Review proposed VPC spokes

As a hub administrator, you can review and subsequently accept or reject pending VPC spokes that a spoke administrator has proposed from a different project from the hub.

After a spoke is accepted or rejected, you can reject it or accept it as many times as necessary by running the commands described on this page.

You can also set up auto-accept projects for spoke groups into a hub. Auto-accept lets you automatically accept into the hub any spokes that are in auto-accept projects, without having to review each spoke proposal.

Permissions required for this task

To perform this task, you must have been granted the following permissions or the following IAM roles.

Permissions

networkconnectivity.hubs.listSpokes to list spokes
networkconnectivity.groups.acceptSpoke on the hub to accept a spoke
networkconnectivity.groups.rejectSpoke on the hub to reject a spoke
networkconnectivity.groups.list on the hub to list groups
networkconnectivity.groups.get on the hub to get a group
networkconnectivity.groups.update on the hub to update a group

Roles

roles/networkconnectivity.hubAdmin

View proposals pending review

To view spoke proposals that are pending review for a hub, follow these steps.

Console

In the Google Cloud console, go to Network Connectivity Center.

Go to Network Connectivity Center
In the project menu, select the project that contains the hub for which you want to list the existing spokes.
In the Hub tab, select the hub.
Click the Spoke tab. All the spokes attached to that hub are listed.
To view the status for a specific spoke, click the spoke name. The proposed spokes that are pending review have an Inactive, pending status.

gcloud

Run the gcloud network-connectivity hubs list-spokes command.

gcloud network-connectivity hubs list-spokes HUB_NAME \
    --filter="reasons:PENDING_REVIEW"

Replace HUB_NAME with the name of the hub for which you want to review the proposed spokes, such as my-hub.

API

To view spoke proposals that are pending review for a hub, use the networkconnectivity.hubs.listSpokes method.

  GET https://networkconnectivity.googleapis.com/v1/projects/PROJECT_ID/locations/global/hubs/HUB_NAME:listSpokes?filter=reasons=PENDING_REVIEW

Replace the following values:

PROJECT_ID: the project ID of the project that contains the spokes to list
HUB_NAME: the name of the hub for which you want to view spoke proposals pending review

Accept a spoke proposal

To accept a proposed spoke to connect to a hub, follow these steps.

Console

In the Google Cloud console, go to Network Connectivity Center.

Go to Network Connectivity Center
In the project menu, select the project that contains the hub for which you want to list the existing spokes.
On the Hub tab, select the hub.
Click the Spoke tab. All the spokes attached to that hub are listed.
To view details for a specific spoke, click the spoke name.
Click Accept.

The Network Connectivity Center page updates to show details about the spokes that you accepted and the spoke status changes to Active.

You can also select multiple spokes for a bulk accept. However, as the hub administrator, before accepting a spoke, you must check the VPC spoke filters for each spoke by clicking the individual spoke name and checking the spoke details.

gcloud

Run the gcloud network-connectivity hubs accept-spoke command.

gcloud network-connectivity hubs accept-spoke HUB_NAME \
    --spoke=SPOKE_URI

Replace the following:

HUB_NAME: the name of the hub that is receiving the spoke proposal
SPOKE_URI: the URI of the spoke that you want to accept into the hub

API

To accept a proposed spoke, use the networkconnectivity.hubs.acceptSpoke method.

  POST https://networkconnectivity.googleapis.com/v1/projects/PROJECT_ID/locations/global/hubs/HUB_NAME:acceptSpoke

  {
  "spokeUri": SPOKE_URI
  }

Replace the following:

PROJECT_ID: the ID of the project that contains the hub
HUB_NAME: the name of the hub that is receiving the spoke proposal
SPOKE_URI: the URI of the spoke that you want to accept into the hub

Reject a spoke proposal

To reject a proposed spoke from connecting to a hub, follow these steps.

Console

In the Google Cloud console, go to Network Connectivity Center.

Go to Network Connectivity Center
In the project menu, select the project that contains the hub for which you want to list the existing spokes.
In the Hub tab, select the hub.
Click the Spoke tab. All the spokes attached to that hub are listed.
To view details for a specific spoke, click the spoke name.
Click Reject.
In the Reject spoke? dialog, confirm the rejection and optionally, provide a reason for the rejection.
Click Reject again. The Network Connectivity Center page updates to show details about the spokes that you rejected, and the spoke status shows as Inactive, rejected.

gcloud

Run the gcloud network-connectivity hubs reject-spoke command.

gcloud network-connectivity hubs reject-spoke HUB_NAME \
    --spoke=SPOKE_URI \
    --details=REJECT_REASON

Replace the following:

HUB_NAME: the name of the hub that contains the spoke that you want to reject
SPOKE_URI: the URI of the VPC spoke that you want to reject
REJECT_REASON: Optional: the reason for which you rejected the spoke

API

To reject a proposed spoke, use the networkconnectivity.hubs.rejectSpoke method.

