3 new projects suddenly appeared in my Google Cloud. I don't know where they came from, and I can't delete them.
Following the delete instructions: https://cloud.google.com/go/getting-started#delete-the-project
When I select each of the projects to delete, the delete button disables, and shows the float over message:
You need permissions for this action.
Required permission(s): resourcemanager.projects.delete
All my other projects are fine, and I can delete them.
The three new projects that suddenly appeared are:
My Project 64342 brave-watch-314519
My Project 82497 beaming-light-336511
You can see this project you-can-see-this-project
Screenshot:
How do I give myself permission to delete them?
Note 1: I am the only owner/user of this Google Cloud account.
Note 2: I also tried going to IAM -> Roles, but got the error:
Many thanks.
It seems to be a known issue with GCP. Leaving “Google Groups” related to GCP is a fix to this issue. You can track this Public Issue for more information.
You might have been added into a project through a group, so it appears in the project list. However, you have not been granted permission to modify the IAM of that project, so you can't remove the group from the permission list.
As a workaround, you can leave "Google Groups" related to GCP and reload the GCP console webpage so that all your unknown/inaccessible projects will disappear from the projects list. You can find what groups you're a member of, using this Google Groups link.
NOTE : You can leave the groups in order to lose the access, but there could be a situation where your email is added to a single role/permission and you would not be able to remove yourself from the IAM list.
Related
I am trying to delete a GCP project.
Now, it used to have a Google Assistant integration (~ 3 years ago) but now I don't need it anymore and I want to delete it.
When I try to delete the project -> it tells me it can't because it's liked to a Dataflow agent. It provides me with a link but when I follow it, there are no agents listed there. I browsed all available regions, but no agents are listed.
I went to Actions from GCP console, but I can't delete the Actions project either (same reason). When I go to my defined action, I am prompted to migrate to Actions Builder (but I get a generic error trying to do that). In any case, if I try to edit my action in Dataflow, it takes me to the same homepage which prompts me to create an agent - as it doesn't list any.
So I'm stumped - I can't delete my project because of an existing Dataflow agent but Dataflow doesn't list any agents in any region.
Can anyone with Dataflow/GCP experience provide any insight into anything I may try ? Thanks!
There are mainly two possible situations for the issue Failing to delete GCP project due to non-existent DialogFlow agent:
The agent has been deleted, but the lien was not deleted.
The agent was not deleted.
You can follow the steps below to solve the issue:
Delete the agents associated with the project and try again to delete the project. If this does not solve the issue then follow step2.
Even though you deleted the agent, the lien used by the agent is not deleted. Run this CLI command gcloud alpha resource-manager liens list to list liens and then run the gcloud alpha resource-manager liens delete LIEN_NAME command then you can try again to delete the project. For more information, you can refer to the google cloud documentation. If this does not solve the issue then follow step3.
Deactivate the Dialogflow API from the GCP console: Open APIs & Services dashboard then click on Dialogflow API then click on Disable API. After disabling the Dialogflow API, try again to delete the project.
I'm a newbie in GCP. Actually, I have 2 projects on this list, but just one is visible. How can I find the second?
I am sure to choose the right organization. And the second project is not deleted because my web has been running without any error.
Thank you all.
This is my project list in GCP
Try selecting "No organization" in the dropdown alongside "Select from".
It's confusing but, you can have projects that aren't associated with an organization. It's probable that your other project is thus.
If the project is not listed under "No organization", then another probability is that you used a different Google account (possibly also associated with another organization) to create it.
Note: Because projects are always associated with IAM policies that determine which accounts can access them, it's possible for different projects to be listed under "No organization" for different (Google) accounts.
I was playing around with terraform to create an infrastructure for a couple of services on GCP. GCP organises all the infra in so called projects. I specified a project_id incrorrectly in terraform files(actually I set project_id to already existing in my GCP, but ptoject name was different). Terraform in plan phase was successful, but after apply it failed. Then I executed terraform destroy, set correct project_id(and name), executed terraform apply again, this time successfully. But when I opened the GCP console I saw that actually 2 projects were created in project list(one with correct name and id and another with some random name: smth like My Project 1234 as name and beaming-light-546562 as id). And now gcloud projects list command shows 3 projects(this random one, correct one and previously existing one).
