CODEWITHSUNDEEP
google-cloud-platformclouddialogflow-es
Bash
Bash

Reputation: 47

How to recover GCP project service account

I ignorantly deleted the service account to my GCP project rather than the service account to Google Calendar API and Dialogflow service account.

I'm now having issues trying to deploy my dialogflow agent through the inline code editor to Cloud Functions. When I check the logs, I get this message:

2020-07-30 15:48:40.350 WAT
Dialogflow API
CreateCloudFunction
us-central1
[email protected]
userFacingMessage: 
Default service account '[email protected]' doesn't exist. 
Please recreate this account (for example by disabling and enabling the Cloud Functions API),
or specify a different account.;
com.google.cloud.eventprocessing.manager.api.error.DefaultServiceAccountDoesNotExistException: userFacingMessage:
Default service account '[email protected]' doesn't exist. Please recreate this account (for example by disabling and enabling the Cloud Functions API), or specify a different account.; Code: FAILED_PRECONDITION com.google.apps.framework.request.StatusException: <eye3 title='FAILED_PRECONDITION'/> generic::FAILED_PRECONDITION: userFacingMessage:
Default service account '[email protected]' doesn't exist. 
Please recreate this account (for example by disabling and enabling the Cloud Functions API), or specify a different account.; com.google.cloud.eventprocessing.manager.api.error.DefaultServiceAccountDoesNotExistException: userFacingMessage: 
Default service account '[email protected]' doesn't exist. Please recreate this account (for example by disabling and enabling the Cloud Functions API), or specify a different account.; Code: FAILED_PRECONDITION

Is it possible to retrieve back the service account or am I getting these errors as a result of a different problem?

Upvotes: 0

Views: 1648

Answers (2)

ofundefined
ofundefined

Reputation: 3309

Recover App Engine or any deleted service account

You can undelete service accounts. You will need the service account's unique ID. If you don't have it, you can find it on Google Cloud Logging.

You can find Logging service here on the side menu:

Google Logging, where to find

Then you will need to filter by date and type service account to find the exact moment the service was deleted.

Google Logging - how to find the UNIQUE ID of a deleted service account

Then you can either

Option 1: Use Google Cloud Command Line

You can run the command line by installing it on your computer (https://cloud.google.com/sdk/docs/install). Or you can run it online using the Active Shell offered by Google Cloud Platform.

Where to find Google Cloud Active Shell - gcloud

The command you want to run is the following.

gcloud beta iam service-accounts undelete 12345678901234567890

Option 2: Use Google Cloud API

Using curl, call the API with the following command.

You will need to change API_KEY, PROJECT_ID and SERVICE_ACCOUNT_UID for real values.

curl -X POST \
-H "Authorization: Bearer API_KEY \
-H "Content-Type: application/json; charset=utf-8" \
-d "" \
"https://iam.googleapis.com/v1/projects/PROJECT_ID/serviceAccounts/SERVICE_ACCOUNT_UID:undelete"

You can get the API_KEY from Google Cloud Command Line:

gcloud auth application-default print-access-token

Again you can either have gcloud installed on your local machine or you can use it online with the Active Shell.

Where to find Google Cloud Active Shell - gcloud

Upvotes: 0

Agustin Lopez
Agustin Lopez

Reputation: 114

After a service account is deleted, you can recover it between 30 days after its deletion.

To do it, you can run the following command from cloud shell:

gcloud beta iam service-accounts undelete ACCOUNT_ID

The account ID can be taken from stackdriver logging with the following filter

resource.type="service_account" resource.labels.email_id="service-account-name" "DeleteServiceAccount"

Hope this helps to recover your service account.

Upvotes: 3

Related Questions