cloud: Add shutdown command

kernelci · Apr 23, 2024 · 842eb73 · 842eb73
1 parent 051ab6d
commit 842eb73
Show file tree

Hide file tree

Showing 7 changed files with 135 additions and 31 deletions.
diff --git a/cloud b/cloud
@@ -340,17 +340,19 @@ function execute_command() {
     )
 
     # Make sure requisite services are enabled
-    app_deploy "$project"
-    services_enable "$project" appengine secretmanager cloudfunctions \
-                               cloudbuild cloudscheduler firestore \
-                               sqladmin storage run iam bigquery
-
-    # Enable generating PostgreSQL superuser password (if not specified),
-    # if the instance doesn't exist yet
-    declare exists
-    exists=$(psql_instance_exists "$project" "$PSQL_INSTANCE")
-    if ! "$exists"; then
-        password_set_generate psql_superuser true
+    if [ "$command" != "shutdown" ]; then
+        app_deploy "$project"
+        services_enable "$project" appengine secretmanager cloudfunctions \
+                                   cloudbuild cloudscheduler firestore \
+                                   sqladmin storage run iam bigquery
+
+        # Enable generating PostgreSQL superuser password (if not specified),
+        # if the instance doesn't exist yet
+        declare exists
+        exists=$(psql_instance_exists "$project" "$PSQL_INSTANCE")
+        if ! "$exists"; then
+            password_set_generate psql_superuser true
+        fi
     fi
 
     # Handle "deploy" command
@@ -419,6 +421,18 @@ function execute_command() {
             --purge-db-trigger-topic="$purge_db_trigger_topic"
         sections_run "$sections" submitters_deploy \
             "$project" "$new_topic" "${submitters[@]}"
+    # Handle "shutdown" command
+    elif [ "$command" == "shutdown" ]; then
+        sections_run "$sections" submitters_shutdown \
+            "$project" "$new_topic" "${submitters[@]}"
+        functions_shutdown \
+            --sections="$sections" \
+            --project="$project" \
+            --prefix="$prefix" \
+            --cache-redirect-function-name="$cache_redirect_function_name"
+        sections_run "$sections" run_shutdown \
+            --project="$project" \
+            --grafana-service="$grafana_service"
     # Handle "withdraw" command
     elif [ "$command" == "withdraw" ]; then
         sections_run "$sections" submitters_withdraw \
@@ -474,6 +488,7 @@ function usage() {
     echo "    deploy        Deploy an installation to the cloud."
     echo "    env           Output environment YAML for Cloud Functions."
     echo "    shell         Execute a shell with deployment environment."
+    echo "    shutdown      Shutdown an installation in the cloud."
     echo "    withdraw      Withdraw an installation from the cloud."
     echo "    list-sections List sections of the installation."
     echo ""
@@ -635,6 +650,40 @@ function usage_shell() {
     echo ""
 }
 
+# Output shutdown command usage information
+function usage_shutdown() {
+    echo "Usage: $(basename "$0") shutdown [OPTION...] PROJECT NAMESPACE"
+    echo "Shutdown a KCIDB installation in a Google Cloud project."
+    echo ""
+    echo "Options:"
+    echo ""
+    echo "    -h, --help"
+    echo "              Display this usage message and exit."
+    echo "    -v, --verbose"
+    echo "              Output the shutdown steps being executed."
+    echo "    -s, --sections=EXTGLOB"
+    echo "              Specify an extended shell glob matching the"
+    echo "              installation sections to limit shutdown to."
+    echo "              See output of \"$(basename "$0") list-sections\""
+    echo "              for a list of available sections."
+    echo "    --smtp-mocked"
+    echo "              The project being shut down uses a PubSub topic for"
+    echo "              receiving notification messages instead of the SMTP"
+    echo "              server"
+    echo "    --test"
+    echo "              The project being shut down has test resources"
+    echo "              deployed."
+    echo "    --submitter=NAME"
+    echo "              Specify a service account to shutdown submissions"
+    echo "              for. Repeat to add more submitters."
+    echo ""
+    echo "Positional arguments:"
+    echo ""
+    echo "    PROJECT   Google Cloud project ID, e.g. \"kernelci-production\"."
+    echo "    NAMESPACE Namespace for all objects, e.g. \"test\"."
+    echo ""
+}
+
 # Output withdraw command usage information
 function usage_withdraw() {
     echo "Usage: $(basename "$0") withdraw [OPTION...] PROJECT NAMESPACE"
@@ -721,9 +770,9 @@ function execute() {
     declare getopt_shortopts="h"
     declare getopt_longopts="help"
 
-    if [[ $command == @(deploy|env|shell|withdraw) ]]; then
+    if [[ $command == @(deploy|env|shell|shutdown|withdraw) ]]; then
         getopt_longopts+=",smtp-mocked,test"
-        if [[ $command == @(deploy|withdraw) ]]; then
+        if [[ $command == @(deploy|shutdown|withdraw) ]]; then
             getopt_shortopts+="vs:"
             getopt_longopts+=",verbose,sections:,submitter:"
         fi

diff --git a/kcidb/cloud/cost-mon b/kcidb/cloud/cost-mon
diff --git a/kcidb/cloud/function.sh b/kcidb/cloud/function.sh
@@ -40,6 +40,18 @@ function function_delete()
     fi
 }
 
