Reworked Go func to del old projects

* Fix #GoogleCloudPlatform/cloud-foundation-toolkit#400
terraform-google-modules · Nov 5, 2019 · 224aa71 · 224aa71
1 parent a9db806
commit 224aa71
Show file tree

Hide file tree

Showing 4 changed files with 60 additions and 17 deletions.
diff --git a/modules/project_cleanup/README.md b/modules/project_cleanup/README.md
@@ -1,6 +1,6 @@
 # Old Project Cleanup Utility Module
 
-This module schedules a job to clean up GCP projects older than a specified length of time, that match a particular key-value pair. This job runs every 5 minutes via Google Cloud Scheduled Functions. Please see the [utility's readme](./function_source/README.md) for more information as to its operation and configuration.
+This module schedules a job to clean up GCP projects older than a specified length of time, that match a particular labels. This job runs every 5 minutes via Google Cloud Scheduled Functions. Please see the [utility's readme](./function_source/README.md) for more information as to its operation and configuration.
 
 ## Requirements
 
@@ -21,12 +21,17 @@ The following services must be enabled on the project housing the cleanup functi
 
 | Name | Description | Type | Default | Required |
 |------|-------------|:----:|:-----:|:-----:|
+| job\_schedule | Cleaner function run frequency, in cron syntax | string | `"*/5 * * * *"` | no |
 | max\_project\_age\_in\_hours | The maximum number of hours that a GCP project, selected by `target_tag_name` and `target_tag_value`, can exist | number | `"6"` | no |
 | organization\_id | The organization ID whose projects to clean up | string | n/a | yes |
 | project\_id | The project ID to host the scheduled function in | string | n/a | yes |
 | region | The region the project is in (App Engine specific) | string | n/a | yes |
-| target\_tag\_name | The name of a tag to filter GCP projects on for consideration by the cleanup utility | string | `"cft-ephemeral"` | no |
-| target\_tag\_value | The value of a tag to filter GCP projects on for consideration by the cleanup utility | string | `"true"` | no |
+| target\_excluded\_labels | Map of project lablels that won't be deleted. | map(string) | `<map>` | no |
+| target\_folder\_id | Folder ID to delete all projects under. | string | `""` | no |
+| target\_included\_labels | Map of project lablels that will be deleted. | map(string) | `<map>` | no |
+| target\_tag\_name | The name of a tag to filter GCP projects on for consideration by the cleanup utility (legacy, use `target_included_labels` map instead). | string | `""` | no |
+| target\_tag\_value | The value of a tag to filter GCP projects on for consideration by the cleanup utility (legacy, use `target_included_labels` map instead). | string | `""` | no |
+| topic\_name | Name of pubsub topic connecting the scheduled projects cleanup function | string | `"pubsub_scheduled_project_cleaner"` | no |
 
 ## Outputs
 

diff --git a/modules/project_cleanup/function_source/README.md b/modules/project_cleanup/function_source/README.md
@@ -3,7 +3,9 @@
 This is a simple utility that scans a GCP organization for projects matching certain criteria, and enqueues such projects for deletion. Currently supported criteria are the combination of:
 
 - **Age:** Only projects older than the configured age, in hours, will be marked for deletion.
-- **Key-Value Pair:** Only projects whose labels contain the provided key-value pair will be marked for deletion.
+- **Key-Value Pair Include:** Only projects whose labels contain the provided key-value pair will be marked for deletion.
+- **Key-Value Pair Exclude:** Projects whose labels contain the provided key-value pair won't be marked for deletion.
+- **Folder ID:** Only projects under this Folder ID will be recursively marked for deletion.
 
 Both of these criteria must be met for a project to be deleted.
 
