Skip to content

Commit

Permalink
OCM-12964 | feat: Allow use of flag for deleting hcpsharedvpc policies
Browse files Browse the repository at this point in the history
  • Loading branch information
hunterkepley authored and openshift-cherrypick-robot committed Dec 9, 2024
1 parent 0991355 commit 518fbeb
Show file tree
Hide file tree
Showing 4 changed files with 55 additions and 29 deletions.
61 changes: 38 additions & 23 deletions cmd/dlt/accountroles/cmd.go
Original file line number Diff line number Diff line change
Expand Up @@ -37,10 +37,15 @@ import (
"github.com/openshift/rosa/pkg/rosa"
)

const (
deleteHcpSharedVpcPoliciesFlagName = "delete-hcp-shared-vpc-policies"
)

var args struct {
prefix string
hostedCP bool
classic bool
prefix string
hostedCP bool
classic bool
deleteHcpSharedVpcPolicies bool
}

var Cmd = &cobra.Command{
Expand Down Expand Up @@ -79,6 +84,13 @@ func init() {
"Delete classic account roles",
)

flags.BoolVar(
&args.deleteHcpSharedVpcPolicies,
deleteHcpSharedVpcPoliciesFlagName,
false,
"Deletes the Hosted Control Plane shared vpc policies",
)

interactive.AddModeFlag(Cmd)
confirm.AddFlag(flags)
}
Expand Down Expand Up @@ -153,7 +165,7 @@ func run(cmd *cobra.Command, _ []string) {
}

if deleteClassic {
err = deleteAccountRoles(r, env, prefix, clusters, mode, false)
err = deleteAccountRoles(r, cmd, env, prefix, clusters, mode, false)
if err != nil {
r.Reporter.Errorf("%s", err)
os.Exit(1)
Expand All @@ -165,7 +177,7 @@ func run(cmd *cobra.Command, _ []string) {
}

if deleteHostedCP {
err = deleteAccountRoles(r, env, prefix, clusters, mode, true)
err = deleteAccountRoles(r, cmd, env, prefix, clusters, mode, true)
if err != nil {
r.Reporter.Errorf("%s", err)
os.Exit(1)
Expand All @@ -182,8 +194,8 @@ func setDeleteRoles(isClassicFlagSet bool, isHostedCPFlagSet bool) (bool, bool)
return isClassicFlagSet, isHostedCPFlagSet
}

func deleteAccountRoles(r *rosa.Runtime, env string, prefix string, clusters []*cmv1.Cluster, mode string,
hostedCP bool) error {
func deleteAccountRoles(r *rosa.Runtime, cmd *cobra.Command, env string, prefix string, clusters []*cmv1.Cluster,
mode string, hostedCP bool) error {
var accountRolesMap map[string]aws.AccountRole
var roleTypeString string
if hostedCP {
Expand All @@ -203,28 +215,32 @@ func deleteAccountRoles(r *rosa.Runtime, env string, prefix string, clusters []*
return nil
}

deleteHcpSharedVpcPolicies := args.deleteHcpSharedVpcPolicies

switch mode {
case interactive.ModeAuto:
r.Reporter.Infof(fmt.Sprintf("Deleting %saccount roles", roleTypeString))

r.OCMClient.LogEvent("ROSADeleteAccountRoleModeAuto", nil)
deleteHcpSharedVpcPolicies := false
if roles.CheckIfRolesAreHcpSharedVpc(r, finalRoleList) {
deleteHcpSharedVpcPolicies = confirm.Prompt(true, "Attempt to delete Hosted CP shared VPC"+
" policies?")
if roles.CheckIfRolesAreHcpSharedVpc(r, finalRoleList) &&
!cmd.Flag(deleteHcpSharedVpcPoliciesFlagName).Changed {
deleteHcpSharedVpcPolicies = confirm.Prompt(true, "Attempt to delete Hosted CP shared VPC policies?")
}
for _, role := range finalRoleList {
if !confirm.Prompt(true, "Delete the account role '%s'?", role) {
continue
}
r.Reporter.Infof("Deleting account role '%s'", role)
err := r.AWSClient.DeleteAccountRole(role, prefix, managedPolicies, deleteHcpSharedVpcPolicies)
if err != nil {
r.Reporter.Warnf("There was an error deleting the account roles or policies: %s", err)
continue

