mirrors/nomulus
1
0
Fork 0
mirror of https://github.com/google/nomulus synced 2025-12-23 06:15:42 +00:00
Code Issues Releases Wiki Activity

Convert gsutil to gcloud storage (#2670)

Browse Source 
Use of gsutil is discouraged / deprecated, see https://cloud.google.com/storage/docs/gsutil
This commit is contained in:
gbrodman
2025-02-07 16:01:19 -05:00
committed by GitHub
parent a63812160e
commit 34103ec815
13 changed files with 56 additions and 56 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
docs/operational-procedures/brda-deposits.md
View File

@@ -61,7 +61,7 @@ $ mkdir /tmp/brda.$$; for date in 2015-02-26 2015-03-05; \
* Store the generated files to the GCS bucket. * Store the generated files to the GCS bucket.
```shell ```shell
$ gsutil -m cp /tmp/brda.$$/*.{ryde,sig} gs://{PROJECT-ID}-icann-brda/` $ gcloud storage cp /tmp/brda.$$/*.{ryde,sig} gs://{PROJECT-ID}-icann-brda/`
``` ```
* Mirror the files in the GCS bucket to the sFTP server. * Mirror the files in the GCS bucket to the sFTP server.

8
docs/operational-procedures/rde-deposits.md
View File

@@ -99,12 +99,12 @@ that no cooldown period is necessary.
## Listing deposits in Cloud Storage ## Listing deposits in Cloud Storage
You can list the files in Cloud Storage for a given TLD using the gsutil tool. You can list the files in Cloud Storage for a given TLD using the gcloud storage tool.
All files are stored in the {PROJECT-ID}-rde bucket, where {PROJECT-ID} is the All files are stored in the {PROJECT-ID}-rde bucket, where {PROJECT-ID} is the
name of the App Engine project for the particular environment you are checking. name of the App Engine project for the particular environment you are checking.
```shell ```shell
$ gsutil ls gs://{PROJECT-ID}-rde/zip_2015-05-16* $ gcloud storage ls gs://{PROJECT-ID}-rde/zip_2015-05-16*
gs://{PROJECT-ID}-rde/zip_2015-05-16-report.xml.ghostryde gs://{PROJECT-ID}-rde/zip_2015-05-16-report.xml.ghostryde
gs://{PROJECT-ID}-rde/zip_2015-05-16.xml.ghostryde gs://{PROJECT-ID}-rde/zip_2015-05-16.xml.ghostryde
gs://{PROJECT-ID}-rde/zip_2015-05-16.xml.length gs://{PROJECT-ID}-rde/zip_2015-05-16.xml.length
@@ -167,7 +167,7 @@ Sometimes you'll want to take a peek at the contents of a deposit that's been
staged to cloud storage. Use this command: staged to cloud storage. Use this command:
```shell ```shell
$ gsutil cat gs://{PROJECT-ID}-rde/foo.ghostryde | nomulus -e production ghostryde --decrypt | less $ gcloud storage cat gs://{PROJECT-ID}-rde/foo.ghostryde | nomulus -e production ghostryde --decrypt | less
``` ```
## Identifying which phase of the process failed ## Identifying which phase of the process failed
@@ -242,7 +242,7 @@ $ nomulus -e production ghostryde --encrypt \
# 3. Copy to Cloud Storage so RdeUploadTask can find them. # 3. Copy to Cloud Storage so RdeUploadTask can find them.
$ gsutil cp ${tld}_${date}_full_S1_R0{,-report}.xml.ghostryde gs://{PROJECT-ID}-rde/ $ gcloud storage cp ${tld}_${date}_full_S1_R0{,-report}.xml.ghostryde gs://{PROJECT-ID}-rde/
``` ```
## Updating an RDE cursor ## Updating an RDE cursor

