Skip to main content
Platform-provided resource. Datum operates this resource; you typically reference or read it rather than create it. See Platform resources.
API resource reference for ServiceConsumer, part of the platform service catalog. See Platform resources for the full catalog. To create or change one, see Changing resources; to inspect, see Reading resources.
This resource is part of the v1alpha1 API and is subject to change. Fields and behavior may change in future releases.

Identity

Groupservices.miloapis.com
Versionv1alpha1
KindServiceConsumer
ScopePlatform

Overview

A ServiceConsumer is the record that links a consumer project to a service it has requested access to. The services controller creates one ServiceConsumer in the provider project’s control plane for every active or pending service entitlement, so providers never create these directly. Instead, providers use this resource to act on access requests for GatedByProvider services: they write the spec.approval field to approve or deny a request. The controller reflects the outcome in the status, tracking whether the consumer record is pending approval, active, or denied.

Spec fields

FieldTypeRequiredDescription
spec.consumerProjectRefObjectYesIdentifies the consumer project that requested access to the service.
spec.consumerProjectRef.namestringYesName of the consumer project.
spec.serviceRefObjectYesIdentifies the Service this consumer record is associated with.
spec.serviceRef.namestringYesName of the referenced Service.
spec.approvalObjectNoThe provider’s decision for GatedByProvider services. The controller creates the object; the provider writes only this field.
spec.approval.decisionstringNoThe provider’s approval or denial of the consumer request. Required when spec.approval is set.
spec.approval.messagestringNoAn optional human-readable explanation of the decision.

Status fields (read-only)

FieldTypeDescription
status.phasestringController-observed lifecycle state of the consumer record: PendingApproval, Active, or Denied.
status.serviceNamestringThe canonical service identifier (e.g. compute.datumapis.com) resolved from spec.serviceRef and set by the controller.
status.entitledAtstringThe time at which this consumer record became Active.
status.conditions[]ObjectLatest available observations of the consumer record’s state.
status.observedGenerationintegerThe most recent generation observed by the controller.

Usage

Because the controller creates the ServiceConsumer, providers typically edit an existing record to record an approval decision rather than applying a new one:
apiVersion: services.miloapis.com/v1alpha1
kind: ServiceConsumer
metadata:
  name: acme-compute-consumer
spec:
  consumerProjectRef:
    name: acme-project
  serviceRef:
    name: compute
  approval:
    decision: Approved
    message: Approved for production compute access.
datumctl apply -f serviceconsumer.yaml
datumctl get serviceconsumers
datumctl describe serviceconsumer acme-compute-consumer
Run datumctl explain serviceconsumers --recursive to see the full, live field tree for this resource.
Last modified on July 2, 2026