cloud-mu 1.9.0.pre.beta → 2.0.0.pre.alpha

Sign up to get free protection for your applications and to get access to all the features.
Files changed (114) hide show
  1. checksums.yaml +4 -4
  2. data/Berksfile +16 -54
  3. data/Berksfile.lock +14 -62
  4. data/bin/mu-aws-setup +131 -108
  5. data/bin/mu-configure +311 -74
  6. data/bin/mu-gcp-setup +84 -62
  7. data/bin/mu-load-config.rb +46 -2
  8. data/bin/mu-self-update +11 -9
  9. data/bin/mu-upload-chef-artifacts +4 -4
  10. data/{mu.gemspec → cloud-mu.gemspec} +2 -2
  11. data/cookbooks/awscli/Berksfile +8 -0
  12. data/cookbooks/mu-activedirectory/Berksfile +11 -0
  13. data/cookbooks/mu-firewall/Berksfile +9 -0
  14. data/cookbooks/mu-firewall/metadata.rb +1 -1
  15. data/cookbooks/mu-glusterfs/Berksfile +10 -0
  16. data/cookbooks/mu-jenkins/Berksfile +14 -0
  17. data/cookbooks/mu-master/Berksfile +23 -0
  18. data/cookbooks/mu-master/attributes/default.rb +1 -1
  19. data/cookbooks/mu-master/metadata.rb +2 -2
  20. data/cookbooks/mu-master/recipes/default.rb +1 -1
  21. data/cookbooks/mu-master/recipes/init.rb +7 -3
  22. data/cookbooks/mu-master/recipes/ssl-certs.rb +1 -0
  23. data/cookbooks/mu-mongo/Berksfile +10 -0
  24. data/cookbooks/mu-openvpn/Berksfile +11 -0
  25. data/cookbooks/mu-php54/Berksfile +13 -0
  26. data/cookbooks/mu-splunk/Berksfile +10 -0
  27. data/cookbooks/mu-tools/Berksfile +21 -0
  28. data/cookbooks/mu-tools/files/default/Mu_CA.pem +15 -15
  29. data/cookbooks/mu-utility/Berksfile +9 -0
  30. data/cookbooks/mu-utility/metadata.rb +2 -1
  31. data/cookbooks/nagios/Berksfile +7 -4
  32. data/cookbooks/s3fs/Berksfile +9 -0
  33. data/environments/dev.json +6 -6
  34. data/environments/prod.json +6 -6
  35. data/modules/mu.rb +20 -42
  36. data/modules/mu/cleanup.rb +102 -100
  37. data/modules/mu/cloud.rb +90 -28
  38. data/modules/mu/clouds/aws.rb +449 -218
  39. data/modules/mu/clouds/aws/alarm.rb +29 -17
  40. data/modules/mu/clouds/aws/cache_cluster.rb +78 -64
  41. data/modules/mu/clouds/aws/collection.rb +25 -18
  42. data/modules/mu/clouds/aws/container_cluster.rb +73 -66
  43. data/modules/mu/clouds/aws/database.rb +124 -116
  44. data/modules/mu/clouds/aws/dnszone.rb +27 -20
  45. data/modules/mu/clouds/aws/firewall_rule.rb +30 -22
  46. data/modules/mu/clouds/aws/folder.rb +18 -3
  47. data/modules/mu/clouds/aws/function.rb +77 -23
  48. data/modules/mu/clouds/aws/group.rb +19 -12
  49. data/modules/mu/clouds/aws/habitat.rb +153 -0
  50. data/modules/mu/clouds/aws/loadbalancer.rb +59 -52
  51. data/modules/mu/clouds/aws/log.rb +30 -23
  52. data/modules/mu/clouds/aws/msg_queue.rb +29 -20
  53. data/modules/mu/clouds/aws/notifier.rb +222 -0
  54. data/modules/mu/clouds/aws/role.rb +178 -90
  55. data/modules/mu/clouds/aws/search_domain.rb +40 -24
  56. data/modules/mu/clouds/aws/server.rb +169 -137
  57. data/modules/mu/clouds/aws/server_pool.rb +60 -83
  58. data/modules/mu/clouds/aws/storage_pool.rb +59 -31
  59. data/modules/mu/clouds/aws/user.rb +36 -27
  60. data/modules/mu/clouds/aws/userdata/linux.erb +101 -93
  61. data/modules/mu/clouds/aws/vpc.rb +250 -189
  62. data/modules/mu/clouds/azure.rb +132 -0