27
docs/proxy-setup.md
View File

@@ -29,12 +29,11 @@ service like [Spinnaker](https://www.spinnaker.io/) for release management.
## Detailed Instruction ## Detailed Instruction
We use [`gcloud`](https://cloud.google.com/sdk/gcloud/) and We use [`gcloud`](https://cloud.google.com/sdk/gcloud/) and
[`terraform`](https://terraform.io) to configure the proxy project on GCP. We [`terraform`](https://terraform.io) to configure the proxy project on GCP and to create a GCS
use [`kubectl`](https://kubernetes.io/docs/tasks/tools/install-kubectl/) to bucket for storing the terraform state file. We use
deploy the proxy to the project. Additionally, [`kubectl`](https://kubernetes.io/docs/tasks/tools/install-kubectl/) to deploy
[`gsutil`](https://cloud.google.com/storage/docs/gsutil) is used to create GCS the proxy to the project. These instructions assume that all three tools are
bucket for storing the terraform state file. These instructions assume that all installed.
four tools are installed.
### Setup GCP project ### Setup GCP project
@@ -59,8 +58,8 @@ environment.
In the proxy project, create a GCS bucket to store the terraform state file: In the proxy project, create a GCS bucket to store the terraform state file:
```bash ```bash
$ gsutil config # only if you haven't run gsutil before. $ gcloud auth login # only if you haven't run gcloud before.
$ gsutil mb -p <proxy-project> gs://<bucket-name>/ $ gcloud storage buckets create gs://<bucket-name>/ --project <proxy-project>
``` ```
### Obtain a domain and SSL certificate ### Obtain a domain and SSL certificate
@@ -185,7 +184,7 @@ This encrypted file is then uploaded to a GCS bucket specified in the
`config.tf` file. `config.tf` file.
```bash ```bash
$ gsutil cp <combined_secret.pem.enc> gs://<your-certificate-bucket> $ gcloud storage cp <combined_secret.pem.enc> gs://<your-certificate-bucket>
``` ```
### Edit proxy config file ### Edit proxy config file
@@ -379,8 +378,8 @@ A file named `ssl-cert-key.pem.enc` will be created. Upload it to a GCS bucket
in the proxy project. To create a bucket and upload the file: in the proxy project. To create a bucket and upload the file:
```bash ```bash
$ gsutil mb -p <proxy-project> gs://<bucket-name> $ gcloud storage buckets create gs://<bucket-name> --project <proxy-project>
$ gustil cp ssl-cert-key.pem.enc gs://<bucket-name> $ gcloud storage cp ssl-cert-key.pem.enc gs://<bucket-name>
``` ```
The proxy service account needs the "Cloud KMS CryptoKey Decrypter" role to The proxy service account needs the "Cloud KMS CryptoKey Decrypter" role to
@@ -396,9 +395,9 @@ The service account also needs the "Storage Object Viewer" role to retrieve the
encrypted file from GCS: encrypted file from GCS:
```bash ```bash
$ gsutil iam ch \ $ gcloud storage buckets add-iam-policy-binding gs://<bucket-name> \
serviceAccount:<service-account-email>:roles/storage.objectViewer \ --member=serviceAccount:<service-account-email> \
gs://<bucket-name> --role=roles/storage.objectViewer
``` ```
### Proxy configuration ### Proxy configuration

2
integration/testutils_bashrc
View File

@@ -21,7 +21,7 @@ function fetchVersion() {
local deployed_system=${1} local deployed_system=${1}
local env=${2} local env=${2}
local dev_project=${3} local dev_project=${3}
echo $(gsutil cat \ echo $(gcloud storage cat \
gs://${dev_project}-deployed-tags/${deployed_system}.${env}.tag) gs://${dev_project}-deployed-tags/${deployed_system}.${env}.tag)
} }

