I have given my user both my admin user and the service account user the "Compute Shared VPC Admin" role at the organization level, but I can't seem to enable the requested permission. I also granted the role at the folder level that owns the namidalab-dev-networks project. When selecting the namidalab-dev-networks project in the IAM & Admin console UI, the "Compute Shared VPC Admin" option is not available for my admin user and service account user.
How can I grant this role to the project?
Terraform output:
...
Step #1 - "Apply": google_compute_shared_vpc_host_project.host: Creating...
Step #1 - "Apply":
Step #1 - "Apply": Error: Error enabling Shared VPC Host "namidalab-dev-networks": googleapi: Error 403: Required 'compute.organizations.enableXpnHost' permission for 'projects/namidalab-dev-networks', forbidden
Step #1 - "Apply":
Step #1 - "Apply": on main.tf line 87, in resource "google_compute_shared_vpc_host_project" "host":
Step #1 - "Apply": 87: resource "google_compute_shared_vpc_host_project" "host" {
My Organization, folder and project structure
Project configuration - Compute Shared VPC Admin role is no longer available.
Google Cloud recommends that the Shared VPC Admin be the owner of the shared VPC host project.
You need to add the role roles/compute.xpnAdmin to the service account that Terraform is using. That is the only role that I am aware of that contains the permission compute.organizations.enableXpnHost. I noticed that you mentioned this role in your question, but I think you have it at the wrong level or the wrong project. This should be granted at the organization level or at the VPC Host Project level.
This role can be added at the Organization level by the Organization Admin.
