Allow google_compute_shared_vpc_service_project to share only specific subnetworks

[vincepri]

In the current example of Shared VPC

# A service project gains access to network resources provided by its
# associated host project.
resource "google_compute_shared_vpc_service_project" "service1" {
  host_project    = "${google_compute_shared_vpc_host_project.host.project}"
  service_project = "service-project-id-1"
}

resource "google_compute_shared_vpc_service_project" "service2" {
  host_project    = "${google_compute_shared_vpc_host_project.host.project}"
  service_project = "service-project-id-2"
}

the service account will inherit all subnets from the host project. From the Cloud Console UI it's possible to select only specific subnets to share. Adding support for this feature is useful in large organizations where a main network project own different subnets for different groups.

[morgante]

Actually, under the hood there's not the ability to share specific subnets with a service project. Instead, that happens via IAM. Specifically, as per the docs, the process is to associate the service project with the host project and then share the subnets via IAM

I've opened #1291 to address this.

[vincepri]

You're totally right! I tested this in GCP Console myself and I was under the wrong assumption, I assume we can close this issue then :)

[rosbo]

Thanks @morgante for answering this one. Closing.

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 hashibot-feedback@hashicorp.com. Thanks!