Skip to content

Commit 82bdd9f

Browse files
committed
installer/scripts: AWS tag and delete scripts
scripts/maintenance: scripts that tag and delete AWS resources using the `grafiti` Docker container (see https://github.com/coreos/grafiti), and a script that only tags Route53 hosted zones using the AWS CLI.
1 parent 614702e commit 82bdd9f

File tree

4 files changed

+464
-46
lines changed

4 files changed

+464
-46
lines changed

installer/scripts/delete.sh

Lines changed: 0 additions & 46 deletions
This file was deleted.
Lines changed: 168 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,168 @@
1+
#!/usr/bin/env bash
2+
3+
usage() {
4+
cat <<EOF
5+
6+
$(basename "$0") deletes AWS resources tagged with tags specified in a tag file.
7+
8+
AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY environmental variables must be set.
9+
10+
Options:
11+
12+
--force Override user input prompts. Useful for automation.
13+
14+
--grafiti-version Either the semver release version, ex. v0.1.1, or sha commit
15+
hash of a grafiti image hosted in quay.io.
16+
17+
--aws-region The AWS region you wish to query for taggable resources. This
18+
flag is optional if AWS_REGION is set. AWS_REGION overrides
19+
values passed in by this flag.
20+
21+
--config-file A grafiti configuration file. See an example at
22+
https://github.com/coreos/grafiti/blob/master/config.toml.
23+
24+
--tag-file A file containing a TagFilter list. See the AWS Resource Group
25+
Tagging API 'TagFilter' documentation for file structure.
26+
27+
--date-override (optional) Date of the format YYYY-MM-DD that overrides the
28+
default tag value of today's date. This script tags resources
29+
with 'expirationDate: some-date-string', where some-date-string
30+
is replaced with either the following days' date or date-override.
31+
Only use if --tag-file is not used.
32+
33+
--workspace-dir (optional) Parent directory for a temporary directory. /tmp is
34+
used by default.
35+
36+
--dry-run (optional) If set, grafiti will only do a dry run, i.e. not
37+
delete any resources.
38+
39+
EOF
40+
}
41+
42+
force=
43+
version=
44+
region=
45+
config_file=
46+
tag_file=
47+
date_override=
48+
workspace=
49+
dry_run=
50+
51+
while [ $# -gt 0 ]; do
52+
case $1 in
53+
--help)
54+
usage
55+
exit
56+
;;
57+
--force)
58+
force=true
59+
;;
60+
--grafiti-version)
61+
version="${2:-}"
62+
shift
63+
;;
64+
--aws-region)
65+
region="${2:-}"
66+
shift
67+
;;
68+
--config-file)
69+
config_file="${2:-}"
70+
shift
71+
;;
72+
--tag-file)
73+
tag_file="${2:-}"
74+
shift
75+
;;
76+
--date-override)
77+
date_override="${2:-}"
78+
shift
79+
;;
80+
--workspace-dir)
81+
workspace="${2:-}"
82+
shift
83+
;;
84+
--dry-run)
85+
dry_run="$1"
86+
;;
87+
*)
88+
echo "Flag '$2' is not supported."
89+
exit
90+
;;
91+
esac
92+
shift
93+
done
94+
95+
if [ -n "$AWS_REGION" ]; then
96+
region="${AWS_REGION:-}"
97+
fi
98+
99+
if [ -z "$version" ]; then
100+
echo "Grafiti image version required."
101+
exit 1
102+
fi
103+
104+
if [ -z "$region" ]; then
105+
echo "Must provide an AWS region, set the AWS_REGION, or set a region in your ~/.aws/config}"
106+
exit 1
107+
fi
108+
109+
if [ -n "$tag_file" ] && [ -n "$date_override" ]; then
110+
echo "Cannot use both --tag-file and --date-override flags simultaneously."
111+
exit 1
112+
fi
113+
114+
set -e
115+
116+
tmp_dir="/tmp/config"
117+
if [ -n "$workspace" ]; then
118+
tmp_dir="$(readlink -m "${workspace}/config")"
119+
fi
120+
mkdir -p "$tmp_dir"
121+
trap 'rm -rf "$tmp_dir"; exit' EXIT
122+
123+
if [ -z "$config_file" ]; then
124+
config_file="$(mktemp -p "$tmp_dir" --suffix=.toml)"
125+
echo "maxNumRequestRetries = 11" > "$config_file"
126+
fi
127+
128+
if [ -z "$tag_file" ]; then
129+
tag_file="$(mktemp -p "$tmp_dir")"
130+
131+
date_string="$(date "+%Y-%m-%d" -d "-1 day")\",\"$(date "+%Y-%-m-%-d" -d "-1 day")\",\"$(date +%Y-%m-%d)\",\"$(date +%Y-%-m-%-d)"
132+
if [ -n "$date_override" ]; then
133+
date_string="$date_override"
134+
fi
135+
136+
cat <<EOF > "$tag_file"
137+
{"TagFilters":[{"Key":"expirationDate","Values":["${date_string}"]}]}
138+
EOF
139+
fi
140+
141+
echo "Deleting resources with the following tags:"
142+
jq '.' "$tag_file"
143+
144+
if [ -n "$dry_run" ]; then
145+
echo "Dry run flag set. Not deleting any resources."
146+
fi
147+
148+
if [ ! $force ]; then
149+
read -rp "Proceed deleting these resources? [y/N]: " yn
150+
if [ "$yn" != "y" ]; then
151+
echo "Aborting deletion and cleaning up."
152+
exit 1
153+
fi
154+
fi
155+
156+
trap 'docker stop grafiti-deleter && docker rm grafiti-deleter; exit' EXIT
157+
158+
docker run -t --rm --name grafiti-deleter \
159+
-v "$tmp_dir":/tmp/config:z \
160+
-e AWS_ACCESS_KEY_ID="$AWS_ACCESS_KEY_ID" \
161+
-e AWS_SECRET_ACCESS_KEY="$AWS_SECRET_ACCESS_KEY" \
162+
-e AWS_REGION="$region" \
163+
-e CONFIG_FILE="/tmp/config/$(basename "$config_file")" \
164+
-e TAG_FILE="/tmp/config/$(basename "$tag_file")" \
165+
quay.io/coreos/grafiti:"${version}" \
166+
ash -c "grafiti $dry_run --config \"\$CONFIG_FILE\" --ignore-errors delete --all-deps --delete-file \"\$TAG_FILE\""
167+
168+
set +e

0 commit comments

Comments
 (0)