Merge pull request #6533 from joelddiaz/prereqs_uninstall

Automatic merge from submit-queue.

allow uninstalling AWS objects created by prerequisite playbook

add deprovisioners/uninstallers for objects created via playbooks/aws/openshift-cluster/prerequisites.yml

specifically: security groups, vpcs, and any ssh keys

introduce openshift_aws_enable_uninstall_shared_objects to protect AWS objects that would be shared in the case of multiple clusters co-existing in one AWS account. right now it protects the ssh keys, but it can/should be used to protect against deleting the shared IAM instance profile as well. default this variable to False to be on the safe side when uninstalling/deprovisioning.

1 files changed, 9 insertions, 0 deletions

diff --git a/roles/openshift_aws/tasks/uninstall_ssh_keys.yml b/roles/openshift_aws/tasks/uninstall_ssh_keys.yml
new file mode 100644
index 000000000..27e42da53
--- /dev/null
+++ b/roles/openshift_aws/tasks/uninstall_ssh_keys.yml
@@ -0,0 +1,9 @@
+---
+- name: Remove the public keys for the user(s)
+  ec2_key:
+    state: absent
+    name: "{{ item.key_name }}"
+    region: "{{ openshift_aws_region }}"
+  with_items: "{{ openshift_aws_users }}"
+  no_log: True
+  when: openshift_aws_enable_uninstall_shared_objects | bool