Platform-provided resource. Datum operates this resource; you typically reference or read it rather than create it. See Platform resources.
This resource is part of the v1alpha1 API and is subject to change. Fields and behavior may change in future releases.
Identity
| |
|---|
| Group | services.miloapis.com |
| Version | v1alpha1 |
| Kind | ServiceConsumer |
| Scope | Platform |
Overview
A ServiceConsumer is the record that links a consumer project to a service it has requested access to. The services controller creates one ServiceConsumer in the provider project’s control plane for every active or pending service entitlement, so providers never create these directly.
Instead, providers use this resource to act on access requests for GatedByProvider services: they write the spec.approval field to approve or deny a request. The controller reflects the outcome in the status, tracking whether the consumer record is pending approval, active, or denied.
Spec fields
| Field | Type | Required | Description |
|---|
spec.consumerProjectRef | Object | Yes | Identifies the consumer project that requested access to the service. |
spec.consumerProjectRef.name | string | Yes | Name of the consumer project. |
spec.serviceRef | Object | Yes | Identifies the Service this consumer record is associated with. |
spec.serviceRef.name | string | Yes | Name of the referenced Service. |
spec.approval | Object | No | The provider’s decision for GatedByProvider services. The controller creates the object; the provider writes only this field. |
spec.approval.decision | string | No | The provider’s approval or denial of the consumer request. Required when spec.approval is set. |
spec.approval.message | string | No | An optional human-readable explanation of the decision. |
Status fields (read-only)
| Field | Type | Description |
|---|
status.phase | string | Controller-observed lifecycle state of the consumer record: PendingApproval, Active, or Denied. |
status.serviceName | string | The canonical service identifier (e.g. compute.datumapis.com) resolved from spec.serviceRef and set by the controller. |
status.entitledAt | string | The time at which this consumer record became Active. |
status.conditions | []Object | Latest available observations of the consumer record’s state. |
status.observedGeneration | integer | The most recent generation observed by the controller. |
Usage
Because the controller creates the ServiceConsumer, providers typically edit an existing record to record an approval decision rather than applying a new one:
apiVersion: services.miloapis.com/v1alpha1
kind: ServiceConsumer
metadata:
name: acme-compute-consumer
spec:
consumerProjectRef:
name: acme-project
serviceRef:
name: compute
approval:
decision: Approved
message: Approved for production compute access.
datumctl apply -f serviceconsumer.yaml
datumctl get serviceconsumers
datumctl describe serviceconsumer acme-compute-consumer
Run datumctl explain serviceconsumers --recursive to see the full, live field tree for this resource.