Skip to content

Commit

Permalink
fix: Improved removal resiliency (#3038)
Browse files Browse the repository at this point in the history 
## Description

- The removal logic did expect that `/deployments/` would always
correlate to `Microsoft.Resource/deployments`.
`Microsoft.CognitiveServices/accounts/deployments` showed that this does
not apply.
Hence updated the logic to check for `Microsoft.Resource/deployments`
specifically.
- Updated the logic that tries to resolve a deployment so that it only
'retries' top-level deployments, as opposed to everything nested. The
background is that we encountered that some nested child deployment
might have failed and its deployment being gone - affecting the rest of
the removal logic if not 'ignored'

## Pipeline Reference

<!-- Insert your Pipeline Status Badge below -->

| Pipeline |
| -------- |

[![avm.res.cognitive-services.account](https://github.com/Azure/bicep-registry-modules/actions/workflows/avm.res.cognitive-services.account.yml/badge.svg?branch=users%2Falsehr%2FcogDeplRemovalFix&event=workflow_dispatch)](https://github.com/Azure/bicep-registry-modules/actions/workflows/avm.res.cognitive-services.account.yml)

[![avm.res.analysis-services.server](https://github.com/Azure/bicep-registry-modules/actions/workflows/avm.res.analysis-services.server.yml/badge.svg?branch=users%2Falsehr%2FcogDeplRemovalFix&event=workflow_dispatch)](https://github.com/Azure/bicep-registry-modules/actions/workflows/avm.res.analysis-services.server.yml)

[![avm.res.digital-twins.digital-twins-instance](https://github.com/Azure/bicep-registry-modules/actions/workflows/avm.res.digital-twins.digital-twins-instance.yml/badge.svg?branch=users%2Falsehr%2FcogDeplRemovalFix&event=workflow_dispatch)](https://github.com/Azure/bicep-registry-modules/actions/workflows/avm.res.digital-twins.digital-twins-instance.yml)
(expected)

[![avm.ptn.aca-lza.hosting-environment](https://github.com/Azure/bicep-registry-modules/actions/workflows/avm.ptn.aca-lza.hosting-environment.yml/badge.svg?branch=users%2Falsehr%2FcogDeplRemovalFix&event=workflow_dispatch)](https://github.com/Azure/bicep-registry-modules/actions/workflows/avm.ptn.aca-lza.hosting-environment.yml)

## Type of Change

<!-- Use the checkboxes [x] on the options that are relevant. -->

- [x] Update to CI Environment or utilities (Non-module affecting
changes)
- [ ] Azure Verified Module updates:
- [ ] Bugfix containing backwards-compatible bug fixes, and I have NOT
bumped the MAJOR or MINOR version in `version.json`:
- [ ] Someone has opened a bug report issue, and I have included "Closes
#{bug_report_issue_number}" in the PR description.
- [ ] The bug was found by the module author, and no one has opened an
issue to report it yet.
- [ ] Feature update backwards compatible feature updates, and I have
bumped the MINOR version in `version.json`.
- [ ] Breaking changes and I have bumped the MAJOR version in
`version.json`.
  - [ ] Update to documentation
  • Loading branch information
@AlexanderSehr
AlexanderSehr authored Sep 5, 2024
1 parent 119f1cd commit c709d11
Showing 1 changed file with 38 additions and 8 deletions.
46 changes: 38 additions & 8 deletions ...ities/pipelines/e2eValidation/resourceRemoval/helper/Get-DeploymentTargetResourceList.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -123,6 +123,9 @@ Optional. The ID of the management group to fetch deployments from. Relevant for
.PARAMETER Scope
Mandatory. The scope to search in
.PARAMETER DoThrow
Optional. Throw an exception if a deployment cannot be found. If not set, a warning is returned instead.
.EXAMPLE
Get-DeploymentTargetResourceListInner -Name 'keyvault-12356' -Scope 'resourcegroup'
Expand Down Expand Up @@ -159,7 +162,10 @@ function Get-DeploymentTargetResourceListInner {
'managementgroup',
'tenant'
)]
[string] $Scope
[string] $Scope,

[Parameter(Mandatory = $false)]
[switch] $DoThrow
)

