-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathuninstall.sh
More file actions
executable file
·343 lines (294 loc) · 12 KB
/
Copy pathuninstall.sh
File metadata and controls
executable file
·343 lines (294 loc) · 12 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
#!/usr/bin/env bash
###############################################################################
# uninstall.sh
#
# Teardown script for Azure resources created by install.sh
# This script removes:
# - Key Vault (optional, if created)
# - User Assigned Managed Identity (optional, if created)
# - Storage Account (+ containers)
# - Azure Container Registry (ACR)
# - Service Principal
# - Resource Group (optional, if --delete-rg is specified)
#
# Safe to run: checks for resource existence before deletion
#
# Usage:
# ./uninstall.sh -s SUB_ID -g acido-rg -p acido -a acidocr -S acidostore123
#
# With Key Vault and Resource Group deletion:
# ./uninstall.sh -s SUB -g acido-rg -p acido -a acidocr -S acidostore123 \
# -k acidokv --delete-rg
###############################################################################
set -Eeuo pipefail
###############################################################################
# Configuration Defaults
###############################################################################
SUBSCRIPTION_ID=""
RESOURCE_GROUP=""
SP_NAME=""
ACR_NAME=""
STORAGE_ACCOUNT_NAME=""
IDENTITY_NAME=""
KV_NAME=""
DELETE_RG=false
DRY_RUN=false
COLOR=true
###############################################################################
# Color Handling
###############################################################################
if [[ ! -t 1 ]]; then COLOR=false; fi
if $COLOR; then
C_GREEN=$'\033[32m'; C_YELLOW=$'\033[33m'; C_RED=$'\033[31m'
C_BLUE=$'\033[34m'; C_DIM=$'\033[2m'; C_RESET=$'\033[0m'
else
C_GREEN=""; C_YELLOW=""; C_RED=""; C_BLUE=""; C_DIM=""; C_RESET=""
fi
###############################################################################
# Logging Helpers
###############################################################################
info() { printf "%s[INFO]%s %s\n" "$C_GREEN" "$C_RESET" "$*"; }
warn() { printf "%s[WARN]%s %s\n" "$C_YELLOW" "$C_RESET" "$*"; }
note() { printf "%s[NOTE]%s %s\n" "$C_BLUE" "$C_RESET" "$*"; }
dim() { printf "%s[....]%s %s\n" "$C_DIM" "$C_RESET" "$*"; }
err() { printf "%s[ERR ]%s %s\n" "$C_RED" "$C_RESET" "$*" >&2; }
die() { err "$*"; exit 1; }
###############################################################################
# Usage
###############################################################################
usage() {
cat <<EOF
uninstall.sh - Remove Azure resources created by install.sh
Required:
-s, --subscription-id ID Azure Subscription ID
-g, --resource-group NAME Resource Group name
-p, --sp-name NAME Service Principal name
Optional:
-a, --acr-name NAME ACR name (if created)
-S, --storage-account-name NAME Storage Account name (if created)
-i, --identity-name NAME User Assigned Managed Identity name (if created)
-k, --kv NAME Key Vault name (if created)
--delete-rg Delete the entire resource group (use with caution)
--dry-run Show what would be deleted without executing
-h, --help Show this help
Examples:
# Remove specific resources (keeps RG)
./uninstall.sh -s SUB_ID -g acido-rg -p acido -a acidocr -S acidostore123
# Remove everything including resource group
./uninstall.sh -s SUB_ID -g acido-rg -p acido --delete-rg
# Dry run to see what would be deleted
./uninstall.sh -s SUB_ID -g acido-rg -p acido -a acidocr --dry-run
EOF
}
###############################################################################
# Parse arguments
###############################################################################
parse_args() {
