Revert "Fix permissions on cluster deletion in az cli"

2020-11-04 12:03:43 -06:00 · 2020-11-04 12:03:43 -06:00 · 45baf2f5b9
--- a/python/az/aro/azext_aro/_rbac.py
+++ b/python/az/aro/azext_aro/_rbac.py
@ -63,7 +63,7 @@ def assign_contributor_to_vnet(cli_ctx, vnet, object_id):
    ))


-def assign_contributor_to_routetable(cli_ctx, subnets, object_id):
+def assign_contributor_to_routetable(cli_ctx, master_subnet, worker_subnet, object_id):
    auth_client = get_mgmt_service_client(cli_ctx, ResourceType.MGMT_AUTHORIZATION)
    network_client = get_mgmt_service_client(cli_ctx, ResourceType.MGMT_NETWORK)

@ -79,7 +79,7 @@ def assign_contributor_to_routetable(cli_ctx, subnets, object_id):
    )

    route_tables = set()
-    for sn in subnets:
+    for sn in [master_subnet, worker_subnet]:
        sid = parse_resource_id(sn)

        subnet = network_client.subnets.get(resource_group_name=sid['resource_group'],
--- a/python/az/aro/azext_aro/custom.py
+++ b/python/az/aro/azext_aro/custom.py
@ -13,15 +13,8 @@ from azure.cli.core.commands.client_factory import get_mgmt_service_client
 from azure.cli.core.commands.client_factory import get_subscription_id
 from azure.cli.core.profiles import ResourceType
 from azure.cli.core.util import sdk_no_wait
-from msrestazure.azure_exceptions import CloudError
-from msrestazure.tools import resource_id, parse_resource_id
-from knack.log import get_logger
 from knack.util import CLIError

-logger = get_logger(__name__)
-
-FP_CLIENT_ID = 'f1dd0a37-89c6-4e07-bcd1-ffd3d43d8875'
-

 def aro_create(cmd,  # pylint: disable=too-many-locals
               client,
@ -70,12 +63,12 @@ def aro_create(cmd,  # pylint: disable=too-many-locals
    if not client_sp:
        client_sp = aad.create_service_principal(client_id)

-    rp_client_id = os.environ.get('AZURE_FP_CLIENT_ID', FP_CLIENT_ID)
+    rp_client_id = os.environ.get('AZURE_FP_CLIENT_ID', 'f1dd0a37-89c6-4e07-bcd1-ffd3d43d8875')
    rp_client_sp = aad.get_service_principal(rp_client_id)

    for sp_id in [client_sp.object_id, rp_client_sp.object_id]:
        assign_contributor_to_vnet(cmd.cli_ctx, vnet, sp_id)
-        assign_contributor_to_routetable(cmd.cli_ctx, [master_subnet, worker_subnet], sp_id)
+        assign_contributor_to_routetable(cmd.cli_ctx, master_subnet, worker_subnet, sp_id)

    if rp_mode_development():
        worker_vm_size = worker_vm_size or 'Standard_D2s_v3'
@ -135,56 +128,9 @@ def aro_create(cmd,  # pylint: disable=too-many-locals
                       parameters=oc)


-def aro_delete(cmd, client, resource_group_name, resource_name, no_wait=False):
+def aro_delete(client, resource_group_name, resource_name, no_wait=False):
    # TODO: clean up rbac

-    oc = None
-    try:
-        oc = client.get(resource_group_name, resource_name)
-    except CloudError:
-        pass
-
-    if oc:
-        master_subnet = oc.master_profile.subnet_id
-        worker_subnets = {w.subnet_id for w in oc.worker_profiles}
-
-        master_parts = parse_resource_id(master_subnet)
-        vnet = resource_id(
-            subscription=master_parts['subscription'],
-            resource_group=master_parts['resource_group'],
-            namespace='Microsoft.Network',
-            type='virtualNetworks',
-            name=master_parts['name'],
-        )
-
-        aad = AADManager(cmd.cli_ctx)
-
-        sp_ids = []
-
-        client_id = oc.service_principal_profile.client_id
-        client_sp = aad.get_service_principal(client_id)
-        if client_sp:
-            sp_ids.append(client_sp.object_id)
-        else:
-            logger.warning(
-                'Unable to retrieve the cluster service principal. This means '
-                'that it may have been deleted, and some cleanup may fail.'
-            )
-
-        rp_client_id = os.environ.get('AZURE_FP_CLIENT_ID', FP_CLIENT_ID)
-
-        rp_client_sp = aad.get_service_principal(rp_client_id)
-        if rp_client_sp:
-            sp_ids.append(rp_client_sp.object_id)
-
-        # Customers frequently remove these permissions, then cannot delete their
-        # clusters. Hence, verify this before attempting deletion.
-        for sp_id in sp_ids:
-            assign_contributor_to_vnet(cmd.cli_ctx, vnet, sp_id)
-            assign_contributor_to_routetable(cmd.cli_ctx,
-                                             worker_subnets | {master_subnet},
-                                             sp_id)
-
    return sdk_no_wait(no_wait, client.delete,
                       resource_group_name=resource_group_name,
                       resource_name=resource_name)