  63. data/modules/mu/clouds/cloudformation.rb +65 -1
  64. data/modules/mu/clouds/cloudformation/alarm.rb +8 -0
  65. data/modules/mu/clouds/cloudformation/cache_cluster.rb +7 -0
  66. data/modules/mu/clouds/cloudformation/collection.rb +7 -0
  67. data/modules/mu/clouds/cloudformation/database.rb +7 -0
  68. data/modules/mu/clouds/cloudformation/dnszone.rb +7 -0
  69. data/modules/mu/clouds/cloudformation/firewall_rule.rb +9 -2
  70. data/modules/mu/clouds/cloudformation/loadbalancer.rb +7 -0
  71. data/modules/mu/clouds/cloudformation/log.rb +7 -0
  72. data/modules/mu/clouds/cloudformation/server.rb +7 -0
  73. data/modules/mu/clouds/cloudformation/server_pool.rb +7 -0
  74. data/modules/mu/clouds/cloudformation/vpc.rb +7 -0
  75. data/modules/mu/clouds/google.rb +214 -110
  76. data/modules/mu/clouds/google/container_cluster.rb +42 -24
  77. data/modules/mu/clouds/google/database.rb +15 -6
  78. data/modules/mu/clouds/google/firewall_rule.rb +17 -25
  79. data/modules/mu/clouds/google/group.rb +13 -5
  80. data/modules/mu/clouds/google/habitat.rb +105 -0
  81. data/modules/mu/clouds/google/loadbalancer.rb +28 -20
  82. data/modules/mu/clouds/google/server.rb +93 -354
  83. data/modules/mu/clouds/google/server_pool.rb +18 -10
  84. data/modules/mu/clouds/google/user.rb +22 -14
  85. data/modules/mu/clouds/google/vpc.rb +97 -69
  86. data/modules/mu/config.rb +133 -38
  87. data/modules/mu/config/alarm.rb +25 -0
  88. data/modules/mu/config/cache_cluster.rb +5 -3
  89. data/modules/mu/config/cache_cluster.yml +23 -0
  90. data/modules/mu/config/database.rb +25 -16
  91. data/modules/mu/config/database.yml +3 -3
  92. data/modules/mu/config/function.rb +1 -2
  93. data/modules/mu/config/{project.rb → habitat.rb} +10 -10
  94. data/modules/mu/config/notifier.rb +85 -0
  95. data/modules/mu/config/notifier.yml +9 -0
  96. data/modules/mu/config/role.rb +1 -1
  97. data/modules/mu/config/search_domain.yml +2 -2
  98. data/modules/mu/config/server.rb +13 -1
  99. data/modules/mu/config/server.yml +3 -3
  100. data/modules/mu/config/server_pool.rb +3 -1
  101. data/modules/mu/config/storage_pool.rb +3 -1
  102. data/modules/mu/config/storage_pool.yml +19 -0
  103. data/modules/mu/config/vpc.rb +70 -8
  104. data/modules/mu/groomers/chef.rb +2 -3
  105. data/modules/mu/kittens.rb +500 -122
  106. data/modules/mu/master.rb +5 -5
  107. data/modules/mu/mommacat.rb +151 -91
  108. data/modules/tests/super_complex_bok.yml +12 -0
  109. data/modules/tests/super_simple_bok.yml +12 -0
  110. data/spec/mu/clouds/azure_spec.rb +82 -0
  111. data/spec/spec_helper.rb +105 -0
  112. metadata +26 -5
  113. data/modules/mu/clouds/aws/notification.rb +0 -139
  114. data/modules/mu/config/notification.rb +0 -44
@@ -40,7 +40,7 @@ module MU
40
40
  # Called automatically by {MU::Deploy#createResources}
41
41
  def create
42
42
  begin
43
- MU::Cloud::AWS.iam.get_group(
43
+ MU::Cloud::AWS.iam(credentials: @config['credentials']).get_group(
44
44
  group_name: @mu_name,
45
45
  path: @config['path']
46
46
  )
@@ -50,7 +50,7 @@ module MU
50
50
  rescue Aws::IAM::Errors::NoSuchEntity => e
