Skip to content

Commit de774f9

Browse files
committed
ROSAENG-0000 | test: Cleanup VPC
1 parent f7dc1c3 commit de774f9

12 files changed

Lines changed: 98 additions & 15 deletions

File tree

examples/rosa-hcp-private-shared-vpc/main.tf

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -106,8 +106,9 @@ module "vpc" {
106106
aws = aws.network-owner
107107
}
108108

109-
name_prefix = local.shared_resources_name_prefix
110-
availability_zones_count = 1
109+
name_prefix = local.shared_resources_name_prefix
110+
availability_zones_count = 1
111+
cleanup_rosa_vpce_security_groups = true
111112
}
112113

113114
############################

examples/rosa-hcp-private-with-additional-control-plane-security-groups/main.tf

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -91,8 +91,9 @@ resource "random_password" "password" {
9191
module "vpc" {
9292
source = "../../modules/vpc"
9393

94-
name_prefix = var.cluster_name
95-
availability_zones_count = 1
94+
name_prefix = var.cluster_name
95+
availability_zones_count = 1
96+
cleanup_rosa_vpce_security_groups = true
9697
}
9798

9899
############################

examples/rosa-hcp-private/main.tf

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -46,8 +46,9 @@ resource "random_password" "password" {
4646
module "vpc" {
4747
source = "../../modules/vpc"
4848

49-
name_prefix = var.cluster_name
50-
availability_zones_count = 1
49+
name_prefix = var.cluster_name
50+
availability_zones_count = 1
51+
cleanup_rosa_vpce_security_groups = true
5152
}
5253

5354
############################

examples/rosa-hcp-public-unmanaged-oidc/main.tf

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -55,6 +55,7 @@ resource "random_password" "password" {
5555
module "vpc" {
5656
source = "../../modules/vpc"
5757

58-
name_prefix = var.cluster_name
59-
availability_zones_count = 3
58+
name_prefix = var.cluster_name
59+
availability_zones_count = 3
60+
cleanup_rosa_vpce_security_groups = true
6061
}

examples/rosa-hcp-public-with-multiple-machinepools-and-idps/main.tf

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -162,7 +162,8 @@ resource "random_password" "password" {
162162
module "vpc" {
163163
source = "../../modules/vpc"
164164

165-
name_prefix = var.cluster_name
166-
availability_zones_count = 3
165+
name_prefix = var.cluster_name
166+
availability_zones_count = 3
167+
cleanup_rosa_vpce_security_groups = true
167168
}
168169

examples/rosa-hcp-public-with-sts-external-id/main.tf

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -31,6 +31,7 @@ module "hcp" {
3131
module "vpc" {
3232
source = "../../modules/vpc"
3333

34-
name_prefix = var.cluster_name
35-
availability_zones_count = 3
34+
name_prefix = var.cluster_name
35+
availability_zones_count = 3
36+
cleanup_rosa_vpce_security_groups = true
3637
}

examples/rosa-hcp-public/main.tf

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -56,6 +56,7 @@ resource "random_password" "password" {
5656
module "vpc" {
5757
source = "../../modules/vpc"
5858

59-
name_prefix = var.cluster_name
60-
availability_zones_count = 3
59+
name_prefix = var.cluster_name
60+
availability_zones_count = 3
61+
cleanup_rosa_vpce_security_groups = true
6162
}

modules/vpc/README.md

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -22,13 +22,15 @@ module "vpc" {
2222
| ---- | ------- |
2323
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0 |
2424
| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.38.0 |
25+
| <a name="requirement_null"></a> [null](#requirement\_null) | >= 3.2.4 |
2526
| <a name="requirement_time"></a> [time](#requirement\_time) | >= 0.9 |
2627

2728
## Providers
2829

2930
| Name | Version |
3031
| ---- | ------- |
3132
| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 5.38.0 |
33+
| <a name="provider_null"></a> [null](#provider\_null) | >= 3.2.4 |
3234
| <a name="provider_time"></a> [time](#provider\_time) | >= 0.9 |
3335

