CORS-3256: GCP destroy updates for CAPG

** Delete global scoped resources that are created during CAPG installs.
** Update: Delete Global Resources for BackEnd services and forwarding rules
** Update: Firewall Rule filter using regular expressions

Author: barbacbd

pkg/destroy/gcp/backendservice.go

@@ -2,69 +2,100 @@ package gcp
 
 import (
 	"context"
+	"fmt"
 
-	"github.com/pkg/errors"
+	"github.com/sirupsen/logrus"
 	"google.golang.org/api/compute/v1"
 	"google.golang.org/api/googleapi"
 
 	"github.com/openshift/installer/pkg/types/gcp"
 )
 
-func (o *ClusterUninstaller) listBackendServices(ctx context.Context) ([]cloudResource, error) {
-	return o.listBackendServicesWithFilter(ctx, "items(name),nextPageToken", o.clusterIDFilter(), nil)
+func (o *ClusterUninstaller) listBackendServices(ctx context.Context, scope resourceScope) ([]cloudResource, error) {
+	return o.listBackendServicesWithFilter(ctx, "items(name),nextPageToken", o.clusterIDFilter(), nil, scope)
+}
+
+func createBackendServiceCloudResources(filterFunc func(*compute.BackendService) bool, list *compute.BackendServiceList) []cloudResource {
+	result := []cloudResource{}
+
+	for _, item := range list.Items {
+		if filterFunc == nil || filterFunc(item) {
+			logrus.Debugf("Found backend service: %s", item.Name)
+			result = append(result, cloudResource{
+				key:      item.Name,
+				name:     item.Name,
+				typeName: "backendservice",
+				quota: []gcp.QuotaUsage{{
+					Metric: &gcp.Metric{
+						Service: gcp.ServiceComputeEngineAPI,
+						Limit:   "backend_services",
+					},
+					Amount: 1,
+				}},
+			})
+		}
+	}
+
+	return result
 }
 
 // listBackendServicesWithFilter lists backend services in the project that satisfy the filter criteria.
 // The fields parameter specifies which fields should be returned in the result, the filter string contains
 // a filter string passed to the API to filter results. The filterFunc is a client-side filtering function
 // that determines whether a particular result should be returned or not.
-func (o *ClusterUninstaller) listBackendServicesWithFilter(ctx context.Context, fields string, filter string, filterFunc func(*compute.BackendService) bool) ([]cloudResource, error) {
-	o.Logger.Debugf("Listing backend services")
+func (o *ClusterUninstaller) listBackendServicesWithFilter(ctx context.Context, fields string, filter string, filterFunc func(*compute.BackendService) bool, scope resourceScope) ([]cloudResource, error) {
+	o.Logger.Debugf("Listing %s backend services", scope)
 	ctx, cancel := context.WithTimeout(ctx, defaultTimeout)
 	defer cancel()
 	result := []cloudResource{}
+
+	if scope == gcpGlobalResource {
+		req := o.computeSvc.BackendServices.List(o.ProjectID).Fields(googleapi.Field(fields))
+		if len(filter) > 0 {
+			req = req.Filter(filter)
+		}
+		err := req.Pages(ctx, func(list *compute.BackendServiceList) error {
+			result = append(result, createBackendServiceCloudResources(filterFunc, list)...)
+			return nil
+		})
+		if err != nil {
+			return nil, fmt.Errorf("failed to list global backend services: %w", err)
+		}
+		return result, nil
+	}
+
+	// Regional backend services
 	req := o.computeSvc.RegionBackendServices.List(o.ProjectID, o.Region).Fields(googleapi.Field(fields))
 	if len(filter) > 0 {
 		req = req.Filter(filter)
 	}
 	err := req.Pages(ctx, func(list *compute.BackendServiceList) error {
-		for _, item := range list.Items {
-			if filterFunc == nil || filterFunc != nil && filterFunc(item) {
-				o.Logger.Debugf("Found backend service: %s", item.Name)
-				result = append(result, cloudResource{
-					key:      item.Name,
-					name:     item.Name,
-					typeName: "backendservice",
-					quota: []gcp.QuotaUsage{{
-						Metric: &gcp.Metric{
-							Service: gcp.ServiceComputeEngineAPI,
-							Limit:   "backend_services",
-						},
-						Amount: 1,
-					}},
-				})
-			}
-		}
+		result = append(result, createBackendServiceCloudResources(filterFunc, list)...)
 		return nil
 	})
 	if err != nil {
-		return nil, errors.Wrapf(err, "failed to list backend services")
+		return nil, fmt.Errorf("failed to list regional backend services: %w", err)
 	}
+
 	return result, nil
 }
 
