gcs-upload v0.2 do not delete missing files by default

The gcs-upload task v0.1, when dealing with folders, uses the "-d" option by default, which deletes remote files by default. This is a relatively dangerous choice of default, and it's safer to make that as an opt-in, as it may result in deletion of a lot of remote files by accident. V0.2 has a new parameter "deleteExtraFiles" which corresponds to gsutil "-d" flag. deleteExtraFiles defaults to false, making the default behaviour of the task different from v0.1. V0.2 replaces parameters in the script with environment variables for security as recommended in the catalog best practices. The cloud-sdk image version has been updated to 390.0.0-slim which is newer, ~60% smaller than the current image and includes gsutil. Signed-off-by: Andrea Frittoli <andrea.frittoli@gmail.com>
2024-11-21 05:55:35 +00:00 · 2022-03-30 18:23:29 +01:00 · 2022-03-30 18:23:29 +01:00 · f400e99456
commit f400e99456
parent 7eb56668e4
2 changed files with 31 additions and 11 deletions
--- a/task/gcs-upload/0.2/README.md
+++ b/task/gcs-upload/0.2/README.md
@ -8,7 +8,6 @@ are intended as its replacement. This is part of our plan to [offer replacement
 as well as
 [document those replacements](https://github.com/tektoncd/pipeline/issues/1369).

-
 ## `gcs-upload`

 A `Task` that uploads files or directories from a Workspace to a GCS bucket.
@ -23,6 +22,9 @@ A `Task` that uploads files or directories from a Workspace to a GCS bucket.

 * **path**: The path to files or directories relative to the source workspace that you'd like to upload. (_required_)
 * **location**: The address (including "gs://") where you'd like to upload files to. (_required_)
+* **deleteExtraFiles**: When "true", delete extra files under location not found under path.
+  NOTE: this option can delete data quickly if you specify the wrong source/destination combination.
+  "BE CAREFUL WHEN USING THIS OPTION!". (_default_: "false")
 * **serviceAccountPath**: The path to the service account credential file in your credentials workspace. (_default_: "service\_account.json")

 ## Platforms
@ -31,7 +33,6 @@ The Task can be run on `linux/amd64` platform.

 ## Usage

-
 ### `gcs-upload`

 This TaskRun uses the gcs-upload Task to upload a file from a ConfigMap.
@ -59,4 +60,4 @@ spec:
  - name: source
    configMap:
      name: test-input-data
-```
+```
--- a/task/gcs-upload/0.2/gcs-upload.yaml
+++ b/task/gcs-upload/0.2/gcs-upload.yaml
@ -3,7 +3,7 @@ kind: Task
 metadata:
  name: gcs-upload
  labels:
-    app.kubernetes.io/version: "0.1"
+    app.kubernetes.io/version: "0.2"
  annotations:
    tekton.dev/pipelines.minVersion: "0.12.1"
    tekton.dev/categories: Cloud, Storage
@ -28,31 +28,50 @@ spec:
  - name: location
    description: The address (including "gs://") where you'd like to upload files to.
    type: string
+  - name: deleteExtraFiles
+    description: |
+      When "true", delete extra files under location not found under path.
+      By default extra files are not deleted.
+
+      NOTE: this option can delete data quickly if you specify the wrong
+      source/destination combination. "BE CAREFUL WHEN USING THIS OPTION!".
+    default: "false"
+    type: string
  - name: serviceAccountPath
    description: The path inside the credentials workspace to the GOOGLE_APPLICATION_CREDENTIALS key file.
    type: string
    default: service_account.json
  steps:
  - name: upload
-    image: gcr.io/google.com/cloudsdktool/cloud-sdk:310.0.0@sha256:cb03669fcdb9191d55a6200f2911fff3baec0b8c39b156d95b68aabe975ac506 #tag: 310.0.0
+    env:
+      - name: CRED_PATH
+        value: "$(workspaces.credentials.path)/$(params.serviceAccountPath)"
+      - name: SOURCE
+        value: "$(workspaces.source.path)/$(params.path)"
+      - name: LOCATION
+        value: "$(params.location)"
+      - name: DELETE_EXTRA_FILES
+        value: $(params.deleteExtraFiles)
+    image: gcr.io/google.com/cloudsdktool/cloud-sdk:379.0.0-slim@sha256:d844877c7aaa06a0072979230c68417ddb0f27087277f29747c7169d6ed0d2b9 #tag: 379.0.0-slim
    script: |
      #!/usr/bin/env bash
      set -xe

-      CRED_PATH="$(workspaces.credentials.path)/$(params.serviceAccountPath)"
-      SOURCE="$(workspaces.source.path)/$(params.path)"
-
      if [[ -f "$CRED_PATH" ]]; then
        GOOGLE_APPLICATION_CREDENTIALS="$CRED_PATH"
      fi

      if [[ "${GOOGLE_APPLICATION_CREDENTIALS}" != "" ]]; then
        echo GOOGLE_APPLICATION_CREDENTIALS is set, activating Service Account...
-        gcloud auth activate-service-account --key-file=${GOOGLE_APPLICATION_CREDENTIALS}
+        gcloud auth activate-service-account --key-file="${GOOGLE_APPLICATION_CREDENTIALS}"
      fi

+      RSYNC_PARAMS=""
      if [[ -d "$SOURCE" ]]; then
-        gsutil -m rsync -d -r "$SOURCE" "$(params.location)"
+        if [[ "$DELETE_EXTRA_FILES" == "true" ]]; then
+          RSYNC_PARAMS="-d"
+        fi
+        gsutil -m rsync ${RSYNC_PARAMS} -r "${SOURCE}" "${LOCATION}"
      else
-        gsutil cp "$SOURCE" "$(params.location)"
+        gsutil cp "${SOURCE}" "${LOCATION}"
      fi