12
release/cloudbuild-deploy-gke.yaml
View File

@@ -37,9 +37,9 @@ steps:
else else
project_id="domain-registry-${_ENV}" project_id="domain-registry-${_ENV}"
fi fi
gsutil cp gs://$PROJECT_ID-deploy/${TAG_NAME}/nomulus-config-${_ENV}.yaml . gcloud storage cp gs://$PROJECT_ID-deploy/${TAG_NAME}/nomulus-config-${_ENV}.yaml .
gsutil cp gs://$PROJECT_ID-deploy/${TAG_NAME}/cloud-scheduler-tasks-${_ENV}.xml . gcloud storage cp gs://$PROJECT_ID-deploy/${TAG_NAME}/cloud-scheduler-tasks-${_ENV}.xml .
gsutil cp gs://$PROJECT_ID-deploy/${TAG_NAME}/cloud-tasks-queue.xml . gcloud storage cp gs://$PROJECT_ID-deploy/${TAG_NAME}/cloud-tasks-queue.xml .
deployCloudSchedulerAndQueue nomulus-config-${_ENV}.yaml cloud-scheduler-tasks-${_ENV}.xml $project_id --gke deployCloudSchedulerAndQueue nomulus-config-${_ENV}.yaml cloud-scheduler-tasks-${_ENV}.xml $project_id --gke
deployCloudSchedulerAndQueue nomulus-config-${_ENV}.yaml cloud-tasks-queue.xml $project_id --gke deployCloudSchedulerAndQueue nomulus-config-${_ENV}.yaml cloud-tasks-queue.xml $project_id --gke
# Save the deployed tag for the current environment on GCS, and update the # Save the deployed tag for the current environment on GCS, and update the
@@ -51,12 +51,12 @@ steps:
- | - |
set -e set -e
echo ${TAG_NAME} | \ echo ${TAG_NAME} | \
gsutil cp - gs://$PROJECT_ID-deployed-tags/nomulus-gke.${_ENV}.tag gcloud storage cp - gs://$PROJECT_ID-deployed-tags/nomulus-gke.${_ENV}.tag
now=$(TZ=UTC date '+%Y-%m-%dT%H:%M:%S.%3NZ') now=$(TZ=UTC date '+%Y-%m-%dT%H:%M:%S.%3NZ')
echo "${TAG_NAME},$now" | \ echo "${TAG_NAME},$now" | \
gsutil cp - gs://$PROJECT_ID-deployed-tags/nomulus-gke.${_ENV}.tmp gcloud storage cp - gs://$PROJECT_ID-deployed-tags/nomulus-gke.${_ENV}.tmp
# Atomically append uploaded tmp file to nomulus-gke.${_ENV}.versions # Atomically append uploaded tmp file to nomulus-gke.${_ENV}.versions
gsutil compose \ gcloud storage objects compose \
gs://$PROJECT_ID-deployed-tags/nomulus-gke.${_ENV}.versions \ gs://$PROJECT_ID-deployed-tags/nomulus-gke.${_ENV}.versions \
gs://$PROJECT_ID-deployed-tags/nomulus-gke.${_ENV}.tmp \ gs://$PROJECT_ID-deployed-tags/nomulus-gke.${_ENV}.tmp \
gs://$PROJECT_ID-deployed-tags/nomulus-gke.${_ENV}.versions gs://$PROJECT_ID-deployed-tags/nomulus-gke.${_ENV}.versions

