Clean up orphaned GCP resources in all supported regions

helderjs · helderjs · commit 5cc430bdb6ec · 2025-07-11T10:12:49.000+02:00
diff --git a/tools/clean/atlas/atlas.go b/tools/clean/atlas/atlas.go
@@ -111,9 +111,18 @@ func (c *Cleaner) Clean(ctx context.Context, lifetimeHours int) error {
 }
 
 func (c *Cleaner) cleanOrphanResources(ctx context.Context, lifetimeHours int) {
-	region := envOrDefault("GCP_CLEANUP_REGION", "europe-west1")
-	subnet := envOrDefault("GCP_CLEANUP_SUBNET", "atlas-operator-e2e-test-subnet1")
-	vpcPrefix := envOrDefault("GCP_CLEANUP_VPC_NAME_PREFIX", "network-peering-gcp-1-vpc")
+	gcpVpcPrefixes := []string{"gcp-pe", "ao-vpc", "migrate-private-endpoint"}
+	gcpRegions := []string{
+		"us-west3",
+		"us-east5",
+		"southamerica-east1",
+		"europe-west3",
+		"europe-north1",
+		"europe-west6",
+		"asia-east2",
+		"asia-northeast2",
+		"australia-southeast2",
+	}
 
 	var done, skipped []string
 	var errs []error
@@ -125,12 +134,14 @@ func (c *Cleaner) cleanOrphanResources(ctx context.Context, lifetimeHours int) {
 		errs = append(errs, e...)
 	}
 
-	addResults(func() ([]string, []string, []error) {
-		return c.gcp.DeleteOrphanPrivateEndpoints(ctx, lifetimeHours, region, subnet)
-	})
+	for _, region := range gcpRegions {
+		addResults(func() ([]string, []string, []error) {
+			return c.gcp.DeleteOrphanPrivateEndpoints(ctx, region, lifetimeHours)
+		})
+	}
 
 	addResults(func() ([]string, []string, []error) {
-		return c.gcp.DeleteOrphanVPCs(ctx, lifetimeHours, vpcPrefix)
+		return c.gcp.DeleteOrphanVPCs(ctx, gcpVpcPrefixes, gcpRegions, lifetimeHours)
 	})
 
 	for _, doneMsg := range done {
@@ -182,11 +193,3 @@ func NewCleaner(aws *provider.AWS, gcp *provider.GCP, azure *provider.Azure) (*C
 func isGov(url string) bool {
 	return strings.HasSuffix(url, "mongodbgov.com")
 }
-
-func envOrDefault(name, defaultValue string) string {
-	value, defined := os.LookupEnv(name)
-	if !defined {
-		return defaultValue
-	}
-	return value
-}
diff --git a/tools/clean/provider/gcp.go b/tools/clean/provider/gcp.go
@@ -116,9 +116,15 @@ func (gcp *GCP) DeletePrivateEndpoint(ctx context.Context, groupName, sAttachmen
 	return nil
 }
 
-func (gcp *GCP) DeleteOrphanVPCs(ctx context.Context, lifetimeHours int, vpcNamePrefix string) ([]string, []string, []error) {
+func (gcp *GCP) DeleteOrphanVPCs(ctx context.Context, vpcNamePrefixes, regions []string, lifetimeHours int) ([]string, []string, []error) {
+	var filterParts []string
+	for _, prefix := range vpcNamePrefixes {
+		filterParts = append(filterParts, fmt.Sprintf(`name = "%s*"`, prefix))
+	}
+	filterString := strings.Join(filterParts, " OR ")
 	vpcs := gcp.networkClient.List(ctx, &computepb.ListNetworksRequest{
 		Project: gcp.projectID,
+		Filter:  &filterString,
 	})
 
 	var done, skipped []string
@@ -134,12 +140,7 @@ func (gcp *GCP) DeleteOrphanVPCs(ctx context.Context, lifetimeHours int, vpcName
 			)
 			continue
 		}
-		if !strings.HasPrefix(vpc.GetName(), vpcNamePrefix) {
-			skipped = append(skipped,
-				fmt.Sprintf("VPC %s skipped\n", vpc.GetName()),
-			)
-			continue
-		}
+
 		createdAt, err := asTime(vpc.GetCreationTimestamp())
 		if err != nil {
 			errs = append(errs,
@@ -154,6 +155,24 @@ func (gcp *GCP) DeleteOrphanVPCs(ctx context.Context, lifetimeHours int, vpcName
 			continue
 		}
 
