From 2f1d789fe9acd2b19c58eef9dcf99e1762cd28e1 Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Thu, 29 Sep 2022 11:48:40 +0200 Subject: [PATCH 1/3] get resources cleanup --- .../Get-DeploymentTargetResourceList.ps1 | 153 +++++++++++------- 1 file changed, 93 insertions(+), 60 deletions(-) diff --git a/utilities/pipelines/resourceRemoval/helper/Get-DeploymentTargetResourceList.ps1 b/utilities/pipelines/resourceRemoval/helper/Get-DeploymentTargetResourceList.ps1 index 680c94b7f5..a64e8b1f41 100644 --- a/utilities/pipelines/resourceRemoval/helper/Get-DeploymentTargetResourceList.ps1 +++ b/utilities/pipelines/resourceRemoval/helper/Get-DeploymentTargetResourceList.ps1 @@ -62,15 +62,22 @@ function Get-DeploymentTargetResourceListInner { 'resourcegroup' { if (Get-AzResourceGroup -Name $resourceGroupName -ErrorAction 'SilentlyContinue') { [array]$deploymentTargets = (Get-AzResourceGroupDeploymentOperation -DeploymentName $name -ResourceGroupName $resourceGroupName).TargetResource | Where-Object { $_ -ne $null } - foreach ($deployment in ($deploymentTargets | Where-Object { $_ -notmatch '/deployments/' } )) { - Write-Verbose ('Found deployed resource [{0}]' -f $deployment) -Verbose - [array]$resultSet += $deployment - } - foreach ($deployment in ($deploymentTargets | Where-Object { $_ -match '/deployments/' } )) { - $name = Split-Path $deployment -Leaf - $resourceGroupName = $deployment.split('/resourceGroups/')[1].Split('/')[0] - [array]$resultSet += Get-DeploymentTargetResourceListInner -Name $name -ResourceGroupName $ResourceGroupName -Scope 'resourcegroup' - } + # foreach ($deployment in ($deploymentTargets | Where-Object { $_ -notmatch '/deployments/' } )) { + # Write-Verbose ('Found deployed resource [{0}]' -f $deployment) -Verbose + # [array]$resultSet += $deployment + # } + # foreach ($deployment in ($deploymentTargets | Where-Object { $_ -match '/deployments/' } )) { + # Write-Verbose ('### Found deployment [{0}]' -f $deployment) -Verbose + # $name = Split-Path $deployment -Leaf + # if ($deployment -match '/resourceGroups/') { + # $resourceGroupName = $deployment.split('/resourceGroups/')[1].Split('/')[0] + # Write-Verbose ('### Found name [{0}] and resourceGroupName [{1}]' -f $name, $resourceGroupName) -Verbose + # [array]$resultSet += Get-DeploymentTargetResourceListInner -Name $name -ResourceGroupName $ResourceGroupName -Scope 'resourcegroup' + # } else { + # Write-Verbose ('### Found name [{0}]' -f $name) -Verbose + # [array]$resultSet += Get-DeploymentTargetResourceListInner -name $name -Scope 'subscription' + # } + # } } else { # In case the resource group itself was already deleted, there is no need to try and fetch deployments from it # In case we already have any such resources in the list, we should remove them @@ -80,68 +87,94 @@ function Get-DeploymentTargetResourceListInner { } 'subscription' { [array]$deploymentTargets = (Get-AzDeploymentOperation -DeploymentName $name).TargetResource | Where-Object { $_ -ne $null } - foreach ($deployment in ($deploymentTargets | Where-Object { $_ -notmatch '/deployments/' } )) { - Write-Verbose ('Found deployed resource [{0}]' -f $deployment) -Verbose - [array]$resultSet += $deployment - } - foreach ($deployment in ($deploymentTargets | Where-Object { $_ -match '/deployments/' } )) { - [array]$resultSet = $resultSet | Where-Object { $_ -ne $deployment } - if ($deployment -match '/resourceGroups/') { - # Resource Group Level Child Deployments - $name = Split-Path $deployment -Leaf - $resourceGroupName = $deployment.split('/resourceGroups/')[1].Split('/')[0] - [array]$resultSet += Get-DeploymentTargetResourceListInner -Name $name -ResourceGroupName $ResourceGroupName -Scope 'resourcegroup' - } else { - # Subscription Level Deployments - [array]$resultSet += Get-DeploymentTargetResourceListInner -name (Split-Path $deployment -Leaf) -Scope 'subscription' - } - } + # foreach ($deployment in ($deploymentTargets | Where-Object { $_ -notmatch '/deployments/' } )) { + # Write-Verbose ('Found deployed resource [{0}]' -f $deployment) -Verbose + # [array]$resultSet += $deployment + # } + # foreach ($deployment in ($deploymentTargets | Where-Object { $_ -match '/deployments/' } )) { + # [array]$resultSet = $resultSet | Where-Object { $_ -ne $deployment } + # if ($deployment -match '/resourceGroups/') { + # # Resource Group Level Child Deployments + # $name = Split-Path $deployment -Leaf + # $resourceGroupName = $deployment.split('/resourceGroups/')[1].Split('/')[0] + # [array]$resultSet += Get-DeploymentTargetResourceListInner -Name $name -ResourceGroupName $ResourceGroupName -Scope 'resourcegroup' + # } else { + # # Subscription Level Deployments + # [array]$resultSet += Get-DeploymentTargetResourceListInner -name (Split-Path $deployment -Leaf) -Scope 'subscription' + # } + # } break } 'managementgroup' { [array]$deploymentTargets = (Get-AzManagementGroupDeploymentOperation -DeploymentName $name -ManagementGroupId $ManagementGroupId).TargetResource | Where-Object { $_ -ne $null } - foreach ($deployment in ($deploymentTargets | Where-Object { $_ -notmatch '/deployments/' } )) { - Write-Verbose ('Found deployed resource [{0}]' -f $deployment) -Verbose - [array]$resultSet += $deployment - } - foreach ($deployment in ($deploymentTargets | Where-Object { $_ -match '/deployments/' } )) { - [array]$resultSet = $resultSet | Where-Object { $_ -ne $deployment } - if ($deployment -match '/subscriptions/') { - # Subscription Level Child Deployments - if ($deployment -match '/resourceGroups/') { - # Resource Group Level Child Deployments (Used only if management group scope --> resource Group scope) - $name = Split-Path $deployment -Leaf - $resourceGroupName = $deployment.split('/resourceGroups/')[1].Split('/')[0] - [array]$resultSet += Get-DeploymentTargetResourceListInner -Name $name -ResourceGroupName $ResourceGroupName -Scope 'resourcegroup' - } else { - [array]$resultSet += Get-DeploymentTargetResourceListInner -Name (Split-Path $deployment -Leaf) -Scope 'subscription' - } - } else { - # Management Group Level Deployments - [array]$resultSet += Get-DeploymentTargetResourceListInner -name (Split-Path $deployment -Leaf) -scope 'managementgroup' -ManagementGroupId $ManagementGroupId - } - } + # foreach ($deployment in ($deploymentTargets | Where-Object { $_ -notmatch '/deployments/' } )) { + # Write-Verbose ('Found deployed resource [{0}]' -f $deployment) -Verbose + # [array]$resultSet += $deployment + # } + # foreach ($deployment in ($deploymentTargets | Where-Object { $_ -match '/deployments/' } )) { + # [array]$resultSet = $resultSet | Where-Object { $_ -ne $deployment } + # if ($deployment -match '/subscriptions/') { + # # Subscription Level Child Deployments + # if ($deployment -match '/resourceGroups/') { + # # Resource Group Level Child Deployments (Used only if management group scope --> resource Group scope) + # $name = Split-Path $deployment -Leaf + # $resourceGroupName = $deployment.split('/resourceGroups/')[1].Split('/')[0] + # [array]$resultSet += Get-DeploymentTargetResourceListInner -Name $name -ResourceGroupName $ResourceGroupName -Scope 'resourcegroup' + # } else { + # [array]$resultSet += Get-DeploymentTargetResourceListInner -Name (Split-Path $deployment -Leaf) -Scope 'subscription' + # } + # } else { + # # Management Group Level Deployments + # [array]$resultSet += Get-DeploymentTargetResourceListInner -name (Split-Path $deployment -Leaf) -scope 'managementgroup' -ManagementGroupId $ManagementGroupId + # } + # } break } 'tenant' { [array]$deploymentTargets = (Get-AzTenantDeploymentOperation -DeploymentName $name).TargetResource | Where-Object { $_ -ne $null } - foreach ($deployment in ($deploymentTargets | Where-Object { $_ -notmatch '/deployments/' } )) { - Write-Verbose ('Found deployed resource [{0}]' -f $deployment) -Verbose - [array]$resultSet += $deployment - } - foreach ($deployment in ($deploymentTargets | Where-Object { $_ -match '/deployments/' } )) { - [array]$resultSet = $resultSet | Where-Object { $_ -ne $deployment } - if ($deployment -match '/managementgroups/') { - # Management Group Level Child Deployments - [array]$resultSet += Get-DeploymentTargetResourceListInner -Name (Split-Path $deployment -Leaf) -scope 'managementgroup' -ManagementGroupId $ManagementGroupId - } else { - # Tenant Level Deployments - [array]$resultSet += Get-DeploymentTargetResourceListInner -name (Split-Path $deployment -Leaf) - } - } + # foreach ($deployment in ($deploymentTargets | Where-Object { $_ -notmatch '/deployments/' } )) { + # Write-Verbose ('Found deployed resource [{0}]' -f $deployment) -Verbose + # [array]$resultSet += $deployment + # } + # foreach ($deployment in ($deploymentTargets | Where-Object { $_ -match '/deployments/' } )) { + # [array]$resultSet = $resultSet | Where-Object { $_ -ne $deployment } + # if ($deployment -match '/managementgroups/') { + # # Management Group Level Child Deployments + # [array]$resultSet += Get-DeploymentTargetResourceListInner -Name (Split-Path $deployment -Leaf) -scope 'managementgroup' -ManagementGroupId $ManagementGroupId + # } else { + # # Tenant Level Deployments + # [array]$resultSet += Get-DeploymentTargetResourceListInner -name (Split-Path $deployment -Leaf) + # } + # } break } } + + foreach ($deployment in ($deploymentTargets | Where-Object { $_ -notmatch '/deployments/' } )) { + Write-Verbose ('Found deployed resource [{0}]' -f $deployment) -Verbose + [array]$resultSet += $deployment + } + foreach ($deployment in ($deploymentTargets | Where-Object { $_ -match '/deployments/' } )) { + Write-Verbose ('Found deployment [{0}]' -f $deployment) -Verbose + $name = Split-Path $deployment -Leaf + if ($deployment -match '/resourceGroups/') { + # Resource Group Level Child Deployments + $resourceGroupName = $deployment.split('/resourceGroups/')[1].Split('/')[0] + # Write-Verbose ('### Found name [{0}] and resourceGroupName [{1}]' -f $name, $resourceGroupName) -Verbose + [array]$resultSet += Get-DeploymentTargetResourceListInner -Name $name -Scope 'resourcegroup' -ResourceGroupName $ResourceGroupName + } elseif ($deployment -match '/subscriptions/') { + # Subscription Level Child Deployments + Write-Verbose ('### Found name [{0}]' -f $name) -Verbose + [array]$resultSet += Get-DeploymentTargetResourceListInner -Name $name -Scope 'subscription' + } elseif ($deployment -match '/managementgroups/') { + # Management Group Level Child Deployments + [array]$resultSet += Get-DeploymentTargetResourceListInner -Name $name -Scope 'managementgroup' -ManagementGroupId $ManagementGroupId + } else { + # Tenant Level Deployments + [array]$resultSet += Get-DeploymentTargetResourceListInner -Name $name -Scope 'tenant' + } + } + return $resultSet } #endregion From af10a6cd40e54bf9bc71f87fb81d37f10d4a6f27 Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Thu, 29 Sep 2022 12:53:39 +0200 Subject: [PATCH 2/3] assignment first --- .../Initialize-DeploymentRemoval.ps1 | 1 + .../Get-DeploymentTargetResourceList.ps1 | 76 ++----------------- 2 files changed, 6 insertions(+), 71 deletions(-) diff --git a/utilities/pipelines/resourceRemoval/Initialize-DeploymentRemoval.ps1 b/utilities/pipelines/resourceRemoval/Initialize-DeploymentRemoval.ps1 index ff6e202dc7..1983185e83 100644 --- a/utilities/pipelines/resourceRemoval/Initialize-DeploymentRemoval.ps1 +++ b/utilities/pipelines/resourceRemoval/Initialize-DeploymentRemoval.ps1 @@ -66,6 +66,7 @@ function Initialize-DeploymentRemoval { # The initial sequence is a general order-recommendation $removalSequence = @( 'Microsoft.Authorization/locks', + 'Microsoft.Authorization/roleAssignments', 'Microsoft.Insights/diagnosticSettings', 'Microsoft.Network/privateEndpoints/privateDnsZoneGroups', 'Microsoft.Network/privateEndpoints', diff --git a/utilities/pipelines/resourceRemoval/helper/Get-DeploymentTargetResourceList.ps1 b/utilities/pipelines/resourceRemoval/helper/Get-DeploymentTargetResourceList.ps1 index a64e8b1f41..2d37ef651d 100644 --- a/utilities/pipelines/resourceRemoval/helper/Get-DeploymentTargetResourceList.ps1 +++ b/utilities/pipelines/resourceRemoval/helper/Get-DeploymentTargetResourceList.ps1 @@ -62,22 +62,6 @@ function Get-DeploymentTargetResourceListInner { 'resourcegroup' { if (Get-AzResourceGroup -Name $resourceGroupName -ErrorAction 'SilentlyContinue') { [array]$deploymentTargets = (Get-AzResourceGroupDeploymentOperation -DeploymentName $name -ResourceGroupName $resourceGroupName).TargetResource | Where-Object { $_ -ne $null } - # foreach ($deployment in ($deploymentTargets | Where-Object { $_ -notmatch '/deployments/' } )) { - # Write-Verbose ('Found deployed resource [{0}]' -f $deployment) -Verbose - # [array]$resultSet += $deployment - # } - # foreach ($deployment in ($deploymentTargets | Where-Object { $_ -match '/deployments/' } )) { - # Write-Verbose ('### Found deployment [{0}]' -f $deployment) -Verbose - # $name = Split-Path $deployment -Leaf - # if ($deployment -match '/resourceGroups/') { - # $resourceGroupName = $deployment.split('/resourceGroups/')[1].Split('/')[0] - # Write-Verbose ('### Found name [{0}] and resourceGroupName [{1}]' -f $name, $resourceGroupName) -Verbose - # [array]$resultSet += Get-DeploymentTargetResourceListInner -Name $name -ResourceGroupName $ResourceGroupName -Scope 'resourcegroup' - # } else { - # Write-Verbose ('### Found name [{0}]' -f $name) -Verbose - # [array]$resultSet += Get-DeploymentTargetResourceListInner -name $name -Scope 'subscription' - # } - # } } else { # In case the resource group itself was already deleted, there is no need to try and fetch deployments from it # In case we already have any such resources in the list, we should remove them @@ -87,65 +71,14 @@ function Get-DeploymentTargetResourceListInner { } 'subscription' { [array]$deploymentTargets = (Get-AzDeploymentOperation -DeploymentName $name).TargetResource | Where-Object { $_ -ne $null } - # foreach ($deployment in ($deploymentTargets | Where-Object { $_ -notmatch '/deployments/' } )) { - # Write-Verbose ('Found deployed resource [{0}]' -f $deployment) -Verbose - # [array]$resultSet += $deployment - # } - # foreach ($deployment in ($deploymentTargets | Where-Object { $_ -match '/deployments/' } )) { - # [array]$resultSet = $resultSet | Where-Object { $_ -ne $deployment } - # if ($deployment -match '/resourceGroups/') { - # # Resource Group Level Child Deployments - # $name = Split-Path $deployment -Leaf - # $resourceGroupName = $deployment.split('/resourceGroups/')[1].Split('/')[0] - # [array]$resultSet += Get-DeploymentTargetResourceListInner -Name $name -ResourceGroupName $ResourceGroupName -Scope 'resourcegroup' - # } else { - # # Subscription Level Deployments - # [array]$resultSet += Get-DeploymentTargetResourceListInner -name (Split-Path $deployment -Leaf) -Scope 'subscription' - # } - # } break } 'managementgroup' { [array]$deploymentTargets = (Get-AzManagementGroupDeploymentOperation -DeploymentName $name -ManagementGroupId $ManagementGroupId).TargetResource | Where-Object { $_ -ne $null } - # foreach ($deployment in ($deploymentTargets | Where-Object { $_ -notmatch '/deployments/' } )) { - # Write-Verbose ('Found deployed resource [{0}]' -f $deployment) -Verbose - # [array]$resultSet += $deployment - # } - # foreach ($deployment in ($deploymentTargets | Where-Object { $_ -match '/deployments/' } )) { - # [array]$resultSet = $resultSet | Where-Object { $_ -ne $deployment } - # if ($deployment -match '/subscriptions/') { - # # Subscription Level Child Deployments - # if ($deployment -match '/resourceGroups/') { - # # Resource Group Level Child Deployments (Used only if management group scope --> resource Group scope) - # $name = Split-Path $deployment -Leaf - # $resourceGroupName = $deployment.split('/resourceGroups/')[1].Split('/')[0] - # [array]$resultSet += Get-DeploymentTargetResourceListInner -Name $name -ResourceGroupName $ResourceGroupName -Scope 'resourcegroup' - # } else { - # [array]$resultSet += Get-DeploymentTargetResourceListInner -Name (Split-Path $deployment -Leaf) -Scope 'subscription' - # } - # } else { - # # Management Group Level Deployments - # [array]$resultSet += Get-DeploymentTargetResourceListInner -name (Split-Path $deployment -Leaf) -scope 'managementgroup' -ManagementGroupId $ManagementGroupId - # } - # } break } 'tenant' { [array]$deploymentTargets = (Get-AzTenantDeploymentOperation -DeploymentName $name).TargetResource | Where-Object { $_ -ne $null } - # foreach ($deployment in ($deploymentTargets | Where-Object { $_ -notmatch '/deployments/' } )) { - # Write-Verbose ('Found deployed resource [{0}]' -f $deployment) -Verbose - # [array]$resultSet += $deployment - # } - # foreach ($deployment in ($deploymentTargets | Where-Object { $_ -match '/deployments/' } )) { - # [array]$resultSet = $resultSet | Where-Object { $_ -ne $deployment } - # if ($deployment -match '/managementgroups/') { - # # Management Group Level Child Deployments - # [array]$resultSet += Get-DeploymentTargetResourceListInner -Name (Split-Path $deployment -Leaf) -scope 'managementgroup' -ManagementGroupId $ManagementGroupId - # } else { - # # Tenant Level Deployments - # [array]$resultSet += Get-DeploymentTargetResourceListInner -name (Split-Path $deployment -Leaf) - # } - # } break } } @@ -155,22 +88,23 @@ function Get-DeploymentTargetResourceListInner { [array]$resultSet += $deployment } foreach ($deployment in ($deploymentTargets | Where-Object { $_ -match '/deployments/' } )) { - Write-Verbose ('Found deployment [{0}]' -f $deployment) -Verbose $name = Split-Path $deployment -Leaf if ($deployment -match '/resourceGroups/') { # Resource Group Level Child Deployments + Write-Verbose ('Found [resource group] deployment [{0}]' -f $deployment) -Verbose $resourceGroupName = $deployment.split('/resourceGroups/')[1].Split('/')[0] - # Write-Verbose ('### Found name [{0}] and resourceGroupName [{1}]' -f $name, $resourceGroupName) -Verbose [array]$resultSet += Get-DeploymentTargetResourceListInner -Name $name -Scope 'resourcegroup' -ResourceGroupName $ResourceGroupName } elseif ($deployment -match '/subscriptions/') { # Subscription Level Child Deployments - Write-Verbose ('### Found name [{0}]' -f $name) -Verbose + Write-Verbose ('Found [subscription] deployment [{0}]' -f $deployment) -Verbose [array]$resultSet += Get-DeploymentTargetResourceListInner -Name $name -Scope 'subscription' } elseif ($deployment -match '/managementgroups/') { # Management Group Level Child Deployments + Write-Verbose ('Found [management group] deployment [{0}]' -f $deployment) -Verbose [array]$resultSet += Get-DeploymentTargetResourceListInner -Name $name -Scope 'managementgroup' -ManagementGroupId $ManagementGroupId } else { # Tenant Level Deployments + Write-Verbose ('Found [tenant] deployment [{0}]' -f $deployment) -Verbose [array]$resultSet += Get-DeploymentTargetResourceListInner -Name $name -Scope 'tenant' } } @@ -261,7 +195,7 @@ function Get-DeploymentTargetResourceList { if ($targetResources) { break } - Write-Verbose ('Did not to find deployments by name [{0}] in scope [{1}]. Retrying in [{2}] seconds [{3}/{4}]' -f $name, $scope, $searchRetryInterval, $searchRetryCount, $searchRetryLimit) -Verbose + Write-Verbose ('No deployment found by name [{0}] in scope [{1}]. Retrying in [{2}] seconds [{3}/{4}]' -f $name, $scope, $searchRetryInterval, $searchRetryCount, $searchRetryLimit) -Verbose Start-Sleep $searchRetryInterval $searchRetryCount++ } while ($searchRetryCount -le $searchRetryLimit) From 1e72b3394a099e09434f410366762a0c9813c559 Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Thu, 29 Sep 2022 13:16:58 +0200 Subject: [PATCH 3/3] formatting --- .../Get-DeploymentTargetResourceList.ps1 | 23 +++++++++++++++---- 1 file changed, 19 insertions(+), 4 deletions(-) diff --git a/utilities/pipelines/resourceRemoval/helper/Get-DeploymentTargetResourceList.ps1 b/utilities/pipelines/resourceRemoval/helper/Get-DeploymentTargetResourceList.ps1 index 2d37ef651d..1e9df42972 100644 --- a/utilities/pipelines/resourceRemoval/helper/Get-DeploymentTargetResourceList.ps1 +++ b/utilities/pipelines/resourceRemoval/helper/Get-DeploymentTargetResourceList.ps1 @@ -58,6 +58,10 @@ function Get-DeploymentTargetResourceListInner { ) $resultSet = [System.Collections.ArrayList]@() + + ############################################## + # Get all deployment children based on scope # + ############################################## switch ($Scope) { 'resourcegroup' { if (Get-AzResourceGroup -Name $resourceGroupName -ErrorAction 'SilentlyContinue') { @@ -83,27 +87,38 @@ function Get-DeploymentTargetResourceListInner { } } + ########################### + # Manage nested resources # + ########################### foreach ($deployment in ($deploymentTargets | Where-Object { $_ -notmatch '/deployments/' } )) { Write-Verbose ('Found deployed resource [{0}]' -f $deployment) -Verbose [array]$resultSet += $deployment } + + ############################# + # Manage nested deployments # + ############################# foreach ($deployment in ($deploymentTargets | Where-Object { $_ -match '/deployments/' } )) { $name = Split-Path $deployment -Leaf if ($deployment -match '/resourceGroups/') { - # Resource Group Level Child Deployments + # Resource Group Level Child Deployments # + ########################################## Write-Verbose ('Found [resource group] deployment [{0}]' -f $deployment) -Verbose $resourceGroupName = $deployment.split('/resourceGroups/')[1].Split('/')[0] [array]$resultSet += Get-DeploymentTargetResourceListInner -Name $name -Scope 'resourcegroup' -ResourceGroupName $ResourceGroupName } elseif ($deployment -match '/subscriptions/') { - # Subscription Level Child Deployments + # Subscription Level Child Deployments # + ######################################## Write-Verbose ('Found [subscription] deployment [{0}]' -f $deployment) -Verbose [array]$resultSet += Get-DeploymentTargetResourceListInner -Name $name -Scope 'subscription' } elseif ($deployment -match '/managementgroups/') { - # Management Group Level Child Deployments + # Management Group Level Child Deployments # + ############################################ Write-Verbose ('Found [management group] deployment [{0}]' -f $deployment) -Verbose [array]$resultSet += Get-DeploymentTargetResourceListInner -Name $name -Scope 'managementgroup' -ManagementGroupId $ManagementGroupId } else { - # Tenant Level Deployments + # Tenant Level Child Deployments # + ################################## Write-Verbose ('Found [tenant] deployment [{0}]' -f $deployment) -Verbose [array]$resultSet += Get-DeploymentTargetResourceListInner -Name $name -Scope 'tenant' }