14
release/cloudbuild-deploy.yaml
View File

@@ -34,9 +34,9 @@ steps:
else else
project_id="domain-registry-${_ENV}" project_id="domain-registry-${_ENV}"
fi fi
gsutil cp gs://$PROJECT_ID-deploy/${TAG_NAME}/nomulus-config-${_ENV}.yaml . gcloud storage cp gs://$PROJECT_ID-deploy/${TAG_NAME}/nomulus-config-${_ENV}.yaml .
gsutil cp gs://$PROJECT_ID-deploy/${TAG_NAME}/cloud-scheduler-tasks-${_ENV}.xml . gcloud storage cp gs://$PROJECT_ID-deploy/${TAG_NAME}/cloud-scheduler-tasks-${_ENV}.xml .
gsutil cp gs://$PROJECT_ID-deploy/${TAG_NAME}/cloud-tasks-queue.xml . gcloud storage cp gs://$PROJECT_ID-deploy/${TAG_NAME}/cloud-tasks-queue.xml .
deployCloudSchedulerAndQueue nomulus-config-${_ENV}.yaml cloud-scheduler-tasks-${_ENV}.xml $project_id deployCloudSchedulerAndQueue nomulus-config-${_ENV}.yaml cloud-scheduler-tasks-${_ENV}.xml $project_id
deployCloudSchedulerAndQueue nomulus-config-${_ENV}.yaml cloud-tasks-queue.xml $project_id deployCloudSchedulerAndQueue nomulus-config-${_ENV}.yaml cloud-tasks-queue.xml $project_id
# Deploy the GAE config files. # Deploy the GAE config files.
@@ -54,7 +54,7 @@ steps:
else else
project_id="domain-registry-${_ENV}" project_id="domain-registry-${_ENV}"
fi fi
gsutil cp gs://$PROJECT_ID-deploy/${TAG_NAME}/${_ENV}.tar . gcloud storage cp gs://$PROJECT_ID-deploy/${TAG_NAME}/${_ENV}.tar .
tar -xvf ${_ENV}.tar tar -xvf ${_ENV}.tar
unzip default/WEB-INF/lib/core.jar unzip default/WEB-INF/lib/core.jar
gcloud -q --project $project_id app deploy default/WEB-INF/appengine-generated/dispatch.yaml gcloud -q --project $project_id app deploy default/WEB-INF/appengine-generated/dispatch.yaml
@@ -67,7 +67,7 @@ steps:
- | - |
set -e set -e
echo ${TAG_NAME} | \ echo ${TAG_NAME} | \
gsutil cp - gs://$PROJECT_ID-deployed-tags/nomulus.${_ENV}.tag gcloud storage cp - gs://$PROJECT_ID-deployed-tags/nomulus.${_ENV}.tag
# Update the release to AppEngine version mapping. # Update the release to AppEngine version mapping.
if [ ${_ENV} == production ]; then if [ ${_ENV} == production ]; then
project_id="domain-registry" project_id="domain-registry"
@@ -85,9 +85,9 @@ steps:
echo "Expecting exactly five active services. Found $num_versions" echo "Expecting exactly five active services. Found $num_versions"
exit 1 exit 1
fi fi
gsutil cp "$local_map" gs://$PROJECT_ID-deployed-tags/nomulus.${_ENV}.tmp gcloud storage cp "$local_map" gs://$PROJECT_ID-deployed-tags/nomulus.${_ENV}.tmp
# Atomically append uploaded tmp file to nomulus.${_ENV}.versions # Atomically append uploaded tmp file to nomulus.${_ENV}.versions
gsutil compose \ gcloud storage objects compose \
gs://$PROJECT_ID-deployed-tags/nomulus.${_ENV}.versions \ gs://$PROJECT_ID-deployed-tags/nomulus.${_ENV}.versions \
gs://$PROJECT_ID-deployed-tags/nomulus.${_ENV}.tmp \ gs://$PROJECT_ID-deployed-tags/nomulus.${_ENV}.tmp \
gs://$PROJECT_ID-deployed-tags/nomulus.${_ENV}.versions gs://$PROJECT_ID-deployed-tags/nomulus.${_ENV}.versions

7
release/cloudbuild-dev-resource.yaml
View File

@@ -19,15 +19,16 @@ steps:
# uploading process. # uploading process.
- name: 'gcr.io/${PROJECT_ID}/builder:live' - name: 'gcr.io/${PROJECT_ID}/builder:live'
entrypoint: /bin/bash entrypoint: /bin/bash
args: ['gsutil', '-m', 'rsync', '-d', '-r', 'build/docs/javadoc', 'gs://${PROJECT_ID}-javadoc'] args: ['gcloud', 'storage', 'rsync', '--delete-unmatched-destination-objects', '--recursive', 'build/docs/javadoc',
'gs://${PROJECT_ID}-javadoc']
# Upload the files to GCS # Upload the files to GCS
# We don't use GCB's built-in artifacts uploader because we want to delete # We don't use GCB's built-in artifacts uploader because we want to delete
# the existing files in the bucket first, and we want to parallelize the # the existing files in the bucket first, and we want to parallelize the
# uploading process. # uploading process.
- name: 'gcr.io/${PROJECT_ID}/builder:live' - name: 'gcr.io/${PROJECT_ID}/builder:live'
entrypoint: /bin/bash entrypoint: /bin/bash
args: ['gsutil', '-m', 'rsync', '-d', '-r', 'db/src/main/resources/sql/er_diagram', args: ['gcloud', 'storage', 'rsync', '--delete-unmatched-destination-objects', '--recursive',
'gs://${PROJECT_ID}-er-diagram'] 'db/src/main/resources/sql/er_diagram', 'gs://${PROJECT_ID}-er-diagram']
timeout: 3600s timeout: 3600s
options: options:
machineType: 'E2_HIGHCPU_32' machineType: 'E2_HIGHCPU_32'

