Error enabling XPN host on a project

[Subramanian Chandrasekaran]

I get following error when I try to enable XPN host on a project using gcloud CLI:
$ gcloud beta compute xpn enable xpn-host-c3
ERROR: (gcloud.beta.compute.xpn.enable) Could not enable [xpn-host-c3] as XPN host:
- Required 'compute.organizations.administerXpn' permission for 'projects/xpn-host-c3'

I have already given the user the compute.xpnAdmin role as described in
https://cloud.google.com/compute/docs/xpn/provisioning-xpn.
I don't see any information on the administerXpn role.

[Kamran (Google Cloud Support)]

Hello Subramanian,

I'm quoting from this article:

• Organization — The Cloud Organization is the top level in the Cloud Resource Hierarchy and the top-level owner of all the projects and resources created under it. A given XPN host project and its XPN service projects must be under the same Cloud Organization.
• Org admin (resourcemanager.organizationAdmin) — The administrator for a Cloud Organization.
• XPN admin (compute.xpnAdmin) — The administrator responsible for configuring XPN in the Cloud Organization by enabling projects as XPN host projects and attaching service projects to host projects. As a best practice, we recommend that the XPN admin also be a project owner on the host project.

Therefore, to enable a project as XPN host, your account has to have XPN Admin role. An Org admin can grant XPN admin role to an account. Please visit this article for more information about Cloud Platform resource hierarchy.

I hope this information helps.

Sincerely,

[Subramanian Chandrasekaran]

Thanks, Kamran. Looks like the first bullet in the article you quoted was my issue. I didn't have the host and service projects under any organization. Once I moved them under organization, this error went away.