I run OCI-SuperDelete inside an OCI Compute Instance with great success and I'm trying to move it to use instance principals.
However I cannot and would not want to have a policy to 'manage all-resources', so I'm instead adding individual ones like
Allow dynamic-group dg to manage compute-management-family in compartment xyz
Allow dynamic-group dg to manage instance-family in compartment xyz
Allow dynamic-group dg to manage compartments in compartment xyz
...
I've added just the ones I should need for the resources that are present in my compartments.
However OCI-SuperDelete exits as soon as it encounters the first resource it's not able to process, e.g.:
`
[opc@deleter OCI-SuperDelete]$ ./delete.py -force -ip -cp DEFAULASH -rg us-ashburn-1,us-sanjose-1 -c ocid1.compartment.oc1..aa...aana -skip_delete_compartment
Login check and loading compartments...
Logged in as: InstancePrinciple/DelegationToken @ us-ashburn-1
###############################################################################################
OCI-SuperDelete
###############################################################################################
Date/Time : 06/06/24 09:12:39
Command Line : -force -ip -cp DEFAULASH -rg us-ashburn-1,us-sanjose-1 -c ocid1.compartment.oc1..aa...aana -skip_delete_compartment
App Version : 22.11.17
Machine : deleter (x86_64)
OCI SDK Version : 2.93.1
Python Version : 3.6.8
Config File : ~/.oci/config
Config Profile : DEFAULASH
Log File : log.txt
Tenant Name : oraclepca
Tenant Id : ocid1.tenancy.oc1..aa...5a
Home Region : us-phoenix-1
Regions to Process : us-ashburn-1,us-sanjose-1
Compartments to Process :
abc
###############################################################################################
Deleting resources in region us-ashburn-1
###############################################################################################
#####################################################################################
Moving and Scheduling KMS Vaults for deletion at 06/06/24 09:12:39@ us-ashburn-1
#####################################################################################
Moving to:
Getting all KMS Vault objects
Traceback (most recent call last):t abc
File "./delete.py", line 197, in
DeleteKMSvaults(config, signer, processCompartments, config['tenancy'])
File "/home/opc/OCI-SuperDelete/ocimodules/kms.py", line 20, in DeleteKMSvaults
items = oci.pagination.list_call_get_all_results(object.list_vaults, compartment_id=Compartment.id).data
File "/usr/lib/python3.6/site-packages/oci/pagination/pagination_utils.py", line 205, in list_call_get_all_results
for response in list_call_get_all_results_generator(list_func_ref, 'response', *list_func_args, **list_func_kwargs):
File "/usr/lib/python3.6/site-packages/oci/pagination/pagination_utils.py", line 274, in list_call_get_all_results_generator
call_result = retry.DEFAULT_RETRY_STRATEGY.make_retrying_call(list_func_ref, *list_func_args, **list_func_kwargs)
File "/usr/lib/python3.6/site-packages/oci/retry/retry.py", line 308, in make_retrying_call
response = func_ref(*func_args, **func_kwargs)
File "/usr/lib/python3.6/site-packages/oci/key_management/kms_vault_client.py", line 1322, in list_vaults
api_reference_link=api_reference_link)
File "/usr/lib/python3.6/site-packages/oci/base_client.py", line 476, in call_api
return self.request(request, allow_control_chars, operation_name, api_reference_link)
File "/usr/lib/python3.6/site-packages/circuitbreaker.py", line 52, in wrapper
return self.call(function, *args, **kwargs)
File "/usr/lib/python3.6/site-packages/circuitbreaker.py", line 67, in call
result = func(*args, **kwargs)
File "/usr/lib/python3.6/site-packages/oci/base_client.py", line 632, in request
self.raise_service_error(request, response, service_code, message, operation_name, api_reference_link, target_service, request_endpoint, client_version, timestamp, deserialized_data)
File "/usr/lib/python3.6/site-packages/oci/base_client.py", line 801, in raise_service_error
deserialized_data=deserialized_data)
oci.exceptions.ServiceError: {'target_service': 'kms_vault', 'status': 404, 'code': 'NotAuthorizedOrNotFound', 'opc-request-id': 'F2...:q3', 'message': 'resource does not exist or you are not authorized to access it.', 'operation_name': 'list_vaults', 'timestamp': '2024-06-06T09:12:39.072861+00:00', 'client_version': 'Oracle-PythonSDK/2.93.1', 'request_endpoint': 'GET https://kms.us-ashburn-1.oraclecloud.com/20180608/vaults', 'logging_tips': 'To get more info on the failing request, refer to https://docs.oracle.com/en-us/iaas/tools/python/latest/logging.html for ways to log the request/response details.', 'troubleshooting_tips': 'See https://docs.oracle.com/iaas/Content/API/References/apierrors.htm#apierrors_404__404_notauthorizedornotfound for more information about resolving this error. If you are unable to resolve this kms_vault issue, please contact Oracle support and provide them this full error message.'}
[opc@deleter OCI-SuperDelete]$ echo $?
