Add improvements from other destroy scripts (#1910)

Co-authored-by: Garrett Rabian <garrett@coforma.io>
Enterprise-CMCS · Aug 1, 2023 · f44d40d · f44d40d
1 parent d95a37f
commit f44d40d
Showing 1 changed file with 58 additions and 37 deletions.
diff --git a/destroy.sh b/destroy.sh
@@ -27,7 +27,8 @@ if [[ $stage =~ $protected_stage_regex ]] ; then
     """
     exit 1
 fi
-echo "\nCollecting information on stage $stage before attempting a destroy... This can take a minute or two..."
+
+echo "Collecting information on stage $stage before attempting a destroy... This can take a minute or two..."
 
 set -e
 
@@ -78,78 +79,98 @@ fi
 
 for i in "${bucketList[@]}"
 do
-  echo $i
   set -e
 
   # Suspend bucket versioning.
   aws s3api put-bucket-versioning --bucket $i --versioning-configuration Status=Suspended
 
-    # Remove all bucket versions.
-  versions=`aws s3api list-object-versions \
+  # Remove all bucket versions.
+  versions=$(aws s3api list-object-versions \
     --max-items 200 \
     --bucket "$i" \
     --output=json \
-    --query='{Objects: Versions[].{Key:Key,VersionId:VersionId}}'`
-
-  while ! echo $versions | grep -q '"Objects": null' ;
-  do
+    --query='{Objects: Versions[].{Key:Key,VersionId:VersionId}}')
+
+  while ! echo $versions | grep -q '"Objects": null'; do
     aws s3api delete-objects \
       --bucket $i \
-      --delete "$versions" > /dev/null 2>&1
-    versions=`aws s3api list-object-versions \
-    --max-items 200 \
-    --bucket "$i" \
-    --output=json \
-    --query='{Objects: Versions[].{Key:Key,VersionId:VersionId}}'`
+      --delete "$versions" >/dev/null 2>&1
+    versions=$(aws s3api list-object-versions \
+      --max-items 200 \
+      --bucket "$i" \
+      --output=json \
+      --query='{Objects: Versions[].{Key:Key,VersionId:VersionId}}')
   done
 
   # Remove all bucket delete markers.
-  markers=`aws s3api list-object-versions \
+  markers=$(aws s3api list-object-versions \
     --bucket "$i" \
     --output=json \
-    --query='{Objects: DeleteMarkers[].{Key:Key,VersionId:VersionId} }'`
+    --query='{Objects: DeleteMarkers[].{Key:Key,VersionId:VersionId} }')
   if ! echo $markers | grep -q '"Objects": null'; then
     aws s3api delete-objects \
       --bucket $i \
-      --delete "$markers" > /dev/null 2>&1
+      --delete "$markers" >/dev/null 2>&1
   fi
 
   # Empty the bucket
+  echo "emptying bucket: $i"
   aws s3 rm s3://$i/ --recursive
 done
 
-echo "Removing certificate from stage"
-
 restApiName=$stage-app-api
 
 restApiId=$(aws apigateway get-rest-apis | jq -r ".[] | .[] |  select(.name==\"$restApiName\") | .id|tostring")
 
-aws apigateway update-stage \
-  --rest-api-id $restApiId \
-  --stage-name $stage \
-  --patch-operations op=replace,path=/clientCertificateId,value="" \
-  &>/dev/null
+if [ "$restApiId" != "" ]; then
+  echo "Removing certificate from stage"
+
+  aws apigateway update-stage \
+    --rest-api-id $restApiId \
+    --stage-name $stage \
+    --patch-operations op=replace,path=/clientCertificateId,value="" \
+    &>/dev/null
+
+  restApiArn="arn:aws:apigateway:us-east-1::/restapis/$restApiId/stages/$stage"
 
-echo "Removed certificate from stage"
+  echo "Disassociating web acl from api gateway"
+
+  aws wafv2 disassociate-web-acl \
+    --resource-arn $restApiArn &>/dev/null
+
+  echo "Removed certificate from stage and disassociated web acl"
+fi
 
 # Trigger a delete for each cloudformation stack
 for i in "${stackList[@]}"
 do
-  echo $i
+  echo "triggering stack deletion for $i"
   aws cloudformation delete-stack --stack-name $i
 done
+
 # Delete Client Certificates associated with a branch
-certToDestroy=$(aws apigateway get-client-certificates\
-    | grep \"app-api-${stage}\" -B 2 \
-    | grep -o '"clientCertificateId": "[^"]*' \
-    | grep -o '[^"]*$')
+certToDestroy=$(aws apigateway get-client-certificates | grep \"app-api-${stage}\" -B 2 |
+  grep -o '"clientCertificateId": "[^"]*' |
+  grep -o '[^"]*$')
 
-until [ -z $certToDestroy ];
-do 
+until [ -z $certToDestroy ]; do
   aws apigateway delete-client-certificate --client-certificate-id $certToDestroy || true
   sleep 10
-  certToDestroy=$(aws apigateway get-client-certificates\
-    | grep \"app-api-${stage}\" -B 2 \
-    | grep -o '"clientCertificateId": "[^"]*' \
-    | grep -o '[^"]*$' || true) 
-done 
+  certToDestroy=$(aws apigateway get-client-certificates | grep \"app-api-${stage}\" -B 2 |
+    grep -o '"clientCertificateId": "[^"]*' |
+    grep -o '[^"]*$' || true)
+done
+
+# Find hanging api-gateway log group
+apiGatewayLogGroupName="/aws/api-gateway/app-api-$stage"
+apiGatewayLogGroupExists=($(aws logs describe-log-groups --log-group-name-prefix $apiGatewayLogGroupName | jq -r ".logGroups[] | length"))
+if [[ -n $apiGatewayLogGroupExists ]]; then
+  aws logs delete-log-group --log-group-name $apiGatewayLogGroupName
+fi
+
+# Find hanging api-gateway execution logs
+apiGatewayExecutionLogRegex="^API-Gateway-Execution-Logs[^/]+\/$stage$"
+apiGatewayExecutionLogs=($(aws logs describe-log-groups --query "logGroups[*].logGroupName" --output json | jq -r --arg pattern "$apiGatewayExecutionLogRegex" '.[] | select(test($pattern))'))
+if [[ -n $apiGatewayExecutionLogs ]]; then
+  aws logs delete-log-group --log-group-name $apiGatewayExecutionLogs
+fi