51
51
  @config['path'] ||= "/"+@deploy.deploy_id+"/"
52
52
  MU.log "Creating IAM group #{@config['path']}#{@mu_name}"
53
- MU::Cloud::AWS.iam.create_group(
53
+ MU::Cloud::AWS.iam(credentials: @config['credentials']).create_group(
54
54
  group_name: @mu_name,
55
55
  path: @config['path']
56
56
  )
@@ -72,7 +72,7 @@ module MU
72
72
  if found.size == 1
73
73
  userdesc = found.values.first
74
74
  MU.log "Adding IAM user #{userdesc.path}#{userdesc.user_name} to group #{@mu_name}", MU::NOTICE
75
- MU::Cloud::AWS.iam.add_user_to_group(
75
+ MU::Cloud::AWS.iam(credentials: @config['credentials']).add_user_to_group(
76
76
  user_name: userid,
77
77
  group_name: @mu_name
78
78
  )
@@ -85,7 +85,7 @@ module MU
85
85
  extras = cloud_desc.users.map { |u| u.user_name } - @config['members']
86
86
  extras.each { |user_name|
87
87
  MU.log "Purging user #{user_name} from IAM group #{@cloud_id}", MU::NOTICE
88
- MU::Cloud::AWS.iam.remove_user_from_group(
88
+ MU::Cloud::AWS.iam(credentials: @config['credentials']).remove_user_from_group(
89
89
  user_name: user_name,
90
90
  group_name: @cloud_id
91
91
  )
@@ -110,7 +110,7 @@ module MU
110
110
  # Fetch the AWS API description of this group
111
111
  # return [Struct]
112
112
  def cloud_desc
113
- MU::Cloud::AWS.iam.get_group(
113
+ MU::Cloud::AWS.iam(credentials: @config['credentials']).get_group(
114
114
  group_name: @mu_name
115
115
  )
116
116
  end
@@ -123,29 +123,36 @@ module MU
123
123
  descriptor
124
124
  end
125
125
 
126
+ # Does this resource type exist as a global (cloud-wide) artifact, or
127
+ # is it localized to a region/zone?
128
+ # @return [Boolean]
129
+ def self.isGlobal?
130
+ true
131
+ end
132
+
126
133
  # Remove all groups associated with the currently loaded deployment.
127
134
  # @param noop [Boolean]: If true, will only print what would be done
128
135
  # @param ignoremaster [Boolean]: If true, will remove resources not flagged as originating from this Mu server
129
136
  # @param region [String]: The cloud provider region
130
137
  # @return [void]
131
- def self.cleanup(noop: false, ignoremaster: false, region: MU.curRegion, flags: {})
132
- resp = MU::Cloud::AWS.iam.list_groups(
138
+ def self.cleanup(noop: false, ignoremaster: false, region: MU.curRegion, credentials: nil, flags: {})
139
+ resp = MU::Cloud::AWS.iam(credentials: credentials).list_groups(
133
140
  path_prefix: "/"+MU.deploy_id+"/"
134
141
  )
135
142
  if resp and resp.groups
136
143
  resp.groups.each { |g|
137
144
  MU.log "Deleting IAM group #{g.path}#{g.group_name}"
138
145
  if !noop
139
- desc = MU::Cloud::AWS.iam.get_group(
146
+ desc = MU::Cloud::AWS.iam(credentials: credentials).get_group(
140
147
  group_name: g.group_name
141
148
  )
142
149
  desc.users.each { |u|
143
- MU::Cloud::AWS.iam.remove_user_from_group(
150
+ MU::Cloud::AWS.iam(credentials: credentials).remove_user_from_group(
144
151
  user_name: u.user_name,
145
152
  group_name: g.group_name
146
153
  )
147
154
  }
148
- MU::Cloud::AWS.iam.delete_group(
155
+ MU::Cloud::AWS.iam(credentials: credentials).delete_group(
149
156
  group_name: g.group_name
150
157
  )
