-
Notifications
You must be signed in to change notification settings - Fork 16
/
run_terminate_codebuild_common.py
executable file
·106 lines (74 loc) · 3.3 KB
/
run_terminate_codebuild_common.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
#!/usr/bin/env python3.12
import json
from run_common import AWSCli
from run_common import print_message
def terminate_all_notification_rule(aws_cli, name, settings):
aws_region = settings['AWS_REGION']
account_id = aws_cli.get_caller_account_id()
project_arn = f'arn:aws:codebuild:{aws_region}:{account_id}:project/{name}'
cmd = ['codestar-notifications', 'list-notification-rules']
tt = dict()
tt['Name'] = 'RESOURCE'
tt['Value'] = project_arn
cmd += ['--filters', json.dumps([tt])]
result = aws_cli.run(cmd)
for oo in result['NotificationRules']:
cmd = ['codestar-notifications', 'delete-notification-rule']
cmd += ['--arn', oo['Arn']]
aws_cli.run(cmd, ignore_error=True)
def terminate_all_iam_role_and_policy(aws_cli, name, settings):
aws_region = settings['AWS_REGION']
account_id = aws_cli.get_caller_account_id()
pa_list = list()
policy_name = f'CodeBuildBasePolicy-{name}-{aws_region}'
policy_arn = f'arn:aws:iam::{account_id}:policy/service-role/{policy_name}'
pa_list.append(policy_arn)
policy_name = f'CodeBuildManagedSecretPolicy-{name}-{aws_region}'
policy_arn = f'arn:aws:iam::{account_id}:policy/service-role/{policy_name}'
pa_list.append(policy_arn)
policy_name = f'CodeBuildImageRepositoryPolicy-{name}-{aws_region}'
policy_arn = f'arn:aws:iam::{account_id}:policy/service-role/{policy_name}'
pa_list.append(policy_arn)
policy_name = f'CodeBuildVpcPolicy-{name}-{aws_region}'
policy_arn = f'arn:aws:iam::{account_id}:policy/service-role/{policy_name}'
pa_list.append(policy_arn)
policy_name = f'codebuild-{name}-cron-policy'
policy_arn = f'arn:aws:iam::{account_id}:policy/service-role/{policy_name}'
pa_list.append(policy_arn)
for pa in pa_list:
print_message(f'detach iam policy: {pa}')
cmd = ['iam', 'detach-role-policy']
cmd += ['--role-name', f'codebuild-{name}-service-role']
cmd += ['--policy-arn', pa]
aws_cli.run(cmd, ignore_error=True)
cmd = ['iam', 'detach-role-policy']
cmd += ['--role-name', f'codebuild-{name}-cron-role']
cmd += ['--policy-arn', pa]
aws_cli.run(cmd, ignore_error=True)
print_message(f'delete iam policy: {pa}')
cmd = ['iam', 'delete-policy']
cmd += ['--policy-arn', pa]
aws_cli.run(cmd, ignore_error=True)
rn_list = list()
rn_list.append(f'codebuild-{name}-service-role')
rn_list.append(f'codebuild-{name}-cron-role')
for rn in rn_list:
print_message(f'delete iam role: {rn}')
cmd = ['iam', 'delete-role']
cmd += ['--role-name', rn]
aws_cli.run(cmd, ignore_error=True)
def run_terminate_vpc_project(name, settings):
aws_region = settings['AWS_REGION']
print_message(f'delete vpc project: {name}')
aws_cli = AWSCli(aws_region)
cmd = ['codebuild', 'delete-project']
cmd += ['--name', name]
aws_cli.run(cmd, ignore_error=True)
cmd = ['ssm', 'get-parameters-by-path']
cmd += ['--path', '/CodeBuild/%s' % name]
result = aws_cli.run(cmd)
for rr in result.get('Parameters', list()):
cmd = ['ssm', 'delete-parameter']
cmd += ['--name', rr['Name']]
aws_cli.run(cmd, ignore_error=True)
terminate_all_iam_role_and_policy(aws_cli, name, settings)