MULTIARCH-4696: harden the subnet delete using jq/--no-run-if-empty (openshift#58949)

* MULTIARCH-4696: harden the subnet delete using jq/--no-run-if-empty

Signed-off-by: Paul Bastide <[email protected]>

* MULTIARCH-4696: harden for security group overload

Signed-off-by: Paul Bastide <[email protected]>

* MULTIARCH-4696: deprovision issues with id_rsa and harden for pathing

Signed-off-by: Paul Bastide <[email protected]>

* MULTIARCH-4696: clean up the network cleanup

Signed-off-by: Paul Bastide <[email protected]>

* MULTIARCH-4696: synchronize the vpc deprovision and the precleanup step

Signed-off-by: Paul Bastide <[email protected]>

---------

Signed-off-by: Paul Bastide <[email protected]>

Author: prb112

ci-operator/step-registry/upi/deprovision/powervs/cluster/upi-deprovision-powervs-cluster-commands.sh

@@ -121,6 +121,7 @@ function cleanup_prior() {
     WORKSPACE_NAME="$(cat ${SHARED_DIR}/WORKSPACE_NAME)"
     VPC_NAME="${WORKSPACE_NAME}-vpc"
     export VPC_NAME
+
     # PowerVS Instances
     echo "Cleaning up target PowerVS workspace"
     for CRN in $(ibmcloud pi workspace ls 2> /dev/null | grep "${WORKSPACE_NAME}" | awk '{print $1}' || true)
@@ -145,38 +146,54 @@ function cleanup_prior() {
             sleep 5
         done
         sleep 60
+
+        # Dev: functions don't work inline with xargs
+        echo "Delete network non-'ocp-net' on PowerVS region"
+        ibmcloud pi subnet ls --json | jq -r '[.networks[] | select(.name | contains("ocp-net") | not)] | .[]?.networkID' | xargs --no-run-if-empty -I {} ibmcloud pi subnet delete {} || true
+        echo "Done deleting non-'ocp-net' on PowerVS"
+
         echo "[STATUS:Done] Deleting the contents in ${CRN}"
     done
 
     # VPC Instances
     # VPC LBs
-    # TODO: FIXME - need to be selective so as not to blow out other workflows being run
-    echo "Cleaning up the VPC Load Balancers"
+        # VPC Instances
+    # VPC LBs 
+    WORKSPACE_NAME="multi-arch-comp-${LEASED_RESOURCE}-1"
+    VPC_NAME="${WORKSPACE_NAME}-vpc"
+
+    echo "Target region - ${VPC_REGION}"
     ibmcloud target -r "${VPC_REGION}" -g "${RESOURCE_GROUP}"
-    for RESOURCE_TGT in $(ibmcloud is subnets --output json | jq -r '.[].id')
+
+    echo "Cleaning up the Security Groups"
+    ibmcloud is security-groups --vpc "${VPC_NAME}" --resource-group-name "${RESOURCE_GROUP}" --output json \
+        | jq -r '[.[] | select(.name | contains("ocp-sec-group"))] | .[]?.name' \
+        | xargs --no-run-if-empty -I {} ibmcloud security-group-delete {} --vpc "${VPC_NAME}" --force\
+        || true
+
+    echo "Cleaning up the VPC Load Balancers"
+    for SUB in $(ibmcloud is subnets --output json 2>&1 | jq --arg vpc "${VPC_NAME}" -r '.[] | select(.vpc.name | contains($vpc)).id')
     do
-        VALID_SUB=$(ibmcloud is subnet "${RESOURCE_TGT}" --output json | jq -r '. | select(.vpc.name | contains("'${VPC_NAME}'"))')
-        if [ -n "${VALID_SUB}" ]
-        then
-            # Searches the VSIs and LBs to delete them
-            for VSI in $(ibmcloud is subnet "${VALID_SUB}" --vpc "${VPC_NAME}" --output json --show-attached | jq -r '.instances[].name')
-            do
-                ibmcloud is instance-delete "${VSI}" --force || true
-            done
-
-            for LB in $(ibmcloud is subnet "${VALID_SUB}" --vpc "${VPC_NAME}" --output json --show-attached | jq -r '.load_balancers[].name')
-            do
-                ibmcloud is load-balancer-delete "${LB}" --force --vpc "${VPC_NAME}" || true
-            done
-            sleep 60
-        fi
+        echo "Subnet: ${SUB}"
+        # Searches the VSIs and LBs to delete them
+        for VSI in $(ibmcloud is subnet "${SUB}" --vpc "${VPC_NAME}" --output json --show-attached | jq -r '.instances[]?.name')
+        do
+            ibmcloud is instance-delete "${VSI}" --force || true
+        done
+
+        echo "Deleting LB in ${SUB}"
+        for LB in $(ibmcloud is subnet "${SUB}" --vpc "${VPC_NAME}" --output json --show-attached | jq -r '.load_balancers[].name')
+        do
+            ibmcloud is load-balancer-delete "${LB}" --force --vpc "${VPC_NAME}" || true
+        done
+        sleep 60
     done
 
