address in the x.x.x.x format. This value combined with the IP prefix range is the CIDR range for the subnet. The range must be within the allocated range that is assigned to the private connection. If the CIDR range isn't available, the call fails.
secondaryIpRangeSpecs[]

object (SecondaryIpRangeSpec)

Optional. A list of secondary IP ranges to be created within the new subnetwork.
requestedRanges[]

string

Optional. The name of one or more allocated IP address ranges associated with this private service access connection. If no range names are provided all ranges associated with this connection will be considered. If a CIDR range with the specified IP prefix length is not available within these ranges, the call fails.

Response body

If successful, the response body contains an instance of Operation.

Authorization Scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/service.management
  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

SecondaryIpRangeSpec

JSON representation 
{
  "rangeName": string,
  "ipPrefixLength": integer,
  "requestedAddress": string
}
Fields
rangeName

string

Required. A name for the secondary IP range. The name must be 1-63 characters long, and comply with RFC1035. The name must be unique within the subnetwork.
ipPrefixLength

integer

Required. The prefix length of the secondary IP range. Use CIDR range notation, such as 30 to provision a secondary IP range with an x.x.x.x/30 CIDR range. The IP address range is drawn from a pool of available ranges in the service consumer's allocated range.
requestedAddress

string

Optional. The starting address of a range. The address must be a valid IPv4 address in the x.x.x.x format. This value combined with the IP prefix range is the CIDR range for the secondary IP range. The range must be within the allocated range that is assigned to the private connection. If the CIDR range isn't available, the call fails.