pkg/destroy/aws: Delete subnets by VPC

Sometimes CI leaks untagged subnets. Because we are allowed to remove all resources from within a cluster-owned VPC, add a ByVPC walker to remove these indirectly-owned subnets. DescribeSubnetsPages has a strange history. It was initially added in aws/aws-sdk-go@3664ecc7da (Add initial implementation of pagination, 2015-03-23, aws/aws-sdk-go#247) but was removed in aws/aws-sdk-go@bad551feb8 (Add support for multi-token pagination rules, 2015-03-27) as a later step in that same pull request. It finally landed in master via aws/aws-sdk-go@52cd98f1ed (Release v1.19.30, 2019-05-14, aws/aws-sdk-go#2599), but we only vendor v1.16.14. It doesn't seem like "zounds of untagged subnets" is a high-probability thing, so I'm just using the unpaginated DescribeSubnets instead of bumping the vendor to pick up DescribeSubnetsPages. Even if we do overflow DescribeSubnets with untagged subnets, VPC deletion will fail and we'll get another pass at deleting tagged subnets when we come around to the next deleteEC2VPC attempt.
2026-02-05 15:47:14 +01:00 · 2019-08-13 23:15:56 -07:00
parent 8f972b4598
commit 37a7f49c77
1 changed files with 30 additions and 0 deletions
--- a/pkg/destroy/aws/aws.go
+++ b/pkg/destroy/aws/aws.go
@@ -997,6 +997,35 @@ func deleteEC2Subnet(client *ec2.EC2, id string, logger logrus.FieldLogger) erro
 	return nil
 }

+func deleteEC2SubnetsByVPC(client *ec2.EC2, vpc string, failFast bool, logger logrus.FieldLogger) error {
+	// FIXME: port to DescribeSubnetsPages once we bump our vendored AWS package past v1.19.30
+	results, err := client.DescribeSubnets(
+		&ec2.DescribeSubnetsInput{
+			Filters: []*ec2.Filter{
+				{
+					Name:   aws.String("vpc-id"),
+					Values: []*string{&vpc},
+				},
+			},
+		},
+	)
+	if err != nil {
+		return err
+	}
+
+	for _, subnet := range results.Subnets {
+		err := deleteEC2Subnet(client, *subnet.SubnetId, logger.WithField("subnet", *subnet.SubnetId))
+		if err != nil {
+			err = errors.Wrapf(err, "deleting EC2 subnet %s", *subnet.SubnetId)
+			if failFast {
+				return err
+			}
+		}
+	}
+
+	return nil
+}
+
 func deleteEC2Volume(client *ec2.EC2, id string, logger logrus.FieldLogger) error {
 	_, err := client.DeleteVolume(&ec2.DeleteVolumeInput{
 		VolumeId: aws.String(id),
@@ -1029,6 +1058,7 @@ func deleteEC2VPC(ec2Client *ec2.EC2, elbClient *elb.ELB, elbv2Client *elbv2.ELB
 		deleteEC2NATGatewaysByVPC,      // not always tagged
 		deleteEC2NetworkInterfaceByVPC, // not always tagged
 		deleteEC2RouteTablesByVPC,      // not always tagged
+		deleteEC2SubnetsByVPC,          // not always tagged
 		deleteEC2VPCEndpointsByVPC,     // not taggable
 	} {
 		err := helper(ec2Client, id, true, logger)