I have added an attestation on google cloud platform to use for image signing and attestation by the attestor and want to remove the added attestation but I can't seem to find any documentation on how this is done or even if this is how is should be done.
I have seen the one for removal of the attestor but none on removing of deleting the attestation. I had added it using the following command:
Official documentation version:
gcloud container binauthz attestations create \
--project=$PROJECT_ID \
--artifact-url="${CONTAINER_PATH}@${DIGEST}" \
--attestor=${ATTESTOR} \
--signature-file=./signature.pgp \
--public-key-id="$KEY_FINGERPRINT"Online tutorial version:
gcloud beta container binauthz attestations create \
--artifact-url="CONTAINER_PATH@DIGEST" \
--attestor=ATTESTOT_ID \
--attestor-project=PROJECT_ID \
--signature-file=./signature.pgp \
--pgp-key-fingerprint="KEY_FINGERPRINT"but from a more recent documentation the --attestor should include the following --attestor="projects/${ATTESTOR_PROJECT_ID}/attestors/${ATTESTOR}" and unfortunately the tutorial I am following didn't use it this way and only added the attestor_id or name. So I want to remove this version and add new one but I am getting a conflict error
Resource in project [xxxx] is the subject of a conflict: occurrence ID "f5981e62-7b42-4f57-8486-b0d9518509fa" already exists in projectSo how is it to be removed.
Update: documentation used to compare to online course: https://cloud.google.com/binary-authorization/docs/making-attestations
Looks like somekind of underlying resources(the error messages indicates that) are still need to be deleted.
Found some documentation on binary authorization where they have explained complete tear down and clean-up. It looks like apart from the attestor, we need to delete some other connected resources as well.