Updated README, added --retain-traffic-data to cluster-destroy (#159)

Signed-off-by: Chris Helma <[email protected]>
arkime · Jan 22, 2024 · 6c70ed4 · 6c70ed4
1 parent e679663
commit 6c70ed4
Show file tree

Hide file tree

Showing 4 changed files with 43 additions and 8 deletions.
diff --git a/README.md b/README.md
@@ -108,7 +108,7 @@ You can see your created cluster and the VPCs it is currently monitoring using t
 By default, you will be given the minimum-size Capture Cluster.  You can provision a Cluster that will serve your expected usage using a set of optional command-line parameters, which will ensure the EC2 Capture Nodes and OpenSearch Domain are suitably provisioned (plus a little extra for safety):
 
 ```
-./manage_arkime.py cluster-create --name MyCluster --expected-traffic 1 --spi-days 30 --replicas 1
+./manage_arkime.py cluster-create --name MyCluster --expected-traffic 0.01 --spi-days 30 --replicas 1
 ```
 
 ### Setting up capture for a VPC in the Cluster account

diff --git a/manage_arkime.py b/manage_arkime.py
@@ -142,11 +142,19 @@ def cluster_create(ctx, name, expected_traffic, spi_days, history_days, replicas
     show_default=True,
     default=False
 )
+@click.option(
+    "--retain-traffic-data",
+    help=("Keeps the OpenSearch Domain and S3 Bucket containing your traffic data intact, along with associated CloudFormation"
+          + " stacks." ),
+    is_flag=True,
+    show_default=True,
+    default=False
+)
 @click.pass_context
-def cluster_destroy(ctx, name, destroy_everything):
+def cluster_destroy(ctx, name, destroy_everything, retain_traffic_data):
     profile = ctx.obj.get("profile")
     region = ctx.obj.get("region")
-    cmd_cluster_destroy(profile, region, name, destroy_everything)
+    cmd_cluster_destroy(profile, region, name, destroy_everything, retain_traffic_data)
 cli.add_command(cluster_destroy)
 
 @click.command(help="Retrieves the login details of a cluster's the Arkime Viewer(s)")

diff --git a/manage_arkime/commands/cluster_destroy.py b/manage_arkime/commands/cluster_destroy.py
@@ -13,9 +13,14 @@
 
 logger = logging.getLogger(__name__)
 
-def cmd_cluster_destroy(profile: str, region: str, name: str, destroy_everything: bool):
+def cmd_cluster_destroy(profile: str, region: str, name: str, destroy_everything: bool, retain_traffic_data: bool):
     logger.debug(f"Invoking cluster-destroy with profile '{profile}' and region '{region}'")
 
+    if not (destroy_everything or retain_traffic_data):
+        logger.error("You must specify either --destroy-everything or --retain-traffic-data")
+        logger.warning("Aborting...")
+        return
+
     aws_provider = AwsClientProvider(aws_profile=profile, aws_region=region)
     cdk_client = CdkClient(aws_provider.get_aws_env())
 

diff --git a/test_manage_arkime/commands/test_cluster_destroy.py b/test_manage_arkime/commands/test_cluster_destroy.py
@@ -55,7 +55,7 @@ def test_WHEN_cmd_cluster_destroy_called_AND_dont_destroy_everything_THEN_expect
     mock_get_json.return_value = test_plan.to_dict()
 
     # Run our test
-    cmd_cluster_destroy("profile", "region", TEST_CLUSTER, False)
+    cmd_cluster_destroy("profile", "region", TEST_CLUSTER, False, True)
 
     # Check our results
     mock_destroy_bucket.assert_not_called()
@@ -132,7 +132,7 @@ def test_WHEN_cmd_cluster_destroy_called_AND_destroy_everything_THEN_expected_cm
     mock_get_context.return_value = {"key": "value"}
 
     # Run our test
-    cmd_cluster_destroy("profile", "region", TEST_CLUSTER, True)
+    cmd_cluster_destroy("profile", "region", TEST_CLUSTER, True, False)
 
     # Check our results
     expected_destroy_domain_calls = [
@@ -206,7 +206,7 @@ def test_WHEN_cmd_cluster_destroy_called_AND_existing_captures_THEN_abort(mock_c
     mock_get_ssm_json.side_effect = [test_plan.to_dict(), "arkime-domain"]
 
     # Run our test
-    cmd_cluster_destroy("profile", "region", TEST_CLUSTER, False)
+    cmd_cluster_destroy("profile", "region", TEST_CLUSTER, False, True)
 
     # Check our results
     mock_destroy_bucket.assert_not_called()
@@ -230,13 +230,35 @@ def test_WHEN_cmd_cluster_destroy_called_AND_doesnt_exist_THEN_abort(mock_cdk_cl
     mock_get_ssm_json.side_effect = ParamDoesNotExist("")
 
     # Run our test
-    cmd_cluster_destroy("profile", "region", TEST_CLUSTER, False)
+    cmd_cluster_destroy("profile", "region", TEST_CLUSTER, False, True)
 
     # Check our results
     mock_destroy_bucket.assert_not_called()
     mock_destroy_domain.assert_not_called()
     mock_client.destroy.assert_not_called()
 
+@mock.patch("commands.cluster_destroy.AwsClientProvider", mock.Mock())
+@mock.patch("commands.cluster_destroy.get_ssm_param_json_value")
+@mock.patch("commands.cluster_destroy.get_ssm_names_by_path")
+@mock.patch("commands.cluster_destroy.destroy_os_domain_and_wait")
+@mock.patch("commands.cluster_destroy.destroy_bucket")
+@mock.patch("commands.cluster_destroy.CdkClient")
+def test_WHEN_cmd_cluster_destroy_called_AND_dont_supply_tags_THEN_abort(mock_cdk_client_cls, mock_destroy_bucket, mock_destroy_domain,
+                                                                          mock_ssm_names, mock_get_ssm_json):
+    # Set up our mock
+    mock_client = mock.Mock()
+    mock_cdk_client_cls.return_value = mock_client
+
+    # Run our test
+    cmd_cluster_destroy("profile", "region", TEST_CLUSTER, False, False)
+
+    # Check our results
+    mock_ssm_names.assert_not_called()
+    mock_get_ssm_json.assert_not_called()
+    mock_destroy_bucket.assert_not_called()
+    mock_destroy_domain.assert_not_called()
+    mock_client.destroy.assert_not_called()
+
 @mock.patch("commands.cluster_destroy.delete_ssm_param")
 @mock.patch("commands.cluster_destroy.destroy_cert")
 @mock.patch("commands.cluster_destroy.get_ssm_param_value")