Refactor infra/gcp libs

infra/gcp/lib.sh

@@ -16,20 +16,8 @@
 
 # This is a library of functions used to create GCP stuff.
 
-function _color() {
-    tput setf "$1" || true
-}
-
-function _nocolor() {
-    tput sgr0 || true
-}
-
-function color() {
-    _color "$1"
-    shift
-    echo "$@"
-    _nocolor
-}
+. "$(dirname "${BASH_SOURCE[0]}")/lib_util.sh"
+. "$(dirname "${BASH_SOURCE[0]}")/lib_gcs.sh"
 
 # The group that admins all GCR repos.
 GCR_ADMINS="[email protected]"
@@ -185,81 +173,6 @@ function ensure_gcr_repo() {
     gsutil bucketpolicyonly set on "${bucket}"
 }
 
-# Ensure the bucket exists
-# $1: The GCP project
-# $2: The bucket
-function ensure_gcs_bucket() {
-    if [ $# -lt 2 -o -z "$1" -o -z "$2" ]; then
-        echo "ensure_gcs_bucket(project, bucket) requires 2 arguments" >&2
-        return 1
-    fi
-    project="$1"
-    bucket="$2"
-    location="us"
-
-    if ! gsutil ls "${bucket}" >/dev/null 2>&1; then
-      gsutil mb -p "${project}" -l "${location}" "${bucket}"
-    fi
-    gsutil bucketpolicyonly set on "${bucket}"
-}
-
-# Ensure the bucket exists and is world-readable
-# $1: The GCP project
-# $2: The bucket
-function ensure_public_gcs_bucket() {
-    if [ $# -lt 2 -o -z "$1" -o -z "$2" ]; then
-        echo "ensure_public_gcs_bucket(project, bucket) requires 2 arguments" >&2
-        return 1
-    fi
-    project="$1"
-    bucket="$2"
-
-    ensure_gcs_bucket "${project}" "${bucket}"
-    gsutil iam ch allUsers:objectViewer "${bucket}"
-}
-
-# Ensure the bucket exists and is NOT world-accessible
-# $1: The GCP project
-# $2: The bucket
-function ensure_private_gcs_bucket() {
-    if [ $# -lt 2 -o -z "$1" -o -z "$2" ]; then
-        echo "ensure_private_gcs_bucket(project, bucket) requires 2 arguments" >&2
-        return 1
-    fi
-    project="$1"
-    bucket="$2"
-
-    ensure_gcs_bucket "${project}" "${bucket}"
-    gsutil iam ch -d allUsers "${bucket}"
-}
-
-# Sets the web policy on the bucket, including a default index.html page
-# $1: The bucket
-function ensure_gcs_web_policy() {
-    if [ $# -lt 1 -o -z "$1" ]; then
-        echo "ensure_gcs_web_policy(bucket) requires 1 argument" >&2
-        return 1
-    fi
-    bucket="$1"
-
-    gsutil web set -m index.html "${bucket}"
-}
-
-# Copies any static content into the bucket
-# $1: The bucket
-# $2: The source directory
-function upload_gcs_static_content() {
-    if [ $# -lt 2 -o -z "$1" -o -z "$2" ]; then
-        echo "upload_gcs_static_content(bucket, dir) requires 2 arguments" >&2
-        return 1
-    fi
-    bucket="$1"
-    srcdir="$2"
-
-    # Checksum data to avoid no-op syncs.
-    gsutil rsync -c "${srcdir}" "${bucket}"
-}
-
 # Grant project viewer privileges to a principal
 # $1: The GCP project
 # $2: The group email
@@ -431,44 +344,6 @@ function empower_group_to_gcr() {
     empower_group_to_write_gcs_bucket "${group}" "${bucket}"
 }
 
-# Grant write privileges on a bucket to a group
-# $1: The googlegroups group
-# $2: The bucket
-function empower_group_to_write_gcs_bucket() {
-    if [ $# -lt 2 -o -z "$1" -o -z "$2" ]; then
-        echo "empower_group_to_write_gcs_bucket(group_name, bucket) requires 2 arguments" >&2
-        return 1
-    fi
-    group="$1"
-    bucket="$2"
-
-    gsutil iam ch \
-        "group:${group}:objectAdmin" \
-        "${bucket}"
-    gsutil iam ch \
-        "group:${group}:legacyBucketReader" \
-        "${bucket}"
-}
-
-# Grant admin privileges on a bucket to a group
-# $1: The googlegroups group
-# $2: The bucket
-function empower_group_to_admin_gcs_bucket() {
-    if [ $# -lt 2 -o -z "$1" -o -z "$2" ]; then
-        echo "empower_group_to_admin_gcs_bucket(group_name, bucket) requires 2 arguments" >&2
-        return 1
-    fi
-    group="$1"
-    bucket="$2"
-
-    gsutil iam ch \
-        "group:${group}:objectAdmin" \
-        "${bucket}"
-    gsutil iam ch \
-        "group:${group}:legacyBucketOwner" \
-        "${bucket}"
-}
-
 # Grant Cloud Run privileges to a group.
 # $1: The GCP project
 # $2: The googlegroups group
@@ -616,47 +491,6 @@ function empower_artifact_auditor_invoker() {
         --region=us-central1
 }
 
-# Ensure the bucket retention policy is set
-# $1: The GCS bucket
-# $2: The retention
-function ensure_gcs_bucket_retention() {
-    if [ $# -lt 2 -o -z "$1" -o -z "$2" ]; then
-        echo "ensure_gcs_bucket_retention(bucket, retention) requires 2 arguments" >&2
-        return 1
-    fi
-    bucket="$1"
-    retention="$2"
-
-    gsutil retention set "${retention}" "${bucket}"
-}
-
-# Ensure the bucket auto-deletion policy is set
-# $1: The GCS bucket
-# $2: The auto-deletion policy
-function ensure_gcs_bucket_auto_deletion() {
-    if [ $# -lt 2 -o -z "$1" -o -z "$2" ]; then
-        echo "ensure_gcs_bucket_auto_deletion(bucket, auto_delettion_days) requires 2 arguments" >&2
-        return 1
-    fi
-    bucket="$1"
-    auto_deletion_days="$2"
-
-    echo "
-        {
-          \"rule\": [
-            {
-              \"condition\": {
-                \"age\": ${auto_deletion_days}
-              },
-              \"action\": {
-                \"type\": \"Delete\"
-              }
-            }
-          ]
-        }
-    " | gsutil lifecycle set /dev/stdin "${bucket}"
-}
-
 # Create a service account
 # $1: The GCP project
 # $2: The account name (e.g. "foo-manager")