Skip to content

Commit

Permalink
Merge pull request #2676 from openshift-cherrypick-robot/cherry-pick-…
Browse files Browse the repository at this point in the history
…2674-to-release_1.2.49

[release_1.2.49] OCM-12871 | feat: Add manual mode for deleting hcp sharedvpc policies [oproles]
  • Loading branch information
hunterkepley authored Dec 4, 2024
2 parents 811fc84 + 5b6fc3f commit e8418a1
Show file tree
Hide file tree
Showing 2 changed files with 70 additions and 20 deletions.
41 changes: 23 additions & 18 deletions cmd/dlt/accountroles/cmd.go
Original file line number Diff line number Diff line change
Expand Up @@ -240,7 +240,7 @@ func deleteAccountRoles(r *rosa.Runtime, env string, prefix string, clusters []*
policies, err := r.AWSClient.GetPolicyDetailsFromRole(awssdk.String(role))
policiesOutput = append(policiesOutput, policies...)
if err != nil {
r.Reporter.Infof("There was an error getting details of policies attached to role '%s': %v",
r.Reporter.Warnf("There was an error getting details of policies attached to role '%s': %v",
role, err)
}
}
Expand Down Expand Up @@ -320,6 +320,8 @@ func buildCommand(roleNames []string, policyMap map[string][]aws.PolicyDetail,
arbitraryPolicyMap map[string][]aws.PolicyDetail, managedPolicies bool,
hcpSharedVpcPoliciesOutput []*iam.GetPolicyOutput) string {
commands := []string{}
hcpSharedVpcPolicyCommands := make(map[string]string) // Ensures no duplicate delete policy cmds for hcp sharedvpc

for _, roleName := range roleNames {
policyDetails := policyMap[roleName]
excludedPolicyDetails := arbitraryPolicyMap[roleName]
Expand Down Expand Up @@ -365,26 +367,29 @@ func buildCommand(roleNames []string, policyMap map[string][]aws.PolicyDetail,
Build()
commands = append(commands, deleteRole)

if len(hcpSharedVpcPoliciesOutput) > 0 { // Delete HCP shared VPC policies
for _, hcpSharedVpcPolicy := range hcpSharedVpcPoliciesOutput {
hasRhManagedTag := false
hasHcpSharedVpcTag := false
for _, tag := range hcpSharedVpcPolicy.Policy.Tags {
if *tag.Key == tags.RedHatManaged {
hasRhManagedTag = true
} else if *tag.Key == tags.HcpSharedVpc {
hasHcpSharedVpcTag = true
}
}
if hasHcpSharedVpcTag && hasRhManagedTag {
deletePolicy := awscb.NewIAMCommandBuilder().
SetCommand(awscb.DeletePolicy).
AddParam(awscb.PolicyName, *hcpSharedVpcPolicy.Policy.PolicyName).
Build()
commands = append(commands, deletePolicy)
// Delete HCP shared VPC policies
for _, hcpSharedVpcPolicy := range hcpSharedVpcPoliciesOutput {
hasRhManagedTag := false
hasHcpSharedVpcTag := false
for _, tag := range hcpSharedVpcPolicy.Policy.Tags {
if *tag.Key == tags.RedHatManaged {
hasRhManagedTag = true
} else if *tag.Key == tags.HcpSharedVpc {
hasHcpSharedVpcTag = true
}
}
if hasHcpSharedVpcTag && hasRhManagedTag {
deletePolicy := awscb.NewIAMCommandBuilder().
SetCommand(awscb.DeletePolicy).
AddParam(awscb.PolicyArn, *hcpSharedVpcPolicy.Policy.Arn).
Build()
hcpSharedVpcPolicyCommands[*hcpSharedVpcPolicy.Policy.PolicyName] = deletePolicy
}
}
}

for _, command := range hcpSharedVpcPolicyCommands {
commands = append(commands, command)
}
return awscb.JoinCommands(commands)
}
49 changes: 47 additions & 2 deletions cmd/dlt/operatorrole/cmd.go
Original file line number Diff line number Diff line change
Expand Up @@ -22,12 +22,15 @@ import (
"strings"
"time"

awssdk "github.com/aws/aws-sdk-go-v2/aws"
"github.com/aws/aws-sdk-go-v2/service/iam"
"github.com/briandowns/spinner"
"github.com/spf13/cobra"
errors "github.com/zgalor/weberr"

