-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathdelete_tutorial.sh
136 lines (105 loc) · 4.53 KB
/
delete_tutorial.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
# !/bin/bash
# ----------------------------------------------------------------------------------------------
# Set default values for the deployment region, zone, and naming prefix
# ----------------------------------------------------------------------------------------------
: "${REGION:=us-central1}"
: "${ZONE:=us-central1-a}"
: "${PREFIX:=panw}"
# Check if the PROJECT_ID & ORG_ID environment variables are set.
if [ -z "$PROJECT_ID" ]; then
echo "The PROJECT_ID environment variable is not set. Set with: "
echo "export PROJECT_ID=YOUR_PROJECT_ID"
exit 1 # Exit the script with a non-zero status code to indicate failure
fi
if [ -z "$ORG_ID" ]; then
echo "The ORG_ID environment variable is not set. Set with: "
echo "export ORG_ID=YOUR_ORGANIZATION_ID"
exit 1 # Exit the script with a non-zero status code to indicate failure
fi
export PROJECT_NUM=$(gcloud projects describe $PROJECT_ID --format="get(projectNumber)")
# ----------------------------------------------------------------------------------------------
# Delete network firewall policy, rules, and network association.
# ----------------------------------------------------------------------------------------------
gcloud compute network-firewall-policies associations delete \
--name=$PREFIX-policy-association \
--firewall-policy=$PREFIX-policy \
--global-firewall-policy
gcloud compute network-firewall-policies rules delete 10 \
--firewall-policy=$PREFIX-policy \
--global-firewall-policy \
--project=$PROJECT_ID
gcloud compute network-firewall-policies rules delete 11 \
--firewall-policy=$PREFIX-policy \
--global-firewall-policy \
--project=$PROJECT_ID
gcloud compute network-firewall-policies delete $PREFIX-policy \
--global \
--project=$PROJECT_ID
# ----------------------------------------------------------------------------------------------
# Delete Firewall Plus Endpoint, VPC assocation, & security profiles.
# ----------------------------------------------------------------------------------------------
gcloud beta network-security firewall-endpoint-associations delete $PREFIX-assoc \
--project=$PROJECT_ID \
--zone=$ZONE \
--quiet
while true; do
STATUS=$(gcloud beta network-security firewall-endpoint-associations describe $PREFIX-assoc \
--zone=$ZONE \
--project=$PROJECT_ID \
--format="value(state)" 2>/dev/null)
# Check if the association is not found (indicating it's fully deleted)
if [ -z "$STATUS" ]; then
echo "Successfully deleted endpoint association."
sleep 60
# Delete the firewall endpoint.
gcloud beta network-security firewall-endpoints delete $PREFIX-endpoint \
--zone=$ZONE \
--organization=$ORG_ID \
--quiet
# Delete the security profile group.
gcloud beta network-security security-profile-groups delete $PREFIX-profile-group \
--location=global \
--organization=$ORG_ID \
--quiet
# Delete the security profile.
gcloud beta network-security security-profiles threat-prevention delete $PREFIX-profile \
--location=global \
--organization=$ORG_ID \
--quiet
break
fi
echo "Waiting for firewall endpoint association to delete. This can take up to 15 minutes."
sleep 10
done
# ----------------------------------------------------------------------------------------------
# Delete VMs
# ----------------------------------------------------------------------------------------------
gcloud compute instances delete $PREFIX-client-vm \
--zone=$ZONE \
--project=$PROJECT_ID \
--quiet
gcloud compute instances delete $PREFIX-web-vm \
--zone=$ZONE \
--project=$PROJECT_ID \
--quiet
# ----------------------------------------------------------------------------------------------
# Delete VPC network
# ----------------------------------------------------------------------------------------------
gcloud compute routers nats delete $PREFIX-nat \
--router=$PREFIX-router \
--region=$REGION \
--quiet
gcloud compute routers delete $PREFIX-router \
--region=$REGION \
--quiet
gcloud compute networks subnets delete $PREFIX-$REGION-subnet \
--region=$REGION \
--project=$PROJECT_ID \
--quiet
gcloud compute networks delete $PREFIX-vpc \
--project=$PROJECT_ID \
--quiet
# ----------------------------------------------------------------------------------------------
# End of script
# ----------------------------------------------------------------------------------------------
echo "Delete complete!"