Status Update
No update yet.
Comments
ka...@google.com
ma...@google.com
Hello,
Thank you for reaching out to us with your request.
We have duly noted your feedback and will thoroughly validate it. While we cannot provide an estimated time of implementation or guarantee the fulfillment of the issue, please be assured that your input is highly valued. Your feedback enables us to enhance our products and services.
We appreciate your continued trust and support in improving our Google Cloud Platform products. In case you want to report a new issue, Please do not hesitate to create a new issue on the
Once again, we sincerely appreciate your valuable feedback. Thank you for your understanding and collaboration.
Thanks & Regards,
Ashalatha
Google Cloud Support
Description
When an identity is removed be it service account (or) user identity, the VPC security perimeter doesn't detect and remove them. In case of IAM, google adds a prefix 'deleted:' and further IAM policy binding update doesn't fail. Whereas, when we update the perimeter policy that has a deleted identity, the update operation fails with below error
The email address '[ServiceAccountID]@[projectID].
What you expected to happen:
Should follow the same behavior as IAM policy binding. ie google should add a prefix 'deleted:' and allow update operations. There are identities that are not managed by project owners or shared by third party (GCP project). We cannot monitor and delete such identities. Only Google can do this for us.
Steps to reproduce:
1. Create a perimeter with two or more identities in ingress policy.
2. Delete an identity in respective project or gsuite.
3. update the perimeter with a new identity
4. you would notice the error message as mentioned.
gcloud access-context-manager perimeters update [PERIMETER_NAME] \
--policy=[POLICY_NO] \
--set-ingress-policies=ingressPolicy.yaml
ERROR: (gcloud.access-context-manager.perimeters.update) INVALID_ARGUMENT: The email address 'svc-test-perimeter@PROJECTID.iam.gserviceaccount.com' is invalid or non-existent.