Description of problem:
When an error occurs during the deprovision process for GCP, the resulting action is to warn and skip over it (depending on the issue). This was found when we remove the firewalls.delete permission from the service account, and run the destroy process. The firewalls cannot be deleted, so we manually delete them. This caused the following issue
DEBUG Found firewall rule: bbarbach-gcp-test-n78nl-api DEBUG Found firewall rule: bbarbach-gcp-test-n78nl-control-plane DEBUG Found firewall rule: bbarbach-gcp-test-n78nl-etcd DEBUG Found firewall rule: bbarbach-gcp-test-n78nl-health-checks DEBUG Found firewall rule: bbarbach-gcp-test-n78nl-internal-cluster DEBUG Found firewall rule: bbarbach-gcp-test-n78nl-internal-network DEBUG Deleting firewall rule bbarbach-gcp-test-n78nl-internal-cluster DEBUG failed to delete firewall bbarbach-gcp-test-n78nl-internal-cluster: googleapi: Error 403: Required 'compute.firewalls.delete' permission for 'projects/openshift-dev-installer/global/firewalls/bbarbach-gcp-test-n78nl-internal-cluster', forbidden DEBUG Deleting firewall rule bbarbach-gcp-test-n78nl-internal-network DEBUG failed to delete firewall bbarbach-gcp-test-n78nl-internal-network: googleapi: Error 403: Required 'compute.firewalls.delete' permission for 'projects/openshift-dev-installer/global/firewalls/bbarbach-gcp-test-n78nl-internal-network', forbidden DEBUG Deleting firewall rule k8s-fw-a0f25490c0bef441c832c84ee93b41a5 DEBUG failed to delete firewall k8s-fw-a0f25490c0bef441c832c84ee93b41a5: googleapi: Error 403: Required 'compute.firewalls.delete' permission for 'projects/openshift-dev-installer/global/firewalls/k8s-fw-a0f25490c0bef441c832c84ee93b41a5', forbidden DEBUG Deleting firewall rule k8s-a0f25490c0bef441c832c84ee93b41a5-http-hc DEBUG failed to delete firewall k8s-a0f25490c0bef441c832c84ee93b41a5-http-hc: googleapi: Error 403: Required 'compute.firewalls.delete' permission for 'projects/openshift-dev-installer/global/firewalls/k8s-a0f25490c0bef441c832c84ee93b41a5-http-hc', forbidden DEBUG Deleting firewall rule bbarbach-gcp-test-n78nl-api DEBUG failed to delete firewall bbarbach-gcp-test-n78nl-api: googleapi: Error 403: Required 'compute.firewalls.delete' permission for 'projects/openshift-dev-installer/global/firewalls/bbarbach-gcp-test-n78nl-api', forbidden DEBUG Deleting firewall rule bbarbach-gcp-test-n78nl-control-plane DEBUG failed to delete firewall bbarbach-gcp-test-n78nl-control-plane: googleapi: Error 403: Required 'compute.firewalls.delete' permission for 'projects/openshift-dev-installer/global/firewalls/bbarbach-gcp-test-n78nl-control-plane', forbidden DEBUG Deleting firewall rule bbarbach-gcp-test-n78nl-etcd DEBUG failed to delete firewall bbarbach-gcp-test-n78nl-etcd: googleapi: Error 403: Required 'compute.firewalls.delete' permission for 'projects/openshift-dev-installer/global/firewalls/bbarbach-gcp-test-n78nl-etcd', forbidden DEBUG Deleting firewall rule bbarbach-gcp-test-n78nl-health-checks DEBUG failed to delete firewall bbarbach-gcp-test-n78nl-health-checks: googleapi: Error 403: Required 'compute.firewalls.delete' permission for 'projects/openshift-dev-installer/global/firewalls/bbarbach-gcp-test-n78nl-health-checks', forbidden DEBUG Firewalls: 8 items pending
We can see the 8 items pending. After we manually delete the firewalls the pending items are not causing a deletion error But they are still listed as pending. This will cause the destroy process to run indefinitely (unless restarted).
Version-Release number of selected component (if applicable):
How reproducible:
Described Above
Steps to Reproduce:
1. Described above.
2.
3.
Actual results:
Destroy runs forever
Expected results:
Destroy completes
Additional info:
- blocks
-
OCPBUGS-64595 Remove Pending resources during destroy
-
- Verified
-
- is cloned by
-
-
- Verified
-
- links to