Cluster Resource Cleanup #256
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: "Cluster Resource Cleanup" | |
| on: | |
| # On workflow call (by another workflow) - require all inputs and secrets | |
| workflow_call: | |
| inputs: | |
| cluster_prefix: | |
| type: string | |
| description: "Prefix of cluster/resources to cleanup" | |
| required: true | |
| resource_group: | |
| type: string | |
| description: "Resource group to clean up" | |
| required: true | |
| keyvault_prefix: | |
| type: string | |
| description: "Prefix of keyvault to delete" | |
| required: true | |
| secrets: | |
| AZURE_CLIENT_ID: | |
| required: true | |
| AZURE_TENANT_ID: | |
| required: true | |
| AZURE_SUBSCRIPTION_ID: | |
| required: true | |
| # On manual dispatch from repo - only RG is required | |
| workflow_dispatch: | |
| inputs: | |
| resource_group: | |
| type: string | |
| description: "Resource group to clean up" | |
| required: true | |
| default: ops-cli-int-test-rg | |
| keyvault_prefix: | |
| type: string | |
| description: "Prefix of keyvault to delete" | |
| default: "opskv" | |
| required: false | |
| # Run every night at midnight (Pacific) to cleanup resources | |
| schedule: | |
| - cron: '0 8 * * *' | |
| env: | |
| RESOURCE_GROUP: ${{ inputs.resource_group || 'ops-cli-int-test-rg' }} | |
| CLUSTER_PREFIX: ${{ inputs.cluster_prefix || 'az-iot-ops-test-cluster' }} | |
| KEYVAULT_PREFIX: ${{ inputs.keyvault_prefix || 'opskv' }} | |
| permissions: | |
| # required for OpenID federation | |
| contents: 'read' | |
| id-token: 'write' | |
| jobs: | |
| arc-cleanup: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Az CLI login | |
| uses: azure/login@v2 | |
| with: | |
| client-id: ${{ secrets.AZURE_CLIENT_ID }} | |
| tenant-id: ${{ secrets.AZURE_TENANT_ID }} | |
| subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | |
| - name: Delete ARC instances | |
| run: | | |
| cluster_type="Microsoft.Kubernetes/connectedClusters" | |
| for cluster in $(az resource list -g ${{ env.RESOURCE_GROUP }} --resource-type $cluster_type --query "[?starts_with(name, '${{ env.CLUSTER_PREFIX }}')].id" -o tsv); do | |
| az resource delete -v --id $cluster --verbose | |
| done | |
| keyvault-cleanup: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Az CLI login | |
| uses: azure/login@v2 | |
| with: | |
| client-id: ${{ secrets.AZURE_CLIENT_ID }} | |
| tenant-id: ${{ secrets.AZURE_TENANT_ID }} | |
| subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | |
| - name: Delete keyvaults | |
| run: | | |
| for vault in $(az keyvault list -g ${{ env.RESOURCE_GROUP }} --query "[?starts_with(name, '${{ env.KEYVAULT_PREFIX }}')].name" -o tsv); do | |
| az keyvault delete -n $vault -g ${{ env.RESOURCE_GROUP }} | |
| done | |
| - name: Purge keyvaults | |
| run: | | |
| for vault in $(az keyvault list-deleted --query "[?contains(properties.vaultId, '${{ env.RESOURCE_GROUP }}')] | [?starts_with(name, '${{ env.KEYVAULT_PREFIX }}')].name" -o tsv); do | |
| az keyvault purge -n $vault --no-wait | |
| done | |
| resource-cleanup: | |
| needs: [arc-cleanup] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Az CLI login | |
| uses: azure/login@v2 | |
| with: | |
| client-id: ${{ secrets.AZURE_CLIENT_ID }} | |
| tenant-id: ${{ secrets.AZURE_TENANT_ID }} | |
| subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | |
| - name: Delete linked AIO resources | |
| run: | | |
| for resource in $(az resource list -g ${{ env.RESOURCE_GROUP }} --query "[?starts_with(name, '${{ env.CLUSTER_PREFIX }}')].id" -o tsv); do | |
| az resource delete -v --id $resource --verbose | |
| done | |
| mq-cleanup: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Az CLI login | |
| uses: azure/login@v2 | |
| with: | |
| client-id: ${{ secrets.AZURE_CLIENT_ID }} | |
| tenant-id: ${{ secrets.AZURE_TENANT_ID }} | |
| subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | |
| - name: Delete MQ child resources | |
| run: | | |
| is_mq_child_resource="contains(to_string(type), 'Microsoft.IoTOperationsMQ/mq/')" | |
| in_cluster_ext_loc="contains(to_string(extendedLocation.name), '${{ env.CLUSTER_PREFIX }}')" | |
| for mq_resource in $(az resource list -g ${{ env.RESOURCE_GROUP }} --query "[?$in_cluster_ext_loc && $is_mq_child_resource].id" -o tsv); do | |
| az resource delete -v --id $mq_resource --verbose | |
| done | |
| - name: Delete MQ instances | |
| run: | | |
| mq_type="Microsoft.IoTOperationsMQ/mq" | |
| in_cluster_ext_loc="contains(to_string(extendedLocation.name), '${{ env.CLUSTER_PREFIX }}')" | |
| # MQ instance cannot be deleted until all child resources have successfully deleted | |
| sleep 15s | |
| for mq in $(az resource list -g ${{ env.RESOURCE_GROUP }} --resource-type $mq_type --query "[?$in_cluster_ext_loc].id" -o tsv); do | |
| az resource delete -v --id $mq --verbose | |
| done |