-func (o *ClusterUninstaller) deleteBackendService(ctx context.Context, item cloudResource) error {
+func (o *ClusterUninstaller) deleteBackendService(ctx context.Context, item cloudResource, scope resourceScope) error {
 	o.Logger.Debugf("Deleting backend service %s", item.name)
 	ctx, cancel := context.WithTimeout(ctx, defaultTimeout)
 	defer cancel()
-	op, err := o.computeSvc.RegionBackendServices.Delete(o.ProjectID, o.Region, item.name).RequestId(o.requestID(item.typeName, item.name)).Context(ctx).Do()
-	if err != nil && !isNoOp(err) {
-		o.resetRequestID(item.typeName, item.name)
-		return errors.Wrapf(err, "failed to delete backend service %s", item.name)
+
+	var op *compute.Operation
+	var err error
+	if scope == gcpGlobalResource {
+		op, err = o.computeSvc.BackendServices.Delete(o.ProjectID, item.name).RequestId(o.requestID(item.typeName, item.name)).Context(ctx).Do()
+	} else {
+		op, err = o.computeSvc.RegionBackendServices.Delete(o.ProjectID, o.Region, item.name).RequestId(o.requestID(item.typeName, item.name)).Context(ctx).Do()
 	}
+
 	if op != nil && op.Status == "DONE" && isErrorStatus(op.HttpErrorStatusCode) {
 		o.resetRequestID(item.typeName, item.name)
-		return errors.Errorf("failed to delete backend service %s with error: %s", item.name, operationErrorMessage(op))
+		return fmt.Errorf("failed to delete backend service %s with error: %s: %w", item.name, operationErrorMessage(op), err)
 	}
 	if (err != nil && isNoOp(err)) || (op != nil && op.Status == "DONE") {
 		o.resetRequestID(item.typeName, item.name)
@@ -77,19 +108,21 @@ func (o *ClusterUninstaller) deleteBackendService(ctx context.Context, item clou
 // destroyBackendServices removes backend services with a name prefixed
 // with the cluster's infra ID.
 func (o *ClusterUninstaller) destroyBackendServices(ctx context.Context) error {
-	found, err := o.listBackendServices(ctx)
-	if err != nil {
-		return err
-	}
-	items := o.insertPendingItems("backendservice", found)
-	for _, item := range items {
-		err := o.deleteBackendService(ctx, item)
+	for _, scope := range []resourceScope{gcpGlobalResource, gcpRegionalResource} {
+		found, err := o.listBackendServices(ctx, scope)
 		if err != nil {
-			o.errorTracker.suppressWarning(item.key, err, o.Logger)
+			return fmt.Errorf("failed to list backend services: %w", err)
+		}
+		items := o.insertPendingItems("backendservice", found)
+		for _, item := range items {
+			err := o.deleteBackendService(ctx, item, scope)
+			if err != nil {
+				o.errorTracker.suppressWarning(item.key, err, o.Logger)
+			}
+		}
+		if items = o.getPendingItems("backendservice"); len(items) > 0 {
+			return fmt.Errorf("%d items pending", len(items))
 		}
-	}
-	if items = o.getPendingItems("backendservice"); len(items) > 0 {
-		return errors.Errorf("%d items pending", len(items))
 	}
 	return nil
 }

pkg/destroy/gcp/cloudcontroller.go

@@ -36,7 +36,7 @@ func (o *ClusterUninstaller) listCloudControllerBackendServices(ctx context.Cont
 			}
 		}
 		return true
-	})
+	}, gcpRegionalResource)
 }
 
 // listCloudControllerTargetPools returns target pools created by the cloud controller or owned by the cloud controller.
@@ -114,7 +114,7 @@ func (o *ClusterUninstaller) discoverCloudControllerLoadBalancerResources(ctx co
 	o.insertPendingItems("firewall", found)
 
 	// Discover associated forwarding rules: loadBalancerName
-	found, err = o.listForwardingRulesWithFilter(ctx, "items(name),nextPageToken", loadBalancerNameFilter, nil)
+	found, err = o.listForwardingRulesWithFilter(ctx, "items(name),nextPageToken", loadBalancerNameFilter, nil, gcpRegionalResource)
 	if err != nil {
 		return err
 	}

pkg/destroy/gcp/firewall.go

@@ -2,6 +2,7 @@ package gcp
 
 import (
 	"context"
+	"fmt"
 
