Skip to content

Commit

Permalink
Add leftovers cleanup to prevent leaking terraform environments
Browse files Browse the repository at this point in the history
nader-ziada committed Nov 22, 2024
1 parent 24f3ced commit bbf6f76
Showing 4 changed files with 62 additions and 14 deletions.
33 changes: 19 additions & 14 deletions ci/assets/terraform/template.tf
Original file line number Diff line number Diff line change
@@ -14,22 +14,27 @@ provider "aws" {
region = var.region
}

variable "resource_prefix" {
type = string
default = "awscpi"
}

data "aws_availability_zones" "available" {}

# Create a VPC to launch our instances into
resource "aws_vpc" "default" {
assign_generated_ipv6_cidr_block = true
cidr_block = "10.0.0.0/16"
tags = {
Name = var.env_name
Name = "${var.resource_prefix}-${var.env_name}"
}
}

# Create an internet gateway to give our subnet access to the outside world
resource "aws_internet_gateway" "default" {
vpc_id = aws_vpc.default.id
tags = {
Name = var.env_name
Name = "${var.resource_prefix}-${var.env_name}"
}
}

@@ -41,7 +46,7 @@ resource "aws_route_table" "default" {
}

tags = {
Name = var.env_name
Name = "${var.resource_prefix}-${var.env_name}"
}
}

@@ -68,7 +73,7 @@ resource "aws_subnet" "default" {
availability_zone = data.aws_availability_zones.available.names[0]

tags = {
Name = var.env_name
Name = "${var.resource_prefix}-${var.env_name}"
}

map_public_ip_on_launch = true
@@ -82,7 +87,7 @@ resource "aws_subnet" "backup" {
availability_zone = data.aws_availability_zones.available.names[1]

tags = {
Name = var.env_name
Name = "${var.resource_prefix}-${var.env_name}"
}
}

@@ -94,7 +99,7 @@ resource "aws_subnet" "manual" {
availability_zone = data.aws_availability_zones.available.names[0]

tags = {
Name = var.env_name
Name = "${var.resource_prefix}-${var.env_name}"
}

map_public_ip_on_launch = true
@@ -127,13 +132,13 @@ resource "aws_network_acl" "allow_all" {
}

tags = {
Name = var.env_name
Name = "${var.resource_prefix}-${var.env_name}"
}
}

resource "aws_security_group" "allow_all" {
vpc_id = aws_vpc.default.id
name = "allow_all-${var.env_name}"
name = "allow_all-${var.resource_prefix}-${var.env_name}"
description = "Allow all inbound and outgoing traffic"

ingress {
@@ -153,7 +158,7 @@ resource "aws_security_group" "allow_all" {
}

tags = {
Name = var.env_name
Name = "${var.resource_prefix}-${var.env_name}"
}
}

@@ -177,7 +182,7 @@ resource "aws_elb" "default" {
subnets = [aws_subnet.default.id]

tags = {
Name = var.env_name
Name = "${var.resource_prefix}-${var.env_name}"
}
}

@@ -189,12 +194,12 @@ resource "aws_alb" "default" {
]

tags = {
Name = var.env_name
Name = "${var.resource_prefix}-${var.env_name}"
}
}

resource "aws_alb_target_group" "default" {
name = var.env_name
name = "${var.resource_prefix}-${var.env_name}"
port = "80"
protocol = "HTTP"
vpc_id = aws_vpc.default.id
@@ -206,7 +211,7 @@ resource "aws_alb_target_group" "default" {
}

tags = {
Name = var.env_name
Name = "${var.resource_prefix}-${var.env_name}"
}
}

@@ -229,7 +234,7 @@ resource "aws_vpc_endpoint" "private-s3" {
}

resource "aws_s3_bucket" "blobstore" {
bucket = "cpi-pipeline-blobstore-${var.env_name}-${var.region}"
bucket = "cpi-pipeline-blobstore-${var.resource_prefix}-${var.env_name}-${var.region}"
force_destroy = true
}

20 changes: 20 additions & 0 deletions ci/pipeline.yml
Original file line number Diff line number Diff line change
@@ -322,6 +322,21 @@ jobs:
params:
file: release_metadata/empty-file

- name: cleanup-leftover-environments
plan:
- in_parallel:
- get: bosh-integration-image
- get: bosh-cpi-src-in
- get: daily
trigger: true
- task: cleanup-leftover-environments
file: bosh-cpi-src-in/ci/tasks/cleanup-leftover-environments.yml
image: bosh-integration-image
params:
BBL_AWS_ACCESS_KEY_ID: ((aws-admin.username))
BBL_AWS_SECRET_ACCESS_KEY: ((aws-admin.password))
BBL_AWS_REGION: us-west-1

- name: bump-deps
plan:
- in_parallel:
@@ -468,6 +483,7 @@ resources:
secret_key: ((aws-admin.password))
region: us-west-1
public_key: ((integration_vm_keypair.public_key))
resource_prefix: awscpi
- name: pipelines
type: git
source:
@@ -525,3 +541,7 @@ resources:
stop: 4:30 -0700
days: [ Saturday ]
initial_version: true
- name: daily
type: time
source:
interval: 24
7 changes: 7 additions & 0 deletions ci/tasks/cleanup-leftover-environments.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
#!/usr/bin/env bash

set -eux -o pipefail

GOBIN=/usr/local/bin/ go install github.com/genevieve/leftovers/cmd/leftovers@latest

leftovers -n -i aws -f awscpi
16 changes: 16 additions & 0 deletions ci/tasks/cleanup-leftover-environments.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
---
platform: linux
image_resource:
type: docker-image
source: {repository: bosh/integration}

inputs:
- name: bosh-cpi-src-in

run:
path: bosh-cpi-src-in/ci/tasks/cleanup-leftover-environments.sh

params:
BBL_AWS_ACCESS_KEY_ID: ""
BBL_AWS_SECRET_ACCESS_KEY: ""
BBL_AWS_REGION: us-west-1

0 comments on commit bbf6f76

Please sign in to comment.