1
`
It would be great to have an option to ignore such errors.
I run OCI-SuperDelete inside an OCI Compute Instance with great success and I'm trying to move it to use instance principals.
However I cannot and would not want to have a policy to 'manage all-resources', so I'm instead adding individual ones like
I've added just the ones I should need for the resources that are present in my compartments.
However OCI-SuperDelete exits as soon as it encounters the first resource it's not able to process, e.g.:
`
[opc@deleter OCI-SuperDelete]$ ./delete.py -force -ip -cp DEFAULASH -rg us-ashburn-1,us-sanjose-1 -c ocid1.compartment.oc1..aa...aana -skip_delete_compartment
Login check and loading compartments...
Logged in as: InstancePrinciple/DelegationToken @ us-ashburn-1
###############################################################################################
OCI-SuperDelete
###############################################################################################
Date/Time : 06/06/24 09:12:39
Command Line : -force -ip -cp DEFAULASH -rg us-ashburn-1,us-sanjose-1 -c ocid1.compartment.oc1..aa...aana -skip_delete_compartment
App Version : 22.11.17
Machine : deleter (x86_64)
OCI SDK Version : 2.93.1
Python Version : 3.6.8
Config File : ~/.oci/config
Config Profile : DEFAULASH
Log File : log.txt
Tenant Name : oraclepca
Tenant Id : ocid1.tenancy.oc1..aa...5a
Home Region : us-phoenix-1
Regions to Process : us-ashburn-1,us-sanjose-1
Compartments to Process :
abc
###############################################################################################
Deleting resources in region us-ashburn-1
###############################################################################################
#####################################################################################
Moving and Scheduling KMS Vaults for deletion at 06/06/24 09:12:39@ us-ashburn-1
#####################################################################################
Moving to:
Getting all KMS Vault objects
Traceback (most recent call last):t abc
File "./delete.py", line 197, in
DeleteKMSvaults(config, signer, processCompartments, config['tenancy'])
File "/home/opc/OCI-SuperDelete/ocimodules/kms.py", line 20, in DeleteKMSvaults
items = oci.pagination.list_call_get_all_results(object.list_vaults, compartment_id=Compartment.id).data
File "/usr/lib/python3.6/site-packages/oci/pagination/pagination_utils.py", line 205, in list_call_get_all_results
for response in list_call_get_all_results_generator(list_func_ref, 'response', *list_func_args, **list_func_kwargs):
File "/usr/lib/python3.6/site-packages/oci/pagination/pagination_utils.py", line 274, in list_call_get_all_results_generator
call_result = retry.DEFAULT_RETRY_STRATEGY.make_retrying_call(list_func_ref, *list_func_args, **list_func_kwargs)
File "/usr/lib/python3.6/site-packages/oci/retry/retry.py", line 308, in make_retrying_call
response = func_ref(*func_args, **func_kwargs)
File "/usr/lib/python3.6/site-packages/oci/key_management/kms_vault_client.py", line 1322, in list_vaults
api_reference_link=api_reference_link)
File "/usr/lib/python3.6/site-packages/oci/base_client.py", line 476, in call_api
return self.request(request, allow_control_chars, operation_name, api_reference_link)
File "/usr/lib/python3.6/site-packages/circuitbreaker.py", line 52, in wrapper
return self.call(function, *args, **kwargs)
File "/usr/lib/python3.6/site-packages/circuitbreaker.py", line 67, in call
result = func(*args, **kwargs)
File "/usr/lib/python3.6/site-packages/oci/base_client.py", line 632, in request
self.raise_service_error(request, response, service_code, message, operation_name, api_reference_link, target_service, request_endpoint, client_version, timestamp, deserialized_data)
File "/usr/lib/python3.6/site-packages/oci/base_client.py", line 801, in raise_service_error
deserialized_data=deserialized_data)
oci.exceptions.ServiceError: {'target_service': 'kms_vault', 'status': 404, 'code': 'NotAuthorizedOrNotFound', 'opc-request-id': 'F2...:q3', 'message': 'resource does not exist or you are not authorized to access it.', 'operation_name': 'list_vaults', 'timestamp': '2024-06-06T09:12:39.072861+00:00', 'client_version': 'Oracle-PythonSDK/2.93.1', 'request_endpoint': 'GET https://kms.us-ashburn-1.oraclecloud.com/20180608/vaults', 'logging_tips': 'To get more info on the failing request, refer to https://docs.oracle.com/en-us/iaas/tools/python/latest/logging.html for ways to log the request/response details.', 'troubleshooting_tips': 'See https://docs.oracle.com/iaas/Content/API/References/apierrors.htm#apierrors_404__404_notauthorizedornotfound for more information about resolving this error. If you are unable to resolve this kms_vault issue, please contact Oracle support and provide them this full error message.'}
[opc@deleter OCI-SuperDelete]$ echo $?
1
`
It would be great to have an option to ignore such errors.