Sometimes it’s hard to cleanup old unused compartments. There are a lot of resources still available, and some of them like the CSS scans from Vulnerability Scanning are not visible in Oracle Cloud Infrastructure console. But for most of them, there is a command-line solution available for OCI command-line tool or you can solve it with some line of codes in Python. And when using the OCI Cloud Console, you can execute the code immediately without provisioning any additional server.
The Case – Compartment Delete Workflow failed
When verifying the workflow, we see the deletion is failed according some resource leftovers. We must delete them all before the compartment deletion workflow runs well. There are other resources like Management Dashboard Searches, let’s keep the focus on the VSS scans.
Troubleshooting
There is an Oracle document available to troubleshoot the Vulnerability Scanning service: Troubleshooting the Vulnerability Scanning service (oracle.com).
In the section Delete Compartment Failed – you find a Python code block to delete all available scan reports in a compartment for any scan type like host, container, port etc. To speed up the process, I used the Oracle Cloud Infrastructure Cloud shell to run the Python script. All I must do is to set the correct compartment OCID.
Python Code
import oci import sys compartment = "ocid1.compartment.oc1..aaaaaaaactjmqnfhqtc6hlq7x7lgtlfquppbcngffniftnlnxihczi4p7fsa" def list(list_func, compartment): try: scans = oci.pagination.list_call_get_all_results( list_func, compartment ).data return scans except Exception as e: raise RuntimeError("Error listing scans in compartment " + compartment + ": " + str(e.args)) def delete_scans(delete_func, scans): for s in scans: try: delete_func(s.id) except Exception as e: raise RuntimeError("Error deleting scan " + s["id"] + ": " + str(e.args)) config = oci.config.from_file() # Quick safety check print("Using compartment " + compartment) if input("Do you want to delete all scan results (host, port, CIS, container) in this compartment? [y/N]: ") != "y": sys.exit() # Create the client from the config client = oci.vulnerability_scanning.VulnerabilityScanningClient(config) # Host agent scans print("Listing agent scans to delete...") host_scans = list(client.list_host_agent_scan_results, compartment) print("Deleting " + str(len(host_scans)) + " host scans") delete_scans(client.delete_host_agent_scan_result, host_scans) # Host port scans print("Listing port scans to delete...") port_scans = list(client.list_host_port_scan_results, compartment) print("Deleting " + str(len(port_scans)) + " port scans") delete_scans(client.delete_host_port_scan_result, port_scans) # Host CIS benchmarks print("Listing CIS scans to delete...") cis_benchmarks = list(client.list_host_cis_benchmark_scan_results, compartment) print("Deleting " + str(len(cis_benchmarks)) + " CIS scans") delete_scans(client.delete_host_cis_benchmark_scan_result, cis_benchmarks) # Container scans print("Listing container image scans to delete...") container_scans = list(client.list_container_scan_results, compartment) print("Deleting " + str(len(container_scans)) + " container image scans") delete_scans(client.delete_container_scan_result, container_scans)
Just copy &paste the code lines it into a new file in Cloud Shell, adapt the compartment and run it.
Cleanup Run
This is how it looks like when running the Python code, in my case, 11 CIS scans are found and deleted. Verify, that the proper compartment OCID is used and confirm.
And now? Happy compartment deletion 🙂