Delete an app

This page describes best practices and instructions for safely deleting an app.

Steps to delete an app

The following instructions are for the Google Cloud console.

Best practices for deleting an app with an IAM policy

Deleting an app is an irreversible action. Therefore, if your app has configured access controls, you can remove all users from its IAM policy before deleting the app. Follow these steps:

1. Clear the IAM policy: Before deleting the app, clear its IAM policy to remove user access. You can do this by setting an empty bindings array.

   1. Get the current IAM policy of your app using the getIamPolicy method.

      REST

      curl -X GET \
      -H "Authorization: Bearer $(gcloud auth print-access-token)" \
      -H "Content-Type: application/json" \
      "https://ENDPOINT_LOCATION-discoveryengine.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/collections/default_collection/engines/APP_ID:getIamPolicy"
      

      Replace the following:

      • PROJECT_ID: the ID of your project.
      • ENDPOINT_LOCATION: the multi-region for your API request. Specify one of the following values:
        • us for the US multi-region
        • eu for the EU multi-region
        • global for the Global location
        For more information, see Specify a multi-region for your data store.
      • LOCATION: the multi-region of your data store: global, us, or eu
      • APP_ID: the ID of the app that you want to configure.

      Example command and result

      curl -X GET \
      -H "Authorization: Bearer $(gcloud auth print-access-token)" \
      -H "Content-Type: application/json" \
      "https://global-discoveryengine.googleapis.com/v1/projects/my-project-123/locations/global/collections/default_collection/engines/my-app:getIamPolicy"
      
      {
        "version": 1,
        "etag": "1234567890"
      }
        

   2. To remove all existing bindings, use the setIamPolicy method with an empty bindings array in the request body.

      REST

      curl -X POST \
      -H "Authorization: Bearer $(gcloud auth print-access-token)" \
      -H "Content-Type: application/json" \
      -d '{
            "policy": {
              "etag": "ETAG",
              "bindings": []
            }
          }' \
      "https://ENDPOINT_LOCATION-discoveryengine.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/collections/default_collection/engines/APP_ID:setIamPolicy"
      

      Replace the following:

      • ETAG: the etag value you got as the response when you used the getIamPolicy method.
      • PROJECT_ID: the ID of your project.
      • ENDPOINT_LOCATION: the multi-region for your API request. Specify one of the following values:
        • us for the US multi-region
        • eu for the EU multi-region
        • global for the Global location
        For more information, see Specify a multi-region for your data store.
      • LOCATION: the multi-region of your data store: global, us, or eu
      • APP_ID: the ID of the app that you want to configure.

      Example command and result

      curl -X POST \
      -H "Authorization: Bearer $(gcloud auth print-access-token)" \
      -H "Content-Type: application/json" \
      -d '{
            "policy": {
              "etag": "1234567890",
              "bindings": []
            }
          }' \
      "https://global-discoveryengine.googleapis.com/v1/projects/my-project-123/locations/global/collections/default_collection/engines/my-app:setIamPolicy"
      
      {
        "version": 1,
        "etag": "3456789012"
      }
        

2. Confirm user impact: After clearing the policy and allowing for propagation time, confirm that the access revocation hasn't caused any unintended issues for users.

3. Delete the app: After you've confirmed the impact, proceed with deleting the app as described in the Steps to delete an app section.