     # VPC Images
     # TODO: FIXME add filtering by date.... ?
     for RESOURCE_TGT in $(ibmcloud is images --owner-type user --resource-group-name "${RESOURCE_GROUP}" --output json | jq -r '.[].id')
     do
-        ibmcloud is image-delete "${RESOURCE_TGT}"
+        ibmcloud is image-delete "${RESOURCE_TGT}" -f
     done
 
     echo "Done cleaning up prior runs"
@@ -185,19 +202,19 @@ function cleanup_prior() {
 # Destroy the cluster based on the set configuration / tfvars
 function destroy_upi_cluster() {
     echo "destroy terraform to build PowerVS UPI cluster"
-    cp "${SHARED_DIR}"/var-multi-arch-upi.tfvars "${IBMCLOUD_HOME}"/ocp-install-dir/var-multi-arch-upi.tfvars 
-    echo "UPI TFVARS copied: ${IBMCLOUD_HOME}"/ocp-install-dir/var-multi-arch-upi.tfvars
+    cp "${SHARED_DIR}"/var-multi-arch-upi.tfvars "${IBMCLOUD_HOME}"/ocp4-upi-powervs/var-multi-arch-upi.tfvars 
+    echo "UPI TFVARS copied: ${IBMCLOUD_HOME}"/ocp4-upi-powervs/data/var-multi-arch-upi.tfvars
 
-    cp "${CLUSTER_PROFILE_DIR}"/ssh-privatekey "${IBMCLOUD_HOME}"/ocp4-upi-powervs/data/id_rsa.pub
-    cp "${CLUSTER_PROFILE_DIR}"/ssh-publickey "${IBMCLOUD_HOME}"/ocp4-upi-powervs/data/id_rsa
-    chmod 0600 "${IBMCLOUD_HOME}"/ocp-install-dir/id_rsa
+    cp "${CLUSTER_PROFILE_DIR}"/ssh-privatekey "${IBMCLOUD_HOME}"/ocp4-upi-powervs/data/id_rsa
+    cp "${CLUSTER_PROFILE_DIR}"/ssh-publickey "${IBMCLOUD_HOME}"/ocp4-upi-powervs/data/id_rsa.pub
+    chmod 0600 "${IBMCLOUD_HOME}"/ocp4-upi-powervs/data/id_rsa
 
-    cp "${SHARED_DIR}"/terraform.tfstate "${IBMCLOUD_HOME}"/ocp4-upi-powervs/terraform.tfstate
-    cd "${IBMCLOUD_HOME}"/ocp4-upi-powervs && \
+    cp "${SHARED_DIR}"/terraform.tfstate "${IBMCLOUD_HOME}"/ocp4-upi-powervs/data/terraform.tfstate
+    cd "${IBMCLOUD_HOME}"/ocp-install-dir/ocp4-upi-powervs && \
         "${IBMCLOUD_HOME}"/ocp-install-dir/terraform init && \
         "${IBMCLOUD_HOME}"/ocp-install-dir/terraform destroy -auto-approve \
-            -var-file "${IBMCLOUD_HOME}"/ocp-install-dir/var-multi-arch-upi.tfvars \
-            -state "${IBMCLOUD_HOME}"/ocp4-upi-powervs/terraform.tfstate
+            -var-file "${IBMCLOUD_HOME}"/ocp4-upi-powervs/data/var-multi-arch-upi.tfvars \
+            -state "${IBMCLOUD_HOME}"/ocp4-upi-powervs/data/terraform.tfstate
 }
 
 ############################################################

ci-operator/step-registry/upi/install/powervs/cluster/upi-install-powervs-cluster-commands.sh

@@ -191,16 +191,23 @@ function cleanup_prior() {
 
     # Dev: functions don't work inline with xargs
     echo "Delete network non-'ocp-net' on PowerVS region"
-    ibmcloud pi subnet ls | grep -v ocp-net | awk '{print $1}' | xargs -I {} ibmcloud pi subnet delete {} || true
+    ibmcloud pi subnet ls --json | jq -r '[.networks[] | select(.name | contains("ocp-net") | not)] | .[]?.networkID' | xargs --no-run-if-empty -I {} ibmcloud pi subnet delete {} || true
     echo "Done deleting non-'ocp-net' on PowerVS"
 
     # VPC Instances
     # VPC LBs 
     WORKSPACE_NAME="multi-arch-comp-${LEASED_RESOURCE}-1"
     VPC_NAME="${WORKSPACE_NAME}-vpc"
+    echo "Target region - ${VPC_REGION}"
+    ibmcloud target -r "${VPC_REGION}" -g "${RESOURCE_GROUP}"
+
+    echo "Cleaning up the Security Groups"
+    ibmcloud is security-groups --vpc "${VPC_NAME}" --resource-group-name "${RESOURCE_GROUP}" --output json \
+        | jq -r '[.[] | select(.name | contains("ocp-sec-group"))] | .[]?.name' \
+        | xargs --no-run-if-empty -I {} ibmcloud security-group-delete {} --vpc "${VPC_NAME}" --force\
+        || true
 
     echo "Cleaning up the VPC Load Balancers"
-    ibmcloud target -r "${VPC_REGION}" -g "${RESOURCE_GROUP}"
     for SUB in $(ibmcloud is subnets --output json 2>&1 | jq --arg vpc "${VPC_NAME}" -r '.[] | select(.vpc.name | contains($vpc)).id')
     do
         echo "Subnet: ${SUB}"