Project attributes
A project has 3 main attributes:
- Name: chosen by the user at the moment of the creation, doesn't have to be unique. It can be changed after creation.
- ID: chosen by the user at the moment of the creation, must be unique.
- Number: automatically generated by Google, it's unique.
Don't include sensitive data in the project attributes.
A project ID has the following requirements:
Must be 6 to 30 characters in length.
Can only contain lowercase letters, numbers, and hyphens.
Must start with a letter.
Cannot end with a hyphen.
Cannot be in use or previously used; this includes deleted projects.
Cannot contain restricted strings, such as google, null, undefined, and ssl.
When a project is created, the creator is granted the owner role by default.
A project can be created via console, CLI and API.
CLI: gcloud projects create PROJECT_ID
On the cloud shell or local shell having installed the gcloud CLI.
API: projects.create() method
Tags on project creation are available but not yet fully launched and might have limited support.
More on hierarchy
Projects can be at the top of the hierarchy (without any organization or folder) if created by free trial or tier users.
While IAM (Identity Access Management) focuses on who can do something on an specific resource, Organization Policy focuses on restrictions to specific resources such as folders or projects, or even the entire organization node.
Organization policies can be used to define constraints on specific resources and limit the enforcement of those constraints to others.
There are predefined organization policies but the administrator can also create custom ones. A custom policy can override the default inheritance.
Constraints
Defines what behaviors are controlled. It'll always be a list or a boolean.
- List: lists allowed or denied values provided by the adm.
- Boolean: enforced or not enforced for a resource. Tags can be used to define if a constraint will be enforced to a determined resource associated to that tag.
Violations
When a service acts counter to the organization policy.
New policies are usually not retroactive.
Services in violation will not be shut down and continue their original behavior until the violation is resolved manually.
Top comments (0)