 	"github.com/pkg/errors"
 	"google.golang.org/api/compute/v1"
@@ -11,7 +12,11 @@ import (
 )
 
 func (o *ClusterUninstaller) listFirewalls(ctx context.Context) ([]cloudResource, error) {
-	return o.listFirewallsWithFilter(ctx, "items(name),nextPageToken", o.clusterIDFilter(), nil)
+	// The firewall rules that the destroyer is searching for here include a
+	// pattern before and after the cluster ID. Use a regular expression that allows
+	// wildcard values before and after the cluster ID.
+	filter := fmt.Sprintf("name eq .*%s.*", o.ClusterID)
+	return o.listFirewallsWithFilter(ctx, "items(name),nextPageToken", filter, nil)
 }
 
 // listFirewallsWithFilter lists firewall rules in the project that satisfy the filter criteria.

pkg/destroy/gcp/forwardingrule.go

@@ -2,77 +2,113 @@ package gcp
 
 import (
 	"context"
+	"fmt"
 
-	"github.com/pkg/errors"
+	"github.com/sirupsen/logrus"
 	"google.golang.org/api/compute/v1"
 	"google.golang.org/api/googleapi"
 
 	"github.com/openshift/installer/pkg/types/gcp"
 )
 
-func (o *ClusterUninstaller) listForwardingRules(ctx context.Context) ([]cloudResource, error) {
-	return o.listForwardingRulesWithFilter(ctx, "items(name,region,loadBalancingScheme),nextPageToken", o.clusterIDFilter(), nil)
+func (o *ClusterUninstaller) listForwardingRules(ctx context.Context, scope resourceScope) ([]cloudResource, error) {
+	return o.listForwardingRulesWithFilter(ctx, "items(name,region,loadBalancingScheme),nextPageToken", o.clusterIDFilter(), nil, scope)
+}
+
+func createForwardingRuleResources(filterFunc func(*compute.ForwardingRule) bool, list *compute.ForwardingRuleList) []cloudResource {
+	result := []cloudResource{}
+
+	for _, item := range list.Items {
+		if filterFunc == nil || filterFunc(item) {
+			logrus.Debugf("Found forwarding rule: %s", item.Name)
+			var quota []gcp.QuotaUsage
+			if item.LoadBalancingScheme == "EXTERNAL" {
+				quota = []gcp.QuotaUsage{{
+					Metric: &gcp.Metric{
+						Service: gcp.ServiceComputeEngineAPI,
+						Limit:   "external_network_lb_forwarding_rules",
+						Dimensions: map[string]string{
+							"region": getNameFromURL("regions", item.Region),
+						},
+					},
+					Amount: 1,
+				}}
+			}
+			result = append(result, cloudResource{
+				key:      item.Name,
+				name:     item.Name,
+				typeName: "forwardingrule",
+				quota:    quota,
+			})
+		}
+	}
+
+	return result
 }
 
 // listForwardingRulesWithFilter lists forwarding rules in the project that satisfy the filter criteria.
 // The fields parameter specifies which fields should be returned in the result, the filter string contains
 // a filter string passed to the API to filter results. The filterFunc is a client-side filtering function
 // that determines whether a particular result should be returned or not.
-func (o *ClusterUninstaller) listForwardingRulesWithFilter(ctx context.Context, fields string, filter string, filterFunc func(*compute.ForwardingRule) bool) ([]cloudResource, error) {
-	o.Logger.Debugf("Listing forwarding rules")
+func (o *ClusterUninstaller) listForwardingRulesWithFilter(ctx context.Context, fields string, filter string, filterFunc func(*compute.ForwardingRule) bool, scope resourceScope) ([]cloudResource, error) {
+	o.Logger.Debugf("Listing %s forwarding rules", scope)
 	ctx, cancel := context.WithTimeout(ctx, defaultTimeout)
 	defer cancel()
+
 	result := []cloudResource{}
+
+	if scope == gcpGlobalResource {
+		req := o.computeSvc.GlobalForwardingRules.List(o.ProjectID).Fields(googleapi.Field(fields))
+		if len(filter) > 0 {
+			req = req.Filter(filter)
+		}
+		err := req.Pages(ctx, func(list *compute.ForwardingRuleList) error {
+			result = append(result, createForwardingRuleResources(filterFunc, list)...)
+			return nil
+		})
+		if err != nil {
+			return nil, fmt.Errorf("failed to list global forwarding rules: %w", err)
+		}
+
+		return result, nil
+	}
+
+	// Regional forwarding rules
 	req := o.computeSvc.ForwardingRules.List(o.ProjectID, o.Region).Fields(googleapi.Field(fields))
 	if len(filter) > 0 {
 		req = req.Filter(filter)
 	}
 	err := req.Pages(ctx, func(list *compute.ForwardingRuleList) error {
-		for _, item := range list.Items {
-			if filterFunc == nil || filterFunc != nil && filterFunc(item) {
-				o.Logger.Debugf("Found forwarding rule: %s", item.Name)
-				var quota []gcp.QuotaUsage
-				switch item.LoadBalancingScheme {
-				case "EXTERNAL":
-					quota = []gcp.QuotaUsage{{
-						Metric: &gcp.Metric{
-							Service: gcp.ServiceComputeEngineAPI,
-							Limit:   "external_network_lb_forwarding_rules",
-							Dimensions: map[string]string{
-								"region": getNameFromURL("regions", item.Region),
-							},
-						},
-						Amount: 1,
-					}}
-				}
-				result = append(result, cloudResource{
-					key:      item.Name,
-					name:     item.Name,
-					typeName: "forwardingrule",
-					quota:    quota,
-				})
-			}
-		}
+		result = append(result, createForwardingRuleResources(filterFunc, list)...)
 		return nil
 	})
+
 	if err != nil {
-		return nil, errors.Wrapf(err, "failed to list forwarding rules")
+		return nil, fmt.Errorf("failed to list regional forwarding rules: %w", err)
 	}
 	return result, nil
 }
 