while [[ $# -gt 0 ]]; do
case "$1" in
-s|--subscription-id) SUBSCRIPTION_ID="$2"; shift 2 ;;
-g|--resource-group) RESOURCE_GROUP="$2"; shift 2 ;;
-p|--sp-name) SP_NAME="$2"; shift 2 ;;
-a|--acr-name) ACR_NAME="$2"; shift 2 ;;
-S|--storage-account-name) STORAGE_ACCOUNT_NAME="$2"; shift 2 ;;
-i|--identity-name) IDENTITY_NAME="$2"; shift 2 ;;
-k|--kv) KV_NAME="$2"; shift 2 ;;
--delete-rg) DELETE_RG=true; shift ;;
--dry-run) DRY_RUN=true; shift ;;
-h|--help) usage; exit 0 ;;
*) die "Unknown option: $1. Use -h for help." ;;
esac
done
}
###############################################################################
# Validate inputs
###############################################################################
validate_inputs() {
[[ -z "$SUBSCRIPTION_ID" ]] && die "Missing --subscription-id"
[[ -z "$RESOURCE_GROUP" ]] && die "Missing --resource-group"
[[ -z "$SP_NAME" ]] && die "Missing --sp-name"
}
###############################################################################
# Ensure subscription
###############################################################################
ensure_subscription() {
az account show >/dev/null 2>&1 || die "Not logged in. Run: az login"
az account set --subscription "$SUBSCRIPTION_ID"
info "Using subscription: $SUBSCRIPTION_ID"
}
###############################################################################
# Check if resource group exists
###############################################################################
check_resource_group() {
local exists
exists="$(az group exists --name "$RESOURCE_GROUP")"
if [[ "$exists" == "false" ]]; then
warn "Resource group '$RESOURCE_GROUP' does not exist. Nothing to delete."
exit 0
fi
info "Resource group '$RESOURCE_GROUP' exists."
}
###############################################################################
# Delete Key Vault
###############################################################################
delete_key_vault() {
if [[ -z "$KV_NAME" ]]; then
dim "No Key Vault specified, skipping."
return
fi
info "Checking for Key Vault '$KV_NAME'..."
local kv_exists
kv_exists="$(az keyvault list --resource-group "$RESOURCE_GROUP" --query "[?name=='$KV_NAME'].name" -o tsv 2>/dev/null || true)"
if [[ -z "$kv_exists" ]]; then
dim "Key Vault '$KV_NAME' not found, skipping."
return
fi
if $DRY_RUN; then
note "[DRY-RUN] Would delete Key Vault: $KV_NAME"
return
fi
info "Deleting Key Vault '$KV_NAME'..."
az keyvault delete --name "$KV_NAME" --resource-group "$RESOURCE_GROUP" 2>/dev/null || warn "Failed to delete Key Vault"
# Purge soft-deleted Key Vault
info "Purging Key Vault '$KV_NAME' (removing from soft-delete)..."
az keyvault purge --name "$KV_NAME" 2>/dev/null || warn "Failed to purge Key Vault (may not support purge or already purged)"
info "Key Vault '$KV_NAME' deleted."
}
###############################################################################
# Delete Managed Identity
###############################################################################
delete_identity() {
if [[ -z "$IDENTITY_NAME" ]]; then
dim "No Managed Identity specified, skipping."
return
fi
info "Checking for Managed Identity '$IDENTITY_NAME'..."
local id_exists
id_exists="$(az identity list --resource-group "$RESOURCE_GROUP" --query "[?name=='$IDENTITY_NAME'].name" -o tsv 2>/dev/null || true)"
if [[ -z "$id_exists" ]]; then
dim "Managed Identity '$IDENTITY_NAME' not found, skipping."
return
fi
if $DRY_RUN; then
note "[DRY-RUN] Would delete Managed Identity: $IDENTITY_NAME"
return
fi
info "Deleting Managed Identity '$IDENTITY_NAME'..."
az identity delete --name "$IDENTITY_NAME" --resource-group "$RESOURCE_GROUP" 2>/dev/null || warn "Failed to delete Managed Identity"
info "Managed Identity '$IDENTITY_NAME' deleted."
