如何恢复 GCP 项目服务帐号

Question

I ignorantly deleted the service account to my GCP project rather than the service account to Google Calendar API and Dialogflow service account.

I'm now having issues trying to deploy my dialogflow agent through the inline code editor to Cloud Functions. When I check the logs, I get this message:

2020-07-30 15:48:40.350 WAT
Dialogflow API
CreateCloudFunction
us-central1
bashorun.emma@gmail.com
userFacingMessage: 
Default service account 'northern-timer-231210@appspot.gserviceaccount.com' doesn't exist. 
Please recreate this account (for example by disabling and enabling the Cloud Functions API),
or specify a different account.;
com.google.cloud.eventprocessing.manager.api.error.DefaultServiceAccountDoesNotExistException: userFacingMessage:
Default service account 'northern-timer-231210@appspot.gserviceaccount.com' doesn't exist. Please recreate this account (for example by disabling and enabling the Cloud Functions API), or specify a different account.; Code: FAILED_PRECONDITION com.google.apps.framework.request.StatusException: <eye3 title='FAILED_PRECONDITION'/> generic::FAILED_PRECONDITION: userFacingMessage:
Default service account 'northern-timer-231210@appspot.gserviceaccount.com' doesn't exist. 
Please recreate this account (for example by disabling and enabling the Cloud Functions API), or specify a different account.; com.google.cloud.eventprocessing.manager.api.error.DefaultServiceAccountDoesNotExistException: userFacingMessage: 
Default service account 'northern-timer-231210@appspot.gserviceaccount.com' doesn't exist. Please recreate this account (for example by disabling and enabling the Cloud Functions API), or specify a different account.; Code: FAILED_PRECONDITION

Is it possible to retrieve back the service account or am I getting these errors as a result of a different problem?

Answer 1

After a service account is deleted, you can recover it between 30 days after its deletion.

To do it, you can run the following command from cloud shell:

gcloud beta iam service-accounts undelete ACCOUNT_ID

The account ID can be taken from stackdriver logging with the following filter

resource.type="service_account" resource.labels.email_id="service-account-name" "DeleteServiceAccount"

Hope this helps to recover your service account.

Answer 2

Recover App Engine or any deleted service account

You can undelete service accounts. You will need the service account's unique ID. If you don't have it, you can find it on Google Cloud Logging.

You can find Logging service here on the side menu:

Then you will need to filter by date and type service account to find the exact moment the service was deleted.

Then you can either

Option 1: Use Google Cloud Command Line

You can run the command line by installing it on your computer ( https://cloud.google.com/sdk/docs/install ). Or you can run it online using the Active Shell offered by Google Cloud Platform.

The command you want to run is the following.

gcloud beta iam service-accounts undelete 12345678901234567890

Option 2: Use Google Cloud API

Using curl , call the API with the following command.

You will need to change API_KEY , PROJECT_ID and SERVICE_ACCOUNT_UID for real values.

curl -X POST \
-H "Authorization: Bearer API_KEY \
-H "Content-Type: application/json; charset=utf-8" \
-d "" \
"https://iam.googleapis.com/v1/projects/PROJECT_ID/serviceAccounts/SERVICE_ACCOUNT_UID:undelete"

You can get the API_KEY from Google Cloud Command Line:

gcloud auth application-default print-access-token

Again you can either have gcloud installed on your local machine or you can use it online with the Active Shell .