151
158
  end
@@ -158,10 +165,10 @@ module MU
158
165
  # @param region [String]: The cloud provider region.
159
166
  # @param flags [Hash]: Optional flags
160
167
  # @return [OpenStruct]: The cloud provider's complete descriptions of matching group group.
161
- def self.find(cloud_id: nil, region: MU.curRegion, flags: {})
168
+ def self.find(cloud_id: nil, region: MU.curRegion, credentials: nil, flags: {})
162
169
  found = nil
163
170
  begin
164
- resp = MU::Cloud::AWS.iam.get_group(
171
+ resp = MU::Cloud::AWS.iam(credentials: credentials).get_group(
165
172
  group_name: cloud_id
166
173
  )
167
174
  found ||= {}
@@ -0,0 +1,153 @@
1
+ # Copyright:: Copyright (c) 2019 eGlobalTech, Inc., all rights reserved
2
+ #
3
+ # Licensed under the BSD-3 license (the "License");
4
+ # you may not use this file except in compliance with the License.
5
+ # You may obtain a copy of the License in the root of the project or at
6
+ #
7
+ # http://egt-labs.com/mu/LICENSE.html
8
+ #
9
+ # Unless required by applicable law or agreed to in writing, software
10
+ # distributed under the License is distributed on an "AS IS" BASIS,
11
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12
+ # See the License for the specific language governing permissions and
13
+ # limitations under the License.
14
+
15
+ module MU
16
+ class Cloud
17
+ class AWS
18
+ # Creates an AWS account as configured in {MU::Config::BasketofKittens::habitats}
19
+ class Habitat < MU::Cloud::Habitat
20
+ @deploy = nil
21
+ @config = nil
22
+
23
+ attr_reader :mu_name
24
+ attr_reader :config
25
+ attr_reader :cloud_id
26
+
27
+ # @param mommacat [MU::MommaCat]: A {MU::Mommacat} object containing the deploy of which this resource is/will be a member.
28
+ # @param kitten_cfg [Hash]: The fully parsed and resolved {MU::Config} resource descriptor as defined in {MU::Config::BasketofKittens::habitats}
29
+ def initialize(mommacat: nil, kitten_cfg: nil, mu_name: nil, cloud_id: nil)
30
+ @deploy = mommacat
31
+ @config = MU::Config.manxify(kitten_cfg)
32
+ @cloud_id ||= cloud_id
33
+ @mu_name ||= @deploy.getResourceName(@config["name"], max_length: 63)
34
+ end
35
+
36
+ # Called automatically by {MU::Deploy#createResources}
37
+ def create
38
+ if !@config['email']
39
+ avail_chars = 62 - $MU_CFG['mu_admin_email'].size
40
+ alias_str = @deploy.getResourceName(@config["name"], max_length: avail_chars, need_unique_string: true)
41
+ @config['email'] ||= $MU_CFG['mu_admin_email'].sub(/(\+.*?)?@/, "+"+alias_str+"@")
42
+ end
43
+
44
+ MU.log "Creating AWS account #{@mu_name} with contact email #{@config['email']}"
45
+ resp = MU::Cloud::AWS.orgs(credentials: @config['credentials']).create_account(
46
+ account_name: @mu_name,
47
+ email: @config['email']
48
+ )
49
+
50
+ createid = resp.create_account_status.id
51
+
52
+ begin
53
+ resp = MU::Cloud::AWS.orgs(credentials: @config['credentials']).describe_create_account_status(
54
+ create_account_request_id: createid
55
+ )
56
+ createstatus = resp.create_account_status.state
57
+ if !["SUCCEEDED", "IN_PROGRESS"].include?(resp.create_account_status.state)
58
+ raise MuError, "Failed to create account #{@mu_name}: #{resp.create_account_status.failure_reason}"
59
+ end
60
