The page describes the steps that need to be completed before you can start to use the Service Consumer Management API. It assumes that you already have a Google Cloud project and a managed service (such as a managed service created using Cloud Endpoints) in that project, and that you understand Tenancy Units.
Activating the service
While the Service Consumer Management API helps you to manage the usage of your own managed services, it is also a service itself. Therefore, before you can use it, you must activate the Service Consumer Management API for the Google Cloud project that hosts your managed service. This project is known as a service producer project.
The simplest way to enable the Service Consumer Management API for your service producer project is to use the Google Cloud console. Alternatively, you can enable it from the command line or programmatically. You can find out more in Enabling and Disabling Services.
After the Service Consumer Management API is enabled for your service producer project, you must create your own service identity and grant it permissions on your resources so that it can create tenant projects in your folders and set up the correct billing account on tenant projects. These actions are executed by a service account owned by the Service Consumer Management API, which is specified in the following format:
where PROJECT_NUMBER is the project number for your service producer project that activated the Service Consumer Management service.
The remainder of this guide uses GCM_SA to represent the Service Consumer Management API service account.
You can use the following commands to generate the service identity.
- Login with your user account.
gcloud auth login
- Generate the service identity.
gcloud beta services identity create --service=serviceconsumermanagement.googleapis.com --project=PROJECT_ID
Setting folder permissions
Ensure that you have a folder for holding your tenant projects: you'll need to have an Organization to create folders within your service producer project. If you don’t have a folder, follow the instructions in Creating and Managing Folders to create one. Your folder will have an integer based FOLDER_ID.
On your folder, assign the Project Creator/Deleter role to the Service Consumer Management API service account. Follow the instructions in Configuring Access to Folders to add the Project Creator and Project Deleter role, using GCM_SA as the user.
Setting billing account permissions
Ensure that you have a billing account that can be shared for tenant projects. If you don't have a billing account, see Create, Modify, or Close a Billing Account for instructions to create one.
Follow the instructions to add the Billing Account User role to GCM_SA.
- The Service Consumer Management API creates tenant projects on your behalf, so ensure you have enough quota to create them.
- See the project limits documentation to know how many projects can be created by default and to request increases to that limit.