Open in app

Sign in

Write

Sign in

Protect from Delete GCP project

NIRAV SHAH
2 min readJun 25, 2021

Well, it’s simple command does the delete project. That can be catastrophic if you have wrongly typed project name. Well, Google helps you to recover/ undelete project for a month of timeframe. That too can be prevented with help of Lien. Let’s learn about same.

Delete Project Basic Command

Below is the simple command does the project delete on GCP.

gcloud projects delete one-click-tbd
Your project will be deleted.Do you want to continue (Y/n)?  YDeleted [https://cloudresourcemanager.googleapis.com/v1/projects/one-click-tbd].You can undo this operation for a limited period by running the command below.
    $ gcloud projects undelete one-click-tbdSee https://cloud.google.com/resource-manager/docs/creating-managing-projects for information on shutting down projects.

Setup LEIN for project

Below is the simple command does the project delete on GCP.

gcloud alpha resource-manager liens create \
  --restrictions=resourcemanager.projects.delete \
  --reason="Super important production system"Check that is applied:
gcloud alpha resource-manager liens listNAME                                                ORIGIN                    REASON
p151505267786-la6de8a11-573d-4724-8219-ed5a8669d2d2  user@companydomain.com  Super important production system

Error while Project deletion as LIEN created

Now try removing project it will throw error.

gcloud projects delete one-click-not-tobedeleted 
Your project will be deleted.Do you want to continue (Y/n)?  YERROR: (gcloud.projects.delete) FAILED_PRECONDITION: Precondition check failed.
- '@type': type.googleapis.com/google.rpc.PreconditionFailure
  violations:
  - description: A lien to prevent deletion was placed on the project by [xpn.googleapis.com].
      Remove the lien to allow deletion.
    subject: liens/p151505267786-la6de8a11-573d-4724-8219-ed5a8669d2d2
    type: LIEN
- '@type': type.googleapis.com/google.rpc.Help
  links:
  - description: Troubleshooting project deletion
    url: https://cloud.google.com/resource-manager/docs/troubleshooting-project-deletion
- '@type': type.googleapis.com/google.rpc.ErrorInfo
  domain: cloudresourcemanager.googleapis.com
  reason: PROJECT_DELETE_LIEN

Reference

Troubleshooting project deletion | Resource Manager Documentation

"type": "thumb-down", "id": "hardToUnderstand", "label":"Hard to understand" },{ "type": "thumb-down", "id"…

cloud.google.com

Protecting projects from accidental deletion with liens

"type": "thumb-down", "id": "hardToUnderstand", "label":"Hard to understand" },{ "type": "thumb-down", "id"…

cloud.google.com

Gcp
Projects
Security
Protection

--

--

NIRAV SHAH

Written by NIRAV SHAH

89 Followers

Working as Cloud Architect & Software enthusiastic

Help

Status

About

Careers

Blog

Privacy

Terms

Text to speech

Teams