generated from cybozu-go/neco-template
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathMakefile.dctest
169 lines (146 loc) · 6.56 KB
/
Makefile.dctest
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
GCP_PROJECT ?=
REGION := asia-northeast1
TEAM_NAME ?=
INSTANCE_NUM ?=
LOG_LEVEL ?= info
SERVICE_FUNCTION_ACCOUNT_NAME := auto-dctest-function
SERVICE_FUNCTION_ACCOUNT_EMAIL := $(SERVICE_FUNCTION_ACCOUNT_NAME)@$(GCP_PROJECT).iam.gserviceaccount.com
SERVICE_FUNCTION_ACCOUNT_DISPNAME := "For function to create/delete VM instance"
SERVICE_INSTANCE_ACCOUNT_NAME := auto-dctest-vminstance
SERVICE_INSTANCE_ACCOUNT_EMAIL := $(SERVICE_INSTANCE_ACCOUNT_NAME)@$(GCP_PROJECT).iam.gserviceaccount.com
SERVICE_INSTANCE_ACCOUNT_DISPNAME := "For VM instance to bootstrap neco/neco-apps"
TOPIC_NAME := auto-dctest-events
FUNCTION_NAME := auto-dctest
CREATING_SCHEDULER_PREFIX := create-dctest
CREATING_SCHEDULER_NAME := $(CREATING_SCHEDULER_PREFIX)-$(TEAM_NAME)
DELETING_SCHEDULER_NAME := delete-dctest
FORCE_DELETING_SCHEDULER_NAME := force-delete-dctest
init: \
enable-api \
create-function-service-account \
create-compute-service-account \
deploy-function \
create-deleting-scheduler \
create-force-deleting-scheduler
add-team: create-creating-scheduler
list-teams:
gcloud scheduler jobs list --project $(GCP_PROJECT) --filter "name:$(CREATING_SCHEDULER_PREFIX)"
delete-team: delete-creating-scheduler
clean: \
delete-function-service-account \
delete-compute-service-account \
delete-function \
delete-deleting-scheduler \
delete-force-deleting-scheduler
enable-api:
gcloud services enable --project $(GCP_PROJECT) iam.googleapis.com
gcloud services enable --project $(GCP_PROJECT) cloudfunctions.googleapis.com
gcloud services enable --project $(GCP_PROJECT) secretmanager.googleapis.com
gcloud services enable --project $(GCP_PROJECT) cloudscheduler.googleapis.com
gcloud services enable --project $(GCP_PROJECT) cloudbuild.googleapis.com
create-function-service-account:
gcloud iam service-accounts create $(SERVICE_FUNCTION_ACCOUNT_NAME) \
--project $(GCP_PROJECT) \
--display-name $(SERVICE_FUNCTION_ACCOUNT_DISPNAME)
gcloud projects add-iam-policy-binding $(GCP_PROJECT) \
--member=serviceAccount:$(SERVICE_FUNCTION_ACCOUNT_EMAIL) \
--role=roles/compute.instanceAdmin.v1
gcloud projects add-iam-policy-binding $(GCP_PROJECT) \
--member=serviceAccount:$(SERVICE_FUNCTION_ACCOUNT_EMAIL) \
--role=roles/iam.serviceAccountUser
delete-function-service-account:
gcloud --quiet projects remove-iam-policy-binding $(GCP_PROJECT) \
--member=serviceAccount:$(SERVICE_FUNCTION_ACCOUNT_EMAIL) \
--role=roles/compute.instanceAdmin.v1
gcloud --quiet projects remove-iam-policy-binding $(GCP_PROJECT) \
--member=serviceAccount:$(SERVICE_FUNCTION_ACCOUNT_EMAIL) \
--role=roles/iam.serviceAccountUser
gcloud --quiet iam service-accounts delete $(SERVICE_FUNCTION_ACCOUNT_EMAIL) --project $(GCP_PROJECT)
create-compute-service-account:
gcloud iam service-accounts create $(SERVICE_INSTANCE_ACCOUNT_NAME) \
--project $(GCP_PROJECT) \
--display-name $(SERVICE_INSTANCE_ACCOUNT_DISPNAME)
gcloud projects add-iam-policy-binding $(GCP_PROJECT) \
--member=serviceAccount:$(SERVICE_INSTANCE_ACCOUNT_EMAIL) \
--role=roles/compute.instanceAdmin.v1
gcloud projects add-iam-policy-binding $(GCP_PROJECT) \
--member=serviceAccount:$(SERVICE_INSTANCE_ACCOUNT_EMAIL) \
--role=roles/secretmanager.secretAccessor
