This functionality in project_cleanup attempts to delete tags without removing their association. This fails if the tag is associated with any existing or deleted resources.
Expected behavior
When the cleanup function is referenced with clean_up_org_level_tag_keys set to true, it should be able to delete tag keys and values.
Observed behavior
The delete method fails when tags still have a resource association. This occurs even when the associated resource has been deleted.
ERROR 2024-06-04T14:18:26.666958Z [protoPayload.serviceName: cloudresourcemanager.googleapis.com] [protoPayload.methodName: google.cloud.resourcemanager.v3.TagValues.DeleteTagValue] [protoPayload.resourceName: tagValues/281484311440934] [protoPayload.authenticationInfo.principalEmail: project-cleaner-function@cft-project-manager-e86e.iam.gserviceaccount.com] Cannot delete tag value, tagValues/281484311440934, because it is still attached to resources in 'global' region. To delete this tag value, remove all holds and then remove it from all resources. At least one binding was found to an active or deleted resource in the 'global' region.
apeabody
commented
1 month ago
TL;DR
https://github.com/terraform-google-modules/terraform-google-scheduled-function/blob/cb74689a8e8ed39bf82f0e4c74744692fa10eee4/modules/project_cleanup/function_source/main.go#L522
This functionality in project_cleanup attempts to delete tags without removing their association. This fails if the tag is associated with any existing or deleted resources.
Expected behavior
When the cleanup function is referenced with
clean_up_org_level_tag_keysset to true, it should be able to delete tag keys and values.Observed behavior
The delete method fails when tags still have a resource association. This occurs even when the associated resource has been deleted.
Terraform Configuration
Terraform Version
Additional information
No response