10
release/cloudbuild-release.yaml
View File

@@ -226,7 +226,7 @@ steps:
done done
done done
# Upload the Gradle binary to GCS if it does not exist and point URL in Gradle wrapper to it. # Upload the Gradle binary to GCS if it does not exist and point URL in Gradle wrapper to it.
- name: 'gcr.io/cloud-builders/gsutil' - name: 'gcr.io/cloud-builders/gcloud'
entrypoint: /bin/bash entrypoint: /bin/bash
args: args:
- -c - -c
@@ -237,17 +237,17 @@ steps:
gradle_bin=$(basename $gradle_url) gradle_bin=$(basename $gradle_url)
gcs_loc="domain-registry-maven-repository/gradle" gcs_loc="domain-registry-maven-repository/gradle"
curl -O -L ${gradle_url} curl -O -L ${gradle_url}
if gsutil -q stat gs://${gcs_loc}/${gradle_bin} if gcloud storage objects describe gs://${gcs_loc}/${gradle_bin}
then then
local_md5=$(md5sum ${gradle_bin} | awk '{print $1}') local_md5=$(md5sum ${gradle_bin} | awk '{print $1}')
remote_md5=$(gsutil hash -h gs://${gcs_loc}/${gradle_bin} | grep md5 | awk '{print $3}') remote_md5=$(gcloud storage hash -h gs://${gcs_loc}/${gradle_bin} | grep md5 | awk '{print $3}')
if [[ ${local_md5} != ${remote_md5} ]] if [[ ${local_md5} != ${remote_md5} ]]
then then
echo "${gradle_bin} HAS CHANGED ON GRADLE WEBSITE, USING THE BINARY ON GCS." echo "${gradle_bin} HAS CHANGED ON GRADLE WEBSITE, USING THE BINARY ON GCS."
fi fi
else else
gsutil cp $gradle_bin gs://${gcs_loc}/ gcloud storage cp $gradle_bin gs://${gcs_loc}/
gsutil acl ch -u AllUsers:R gs://${gcs_loc}/${gradle_bin} gcloud storage objects update --predefined-acl=publicRead gs://${gcs_loc}/${gradle_bin}
fi fi
rm ${gradle_bin} rm ${gradle_bin}
sed -i s%services.gradle.org/distributions%storage.googleapis.com/${gcs_loc}% \ sed -i s%services.gradle.org/distributions%storage.googleapis.com/${gcs_loc}% \

4
release/cloudbuild-schema-deploy.yaml
View File

@@ -62,7 +62,7 @@ steps:
- -c - -c
- | - |
set -e set -e
gsutil cp gs://$PROJECT_ID-deploy/${TAG_NAME}/schema.jar \ gcloud storage cp gs://$PROJECT_ID-deploy/${TAG_NAME}/schema.jar \
/flyway/jars /flyway/jars
# Deploy SQL schema # Deploy SQL schema
- name: 'gcr.io/$PROJECT_ID/schema_deployer:latest' - name: 'gcr.io/$PROJECT_ID/schema_deployer:latest'
@@ -83,7 +83,7 @@ steps:
- | - |
set -e set -e
echo ${TAG_NAME} | \ echo ${TAG_NAME} | \
gsutil cp - gs://$PROJECT_ID-deployed-tags/sql.${_ENV}.tag\ gcloud storage cp - gs://$PROJECT_ID-deployed-tags/sql.${_ENV}.tag\
timeout: 3600s timeout: 3600s
options: options:
machineType: 'E2_HIGHCPU_32' machineType: 'E2_HIGHCPU_32'

4
release/cloudbuild-schema-verify.yaml
View File

@@ -64,9 +64,9 @@ steps:
- -c - -c
- | - |
set -e set -e
deployed_schema_tag=$(gsutil cat \ deployed_schema_tag=$(gcloud storage cat \
gs://$PROJECT_ID-deployed-tags/sql.${_ENV}.tag) gs://$PROJECT_ID-deployed-tags/sql.${_ENV}.tag)
gsutil cp gs://$PROJECT_ID-deploy/$deployed_schema_tag/schema.jar \ gcloud storage cp gs://$PROJECT_ID-deploy/$deployed_schema_tag/schema.jar \
/schema /schema
# Verify the schema # Verify the schema
- name: 'gcr.io/$PROJECT_ID/schema_verifier:latest' - name: 'gcr.io/$PROJECT_ID/schema_verifier:latest'

