tenancy_units
Creates, updates, deletes, gets or lists a tenancy_units resource.
Overview
| Name | tenancy_units |
| Type | Resource |
| Id | google.serviceconsumermanagement.tenancy_units |
Fields
The following fields are returned by SELECT queries:
- list
Successful response
| Name | Datatype | Description |
|---|---|---|
name | string | Globally unique identifier of this tenancy unit "services/{service}/{collection id}/{resource id}/tenancyUnits/{unit}" |
consumer | string | Output only. @OutputOnly Cloud resource name of the consumer of this service. For example 'projects/123456'. |
createTime | string (google-datetime) | Output only. @OutputOnly The time this tenancy unit was created. |
service | string | Output only. Google Cloud API name of the managed service owning this tenancy unit. For example 'serviceconsumermanagement.googleapis.com'. |
tenantResources | array | Resources constituting the tenancy unit. There can be at most 512 tenant resources in a tenancy unit. |
Methods
The following methods are available for this resource:
| Name | Accessible by | Required Params | Optional Params | Description |
|---|---|---|---|---|
list | select | servicesId, servicesId1, servicesId2 | pageSize, pageToken, filter | Find the tenancy unit for a managed service and service consumer. This method shouldn't be used in a service producer's runtime path, for example to find the tenant project number when creating VMs. Service producers must persist the tenant project's information after the project is created. |
create | insert | servicesId, servicesId1, servicesId2 | Creates a tenancy unit with no tenant resources. If tenancy unit already exists, it will be returned, however, in this case, returned TenancyUnit does not have tenant_resources field set and ListTenancyUnits has to be used to get a complete TenancyUnit with all fields populated. | |
delete | delete | servicesId, servicesId1, servicesId2, tenancyUnitsId | Delete a tenancy unit. Before you delete the tenancy unit, there should be no tenant resources in it that aren't in a DELETED state. Operation. | |
apply_project_config | exec | servicesId, servicesId1, servicesId2, tenancyUnitsId | Apply a configuration to an existing tenant project. This project must exist in an active state and have the original owner account. The caller must have permission to add a project to the given tenancy unit. The configuration is applied, but any existing settings on the project aren't modified. Specified policy bindings are applied. Existing bindings aren't modified. Specified services are activated. No service is deactivated. If specified, new billing configuration is applied. Omit a billing configuration to keep the existing one. A service account in the project is created if previously non existed. Specified labels will be appended to tenant project, note that the value of existing label key will be updated if the same label key is requested. The specified folder is ignored, as moving a tenant project to a different folder isn't supported. The operation fails if any of the steps fail, but no rollback of already applied configuration changes is attempted. Operation. | |
attach_project | exec | servicesId, servicesId1, servicesId2, tenancyUnitsId | Attach an existing project to the tenancy unit as a new tenant resource. The project could either be the tenant project reserved by calling AddTenantProject under a tenancy unit of a service producer's project of a managed service, or from a separate project. The caller is checked against a set of permissions as if calling AddTenantProject on the same service consumer. To trigger the attachment, the targeted tenant project must be in a folder. Make sure the ServiceConsumerManagement service account is the owner of that project. These two requirements are already met if the project is reserved by calling AddTenantProject. Operation. | |
undelete_project | exec | servicesId, servicesId1, servicesId2, tenancyUnitsId | Attempts to undelete a previously deleted tenant project. The project must be in a DELETED state. There are no guarantees that an undeleted project will be in a fully restored and functional state. Call the ApplyTenantProjectConfig method to update its configuration and then validate all managed service resources. Operation. |
Parameters
Parameters can be passed in the WHERE clause of a query. Check the Methods section to see which parameters are required or optional for each operation.
| Name | Datatype | Description |
|---|---|---|
servicesId | string | |
servicesId1 | string | |
servicesId2 | string | |
tenancyUnitsId | string | |
filter | string | |
pageSize | integer (int32) | |
pageToken | string |
SELECT examples
- list
Find the tenancy unit for a managed service and service consumer. This method shouldn't be used in a service producer's runtime path, for example to find the tenant project number when creating VMs. Service producers must persist the tenant project's information after the project is created.
SELECT
name,
consumer,
createTime,
service,
tenantResources
FROM google.serviceconsumermanagement.tenancy_units
WHERE servicesId = '{{ servicesId }}' -- required
AND servicesId1 = '{{ servicesId1 }}' -- required
AND servicesId2 = '{{ servicesId2 }}' -- required
AND pageSize = '{{ pageSize }}'
AND pageToken = '{{ pageToken }}'
AND filter = '{{ filter }}';
INSERT examples
- create
- Manifest
Creates a tenancy unit with no tenant resources. If tenancy unit already exists, it will be returned, however, in this case, returned TenancyUnit does not have tenant_resources field set and ListTenancyUnits has to be used to get a complete TenancyUnit with all fields populated.
