GCP: How to completely delete a custom role

Question

I have been working with GCP IAM and during writing a script that creates and deleted custom roles on demand I (accidentally) created 300 roles which are the max quotas of roles allowed in GCP, and now I can't create new roles.

I have tried to delete them but it only changes their status to deleted and doesn't really delete the role.

Is there a way to completely delete the roles I have created so I will be able to release the quotas?

the best solution I'm looking for is using GCP API in python because I still need to create a script that creates and deleted custom roles on demand.

Answer 1

You don't need any script. just go to the console IAM --> Roles and from there use the filter and choose Type: Custom. After that click on the primary checkbox to select all the results and remove them

Answer 2

If the status of the custom roles that you want to be deleted is already "deleted", the quotas it consumes will be released after 7 days. The reason that it is still showing is because there is an option for undelete. Here is what shows on the official GCP documentation:

When a role is deleted, its bindings remain, but are inactive. You can undelete a role within 7 days. During this 7-day period, the role will show as Deleted in the Cloud Console, and will not appear in programmatic list commands (unless showDeleted is set in the request).

After 7 days, the role is scheduled for permanent deletion. At this point, the role no longer counts towards the limit of 300 custom roles per organization or 300 custom roles per project.

You can check this link for a better explanation with regards to the topic and the code needed for it.