search

GoogleCloudPlatform / pubsec-declarative-toolkit

The GCP PubSec Declarative Toolkit is a collection of declarative solutions to help you on your Journey to Google Cloud. Solutions are designed using Config Connector and deployed using Config Controller.
Apache License 2.0
31 stars 28 forks source link

Disable 5 projects before attempting delete via "kpt live destroy" to remove liens - or delete the liens #211

Open obriensystems opened 1 year ago

obriensystems commented 1 year ago

sh changes in prep of adding delete to Arete shortly

For example - before the kpt live destroy - lifecyle can reconcile - we need to pre-disable the project or delete the lien

michael@cloudshell:~/dev/pdt-oldev/obriensystems (audit-prj-id-oldv1)$ gcloud config set project net-host-prj-prod-oldv1
Updated property [core/project].
michael@cloudshell:~/dev/pdt-oldev/obriensystems (net-host-prj-prod-oldv1)$ gcloud alpha resource-manager liens list
NAME: p553611293232-lb8bec0d8-ed46-45c2-81fb-3dda344e6008
ORIGIN: xpn.googleapis.com
REASON: This lien is added to prevent the deletion of this shared VPC host project. The host project should be disabled before it is deleted.
michael@cloudshell:~/dev/pdt-oldev/obriensystems (net-host-prj-prod-oldv1)$ gcloud alpha resource-manager liens delete  p553611293232-lb8bec0d8-ed46-45c2-81fb-3dda344e6008
Deleted [liens/p553611293232-lb8bec0d8-ed46-45c2-81fb-3dda344e6008].
michael@cloudshell:~/dev/pdt-oldev/obriensystems (net-host-prj-prod-oldv1)$

michael@cloudshell:~/dev/pdt-oldev/obriensystems (net-host-prj-prod-oldv1)$ kpt live destroy landing-zone
folder.resourcemanager.cnrm.cloud.google.com/infrastructure.networking.prodnetworking reconcile successful
fmichaelobrien commented 1 year ago

the following lien removals allow the LZ delete to finish (or disable the projects before)

  gcloud config set project audit-prj-id-oldv1
  AUDIT_LIEN=$(gcloud alpha resource-manager liens list)
  gcloud alpha resource-manager liens delete $AUDIT_LIEN
  gcloud config set project net-host-prj-prod-oldv1
  gcloud config set project net-host-prj-nonprod-oldv1

results

folder.resourcemanager.cnrm.cloud.google.com/infrastructure.networking reconcile successful
delete result: 10 attempted, 10 successful, 0 skipped, 0 failed
reconcile result: 10 attempted, 10 successful, 0 skipped, 0 failed, 0 timed out
michael@cloudshell:~/dev/pdt-oldev/obriensystems (net-host-prj-nonprod-oldv1)$
obriensystems commented 1 year ago

exact commands in deployment.sh

  gcloud config set project audit-prj-id-oldv2
  # there is only one lien for now
  export AUDIT_LIEN=$(gcloud alpha resource-manager liens list --format json | jq .[0].name | sed 's/"//g' | sed 's/liens\///g')
  echo "Deleting lien: ${AUDIT_LIEN}"
  gcloud alpha resource-manager liens delete $AUDIT_LIEN 
  #NAME: p450465108368-l10d7c241-a1b3-4c52-8986-112209c5966a
  #ORIGIN: xpn.googleapis.com
  #REASON: This lien is added to prevent the deletion of this shared VPC host project. The host project should be disabled before it is deleted.
Updated property [core/project].
Deleting lien: p596436110046-l3fd7494f-64ad-44c6-aba3-6cabaed36777
Deleted [liens/p596436110046-l3fd7494f-64ad-44c6-aba3-6cabaed36777].
obriensystems commented 1 year ago 
michael@cloudshell:~/wse_github/GoogleCloudPlatform (landing-zone-controller-e4g7d)$ gcloud config set project audit-prj-id-gz1
Updated property [core/project].
michael@cloudshell:~/wse_github/GoogleCloudPlatform (audit-prj-id-gz1)$ export AUDIT_LIEN=$(gcloud alpha resource-manager liens list --format json | jq .[0].name | sed 's/"//g' | sed 's/liens\///g')
michael@cloudshell:~/wse_github/GoogleCloudPlatform (audit-prj-id-gz1)$ echo $AUDIT_LIEN
p402270513653-lec39ae31-1d37-48f0-bbe7-59b0d41541a1
michael@cloudshell:~/wse_github/GoogleCloudPlatform (audit-prj-id-gz1)$ gcloud alpha resource-manager liens delete $AUDIT_LIEN 
Deleted [liens/p402270513653-lec39ae31-1d37-48f0-bbe7-59b0d41541a1].
michael@cloudshell:~/wse_github/GoogleCloudPlatform (audit-prj-id-gz1)$ gcloud config set project net-host-prj-prod-gz1
Updated property [core/project].
michael@cloudshell:~/wse_github/GoogleCloudPlatform (net-host-prj-prod-gz1)$ export AUDIT_LIEN=$(gcloud alpha resource-manager liens list --format json | jq .[0].name | sed 's/"//g' | sed 's/liens\///g')
michael@cloudshell:~/wse_github/GoogleCloudPlatform (net-host-prj-prod-gz1)$ echo $AUDIT_LIEN
p698859936700-l9cf73dda-4423-454a-b137-c838b6357574
michael@cloudshell:~/wse_github/GoogleCloudPlatform (net-host-prj-prod-gz1)$ gcloud alpha resource-manager liens delete $AUDIT_LIEN
Deleted [liens/p698859936700-l9cf73dda-4423-454a-b137-c838b6357574].