Compare commits
2 Commits
1be07db276
...
main
| Author | SHA1 | Date | |
|---|---|---|---|
| fbc5e6edff | |||
| 4b7e604313 |
8
.gitignore
vendored
8
.gitignore
vendored
@@ -1,4 +1,8 @@
|
|||||||
# Claude Code
|
# Vibe Coding
|
||||||
.mcp.json
|
|
||||||
.claude/
|
.claude/
|
||||||
|
.oprncode/
|
||||||
|
|
||||||
llmdoc/
|
llmdoc/
|
||||||
|
.sisyphus/
|
||||||
|
|
||||||
|
.mcp.json
|
||||||
@@ -280,23 +280,24 @@ enable_services() {
|
|||||||
}
|
}
|
||||||
|
|
||||||
#
|
#
|
||||||
# 创建服务账号
|
# 创建服务账号(用于 API 密钥身份验证)
|
||||||
#
|
#
|
||||||
create_service_account() {
|
create_service_account() {
|
||||||
local project_id=$1
|
local project_id=$1
|
||||||
local max_retries=$2
|
local max_retries=$2
|
||||||
local retry_delay=$3
|
local retry_delay=$3
|
||||||
|
local sa_name="vertex-ai-runner"
|
||||||
|
local sa_email="${sa_name}@${project_id}.iam.gserviceaccount.com"
|
||||||
|
|
||||||
log_info "创建服务账号 service-account@$project_id.iam.gserviceaccount.com"
|
log_info "创建服务账号 $sa_email"
|
||||||
|
|
||||||
# 检查服务账号是否已存在
|
if gcloud iam service-accounts describe "$sa_email" --project="$project_id" &>/dev/null; then
|
||||||
if gcloud iam service-accounts describe "service-account@$project_id.iam.gserviceaccount.com" --project="$project_id" &>/dev/null; then
|
|
||||||
log_warning "服务账号已存在,跳过创建"
|
log_warning "服务账号已存在,跳过创建"
|
||||||
return 0
|
return 0
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if retry_command "$max_retries" "$retry_delay" gcloud iam service-accounts create service-account \
|
if retry_command "$max_retries" "$retry_delay" gcloud iam service-accounts create "$sa_name" \
|
||||||
--display-name="AI Platform Service Account" \
|
--display-name="Vertex AI Runner" \
|
||||||
--project="$project_id"; then
|
--project="$project_id"; then
|
||||||
log_success "服务账号创建成功"
|
log_success "服务账号创建成功"
|
||||||
return 0
|
return 0
|
||||||
@@ -307,48 +308,124 @@ create_service_account() {
|
|||||||
}
|
}
|
||||||
|
|
||||||
#
|
#
|
||||||
# 添加 IAM 策略
|
# 授予服务账号 Vertex AI 角色
|
||||||
#
|
#
|
||||||
add_iam_policy() {
|
grant_vertex_ai_role() {
|
||||||
local project_id=$1
|
local project_id=$1
|
||||||
local max_retries=$2
|
local max_retries=$2
|
||||||
local retry_delay=$3
|
local retry_delay=$3
|
||||||
|
local sa_email="vertex-ai-runner@${project_id}.iam.gserviceaccount.com"
|
||||||
|
|
||||||
log_info "授予 aiplatform.serviceAgent 角色"
|
log_info "授予 Vertex AI Platform Express User 角色"
|
||||||
if retry_command "$max_retries" "$retry_delay" gcloud projects add-iam-policy-binding "$project_id" \
|
if retry_command "$max_retries" "$retry_delay" gcloud projects add-iam-policy-binding "$project_id" \
|
||||||
--member="serviceAccount:service-account@$project_id.iam.gserviceaccount.com" \
|
--member="serviceAccount:$sa_email" \
|
||||||
--role="roles/aiplatform.serviceAgent"; then
|
--role="roles/aiplatform.expressUser" \
|
||||||
log_success "IAM 策略授予成功"
|
--condition=None; then
|
||||||
|
log_success "角色授予成功"
|
||||||
return 0
|
return 0
|
||||||
else
|
else
|
||||||
log_error "授予 IAM 策略失败 (已重试)"
|
log_error "授予角色失败 (已重试)"
