Hello, I have created an account dedicated to deploying a node application on our AppEngine. The account is assigned the "App Engine Deployer" role, and used by GitHub actions to deploy on git push. It deploys just fine, however the previous versions remain active and incur charges unnecessarily. To prevent this, I added the --stop-previous-version argument to gcloud deploy command. However I get the following warning.
Stopping version [xxxx/default/20200603t153013]. WARNING: Error stopping version [xxxx/default/20200603t153013]: PERMISSION_DENIED: The caller does not have permission WARNING: Version [xxxx/default/20200603t153013] is still running and you must stop or delete it yourself in order to turn it off. (If you do not, you may be charged.) The problem is resolved if I create a custom role, copying all the permissions from the default "App Engine Deployer", plus adding the "appengine.instances.delete" permission. So my questions are, 1) .delete is over-granting when the requirement is .stop which does not exist as a permission. Is there any plan on introducing finer grained permissions? 2) Any plans on updating the built-in "App Engine Deployer" role to support the --stop-previous-version argument? I read way too many incidents of being overcharged due to multiple versions running simultaneously (which is another discussion of its own on why this is the default instead of being an option), and the current state of the corresponding role is not exactly helping. Best, Alan -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/google-appengine/3a4e6037-635a-40db-9afe-7552648c0ca0%40googlegroups.com.
