github.com/openshift/installer@v1.4.17/scripts/maintenance/clean-aws.sh (about)

     1  #!/usr/bin/env bash
     2  
     3  usage() {
     4    cat <<EOF
     5  
     6  $(basename "$0") deletes AWS resources tagged with tags specified in a tag file.
     7  Requires that 'podman' and 'jq' are installed.
     8  
     9  AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY environmental variables must be set.
    10  
    11  Options:
    12  
    13    --force           Override user input prompts. Useful for automation.
    14  
    15    --grafiti-version Either the semver release version, ex. v0.1.1, or sha commit
    16                      hash of a grafiti image hosted in quay.io.
    17  
    18    --aws-region      The AWS region you wish to query for taggable resources. This
    19                      flag is optional if AWS_REGION is set.  You can also set a
    20                      default region for the default profile in your ~/.aws
    21                      configuration files, although for this you must have the 'aws'
    22                      command installed).
    23  
    24    --config-file     A grafiti configuration file. See an example at
    25                      https://github.com/coreos/grafiti/blob/master/config.toml.
    26  
    27    --tag-file        A file containing a TagFilter list. See the AWS Resource Group
    28                      Tagging API 'TagFilter' documentation for file structure.
    29  
    30    --date-override   (optional) Date of the format YYYY-MM-DD to delete resources
    31                      tagged with 'expirationDate: some-date-string'.  By default,
    32                      this script deletes resources which expired yesterday or
    33                      today.  Not compatible with --tag-file.
    34  
    35    --dry-run         (optional) If set, grafiti will only do a dry run, i.e. not
    36                      delete any resources.
    37  
    38  EOF
    39  }
    40  
    41  force=
    42  version=
    43  region=
    44  config_file=
    45  tag_file=
    46  date_string=
    47  dry_run=
    48  
    49  while [ $# -gt 0 ]; do
    50    case $1 in
    51      --help)
    52        usage
    53        exit
    54      ;;
    55      --force)
    56        force=true
    57      ;;
    58      --grafiti-version)
    59        version="${2:-}"
    60        shift
    61      ;;
    62      --aws-region)
    63        region="${2:-}"
    64        shift
    65      ;;
    66      --config-file)
    67        config_file="${2:-}"
    68        shift
    69      ;;
    70      --tag-file)
    71        tag_file="${2:-}"
    72        shift
    73      ;;
    74      --date-override)
    75        date_string="[\"${2:-}\"]"
    76        shift
    77      ;;
    78      --dry-run)
    79        dry_run="$1"
    80      ;;
    81      *)
    82        echo "Flag '$1' is not supported." >&2
    83        exit 1
    84      ;;
    85    esac
    86    shift
    87  done
    88  
    89  if ! command -V podman >/dev/null || ! command -V jq >/dev/null; then
    90    echo "Missing required dependencies" >&2
    91    exit 1
    92  fi
    93  
    94  if [ -z "$region" ]; then
    95    if [ -n "$AWS_REGION" ]; then
    96      region="${AWS_REGION:-}"
    97    elif ! command -V aws >/dev/null; then
    98      echo "Without the 'aws' command, you must set either --aws-region or \$AWS_REGION" >&2
    99      exit 1
   100    else
   101      region="$(aws configure get region)"
   102      if [ -z "$region" ]; then
   103        echo "Must provide an AWS region, set the AWS_REGION, or set a region in your ~/.aws/config" >&2
   104        exit 1
   105      fi
   106    fi
   107  fi
   108  
   109  if [ -z "$version" ]; then
   110    echo "Grafiti image version required." >&2
   111    exit 1
   112  fi
   113  
   114  if [ -n "$tag_file" ] && [ -n "$date_string" ]; then
   115    echo "Cannot use both --tag-file and --date-override flags simultaneously." >&2
   116    exit 1
   117  fi
   118  
   119  set -e
   120  
   121  tmp_dir="$(readlink -m "$(mktemp -d clean-aws-XXXXXXXXXX)")"
   122  mkdir -p "$tmp_dir"
   123  trap 'rm -rf "$tmp_dir"; exit' EXIT
   124  
   125  if [ -n "$config_file" ]; then
   126    cat "$config_file" >"$tmp_dir/config.toml"
   127  else
   128    echo "maxNumRequestRetries = 11" >"$tmp_dir/config.toml"
   129  fi
   130  
   131  if [ -n "$tag_file" ]; then
   132    cat "$tag_file" >"$tmp_dir/tag.json"
   133  else
   134    if [ -z "$date_string" ]; then
   135      date_string="$(jq --null-input '[["%Y-%m-%d", "%Y-%-m-%-d", "%m-%d-%Y", "%m-%-d-%-Y", "%-m-%-d-%-Y", "%d-%m-%Y", "%d-%-m-%-Y"][] | . as $format | [now, now - 24*60*60][] | strftime($format)]')"
   136    fi
   137  
   138    cat <<EOF >"$tmp_dir/tag.json"
   139  {"TagFilters":[{"Key":"expirationDate","Values":${date_string}}]}
   140  EOF
   141  fi
   142  
   143  echo "Deleting resources with the following tags:"
   144  jq '.' "$tmp_dir/tag.json"
   145  
   146  if [ -n "$dry_run" ]; then
   147    echo "Dry run flag set. Not deleting any resources."
   148  fi
   149  
   150  if [ ! $force ]; then
   151    read -rp "Proceed deleting these resources? [y/N]: " yn
   152    if [ "$yn" != "y" ]; then
   153      echo "Aborting deletion and cleaning up." >&2
   154      exit 1
   155    fi
   156  fi
   157  
   158  trap 'podman stop grafiti-deleter; exit' EXIT
   159  
   160  podman run -t --rm --name grafiti-deleter \
   161  	-v "$tmp_dir":/tmp/config:z \
   162  	-e AWS_ACCESS_KEY_ID="$AWS_ACCESS_KEY_ID" \
   163  	-e AWS_SECRET_ACCESS_KEY="$AWS_SECRET_ACCESS_KEY" \
   164    -e AWS_SESSION_TOKEN="$AWS_SESSION_TOKEN" \
   165    -e AWS_REGION="$region" \
   166  	-e CONFIG_FILE="/tmp/config/config.toml" \
   167  	-e TAG_FILE="/tmp/config/tag.json" \
   168  	quay.io/coreos/grafiti:"${version}" \
   169  	bash -c "grafiti $dry_run --config \"\$CONFIG_FILE\" --ignore-errors delete --all-deps --delete-file \"\$TAG_FILE\""
   170  
   171  set +e