+ if resp.create_account_status.state == "IN_PROGRESS"
61
+ sleep 10
62
+ end
63
+ end while resp.create_account_status.state == "IN_PROGRESS"
64
+
65
+ MU.log "Creation of account #{@mu_name} (#{resp.create_account_status.account_id}) complete"
66
+ end
67
+
68
+ # Return the cloud descriptor for the Habitat
69
+ def cloud_desc
70
+ MU::Cloud::AWS::Habitat.find(cloud_id: @cloud_id).values.first
71
+ end
72
+
73
+ # Canonical Amazon Resource Number for this resource
74
+ # @return [String]
75
+ def arn
76
+ nil
77
+ end
78
+
79
+ # Return the metadata for this account configuration
80
+ # @return [Hash]
81
+ def notify
82
+ {
83
+ }
84
+ end
85
+
86
+ # Does this resource type exist as a global (cloud-wide) artifact, or
87
+ # is it localized to a region/zone?
88
+ # @return [Boolean]
89
+ def self.isGlobal?
90
+ true
91
+ end
92
+
93
+ # Remove all AWS accounts associated with the currently loaded deployment. Try to, anyway.
94
+ # @param noop [Boolean]: If true, will only print what would be done
95
+ # @param ignoremaster [Boolean]: If true, will remove resources not flagged as originating from this Mu server
96
+ # @param region [String]: The cloud provider region
97
+ # @return [void]
98
+ def self.cleanup(noop: false, ignoremaster: false, region: MU.curRegion, credentials: nil, flags: {})
99
+ end
100
+
101
+ # Locate an existing account
102
+ # @param cloud_id [String]: The cloud provider's identifier for this resource.
103
+ # @param region [String]: The cloud provider region.
104
+ # @param flags [Hash]: Optional flags
105
+ # @return [OpenStruct]: The cloud provider's complete descriptions of matching account
106
+ def self.find(cloud_id: nil, region: MU.curRegion, credentials: nil, flags: {})
107
+ {}
108
+ end
109
+
110
+ # Cloud-specific configuration properties.
111
+ # @param config [MU::Config]: The calling MU::Config object
112
+ # @return [Array<Array,Hash>]: List of required fields, and json-schema Hash of cloud-specific configuration parameters for this resource
113
+ def self.schema(config)
114
+ toplevel_required = []
115
+ schema = {
116
+ "email" => {
117
+ "type" => "string",
118
+ "description" => "AWS accounts require a unique contact email address. If not provided, Mu will generate an alias to the global mu_admin_email using the +foo SMTP mechanism."
119
+ }
120
+ }
121
+ [toplevel_required, schema]
122
+ end
123
+
124
+ # Cloud-specific pre-processing of {MU::Config::BasketofKittens::habitats}, bare and unvalidated.
125
+ # @param habitat [Hash]: The resource to process and validate
126
+ # @param configurator [MU::Config]: The overall deployment configurator of which this resource is a member
127
+ # @return [Boolean]: True if validation succeeded, False otherwise
128
+ def self.validateConfig(habitat, configurator)
129
+ ok = true
130
+
131
+ if !habitat["email"]
132
+ MU.log "No email address specified in habitat #{habitat['name']}, and AWS requires a unique contact email. Will generate an alias to #{$MU_CFG['mu_admin_email']} at run time.", MU::NOTICE
133
+ end
134
+
135
+ # Figure out what account we're calling from, and then figure out if
136
+ # it's the organization's master account- the only place from which
137
+ # we can create accounts.
