Implemented resource clean up (#8)

utr1903 · Jan 30, 2024 · 3b2186b · 3b2186b
1 parent 4dc1729
commit 3b2186b
Show file tree

Hide file tree

Showing 3 changed files with 114 additions and 4 deletions.
diff --git a/infra/cluster/azure/README.md b/infra/cluster/azure/README.md
@@ -47,3 +47,32 @@ The following Azure resources will be deployed:
 
 1. Service principal [`sp${project}${instance}`] (to run Github workflows)
 2. Key vault secrets (to store service principal credentials)
+
+After this step is completed, we need to store the following parameters as Github secrets so that our Github workflows can talk to Azure successfully:
+
+1. PROJECT (from the flag `--project`)
+2. INSTANCE (from the flag `--instance`)
+3. AZURE_TENANT_ID (your Azure tenant ID)
+4. AZURE_SUBSCRIPTION_ID (your Azure subscription ID)
+5. AZURE_SERVICE_PRINCIPAL_APP_ID (app ID of the service principal)
+6. AZURE_SERVICE_PRINCIPAL_SECRET (secret of the service principal)
+
+## 04 - Cleaning up
+
+After we are done with the entire environment, we need to clean up everything we have created. In order to that, do the following sequentially:
+
+First, we destroy the Terraform deployment:
+
+```shell
+bash 01_deploy_cluster.sh --project myproj --instance 001 --location westeurope --k8s-version 1.28.0 --destroy
+```
+
+Next, we delete the service principal (and the app registration behind it) and remove all of the baseline resources by running the clean up script [`03_cleanup_resources.sh`](/infra/cluster/azure/scripts/03_cleanup_resources.sh).
+
+```shell
+bash 03_cleanup_resources.sh --project myproj --instance 001 --location westeurope --destroy
+```
+
+**IMPORTANT**: The `project`, `instance` and `location` should be the same as the ones in the baseline and main!
+
+Last, the key vault needs to be purged. Azure deletes the key vaults in a soft manner so that they can be recovered. In order to permanently remove a key vault, it has to be purged. That's something we need to do manually in the portal.
diff --git a/infra/cluster/azure/scripts/02_create_github_service_account.sh b/infra/cluster/azure/scripts/02_create_github_service_account.sh
@@ -64,8 +64,8 @@ fi
 echo "Checking service principal [${servicePrincipalName}]..."
 subscriptionId=$(az account show | jq -r .id)
 
-servicePrincipal=$(az ad sp show \
-  --id $servicePrincipalName \
+servicePrincipal=$(az ad app list \
+  --display-name $servicePrincipalName \
   2> /dev/null)
 if [[ $servicePrincipal == "" ]]; then
   echo " -> Service principal does not exist. Creating..."
@@ -99,5 +99,3 @@ if [[ $servicePrincipal == "" ]]; then
 else
   echo -e " -> Service principal already exists.\n"
 fi
-
-
diff --git a/infra/cluster/azure/scripts/03_cleanup_resources.sh b/infra/cluster/azure/scripts/03_cleanup_resources.sh
@@ -0,0 +1,83 @@
+#!/bin/bash
+
+# Get commandline arguments
+while (( "$#" )); do
+  case "$1" in
+    --project)
+      project="${2}"
+      shift
+      ;;
+    --instance)
+      instance="${2}"
+      shift
+      ;;
+    --location)
+      location="${2}"
+      shift
+      ;;
+    *)
+      shift
+      ;;
+  esac
+done
+
+### Check input
+
+# Project
+if [[ $project == "" ]]; then
+  echo -e "Project [--project] is not provided!\n"
+  exit 1
+fi
+
+# Instance
+if [[ $instance == "" ]]; then
+  echo -e "Instance [--instance] is not provided!\n"
+  exit 1
+fi
+
+# Location
+if [[ $location == "" ]]; then
+  location="westeurope"
+  echo -e "Location [--location] is not provided. Using default location ${location}.\n"
+fi
+
+### Set variables
+baseResourceGroupName="rg${project}base${instance}"
+servicePrincipalName="sp${project}${instance}"
+
+# Service principal
+echo "Checking service principal [${servicePrincipalName}]..."
+subscriptionId=$(az account show | jq -r .id)
+
+servicePrincipalAppId=$(az ad app list \
+  --display-name $servicePrincipalName \
+  2> /dev/null | jq -r .[0].appId)
+
+if [[ $servicePrincipalAppId == "" ]]; then
+  echo -e " -> Service principal does not exist.\n"
+else
+  echo -e " -> Service principal exists. Deleting..."
+
+  az ad app delete \
+    --id $servicePrincipalAppId
+
+  echo -e " -> Service principal is deleted successfully.\n"
+fi
+
+# Resource group
+echo "Checking base resource group [${baseResourceGroupName}]..."
+resourceGroup=$(az group show \
+  --name $baseResourceGroupName \
+  2> /dev/null)
+
+if [[ $resourceGroup == "" ]]; then
+  echo -e " -> Resource group does not exist.\n"
+else
+  echo -e " -> Resource group exists. Deleting..."
+
+  az group delete \
+    --name $baseResourceGroupName \
+    --yes
+
+  echo -e " -> Resource group is deleted successfully.\n"
+fi