Update CLEANUP.md
This commit is contained in:
parent
8d4ea4ec67
commit
d7fd11b5fd
|
@ -50,7 +50,55 @@ for x in $(terraform state list | grep google_storage_bucket.bucket); do
|
|||
done
|
||||
|
||||
terraform destroy
|
||||
|
||||
```
|
||||
|
||||
# Stage 0 (Bootstrap)
|
||||
You should follow these steps carefully because we can end up destroying our own permissions. We also have to remove several resources (GCS buckets and BQ datasets) manually.
|
||||
|
||||
```bash
|
||||
cd $FAST_PWD/00-bootstrap/
|
||||
|
||||
# remove provider config to execute without SA impersonation
|
||||
rm 00-bootstrap-providers.tf
|
||||
|
||||
# migrate to local state
|
||||
terraform init -migrate-state
|
||||
|
||||
# remove buckets and BQ dataset manually
|
||||
for x in $(terraform state list | grep google_storage_bucket.bucket); do
|
||||
terraform state rm "$x";
|
||||
done
|
||||
|
||||
for x in $(terraform state list | grep google_bigquery_dataset); do
|
||||
terraform state rm "$x";
|
||||
done
|
||||
|
||||
terraform destroy
|
||||
|
||||
# when this fails continue with the steps below
|
||||
# make your user (the one you are using to execute this step) org admin again, as we will remove organization-admins group roles
|
||||
|
||||
# Add the Organization Admin role to $BU_USER in the GCP Console
|
||||
|
||||
# grant yourself this permission so you can finish the destruction
|
||||
export FAST_DESTROY_ROLES="roles/billing.admin roles/logging.admin \
|
||||
roles/iam.organizationRoleAdmin roles/resourcemanager.projectDeleter \
|
||||
roles/resourcemanager.folderAdmin roles/owner"
|
||||
|
||||
export FAST_BU=$(gcloud config list --format 'value(core.account)')
|
||||
|
||||
# find your org id
|
||||
gcloud organizations list --filter display_name:[part of your domain]
|
||||
|
||||
# set your org id
|
||||
export FAST_ORG_ID=XXXX
|
||||
|
||||
for role in $FAST_DESTROY_ROLES; do
|
||||
gcloud organizations add-iam-policy-binding $FAST_ORG_ID \
|
||||
--member user:$FAST_BU --role $role
|
||||
done
|
||||
|
||||
terraform destroy
|
||||
rm -i terraform.tfstate*
|
||||
|
||||
```
|
||||
|
|
Loading…
Reference in New Issue