+# Shutdown a Cloud Function if it exists
+# Args: sections project prefix name
+function function_shutdown() {
+    declare -r sections="$1"; shift
+    declare -r project="$1"; shift
+    declare -r prefix="$1"; shift
+    declare -r name="$1"; shift
+    sections_run_explicit "$sections" \
+        "functions.$name" shutdown \
+        function_delete --quiet --project="$project" "${prefix}${name}"
+}
+
 # Delete a Cloud Function if it exists
 # Args: sections project prefix name
 function function_withdraw() {

diff --git a/kcidb/cloud/functions.sh b/kcidb/cloud/functions.sh
@@ -234,29 +234,45 @@ function functions_deploy() {
     rm "$env_yaml_file"
 }
 
-# Withdraw Cloud Functions
-# Args: --sections=GLOB --project=NAME --prefix=PREFIX
+# Withdraw or shutdown Cloud Functions
+# Args: action
+#       --sections=GLOB --project=NAME --prefix=PREFIX
 #       --cache-redirect-function-name=NAME
-function functions_withdraw() {
+function _functions_withdraw_or_shutdown() {
+    declare -r action="$1"; shift
     declare params
     params="$(getopt_vars sections project prefix \
                           cache_redirect_function_name \
                           -- "$@")"
     eval "$params"
-    function_withdraw "$sections" "$project" "$prefix" \
-                      purge_db
-    function_withdraw "$sections" "$project" "$prefix" \
-                      pick_notifications
-    function_withdraw "$sections" "$project" "$prefix" \
-                      send_notification
-    function_withdraw "$sections" "$project" "$prefix" \
-                      spool_notifications
-    function_withdraw "$sections" "$project" "$prefix" \
-                      "$cache_redirect_function_name"
-    function_withdraw "$sections" "$project" "$prefix" \
-                      cache_urls
-    function_withdraw "$sections" "$project" "$prefix" \
-                      load_queue
+    "function_$action" "$sections" "$project" "$prefix" \
+                       purge_db
+    "function_$action" "$sections" "$project" "$prefix" \
+                       pick_notifications
+    "function_$action" "$sections" "$project" "$prefix" \
+                       send_notification
+    "function_$action" "$sections" "$project" "$prefix" \
+                       spool_notifications
+    "function_$action" "$sections" "$project" "$prefix" \
+                       "$cache_redirect_function_name"
+    "function_$action" "$sections" "$project" "$prefix" \
+                       cache_urls
+    "function_$action" "$sections" "$project" "$prefix" \
+                       load_queue
+}
+
+# Shutdown Cloud Functions
+# Args: --sections=GLOB --project=NAME --prefix=PREFIX
+#       --cache-redirect-function-name=NAME
+function functions_shutdown() {
+    _functions_withdraw_or_shutdown shutdown "$@"
+}
+
+# Withdraw Cloud Functions
+# Args: --sections=GLOB --project=NAME --prefix=PREFIX
+#       --cache-redirect-function-name=NAME
+function functions_withdraw() {
+    _functions_withdraw_or_shutdown withdraw "$@"
 }
 
 fi # _FUNCTIONS_SH
diff --git a/kcidb/cloud/run.sh b/kcidb/cloud/run.sh
@@ -230,6 +230,20 @@ YAML_END
         roles/run.invoker
 }
 
+# Shutdown Run services.
+# Args: --project=ID
+#       --grafana-service=NAME
+function run_shutdown() {
+    declare params
+    params="$(getopt_vars project \
+                          grafana_service \
+                          -- "$@")"
+    eval "$params"
+    # Remove public access to Grafana
+    run_iam_policy_binding_withdraw "$project" "$grafana_service" \
+                                    allUsers roles/run.invoker
+}
+
 # Withdraw from Run.
 # Args: --project=ID
 #       --grafana-service=NAME

diff --git a/kcidb/cloud/sections.sh b/kcidb/cloud/sections.sh
@@ -56,7 +56,13 @@ function sections_run_explicit() {
     declare -r name="$1"; shift
     declare -r verb="$1"; shift
     declare -r command="$1"; shift
-    declare -r action="${verb}ing"
+    declare action
+
+    if [ "$verb" == "shutdown" ]; then
+        action="shutting down"
+    else
+        action="${verb}ing"
+    fi
 
     if ! [[ -v SECTIONS[$name] ]]; then
         echo "Unknown section name ${name@Q}" >&2

diff --git a/kcidb/cloud/submitters.sh b/kcidb/cloud/submitters.sh
@@ -28,4 +28,11 @@ function submitters_withdraw() {
     done
 }
 
+# Shutdown submitters
+# Args: project new_topic [submitter...]
+function submitters_shutdown() {
+    submitters_withdraw "$@"
+    # Deploying will add permissions again
+}
+
 fi # _SUBMITTERS_SH