ci: use iam destroy command for resource destruction (#1272)

* replace tf destruction with new command

* move iam destroy cmd

* fix typos

* exit post test on error

* [remove] test failure on iam destroy

* Revert "[remove] test failure on iam destroy"

This reverts commit 99449c0cc0.

* [remove] test failure on terminate

* Revert "[remove] test failure on terminate"

This reverts commit 99c45bbc54.

* gofumpt
This commit is contained in:
Moritz Sanft 2023-02-28 09:52:32 +01:00 committed by GitHub
parent ca1a594f04
commit 732d15d013
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 17 additions and 26 deletions

View File

@ -7,11 +7,4 @@ runs:
- name: Delete IAM configuration - name: Delete IAM configuration
shell: bash shell: bash
run: | run: |
if [[ -f constellation-iam-terraform/terraform.tfstate ]]; then constellation iam destroy --yes
echo "IAM Terraform state file exists, deleting..."
cd constellation-iam-terraform
terraform destroy -auto-approve
else
echo "IAM Terraform state file does not exist, exiting..."
exit 0
fi

View File

@ -307,14 +307,12 @@ jobs:
- name: Always terminate cluster - name: Always terminate cluster
if: always() if: always()
continue-on-error: true
uses: ./.github/actions/constellation_destroy uses: ./.github/actions/constellation_destroy
with: with:
kubeconfig: ${{ steps.e2e_test.outputs.kubeconfig }} kubeconfig: ${{ steps.e2e_test.outputs.kubeconfig }}
- name: Always delete IAM configuration - name: Always delete IAM configuration
if: always() && inputs.test == 'iamcreate' && inputs.cloudProvider != 'azure' # skip for Azure, as the SP / MI does not have the required permissions if: always() && inputs.test == 'iamcreate' && inputs.cloudProvider != 'azure' # skip for Azure, as the SP / MI does not have the required permissions
continue-on-error: true
uses: ./.github/actions/constellation_iam_destroy uses: ./.github/actions/constellation_iam_destroy
- name: Always destroy Azure resource group - name: Always destroy Azure resource group

View File

@ -564,18 +564,3 @@ func parseIDFile(serviceAccountKeyBase64 string) (map[string]string, error) {
} }
return out, nil return out, nil
} }
// NewIAMDestroyCmd returns a new cobra.Command for the iam destroy subcommand.
func newIAMDestroyCmd() *cobra.Command {
cmd := &cobra.Command{
Use: "destroy",
Short: "Destroy an IAM configuration and delete local terraform files",
Long: "Destroy an IAM configuration and delete local terraform files.",
Args: cobra.ExactArgs(0),
RunE: runIAMDestroy,
}
cmd.Flags().BoolP("yes", "y", false, "destroy the IAM configuration without asking for confirmation")
return cmd
}

View File

@ -18,6 +18,21 @@ import (
"github.com/spf13/cobra" "github.com/spf13/cobra"
) )
// NewIAMDestroyCmd returns a new cobra.Command for the iam destroy subcommand.
func newIAMDestroyCmd() *cobra.Command {
cmd := &cobra.Command{
Use: "destroy",
Short: "Destroy an IAM configuration and delete local Terraform files",
Long: "Destroy an IAM configuration and delete local Terraform files.",
Args: cobra.ExactArgs(0),
RunE: runIAMDestroy,
}
cmd.Flags().BoolP("yes", "y", false, "destroy the IAM configuration without asking for confirmation")
return cmd
}
func runIAMDestroy(cmd *cobra.Command, _args []string) error { func runIAMDestroy(cmd *cobra.Command, _args []string) error {
log, err := newCLILogger(cmd) log, err := newCLILogger(cmd)
if err != nil { if err != nil {
@ -129,7 +144,7 @@ func (c *destroyCmd) deleteGCPServiceAccountKeyFile(cmd *cobra.Command, destroye
c.log.Debugf("Checking if keys are the same") c.log.Debugf("Checking if keys are the same")
if tfSaKey != fileSaKey { if tfSaKey != fileSaKey {
cmd.Printf("The key in %q don't match up with your terraform state. %q will not be deleted.\n", constants.GCPServiceAccountKeyFile, constants.GCPServiceAccountKeyFile) cmd.Printf("The key in %q don't match up with your Terraform state. %q will not be deleted.\n", constants.GCPServiceAccountKeyFile, constants.GCPServiceAccountKeyFile)
return true, nil return true, nil
} }