Assigned
Status Update
No update yet.
Comments
ba...@google.com
ka...@google.com
Automatic regression verification started for measurement:
ChromiumPerf/mac-m2-pro-perf/blink_perf.css/NestingIdentInvalidValue/NestingIdentInvalidValue.html
Verification workflow id: projects/62121018386/locations/us-central1/workflows/sandwich-verification-workflow-prod/executions/a6b905ed-9343-4d2b-a994-55556a5aa8bd
ChromiumPerf/mac-m2-pro-perf/blink_perf.css/NestingIdentInvalidValue/NestingIdentInvalidValue.html
Verification workflow id: projects/62121018386/locations/us-central1/workflows/sandwich-verification-workflow-prod/executions/a6b905ed-9343-4d2b-a994-55556a5aa8bd
Description
Business Impact: The customer is not able to perform Application Integration.
Issue summary: The customer setting up integrations for the first time in the ipaas-gcp-dev project, while the cx were in this process received this message [1].
Reproduction Steps:
I was able to find the mentioned logs, I found a NO_MATCHING_ACCESS_LEVEL, which by digging a bit inside the internal documentation, these logs refer to when the IP address, device requirement or user identity (principalEmail) does not match any ingress rules or access levels assigned to the VPC service perimeter,
I found that to handle this issue, you need to whitelist the email IDs/principal IDs in your VPC service perimeter to allow access, and I shared this documentation 4 to whitelist the target email IDs.
The customer shared the tenant id which is unknown to them "tenant@bbddd21a80bbbeb0cp-tp.iam.gserviceaccount.com "
and they want to know why it is using this one to decrypt.
================================================================================================================================================
[1]:Fail to encrypt dek using KMS because: Request is prohibited by organization''s policy. vpcServiceControlsUniqueIdentifier: G-pwGo6M9qsjM_paFZJuJ0pfODFHd7Uz6NTNnUod1ClejPDzAPUczWzCrSW_cvTqvYVcnRD9SmBUxy2T Please contact support