From cdcfee339070f978542311b99fc5456d01a4afeb Mon Sep 17 00:00:00 2001 From: nachundu Date: Wed, 19 Aug 2020 12:44:33 +0530 Subject: [PATCH 1/3] removed resolver rule creation for private domains --- .../resolver-rule-cleanup.sh | 45 +++++++++++++++++++ .../cdk/src/common/global-options.ts | 16 ------- 2 files changed, 45 insertions(+), 16 deletions(-) create mode 100755 reference-artifacts/upgradev117-cleanup/resolver-rule-cleanup.sh diff --git a/reference-artifacts/upgradev117-cleanup/resolver-rule-cleanup.sh b/reference-artifacts/upgradev117-cleanup/resolver-rule-cleanup.sh new file mode 100755 index 000000000..2bedfdb25 --- /dev/null +++ b/reference-artifacts/upgradev117-cleanup/resolver-rule-cleanup.sh @@ -0,0 +1,45 @@ +#!/bin/sh + +# Domain name to search for resolver rule +Domain="dept.cloud-nuage.gc.ca" + +function get_resolver_id() { + resolver_id=$(aws route53resolver list-resolver-rules --filters Name=DomainName,Values=$Domain --query ResolverRules[].Id --output text) +} + +function get_vpc_ids() { + vpc_ids=$(aws route53resolver list-resolver-rule-associations --filters Name=ResolverRuleId,Values=$1 --query ResolverRuleAssociations[].VPCId --output json | awk '{print $1}' | tr -d '[]",') +} + +function _checkStatus() { + while [ -n "$vpc_ids" ] + do + echo "waiting to disassociate VPCs from Resolver rule $resolver_id" + sleep 5 + get_vpc_ids $resolver_id + done + echo "completed disassociating VPCs from Resolver rule $resolver_id" +} + +function disassociate_vpc_ids() { + get_resolver_id + if [ -z "$resolver_id" ] + then + echo "Resolver rule not found with domain $Domain" + else + echo "Found resolver rule with domain $Domain... $resolver_id" + get_vpc_ids $resolver_id + if [ -z "$vpc_ids" ] + then + echo "VPCs are not associated to Resolver rule $resolver_id" + else + echo "started disassociating VPCs from Resolver rule $resolver_id" + for vpc_id in $vpc_ids; do + result=$(aws route53resolver disassociate-resolver-rule --resolver-rule-id ${resolver_id} --vpc-id $vpc_id) + done + _checkStatus + fi + fi +} + +disassociate_vpc_ids \ No newline at end of file diff --git a/src/deployments/cdk/src/common/global-options.ts b/src/deployments/cdk/src/common/global-options.ts index aee0d8f0b..d8c832ed4 100644 --- a/src/deployments/cdk/src/common/global-options.ts +++ b/src/deployments/cdk/src/common/global-options.ts @@ -130,22 +130,6 @@ export class GlobalOptionsDeployment extends cdk.Construct { resolverRulesOutput.onPremRules = onPremRules; } - // For each Private hosted Zone created in 1) above, create a Resolver rule which points to the Inbound-Endpoint-IP's - if (r53ResolverEndpoints.inboundEndpointRef && r53ResolverEndpoints.outboundEndpointRef) { - for (const [domain, _] of r53Zones.privateZoneToDomainMap.entries()) { - const rule = new Route53ResolverRule(this, `${domainToName(domain)}-phz-rule`, { - domain, - endpoint: r53ResolverEndpoints.outboundEndpointRef, - ipAddresses: r53ResolverEndpoints.inboundEndpointIps, - ruleType: 'FORWARD', - name: `${domainToName(domain)}-phz-rule`, - vpcId: vpcOutput.vpcId, - }); - rule.node.addDependency(r53ResolverEndpoints); - resolverRulesOutput.inBoundRule = rule.ruleId; - } - } - // Adding VPC Inbound Endpoint to Output if (r53ResolverEndpoints.inboundEndpointRef) { vpcInBoundMapping.set(vpcConfig.name, r53ResolverEndpoints.inboundEndpointRef); From 43872276ea24f11aef571b59a719313d52a059cf Mon Sep 17 00:00:00 2001 From: nachundu Date: Wed, 19 Aug 2020 12:48:29 +0530 Subject: [PATCH 2/3] added comments --- .../upgradev117-cleanup/resolver-rule-cleanup.sh | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/reference-artifacts/upgradev117-cleanup/resolver-rule-cleanup.sh b/reference-artifacts/upgradev117-cleanup/resolver-rule-cleanup.sh index 2bedfdb25..99d8b2027 100755 --- a/reference-artifacts/upgradev117-cleanup/resolver-rule-cleanup.sh +++ b/reference-artifacts/upgradev117-cleanup/resolver-rule-cleanup.sh @@ -3,24 +3,28 @@ # Domain name to search for resolver rule Domain="dept.cloud-nuage.gc.ca" +# Finds the resolver rule Id for the given domain name function get_resolver_id() { resolver_id=$(aws route53resolver list-resolver-rules --filters Name=DomainName,Values=$Domain --query ResolverRules[].Id --output text) } +# Finds VPCs associated to the resolver rule Id function get_vpc_ids() { vpc_ids=$(aws route53resolver list-resolver-rule-associations --filters Name=ResolverRuleId,Values=$1 --query ResolverRuleAssociations[].VPCId --output json | awk '{print $1}' | tr -d '[]",') } +# Checks association of VPCs from the resolver rule function _checkStatus() { while [ -n "$vpc_ids" ] do - echo "waiting to disassociate VPCs from Resolver rule $resolver_id" + echo "waiting to disassociate VPCs from resolver rule $resolver_id" sleep 5 get_vpc_ids $resolver_id done - echo "completed disassociating VPCs from Resolver rule $resolver_id" + echo "completed disassociating VPCs from resolver rule $resolver_id" } +# Verify and disassicate VPCs from resolver rule function disassociate_vpc_ids() { get_resolver_id if [ -z "$resolver_id" ] @@ -31,9 +35,9 @@ function disassociate_vpc_ids() { get_vpc_ids $resolver_id if [ -z "$vpc_ids" ] then - echo "VPCs are not associated to Resolver rule $resolver_id" + echo "VPCs are not associated to resolver rule $resolver_id" else - echo "started disassociating VPCs from Resolver rule $resolver_id" + echo "started disassociating VPCs from resolver rule $resolver_id" for vpc_id in $vpc_ids; do result=$(aws route53resolver disassociate-resolver-rule --resolver-rule-id ${resolver_id} --vpc-id $vpc_id) done @@ -42,4 +46,4 @@ function disassociate_vpc_ids() { fi } -disassociate_vpc_ids \ No newline at end of file +disassociate_vpc_ids From 067e0f1cfd35123ad54f6f4b9bf907d6e87585e9 Mon Sep 17 00:00:00 2001 From: nachundu Date: Wed, 19 Aug 2020 13:17:56 +0530 Subject: [PATCH 3/3] updated the bash path --- .../upgradev117-cleanup/resolver-rule-cleanup.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/reference-artifacts/upgradev117-cleanup/resolver-rule-cleanup.sh b/reference-artifacts/upgradev117-cleanup/resolver-rule-cleanup.sh index 99d8b2027..b5106d281 100755 --- a/reference-artifacts/upgradev117-cleanup/resolver-rule-cleanup.sh +++ b/reference-artifacts/upgradev117-cleanup/resolver-rule-cleanup.sh @@ -1,4 +1,4 @@ -#!/bin/sh +#!/usr/bin/env bash # Domain name to search for resolver rule Domain="dept.cloud-nuage.gc.ca"