"github.com/openshift/rosa/pkg/aws"
awscb "github.com/openshift/rosa/pkg/aws/commandbuilder"
"github.com/openshift/rosa/pkg/aws/tags"
"github.com/openshift/rosa/pkg/interactive"
"github.com/openshift/rosa/pkg/interactive/confirm"
"github.com/openshift/rosa/pkg/ocm"
Expand Down Expand Up @@ -270,7 +273,22 @@ func run(cmd *cobra.Command, _ []string) {
r.Reporter.Errorf("There was an error getting the policy: %v", err)
os.Exit(1)
}
commands := buildCommand(r, foundOperatorRoles, policyMap, arbitraryPolicyMap, managedPolicies)

// Get HCP shared vpc policy details if the user is deleting roles related to HCP shared vpc
policiesOutput := make([]*iam.GetPolicyOutput, 0)
if roles.CheckIfRolesAreHcpSharedVpc(r, foundOperatorRoles) &&
confirm.Prompt(true, "Create commands to delete Hosted CP shared VPC policies?") {
for _, role := range foundOperatorRoles {
policies, err := r.AWSClient.GetPolicyDetailsFromRole(awssdk.String(role))
policiesOutput = append(policiesOutput, policies...)
if err != nil {
r.Reporter.Warnf("There was an error getting details of policies attached to role '%s': %v",
role, err)
}
}
}

commands := buildCommand(r, foundOperatorRoles, policyMap, arbitraryPolicyMap, managedPolicies, policiesOutput)
if r.Reporter.IsTerminal() {
r.Reporter.Infof("Run the following commands to delete the Operator roles and policies:\n")
}
Expand All @@ -282,8 +300,11 @@ func run(cmd *cobra.Command, _ []string) {
}

func buildCommand(r *rosa.Runtime, roleNames []string, policyMap map[string][]string,
arbitraryPolicyMap map[string][]string, managedPolicies bool) string {
arbitraryPolicyMap map[string][]string, managedPolicies bool,
hcpSharedVpcPoliciesOutput []*iam.GetPolicyOutput) string {
commands := []string{}
hcpSharedVpcPolicyCommands := make(map[string]string) // Ensures no duplicate delete policy cmds for hcp sharedvpc

for _, roleName := range roleNames {
policyARN := policyMap[roleName]
arbitraryPolicyARN := arbitraryPolicyMap[roleName]
Expand Down Expand Up @@ -341,6 +362,30 @@ func buildCommand(r *rosa.Runtime, roleNames []string, policyMap map[string][]st
AddParam(awscb.RoleName, roleName).
Build()
commands = append(commands, deleteRole)

// Delete HCP shared VPC policies
for _, hcpSharedVpcPolicy := range hcpSharedVpcPoliciesOutput {
hasRhManagedTag := false
hasHcpSharedVpcTag := false
for _, tag := range hcpSharedVpcPolicy.Policy.Tags {
if *tag.Key == tags.RedHatManaged {
hasRhManagedTag = true
} else if *tag.Key == tags.HcpSharedVpc {
hasHcpSharedVpcTag = true
}
}
if hasHcpSharedVpcTag && hasRhManagedTag {
deletePolicy := awscb.NewIAMCommandBuilder().
SetCommand(awscb.DeletePolicy).
AddParam(awscb.PolicyArn, *hcpSharedVpcPolicy.Policy.Arn).
Build()
hcpSharedVpcPolicyCommands[*hcpSharedVpcPolicy.Policy.PolicyName] = deletePolicy
}
}
}

for _, command := range hcpSharedVpcPolicyCommands {
commands = append(commands, command)
}
return strings.Join(commands, "\n")
}

0 comments on commit e8418a1

Please sign in to comment.