anykeynl / oci-superdelete Goto Github PK
View Code? Open in Web Editor NEWDelete all OCI resources in a compartment
License: Universal Permissive License v1.0
Delete all OCI resources in a compartment
License: Universal Permissive License v1.0
https://stackoverflow.com/questions/65676173/is-there-easy-way-to-delete-all-resources-in-oracle-cloud-infrastructure-compart/65676174#65676174
I am using OCI resource manager to create a temporary stack(for compartment) and running destroy on it
I have admin level access to tenancy but script hangs when it gets to delete policies portion. I can remediate it by manually deleting policies then script will detect and continue. not sure why it hangs given i have appropriate access.
This option will help to list all the objects without deleting them
Hello, Richard,
Just a question: is omission of the Boot Volume backups intentional or this functionality isn't just created yet?
I can contribute this bit of code if necessary :)
Regards
I found some items which will not be deleted by this script:
Hope this helps for future releases. Everything else deleted just fine.
Delete policies attached to the compartments
We get 404 NotAuthorizedNotFound in IAM.py line 38, when running the script in a tenancy with identity domains, even when the user running the script is a member of the group "Domain_administrators". . Commenting the lines 37-42 solved the problem without any side effects on the rest of the script.
I suppose deployments associated with the gateways are to be deleted before deleting the gateway itself.
class to be used - oci.apigateway.DeploymentClient(config)
I have tried to replicate deployment deletion from APIGateway.py and attached it.
clean_deployments.zip
Hey guys!
$ python3 delete.py -c ocid1.compartment.oc1..aaaaa.......
(lists and runs everything correctly.. until...)
--[ Deleting Nosql tables ]--
Traceback (most recent call last):
File "delete.py", line 128, in
DeleteNosql(config, processCompartments)
File "/opt/repo/OCI-SuperDelete/ocimodules/Nosql.py", line 8, in DeleteNosql
object = oci.nosql.NosqlClient(config)
AttributeError: module 'oci' has no attribute 'nosql'
--> and exits/breaks here <--
To be able to run the rest of the script I commented out line 128::
print("\n--[ -NOT- Deleting Nosql tables ]--")
####### DeleteNosql(config, processCompartments)
Cheers!
@srochalo
need to add deleting volume groups.
Traceback (most recent call last):
File "delete.py", line 139, in
compartments = Login(config, signer, DeleteCompartmentOCID)
File "/home/huiliang_l/OCI-SuperDelete/ocimodules/IAM.py", line 113, in Login
newcomp.details = sub
NameError: name 'sub' is not defined
I used the script to clean up a tenant and got an exception like "bucket could not be deleted because a multi-part-upload is still active".
So it might be useful to check for and delete
a) active multi-part-uploads and
b) active workrequests
before you do the bulk-delete.
PS: The script is very useful - I like it !
Hi, the script fails with a 503 error. Seems service/region issue. See output below. I don't think the data catalog service is available in that region and hence the script fails?
Region: me-dubai-1
--[ Deleting Data Catalogs ]--
Getting all Data Catalog objects
Traceback (most recent call last):
File "delete.py", line 148, in
DeleteDataCatalog(config, processCompartments)
File "/Users/arnoschots/oci-delete/OCI-SuperDelete/ocimodules/datacatalog.py", line 12, in DeleteDataCatalog
items = oci.pagination.list_call_get_all_results(object.list_catalogs, compartment_id=Compartment.id).data
File "/usr/local/lib/python3.8/site-packages/oci/pagination/pagination_utils.py", line 205, in list_call_get_all_results
for response in list_call_get_all_results_generator(list_func_ref, 'response', *list_func_args, **list_func_kwargs):
File "/usr/local/lib/python3.8/site-packages/oci/pagination/pagination_utils.py", line 274, in list_call_get_all_results_generator
call_result = retry.DEFAULT_RETRY_STRATEGY.make_retrying_call(list_func_ref, *list_func_args, **list_func_kwargs)
File "/usr/local/lib/python3.8/site-packages/oci/retry/retry.py", line 272, in make_retrying_call
return func_ref(*func_args, **func_kwargs)
File "/usr/local/lib/python3.8/site-packages/oci/data_catalog/data_catalog_client.py", line 5795, in list_catalogs
return self.base_client.call_api(
File "/usr/local/lib/python3.8/site-packages/oci/base_client.py", line 240, in call_api
response = self.request(request)
File "/usr/local/lib/python3.8/site-packages/oci/base_client.py", line 363, in request
self.raise_service_error(request, response)
File "/usr/local/lib/python3.8/site-packages/oci/base_client.py", line 528, in raise_service_error
raise exceptions.ServiceError(
oci.exceptions.ServiceError: {'opc-request-id': '9DDD7D5DF22245F9A4AD990CDD19B452/E5EE4318A40109F27F1AF27068975CCE/7D72FE7BB125569A2E5BC5B5A1EAB10C', 'code': None, 'message': 'The service returned error code 503', 'status': 503}
Script does not delete objects of type "DataSafeUserAssessment".
