From 6ad64bcbada11045d12102825bd458c196542df7 Mon Sep 17 00:00:00 2001 From: Yuval Kashtan Date: Wed, 6 May 2026 20:57:05 +0000 Subject: [PATCH 1/2] [SAR] APPENG-5150: Add --purge-data flag to cleanup script Add an optional --purge-data flag to the Cloud Run cleanup script that deletes CloudSQL instances matching 'lightspeed' and lists Redis instances for manual deletion. Without the flag, data resources are preserved (existing behavior). This ensures data is not accidentally deleted during routine cleanup while providing an explicit purge option. - Add --purge-data CLI argument parsing - Add CloudSQL instance deletion loop when flag is set - Add Redis instance listing for manual cleanup - Update help text and 'not deleted' notice to reference --purge-data Co-Authored-By: Claude Opus 4.6 (1M context) --- deploy/cloudrun/cleanup.sh | 33 ++++++++++++++++++++++++++++----- 1 file changed, 28 insertions(+), 5 deletions(-) diff --git a/deploy/cloudrun/cleanup.sh b/deploy/cloudrun/cleanup.sh index 58e08628..1679ae23 100755 --- a/deploy/cloudrun/cleanup.sh +++ b/deploy/cloudrun/cleanup.sh @@ -10,10 +10,11 @@ # - Service accounts (runtime + Pub/Sub invoker) and IAM bindings # # Usage: -# ./deploy/cloudrun/cleanup.sh [--force] +# ./deploy/cloudrun/cleanup.sh [--force] [--purge-data] # # Options: -# --force Skip confirmation prompt +# --force Skip confirmation prompt +# --purge-data Also delete CloudSQL instances and Redis data # # Prerequisites: # - gcloud CLI installed and authenticated @@ -55,6 +56,7 @@ PUBSUB_SUBSCRIPTION="${PUBSUB_SUBSCRIPTION:-${PUBSUB_TOPIC}-sub}" # Parse arguments FORCE=false +PURGE_DATA=false while [[ $# -gt 0 ]]; do case $1 in @@ -62,9 +64,13 @@ while [[ $# -gt 0 ]]; do FORCE=true shift ;; + --purge-data) + PURGE_DATA=true + shift + ;; *) log_error "Unknown option: $1" - echo "Usage: $0 [--force]" + echo "Usage: $0 [--force] [--purge-data]" exit 1 ;; esac @@ -269,9 +275,26 @@ echo " - Pub/Sub topic and subscription" echo " - Secret Manager secrets" echo " - Service accounts (runtime + Pub/Sub invoker) and IAM bindings" echo "" +if [ "$PURGE_DATA" = true ]; then + echo "" + log_info "Purging data resources..." + # Delete CloudSQL instances + for instance in $(gcloud sql instances list --project="$PROJECT_ID" --filter="name~lightspeed" --format="value(name)" 2>/dev/null); do + echo "Deleting CloudSQL instance: $instance" + gcloud sql instances delete "$instance" --project="$PROJECT_ID" --quiet || true + done + # Flush Redis data + for instance in $(gcloud redis instances list --region="$REGION" --project="$PROJECT_ID" --format="value(name)" 2>/dev/null); do + echo "Note: Redis instance $instance must be deleted manually or via console" + done + log_info "Data purge complete." +fi + echo "Note: The following resources were NOT deleted (delete manually if needed):" -echo " - Cloud SQL instances" -echo " - Cloud Memorystore Redis instances" +if [ "$PURGE_DATA" != true ]; then +echo " - Cloud SQL instances (use --purge-data to delete)" +echo " - Cloud Memorystore Redis instances (use --purge-data to delete)" +fi echo " - Container images in GCR/Artifact Registry" echo " - VPC connectors" echo " - Cloud Build triggers" From 26a75c0ec2a333b2dee88311f954705b0b65e320 Mon Sep 17 00:00:00 2001 From: Luis Tomas Bolivar Date: Fri, 8 May 2026 15:09:28 +0200 Subject: [PATCH 2/2] Address review feedback on --purge-data cleanup flag - Move data purge to Step 5 before summary banner (was after) - Add IRREVERSIBLE DATA LOSS warning to confirmation prompt - Fix indentation inside conditional block - Anchor regex filter (name~^lightspeed) - Replace silent || true with log_warn on CloudSQL delete failure - Fix misleading comment and options header for Redis handling Co-Authored-By: Claude Opus 4.6 (1M context) --- deploy/cloudrun/cleanup.sh | 47 +++++++++++++++++++++++++------------- 1 file changed, 31 insertions(+), 16 deletions(-) diff --git a/deploy/cloudrun/cleanup.sh b/deploy/cloudrun/cleanup.sh index 1679ae23..dccbcd44 100755 --- a/deploy/cloudrun/cleanup.sh +++ b/deploy/cloudrun/cleanup.sh @@ -14,7 +14,7 @@ # # Options: # --force Skip confirmation prompt -# --purge-data Also delete CloudSQL instances and Redis data +# --purge-data Also delete CloudSQL instances (lists Redis for manual cleanup) # # Prerequisites: # - gcloud CLI installed and authenticated @@ -93,6 +93,12 @@ echo " session-database-url, gma-client-id, gma-client-secret, dcr-e echo " rate-limit-redis-url" echo " - Service accounts: $SERVICE_ACCOUNT" echo " $PUBSUB_INVOKER_SA" +if [ "$PURGE_DATA" = true ]; then + echo "" + log_warn "DATA PURGE ENABLED — the following will also be PERMANENTLY deleted:" + echo " - CloudSQL instances matching 'lightspeed' (IRREVERSIBLE DATA LOSS)" + echo " - Redis instances will be listed for manual cleanup" +fi echo "" # Confirmation prompt @@ -261,6 +267,26 @@ else log_info "Service account '$PUBSUB_INVOKER_SA' does not exist, skipping" fi +# ============================================================================= +# Step 5: Purge Data Resources (optional) +# ============================================================================= +if [ "$PURGE_DATA" = true ]; then + echo "" + log_info "Purging data resources..." + # Delete CloudSQL instances + for instance in $(gcloud sql instances list --project="$PROJECT_ID" --filter="name~^lightspeed" --format="value(name)" 2>/dev/null); do + echo "Deleting CloudSQL instance: $instance" + if ! gcloud sql instances delete "$instance" --project="$PROJECT_ID" --quiet; then + log_warn "Failed to delete CloudSQL instance: $instance" + fi + done + # List Redis instances for manual cleanup + for instance in $(gcloud redis instances list --region="$REGION" --project="$PROJECT_ID" --format="value(name)" 2>/dev/null); do + echo "Note: Redis instance $instance must be deleted manually or via console" + done + log_info "Data purge complete." +fi + # ============================================================================= # Summary # ============================================================================= @@ -274,26 +300,15 @@ echo " - Cloud Run services ($SERVICE_NAME, $HANDLER_SERVICE_NAME)" echo " - Pub/Sub topic and subscription" echo " - Secret Manager secrets" echo " - Service accounts (runtime + Pub/Sub invoker) and IAM bindings" -echo "" if [ "$PURGE_DATA" = true ]; then - echo "" - log_info "Purging data resources..." - # Delete CloudSQL instances - for instance in $(gcloud sql instances list --project="$PROJECT_ID" --filter="name~lightspeed" --format="value(name)" 2>/dev/null); do - echo "Deleting CloudSQL instance: $instance" - gcloud sql instances delete "$instance" --project="$PROJECT_ID" --quiet || true - done - # Flush Redis data - for instance in $(gcloud redis instances list --region="$REGION" --project="$PROJECT_ID" --format="value(name)" 2>/dev/null); do - echo "Note: Redis instance $instance must be deleted manually or via console" - done - log_info "Data purge complete." + echo " - CloudSQL instances matching 'lightspeed'" fi +echo "" echo "Note: The following resources were NOT deleted (delete manually if needed):" if [ "$PURGE_DATA" != true ]; then -echo " - Cloud SQL instances (use --purge-data to delete)" -echo " - Cloud Memorystore Redis instances (use --purge-data to delete)" + echo " - Cloud SQL instances (use --purge-data to delete)" + echo " - Cloud Memorystore Redis instances (use --purge-data to delete)" fi echo " - Container images in GCR/Artifact Registry" echo " - VPC connectors"