Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add DeleteAfter tag and resource cleanup for test resource service principals #1966

Open
benbp opened this issue Sep 1, 2021 · 4 comments
Open

Add DeleteAfter tag and resource cleanup for test resource service principals #1966

benbp opened this issue Sep 1, 2021 · 4 comments
Assignees
@benbp
Labels
Central-EngSys This issue is owned by the Engineering System team.

Comments

@benbp
Copy link
Member

benbp commented Sep 1, 2021

We create a lot of new service principals in the development workflow for the New-TestResources.ps1 script. Right now we don't have any great ways of cleaning these up. We should follow the same model we do for resource groups, where we add a time-based DeleteAfter tag, and query for those resources in the live test resource cleanup pipeline.
@ghost ghost added the needs-triage Workflow: This is a new issue that needs to be triaged to the appropriate team. label Sep 1, 2021
@benbp benbp mentioned this issue Sep 1, 2021
Merged
@weshaggard
Copy link
Member

If we can do that great but I've found that there is a lack of permissions to delete the service principal in the normal case only the creator has permissions.

@jsquire
Copy link
Member

jsquire commented Sep 7, 2021

Maybe we could emit a tag for the resource group that identifies the Test Application principal associated with it and integrate that with Remove-TestResources; that may not solve the permissions issue that Wes is highlighting, but it may help with the clutter for manual clean-up cases.

@benbp
Copy link
Member Author

benbp commented Sep 8, 2021

@weshaggard is the issue you're referring to that we couldn't add a group as an SP owner (issue)? I think we could update the script or perhaps policy to add our provisioner identity as an owner.

@kurtzeborn kurtzeborn added Central-EngSys This issue is owned by the Engineering System team. and removed needs-triage Workflow: This is a new issue that needs to be triaged to the appropriate team. labels Sep 13, 2021
@benbp benbp assigned ckairen and unassigned benbp Nov 1, 2021
@kurtzeborn kurtzeborn moved this from 🤔 Triage to 📋 Backlog in Azure SDK EngSys 🚢🎉 Jun 12, 2023
@kurtzeborn kurtzeborn assigned benbp and unassigned ckairen Jun 12, 2023
@kurtzeborn
Copy link
Member

Triaging old issues... we definitely will still need this as we accumulate service principals and hit a hard cap at some point.

@kurtzeborn kurtzeborn reopened this Jun 12, 2023
@github-project-automation github-project-automation bot moved this from 📋 Backlog to 🎊 Closed in Azure SDK EngSys 🚢🎉 Jun 12, 2023
@kurtzeborn kurtzeborn moved this from 🎊 Closed to 📋 Backlog in Azure SDK EngSys 🚢🎉 Jun 12, 2023
@github-project-automation github-project-automation bot moved this from 📋 Backlog to 🤔 Triage in Azure SDK EngSys 🚢🎉 Jun 12, 2023
@kurtzeborn kurtzeborn moved this from 🤔 Triage to 📋 Backlog in Azure SDK EngSys 🚢🎉 Jun 12, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@benbp benbp

Labels
Central-EngSys This issue is owned by the Engineering System team.
Projects
Azure SDK EngSys 🚢🎉
Status: 📋 Backlog
Milestone
No milestone
Development

No branches or pull requests
5 participants
@jsquire @benbp @weshaggard @kurtzeborn @ckairen