Check if AWS_SHARED_CREDENTIALS_FILE is set #30
Conversation
openshift-ci-robot
added
approved
hongkailiu
changed the title
hongkailiu
changed the title
|
/lgtm |
|
/retest |
|
/refresh |
|
/close |
openshift-ci-robot
added
size/M
|
/hold debugging |
|
/hold cancel |
| declare -a regions=("us-east-1" "us-east-2" "us-west-1") | ||
| my_date=$(TZ=":Africa/Abidjan" date '+%Y-%m-%d') | ||
|
|
||
| if [[ -n "${IPI_DEPROVISION_DATE-}" ]]; then |
There was a problem hiding this comment.
Hmm sorry -- we will want this to be relative to the time that is run, right? So the config option would be how old --
$ date --date='1 hour ago'
Tue Jul 23 16:54:10 PDT 2019
| @@ -1,17 +1,44 @@ | |||
| #!/bin/sh | |||
There was a problem hiding this comment.
So I don't think we want to run POSIX shell. If we have bash, let's use it.
There was a problem hiding this comment.
Done. CP/Paste error.
| set -o nounset | ||
| set -o pipefail | ||
|
|
||
| if [ -z "${AWS_SHARED_CREDENTIALS_FILE}" ]; then echo "ENV VAR AWS_SHARED_CREDENTIALS_FILE is not set"; exit 1; fi |
There was a problem hiding this comment.
nit: prefer
if [[ -z "${AWS_SHARED_CREDENTIALS_FILE:-}" ]]; then
echo "Required variable \$AWS_SHARED_CREDENTIALS_FILE unset"
exit 1
fiThere was a problem hiding this comment.
Also, can't we just omit this? The AWS library will fail when no credentials are found, and this script could be used locally with the credentials in $HOME
|
|
||
| if [ -z "${AWS_SHARED_CREDENTIALS_FILE}" ]; then echo "ENV VAR AWS_SHARED_CREDENTIALS_FILE is not set"; exit 1; fi | ||
|
|
||
| ### expirationDate is always with timezone +00:00, eg, "2019-07-23T22:35+0000" |
There was a problem hiding this comment.
This comment is out of place
| declare -a regions=("us-east-1" "us-east-2" "us-west-1") | ||
| my_date=$(TZ=":Africa/Abidjan" date '+%Y-%m-%d') | ||
|
|
||
| if [[ -n "${IPI_DEPROVISION_DATE_ARG-}" ]]; then |
There was a problem hiding this comment.
We should validate that this is set, as without it, the script is not useful.
There was a problem hiding this comment.
nit: that's a lot of names in the env var! we could just use something like ${CLUSTER_TTL}
There was a problem hiding this comment.
rename: Done.
validation: not sure how to validate it. Could do it as a follow-up i think.
|
|
||
| if [[ -n "${IPI_DEPROVISION_DATE_ARG-}" ]]; then | ||
| ### eg, export IPI_DEPROVISION_DATE_ARG="22 hours ago" | ||
| echo "take env. var.: IPI_DEPROVISION_DATE_ARG: ${IPI_DEPROVISION_DATE_ARG}" |
There was a problem hiding this comment.
nit: maybe format like
echo "Searching for clusters with a TTL of ${IPI_DEPROVISION_DATE_ARG}"or
echo "Searching for clusters older than ${my_date}|
|
||
| echo "my_date: ${my_date}" | ||
|
|
||
| ### James: CI only runs in us-east-1. |
There was a problem hiding this comment.
we don't need to keep this comment around, I don't think
| declare -a regions=("us-east-1") | ||
| ### for more than one region: | ||
| # declare -a regions=("us-east-1" "us-east-2" "us-west-1") | ||
| if [[ -n "${IPI_DEPROVISION_REGIONS-}" ]]; then |
There was a problem hiding this comment.
Do we need this? We can add it later if we do
| if [[ -n "${IPI_DEPROVISION_REGIONS-}" ]]; then | ||
| ### eg, export IPI_DEPROVISION_REGIONS="us-east-1;us-west-1" | ||
| echo "take regions from env. var.: IPI_DEPROVISION_REGIONS: ${IPI_DEPROVISION_REGIONS}" | ||
| IFS=';' read -r -a regions <<< "$IPI_DEPROVISION_REGIONS" |
There was a problem hiding this comment.
FYI read -a and <<< here-string are not defined in POSIX shell :)
| IFS=';' read -r -a regions <<< "$IPI_DEPROVISION_REGIONS" | ||
| fi | ||
|
|
||
| echo "regions: ${regions}" |
There was a problem hiding this comment.
likely do not need this debugger
stevekuznetsov
left a comment
stevekuznetsov
left a comment
There was a problem hiding this comment.
Everyone gets their first real shell review from me someday :)
| handle_cluster () { | ||
| local cluster_name; | ||
| cluster_name=$1 | ||
| echo "handling cluster: ${cluster_name} ..." |
There was a problem hiding this comment.
might be nice to see the date it expired at, as well
There was a problem hiding this comment.
/hold ... I want to give this a try.
There was a problem hiding this comment.
/hold cancel
There should be a way to do it with one search and pass 2 params into the function.
