brianonn · March 13, 2025 09:58
diff --git a/README.md b/README.md
diff --git a/delete-gcloud-network.sh b/delete-gcloud-network.sh
 #!/bin/bash

 ## Delete an entire Google Cloud network resource (aka VPC) and all child resources associated with it
 ##
 ## This script is safe.  it will not actually delete anything.
 ## It only outputs a series of gcloud delete commands that you can inspect and run yourself.

 set -euo pipefail

 function required() {
    local missing=""
    while [[ $# -gt 0 ]] ; do
        local cmd="$1"
        if ! \command -v $cmd &>/dev/null ; then
            missing="$cmd $missing"
        fi
        shift
    done
    if [[ -n "$missing" ]]; then
        echo "ERROR: This script requires the following missing commands: $missing"
        echo "       Please install these missing commands and try again."
        exit 2
    fi
 }

 function comment() {
    echo
    echo "##"
    echo "## $*"
    echo "##"
 }

 # require jq and gcloud
 required jq gcloud

 if [[ "$#" != "1" ]]; then
    echo "Usage: $(basename $0) network"
    exit 1
 fi

 NETWORK="$1"

 # first get the network information for display purposes
 network_json=$(gcloud compute networks describe ${NETWORK} --format json --verbosity error)
 if [[ $? -ne 0 ]]; then
    exit $?
 fi

 echo "#!/usr/bin/env bash"

 comment "This script will delete all resources in the Google Cloud network (aka VPC) named:  $NETWORK"
 echo "$network_json" | jq -cr '"\(.name) \(.description|@sh) \(.creationTimestamp)"' \
 | while read name description creationTimestamp; do \
    echo "## Name: $name" ; \
    echo "## Description: $description" ; \
    echo "## Created-At: $creationTimestamp" ; \
 done
 echo "## Subnetworks:"
 printf "##   %-20s | %-20s\n" Region Name
 printf "##   %-20s | %-20s\n" ==================== ====================
 echo "$network_json" | jq -cr '.subnetworks[]|"\(split("/")[-3]) \(split("/")[-1])"' \
 | while read region name ; do \
    printf "##   %-20s | %-20s\n" $region $name ; \
  done

 echo
 echo "set -vx"

 # get and script a deletion of all internal forwarding rules on the chosen network (LB)
 j=$(gcloud compute forwarding-rules list --filter="network ~ /networks/${NETWORK} AND loadBalancingScheme ~ INTERNAL" --format json --verbosity error)
 count=$(echo $j | jq length)
 if [[ $count -gt 0 ]]  ; then
  comment  "delete all INTERNAL Forwarding Rules in $NETWORK"
  echo "$j" \
    | jq -r '.[]|{name,"region":.region|split("/")[-1]}|"\(.name) \(.region)"' \
    | while read name region; do \
        [ "$region" == "global" ] && region="" || region="--region $region" ;\
        echo gcloud -q compute forwarding-rules delete $name $region ; \
      done
 fi
 j='' count=''

 # We can't delete instance groups that refer to backend services (and BE services might refer to an urlmap )
 # so we collect them all and delete url-maps, then backend services then instance groups in that order
 j=$(gcloud compute instance-groups list --filter="network ~ /networks/${NETWORK}" --format json --verbosity error)
 count=$(echo "$j" | jq length)
 if [[ $count -gt 0 ]]  ; then
  echo "$j" \
    | jq -cr '.[]|{name,isManaged,"zone":.zone|split("/")[-1]}|"\(.name) \(.isManaged) \(.zone)"' \
    |{ \
      declare -a FWRULE HTTPTARGETS URLMAPS BESERVICES INSTGROUPS ;\
      FWDRULE=() ; \
      HTTPTARGETS=() ; \
      URLMAPS=() ; \
      BESERVICES=() ; \
      INSTGROUPS=() ; \
      while read name isManaged zone; do \
        # find any backend services that refer to this instance group
        be=$(gcloud compute backend-services list --filter='backends.group ~ instanceGroups/'${name}'' --format json --verbosity error) ;\
        count=$(echo "$be" | jq length) ; \
        if [[ $count -gt 0 ]]; then \
          set 1 $(echo $be | jq -r '.[]|"\(.name) \(.selfLink|split("/")[-3])"') ; \
          be_name="$2" ; \
          be_region="$3" ; \
          # find any url-maps that reference this backend-service
          um=$(gcloud compute url-maps list --filter="defaultService ~ /$be_region/backendServices/$be_name OR pathMatchers.defaultService ~ /$be_region/backendServices/$be_name OR pathMatchers.pathRules.service ~ /$be_region/backendServices/$be_name" --format json --verbosity error) ;\
          count=$(echo "$um" | jq length) ; \
          if [[ $count -gt 0 ]]; then \
            set 1 $(echo $um | jq -r '.[]|"\(.name) \(.selfLink|split("/")[-3])"') ; \
            um_name="$2" ;\
            um_region="$3" ;\
            # find any target http proxies that reference this backend-service
            ht=$(gcloud compute target-http-proxies list --filter="urlMap ~ $um_region/urlMaps/$um_name" --format json ) ;\
            count=$(echo "$ht" | jq length) ; \
            if [[ $count -gt 0 ]]; then \
              set 1 $(echo $ht | jq -r '.[]|"\(.name) \(.selfLink|split("/")[-3])"') ; \
              ht_name="$2" ;\
              ht_region="$3" ;\
              # find any forwarding rules that reference this httpTargetProxy
              fwd=$(gcloud compute forwarding-rules list --filter="target ~ $ht_region/targetHttpProxies/$ht_name" --format json ) ;\
              count=$(echo "$fwd" | jq length) ; \
              if [[ $count -gt 0 ]]; then \
                set 1 $(echo $fwd | jq -r '.[]|"\(.name) \(.selfLink|split("/")[-3])"') ; \
                fwd_name="$2" ;\
                fwd_region="$3" ;\
                [ "$fwd_region" == "global" ] && fwd_region="--global" || fwd_region="--region $fwd_region" ; \
                FWDRULE+=( "gcloud -q compute forwarding-rules delete $fwd_name $fwd_region" ) ; \
              fi ; \
              [ "$ht_region" == "global" ] && ht_region="--global" || ht_region="--region $ht_region" ; \
              HTTPTARGETS+=( "gcloud -q compute target-http-proxies delete $ht_name $ht_region" ) ; \
            fi ; \
            [ "$um_region" == "global" ] && um_region="--global" || um_region="--region $um_region" ; \
            URLMAPS+=( "gcloud -q compute url-maps delete $um_name $um_region" ) ; \
          fi ;\
          [ "$be_region" == "global" ] && be_region="--global" || be_region="--region $be_region" ; \
          BESERVICES+=( "gcloud -q compute backend-services delete $be_name $be_region" ) ; \
        fi ; \
        [ "$isManaged" == "Yes" ] && managed="managed" || managed="unmanaged" ; \
        INSTGROUP+=( "gcloud -q compute instance-groups $managed delete $name --zone $zone" ) ; \
      done ; \
      comment "delete all Forwarding Rules in $NETWORK"
      for line in "${FWDRULE[@]}"; do echo $line; done      | sort -u ; \
      comment "delete all Target HTTP Proxies in $NETWORK"
      for line in "${HTTPTARGETS[@]}"; do echo $line; done  | sort -u ; \
      comment "delete all Url Maps in $NETWORK"
      for line in "${URLMAPS[@]}"; do echo $line; done      | sort -u ; \
      comment "delete all Backend Services in $NETWORK"
      for line in "${BESERVICES[@]}"; do echo $line; done   | sort -u ; \
      comment "delete all Managed and Unmanaged Instance Groups in $NETWORK"
      for line in "${INSTGROUP[@]}"; do echo $line; done    | sort -u ; \
     }
 fi

 j='' count=''

 # get and script a deletion of all instance templates on the chosen network
 j=$(gcloud compute instance-templates list --filter="properties.networkInterfaces.network ~ /networks/${NETWORK}" --format json --verbosity error)
 count=$(echo "$j" | jq length)
 if [[ $count -gt 0 ]]  ; then
  comment "delete all Instance Templates in $NETWORK"
  echo "$j" \
    | jq -r '.[]|{name,"zone":.selfLink|split("/")[-3]}|"\(.name) \(.zone)"' \
    | while read name zone; do \
        [ "$zone" == "global" ] && zone="" || zone="--zone $zone" ;\
        echo gcloud -q compute instance-templates delete $name $zone ; \
      done
 fi
 j='' count=''


