I have set up gcp liens as described here.
Unfortunately when I try to delete the project using an owner account the project is deleted. Does it take some time to take effect or is there some other kind of extra configuration?
In order to achieve so I used the commands specified on the documentation
gcloud alpha resource-manager liens create --restrictions=resourcemanager.projects.delete --reason="Super important production system" --project projectId
Then I check the rule
> gcloud alpha resource-manager liens list --project projectId --format json
[
{
"createTime": "2020-01-23T07:53:19.938621Z",
"name": "liens/p111111111111-420a1a11-8dee-4b07-a7fe-5112b00e898d",
"origin": "john@doe.com",
"parent": "projects/111111111111",
"reason": "Super important production system",
"restrictions": [
"resourcemanager.projects.delete"
]
}
]
You need to have the “Project Lien Modifier” role for your user at the Organization level.
Then you can open the cloud shell and run this command
gcloud alpha resource-manager liens create --restrictions=resourcemanager.projects.delete --reason="Important PJ" --project=[YOUR-PJ-NAME] --verbosity=debug
** EDIT: I test it in a a no-organization project and the lien doesn't work. This feature is in alpha, looks like this does not support individual projects currently. It was made thinking in large organisation with hundreds of projects