if deleteHcpSharedVpcPolicies {
for _, role := range finalRoleList {
if !confirm.Prompt(true, "Delete the account role '%s'?", role) {
continue
}
r.Reporter.Infof("Deleting account role '%s'", role)
err := r.AWSClient.DeleteAccountRole(role, prefix, managedPolicies, deleteHcpSharedVpcPolicies)
if err != nil {
r.Reporter.Warnf("There was an error deleting the account roles or policies: %s", err)
continue
}
}
r.Reporter.Infof(fmt.Sprintf("Successfully deleted the %s account roles", roleTypeString))
}
r.Reporter.Infof(fmt.Sprintf("Successfully deleted the %saccount roles", roleTypeString))
case interactive.ModeManual:
r.OCMClient.LogEvent("ROSADeleteAccountRoleModeManual", nil)
policyMap, arbitraryPolicyMap, err := r.AWSClient.GetAccountRolePolicies(finalRoleList, prefix)
Expand All @@ -234,8 +250,7 @@ func deleteAccountRoles(r *rosa.Runtime, env string, prefix string, clusters []*

// Get HCP shared vpc policy details if the user is deleting roles related to HCP shared vpc
policiesOutput := make([]*iam.GetPolicyOutput, 0)
if roles.CheckIfRolesAreHcpSharedVpc(r, finalRoleList) &&
confirm.Prompt(true, "Create commands to delete Hosted CP shared VPC policies?") {
if roles.CheckIfRolesAreHcpSharedVpc(r, finalRoleList) && deleteHcpSharedVpcPolicies {
for _, role := range finalRoleList {
policies, err := r.AWSClient.GetPolicyDetailsFromRole(awssdk.String(role))
policiesOutput = append(policiesOutput, policies...)
Expand Down
21 changes: 15 additions & 6 deletions cmd/dlt/operatorrole/cmd.go
Original file line number Diff line number Diff line change
Expand Up @@ -39,11 +39,13 @@ import (
)

const (
PrefixFlag = "prefix"
PrefixFlag = "prefix"
deleteHcpSharedVpcPoliciesFlagName = "delete-hcp-shared-vpc-policies"
)

var args struct {
prefix string
prefix string
deleteHcpSharedVpcPolicies bool
}

var Cmd = &cobra.Command{
Expand All @@ -67,6 +69,13 @@ func init() {
"Operator role prefix, this flag needs to be used in case of reusable OIDC Config",
)

flags.BoolVar(
&args.deleteHcpSharedVpcPolicies,
deleteHcpSharedVpcPoliciesFlagName,
false,
"Deletes the Hosted Control Plane shared vpc policies",
)

ocm.AddOptionalClusterFlag(Cmd)
interactive.AddModeFlag(Cmd)
confirm.AddFlag(flags)
Expand Down Expand Up @@ -226,8 +235,9 @@ func run(cmd *cobra.Command, _ []string) {
r.OCMClient.LogEvent("ROSADeleteOperatorroleModeAuto", nil)

// Only ask user if they want to delete policies if they are deleting HcpSharedVpc roles
deleteHcpSharedVpcPolicies := false
if roles.CheckIfRolesAreHcpSharedVpc(r, foundOperatorRoles) {
deleteHcpSharedVpcPolicies := args.deleteHcpSharedVpcPolicies
if roles.CheckIfRolesAreHcpSharedVpc(r, foundOperatorRoles) &&
!cmd.Flag(deleteHcpSharedVpcPoliciesFlagName).Changed {
deleteHcpSharedVpcPolicies = confirm.Prompt(true, "Attempt to delete Hosted CP shared VPC policies?")
}
allSharedVpcPoliciesNotDeleted := make(map[string]bool)
Expand Down Expand Up @@ -276,8 +286,7 @@ func run(cmd *cobra.Command, _ []string) {

// Get HCP shared vpc policy details if the user is deleting roles related to HCP shared vpc
policiesOutput := make([]*iam.GetPolicyOutput, 0)
if roles.CheckIfRolesAreHcpSharedVpc(r, foundOperatorRoles) &&
confirm.Prompt(true, "Create commands to delete Hosted CP shared VPC policies?") {
if roles.CheckIfRolesAreHcpSharedVpc(r, foundOperatorRoles) && args.deleteHcpSharedVpcPolicies {
for _, role := range foundOperatorRoles {
policies, err := r.AWSClient.GetPolicyDetailsFromRole(awssdk.String(role))
policiesOutput = append(policiesOutput, policies...)
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -4,4 +4,5 @@
- name: prefix
- name: profile
- name: region
- name: delete-hcp-shared-vpc-policies
- name: "yes"
Original file line number Diff line number Diff line change
Expand Up @@ -3,4 +3,5 @@
- name: prefix
- name: profile
- name: region
- name: delete-hcp-shared-vpc-policies
- name: "yes"

0 comments on commit 518fbeb

Please sign in to comment.