From ad8df39ca8bad554a6f315261a6085698b5b8eed Mon Sep 17 00:00:00 2001 From: Thirumalesh Aaraveti Date: Mon, 26 Aug 2024 11:02:55 +0530 Subject: [PATCH] Pre-Check: check for skip policy --- cloud_governance/policy/aws/cleanup/database_idle.py | 3 ++- cloud_governance/policy/aws/cleanup/instance_idle.py | 1 + cloud_governance/policy/aws/cleanup/unattached_volume.py | 4 +++- cloud_governance/policy/aws/cleanup/unused_nat_gateway.py | 3 ++- cloud_governance/policy/aws/empty_roles.py | 3 ++- cloud_governance/policy/aws/ip_unattached.py | 2 +- cloud_governance/policy/aws/s3_inactive.py | 5 ++++- cloud_governance/policy/aws/zombie_snapshots.py | 3 ++- 8 files changed, 17 insertions(+), 7 deletions(-) diff --git a/cloud_governance/policy/aws/cleanup/database_idle.py b/cloud_governance/policy/aws/cleanup/database_idle.py index acbf153de..a7f341574 100644 --- a/cloud_governance/policy/aws/cleanup/database_idle.py +++ b/cloud_governance/policy/aws/cleanup/database_idle.py @@ -32,7 +32,8 @@ def run_policy_operations(self): resource_arn = db.get('DBInstanceArn', '') if Utils.greater_than(val1=running_days, val2=CLOUDWATCH_METRICS_AVAILABLE_DAYS) \ and not cluster_tag \ - and self.is_database_idle(resource_id): + and self.is_database_idle(resource_id) \ + and self.get_skip_policy_value(tags=tags) not in ('NOTDELETE', 'SKIP'): cleanup_days = self.get_clean_up_days_count(tags=tags) cleanup_result = self.verify_and_delete_resource(resource_id=resource_id, tags=tags, clean_up_days=cleanup_days) diff --git a/cloud_governance/policy/aws/cleanup/instance_idle.py b/cloud_governance/policy/aws/cleanup/instance_idle.py index a266af347..54f63930d 100644 --- a/cloud_governance/policy/aws/cleanup/instance_idle.py +++ b/cloud_governance/policy/aws/cleanup/instance_idle.py @@ -35,6 +35,7 @@ def run_policy_operations(self): if Utils.contains_ignore_case(string=status, str1='running') and \ not cluster_tag and \ Utils.greater_than(val1=running_days, val2=INSTANCE_IDLE_DAYS) and \ + self.get_skip_policy_value(tags=tags) not in ('NOTDELETE', 'SKIP') and \ self.verify_instance_idle(resource_id=instance_id): cleanup_days = self.get_clean_up_days_count(tags=tags) cleanup_result = self.verify_and_delete_resource(resource_id=instance_id, tags=tags, diff --git a/cloud_governance/policy/aws/cleanup/unattached_volume.py b/cloud_governance/policy/aws/cleanup/unattached_volume.py index d3660a52c..8579537c6 100644 --- a/cloud_governance/policy/aws/cleanup/unattached_volume.py +++ b/cloud_governance/policy/aws/cleanup/unattached_volume.py @@ -23,7 +23,9 @@ def run_policy_operations(self): resource_id = volume.get('VolumeId') cleanup_result = False cluster_tag = self._get_cluster_tag(tags=volume.get('Tags')) - if Utils.equal_ignore_case(volume.get('State'), 'available') and cluster_tag not in active_cluster_ids: + if Utils.equal_ignore_case(volume.get('State'), 'available') and \ + cluster_tag not in active_cluster_ids and \ + self.get_skip_policy_value(tags=tags) not in ('NOTDELETE', 'SKIP'): cleanup_days = self.get_clean_up_days_count(tags=tags) cleanup_result = self.verify_and_delete_resource(resource_id=resource_id, tags=tags, clean_up_days=cleanup_days) diff --git a/cloud_governance/policy/aws/cleanup/unused_nat_gateway.py b/cloud_governance/policy/aws/cleanup/unused_nat_gateway.py index f51bbcb83..fd62bcad7 100644 --- a/cloud_governance/policy/aws/cleanup/unused_nat_gateway.py +++ b/cloud_governance/policy/aws/cleanup/unused_nat_gateway.py @@ -68,7 +68,8 @@ def run_policy_operations(self): cluster_tag = self._get_cluster_tag(tags=tags) cleanup_days = 0 if (Utils.equal_ignore_case(nat_gateway.get('State'), 'available') - and cluster_tag not in self.