Filter out future purge dates resources #1910
Conversation
|
/azp run automation - live-test-resource-cleanup |
|
Azure Pipelines successfully started running 1 pipeline(s). |
weshaggard
changed the title
weshaggard
force-pushed
the
FixResourceCleanup
branch
from
413e69f to
6a49169
Compare
|
/azp run automation - live-test-resource-cleanup |
|
Azure Pipelines successfully started running 1 pipeline(s). |
|
@heaths I'm merging this for now to give the cleanup automation a change to finish as it keeps timing out currently and even locally I seem to keep hitting hangs or timeouts on certain resources. If you know of a better way to filter what we can and cannot delete yet let me know. |
| $purgeableResources = Get-PurgeableResources | ||
| $allPurgeCount = $purgeableResources.Count | ||
|
|
||
| # Filter down to the ones that we can actually perge. |
| $allPurgeCount = $purgeableResources.Count | ||
|
|
||
| # Filter down to the ones that we can actually perge. | ||
| $purgeableResources = $purgeableResources.Where({ $purgeDate = $_.ScheduledPurgeDate -as [DateTime]; (!$purgeDate -or $now -gt $purgeDate) }) |
There was a problem hiding this comment.
This is now how you filter them. You need to check EnableSoftDelete. You've also not purged the vaults early enough. The default is 90d, so you're effectively leaving hundreds of vaults un-purged.
There was a problem hiding this comment.
There's no point in purging vaults in the future. Once the purge date is hit, they are purged automatically.
That's not why some fail to delete. The ones that fail to delete is because EnableSoftDelete is null or false. As I explained in discussions with my PR, the default for EnableSoftDelete was Vaults and managed HSMs are automatically deleted on the purge dates. That's what that property is for. By not deleting vaults and managed HSMs until after their purge date, you've effectively obviated the whole point of this clean-up exercise. |
Reverts #1910. Vaults and managed HSMs are automatically purged on their purge date. The point was to purge them daily to preserve capacity. The default purge date is +90 days.
Reverts #1910. Vaults and managed HSMs are automatically purged on their purge date. The point was to purge them daily to preserve capacity. The default purge date is +90 days.
Most (>8k) of the deleted key vaults have a future purge date and we fail to delete them and we end up timing out so I'm filtering so that we only attempt to delete ones with past due purge dates.