Created
May 7, 2021 07:38
-
-
Save julienperon/a048603f50ffe092a952d39672357618 to your computer and use it in GitHub Desktop.
This shell tags all resources in a bucket. This is meant to be used at deploy time with cdk in conjunction with a life cycle policy to avoid keeping useless files.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| # This script manages a simple tagging lifecycle: current -> previous -> outdated. | |
| # It is meant to be used with a bucket lifecycle policy, in order to delete all outdated tags. | |
| # Why ? | |
| # The deployment bucket has to be cleaned regularly, otherwise it will become a mess. | |
| # However, having a simple lifecycle policy based on time is dangerous | |
| # Deleting old objects without a recent deployment can lead to deletion of currently used assets. | |
| # In case of error in the next deployment, the stack will try to rollback and will not find assets | |
| # This tagging policy is meant to avoid this issue. | |
| # export AWS_PROFILE=dev2 | |
| # Get all objects in path | |
| file=tmp.json | |
| aws s3api list-objects-v2 --bucket $DEPLOYMENT_BUCKET --prefix $DEPLOYMENT_PATH > $file | |
| # Check number of objects | |
| length=`jq '.Contents | length' $file` | |
| # If there is no element in the path, then exit without error | |
| if [[ $length == "1" ]]; then | |
| res=`jq -r '[.Contents[0]["Key"]]' $file | sed -n 2p | cut -d"\"" -f2` | |
| if [[ $res == "$DEPLOYMENT_PATH/" ]]; then | |
| echo "Nothing to tag" | |
| exit 0 | |
| fi | |
| fi | |
| # Get all s3 keys in the specified folder | |
| key_list=`jq -r '.Contents | keys[] as $k | "\(.[$k] | .Key)"' $file` | |
| for s3key in $key_list | |
| do | |
| # The key may be the folder itself, so ignore it | |
| if [[ $s3key == "$DEPLOYMENT_PATH/" ]]; then | |
| echo "Current key is the main folder" | |
| else | |
| tags=`aws s3api get-object-tagging --bucket $DEPLOYMENT_BUCKET --key $s3key` | |
| taglength=`jq '.TagSet | length' <<< $tags` | |
| # If there is no tag, admit this is the first deployment of the object: tag it. | |
| if [[ $taglength == "0" ]]; then | |
| aws s3api put-object-tagging --bucket $DEPLOYMENT_BUCKET --key $s3key --tagging '{"TagSet": [{ "Key": "status", "Value": "current" }]}' > /dev/null | |
| else | |
| # Iterate on each tag, because we don't know how many there are | |
| for index in $(seq 0 1 $taglength) | |
| do | |
| key=`jq -r '[.TagSet['$index']["Key"]]' <<< $tags | sed -n 2p | cut -d"\"" -f2` | |
| value=`jq -r '[.TagSet['$index']["Value"]]' <<< $tags | sed -n 2p | cut -d"\"" -f2` | |
| if [[ $key == "status" ]]; then | |
| if [[ $value == "current" ]]; then | |
| aws s3api put-object-tagging --bucket $DEPLOYMENT_BUCKET --key $s3key --tagging '{"TagSet": [{ "Key": "status", "Value": "previous" }]}' > /dev/null | |
| fi | |
| if [[ $value == "previous" ]]; then | |
| aws s3api put-object-tagging --bucket $DEPLOYMENT_BUCKET --key $s3key --tagging '{"TagSet": [{ "Key": "status", "Value": "outdated" }]}' > /dev/null | |
| fi | |
| fi | |
| done | |
| fi | |
| fi | |
| done |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment