[Buildkite] Enable delete redshift clusters with dry_run false

.buildkite/hooks/pre-command

@@ -7,7 +7,8 @@ GO_VERSION=$(cat .go-version)
 export GO_VERSION
 
 export SERVERLESS=${SERVERLESS:-"false"}
-export WORKSPACE=$(pwd)
+WORKSPACE=$(pwd)
+export WORKSPACE
 
 
 GCP_SERVICE_ACCOUNT_SECRET_PATH=secret/ci/elastic-elastic-package/gcp-service-account

.buildkite/pipeline.cloud-cleanup.yml

@@ -30,7 +30,7 @@ steps:
  command: ".buildkite/scripts/cloud-cleanup.sh"
  env:
  RESOURCE_RETENTION_PERIOD: "24 hours"
- DRY_RUN: "true"
+ DRY_RUN: "${DRY_RUN:-true}"
  agents:
  provider: "gcp" # this step requires docker
 

.buildkite/scripts/cloud-cleanup.sh

@@ -2,10 +2,24 @@
 
 source .buildkite/scripts/install_deps.sh
 
+cleanup_cloud_stale() {
+ local exit_code=$?
+
+ cd "$WORKSPACE"
+ rm -f "${AWS_RESOURCES_FILE}"
+ rm -f "${GCP_RESOURCES_FILE}"
+ rm -f "${AWS_REDSHIFT_RESOURCES_FILE}"
+
+ exit "$exit_code"
+}
+
+trap cleanup_cloud_stale EXIT
+
 set -euo pipefail
 
 AWS_RESOURCES_FILE="aws.resources.txt"
 GCP_RESOURCES_FILE="gcp.resources.txt"
+AWS_REDSHIFT_RESOURCES_FILE="redshift_clusters.json"
 
 RESOURCE_RETENTION_PERIOD="${RESOURCE_RETENTION_PERIOD:-"24 hours"}"
 DELETE_RESOURCES_BEFORE_DATE=$(date -Is -d "${RESOURCE_RETENTION_PERIOD} ago")
@@ -19,7 +33,9 @@ resources_to_delete=0
 
 COMMAND="validate"
 if [[ "${DRY_RUN}" != "true" ]]; then
- COMMAND="plan" # TODO: to be changed to "destroy --confirm"
+ # TODO: to be changed to "destroy --confirm" once it can be tested
+ # that filters work as expected
+ COMMAND="plan"
 else
  COMMAND="plan"
 fi
@@ -120,16 +136,19 @@ with_aws_cli
 export AWS_ACCESS_KEY_ID="${ELASTIC_PACKAGE_AWS_ACCESS_KEY}"
 export AWS_SECRET_ACCESS_KEY="${ELASTIC_PACKAGE_AWS_SECRET_KEY}"
 export AWS_DEFAULT_REGION=us-east-1
+# Avoid to send the output of the CLI to a pager
+export AWS_PAGER=""
 
 echo "--- Checking if any Redshift cluster still created"
 aws redshift describe-clusters \
  --tag-keys "environment" \
- --tag-values "ci" > redshift_clusters.json
+ --tag-values "ci" > "${AWS_REDSHIFT_RESOURCES_FILE}"
 
-clusters_num=$(jq -rc '.Clusters | length' redshift_clusters.json)
+clusters_num=$(jq -rc '.Clusters | length' "${AWS_REDSHIFT_RESOURCES_FILE}")
 
 echo "Number of clusters found: ${clusters_num}"
 
+redshift_clusters_to_delete=0
 while read -r i ; do
  identifier=$(echo "$i" | jq -rc ".ClusterIdentifier")
  # tags
@@ -161,18 +180,37 @@ while read -r i ; do
  fi
 
  echo "To be deleted cluster: $identifier. It was created > ${RESOURCE_RETENTION_PERIOD} ago"
- resources_to_delete=1
- if [ "${DRY_RUN}" == "false" ]; then
- echo "Deleting: $identifier. It was created > ${RESOURCE_RETENTION_PERIOD} ago"
- # This command has not been tested
- # aws redshift delete-cluster \
- # --cluster-identifier "${identifier}" \
- # --skip-final-cluster-snapshot
+ if [ "${DRY_RUN}" != "false" ]; then
+ redshift_clusters_to_delete=1
+ continue
+ fi
+
+ echo "Deleting: $identifier. It was created > ${RESOURCE_RETENTION_PERIOD} ago"
+ if ! aws redshift delete-cluster \
+ --cluster-identifier "${identifier}" \
+ --skip-final-cluster-snapshot \
+ --output json \
+ --query "Cluster.{ClusterStatus:ClusterStatus,ClusterIdentifier:ClusterIdentifier}" ; then
+
+ echo "Failed delete-cluster"
+ buildkite-agent annotate \
+ "Deleted redshift cluster: ${identifier}" \
+ --context "ctx-aws-readshift-deleted-error-${identifier}" \
+ --style "error"
+
+ redshift_clusters_to_delete=1
+ else
  echo "Done."
+ # if deletion works, no need to mark this one as to be deleted
+ buildkite-agent annotate \
+ "Deleted redshift cluster: ${identifier}" \
+ --context "ctx-aws-readshift-deleted-${identifier}" \
+ --style "success"
  fi
-done <<< "$(jq -c '.Clusters[]' redshift_clusters.json)"
+done <<< "$(jq -c '.Clusters[]' "${AWS_REDSHIFT_RESOURCES_FILE}")"
 
-if [ "${resources_to_delete}" -eq 1 ]; then
+if [ "${redshift_clusters_to_delete}" -eq 1 ]; then
+ resources_to_delete=1
  message="There are redshift resources to be deleted"
  echo "${message}"
  if running_on_buildkite ; then

.buildkite/scripts/release.sh

@@ -8,7 +8,7 @@ set -euo pipefail
 cleanup_binaries() {
  rm -rf "${WORKSPACE}"
 }
-trap cleanup_binaries exit
+trap cleanup_binaries EXIT
 
 export WORKSPACE="/tmp/bin-buildkite/"
 

catalog-info.yaml

@@ -153,7 +153,7 @@ spec:
  ingest-fp:
  access_level: MANAGE_BUILD_AND_READ
  everyone:
- access_level: BUILD_AND_READ
+ access_level: READ_ONLY
 
 ---
 # yaml-language-server: $schema=https://gist.githubusercontent.com/elasticmachine/988b80dae436cafea07d9a4a460a011d/raw/e57ee3bed7a6f73077a3f55a38e76e40ec87a7cf/rre.schema.json