8
release/cloudbuild-sync-and-tag.yaml
View File

@@ -18,11 +18,11 @@ steps:
# Rsync the folder where deployment artifacts are uploaded. # Rsync the folder where deployment artifacts are uploaded.
- name: 'gcr.io/$PROJECT_ID/builder:latest' - name: 'gcr.io/$PROJECT_ID/builder:latest'
args: args:
- gsutil - gcloud
- -m - storage
- rsync - rsync
- -d - --delete-unmatched-destination-objects
- -r - --recursive
- gs://$PROJECT_ID-deploy/${TAG_NAME} - gs://$PROJECT_ID-deploy/${TAG_NAME}
- gs://$PROJECT_ID-deploy/live - gs://$PROJECT_ID-deploy/live
- # Tag nomulus - # Tag nomulus

4
release/rollback/rollback_test.py
View File

@@ -122,8 +122,8 @@ class RollbackTestCase(unittest.TestCase):
'.*gcloud app services set-traffic.*') '.*gcloud app services set-traffic.*')
self.assertRegex(steps[9].info(), '.*gcloud app versions stop.*') self.assertRegex(steps[9].info(), '.*gcloud app versions stop.*')
self.assertRegex(steps[13].info(), self.assertRegex(steps[13].info(),
'.*echo nomulus-20201014-RC00 | gsutil cat -.*') '.*echo nomulus-20201014-RC00 | gcloud storage cat -.*')
self.assertRegex(steps[14].info(), '.*gsutil -m rsync -d .*') self.assertRegex(steps[14].info(), '.*gcloud storage rsync --delete-unmatched-destination-objects .*')
if __name__ == '__main__': if __name__ == '__main__':

10
release/rollback/steps.py
View File

@@ -26,8 +26,8 @@ import common
class RollbackStep: class RollbackStep:
"""One rollback step. """One rollback step.
Most steps are implemented using commandline tools, e.g., gcloud and Most steps are implemented using commandline tools, e.g., gcloud,
gsutil, and execute their commands by forking a subprocess. Each step and execute their commands by forking a subprocess. Each step
also has a info method that returns its command with a description. also has a info method that returns its command with a description.
Two steps are handled differently. The _UpdateDeployTag step gets a piped Two steps are handled differently. The _UpdateDeployTag step gets a piped
@@ -147,7 +147,7 @@ class _UpdateDeployTag(RollbackStep):
destination: str destination: str
def execute(self) -> None: def execute(self) -> None:
with subprocess.Popen(('gsutil', 'cp', '-', self.destination), with subprocess.Popen(('gcloud', 'storage', 'cp', '-', self.destination),
stdin=subprocess.PIPE) as p: stdin=subprocess.PIPE) as p:
try: try:
p.communicate(self.nom_tag.encode('utf-8')) p.communicate(self.nom_tag.encode('utf-8'))
@@ -165,7 +165,7 @@ def update_deploy_tags(dev_project: str, env: str,
return _UpdateDeployTag( return _UpdateDeployTag(
f'Update Nomulus tag in {env}', f'Update Nomulus tag in {env}',
(f'echo {nom_tag} | gsutil cp - {destination}', ''), nom_tag, (f'echo {nom_tag} | gcloud storage cp - {destination}', ''), nom_tag,
destination) destination)
@@ -183,4 +183,4 @@ def sync_live_release(dev_project: str, nom_tag: str) -> RollbackStep:
return RollbackStep( return RollbackStep(
f'Syncing {artifacts_folder} to {live_folder}.', f'Syncing {artifacts_folder} to {live_folder}.',
('gsutil', '-m', 'rsync', '-d', artifacts_folder, live_folder)) ('gcloud', 'storage', 'rsync', '--delete-unmatched-destination-objects', artifacts_folder, live_folder))