|
||||||
return 1
|
return 1
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
#
|
#
|
||||||
# 创建服务账号密钥
|
# 启用 API Keys 服务
|
||||||
#
|
#
|
||||||
create_service_account_key() {
|
enable_api_keys_service() {
|
||||||
local project_id=$1
|
local project_id=$1
|
||||||
local max_retries=$2
|
local max_retries=$2
|
||||||
local retry_delay=$3
|
local retry_delay=$3
|
||||||
|
|
||||||
log_info "创建服务账号密钥"
|
log_info "启用 apikeys.googleapis.com 服务"
|
||||||
|
if retry_command "$max_retries" "$retry_delay" gcloud services enable apikeys.googleapis.com --project="$project_id"; then
|
||||||
|
log_success "API Keys 服务启用成功"
|
||||||
|
return 0
|
||||||
|
else
|
||||||
|
log_error "启用 apikeys.googleapis.com 服务失败 (已重试)"
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
# 检查密钥文件是否已存在
|
#
|
||||||
if [ -f "pass-$project_id.json" ]; then
|
# 创建 Google Cloud API 密钥(绑定服务账号)
|
||||||
log_warning "密钥文件 pass-$project_id.json 已存在,跳过创建"
|
#
|
||||||
|
create_api_key() {
|
||||||
|
local project_id=$1
|
||||||
|
local max_retries=$2
|
||||||
|
local retry_delay=$3
|
||||||
|
local key_file="apikey-$project_id.txt"
|
||||||
|
local sa_email="vertex-ai-runner@${project_id}.iam.gserviceaccount.com"
|
||||||
|
|
||||||
|
log_info "创建 Google Cloud API 密钥(绑定服务账号 $sa_email)"
|
||||||
|
|
||||||
|
if [ -f "$key_file" ]; then
|
||||||
|
log_warning "API 密钥文件 $key_file 已存在,跳过创建"
|
||||||
return 0
|
return 0
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if retry_command "$max_retries" "$retry_delay" gcloud iam service-accounts keys create "pass-$project_id.json" \
|
local key_name="vertex-ai-key"
|
||||||
--iam-account="service-account@$project_id.iam.gserviceaccount.com" \
|
local attempt=1
|
||||||
--project="$project_id"; then
|
local create_success=false
|
||||||
log_success "服务账号密钥创建成功: pass-$project_id.json"
|
|
||||||
|
while [ $attempt -le "$max_retries" ]; do
|
||||||
|
log_info "尝试创建 API 密钥 (第 $attempt/$max_retries 次)"
|
||||||
|
|
||||||
|
local temp_error
|
||||||
|
temp_error=$(mktemp)
|
||||||
|
|
||||||
|
if gcloud services api-keys create \
|
||||||
|
--display-name="$key_name" \
|
||||||
|
--api-target=service=aiplatform.googleapis.com \
|
||||||
|
--service-account="$sa_email" \
|
||||||
|
--project="$project_id" 2>"$temp_error"; then
|
||||||
|
|
||||||
|
log_success "API 密钥创建命令执行成功"
|
||||||
|
rm -f "$temp_error"
|
||||||
|
create_success=true
|
||||||
|
break
|
||||||
|
else
|
||||||
|
log_warning "创建失败 (第 $attempt/$max_retries 次)"
|
||||||
|
if [ -s "$temp_error" ]; then
|
||||||
|
log_error "错误: $(cat "$temp_error")"
|
||||||
|
fi
|
||||||
|
rm -f "$temp_error"
|
||||||
|
|
||||||
|
if [ $attempt -lt "$max_retries" ]; then
|
||||||
|
log_info "将在 $retry_delay 秒后重试..."
|
||||||
|
sleep "$retry_delay"
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
((attempt++))
|
||||||
|
done
|
||||||
|
|
||||||
|
if [ "$create_success" != "true" ]; then
|
||||||
|
log_error "创建 API 密钥命令执行失败"
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
log_info "等待 API 密钥创建完成..."
|
||||||
|
sleep 5
|
||||||
|
|
||||||
|
log_info "查找已创建的 API 密钥..."