+		if len(vpc.GetSubnetworks()) > 0 {
+			for _, subnet := range vpc.GetSubnetworks() {
+				for _, region := range regions {
+					_, err := gcp.subnetworksClient.Delete(ctx, &computepb.DeleteSubnetworkRequest{
+						Project:    gcp.projectID,
+						Region:     region,
+						Subnetwork: path.Base(subnet),
+					})
+					if err != nil {
+						errs = append(errs,
+							fmt.Errorf("error deleting subnetwork %s: %w", subnet, err),
+						)
+						continue
+					}
+				}
+			}
+		}
+
 		op, err := gcp.networkClient.Delete(ctx, &computepb.DeleteNetworkRequest{
 			Project: gcp.projectID,
 			Network: vpc.GetName(),
@@ -180,7 +199,7 @@ func (gcp *GCP) DeleteOrphanVPCs(ctx context.Context, lifetimeHours int, vpcName
 	return done, skipped, errs
 }
 
-func (gcp *GCP) DeleteOrphanPrivateEndpoints(ctx context.Context, lifetimeHours int, region string, subnet string) ([]string, []string, []error) {
+func (gcp *GCP) DeleteOrphanPrivateEndpoints(ctx context.Context, region string, lifetimeHours int) ([]string, []string, []error) {
 	addresses := gcp.addressClient.List(ctx, &computepb.ListAddressesRequest{
 		Project: gcp.projectID,
 		Region:  region,
@@ -193,21 +212,17 @@ func (gcp *GCP) DeleteOrphanPrivateEndpoints(ctx context.Context, lifetimeHours
 			break
 		}
 		if err != nil {
-			errs = append(errs,
+			errs = append(
+				errs,
 				fmt.Errorf("failed iterating addresses in project %v region %v: %w", gcp.projectID, region, err),
 			)
 			continue
 		}
-		suffix := fmt.Sprintf("subnetworks/%s", subnet)
-		if !strings.HasSuffix(addr.GetSubnetwork(), suffix) {
-			skipped = append(skipped,
-				fmt.Sprintf("Address %s(%s) skipped, not in %s\n", addr.GetName(), addr.GetAddress(), subnet),
-			)
-			continue
-		}
+
 		createdAt, err := asTime(addr.GetCreationTimestamp())
 		if err != nil {
-			errs = append(errs,
+			errs = append(
+				errs,
 				fmt.Errorf(
 					"failed parsing Address %s(%s) creation timestamp %q: %w",
 					addr.GetCreationTimestamp(), addr.GetName(), addr.GetAddress(), err,
@@ -224,27 +239,26 @@ func (gcp *GCP) DeleteOrphanPrivateEndpoints(ctx context.Context, lifetimeHours
 			)
 			continue
 		}
-		frName, err := expectForwardingRule(addr.GetUsers())
-		if err != nil {
-			errs = append(errs, err)
-			continue
-		}
 
-		if frName != "" {
-			err := gcp.deleteForwardingRule(ctx, frName, region)
-			if err != nil {
-				errs = append(errs,
-					fmt.Errorf("failed deleting Forwarding Rule %q in region %q: %w", region, frName, err),
+		if addr.GetStatus() == "IN_USE" {
+			for _, user := range addr.GetUsers() {
+				fr := path.Base(user)
+				err = gcp.deleteForwardingRule(ctx, fr, region)
+				if err != nil {
+					errs = append(errs,
+						fmt.Errorf("failed deleting Forwarding Rule %q in region %q: %w", region, fr, err),
+					)
+					continue
+				}
+				done = append(done,
+					fmt.Sprintf("Deleted Forwarding Rule %s for %s\n", fr, addr.GetAddress()),
 				)
-				continue
 			}
-			done = append(done,
-				fmt.Sprintf("Deleted Forwarding Rule %s for %s\n", frName, addr.GetAddress()),
-			)
 		} else {
 			skipped = append(skipped,
 				fmt.Sprintf("No forwarding rule using Address %s(%s)", addr.GetName(), addr.GetAddress()))
 		}
+
 		if err := gcp.deleteIPAddress(ctx, addr.GetName(), region); err != nil {
 			errs = append(errs,
 				fmt.Errorf("error deleting Address %s(%s) in region %q: %w",
@@ -262,19 +276,6 @@ func asTime(rfc3339time string) (time.Time, error) {
 	return time.Parse(time.RFC3339, rfc3339time)
 }
 
-func expectForwardingRule(usersOfEndpointAddress []string) (string, error) {
-	if len(usersOfEndpointAddress) == 0 {
-		return "", nil
-	}
-	if len(usersOfEndpointAddress) > 1 {
-		return "", fmt.Errorf("expected a single user of an Endpoint Address, but got %v", usersOfEndpointAddress)
-	}
-	if strings.Contains(usersOfEndpointAddress[0], "/forwardingRules/") {
-		return path.Base(usersOfEndpointAddress[0]), nil
-	}
-	return "", fmt.Errorf("expected a Forwarding Rule user for Endpoint Address but got %s", usersOfEndpointAddress[0])
-}
-
 func (gcp *GCP) DeleteCryptoKey(ctx context.Context, keyName string) error {
 	_, err := gcp.keyManagementClient.GetCryptoKeyVersion(ctx, &kmspb.GetCryptoKeyVersionRequest{
 		Name: keyName,