  POST https://networkconnectivity.googleapis.com/v1/projects/PROJECT_ID/locations/global/hubs/HUB_NAME:rejectSpoke

  {
  "spokeUri": SPOKE_URI,
  "requestId": REQUEST_ID,
  "details": SPOKE_DETAILS
  }

Replace the following:

PROJECT_ID: the ID of the project that contains the hub
HUB_NAME: the name of the hub that contains the spoke that you want to reject
SPOKE_URI: the URI of the spoke that you want to reject from the hub
REQUEST_ID: Optional: the request ID to identify requests
SPOKE_DETAILS: Optional: the additional details that you provide, such as, reason for rejection

Manage auto-accept projects for spoke groups

To automatically connect spokes to a hub without the need for individual spoke proposal review, you can set up auto-accept for spoke groups. To complete this task, you need the project IDs for which you want to set up automatic acceptance of spokes.

To add or remove auto-accept projects for spoke groups, follow these steps.

Console

In the Google Cloud console, go to Network Connectivity Center.

Go to Network Connectivity Center
In the project menu, select the project that contains the hub for which you want to list the existing spokes.
In the Hub tab, select the hub.
In the Groups tab, click Edit next to the group name that you want to update.
On the Edit group page, under Auto-accept projects, follow these steps for the action you want to take:
- To add auto-accept for specific projects, enter the project ID for the appropriate project in the Project ID 1 field. To add multiple project IDs, click Add project ID and enter the project ID.
- To remove project IDs from the list, click Delete next to the project ID that you want to remove.
Click Save.

The Network Connectivity Center Hub details page updates to show details about the auto-accept projects that you added, edited, or removed.

gcloud

To set up auto-accept for spoke groups, run the gcloud network-connectivity hubs groups update command.
```
gcloud network-connectivity hubs groups update GROUP_NAME \
  --hub=HUB_NAME \
  --description=DESCRIPTION \
  --add-auto-accept-projects=PROJECT_ID_1,PROJECT_ID_2
```
Replace the following:
- GROUP_NAME: the name of the group that you want to set up auto-accept for
- HUB_NAME: the name of the hub that contains the spoke that you want to accept
- DESCRIPTION: Optional: a description of the spoke group
- PROJECT_ID: a comma-separated list of project IDs for which auto-accept is to be enabled. Use * to represent all projects.
To clear auto-accept for a hub entirely, run the gcloud network-connectivity hubs groups update command with the --clear-auto-accept-projects flag.
```
gcloud network-connectivity hubs groups update GROUP_NAME \
  --hub=HUB_NAME \
  --description=DESCRIPTION \
  --clear-auto-accept-projects
```
Replace the following:
- GROUP_NAME: the name of the group that you want to update
- HUB_NAME: the name of the hub that contains the spoke that you want to update
- DESCRIPTION: Optional: a description of the spoke group

To remove auto-accept for specific projects, run the gcloud network-connectivity hubs groups update command with the --remove-auto-accept-projects flag.

gcloud network-connectivity hubs groups update GROUP_NAME \
  --hub=HUB_NAME \
  --description=DESCRIPTION \
  --remove-auto-accept-projects=PROJECT_ID_1,PROJECT_ID_2

Replace the following:

GROUP_NAME: the name of the group that you want to update
HUB_NAME: the name of the hub that contains the spoke that you want to reject
DESCRIPTION: Optional: a description of the hub
PROJECT_ID: a comma-separated list of project IDs that you want to remove from the auto-accept list.

API

To update the auto-accept projects list, use the networkconnectivity.hubs.rejectSpoke method.

  PATCH https://networkconnectivity.googleapis.com/v1/projects/test-project/locations/global/hubs/HUB_NAME/groups/center?updateMask=auto_accept.auto_accept_projects

  {
   "auto_accept": {
        "auto_accept_projects": ["PROJECT_ID_1", "PROJECT_ID_2"],
   }
  }

Replace the following:

HUB_NAME: the name of the hub that contains the spoke that you want to reject
PROJECT_ID: a comma-separated list of project IDs that you want to remove from the auto-accept list.

What's next

To create hubs and spokes, see Work with hubs and spokes.
To view a list of partners whose solutions are integrated with Network Connectivity Center, see Network Connectivity Center partners.
To find solutions for Router appliance issues, see Troubleshooting.
To get details about API and gcloud commands, see APIs and reference.