cleanup(updates.jio/trusted.ci.jio) remove unused (SMB) fileshares (#895

) Signed-off-by: Damien Duportal <[email protected]>
jenkins-infra · Nov 29, 2024 · 83b2747 · 83b2747
1 parent 8b52151
commit 83b2747
Show file tree

Hide file tree

Showing 4 changed files with 2 additions and 95 deletions.
diff --git a/outputs.tf b/outputs.tf
@@ -35,25 +35,3 @@ resource "local_file" "jenkins_infra_data_report" {
 output "jenkins_infra_data_report" {
   value = local_file.jenkins_infra_data_report.content
 }
-
-## The script <https://github.com/jenkins-infra/charts-secrets/blob/main/config/trusted.ci.jenkins.io/get-uc-sync-zip-credential.sh>
-## requires the following output for generating trusted.ci.jenkins.io's Update Center ZIP credentials
-## used by https://github.com/jenkins-infra/update-center2 and https://github.com/jenkins-infra/crawler
-output "trusted_ci_jenkins_io_updatesjenkinsio_credentials" {
-  sensitive = true
-  value = jsonencode({
-    "storage_name" = azurerm_storage_account.updates_jenkins_io.name,
-    "content" = {
-      "azure_client_id"       = module.trustedci_updatesjenkinsio_content_fileshare_serviceprincipal_writer.fileshare_serviceprincipal_writer_application_client_id,
-      "azure_client_password" = module.trustedci_updatesjenkinsio_content_fileshare_serviceprincipal_writer.fileshare_serviceprincipal_writer_application_client_password,
-    },
-    "redirections-unsecured" = {
-      "azure_client_id"       = module.trustedci_updatesjenkinsio_redirects_fileshare_serviceprincipal_writer.fileshare_serviceprincipal_writer_application_client_id,
-      "azure_client_password" = module.trustedci_updatesjenkinsio_redirects_fileshare_serviceprincipal_writer.fileshare_serviceprincipal_writer_application_client_password,
-    },
-    "redirections-secured" = {
-      "azure_client_id"       = module.trustedci_updatesjenkinsio_redirects_fileshare_serviceprincipal_writer.fileshare_serviceprincipal_writer_application_client_id,
-      "azure_client_password" = module.trustedci_updatesjenkinsio_redirects_fileshare_serviceprincipal_writer.fileshare_serviceprincipal_writer_application_client_password,
-    },
-  })
-}
diff --git a/trusted.ci.jenkins.io.tf b/trusted.ci.jenkins.io.tf
@@ -65,31 +65,6 @@ module "trusted_ci_jenkins_io_azurevm_agents" {
   }
 }
 
-# Required to allow azcopy sync of updates.jenkins.io File Share (content) with the permanent agent
-module "trustedci_updatesjenkinsio_content_fileshare_serviceprincipal_writer" {
-  source = "./.shared-tools/terraform/modules/azure-jenkinsinfra-fileshare-serviceprincipal-writer"
-
-  service_fqdn                   = "${module.trusted_ci_jenkins_io.service_fqdn}-fileshare_serviceprincipal_writer"
-  active_directory_owners        = [data.azuread_service_principal.terraform_production.object_id]
-  active_directory_url           = "https://github.com/jenkins-infra/azure"
-  service_principal_end_date     = "2024-12-18T00:00:00Z"
-  file_share_resource_manager_id = azurerm_storage_share.updates_jenkins_io_content.resource_manager_id
-  storage_account_id             = azurerm_storage_account.updates_jenkins_io.id
-  default_tags                   = local.default_tags
-}
-# Required to allow azcopy sync of updates.jenkins.io File Share (redirections) with the permanent agent
-module "trustedci_updatesjenkinsio_redirects_fileshare_serviceprincipal_writer" {
-  source = "./.shared-tools/terraform/modules/azure-jenkinsinfra-fileshare-serviceprincipal-writer"
-
-  service_fqdn                   = "${module.trusted_ci_jenkins_io.service_fqdn}-fileshare_serviceprincipal_writer-redirects"
-  active_directory_owners        = [data.azuread_service_principal.terraform_production.object_id]
-  active_directory_url           = "https://github.com/jenkins-infra/azure"
-  service_principal_end_date     = "2024-12-18T00:00:00Z"
-  file_share_resource_manager_id = azurerm_storage_share.updates_jenkins_io_redirects.resource_manager_id
-  storage_account_id             = azurerm_storage_account.updates_jenkins_io.id
-  default_tags                   = local.default_tags
-}
-
 # Required to allow azcopy sync of jenkins.io File Share
 module "trustedci_jenkinsio_fileshare_serviceprincipal_writer" {
   source = "./.shared-tools/terraform/modules/azure-jenkinsinfra-fileshare-serviceprincipal-writer"

