ekristen / azure-nuke Goto Github PK
View Code? Open in Web Editor NEWRemove all resources from an Azure Tenant and it's Subscriptions.
Home Page: https://ekristen.github.io/azure-nuke/
License: MIT License
Remove all resources from an Azure Tenant and it's Subscriptions.
Home Page: https://ekristen.github.io/azure-nuke/
License: MIT License
The code snippet in the README.md file makes use of the cli flag --resource-id
but upon reviewing the code at commands.go, it appears that the resource-id
flag is no longer valid.
Can you confirm?
Thank you for this project! Is it currently possible to limit the destruction to a subset of subscriptions owned by the tenant?
At the moment resource group exclusions will prevent the group being destroyed but owned resources are still flagged for destruction. Could we add an option to also exclude the resources owned by the group?
Something like:
Filters:
ResourceGroup:
- foo
- bar
ResourceGroupAll:
- foofoo
- barbar
so current the exclusions filter method is unaffected by the change .
0.6.0 release emits version as: azure-nuke version 1.0.0-dev
I installed azure-nuke using the brew command: brew install ekristen/tap/azure-nuke@1
While the installation worked fine, executing brew update
or brew cleanup
always caused the following error message:
Error: formulae require at least a URL
/opt/homebrew/Library/Homebrew/formula.rb:315:in `determine_active_spec'
/opt/homebrew/Library/Homebrew/formula.rb:249:in `initialize'
/opt/homebrew/Library/Homebrew/formulary.rb:569:in `new'
/opt/homebrew/Library/Homebrew/formulary.rb:569:in `get_formula'
/opt/homebrew/Library/Homebrew/formulary.rb:793:in `get_formula'
/opt/homebrew/Library/Homebrew/formulary.rb:1009:in `factory'
/opt/homebrew/Library/Homebrew/formulary.rb:1053:in `from_rack'
/opt/homebrew/Library/Homebrew/cleanup.rb:129:in `stale_formula?'
/opt/homebrew/Library/Homebrew/cleanup.rb:66:in `stale?'
/opt/homebrew/Library/Homebrew/cleanup.rb:450:in `block in cleanup_cache'
/opt/homebrew/Library/Homebrew/cleanup.rb:432:in `each'
/opt/homebrew/Library/Homebrew/cleanup.rb:432:in `cleanup_cache'
/opt/homebrew/Library/Homebrew/cleanup.rb:296:in `clean!'
/opt/homebrew/Library/Homebrew/cmd/cleanup.rb:52:in `run'
/opt/homebrew/Library/Homebrew/brew.rb:92:in `<main>'
Please report this issue:
https://docs.brew.sh/Troubleshooting
The issue vanished after I deleted azure-nuke by forcefully removing directories and untapping ekristen/tap
.
I'm seeing the following error when it tries to delete resource groups:
ERRO[0015] the context used must have a deadline attached for polling purposes, but got no deadline
eastus/rg2 - ResourceGroup - myResourceGroup - [Location: "eastus", Name: "myResourceGroup", SubscriptionId: "REDACTED"] - failed
Note I am able to successfully run the following while logged in as the same service principal:
az group create --name myResourceGroup --location eastus
az group delete --name myResourceGroup --yes --no-wait
This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.
These updates are currently rate-limited. Click on a checkbox below to force their creation now.
These updates have all been created already. Click a checkbox below to force a retry/rebase of any.