138
+ user_list = MU::Cloud::AWS.iam(credentials: habitat['credentials']).list_users.users
139
+ acct_num = MU::Cloud::AWS.iam(credentials: habitat['credentials']).list_users.users.first.arn.split(/:/)[4]
140
+
141
+ parentorg = MU::Cloud::AWS::Folder.find(credentials: habitat['credentials']).values.first
142
+ if acct_num != parentorg.master_account_id
143
+ MU.log "The Organization master account for habitat #{habitat["name"]} is #{parentorg.master_account_id}, but my credentials (#{ habitat['credentials'] ? habitat['credentials'] : "default"}) are for a non-master account (#{acct_num}). AWS accounts can only be created and managed with credentials from an Organization's master account.", MU::ERR
144
+ ok = false
145
+ end
146
+
147
+ ok
148
+ end
149
+
150
+ end
151
+ end
152
+ end
153
+ end
@@ -47,7 +47,7 @@ module MU
47
47
  # Called automatically by {MU::Deploy#createResources}
48
48
  def create
49
49
  if @config["zones"] == nil
50
- @config["zones"] = MU::Cloud::AWS.listAZs(@config['region'])
50
+ @config["zones"] = MU::Cloud::AWS.listAZs(region: @config['region'])
51
51
  MU.log "Using zones from #{@config['region']}", MU::DEBUG, details: @config['zones']
52
52
  end
53
53
 
@@ -128,15 +128,15 @@ module MU
128
128
  begin
129
129
  if @config['classic']
130
130
  MU.log "Creating Elastic Load Balancer #{@mu_name}", details: lb_options
131
- lb = MU::Cloud::AWS.elb(@config['region']).create_load_balancer(lb_options)
131
+ lb = MU::Cloud::AWS.elb(region: @config['region'], credentials: @config['credentials']).create_load_balancer(lb_options)
132
132
  else
133
133
  MU.log "Creating Application Load Balancer #{@mu_name}", details: lb_options
134
- lb = MU::Cloud::AWS.elb2(@config['region']).create_load_balancer(lb_options).load_balancers.first
134
+ lb = MU::Cloud::AWS.elb2(region: @config['region'], credentials: @config['credentials']).create_load_balancer(lb_options).load_balancers.first
135
135
  begin
136
136
  if lb.state.code != "active"
137
137
  MU.log "Waiting for ALB #{@mu_name} to enter 'active' state", MU::NOTICE
138
138
  sleep 20
139
- lb = MU::Cloud::AWS.elb2(@config['region']).describe_load_balancers(
139
+ lb = MU::Cloud::AWS.elb2(region: @config['region'], credentials: @config['credentials']).describe_load_balancers(
140
140
  names: [@mu_name]
141
141
  ).load_balancers.first
142
142
  end
@@ -176,7 +176,7 @@ module MU
176
176
  if zones_to_try.size < @config["zones"].size
177
177
  zones_to_try.each { |zone|
178
178
  begin
179
- MU::Cloud::AWS.elb(@config['region']).enable_availability_zones_for_load_balancer(
179
+ MU::Cloud::AWS.elb(region: @config['region'], credentials: @config['credentials']).enable_availability_zones_for_load_balancer(
180
180
  load_balancer_name: @mu_name,
181
181
  availability_zones: [zone]
182
182
  )
@@ -189,7 +189,7 @@ module MU
189
189
  @targetgroups = {}
190
190
  if !@config['healthcheck'].nil? and @config['classic']
191
191
  MU.log "Configuring custom health check for ELB #{@mu_name}", details: @config['healthcheck']
192
- MU::Cloud::AWS.elb(@config['region']).configure_health_check(
192
+ MU::Cloud::AWS.elb(region: @config['region'], credentials: @config['credentials']).configure_health_check(
193
193
  load_balancer_name: @mu_name,
194
194
  health_check: {
195
195
  target: @config['healthcheck']['target'],
@@ -231,9 +231,9 @@ module MU
231
231
  end
232
232
  end
233
233
 
234
- tg_resp = MU::Cloud::AWS.elb2(@config['region']).create_target_group(tg_descriptor)
234
+ tg_resp = MU::Cloud::AWS.elb2(region: @config['region'], credentials: @config['credentials']).create_target_group(tg_descriptor)
235
235
  @targetgroups[tg['name']] = tg_resp.target_groups.first
236
- MU::Cloud::AWS.elb2(@config['region']).add_tags(
236
+ MU::Cloud::AWS.elb2(region: @config['region'], credentials: @config['credentials']).add_tags(
237
237
  resource_arns: [tg_resp.target_groups.first.target_group_arn],
238
238
  tags: lb_options[:tags]
239
239
  )
@@ -268,7 +268,7 @@ module MU
268
268
  "ELBSecurityPolicy-TLS-1-2-2017-01"
269
269
  end
270
270
  end
271
- listen_resp = MU::Cloud::AWS.elb2(@config['region']).create_listener(listen_descriptor).listeners.first
271
+ listen_resp = MU::Cloud::AWS.elb2(region: @config['region'], credentials: @config['credentials']).create_listener(listen_descriptor).listeners.first
272
272
  if !l['rules'].nil?