Let us iterate.
| do | ||
| echo "doing region ${r} ..." | ||
| aws ec2 describe-vpcs --output json --region "${r}" | jq --arg date "${MY_DATE}" -r -S '.Vpcs[] | select (.Tags[]? | (.Key == "expirationDate" and .Value < $date)) | .Tags[] | select (.Value == "owned") | .Key' | while read line; do handle_cluster ${line}; done | ||
| aws ec2 describe-vpcs --output json --region "${r}" | jq --arg date "${my_date}" -r -S '.Vpcs[] | select (.Tags[]? | (.Key == "expirationDate" and .Value < $date)) | .Tags[] | select (.Value == "owned") | .Key' | while read line; do handle_cluster ${line}; done |
There was a problem hiding this comment.
nit: piping into while read line is a bit esoteric, we could:
for cluster in $( aws ec2 describe... ); do
handle_cluster "${cluster}"
done(and with that formatting we hardly need the handle_cluster function since inlining it is simple
| ### which is always with timezone +00:00, eg, "2019-07-23T22:35+0000" | ||
| cluster_age_cutoff=$(TZ=":Africa/Abidjan" date '+%Y-%m-%d') | ||
|
|
||
| if [[ -n "${CLUSTER_TTL-}" ]]; then |
There was a problem hiding this comment.
So if this is not set, we will remove all clusters with an expiration date older than now? This is a dangerous default -- we should enforce that this parameter is passed and not use a default
| local cluster_name; | ||
| cluster_name=$1 | ||
| echo "handling cluster: ${cluster_name} ..." | ||
| echo "handling cluster: ${cluster_name} with expirationDate: $(aws ec2 describe-vpcs --output json --region "us-east-1" --filters "Name=tag:${cluster_name},Values=owned" | jq -r '.Vpcs[].Tags[] | select (.Key=="expirationDate") | .Value')" |
There was a problem hiding this comment.
nit: this will make runtime much slower as we now make O(N) aws calls (rather than one list) and be also more costly on API use -- we can save the output of aws describe-vpcs --output json into a file and post-process that or use jq in the first call to select the cluster name and expiration date, either way would work.
There was a problem hiding this comment.
Done.
I like the 2nd way more but i can implement the 1st one for the moment.
|
/hold WIP |
|
/hold cancel |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: hongkailiu, stevekuznetsov The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
# This is the 1st commit message: force all disruption aggregation to skipped status while we re-gather unbugged data # This is the commit message openshift#2: Fix lint issue. # This is the commit message openshift#3: sanitize: keep jobs from the same PR on the same cluster # This is the commit message openshift#4: Support runIfChanged and skipIfOnlyChanged for postsubmit Signed-off-by: clyang82 <chuyang@redhat.com> # This is the commit message openshift#5: Update UT Signed-off-by: clyang82 <chuyang@redhat.com> # This is the commit message openshift#6: fix integration test Signed-off-by: clyang82 <chuyang@redhat.com> # This is the commit message openshift#7: [DPTP-2635]cluster-display: add endpont for clusters # This is the commit message openshift#8: prowgen: stop tolerating changes to `optional` fields ...except for images jobs for which do not have syntax in ci-operator config Once we pull all manual changes to ci-operator configs, we can stop tolerating these changes. One step closer to fully generated Prowjob configuration. # This is the commit message openshift#9: Honor semver when comparing clone target/source # This is the commit message openshift#10: Write a README for autoconfigbrancher # This is the commit message openshift#11: autoconfigbrancher: simplify a conditional # This is the commit message openshift#12: autoconfigbrancher: use a permanent link in README # This is the commit message openshift#13: Rename mis-spelled variable, add short for cobra help, add comments # This is the commit message openshift#14: add more comments re: GCS # This is the commit message openshift#15: Note two tables created in memory using a SELECT # This is the commit message openshift#16: fix typo # This is the commit message openshift#17: cast to a type so we can see more info on dryrun mode # This is the commit message openshift#18: Share ReleaseController's config # This is the commit message openshift#19: Add aggregating job results to testgrid (openshift#2576) * Add aggregating job results to testgrid * Add aggregating job results to testgrid Aggregating jobs are added to blocking dashboard of the corresponding release. Release is determined by the aggregated job prow config. * Add test cases * Add nil pointer check # This is the commit message openshift#20: Updating auto-include logic for OpenStack jobs Adding the OpenStack jobs which recently moved from release to shiftstack directory. This will add them to testgrid automatically. # This is the commit message openshift#21: [DPTP-2660]payload-testing-prow-plugin: format errors # This is the commit message openshift#22: handle missing history for aggregated disruption # This is the commit message openshift#23: Add create-tables subcommand to create Jobs tab and debugging tips to README # This is the commit message openshift#24: create JobRuns table # This is the commit message openshift#25: Rename vars to be more generic for table creation # This is the commit message openshift#26: add in gofmt fixes for lint # This is the commit message openshift#27: comment about Jobs being initially primed # This is the commit message openshift#28: comment compile time checks in case go beginners have never seen it # This is the commit message openshift#29: prpqr: add a PR deploy makefile target # This is the commit message openshift#30: prpqr ui: use centos stream instead of 8 from docker # This is the commit message openshift#31: Refuse /payload command on PRs to repositories that do not contribute to OCP # This is the commit message openshift#32: allow correcting history without changing test name when we get criteria incorrect # This is the commit message openshift#33: switch the check for aggregation passes to use the SQL views
4 participants
follow-up of openshift/release#4489