I run OCI-SuperDelete inside an OCI Compute Instance with great success and I'm trying to move it to use instance principals.
However I cannot and would not want to have a policy to 'manage all-resources', so I'm instead adding individual ones like
Allow dynamic-group dg to manage compute-management-family in compartment xyz
Allow dynamic-group dg to manage instance-family in compartment xyz
Allow dynamic-group dg to manage compartments in compartment xyz
...
I've added just the ones I should need for the resources that are present in my compartments.
However OCI-SuperDelete exits as soon as it encounters the first resource it's not able to process, e.g.:
`
[opc@deleter OCI-SuperDelete]$ ./delete.py -force -ip -cp DEFAULASH -rg us-ashburn-1,us-sanjose-1 -c ocid1.compartment.oc1..aa...aana -skip_delete_compartment
Login check and loading compartments...
Logged in as: InstancePrinciple/DelegationToken @ us-ashburn-1
###############################################################################################
###############################################################################################
Date/Time : 06/06/24 09:12:39
Command Line : -force -ip -cp DEFAULASH -rg us-ashburn-1,us-sanjose-1 -c ocid1.compartment.oc1..aa...aana -skip_delete_compartment
App Version : 22.11.17
Machine : deleter (x86_64)
OCI SDK Version : 2.93.1
Python Version : 3.6.8
Config File : ~/.oci/config
Config Profile : DEFAULASH
Log File : log.txt
Tenant Name : oraclepca
Tenant Id : ocid1.tenancy.oc1..aa...5a
Home Region : us-phoenix-1
Regions to Process : us-ashburn-1,us-sanjose-1
Compartments to Process :
abc
###############################################################################################
###############################################################################################
#####################################################################################
#####################################################################################
Moving to:
Getting all KMS Vault objects
Traceback (most recent call last):t abc
File "./delete.py", line 197, in
DeleteKMSvaults(config, signer, processCompartments, config['tenancy'])
File "/home/opc/OCI-SuperDelete/ocimodules/kms.py", line 20, in DeleteKMSvaults
items = oci.pagination.list_call_get_all_results(object.list_vaults, compartment_id=Compartment.id).data
File "/usr/lib/python3.6/site-packages/oci/pagination/pagination_utils.py", line 205, in list_call_get_all_results
for response in list_call_get_all_results_generator(list_func_ref, 'response', *list_func_args, **list_func_kwargs):
File "/usr/lib/python3.6/site-packages/oci/pagination/pagination_utils.py", line 274, in list_call_get_all_results_generator
call_result = retry.DEFAULT_RETRY_STRATEGY.make_retrying_call(list_func_ref, *list_func_args, **list_func_kwargs)
File "/usr/lib/python3.6/site-packages/oci/retry/retry.py", line 308, in make_retrying_call
response = func_ref(*func_args, **func_kwargs)
File "/usr/lib/python3.6/site-packages/oci/key_management/kms_vault_client.py", line 1322, in list_vaults
api_reference_link=api_reference_link)
File "/usr/lib/python3.6/site-packages/oci/base_client.py", line 476, in call_api
return self.request(request, allow_control_chars, operation_name, api_reference_link)
File "/usr/lib/python3.6/site-packages/circuitbreaker.py", line 52, in wrapper
return self.call(function, *args, **kwargs)
File "/usr/lib/python3.6/site-packages/circuitbreaker.py", line 67, in call
result = func(*args, **kwargs)
File "/usr/lib/python3.6/site-packages/oci/base_client.py", line 632, in request
self.raise_service_error(request, response, service_code, message, operation_name, api_reference_link, target_service, request_endpoint, client_version, timestamp, deserialized_data)
File "/usr/lib/python3.6/site-packages/oci/base_client.py", line 801, in raise_service_error