gcloud projects add-iam-policy-binding $(GCP_PROJECT) \
--member=serviceAccount:$(SERVICE_INSTANCE_ACCOUNT_EMAIL) \
--role=roles/logging.logWriter
delete-compute-service-account:
gcloud --quiet projects remove-iam-policy-binding $(GCP_PROJECT) \
--member=serviceAccount:$(SERVICE_INSTANCE_ACCOUNT_EMAIL) \
--role=roles/compute.instanceAdmin.v1
gcloud --quiet projects remove-iam-policy-binding $(GCP_PROJECT) \
--member=serviceAccount:$(SERVICE_INSTANCE_ACCOUNT_EMAIL) \
--role=roles/secretmanager.secretAccessor
gcloud --quiet projects remove-iam-policy-binding $(GCP_PROJECT) \
--member=serviceAccount:$(SERVICE_INSTANCE_ACCOUNT_EMAIL) \
--role=roles/logging.logWriter
gcloud --quiet iam service-accounts delete $(SERVICE_INSTANCE_ACCOUNT_EMAIL) --project $(GCP_PROJECT)
deploy-function:
gcloud --quiet functions deploy $(FUNCTION_NAME) \
--no-gen2 \
--project $(GCP_PROJECT) \
--region $(REGION) \
--entry-point AutoDCTestEntryPoint \
--runtime go121 \
--trigger-topic $(TOPIC_NAME) \
--set-env-vars GCP_PROJECT=$(GCP_PROJECT),CYBOZU_LOG_LEVEL=$(LOG_LEVEL) \
--memory 128MiB \
--timeout 300s \
--service-account=$(SERVICE_FUNCTION_ACCOUNT_EMAIL)
delete-function:
gcloud --quiet functions delete $(FUNCTION_NAME) --project $(GCP_PROJECT) --region $(REGION)
gcloud --quiet pubsub topics delete $(TOPIC_NAME) --project $(GCP_PROJECT)
create-creating-scheduler:
if [ $(words $(TEAM_NAME)) -eq 0 ] || [ $(words $(INSTANCE_NUM)) -eq 0 ]; then \
echo "TEAM_NAME and/or INSTANCE_NUM are required."; \
exit 1; \
fi
gcloud scheduler jobs create pubsub $(CREATING_SCHEDULER_NAME) \
--project $(GCP_PROJECT) \
--schedule '*/30 9-12 * * 1-5' \
--topic $(TOPIC_NAME) \
--message-body '{"mode":"create", "namePrefix":"$(TEAM_NAME)", "num":$(INSTANCE_NUM)}' \
--time-zone 'Asia/Tokyo' \
--description 'automatically create dctest instance'
delete-creating-scheduler:
if [ $(words $(TEAM_NAME)) -eq 0 ]; then \
echo "TEAM_NAME is required."; \
exit 1; \
fi
gcloud --quiet scheduler jobs delete $(CREATING_SCHEDULER_NAME) --project $(GCP_PROJECT)
create-deleting-scheduler:
gcloud scheduler jobs create pubsub $(DELETING_SCHEDULER_NAME) \
--project $(GCP_PROJECT) \
--schedule '0 20 * * *' \
--topic $(TOPIC_NAME) \
--message-body '{"mode":"delete", "doForce":false}' \
--time-zone 'Asia/Tokyo' \
--description 'automatically delete dctest instances except for ones with skip-auto-delete label'
delete-deleting-scheduler:
gcloud --quiet scheduler jobs delete $(DELETING_SCHEDULER_NAME) --project $(GCP_PROJECT)
create-force-deleting-scheduler:
gcloud scheduler jobs create pubsub $(FORCE_DELETING_SCHEDULER_NAME) \
--project $(GCP_PROJECT) \
--schedule '0 23 * * *' \
--topic $(TOPIC_NAME) \
--message-body '{"mode":"delete", "doForce":true}' \
--time-zone 'Asia/Tokyo' \
--description 'automatically delete dctest all instances'
delete-force-deleting-scheduler:
gcloud --quiet scheduler jobs delete $(FORCE_DELETING_SCHEDULER_NAME) --project $(GCP_PROJECT)
.PHONY: \
init \
add-team list-teams delete-team \
clean \
enable-api \
create-function-service-account delete-function-service-account \
create-compute-service-account delete-compute-service-account \
deploy-function delete-function \
create-creating-scheduler delete-creating-scheduler \
create-deleting-scheduler delete-deleting-scheduler \
create-force-deleting-scheduler delete-force-deleting-scheduler