Skip to content

fix(gce-cleanup): add security-groups cleanup in the cleanup script #238

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

fix(gce-cleanup): add security-groups cleanup in the cleanup script #238

wants to merge 1 commit into from

Conversation

@SimoneDutto
Copy link

@SimoneDutto SimoneDutto commented Oct 30, 2025
edited
Loading

Description

Add python script to cleanup security groups.

Before there was a TODO intending that since we don't store files between runs we can't compute the diff between old and new.

Now: I've used the same approach as the aws cleanup, where we get all security group with a prefix and we try to delete everything.

QA

gcloud compute firewall-rules create rule-to-test-delete --allow=tcp:9999 --source-ranges="192.168.1.0/24" --description="test firewall rule to delete"

python3 jobs/z-jobs/scripts/gce.py --sa-email <redacted> --project-id <redacted> --pem-path <redacted> --dry-run delete-security-groups 'rule'

-> and you should see the rule in stdout

python3 jobs/z-jobs/scripts/gce.py --sa-email <redacted> --project-id <redacted> --pem-path <redacted> delete-security-groups 'rule'

-> and now the rule is gone.

@SimoneDutto
fix(gce-cleanup): add security-groups cleanup in the cleanup script
665ce73 
Add python script to cleanup security groups.
@SimoneDutto SimoneDutto force-pushed the delete-security-groups-gcp branch from 574a20f to 665ce73 Compare October 30, 2025 14:39
SimoneDutto
SimoneDutto commented Oct 30, 2025
View reviewed changes
jobs/z-jobs/scripts/gce.py
Comment on lines +144 to +150
for group in groups:
if not dry_run:
try:
if client.ex_destroy_firewall(group):
log.debug('Deleted security group {}'.format(group))
except Exception as e:
log.debug('Attempted delete of security group {}, may still be in use: {}'.format(group, e))
Copy link
Author

@SimoneDutto SimoneDutto Oct 30, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

sort of c/p from https://github.com/SimoneDutto/juju-qa-jenkins/blob/delete-security-groups-gcp/jobs/z-jobs/scripts/aws.py#L135-L142

@gfouillet gfouillet self-requested a review October 30, 2025 14:57
@SimoneDutto
Copy link
Author

SimoneDutto commented Oct 30, 2025
edited
Loading

Although i cannot find the exact the documentation where it's crystal clear that deleting a rule with an association to an instance will return an error on gcp, so i'm still experimenting.

For AWS is super clear: https://docs.aws.amazon.com/cli/latest/reference/ec2/delete-security-group.html

wallyworld
wallyworld approved these changes Nov 14, 2025
View reviewed changes
Copy link
Member

@wallyworld wallyworld left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for fixing

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@wallyworld wallyworld wallyworld approved these changes

@gfouillet gfouillet gfouillet approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@SimoneDutto @wallyworld @gfouillet