#!/usr/bin/env bash
# Purpose: When cleaning up GCP resources in an Edge instance, KCC can deadlock trying to delete certain resources.
# In particular, GCP services fail to delete which makes the namespace impossible to delete.
# After patching off the finalizer you can force delete the resource, allowing the namespace to finish deleting.
#
# kubectl get $namespace -o yaml will show what resources remain undeleted
#
# Substitute in whatever type of resource in whatever namespace that is causing trouble. However, DO NOT
# remove the finalizers from Folders and Projects - deleting the folder or project will delete everything in them,
# which is why the other resources get stuck. Deleting the project with a finalizer will possibly leave the resources
# requiring manual cleanup.

set -eu

namespace="abcd1234"
problem_kinds="iamcustomroles gcpservices containernodepools containerclusters secretmanagersecrets" # substitute whatever isnt getting deleted
dryrun="client" # change when you are sure of the change. other options are none or server
for kind in $problem_kinds; do
    objs=$(kubectl get "$kind" -n "$namespace" -o name)
    if [ -n "$objs" ]; then
        # shellcheck disable=SC2086
        # we want the words to be split
        kubectl patch $objs -p '{"metadata":{"finalizers":[]}}' --type=merge -n "$namespace" --dry-run="$dryrun"
    fi
done