Open viglesiasce opened 4 years ago
I think the service accounts that are going stale are getting missed by the destroy script. From what I have seen so far the service accounts in question are:
gitlab-gcs tf-sa-dev-us-central1 tf-sa-staging-us-central1 tf-sa-prod-us-central1 tf-sa-prod-us-east1
As a work around remove all the permissions from the service account and re-add the permissions.
Slight clarification.
The service accounts get deleted as desired, however, the IAM permissions are not removed by the destroy script.
@henrybell can you take a look at this while you finish up the "delete" app features?
👍 Will pick this up once the PR for Cloud Endpoints DNS is in -- my day job has been keeping me busy recently!
Due to the following caveat in IAM: https://cloud.google.com/iam/docs/understanding-service-accounts#deleting_and_recreating_service_accounts
We should instead create a unique name for the service accounts used in the solution.