- Cloud Scheduler kicks off a Cloud Workflow that runs on a scheduled cadence
- A Cloud Workflow will check for active or claimed unattended project recommendations for the organization via the Recommender API
- A BigQuery table containing each recommendation and the number of times it has been processed is queried and updated
- A Cloud Workflow will determine what actions need to be taken (e.g., deleting the project as well as which contacts should be notified)
- A Cloud Workflow will publish a message to a Pub/Sub topic
- A Pub/Sub subscription will push the message to a Cloud Function
- A Cloud Function will retrieve the Jira or Sendgrid credentials from Secret Manager in order to notify the designated contacts
- Jira or Sendgrid will notify project contacts via a ticket or email, respectively, regarding the unattended projects
- The project contacts will be able to act on the unattended project recommendations, either by applying or dismissing them
- Applying or dismissing the recommendation will update its state on the Recommender API
Remora’s core capabilities
Remora was built with several essential capabilities to ensure it could be customized to help meet each organization’s unique requirements:
-
Dry-run mode: dry-run mode is enabled by default, which prevents Remora from deleting projects. Dry-run mode must be turned off in order for projects to be deleted by the solution.
-
Multiple notifications: owners of unused projects should have multiple opportunities to act on the recommendations. Remora notifies owners every time it runs, and Cloud Scheduler can be used to set up periodic Remora runs (e.g., once a week).
-
Summary notifications: an owner on multiple unused projects receives a single email notification with all the projects identified.
-
Escalation of notifications: the first notification is always sent directly to the project owner(s). We’ve implemented two mechanisms for escalations of subsequent notifications:
-
Essential Contacts: Remora escalates to the specified category of Essential Contacts for the project. If your identities are different from your email addresses, configuring Essential Contacts will inform Remora of the correct escalation email addresses.
-
Folder or organization admins: when an Essential Contacts category is not specified, Remora escalates to the admin of the project’s parent folder or organization (whichever is the parent in the resource hierarchy).
-
Time-to-live: Organization admins can set the number of days during which an unused project can remain in their organization. Remora will label the projects with their impending deletion date and delete the projects after the designated period of time and three notifications.
-
Notification mechanisms: Remora sends email notifications using Sendgrid or creates Jira tickets.
-
Deployment using Google Cloud CLI or Terraform: Remora can be deployed manually using gcloud commands or as a Terraform module.
The holistic solution
The entire solution is made up by combining the components below.
Unattended Project Recommender
The unattended project recommender analyzes project usage and provides recommendations to remove unused projects. Generally, a project will be recommended for deletion when it has low usage for 30 days and no OAuth tokens used in the last 180 days. Remora will then label the unattended project for deletion.
Google Cloud Workflows and Scheduler
Workflows is a service that lets you connect different Google Cloud services and APIs to create pipelines and process automation. Workflows are configured with a YAML or JSON file that lists a series of steps in their order of execution. For this solution, Workflows are used to create the initial BigQuery dataset and tables where recommendations will be tracked, retrieve the latest unattended project recommendations from the Recommender API, and call Pub/Sub to initiate the notification process to the owners of the identified unattended projects. The workflows execute on a schedule configured using Cloud Scheduler, Google Cloud’s crontab-as-a-service solution. Cloud Scheduler is where you configure how often you want Remora to process unattended project recommendations.
Cloud Functions
Cloud Functions is Google Cloud’s function-as-a-service offering that lets you execute lightweight functions without the need to manage any servers. Cloud Functions can execute programmatically when triggered by events from Cloud Storage, Pub/Sub, Firebase or HTTP requests. Here, a Cloud Function is triggered via Pub/Sub to alert the project owner via email using Sendgrid or via an issue in Jira.
