cleanup of bash scripts

deploy/gcp/change-pv-reclaimpolicy.sh

@@ -4,19 +4,27 @@
 # Run before terraform destroy
 
 set -euo pipefail
+
+usage="usage: $0 <kubeconfigfile> <namespace>"
+
+if (( $# != 2 )); then
+    printf "%s\n" "$usage" >&2
+    exit 1
+fi
+
 set -x
 
-KUBECONFIGFILE=$1
-NAMESPACE=$2
+kubeconfigfile=$1
+namespace=$2
 
-if [[ ! -f ${KUBECONFIGFILE} ]]; then
-    echo "The given kubeconfig file does not exist"
+if ! [[ -f $kubeconfigfile ]]; then
+    printf "The given kubeconfig file (%s) does not exist\n" "$kubeconfigfile" >&2
     exit 1
 fi
 
-if ! kubectl --kubeconfig ${KUBECONFIGFILE} get ns ${NAMESPACE}; then
-    echo "The given namespace was not found in the kubernetes cluster for the given kubeconfig file"
+if ! kubectl --kubeconfig "$kubeconfigfile" get ns "$namespace"; then
+    printf "The given namespace (%s) was not found in the kubernetes cluster for the given kubeconfig file (%s)" "$namespace" "$kubeconfigfile" >&2
     exit 1
 fi
 
-kubectl --kubeconfig ${KUBECONFIGFILE} get pvc -n ${NAMESPACE} -o jsonpath='{.items[*].spec.volumeName}'|fmt -1 | xargs -I {} kubectl --kubeconfig ${KUBECONFIGFILE} patch pv {} -p '{"spec":{"persistentVolumeReclaimPolicy":"Delete"}}'
+kubectl --kubeconfig "$kubeconfigfile" get pvc -n "$namespace" -o jsonpath='{.items[*].spec.volumeName}'|fmt -1 | xargs -I {} kubectl --kubeconfig "$kubeconfigfile" patch pv {} -p '{"spec":{"persistentVolumeReclaimPolicy":"Delete"}}'

deploy/gcp/create-service-account.sh

@@ -7,45 +7,72 @@
 # so it cannot just be added to the existing terraform.
 
 set -euo pipefail
-cd "$(dirname "$0")"
-PROJECT="${TF_VAR_GCP_PROJECT:-$(cat terraform.tfvars | awk -F '=' '/GCP_PROJECT/ {print $2}' | cut -d '"' -f 2)}"
-echo "using project: $PROJECT"
 
-cred_file=credentials.auto.tfvars
-if test -f "$cred_file" ; then
-  if cat "$cred_file" | awk -F'=' '/GCP_CREDENTIALS/ {print $2}' >/dev/null ; then
-    echo "GCP_CREDENTAILS_PATH already set in $cred_file"
+if ! cd "$(dirname "$0")"; then
+    printf "Could not change to base directory of script." >&2
     exit 1
-  fi
 fi
 
-GCLOUD="gcloud --project $PROJECT"
+if ! [[ -d .terraform ]]; then
+    echo "no .terraform directory, perhaps you need to run ''terraform init''?" >&2
+    exit 1
+fi
+
+if ! project=${TF_VAR_GCP_PROJECT:-$( echo var.GCP_PROJECT | terraform console 2>/dev/null )} || [[ -z $project ]]; then
+    echo "could not identify current project; set GCP_PROJECT in a .tfvars file or set the TF_VAR_GCP_PROJECT environment variable" >&2
+    exit 1
+fi
+echo "using project: $project"
+
+cred_file=credentials.auto.tfvars
+
+if cred_path=$( echo var.GCP_CREDENTIALS_PATH | terraform console 2>/dev/null ) && [[ $cred_path ]]; then
+    if ! command -v jq >/dev/null; then
+        echo "GCP_CREDENTAILS_PATH already set to $cred_path and jq(1) is not installed to ensure it is for project $project" >&2
+        exit 1
+    elif cred_project=$(jq -r .project_id "$cred_path" 2>/dev/null) && [[ $cred_project != "$project" ]]; then
+        echo "GCP_CREDENTAILS_PATH already set to $cred_path but credentials project $cred_project does not match current project $project" >&2
+        exit 1
+    elif ! [[ -f $cred_path ]]; then
+        echo "GCP_CREDENTAILS_PATH already set, but $cred_path doesn't exist" >&2
+    else
+        echo "GCP_CREDENTAILS_PATH already set to $cred_path for project $project" >&2
+        exit
+    fi
+fi
+
+gcloud=( gcloud --project "$project" )
 
 mkdir -p credentials
 key_file=credentials/terraform-key.json
-email="terraform@${PROJECT}.iam.gserviceaccount.com"
+email="terraform@${project}.iam.gserviceaccount.com"
 
-sas=$($GCLOUD iam service-accounts list)
-if echo "$sas" | grep terraform >/dev/null ; then
-  if test -f $key_file && grep "$PROJECT" $key_file >/dev/null ; then
-    echo "service account terraform already exists along with the key file. Will set terraform variables"
+if [[ $("${gcloud[@]}" --format='value(name)' iam service-accounts list --filter='displayName~^terraform$') ]]; then
+  if grep -sq "$project" "$key_file"; then
+    echo "service account terraform already exists along with the key file, will set terraform variables"
   else
     echo "service account terraform already exists, will get a key for it"
-    $GCLOUD iam service-accounts keys create $key_file --iam-account "$email"
+    "${gcloud[@]}" iam service-accounts keys create "$key_file" --iam-account "$email"
   fi
 else
   echo "creating a new service account terraform"
-  $GCLOUD iam service-accounts create --display-name terraform terraform
-  $GCLOUD iam service-accounts keys create $key_file --iam-account "$email"
+  "${gcloud[@]}" iam service-accounts create --display-name terraform terraform
+  "${gcloud[@]}" iam service-accounts keys create "$key_file" --iam-account "$email"
 fi
 
-chmod 0600 $key_file
+chmod 0600 "$key_file"
 
-$GCLOUD projects add-iam-policy-binding "$PROJECT" --member "serviceAccount:$email" --role roles/container.clusterAdmin
-$GCLOUD projects add-iam-policy-binding "$PROJECT" --member "serviceAccount:$email" --role roles/compute.networkAdmin
-$GCLOUD projects add-iam-policy-binding "$PROJECT" --member "serviceAccount:$email" --role roles/compute.viewer
-$GCLOUD projects add-iam-policy-binding "$PROJECT" --member "serviceAccount:$email" --role roles/compute.securityAdmin
-$GCLOUD projects add-iam-policy-binding "$PROJECT" --member "serviceAccount:$email" --role roles/iam.serviceAccountUser
-$GCLOUD projects add-iam-policy-binding "$PROJECT" --member "serviceAccount:$email" --role roles/compute.instanceAdmin.v1
+roles=(
+  roles/container.clusterAdmin
+  roles/compute.networkAdmin
+  roles/compute.viewer
+  roles/compute.securityAdmin
+  roles/iam.serviceAccountUser
+  roles/compute.instanceAdmin.v1
+)
+for role in "${roles[@]}"; do 
+    "${gcloud[@]}" projects add-iam-policy-binding "$project" --member "serviceAccount:$email" --role "$role"
+done
 
-echo GCP_CREDENTIALS_PATH="\"$(pwd)/$key_file\"" > "$cred_file"
+printf 'GCP_CREDENTIALS_PATH = "%s/%s"\n' "$PWD" "$key_file" > "$cred_file"
+echo "Successfully wrote credentials to $key_file and configuration to $cred_file"