|
||||||
|
local key_resource_name
|
||||||
|
key_resource_name=$(gcloud services api-keys list --project="$project_id" --filter="displayName=$key_name" --format="value(name)" 2>/dev/null | head -n 1)
|
||||||
|
|
||||||
|
if [ -z "$key_resource_name" ]; then
|
||||||
|
log_error "未找到已创建的 API 密钥"
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
log_info "获取 API 密钥字符串: $key_resource_name"
|
||||||
|
local api_key_value
|
||||||
|
api_key_value=$(gcloud services api-keys get-key-string "$key_resource_name" --format="value(keyString)" 2>/dev/null)
|
||||||
|
|
||||||
|
if [ -n "$api_key_value" ]; then
|
||||||
|
echo "$api_key_value" > "$key_file"
|
||||||
|
log_success "API 密钥创建成功: $key_file"
|
||||||
return 0
|
return 0
|
||||||
else
|
else
|
||||||
log_error "创建服务账号密钥失败 (已重试)"
|
log_error "无法获取 API 密钥字符串"
|
||||||
return 1
|
return 1
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
@@ -359,6 +436,7 @@ START_NUM="$DEFAULT_START_NUM"
|
|||||||
REPEAT_NUM="$DEFAULT_REPEAT_NUM"
|
REPEAT_NUM="$DEFAULT_REPEAT_NUM"
|
||||||
MAX_RETRIES="$DEFAULT_MAX_RETRIES"
|
MAX_RETRIES="$DEFAULT_MAX_RETRIES"
|
||||||
RETRY_DELAY="$DEFAULT_RETRY_DELAY"
|
RETRY_DELAY="$DEFAULT_RETRY_DELAY"
|
||||||
|
DEBUG_MODE=false
|
||||||
|
|
||||||
# 解析命令行参数
|
# 解析命令行参数
|
||||||
while [[ $# -gt 0 ]]; do
|
while [[ $# -gt 0 ]]; do
|
||||||
@@ -522,17 +600,25 @@ for i in $(seq "$START_NUM" "$END_NUM"); do
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
if [ "$project_success" = true ]; then
|
if [ "$project_success" = true ]; then
|
||||||
log_debug "步骤5: 添加IAM策略"
|
log_debug "步骤5: 授予 Vertex AI 角色"
|
||||||
if ! add_iam_policy "$PROJECT_ID" "$MAX_RETRIES" "$RETRY_DELAY"; then
|
if ! grant_vertex_ai_role "$PROJECT_ID" "$MAX_RETRIES" "$RETRY_DELAY"; then
|
||||||
log_debug "添加IAM策略失败"
|
log_debug "授予角色失败"
|
||||||
project_success=false
|
project_success=false
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ "$project_success" = true ]; then
|
if [ "$project_success" = true ]; then
|
||||||
log_debug "步骤6: 创建服务账号密钥"
|
log_debug "步骤6: 启用 API Keys 服务"
|
||||||
if ! create_service_account_key "$PROJECT_ID" "$MAX_RETRIES" "$RETRY_DELAY"; then
|
if ! enable_api_keys_service "$PROJECT_ID" "$MAX_RETRIES" "$RETRY_DELAY"; then
|
||||||
log_debug "创建服务账号密钥失败"
|
log_debug "启用 API Keys 服务失败"
|
||||||
|
project_success=false
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ "$project_success" = true ]; then
|
||||||
|
log_debug "步骤7: 创建 API 密钥"
|
||||||
|
if ! create_api_key "$PROJECT_ID" "$MAX_RETRIES" "$RETRY_DELAY"; then
|
||||||
|
log_debug "创建 API 密钥失败"
|
||||||
project_success=false
|
project_success=false
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
@@ -540,10 +626,10 @@ for i in $(seq "$START_NUM" "$END_NUM"); do
|
|||||||
# 统计结果
|
# 统计结果
|
||||||
if [ "$project_success" = true ]; then
|
if [ "$project_success" = true ]; then
|
||||||
log_success "项目 $PROJECT_ID 所有操作处理完成"
|
log_success "项目 $PROJECT_ID 所有操作处理完成"
|
||||||
((successful_projects++))
|
((successful_projects++)) || true
|
||||||
else
|
else
|
||||||
log_warning "项目 $PROJECT_ID 处理过程中出现错误,部分操作可能未完成。"
|
log_warning "项目 $PROJECT_ID 处理过程中出现错误,部分操作可能未完成。"
|
||||||
((failed_projects++))
|
((failed_projects++)) || true
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# 添加延迟,避免 API 限制
|
# 添加延迟,避免 API 限制
|
||||||
@@ -567,8 +653,8 @@ if [ "$successful_projects" -gt 0 ]; then
|
|||||||
log_success "成功创建的项目:"
|
log_success "成功创建的项目:"
|
||||||
for i in $(seq "$START_NUM" "$END_NUM"); do
|
for i in $(seq "$START_NUM" "$END_NUM"); do
|
||||||
PROJECT_ID="${PROJECT_ID_PREFIX}$(printf "%02d" "$i")"
|
PROJECT_ID="${PROJECT_ID_PREFIX}$(printf "%02d" "$i")"
|
||||||
if [ -f "pass-$PROJECT_ID.json" ]; then
|
if [ -f "apikey-$PROJECT_ID.txt" ]; then
|
||||||
log_info " ✓ $PROJECT_ID (密钥文件: pass-$PROJECT_ID.json)"
|
log_info " ✓ $PROJECT_ID (API 密钥文件: apikey-$PROJECT_ID.txt)"
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
fi
|
fi
|
||||||
|
|||||||
@@ -3,7 +3,7 @@
|
|||||||
# 文件名: delete_all_projects.sh
|
# 文件名: delete_all_projects.sh
|
||||||
# 描述: 删除 GCP 账户下的所有项目(危险操作)
|
# 描述: 删除 GCP 账户下的所有项目(危险操作)
|
||||||
# 作者: Cloud Tools Project
|
# 作者: Cloud Tools Project
|
||||||
# 版本: 2.1.0(支持远程库加载)
|
# 版本: 2.1.1(支持远程库加载)
|
||||||
# 警告: 此操作不可逆,所有项目数据将永久丢失
|
# 警告: 此操作不可逆,所有项目数据将永久丢失
|
||||||
# ============================================================================
|
# ============================================================================
|
||||||
|
|
||||||
@@ -90,32 +90,39 @@ readonly LOG_FILE="deleted_projects_$(date +%Y%m%d_%H%M%S).log"
|
|||||||
log_set_file "$LOG_FILE"
|
log_set_file "$LOG_FILE"
|
||||||
|
|
||||||
#
|
#
|
||||||
# 获取并展示所有项目
|
# 获取所有项目 ID 列表
|
||||||
|
# 返回: 项目 ID 列表(每行一个),通过 stdout 返回
|
||||||
|
# 退出码: 0 成功,1 失败
|
||||||
#
|
#
|
||||||
get_and_display_projects() {
|
get_projects() {
|
||||||
# 获取所有项目
|
|
||||||
log_warning "获取项目列表..."
