Skip to content

Instantly share code, notes, and snippets.

@pbrumblay

pbrumblay/delete-gcp-tag-bindings-values-keys.md

Last active May 22, 2024 15:17
Show Gist options
  • Save pbrumblay/95cbb9373aabb66efd9f3898c831ee09 to your computer and use it in GitHub Desktop.
Save pbrumblay/95cbb9373aabb66efd9f3898c831ee09 to your computer and use it in GitHub Desktop.
Download ZIP
Delete GCP security tag bindings, values and keys using gcloud
Raw
delete-gcp-tag-bindings-values-keys.md

use asset inventory to list bindings

gcloud asset list --organization $ORG_ID --asset-types cloudresourcemanager.googleapis.com/TagBinding

Ouput like the following:

---
ancestors:
- folders/111
- organizations/999
assetType: cloudresourcemanager.googleapis.com/TagBinding
name: //cloudresourcemanager.googleapis.com/tagBindings/%2F%2Fcloudresourcemanager.googleapis.com%2Ffolders%2F111/tagValues/222
updateTime: '2024-05-16T01:15:55.359Z'
---
ancestors:
- folders/111
- organizations/999
assetType: cloudresourcemanager.googleapis.com/TagBinding
name: //cloudresourcemanager.googleapis.com/tagBindings/%2F%2Fcloudresourcemanager.googleapis.com%2Ffolders%2F111/tagValues/333
updateTime: '2024-05-16T01:15:55.359Z'

Delete a binding

gcloud resource-manager tags bindings delete --tag-value=tagValues/222 --parent="//cloudresourcemanager.googleapis.com/folders/111"

List tag values

gcloud asset list --organization $ORG_ID --asset-types cloudresourcemanager.googleapis.com/TagValue

Delete a tag value

gcloud resource-manager tags values delete tagValues/222

List tag keys

gcloud asset list --organization $ORG_ID --asset-types cloudresourcemanager.googleapis.com/TagKey

Delete a tag key

gcloud resource-manager tags keys delete tagKeys/888

Note: asset inventory calls are eventually consistent so delete ops may not be reflected in gcloud asset list output immediately.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment