This script first disables discovery-related policies for targeted resources that are planned for removal from Guardrails. This prevents discovery controls from re-running and re-adding the resources to the Guardrails CMDB.
When executed with the --disable flag, the script disables discovery policies for the specified resources and then deletes them along with their descendants.
Deletion is performed in batches, with an optional cooldown period between batches to prevent system overload.
For more details, refer to Filtering Resources.
To run the scripts, you must have:
This sections details how to set up an environment in order to run the script.
We recommend the use of virtual environment.
To setup a virtual environment:
python3 -m venv .venvOnce created, to activate the environment:
source .venv/bin/activateThen install Python library dependencies:
pip3 install -r requirements.txtCredentials and end point details need to be configure before being able to connect to a Turbot installation. This configuration can be entered either using environment variables or a configuration file.
Use either configuration for your Turbot installation:
export TURBOT_WORKSPACE="https://<environment-name>.cloud.turbot.com/"
export TURBOT_ACCESS_KEY_ID=ac61d2e4-730c-4b54-8c3c-6ef172390814
export TURBOT_SECRET_ACCESS_KEY=151b296b-0694-4a28-94c4-4b67fa82ab2cor
export TURBOT_GRAPHQL_ENDPOINT="https://<environment-name>.cloud.turbot.com/api/latest/graphql"
export TURBOT_ACCESS_KEY_ID=ac61d2e4-730c-4b54-8c3c-6ef180150814
export TURBOT_SECRET_ACCESS_KEY=151b296b-0694-4a28-94c4-4767fa82bb2cExample configuration file:
default:
accessKey: dc61d2e4-730c-4b54-8c3c-6ef180150814
secretKey: 6ef18015-7d0c-2b51-4d2c-dc61d2e63a22
workspace: "https://demo-acme.cloud.turbot.com/"This script will automatically search for a credentials.yml file in ~/.config/turbot/ or you can save the yaml configuration file anywhere and provide the --config /path/to/config.yml --profile default as a command line option.
To run a the Python script:
- Install and configure the pre-requisites
- Using the command line, navigate to the directory for the Python script
- Create and activate the Python virtual environment
- Install dependencies
- Run the Python script using the command line
- Deactivate the Python virtual environment
python3 delete_resources_batches.py [options]-c, --config-file
[String] Pass an optional yaml config file.
-p, --profile
[String] Profile to be used from config file.
-r, –resource-id
[String] ID of the resource to delete along with its descendants.
-b, --batch
[Int] The number of controls to run before cooldown per cycle
-d, --cooldown
[Int] Number of seconds to pause before the next batch of controls are run. Setting this value to
0will disable cooldown.
-e, --execute
Will re-run controls when found.
–disable
Disable discovery-related policies by setting them to Skip before deletion.
--help
Lists all the options and their usages.
Simulates the deletion process without making any changes.
python3 delete_resources_batches.py --resource-id <resource_id>Disables discovery-related policies for the specified resource and deletes the resource along with its descendants.
python3 delete_resources_batches.py --resource-id <resource_id> --disable --executeDeletes resources in batches of 50, pausing for 60 seconds between batches.
python3 delete_resources_batches.py --resource-id <resource_id> -b 50 -d 60 --executeRuns the script using credentials specified in a configuration file.
python3 delete_resources_batches.py --config ~/.config/turbot/credentials.yml --profile default --resource-id <resource_id> --executepython3 run_controls_batches.py -f "state:tbd,error,alarm"Once the script has been run, it is advised to deactivate the virtual environment if a virtual environment was used to install the script dependencies.
This is accomplished by running the command:
deactivate