$resultSet = [System.Collections.ArrayList]@()
Expand All @@ -178,7 +184,13 @@ function Get-DeploymentTargetResourceListInner {
if ($op = Get-DeploymentOperationAtScope @baseInputObject -ResourceGroupName $resourceGroupName -SubscriptionId $currentContext.Subscription.Id) {
[array]$deploymentTargets = $op.TargetResource.id | Where-Object { $_ -ne $null } | Select-Object -Unique
} else {
throw 'NoDeploymentFound'
$message = "Not found deployment [$Name] in scope [$Scope] of Resource Group [$ResourceGroupName]."
if ($DoThrow) {
throw $message
} else {
Write-Warning "$message Ignoring, as nested deployment."
return
}
}
} else {
# In case the resource group itself was already deleted, there is no need to try and fetch deployments from it
Expand All @@ -191,23 +203,41 @@ function Get-DeploymentTargetResourceListInner {
if ($op = Get-DeploymentOperationAtScope @baseInputObject -SubscriptionId $currentContext.Subscription.Id) {
[array]$deploymentTargets = $op.TargetResource.id | Where-Object { $_ -ne $null } | Select-Object -Unique
} else {
throw 'NoDeploymentFound'
$message = "Not found deployment [$Name] in scope [$Scope]."
if ($DoThrow) {
throw $message
} else {
Write-Warning "$message Ignoring, as nested deployment."
return
}
}
break
}
'managementgroup' {
if ($op = Get-DeploymentOperationAtScope @baseInputObject -ManagementGroupId $ManagementGroupId) {
[array]$deploymentTargets = $op.TargetResource.id | Where-Object { $_ -ne $null } | Select-Object -Unique
} else {
throw 'NoDeploymentFound'
$message = "Not found deployment [$Name] in scope [$Scope]."
if ($DoThrow) {
throw $message
} else {
Write-Warning "$message Ignoring, as nested deployment."
return
}
}
break
}
'tenant' {
if ($op = Get-DeploymentOperationAtScope @baseInputObject) {
[array]$deploymentTargets = $op.TargetResource.id | Where-Object { $_ -ne $null } | Select-Object -Unique
} else {
throw 'NoDeploymentFound'
$message = "Not found deployment [$Name] in scope [$Scope]."
if ($DoThrow) {
throw $message
} else {
Write-Warning "$message Ignoring, as nested deployment."
return
}
}
break
}
Expand All @@ -216,15 +246,15 @@ function Get-DeploymentTargetResourceListInner {
###########################
# Manage nested resources #
###########################
foreach ($deployment in ($deploymentTargets | Where-Object { $_ -notmatch '\/deployments\/' } )) {
foreach ($deployment in ($deploymentTargets | Where-Object { $_ -notmatch '\/Microsoft\.Resources\/deployments\/' } )) {
Write-Verbose ('Found deployed resource [{0}]' -f $deployment)
[array]$resultSet += $deployment
}

#############################
# Manage nested deployments #
#############################
foreach ($deployment in ($deploymentTargets | Where-Object { $_ -match '\/deployments\/' } )) {
foreach ($deployment in ($deploymentTargets | Where-Object { $_ -match '\/Microsoft\.Resources\/deployments\/' } )) {
$name = Split-Path $deployment -Leaf
if ($deployment -match '/resourceGroups/') {
# Resource Group Level Child Deployments #
Expand Down Expand Up @@ -361,7 +391,7 @@ function Get-DeploymentTargetResourceList {
$innerInputObject['ManagementGroupId'] = $ManagementGroupId
}
try {
$targetResources = Get-DeploymentTargetResourceListInner @innerInputObject
$targetResources = Get-DeploymentTargetResourceListInner @innerInputObject -DoThrow # Specifying [-DoThrow] for top-level deployments that we definitely want to resolve
Write-Verbose ('Found & resolved deployment [{0}]. [{1}] resources found to remove.' -f $deploymentNameObject.Name, $targetResources.Count) -Verbose
$deploymentNameObject.Resolved = $true
$resourcesToRemove += $targetResources
Expand Down

0 comments on commit c709d11

Please sign in to comment.