Clean up all purgeable KVs and MHSMs

Azure · Aug 12, 2021 · 3be37c7 · 3be37c7
1 parent 0469c84
commit 3be37c7
Show file tree

Hide file tree

Showing 3 changed files with 37 additions and 7 deletions.
diff --git a/eng/common/TestResources/Remove-TestResources.ps1 b/eng/common/TestResources/Remove-TestResources.ps1
@@ -217,7 +217,7 @@ $verifyDeleteScript = {
 }
 
 # Get any resources that can be purged after the resource group is deleted.
-$purgeableResources = Get-PurgeableResources $ResourceGroupName
+$purgeableResources = Get-PurgeableGroupResources $ResourceGroupName
 
 Log "Deleting resource group '$ResourceGroupName'"
 if ($Force -and !$purgeableResources) {

diff --git a/eng/common/scripts/Helpers/Resource-Helpers.ps1 b/eng/common/scripts/Helpers/Resource-Helpers.ps1
@@ -1,9 +1,8 @@
 # Add 'AzsdkResourceType' member to outputs since actual output types have changed over the years.
 
-function Get-PurgeableResources {
+function Get-PurgeableGroupResources {
     param (
-        [Parameter(Position=0)]
-        [ValidateNotNullOrEmpty()]
+        [Parameter(Mandatory=$true, Position=0)]
         [string] $ResourceGroupName
     )
 
@@ -19,6 +18,31 @@ function Get-PurgeableResources {
         | Add-Member -MemberType NoteProperty -Name AzsdkResourceType -Value 'Managed HSM' -PassThru
 }
 
+function Get-PurgeableResources {
+    $subscriptionId = (Get-AzContext).Subscription.Id
+
+    # Get deleted Key Vaults for the current subscription.
+    Get-AzKeyVault -InRemovedState `
+        | Add-Member -MemberType NoteProperty -Name AzsdkResourceType -Value 'Key Vault' -PassThru
+
+    # Get deleted Managed HSMs for the current subscription.
+    $response = Invoke-AzRestMethod -Method GET -Path "/subscriptions/$subscriptionId/providers/Microsoft.KeyVault/deletedManagedHSMs?api-version=2021-04-01-preview" -ErrorAction Ignore
+    if ($response.StatusCode -ge 200 -and $response.StatusCode -lt 300 -and $response.Content) {
+        $content = $response.Content | ConvertFrom-Json
+        foreach ($r in $content.value) {
+            [pscustomobject] @{
+                AzsdkResourceType = 'Managed HSM'
+                Id = $r.
+                Name = $r.name
+                Location = $r.properties.location
+                DeletionDate = $r.properties.deletionDate -as [DateTime]
+                ScheduledPurgeDate = $r.properties.scheduledPurgeDate -as [DateTime]
+                EnablePurgeProtection = $r.properties.purgeProtectionEnabled
+            }
+        }
+    }
+}
+
 function Remove-PurgeableResources {
     param (
         [Parameter(Mandatory=$true, Position=0, ValueFromPipeline=$true)]

diff --git a/eng/scripts/live-test-resource-cleanup.ps1 b/eng/scripts/live-test-resource-cleanup.ps1
@@ -66,15 +66,21 @@ Write-Host "Count $($hasDeleteAfter.Count)"
 $toDelete = $hasDeleteAfter.Where({ $deleteDate = ($_.Tags.DeleteAfter -as [DateTime]); (!$deleteDate -or $now -gt $deleteDate) })
 Write-Host "Groups to delete: $($toDelete.Count)"
 
+# Get purgeable resources already in a deleted state coerced into a collection even if empty.
+$purgeableResources = @(Get-PurgeableResources)
+
 foreach ($rg in $toDelete)
 {
   if ($Force -or $PSCmdlet.ShouldProcess("$($rg.ResourceGroupName) (UTC: $($rg.Tags.DeleteAfter))", "Delete Group")) {
-    $purgeableResources = Get-PurgeableResources $rg.Name
+    # Add purgeable resources that will be deleted with the resource group to the collection.
+    $purgeableResources += Get-PurgeableGroupResources $rg.Name
 
     Write-Verbose "Deleting group: $($rg.Name)"
     Write-Verbose "  tags $($rg.Tags | ConvertTo-Json -Compress)"
     Write-Host ($rg | Remove-AzResourceGroup -Force -AsJob).Name
-
-    Remove-PurgeableResources $purgeableResources 
   }
 }
+
+# Purge all the purgeable resources.
+Write-Host "Deleting $($purgeableResources.Count) purgeable resources"
+Remove-PurgeableResources $purgeableResources