The problem is that I can't remove that "random" project, neither from gcloud utility nor from gcp console. I get an error
<myuser_mail_address> does not have permission to access projects instance or poject doesn't exist
Also that random project is not linked to my billing account.
How can I remove that "random" project
EDIT
It seems strange that the project with id beaming-light-546562 can't be removed by me(the owner of an account) with reasons that I do not have permissions to do that. Also the name of an id: it is similar to technic docker is using for generating names of running containers. I do not recall that terraform has such a feature. Could it be gcp itself who generates such random names?
I tried to recreate the error i.e, I created a sample project(via console) and deleted the same sample project in cloud shell using this command
gcloud projects delete <project ID> and again tried to delete the same sample project in cloud shell and got this error message:
You can cross verify if the reason listed in the image i.e PROJECT_DELETE_INACTIVE is present in the output of your gcloud projects delete <project ID> command.This means that the project is inactive and the project becomes inactive when it's deleted.
From this document :
The project takes approximately 30-days for complete deletion, At the end of the 30-day period, the project and all its resources are deleted and cannot be recovered.
Edit:
It seems to be a known issue with GCP. Leaving “Google Groups” related to GCP is a fix to this issue. You can track this Public Issue for more information.
You might have been added into a project through a group, so it appears in the project list. However, you have not been granted permission to modify the IAM of that project, so you can't remove the group from the permission list.
As a workaround, you can leave "Google Groups" related to GCP and reload the GCP console webpage so that all your unknown/inaccessible projects will disappear from the projects list. You can find what groups you're a member of, using this Google Groups link.
NOTE : You can leave the groups in order to lose the access, but there could be a situation where your email is added to a single role/permission and you would not be able to remove yourself from the IAM list.
Our organization uses Google Cloud APIs for integrating Maps and other services in a number of websites.
We have often used the same API key, without creating a distinct Google Cloud project (and credentials) for each website/project.
We are trying to better organize our API usage, but we are facing an issue.
While we can consult the reports of our Billing account and see the quota for the unique API project used for every implementation, we cannot see and manage this project (it does not appear in the list) even though it seems to belong to the same organization. (EDIT: I am not sure that the organization id is the same, but the name of the organizazion appears as a prefix to the project name in the billing reports)
This project has been created years ago (and the person that created it appears not to have access to it either), but we need to access it to get a clear understanding of where and how APIs are used.
The connected APIs are still in use and working, so we assume the project exists.
Can someone point out the possible reasons why a project is not shown even though it belongs to an organization for which we have access as administrators?
Thank you in advance
In order to see a project in lists, you need the resourcemanager.projects.list IAM permission on the project and to get it's metadata, the resourcemanager.projects.get permission.
How did you find that it has the same organizationId? If you managed to get the metadata via gcloud projects describe, you are likely missing the list permission.
In any case, if the project is indeed part of the organization, an org admin should be able to use gcloud projects add-iam-policy-binding to add a new owner/editor.
There is a special case with Apps Scripts: Those create a hidden project.
If all fails, reach out to GCP Support. Keep in mind though that they will not be able to help you if the project is not within your organization (eg. created with an unrelated gmail.com account or similar)
I have project OWNER right, but can not remove image from console,
Delete is disabled and there is tag "you do not have pemission to delete this image".
By gcloud everithing works.
I remove buckets - _cloudbuild and artifacts.appspot.com but it was restored after first image build.
How can i resolve this situation?
If everything works correctly using gcloud means that the GCP API is not the issue. Maybe is a glitch in the console.
First ensure that your Cloud Console session corresponds to the user with owner permissions (could be that you've sign up in gcloud with a different account).
If that is correct, I'd file a support request or create an issue tracker case.
This seems like a case that needs to be addressed by the GCP team and StackOverflow is not the best channel to get support for that.
Hope that helps.
According to Google's notice:
Project owners and editors are currently unable to edit tags or delete
images in the Container Registry UI. The workarounds are to either use
the command line or grant the Storage Object Viewer IAM role. A fix is
expected by December 5th.
I'll put the link to the docs, so that other people know what to do until the issue is fixed:
I use this command to delete images while the Console does not work:
gcloud container images delete [HOSTNAME]/[PROJECT-ID]/[IMAGE]:[TAG] --force-delete-tags