deserialized_data=deserialized_data)
oci.exceptions.ServiceError: {'target_service': 'kms_vault', 'status': 404, 'code': 'NotAuthorizedOrNotFound', 'opc-request-id': 'F2...:q3', 'message': 'resource does not exist or you are not authorized to access it.', 'operation_name': 'list_vaults', 'timestamp': '2024-06-06T09:12:39.072861+00:00', 'client_version': 'Oracle-PythonSDK/2.93.1', 'request_endpoint': 'GET https://kms.us-ashburn-1.oraclecloud.com/20180608/vaults', 'logging_tips': 'To get more info on the failing request, refer to https://docs.oracle.com/en-us/iaas/tools/python/latest/logging.html for ways to log the request/response details.', 'troubleshooting_tips': 'See https://docs.oracle.com/iaas/Content/API/References/apierrors.htm#apierrors_404__404_notauthorizedornotfound for more information about resolving this error. If you are unable to resolve this kms_vault issue, please contact Oracle support and provide them this full error message.'}
[opc@deleter OCI-SuperDelete]$ echo $?
1
`
It would be great to have an option to ignore such errors.
how can I provide the target tenant profile to use out of the config file
right now it only seems to respect the default
Any way to utilize instance principal instead of the config file?
oci cli works fine without config file, due to auth being set.. but the scripts look for ~/.oci/config specifically and cannot be bypassed
Build pipelines are not deleted when containing active stages. I think you're missing the build_stages on line 200 in delete.py.
Another option is to use the "cascade" option when deleting a DevOps project.
Hi guys,
I make a GoldenGate.py to delete GoldenGate, would you merge it into the code, thanks.
Regards,
Gary Wan
GoldenGate.py.txt
add IPSec deletion to the script
The compartments internally have some unique number and will be hidden, but not really destroyed. They could be reused if the script just cleans them up and leaves them in the tenant (for renaming and reuse). This is AFAIK the Oracle recommendation ...
If there is a VCN under compartment A and subnets created at compartment B (created via SDK, for instance), it will not delete, as it doesn't list/check for subnet resources.
The script got stuck waiting for a VCN to delete, because there were public IP reservations that were allocated by the streaming service stream pools. Had to delete the pools and streams manually to get the VCN delete to proceed. Would be good to add streaming and stream pools to the resources deleted before trying to delete a VCN.
Hi guys,
Because "boot Volume cannot be deleted while volume replication is enabled. Disable volume replication before deleting the volume."
So please add the following four lines to disable volume replication before the thirty-second line "print("Deleting: {}".format(itemstatus.display_name))"
print("Disable volume replication")
object.update_boot_volume(
boot_volume_id=itemstatus.id,
update_boot_volume_details=oci.core.models.UpdateBootVolumeDetails(boot_volume_replicas=[]))
Regards,
Gary Wan
What am I doing wrong here?
(us-ashburn-1)$ python3 ./delete.py -c ocid1.compartment.oc1..aaaaaaaa........
Traceback (most recent call last):
File "./delete.py", line 25, in
from ocimodules.functions import *
ModuleNotFoundError: No module named 'ocimodules'
rheadrick@cloudshell:~ (us-ashburn-1)$
Because the issue "can't delete bucket when multipart upload in-progress ", so I supplement a few lines of code in the ObjectStorage.py, please check the attachment.
Would you update it into the ObjectStorage.py, thanks.
Regards
Gary Wan
ObjectStorage.py.txt
Does OCI-SuperDelete support using Federated users, or is it for local users only ?
oci.exceptions.InvalidConfig: {'user': 'missing'}
Console History https://docs.oracle.com/en-us/iaas/Content/Compute/Tasks/displayingconsole.htm doesn't get deleted.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.