I am trying to remove a certain permission on google cloud functions using a for loop in gitlab ci.
for i in ${!CFS[@]}; do
gcloud functions remove-iam-policy-binding ${API_VERSION}-${CFS[$i]} --member=${MEMBER} --role=${ROLE}
done
The issue is that if the resource does not have the given role, for the member I am getting an error.
ERROR: (gcloud.functions.remove-iam-policy-binding) Policy binding with the specified member and role not found!.
I want to avoid this situation by checking if the member has the given role on the resource before executing the remove-iam-policy-binding gcloud command. Is there a way to check if a permission exists for a member on a given resource before removing it?
I was able to achieve this using the gcloud functions get-iam-policy and filtering the permission and role I wanted. If the role is set for the given user then I remove it.
for mem in $(gcloud functions get-iam-policy ${CFS[$i]} --flatten="bindings[].members" --filter="bindings.role:roles/cloudfunctions.invoker" --format="value(bindings.members)")
do
echo $mem
gcloud functions remove-iam-policy-binding ${CFS[$i]} --member=$mem --role="roles/cloudfunctions.invoker"
done