diff --git a/updatecli/values.yaml b/updatecli/values.yaml
@@ -80,30 +80,6 @@ end_dates:
       service: "stats.jenkins.io"
       secret: "STATS_SERVICE_PRINCIPAL_WRITER_CLIENT_SECRET"
   trusted_ci_jenkins_io:
-    trustedci_updatesjenkinsio_content_fileshare_serviceprincipal_writer:
-      service: "updates.jenkins.io (content)"
-      doc_how_to_get_credential: |
-        > [!IMPORTANT]
-        >
-        > ⚠️ Merging this PR will prevent the Update Center job (update_center2) to succeed and update the Update Center index. You should disable the `update_center2` job before merging between the PR merge and the credential upload.
-        > You'll have to update the top-level credential `update-center-publish-env` on trusted.ci.jenkins.io UI with the ZIP file.
-        >
-        > This credential is a ZIP file generated by the (private) script:
-        https://github.com/jenkins-infra/charts-secrets/blob/main/config/trusted.ci.jenkins.io/get-uc-sync-zip-credential.sh.
-        > ⚠️ Make sure you can generate this ZIP file BEFORE merging the pull request here!
-        > ⚠️ Check if you don't have other PR to related to the same ZIP credential to only generates the ZIP once.
-    trustedci_updatesjenkinsio_redirects_fileshare_serviceprincipal_writer:
-      service: "updates.jenkins.io (redirections)"
-      doc_how_to_get_credential: |
-        > [!IMPORTANT]
-        >
-        > ⚠️ Merging this PR will prevent the Update Center job (update_center2) to succeed and update the Update Center index. You should disable the `update_center2` job before merging, between the PR merge and the credential upload.
-        > You'll have to update the top-level credential `update-center-publish-env` on trusted.ci.jenkins.io UI.
-        >
-        > This credential is a ZIP file generated by the (private) script:
-        https://github.com/jenkins-infra/charts-secrets/blob/main/config/trusted.ci.jenkins.io/get-uc-sync-zip-credential.sh.
-        > ⚠️ Make sure you can generate this ZIP file BEFORE merging the pull request here!
-        > ⚠️ Check if you don't have other PR to related to the same ZIP credential to only generates the ZIP once.
     trustedci_jenkinsio_fileshare_serviceprincipal_writer:
       service: "www.jenkins.io"
       doc_how_to_get_credential: |

diff --git a/updates.jenkins.io.tf b/updates.jenkins.io.tf
@@ -24,11 +24,8 @@ resource "azurerm_storage_account" "updates_jenkins_io" {
   # Adding a network rule with `public_network_access_enabled` set to `true` (default) selects the option "Enabled from selected virtual networks and IP addresses"
   network_rules {
     default_action = "Deny"
-    ip_rules = flatten(
-      concat(
-        [for key, value in module.jenkins_infra_shared_data.admin_public_ips : value],
-      )
-    )
+
+    # Only NFS share means only private network access - https://learn.microsoft.com/en-us/azure/storage/files/files-nfs-protocol#security-and-networking
     virtual_network_subnet_ids = [
       data.azurerm_subnet.trusted_ci_jenkins_io_ephemeral_agents.id,
       data.azurerm_subnet.trusted_ci_jenkins_io_permanent_agents.id,
@@ -49,17 +46,6 @@ resource "azurerm_storage_share" "updates_jenkins_io_data" {
   enabled_protocol     = "NFS" # Require a Premium Storage Account
 }
 
-resource "azurerm_storage_share" "updates_jenkins_io_content" {
-  name                 = "updates-jenkins-io"
-  storage_account_name = azurerm_storage_account.updates_jenkins_io.name
-  quota                = 100 # Minimum size of premium is 100 - https://learn.microsoft.com/en-us/azure/storage/files/understanding-billing#provisioning-method
-}
-resource "azurerm_storage_share" "updates_jenkins_io_redirects" {
-  name                 = "updates-jenkins-io-redirects"
-  storage_account_name = azurerm_storage_account.updates_jenkins_io.name
-  quota                = 100 # Minimum size of premium is 100 - https://learn.microsoft.com/en-us/azure/storage/files/understanding-billing#provisioning-method
-}
-
 ## Kubernetes Resources (static provision of persistent volumes)
 resource "kubernetes_namespace" "updates_jenkins_io" {
   provider = kubernetes.publick8s
@@ -85,10 +71,6 @@ resource "kubernetes_secret" "updates_jenkins_io_storage" {
 }
 
 # Persistent Data available in read and write
-moved {
-  from = kubernetes_persistent_volume.updates_jenkins_io_content_data
-  to   = kubernetes_persistent_volume.updates_jenkins_io_data
-}
 resource "kubernetes_persistent_volume" "updates_jenkins_io_data" {
   provider = kubernetes.publick8s
   metadata {
@@ -129,10 +111,6 @@ resource "kubernetes_persistent_volume" "updates_jenkins_io_data" {
     }
   }
 }
-moved {
-  from = kubernetes_persistent_volume_claim.updates_jenkins_io_content_data
-  to   = kubernetes_persistent_volume_claim.updates_jenkins_io_data
-}
 resource "kubernetes_persistent_volume_claim" "updates_jenkins_io_data" {
   provider = kubernetes.publick8s
   metadata {