This structure defines a tenant project to be added to the specified tenancy unit and its initial configuration and properties. A project lien is created for the tenant project to prevent the tenant project from being deleted accidentally. The lien is deleted as part of tenant project removal.
JSON representation | |
---|---|
{ "folder": string, "tenantProjectPolicy": { object ( |
Fields | |
---|---|
folder |
Folder where project in this tenancy unit must be located This folder must have been previously created with the required permissions for the caller to create and configure a project in it. Valid folder resource names have the format |
tenantProjectPolicy |
Describes ownership and policies for the new tenant project. Required. |
labels |
Labels that are applied to this project. An object containing a list of |
services[] |
Google Cloud API names of services that are activated on this project during provisioning. If any of these services can't be activated, the request fails. For example: 'compute.googleapis.com','cloudfunctions.googleapis.com' |
billingConfig |
Billing account properties. The billing account must be specified. |
serviceAccountConfig |
Configuration for the IAM service account on the tenant project. |
TenantProjectPolicy
Describes policy settings that need to be applied to a newly created tenant project.
JSON representation | |
---|---|
{
"policyBindings": [
{
object ( |
Fields | |
---|---|
policyBindings[] |
Policy bindings to be applied to the tenant project, in addition to the 'roles/owner' role granted to the Service Consumer Management service account. At least one binding must have the role |
PolicyBinding
Translates to IAM Policy bindings (without auditing at this level)
JSON representation | |
---|---|
{ "role": string, "members": [ string ] } |
Fields | |
---|---|
role |
Role. (https://cloud.google.com/iam/docs/understanding-roles) For example, |
members[] |
Uses the same format as in IAM policy. |
BillingConfig
Describes the billing configuration for a new tenant project.
JSON representation | |
---|---|
{ "billingAccount": string } |
Fields | |
---|---|
billingAccount |
Name of the billing account. For example |
ServiceAccountConfig
Describes the service account configuration for the tenant project.
JSON representation | |
---|---|
{ "accountId": string, "tenantProjectRoles": [ string ] } |
Fields | |
---|---|
accountId |
ID of the IAM service account to be created in tenant project. The email format of the service account is " |
tenantProjectRoles[] |
Roles for the associated service account for the tenant project. |