@@ -13,9 +15,10 @@ The following environment variables may be specified to configure the cleanup ut
 
 | Name | Description | Type | Default | Required |
 |------|-------------|:----:|:-----:|:-----:|
-| `TARGET_TAG_NAME` | The tag name to match on for identifying projects to delete | string | n/a | yes |
-| `TARGET_TAG_VALUE` | The tag value to match on for identifying projects to delete | string | n/a | yes |
-| `MAX_PROJECT_AGE_HOURS` | The project age, in hours, at which point deletion should be considered | integer | n/a | yes |
+| `TARGET_EXCLUDED_LABELS` | Labels to match on for identifying projects to avoid deletion | string | n/a | no |
+| `TARGET_FOLDER_ID` | Folder ID to delete prjojects under | string | n/a | yes |
+| `TARGET_INCLUDED_LABELS` | Labels to match on for identifying projects to delete | string | n/a | no |
+| `MAX_PROJECT_AGE_HOURS` | The project age, in hours, at which point deletion should be considered | integer | n/a | no |
 
 ## Required Permissions
 

diff --git a/modules/project_cleanup/main.tf b/modules/project_cleanup/main.tf
@@ -14,6 +14,10 @@
  * limitations under the License.
  */
 
+locals {
+  target_included_labels = var.target_tag_name != "" && var.target_tag_value != "" ? merge({ "${var.target_tag_name}" = "${var.target_tag_value}" }, var.target_included_labels) : var.target_included_labels
+}
+
 resource "google_service_account" "project_cleaner_function" {
   project      = var.project_id
   account_id   = "project-cleaner-function"
@@ -30,20 +34,21 @@ module "scheduled_project_cleaner" {
   source                         = "../../"
   project_id                     = var.project_id
   job_name                       = "project-cleaner"
-  job_schedule                   = "*/5 * * * *"
+  job_schedule                   = var.job_schedule
   function_entry_point           = "CleanUpProjects"
   function_source_directory      = "${path.module}/function_source"
   function_name                  = "old-project-cleaner"
   region                         = var.region
-  topic_name                     = "pubsub_scheduled_project_cleaner"
+  topic_name                     = var.topic_name
   function_available_memory_mb   = 128
   function_description           = "Clean up GCP projects older than ${var.max_project_age_in_hours} hours matching particular tags"
   function_runtime               = "go111"
-  function_service_account_email = "${google_service_account.project_cleaner_function.email}"
+  function_service_account_email = google_service_account.project_cleaner_function.email
 
   function_environment_variables = {
-    TARGET_TAG_NAME       = var.target_tag_name
-    TARGET_TAG_VALUE      = var.target_tag_value
-    MAX_PROJECT_AGE_HOURS = var.max_project_age_in_hours
+    TARGET_EXCLUDED_LABELS = jsonencode(var.target_excluded_labels)
+    TARGET_FOLDER_ID       = var.target_folder_id
+    TARGET_INCLUDED_LABELS = jsonencode(local.target_included_labels)
+    MAX_PROJECT_AGE_HOURS  = var.max_project_age_in_hours
   }
 }
diff --git a/modules/project_cleanup/variables.tf b/modules/project_cleanup/variables.tf
@@ -29,20 +29,50 @@ variable "region" {
   description = "The region the project is in (App Engine specific)"
 }
 
+variable "job_schedule" {
+  type        = string
+  description = "Cleaner function run frequency, in cron syntax"
+  default     = "*/5 * * * *"
+}
+
+variable "topic_name" {
+  type        = string
+  description = "Name of pubsub topic connecting the scheduled projects cleanup function"
+  default     = "pubsub_scheduled_project_cleaner"
+}
+
 variable "target_tag_name" {
   type        = string
-  description = "The name of a tag to filter GCP projects on for consideration by the cleanup utility"
-  default     = "cft-ephemeral"
+  description = "The name of a tag to filter GCP projects on for consideration by the cleanup utility (legacy, use `target_included_labels` map instead)."
+  default     = ""
 }
 
 variable "target_tag_value" {
   type        = string
-  description = "The value of a tag to filter GCP projects on for consideration by the cleanup utility"
-  default     = "true"
+  description = "The value of a tag to filter GCP projects on for consideration by the cleanup utility (legacy, use `target_included_labels` map instead)."
+  default     = ""
 }
 
 variable "max_project_age_in_hours" {
   type        = number
   description = "The maximum number of hours that a GCP project, selected by `target_tag_name` and `target_tag_value`, can exist"
   default     = 6
 }
+
+variable "target_excluded_labels" {
+  type        = map(string)
+  description = "Map of project lablels that won't be deleted."
+  default     = {}
+}
+
+variable "target_included_labels" {
+  type        = map(string)
+  description = "Map of project lablels that will be deleted."
+  default     = {}
+}
+
+variable "target_folder_id" {
+  type        = string
+  description = "Folder ID to delete all projects under."
+  default     = ""
+}