INSERT INTO google.serviceconsumermanagement.tenancy_units (
data__tenancyUnitId,
servicesId,
servicesId1,
servicesId2
)
SELECT
'{{ tenancyUnitId }}',
'{{ servicesId }}',
'{{ servicesId1 }}',
'{{ servicesId2 }}'
RETURNING
name,
consumer,
createTime,
service,
tenantResources
;
# Description fields are for documentation purposes
- name: tenancy_units
props:
- name: servicesId
value: string
description: Required parameter for the tenancy_units resource.
- name: servicesId1
value: string
description: Required parameter for the tenancy_units resource.
- name: servicesId2
value: string
description: Required parameter for the tenancy_units resource.
- name: tenancyUnitId
value: string
description: >
Optional. Optional service producer-provided identifier of the tenancy unit. Must be no longer than 40 characters and preferably URI friendly. If it isn't provided, a UID for the tenancy unit is automatically generated. The identifier must be unique across a managed service. If the tenancy unit already exists for the managed service and service consumer pair, calling `CreateTenancyUnit` returns the existing tenancy unit if the provided identifier is identical or empty, otherwise the call fails.
DELETE examples
- delete
Delete a tenancy unit. Before you delete the tenancy unit, there should be no tenant resources in it that aren't in a DELETED state. Operation.
DELETE FROM google.serviceconsumermanagement.tenancy_units
WHERE servicesId = '{{ servicesId }}' --required
AND servicesId1 = '{{ servicesId1 }}' --required
AND servicesId2 = '{{ servicesId2 }}' --required
AND tenancyUnitsId = '{{ tenancyUnitsId }}' --required;
Lifecycle Methods
- apply_project_config
- attach_project
- undelete_project
Apply a configuration to an existing tenant project. This project must exist in an active state and have the original owner account. The caller must have permission to add a project to the given tenancy unit. The configuration is applied, but any existing settings on the project aren't modified. Specified policy bindings are applied. Existing bindings aren't modified. Specified services are activated. No service is deactivated. If specified, new billing configuration is applied. Omit a billing configuration to keep the existing one. A service account in the project is created if previously non existed. Specified labels will be appended to tenant project, note that the value of existing label key will be updated if the same label key is requested. The specified folder is ignored, as moving a tenant project to a different folder isn't supported. The operation fails if any of the steps fail, but no rollback of already applied configuration changes is attempted. Operation.
EXEC google.serviceconsumermanagement.tenancy_units.apply_project_config
@servicesId='{{ servicesId }}' --required,
@servicesId1='{{ servicesId1 }}' --required,
@servicesId2='{{ servicesId2 }}' --required,
@tenancyUnitsId='{{ tenancyUnitsId }}' --required
@@json=
'{
"projectConfig": "{{ projectConfig }}",
"tag": "{{ tag }}"
}';
Attach an existing project to the tenancy unit as a new tenant resource. The project could either be the tenant project reserved by calling AddTenantProject under a tenancy unit of a service producer's project of a managed service, or from a separate project. The caller is checked against a set of permissions as if calling AddTenantProject on the same service consumer. To trigger the attachment, the targeted tenant project must be in a folder. Make sure the ServiceConsumerManagement service account is the owner of that project. These two requirements are already met if the project is reserved by calling AddTenantProject. Operation.
EXEC google.serviceconsumermanagement.tenancy_units.attach_project
@servicesId='{{ servicesId }}' --required,
@servicesId1='{{ servicesId1 }}' --required,
@servicesId2='{{ servicesId2 }}' --required,
@tenancyUnitsId='{{ tenancyUnitsId }}' --required
@@json=
'{
"reservedResource": "{{ reservedResource }}",
"externalResource": "{{ externalResource }}",
"tag": "{{ tag }}"
}';
Attempts to undelete a previously deleted tenant project. The project must be in a DELETED state. There are no guarantees that an undeleted project will be in a fully restored and functional state. Call the ApplyTenantProjectConfig method to update its configuration and then validate all managed service resources. Operation.
EXEC google.serviceconsumermanagement.tenancy_units.undelete_project
@servicesId='{{ servicesId }}' --required,
@servicesId1='{{ servicesId1 }}' --required,
@servicesId2='{{ servicesId2 }}' --required,
@tenancyUnitsId='{{ tenancyUnitsId }}' --required
@@json=
'{
"tag": "{{ tag }}"
}';