attempt to delete pull-through cached quay repositories (#274)

dominodatalab · Sep 20, 2024 · 2254506 · 2254506
1 parent e5414c7
commit 2254506
Show file tree

Hide file tree

Showing 2 changed files with 24 additions and 0 deletions.
diff --git a/modules/infra/submodules/storage/README.md b/modules/infra/submodules/storage/README.md
@@ -60,6 +60,7 @@ No modules.
 | [aws_security_group_rule.netapp_outbound](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |
 | [random_password.netapp](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/password) | resource |
 | [terraform_data.check_backup_role](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/resources/data) | resource |
+| [terraform_data.pull_through_cache_deletion](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/resources/data) | resource |
 | [terraform_data.set_monitoring_private_acl](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/resources/data) | resource |
 | [aws_caller_identity.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
 | [aws_elb_service_account.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/elb_service_account) | data source |

diff --git a/modules/infra/submodules/storage/ecr.tf b/modules/infra/submodules/storage/ecr.tf
@@ -31,3 +31,26 @@ resource "aws_ecr_pull_through_cache_rule" "quay" {
   ecr_repository_prefix = "${var.deploy_id}/quay"
   upstream_registry_url = "quay.io"
 }
+
+resource "terraform_data" "pull_through_cache_deletion" {
+  input = {
+    region                = var.region
+    ecr_repository_prefix = "${var.deploy_id}/quay"
+    use_fips_endpoint     = var.use_fips_endpoint
+  }
+
+  provisioner "local-exec" {
+    when        = destroy
+    command     = <<-EOF
+      set -ex -o pipefail
+      for repo_name in calico/apiserver calico/csi calico/kube-controllers calico/node calico/node-driver-registrar calico/pod2daemon-flexvol calico/typha tigera/operator; do
+        aws ecr delete-repository --force --repository-name "${self.input.ecr_repository_prefix}/$repo_name" > /dev/null || echo "Failed to delete repository $repo_name"
+      done
+    EOF
+    interpreter = ["bash", "-c"]
+    environment = {
+      AWS_USE_FIPS_ENDPOINT = tostring(self.input.use_fips_endpoint)
+      AWS_REGION            = self.input.region
+    }
+  }
+}