}
###############################################################################
# Delete Storage Account
###############################################################################
delete_storage_account() {
if [[ -z "$STORAGE_ACCOUNT_NAME" ]]; then
dim "No Storage Account specified, skipping."
return
fi
info "Checking for Storage Account '$STORAGE_ACCOUNT_NAME'..."
local storage_exists
storage_exists="$(az storage account list --resource-group "$RESOURCE_GROUP" --query "[?name=='$STORAGE_ACCOUNT_NAME'].name" -o tsv 2>/dev/null || true)"
if [[ -z "$storage_exists" ]]; then
dim "Storage Account '$STORAGE_ACCOUNT_NAME' not found, skipping."
return
fi
if $DRY_RUN; then
note "[DRY-RUN] Would delete Storage Account: $STORAGE_ACCOUNT_NAME"
return
fi
info "Deleting Storage Account '$STORAGE_ACCOUNT_NAME'..."
az storage account delete --name "$STORAGE_ACCOUNT_NAME" --resource-group "$RESOURCE_GROUP" --yes 2>/dev/null || warn "Failed to delete Storage Account"
info "Storage Account '$STORAGE_ACCOUNT_NAME' deleted."
}
###############################################################################
# Delete ACR
###############################################################################
delete_acr() {
if [[ -z "$ACR_NAME" ]]; then
dim "No ACR specified, skipping."
return
fi
info "Checking for ACR '$ACR_NAME'..."
local acr_exists
acr_exists="$(az acr list --resource-group "$RESOURCE_GROUP" --query "[?name=='$ACR_NAME'].name" -o tsv 2>/dev/null || true)"
if [[ -z "$acr_exists" ]]; then
dim "ACR '$ACR_NAME' not found, skipping."
return
fi
if $DRY_RUN; then
note "[DRY-RUN] Would delete ACR: $ACR_NAME"
return
fi
info "Deleting ACR '$ACR_NAME'..."
az acr delete --name "$ACR_NAME" --resource-group "$RESOURCE_GROUP" --yes 2>/dev/null || warn "Failed to delete ACR"
info "ACR '$ACR_NAME' deleted."
}
###############################################################################
# Delete Service Principal
###############################################################################
delete_service_principal() {
info "Checking for Service Principal '$SP_NAME'..."
local app_id
app_id="$(az ad sp list --display-name "$SP_NAME" --query '[0].appId' -o tsv 2>/dev/null || true)"
if [[ -z "$app_id" || "$app_id" == "null" ]]; then
dim "Service Principal '$SP_NAME' not found, skipping."
return
fi
if $DRY_RUN; then
note "[DRY-RUN] Would delete Service Principal: $SP_NAME (appId: $app_id)"
return
fi
info "Deleting Service Principal '$SP_NAME' (appId: $app_id)..."
az ad sp delete --id "$app_id" 2>/dev/null || warn "Failed to delete Service Principal"
info "Service Principal '$SP_NAME' deleted."
}
###############################################################################
# Delete Resource Group
###############################################################################
delete_resource_group() {
if ! $DELETE_RG; then
info "Resource group deletion not requested (use --delete-rg to delete)."
return
fi
if $DRY_RUN; then
note "[DRY-RUN] Would delete Resource Group: $RESOURCE_GROUP"
return
fi
warn "DELETING ENTIRE RESOURCE GROUP: $RESOURCE_GROUP"
warn "This will remove ALL resources in the group!"
info "Waiting 5 seconds... (Ctrl+C to cancel)"
sleep 5
info "Deleting Resource Group '$RESOURCE_GROUP'..."
az group delete --name "$RESOURCE_GROUP" --yes --no-wait 2>/dev/null || warn "Failed to delete Resource Group"
info "Resource Group '$RESOURCE_GROUP' deletion initiated (running in background)."
}
###############################################################################
# Main
###############################################################################
main() {
parse_args "$@"
validate_inputs
ensure_subscription
check_resource_group
if $DRY_RUN; then
warn "=== DRY RUN MODE - No changes will be made ==="
fi
info "=========================================="
info "Starting teardown process"
info "=========================================="
# Delete resources in reverse order of dependencies
delete_key_vault
delete_identity
delete_storage_account
delete_acr
delete_service_principal
delete_resource_group
info "=========================================="
if $DRY_RUN; then
info "Dry run complete. No resources were deleted."
else
info "Teardown complete!"
fi
info "=========================================="
}
main "$@"