migrate role assignment cleanup from bash to Go by nojnhuh · Pull Request #25 · Azure/rg-cleanup

nojnhuh · 2025-03-12T16:57:38Z

This PR migrates the role assignment cleanup logic driven by the az CLI and bash from #22 to Go.

nojnhuh · 2025-03-12T16:58:37Z

Dockerfile

+FROM alpine:3.21
+COPY bin/rg-cleanup /usr/local/bin
+ENTRYPOINT [ "rg-cleanup" ]


This is the same as before #22, but with a bumped alpine from 3.18 to the latest minor version.

nojnhuh · 2025-03-12T16:59:24Z

Makefile

 IMAGE_REGISTRY ?= k8sprowcomm.azurecr.io
 IMAGE_NAME := rg-cleanup
-IMAGE_VERSION ?= v0.4.6
+IMAGE_VERSION ?= v0.4.7


The interface of the container should be the same since it keeps the --role-assignments flag, so I opted to only bump the patch version here.

nojnhuh · 2025-03-12T17:00:06Z

go.mod

-	github.com/Azure/azure-sdk-for-go v36.2.0+incompatible
-	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.6.0
-	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.3.0
+	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.15.0


We should take a pass at updating these dependencies sometime, but these versions have been working for me locally for now.

I was thinking the same, but its probably safer to make that a follow-on PR.

mboersma

This lgtm, but let me test it IRL.

mboersma · 2025-03-13T19:54:19Z

main.go

-	resourceGroupClient, err := armresources.NewResourceGroupsClient(o.subscriptionID, chain, &options)
+	idReq := serviceprincipals.NewGetByIdsPostRequestBody()
+	idReq.SetIds(assignedPrincipalIDs)
+	idRes, err := graph.ServicePrincipals().GetByIds().PostAsGetByIdsPostResponse(ctx, idReq, &serviceprincipals.GetByIdsRequestBuilderPostRequestConfiguration{})


I give PostAsGetByIdsPostResponse 1 out of 5 stars as a function name. :-p

jsturtevant · 2025-03-17T18:05:46Z

This lgtm, but let me test it IRL.

did this work?

mboersma · 2025-03-17T18:56:20Z

did this work?

It didn't seem to--the container was still running after 20 minutes, so I cancelled it, not realizing that means we get no logs. I didn't have much time to test, so I reverted to our known-working version. I'd like to run the rg-cleanup binary locally to see if I can get more info but probably can't get to it until Wednesday.

migrate role assignment cleanup from bash to Go

22fd63e

nojnhuh commented Mar 12, 2025

View reviewed changes

nojnhuh assigned mboersma Mar 12, 2025

mboersma reviewed Mar 13, 2025

View reviewed changes

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

migrate role assignment cleanup from bash to Go#25

migrate role assignment cleanup from bash to Go#25
nojnhuh wants to merge 1 commit intoAzure:masterfrom
nojnhuh:roleassignments

nojnhuh commented Mar 12, 2025

Uh oh!

nojnhuh Mar 12, 2025

Uh oh!

nojnhuh Mar 12, 2025

Uh oh!

nojnhuh Mar 12, 2025

Uh oh!

mboersma Mar 12, 2025

Uh oh!

mboersma left a comment

Uh oh!

mboersma Mar 13, 2025

Uh oh!

jsturtevant commented Mar 17, 2025

Uh oh!

mboersma commented Mar 17, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

Conversation

nojnhuh commented Mar 12, 2025

Uh oh!

nojnhuh Mar 12, 2025

Choose a reason for hiding this comment

Uh oh!

nojnhuh Mar 12, 2025

Choose a reason for hiding this comment

Uh oh!

nojnhuh Mar 12, 2025

Choose a reason for hiding this comment

Uh oh!

mboersma Mar 12, 2025

Choose a reason for hiding this comment

Uh oh!

mboersma left a comment

Choose a reason for hiding this comment

Uh oh!

mboersma Mar 13, 2025

Choose a reason for hiding this comment

Uh oh!

jsturtevant commented Mar 17, 2025

Uh oh!

mboersma commented Mar 17, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants