Auf der Seite werden die Schritte beschrieben, die Sie ausführen müssen, bevor Sie die Service Consumer Management API verwenden können. Es wird davon ausgegangen, dass Sie bereits ein Google Cloud-Projekt und einen verwalteten Dienst in diesem Projekt haben, zum Beispiel einen mit Cloud Endpoints erstellten verwalteten Dienst, und dass Sie mit Mandanteneinheiten vertraut sind.
Activating the service
While the Service Consumer Management API helps you to manage the usage of your own managed services, it is also a service itself. Therefore, before you can use it, you must activate the Service Consumer Management API for the Google Cloud project that hosts your managed service. This project is known as a service producer project.
The simplest way to enable the Service Consumer Management API for your service producer project is to use the Google Cloud console. Alternatively, you can enable it from the command line or programmatically. You can find out more in Enabling and Disabling Services.
Setting permissions
After the Service Consumer Management API is enabled for your service producer project, you must create your own service identity and grant it permissions on your resources so that it can create tenant projects in your folders and set up the correct billing account on tenant projects. These actions are executed by a service account owned by the Service Consumer Management API, which is specified in the following format:
service-PROJECT_NUMBER@service-consumer-management.iam.gserviceaccount.com
where PROJECT_NUMBER is the project number for your service producer project that activated the Service Consumer Management service.
The remainder of this guide uses GCM_SA to represent the Service Consumer Management API service account.
You can use the following commands to generate the service identity.
- Login with your user account.
gcloud auth login
- Generate the service identity.
gcloud beta services identity create --service=serviceconsumermanagement.googleapis.com --project=PROJECT_ID
Setting folder permissions
Ensure that you have a folder for holding your tenant projects: you'll need to have an Organization to create folders within your service producer project. If you don’t have a folder, follow the instructions in Creating and Managing Folders to create one. Your folder will have an integer based FOLDER_ID.
On your folder, assign the Project Creator/Deleter role to the Service Consumer Management API service account. Follow the instructions in Configuring Access to Folders to add the Project Creator and Project Deleter role, using GCM_SA as the user.
Setting billing account permissions
Ensure that you have a billing account that can be shared for tenant projects. If you don't have a billing account, see Create, Modify, or Close a Billing Account for instructions to create one.
Follow the instructions to add the Billing Account User role to GCM_SA.
Ressourcenanforderungen
- Die Service Consumer Management API erstellt in Ihrem Namen Mandantenprojekte. Achten Sie also darauf, dass Ihr Kontingent dafür ausreicht.
- In der Dokumentation zu Projektlimits erfahren Sie, wie viele Projekte standardmäßig erstellt werden können und wie Sie Erhöhungen auf dieses Limit anfordern können.