|
log_warning "获取项目列表..."
|
||||||
local projects
|
local projects
|
||||||
projects=$(gcloud projects list --format="value(projectId)")
|
projects=$(gcloud projects list --format="value(projectId)")
|
||||||
|
|
||||||
if [ -z "$projects" ]; then
|
if [ -z "$projects" ]; then
|
||||||
log_warning "没有找到任何项目"
|
log_warning "没有找到任何项目"
|
||||||
exit 0
|
return 0
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# 显示所有项目
|
|
||||||
log_warning "以下项目将被删除:"
|
|
||||||
echo "$projects" | nl
|
|
||||||
echo
|
|
||||||
|
|
||||||
# 统计项目数量
|
|
||||||
local project_count
|
|
||||||
project_count=$(echo "$projects" | wc -l)
|
|
||||||
log_warning "总计: $project_count 个项目"
|
|
||||||
|
|
||||||
echo "$projects"
|
echo "$projects"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#
|
||||||
|
# 显示项目列表(带编号)
|
||||||
|
# 参数: $1 - 项目列表(换行符分隔)
|
||||||
|
# 输出: 到 stderr
|
||||||
|
#
|
||||||
|
display_projects() {
|
||||||
|
local projects="$1"
|
||||||
|
local project_count
|
||||||
|
project_count=$(echo "$projects" | wc -l | tr -d ' ')
|
||||||
|
|
||||||
|
log_warning "以下项目将被删除:"
|
||||||
|
echo "$projects" | nl >&2
|
||||||
|
echo >&2
|
||||||
|
log_warning "总计: $project_count 个项目"
|
||||||
|
}
|
||||||
|
|
||||||
#
|
#
|
||||||
# 删除单个项目
|
# 删除单个项目
|
||||||
#
|
#
|
||||||
@@ -154,13 +161,22 @@ main() {
|
|||||||
exit 0
|
exit 0
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# 获取并展示项目列表
|
# 获取项目列表
|
||||||
local projects
|
local projects
|
||||||
projects=$(get_and_display_projects)
|
projects=$(get_projects)
|
||||||
|
|
||||||
|
# 检查是否有项目
|
||||||
|
if [ -z "$projects" ]; then
|
||||||
|
log_warning "没有找到任何项目,退出"
|
||||||
|
exit 0
|
||||||
|
fi
|
||||||
|
|
||||||
|
# 显示项目列表
|
||||||
|
display_projects "$projects"
|
||||||
|
|
||||||
# 统计项目数量
|
# 统计项目数量
|
||||||
local project_count
|
local project_count
|
||||||
project_count=$(echo "$projects" | wc -l)
|
project_count=$(echo "$projects" | wc -l | tr -d ' ')
|
||||||
|
|
||||||
# 第二次确认
|
# 第二次确认
|
||||||
log_error "最后确认:您将要删除 $project_count 个项目!"
|
log_error "最后确认:您将要删除 $project_count 个项目!"
|
||||||
@@ -180,9 +196,9 @@ main() {
|
|||||||
|
|
||||||
for project_id in $projects; do
|
for project_id in $projects; do
|
||||||
if delete_project "$project_id" "$LOG_FILE"; then
|
if delete_project "$project_id" "$LOG_FILE"; then
|
||||||
((deleted_count++))
|
((deleted_count++)) || true
|
||||||
else
|
else
|
||||||
((failed_count++))
|
((failed_count++)) || true
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# 添加短暂延迟,避免 API 限制
|
# 添加短暂延迟,避免 API 限制
|
||||||
|
|||||||
Reference in New Issue
Block a user