 # get and script a deletion of all instance templates on the chosen network
 j=$(gcloud compute instances list --filter="networkInterfaces.network ~ /networks/${NETWORK}" --format json --verbosity error)
 count=$(echo "$j" | jq length)
 if [[ $count -gt 0 ]]  ; then
  comment  "delete all Instances in $NETWORK"
  echo "$j" \
    | jq -r '.[]|{name,deletionProtection,"zone":.zone|split("/")[-1]}|"\(.name) \(.deletionProtection) \(.zone)"' \
    | while read name deletionProtection zone; do \
        if [[ -n "$deletionProtection" ]] && [[ "$deletionProtection" == "true" ]]; then \
            echo "gcloud compute instances update $name --zone=$zone --no-deletion-protection  # disable delete-protection on '$name'" ; \
        fi ;\
        echo gcloud -q compute instances delete --delete-disks=all $name --zone=$zone ; \
      done
 fi
 j='' count=''


 # get and script a deletion of all firewall rules on the chosen network
 j=$(gcloud compute firewall-rules list --filter="network ~ /networks/${NETWORK}" --format json --verbosity error)
 count=$(echo "$j" | jq length)
 if [[ $count -gt 0 ]]  ; then
  comment  "delete all Firewall Rules in $NETWORK"
  echo "$j" \
    | jq -r '.[]|{name,"zone":.selfLink|split("/")[-3]}|"\(.name) \(.zone)"' \
    | while read name zone; do \
        [ "$zone" == "global" ] && zone="" || zone="--zone $zone" ;\
        echo gcloud -q compute firewall-rules delete $name $zone ; \
      done
 fi
 j='' count=''

 # get and script a deletion of all cloud VPN gateways on the chosen network
 j=$(gcloud compute vpn-gateways list --filter="network ~ /networks/${NETWORK}" --format json --verbosity error)
 count=$(echo $j | jq length)
 if [[ $count -gt 0 ]]  ; then
  comment  "delete all Cloud VPN Gateways in $NETWORK"
  echo "$j" \
    | jq -r '.[]|"\(.name) \(.region|split("/")[-1]"' \
    | while read name region; do \
        [ "$region" == "global" ] && region="" || region="--region $region" ;\
        echo gcloud -q compute vpn-gateways delete $name $region ; \
      done
 fi
 j='' count=''


 # get and script a deletion of all route tables on the chosen network
 j=$(gcloud compute routes list --filter="network ~ /networks/${NETWORK}" --format json --verbosity error)
 count=$(echo $j | jq length)
 if [[ $count -gt 0 ]]  ; then
  comment  "delete all Route Tables in $NETWORK"
  echo "$j" \
    | jq -r '.[]|{name,"region":.selfLink|split("/")[-3]}|"\(.name) \(.region)"' \
    | while read name region; do \
        [ "$region" == "global" ] && region="" || region="--region $region" ;\
        echo gcloud -q compute routes delete $name $region ; \
      done
 fi
 j='' count=''


 # get and script a deletion of all cloud routers on the chosen network
 j=$(gcloud compute routers list --filter="network ~ /networks/${NETWORK}" --format json --verbosity error)
 count=$(echo $j | jq length)
 if [[ $count -gt 0 ]]  ; then
  comment  "delete all Cloud Routers in $NETWORK"
  echo "$j" \
    | jq -r '.[]|"\(.name) \(.region|split("/")[-1])"' \
    | while read name region; do \
        [ "$region" == "global" ] && region="" || region="--region $region" ;\
        echo gcloud -q compute routers delete $name $region ; \
      done
 fi
 j='' count=''


 # get and script a deletion of all subnets on the chosen network
 j=$(gcloud compute networks subnets  list --filter="network ~ /networks/${NETWORK}" --format json --verbosity error)
 count=$(echo $j | jq length)
 if [[ $count -gt 0 ]]  ; then
  comment  "delete all Subnets in $NETWORK"
  echo "$j" \
    | jq -r '.[]|"\(.name) \(.region|split("/")[-1])"' \
    | while read name region; do \
        [ "$region" == "global" ] && region="" || region="--region $region" ;\
        echo gcloud -q compute networks subnets delete $name $region ; \
      done
 fi
 j='' count=''

 # finally delete the network itself
 comment  "delete the network (VPC)"
 echo gcloud -q compute networks delete $NETWORK

 ## Other Resources:
 ## Check for any other resources that might be referencing the
 ## network (e.g., load balancers, Cloud SQL instances, etc.) and delete them accordingly.
 ##
 ## after deleting the network, there will be broken forwarding rules, urlMaps and Backend Services that point
 ## to non-existant instances or instance groups
 ##
 ## cleaning that mess up is for another day