I have a problem/question regarding GCP's Access Context Manager. I am just trying it out together with VPC Service Control and my idea is to limit access to GCP services within specific project.
What I did was I created service perimeter, added storage.googleapis.com as restricted service and attached access level to it.
Within access level I set up a condition to allow my public IPv4 CIDR (x.x.x.x/32). With that condition, I keep getting ERROR: Could not fetch resource: - Request is prohibited by organization's policy.
What I figured is if I add my public IPv6 CIDR in the condition, this works.
Any idea why this would not work on IPv4 address (I even added 0.0.0.0/0 for test there, but the error still persisted)? When going through logs, I see that within the requestMetadata.callerIp, IPv6 is used.
I was trying to use both gcloud CLI as well as GCP console for testing access.
Best regards, Bostjan
