Skip to content

Commit

Permalink
Merge pull request #208 from dargudear-google/master
Browse files Browse the repository at this point in the history 
Clean up secrets created during the tests.
  • Loading branch information
@k8s-ci-robot
k8s-ci-robot authored Nov 19, 2024
2 parents bc478df + 8773e62 commit 445d89e
Showing 1 changed file with 52 additions and 0 deletions.
52 changes: 52 additions & 0 deletions cmd/janitor/gcp_janitor.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -588,6 +588,51 @@ def clean_gke_cluster(project, age, filt):
return len(errs) > 0


def clean_secrets(project, age, filt):
"""Clean up secrets from Google secret manager"""
os.environ['CLOUDSDK_API_ENDPOINT_OVERRIDES_SECRETMANAGER'] = 'https://secretmanager.googleapis.com/'
cmd = [
'gcloud', 'secrets', 'list',
'--project=%s' % project,
'--format=json(name,createTime)'
]
log('running %s' % cmd)

output = ''
try:
output = subprocess.check_output(cmd)
except subprocess.CalledProcessError as exc:
# expected error
log('Cannot list secrets')
return 1

for item in json.loads(output):
log('secret info: %r' % item)
if 'name' not in item or 'createTime' not in item:
raise ValueError('name and createTime must be present: %r' % item)

# createTime in format '2024-10-16T07:22:22.119486Z'
# Only `024-10-16T07:22:22` this part is required.
item['createTime'] = item['createTime'].split('+')[0]
created = datetime.datetime.strptime(
item['createTime'][:19], '%Y-%m-%dT%H:%M:%S')
if created < age:
log('Found stale secret %r, created time = %r' %
(item['name'], item['createTime']))
delete = [
'gcloud', 'secrets', '-q', 'delete',
item['name'],
'--project=%s' % project,
]
try:
output = subprocess.check_output(delete)
except subprocess.CalledProcessError as exc:
# expected error
log('Cannot delete secret %r'%(item['name']))
continue
return 0


def activate_service_account(service_account):
print('[=== Activating service_account %s ===]' % service_account)
cmd = [
Expand Down Expand Up @@ -675,6 +720,13 @@ def main(project, days, hours, filt, rate_limit, service_account, additional_zon
err |= 1 # keep cleaning the other resource
print('Fail to clean up cluster from project %r' % project, file=sys.stderr)

# try to clean secrets created.
try:
err |= clean_secrets(project, age, filt)
except ValueError:
err |= 1 # keep cleaning the other resource
print('Fail to clean up secrets from project %r' % project, file=sys.stderr)

zones = BASE_ZONES + additional_zones
gkehub_apis = {'gkehub.googleapis.com', 'staging-gkehub.sandbox.googleapis.com', 'autopush-gkehub.sandbox.googleapis.com'}
for api, resources in RESOURCES_BY_API.items():
Expand Down

0 comments on commit 445d89e

Please sign in to comment.