__active_cluster_ids): + and cluster_tag not in self.__active_cluster_ids and + self.get_skip_policy_value(tags=tags) not in ('NOTDELETE', 'SKIP')): if (not self.__check_nat_gateway_in_routes(nat_gateway_id=resource_id) or self.__check_cloud_watch_logs(resource_id=resource_id)): cleanup_days = self.get_clean_up_days_count(tags=tags) diff --git a/cloud_governance/policy/aws/empty_roles.py b/cloud_governance/policy/aws/empty_roles.py index c5e43619e..a92d768c8 100644 --- a/cloud_governance/policy/aws/empty_roles.py +++ b/cloud_governance/policy/aws/empty_roles.py @@ -30,7 +30,8 @@ def run_policy_operations(self): cleanup_days = 0 inline_policies = self._iam_operations.list_inline_role_policies(role_name=role_name) attached_policies = self._iam_operations.list_attached_role_policies(role_name=role_name) - if not cluster_tag and len(inline_policies) == 0 and len(attached_policies) == 0: + if not cluster_tag and len(inline_policies) == 0 and len(attached_policies) == 0 and \ + self.get_skip_policy_value(tags=tags) not in ('NOTDELETE', 'SKIP'): cleanup_days = self.get_clean_up_days_count(tags=tags) cleanup_result = self.verify_and_delete_resource(resource_id=role_name, tags=tags, clean_up_days=cleanup_days) diff --git a/cloud_governance/policy/aws/ip_unattached.py b/cloud_governance/policy/aws/ip_unattached.py index 9c884de9a..fe8f7f595 100644 --- a/cloud_governance/policy/aws/ip_unattached.py +++ b/cloud_governance/policy/aws/ip_unattached.py @@ -28,7 +28,7 @@ def run_policy_operations(self): ip_not_used = False resource_id = address.get('AllocationId') cluster_tag = self._get_cluster_tag(tags=address.get('Tags')) - if cluster_tag not in active_cluster_ids: + if cluster_tag not in active_cluster_ids and self.get_skip_policy_value(tags=tags) not in ('NOTDELETE', 'SKIP'): if not address.get('NetworkInterfaceId'): cleanup_days = self.get_clean_up_days_count(tags=tags) ip_not_used = True diff --git a/cloud_governance/policy/aws/s3_inactive.py b/cloud_governance/policy/aws/s3_inactive.py index 8e5c0eb92..3945c0e56 100644 --- a/cloud_governance/policy/aws/s3_inactive.py +++ b/cloud_governance/policy/aws/s3_inactive.py @@ -24,11 +24,14 @@ def run_policy_operations(self): for bucket in s3_buckets: bucket_name = bucket.get('Name') tags = self._s3operations.get_bucket_tagging(bucket_name) + if bucket_name != 'krkn-mirror': + continue cleanup_result = False cluster_tag = self._get_cluster_tag(tags=tags) cleanup_days = 0 s3_contents = self._s3operations.get_bucket_contents(bucket_name=bucket_name) - if cluster_tag not in self.__global_active_cluster_ids and len(s3_contents) == 0: + if (cluster_tag not in self.__global_active_cluster_ids and len(s3_contents) == 0 + and self.get_skip_policy_value(tags=tags) not in ('NOTDELETE', 'SKIP')): cleanup_days = self.get_clean_up_days_count(tags=tags) cleanup_result = self.verify_and_delete_resource(resource_id=bucket_name, tags=tags, clean_up_days=cleanup_days) diff --git a/cloud_governance/policy/aws/zombie_snapshots.py b/cloud_governance/policy/aws/zombie_snapshots.py index 35a95febd..66668d7bc 100644 --- a/cloud_governance/policy/aws/zombie_snapshots.py +++ b/cloud_governance/policy/aws/zombie_snapshots.py @@ -40,7 +40,8 @@ def run(self): cleanup_result = False cluster_tag = self._get_cluster_tag(tags=tags) cleanup_days = 0 - if not cluster_tag and not self.__snapshot_id_in_images(resource_id): + if not cluster_tag and not self.__snapshot_id_in_images(resource_id) and \ + self.get_skip_policy_value(tags=tags) not in ('NOTDELETE', 'SKIP'): cleanup_days = self.get_clean_up_days_count(tags=tags) cleanup_result = self.verify_and_delete_resource(resource_id=resource_id, tags=tags, clean_up_days=cleanup_days)