3436
## Modules
@@ -54,6 +56,7 @@ No modules.
5456
| [aws_vpc.vpc](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc) | resource |
5557
| [aws_vpc_endpoint.s3](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc_endpoint) | resource |
5658
| [aws_vpc_endpoint_route_table_association.private_vpc_endpoint_route_table_association](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc_endpoint_route_table_association) | resource |
59+
| [null_resource.vpc_destroy_cleanup](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource |
5760
| [time_sleep.vpc_resources_wait](https://registry.terraform.io/providers/hashicorp/time/latest/docs/resources/sleep) | resource |
5861
| [aws_availability_zones.available](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/availability_zones) | data source |
5962
| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |
@@ -64,6 +67,7 @@ No modules.
6467
| ---- | ----------- | ---- | ------- | :------: |
6568
| <a name="input_availability_zones"></a> [availability\_zones](#input\_availability\_zones) | A list of availability zones names in the region. This value should not be updated, please create a new resource instead | `list(string)` | `null` | no |
6669
| <a name="input_availability_zones_count"></a> [availability\_zones\_count](#input\_availability\_zones\_count) | The count of availability zones to use within the specified AWS Region, where pairs of public and private subnets will be generated. Valid only when availability\_zones variable is not provided. This value should not be updated, please create a new resource instead | `number` | `null` | no |
70+
| <a name="input_cleanup_rosa_vpce_security_groups"></a> [cleanup\_rosa\_vpce\_security\_groups](#input\_cleanup\_rosa\_vpce\_security\_groups) | On destroy, remove orphaned ROSA HCP PrivateLink security groups (name suffix -vpce-private-router) left in this VPC after cluster deletion. Enable for ROSA HCP clusters using this module; requires AWS CLI and EC2 permissions at destroy time. | `bool` | `false` | no |
6771
| <a name="input_name_prefix"></a> [name\_prefix](#input\_name\_prefix) | User-defined prefix for all generated AWS resources of this VPC. This value should not be updated, please create a new resource instead | `string` | n/a | yes |
6872
| <a name="input_tags"></a> [tags](#input\_tags) | AWS tags to be applied to generated AWS resources of this VPC. | `map(string)` | `null` | no |
6973
| <a name="input_vpc_cidr"></a> [vpc\_cidr](#input\_vpc\_cidr) | Cidr block of the desired VPC. This value should not be updated, please create a new resource instead | `string` | `"10.0.0.0/16"` | no |

modules/vpc/main.tf

Lines changed: 18 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -204,9 +204,26 @@ resource "aws_route_table_association" "private_route_table_association" {
204204

205205
# This resource is used in order to add dependencies on all resources
206206
# Any resource uses this VPC ID, must wait to all resources creation completion
207+
# Optional destroy hook: after time_sleep.vpc_resources_wait completes its destroy wait,
208+
# remove orphaned ROSA HCP VPCE security groups that block VPC deletion (DependencyViolation).
209+
resource "null_resource" "vpc_destroy_cleanup" {
210+
count = var.cleanup_rosa_vpce_security_groups ? 1 : 0
211+
212+
triggers = {
213+
vpc_id = aws_vpc.vpc.id
214+
}
215+
216+
provisioner "local-exec" {
217+
when = destroy
218+
command = "bash ${path.module}/../../scripts/vpc-destroy-cleanup.sh '${self.triggers.vpc_id}'"
219+
}
220+
}
221+
207222
resource "time_sleep" "vpc_resources_wait" {
223+
depends_on = [null_resource.vpc_destroy_cleanup]
224+
208225
create_duration = "20s"
209-
destroy_duration = "20s"
226+
destroy_duration = "5m"
210227
triggers = {
211228
vpc_id = aws_vpc.vpc.id
212229
cidr_block = aws_vpc.vpc.cidr_block

modules/vpc/variables.tf

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -29,3 +29,9 @@ variable "tags" {
2929
default = null
3030
description = "AWS tags to be applied to generated AWS resources of this VPC."
3131
}
32+
33+
variable "cleanup_rosa_vpce_security_groups" {
34+
type = bool
35+
default = false
36+
description = "On destroy, remove orphaned ROSA HCP PrivateLink security groups (name suffix -vpce-private-router) left in this VPC after cluster deletion. Enable for ROSA HCP clusters using this module; requires AWS CLI and EC2 permissions at destroy time."
37+
}

0 commit comments

Comments
 (0)