- HTTP request
- Path parameters
- Request body
- Response body
- Authorization scopes
- SecondaryIpRangeSpec
- Try it!
For service producers, provisions a new subnet in a peered service's shared VPC network in the requested region and with the requested size that's expressed as a CIDR range (number of leading bits of ipV4 network mask). The method checks against the assigned allocated ranges to find a non-conflicting IP address range. The method will reuse a subnet if subsequent calls contain the same subnet name, region, and prefix length. This method will make producer's tenant project to be a shared VPC service project as needed.
HTTP request
POST https://servicenetworking.googleapis.com/v1/{parent=services/*/*/*}:addSubnetwork
The URL uses gRPC Transcoding syntax.
Path parameters
| Parameters | |
|---|---|
| parent | 
 Required. A tenant project in the service producer organization, in the following format: services/{service}/{collection-id}/{resource-id}. {collection-id} is the cloud resource collection type that represents the tenant project. Only  Authorization requires the following IAM permission on the specified resource  
 | 
Request body
The request body contains data with the following structure:
| JSON representation | 
|---|
| {
  "consumerNetwork": string,
  "subnetwork": string,
  "region": string,
  "ipPrefixLength": integer,
  "description": string,
  "subnetworkUsers": [
    string
  ],
  "consumer": string,
  "requestedAddress": string,
  "secondaryIpRangeSpecs": [
    {
      object ( | 
| Fields | |
|---|---|
| consumerNetwork | 
 Required. The name of the service consumer's VPC network. The network must have an existing private connection that was provisioned through the connections.create method. The name must be in the following format:  | 
| subnetwork | 
 Required. A name for the new subnet. For information about the naming requirements, see subnetwork in the Compute API documentation. | 
| region | 
 Required. The name of a region for the subnet, such  | 
| ipPrefixLength | 
 Required. The prefix length of the subnet's IP address range. Use CIDR range notation, such as  | 
| description | 
 Optional. Description of the subnet. | 
| subnetworkUsers[] | 
 A list of members that are granted the  | 
| consumer | 
 Required. A resource that represents the service consumer, such as  | 
| requestedAddress | 
 Optional. The starting address of a range. The address must be a valid IPv4 address in the x.x.x.x format. This value combined with the IP prefix range is the CIDR range for the subnet. The range must be within the allocated range that is assigned to the private connection. If the CIDR range isn't available, the call fails. | 
| secondaryIpRangeSpecs[] | 
 Optional. A list of secondary IP ranges to be created within the new subnetwork. | 
| privateIpv6GoogleAccess | 
 Optional. The private IPv6 google access type for the VMs in this subnet. For information about the access types that can be set using this field, see subnetwork in the Compute API documentation. | 
| requestedRanges[] | 
 Optional. The name of one or more allocated IP address ranges associated with this private service access connection. If no range names are provided all ranges associated with this connection will be considered. If a CIDR range with the specified IP prefix length is not available within these ranges, the call fails. | 
| outsideAllocationPublicIpRange | 
 Optional. Enable outside allocation using public IP addresses. Any public IP range may be specified. If this field is provided, consumer allocated ranges aren't used for this primary IP range. | 
| purpose | 
 Optional. Defines the purpose field of the subnet, e.g. 'PRIVATE_SERVICE_CONNECT'. For information about the purposes that can be set using this field, see subnetwork in the Compute API documentation. | 
| checkServiceNetworkingUsePermission | 
 Optional. The IAM permission check determines whether the consumer project has 'servicenetworking.services.use' permission or not. | 
| useCustomComputeIdempotencyWindow | 
 Optional. Specifies if Service Networking should use a custom window for Compute Engine API requests. If false, Service Networking uses a 300 second (5 minute) idempotency window. If true, Service Networking uses the custom idempotency window provided in field computeIdempotencyWindow. | 
| computeIdempotencyWindow | 
 Optional. Specifies a custom time window for subnetwork request idempotency. If two equivalent concurrent requests are made, the Compute Engine API ignores one request if the other has already been completed or is in progress. Only requests with matching computeIdempotencyWindow have guaranteed idempotency. Changing this time window between requests results in undefined behavior. Zero (or empty) value with custom_compute_idempotency_window=true specifies no idempotency (i.e. no request ID is provided to the Compute Engine API). Maximum value of 14 days. A duration in seconds with up to nine fractional digits, ending with ' | 
| allowSubnetCidrRoutesOverlap | 
 Optional. Defines the allowSubnetCidrRoutesOverlap field of the subnet, e.g. Available in alpha and beta according to Compute API documentation | 
| role | 
 Optional. Defines the role field of the subnet, e.g. 'ACTIVE'. For information about the roles that can be set using this field, see subnetwork in the Compute API documentation. | 
| internalRange | 
 Optional. The url of an internal range. Eg:  | 
| skipRequestedAddressValidation | 
 Optional. Skips validating if the requestedAddress is in use by SN VPC's peering group. Compute Engine will still perform this check and fail the request if the requestedAddress is in use. Note that Compute Engine does not check for the existence of dynamic routes when performing this check. Caller of this API should make sure that there are no dynamic routes overlapping with the requestedAddress/prefix_length IP address range otherwise the created subnet could cause misrouting. | 
Response body
If successful, the response body contains an instance of Operation.
Authorization scopes
Requires one of the following OAuth scopes:
- https://www.googleapis.com/auth/service.management
- https://www.googleapis.com/auth/cloud-platform
For more information, see the Authentication Overview.
SecondaryIpRangeSpec
| JSON representation | 
|---|
| { "rangeName": string, "ipPrefixLength": integer, "requestedAddress": string, "outsideAllocationPublicIpRange": string } | 
| Fields | |
|---|---|
| rangeName | 
 Required. A name for the secondary IP range. The name must be 1-63 characters long, and comply with RFC1035. The name must be unique within the subnetwork. | 
| ipPrefixLength | 
 Required. The prefix length of the secondary IP range. Use CIDR range notation, such as  | 
| requestedAddress | 
 Optional. The starting address of a range. The address must be a valid IPv4 address in the x.x.x.x format. This value combined with the IP prefix range is the CIDR range for the secondary IP range. The range must be within the allocated range that is assigned to the private connection. If the CIDR range isn't available, the call fails. | 
| outsideAllocationPublicIpRange | 
 Optional. Enable outside allocation using public IP addresses. Any public IP range may be specified. If this field is provided, consumer allocated ranges aren't used for this secondary IP range. |