Dockerfile
docker/dockerfile 1.7-labs
alpine 3.16.0
ghcr.io/acorn-io/images-mirror/golang 1.21
.github/workflows/docs.yml
actions/checkout v4
actions/configure-pages v5
actions/setup-python v5
actions/cache v4
actions/upload-pages-artifact v3
actions/deploy-pages v4
.github/workflows/golangci-lint.yml
actions/checkout v4
actions/setup-go v5
golangci/golangci-lint-action v5
.github/workflows/goreleaser.yml
actions/checkout v4
actions/checkout v4
actions/setup-go v5
docker/setup-qemu-action v3
docker/setup-buildx-action v3
docker/login-action v3
sigstore/cosign-installer v3
1password/load-secrets-action v2
goreleaser/goreleaser-action v5
actions/upload-artifact v4
.github/workflows/semantic-lint.yml
amannn/action-semantic-pull-request v5
.github/workflows/semantic.yml
actions/checkout v4
actions/setup-node v4
.github/workflows/tests.yml
actions/checkout v4
actions/setup-go v5
go.mod
go 1.21.6
github.com/Azure/azure-sdk-for-go v68.0.0+incompatible
github.com/Azure/azure-sdk-for-go/sdk/azcore v1.6.0
github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.3.0
github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/authorization/armauthorization v1.0.0
github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/recoveryservices/armrecoveryservices v1.3.1
github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/recoveryservices/armrecoveryservicesbackup v1.0.0
github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/security/armsecurity v0.11.0
github.com/Azure/go-autorest/autorest/to v0.4.0
github.com/ekristen/libnuke v0.16.0
github.com/fatih/camelcase v1.0.0
github.com/fatih/color v1.17.0
github.com/gotidy/ptr v1.4.0
github.com/hashicorp/go-azure-helpers v0.69.0
github.com/hashicorp/go-azure-sdk v0.20240125.1100331
github.com/iancoleman/strcase v0.3.0
github.com/manicminer/hamilton v0.61.0
github.com/sirupsen/logrus v1.9.3
github.com/stretchr/testify v1.9.0
github.com/urfave/cli/v2 v2.27.2
.github/workflows/golangci-lint.yml
.github/workflows/goreleaser.yml
.github/workflows/tests.yml
time="2023-04-13T16:44:45Z" level=error msg="There are resources in failed state, but none are ready for deletion, anymore."
time="2023-04-13T16:44:45Z" level=error msg="storage.AccountsClient#ListByResourceGroup: Failure responding to request: StatusCode=404 -- Original Error: autorest/azure: Service returned an error. Status=404 Code=\"ResourceGroupNotFound\" Message=\"Resource group 'xxxx-7a6ba333862f' could not be found.\""
This is likely due to a race condition of deleting resource groups at the same time.
Thank you for all the hard work on this nuke script.
The purpose of this issue is to see if it's possible to update this nuke script to allow its users to specify ClientID
as a filter option for application registrations
. The reason for this is that there are instances where there may be multiple applications with the same displayName
and users may be interested in removing just one of them. Being able to specify the ClientID
will make sure that we remove the correct app registration.
If there is a way to do this already, please let me know.
@ekristen thanks again for the help yesterday. I have a new issue with a segfault. Note I've omitted trace output, but there's no additional logging that happens after "scan complete..." and the panic.
config.yaml
regions:
- eastus
blocklist:
- fake-tenant-id
accounts:
redacted-tenant-id:
filters:
ResourceGroup:
- Default
- NetworkWatcherRG
PolicyAssignment:
- SecurityCenterBuiltIn
--no-dry-run output:
INFO[0000] configured locations[eastus]
eastus/rg0 - ResourceGroup - delete-me_group - [Location: "eastus", Name: "delete-me_group"] - would remove
eastus/rg0 - ResourceGroup - deleteme - [Location: "eastus", Name: "deleteme"] - would remove
eastus/rg0 - VirtualNetwork - delete-me-vnet - [Name: "delete-me-vnet", ResourceGroup: "delete-me_group"] - would remove
eastus/rg0 - SSHPublicKey - somekey - [Name: "somekey", ResourceGroup: "delete-me_group"] - would remove
eastus/rg0 - NetworkSecurityGroup - delete-me-nsg - [Location: "eastus", Name: "delete-me-nsg"] - would remove
eastus/rg0 - VirtualMachine - delete-me - [Name: "delete-me", ResourceGroup: "delete-me_group"] - would remove
eastus/rg0 - NetworkInterface - delete-me293_z1 - [Name: "delete-me293_z1", ResourceGroup: "delete-me_group"] - would remove
eastus/rg0 - PublicIPAddresses - delete-me-ip - [Name: "delete-me-ip", ResourceGroup: "delete-me_group"] - would remove
eastus/rg0 - Disk - delete-me_disk1_23497234987234hjsdf - [Name: "delete-me_disk1_23497234987234hjsdf", ResourceGroup: "delete-me_group"] - would remove
eastus/rg1 - ResourceGroup - delete-me_group - [Location: "eastus", Name: "delete-me_group"] - would remove
eastus/rg1 - ResourceGroup - deleteme - [Location: "eastus", Name: "deleteme"] - would remove
eastus/rg2 - ResourceGroup - delete-me_group - [Location: "eastus", Name: "delete-me_group"] - would remove
eastus/rg2 - ResourceGroup - deleteme - [Location: "eastus", Name: "deleteme"] - would remove
Scan complete: 3123 total, 13 nukeable, 3110 filtered.
