purger: ignore managed resource groups

This commit is contained in:
Jim Minter 2021-03-31 09:48:55 -06:00
Родитель 13c2740e9e
Коммит 051279ad18
Не найден ключ, соответствующий данной подписи
Идентификатор ключа GPG: 0730CBDA10D1A2D3
1 изменённых файлов: 11 добавлений и 2 удалений

Просмотреть файл

@ -23,9 +23,10 @@ var (
dryRun = flag.Bool("dryRun", true, `Dry run`) dryRun = flag.Bool("dryRun", true, `Dry run`)
) )
// denylist exists as belt and braces protection for important RGs, even though
// they may already have the persist=true tag set, especially if it is easy to
// accidentally redeploy the RG without the persist=true tag set.
var denylist = []string{ var denylist = []string{
"aro-v4-shared",
"aro-v4-shared-cluster",
"v4-eastus", "v4-eastus",
"v4-australiasoutheast", "v4-australiasoutheast",
"v4-westeurope", "v4-westeurope",
@ -92,6 +93,14 @@ func run(ctx context.Context, log *logrus.Entry) error {
} }
shouldDelete := func(resourceGroup mgmtfeatures.ResourceGroup, log *logrus.Entry) bool { shouldDelete := func(resourceGroup mgmtfeatures.ResourceGroup, log *logrus.Entry) bool {
// don't mess with clusters in RGs managed by a production RP. Although
// the production deny assignment will prevent us from breaking most
// things, that does not include us potentially detaching the cluster's
// NSG from the vnet, thus breaking inbound access to the cluster.
if resourceGroup.ManagedBy != nil && *resourceGroup.ManagedBy != "" {
return false
}
// if prefix is set we check if we need to evaluate this group for purge // if prefix is set we check if we need to evaluate this group for purge
// before we check other fields. // before we check other fields.
if len(deleteGroupPrefixes) > 0 { if len(deleteGroupPrefixes) > 0 {