-func (o *ClusterUninstaller) deleteForwardingRule(ctx context.Context, item cloudResource) error {
+func (o *ClusterUninstaller) deleteForwardingRule(ctx context.Context, item cloudResource, scope resourceScope) error {
 	o.Logger.Debugf("Deleting forwarding rule %s", item.name)
 	ctx, cancel := context.WithTimeout(ctx, defaultTimeout)
 	defer cancel()
-	op, err := o.computeSvc.ForwardingRules.Delete(o.ProjectID, o.Region, item.name).RequestId(o.requestID(item.typeName, item.name)).Context(ctx).Do()
+
+	var op *compute.Operation
+	var err error
+	if scope == gcpGlobalResource {
+		op, err = o.computeSvc.GlobalForwardingRules.Delete(o.ProjectID, item.name).RequestId(o.requestID(item.typeName, item.name)).Context(ctx).Do()
+	} else {
+		op, err = o.computeSvc.ForwardingRules.Delete(o.ProjectID, o.Region, item.name).RequestId(o.requestID(item.typeName, item.name)).Context(ctx).Do()
+	}
+
 	if err != nil && !isNoOp(err) {
 		o.resetRequestID(item.typeName, item.name)
-		return errors.Wrapf(err, "failed to delete forwarding rule %s", item.name)
+		return fmt.Errorf("failed to delete forwarding rule %s: %w", item.name, err)
 	}
 	if op != nil && op.Status == "DONE" && isErrorStatus(op.HttpErrorStatusCode) {
 		o.resetRequestID(item.typeName, item.name)
-		return errors.Errorf("failed to delete forwarding rule %s with error: %s", item.name, operationErrorMessage(op))
+		return fmt.Errorf("failed to delete forwarding rule %s with error: %s: %w", item.name, operationErrorMessage(op), err)
 	}
 	if (err != nil && isNoOp(err)) || (op != nil && op.Status == "DONE") {
 		o.resetRequestID(item.typeName, item.name)
@@ -85,19 +121,21 @@ func (o *ClusterUninstaller) deleteForwardingRule(ctx context.Context, item clou
 // destroyForwardingRules removes all forwarding rules with a name prefixed
 // with the cluster's infra ID.
 func (o *ClusterUninstaller) destroyForwardingRules(ctx context.Context) error {
-	found, err := o.listForwardingRules(ctx)
-	if err != nil {
-		return err
-	}
-	items := o.insertPendingItems("forwardingrule", found)
-	for _, item := range items {
-		err := o.deleteForwardingRule(ctx, item)
+	for _, scope := range []resourceScope{gcpGlobalResource, gcpRegionalResource} {
+		found, err := o.listForwardingRules(ctx, scope)
 		if err != nil {
-			o.errorTracker.suppressWarning(item.key, err, o.Logger)
+			return fmt.Errorf("failed to list forwarding rules: %w", err)
+		}
+		items := o.insertPendingItems("forwardingrule", found)
+		for _, item := range items {
+			if err := o.deleteForwardingRule(ctx, item, scope); err != nil {
+				o.Logger.Errorf("error deleting forwarding rule %s: %w", item.name, err)
+				o.errorTracker.suppressWarning(item.key, err, o.Logger)
+			}
+		}
+		if items = o.getPendingItems("forwardingrule"); len(items) > 0 {
+			return fmt.Errorf("%d items pending", len(items))
 		}
-	}
-	if items = o.getPendingItems("forwardingrule"); len(items) > 0 {
-		return errors.Errorf("%d items pending", len(items))
 	}
 	return nil
 }