Task to delete GCP Service Accounts Policies fails when SA doesn't exist

[jimright]

Details

The task which removes GCP Service Account policies task which uses a gcloud command now fails when the Service Account does not exist. There is a failed_when condition on this task which should prevent this happending:

cloudera.exe/roles/platform/tasks/teardown_gcp_authz.yml

Lines 54 to 62 in c211d37

	- name: Tear down Operational GCP Service Accounts Policies
	when: plat__teardown_deletes_policies
	register: __gcp_service_account_teardown
	loop_control:
	loop_var: __gcp_binding_item
	label: __gcp_binding_item.member
	failed_when:
	- __gcp_service_account_teardown.rc == 1
	- "'Policy bindings with the specified member and role not found!' not in __gcp_service_account_teardown.stderr"

This task uses the gcloud projects remove-iam-policy-binding command and it seems the the error message for a non-existent SA has changed slightly:

cldr full-v1.5.4 #> gcloud projects remove-iam-policy-binding <GCP_ACCOUNT> --member=serviceAccount:jenright-audit-identity@<GCP_ACCOUNT>.iam.gserviceaccount.com --role=roles/storage.objectAdmin --all
ERROR: (gcloud.projects.remove-iam-policy-binding) Policy bindings with the specified principal and role not found!

Possible Solution

Change the failed_when condition on the Tear down Operational GCP Service Accounts Policies to catch the new error message.