panic: runtime error: invalid memory address or nil pointer dereference [recovered]
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x0 pc=0x19cc742]
goroutine 1 [running]:
main.main.func1()
/home/runner/work/azure-nuke/azure-nuke/main.go:25 +0x54
panic({0x1adac40?, 0x2405950?})
/opt/hostedtoolcache/go/1.21.6/x64/src/runtime/panic.go:914 +0x21f
github.com/ekristen/azure-nuke/resources.(*ResourceGroup).Remove(0x38?, {0x1d3f880?, 0x2448840?})
/home/runner/work/azure-nuke/azure-nuke/resources/resource-group.go:38 +0x22
github.com/ekristen/libnuke/pkg/nuke.(*Nuke).HandleRemove(0xc0001a8f50?, {0x1d3f880?, 0x2448840?}, 0xc00150e840)
/home/runner/go/pkg/mod/github.com/ekristen/[email protected]/pkg/nuke/nuke.go:474 +0x2e
github.com/ekristen/libnuke/pkg/nuke.(*Nuke).HandleQueue(0xc000213400, {0x1d3f880, 0x2448840})
/home/runner/go/pkg/mod/github.com/ekristen/[email protected]/pkg/nuke/nuke.go:436 +0x105
github.com/ekristen/libnuke/pkg/nuke.(*Nuke).run(0xc000213400, {0x1d3f880, 0x2448840})
/home/runner/go/pkg/mod/github.com/ekristen/[email protected]/pkg/nuke/nuke.go:225 +0x85
github.com/ekristen/libnuke/pkg/nuke.(*Nuke).Run(0xc000213400, {0x1d3f880, 0x2448840})
/home/runner/go/pkg/mod/github.com/ekristen/[email protected]/pkg/nuke/nuke.go:209 +0x17a
github.com/ekristen/azure-nuke/pkg/commands/nuke.execute(0xc0001dac40)
/home/runner/work/azure-nuke/azure-nuke/pkg/commands/nuke/command.go:183 +0x1cc5
github.com/urfave/cli/v2.(*Command).Run(0xc00014a6c0, 0xc0001da600)
/home/runner/go/pkg/mod/github.com/urfave/cli/[email protected]/command.go:163 +0x583
github.com/urfave/cli/v2.(*App).RunContext(0xc00020ed00, {0x1d3f880?, 0x2448840}, {0xc000022100, 0x8, 0x8})
/home/runner/go/pkg/mod/github.com/urfave/cli/[email protected]/app.go:313 +0xaa5
github.com/urfave/cli/v2.(*App).Run(...)
/home/runner/go/pkg/mod/github.com/urfave/cli/[email protected]/app.go:224
main.main()
/home/runner/work/azure-nuke/azure-nuke/main.go:45 +0x20d
I am admittedly extremely naive when it comes to Azure, but I cannot seem to sort out what the issue is here. Any suggestions would be greatly appreciated. Note this is using azure-nuke version 1.0.0-next.4
I created a service principal like so:
az ad sp create-for-rbac --name nuke-role --role contributor --scopes /subscriptions/redacted-subscription-id
My config.yaml currently just looks like this, but I've also tried many other combos of config.yaml settings and get the same results:
regions:
- global
- eastus
I then run:
azure-nuke run --tenant-id=redacted --client-id=redacted --client-secret=redacted --subscription-id=redacted --log-level trace --log-caller
And get:
TRAC[0000]command.go:45 tenant id: redacted
DEBU[0000]auth.go:30 authentication type: client secret
TRAC[0000]command.go:55 preparing to run nuke
TRAC[0000]tenant.go:32 start: NewTenant handler=NewTenant
TRAC[0000]tenant.go:46 attempting to list tenants handler=NewTenant
TRAC[0000]command.go:31 2024/03/20 17:16:56 [DEBUG] POST https://login.microsoftonline.com/redacted/oauth2/v2.0/token source=standard-logger
TRAC[0000]tenant.go:59 listing subscriptions
TRAC[0000]tenant.go:70 adding subscriptions id: redacted
TRAC[0000]tenant.go:73 listing resource groups
INFO[0000]tenant.go:77 configured locations[global eastus]
DEBU[0000]tenant.go:89 resource group name: redacted
DEBU[0000]tenant.go:89 resource group name: NetworkWatcherRG
DEBU[0000]tenant.go:89 resource group name: redacted
FATA[0000]main.go:46 account is not configured
If it possible to exclude for example resource group by specific tag?
Thank you!
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.