Service Consumer Management API スタートガイド

このページでは、Service Consumer Management API の使用を開始する前に完了しておく必要がある手順について説明します。このページは、Google Cloud プロジェクトがすでに存在し、そのプロジェクトにマネージド サービスCloud Endpoints を使用して作成されたマネージド サービスなど)が含まれていることと、読者がテナンシー ユニットについて理解していることを前提としています。

Activating the service

While the Service Consumer Management API helps you to manage the usage of your own managed services, it is also a service itself. Therefore, before you can use it, you must activate the Service Consumer Management API for the Google Cloud project that hosts your managed service. This project is known as a service producer project.

The simplest way to enable the Service Consumer Management API for your service producer project is to use the Google Cloud console. Alternatively, you can enable it from the command line or programmatically. You can find out more in Enabling and Disabling Services.

Setting permissions

After the Service Consumer Management API is enabled for your service producer project, you must create your own service identity and grant it permissions on your resources so that it can create tenant projects in your folders and set up the correct billing account on tenant projects. These actions are executed by a service account owned by the Service Consumer Management API, which is specified in the following format:

service-PROJECT_NUMBER@service-consumer-management.iam.gserviceaccount.com

where PROJECT_NUMBER is the project number for your service producer project that activated the Service Consumer Management service.

The remainder of this guide uses GCM_SA to represent the Service Consumer Management API service account.

You can use the following commands to generate the service identity.

  1. Login with your user account.
gcloud auth login
  1. Generate the service identity.
gcloud beta services identity create --service=serviceconsumermanagement.googleapis.com --project=PROJECT_ID

Setting folder permissions

  1. Ensure that you have a folder for holding your tenant projects: you'll need to have an Organization to create folders within your service producer project. If you don’t have a folder, follow the instructions in Creating and Managing Folders to create one. Your folder will have an integer based FOLDER_ID.

  2. On your folder, assign the Project Creator/Deleter role to the Service Consumer Management API service account. Follow the instructions in Configuring Access to Folders to add the Project Creator and Project Deleter role, using GCM_SA as the user.

Setting billing account permissions

  1. Ensure that you have a billing account that can be shared for tenant projects. If you don't have a billing account, see Create, Modify, or Close a Billing Account for instructions to create one.

  2. Follow the instructions to add the Billing Account User role to GCM_SA.

リソース要件

  • ユーザーの代わりに Service Consumer Management API がテナント プロジェクトを作成するので、テナント プロジェクトを作成できる十分な割り当てがあることを確認してください。
  • デフォルトで作成できるプロジェクトの数を確認し、その上限までの引き上げをリクエストする方法については、プロジェクトの上限に関するドキュメントをご覧ください。