Add cleanup step for OS Login keys in Cloud Build

Author: chandra-siri

packages/google-cloud-storage/cloudbuild/zb-system-tests-cloudbuild.yaml

@@ -23,6 +23,41 @@ steps:
         cat /workspace/.ssh/google_compute_engine.pub > /workspace/gcb_ssh_key.pub
     waitFor: ["-"]
 
+  - name: "gcr.io/google.com/cloudsdktool/cloud-sdk"
+    id: "cleanup-old-keys"
+    entrypoint: "bash"
+    args:
+      - "-c"
+      - |
+        #!/bin/bash
+        set -e
+
+        echo "Fetching OS Login SSH keys..."
+        echo "Removing all keys."
+        echo "---------------------------------------------------------------------"
+
+        FINGERPRINTS_TO_DELETE=$(gcloud compute os-login ssh-keys list \
+          --format="value(fingerprint)")
+
+        echo "Keys to delete: $FINGERPRINTS_TO_DELETE"
+
+        if [ -z "$FINGERPRINTS_TO_DELETE" ]; then
+          echo "No keys found to delete. Nothing to do."
+          exit 0
+        fi
+
+        while IFS= read -r FINGERPRINT; do
+          if [ -n "$FINGERPRINT" ]; then
+            echo "Deleting key with fingerprint: ${FINGERPRINT}"
+            gcloud compute os-login ssh-keys remove \
+              --key="${FINGERPRINT}" \
+              --quiet || true
+          fi
+        done <<< "$FINGERPRINTS_TO_DELETE"
+
+        echo "---------------------------------------------------------------------"
+        echo "Cleanup complete."
+
   # Step 1 Create a GCE VM to run the tests.
   # The VM is created in the same zone as the buckets to test rapid storage features.
   # It's given the 'cloud-platform' scope to allow it to access GCS and other services.
@@ -80,6 +115,7 @@ steps:
     waitFor:
       - "create-vm"
       - "generate-ssh-key"
+      - "cleanup-old-keys"
 
   - name: "gcr.io/google.com/cloudsdktool/cloud-sdk"
     id: "cleanup-ssh-key"