273
273
  l['rules'].each { |rule|
274
274
  rule_descriptor = {
@@ -283,14 +283,14 @@ module MU
283
283
  :type => a['action']
284
284
  }
285
285
  }
286
- MU::Cloud::AWS.elb2(@config['region']).create_rule(rule_descriptor)
286
+ MU::Cloud::AWS.elb2(region: @config['region'], credentials: @config['credentials']).create_rule(rule_descriptor)
287
287
  }
288
288
  end
289
289
  }
290
290
  else
291
291
  @config["listeners"].each { |l|
292
292
  if l['ssl_certificate_id']
293
- resp = MU::Cloud::AWS.elb(@config['region']).set_load_balancer_policies_of_listener(
293
+ resp = MU::Cloud::AWS.elb(region: @config['region'], credentials: @config['credentials']).set_load_balancer_policies_of_listener(
294
294
  load_balancer_name: @cloud_id,
295
295
  load_balancer_port: l['lb_port'],
296
296
  policy_names: [
@@ -323,7 +323,7 @@ module MU
323
323
  if @config['cross_zone_unstickiness']
324
324
  MU.log "Enabling cross-zone un-stickiness on #{lb.dns_name}"
325
325
  if @config['classic']
326
- MU::Cloud::AWS.elb(@config['region']).modify_load_balancer_attributes(
326
+ MU::Cloud::AWS.elb(region: @config['region'], credentials: @config['credentials']).modify_load_balancer_attributes(
327
327
  load_balancer_name: @mu_name,
328
328
  load_balancer_attributes: {
329
329
  cross_zone_load_balancing: {
@@ -333,7 +333,7 @@ module MU
333
333
  )
334
334
  else
335
335
  @targetgroups.each_pair { |tg_name, tg|
336
- MU::Cloud::AWS.elb2(@config['region']).modify_target_group_attributes(
336
+ MU::Cloud::AWS.elb2(region: @config['region'], credentials: @config['credentials']).modify_target_group_attributes(
337
337
  target_group_arn: tg.target_group_arn,
338
338
  attributes: [
339
339
  {
@@ -349,7 +349,7 @@ module MU
349
349
  if !@config['idle_timeout'].nil?
350
350
  MU.log "Setting idle timeout to #{@config['idle_timeout']} #{lb.dns_name}"
351
351
  if @config['classic']
352
- MU::Cloud::AWS.elb(@config['region']).modify_load_balancer_attributes(
352
+ MU::Cloud::AWS.elb(region: @config['region'], credentials: @config['credentials']).modify_load_balancer_attributes(
353
353
  load_balancer_name: @mu_name,
354
354
  load_balancer_attributes: {
355
355
  connection_settings: {
@@ -358,7 +358,7 @@ module MU
358
358
  }
359
359
  )
360
360
  else
361
- MU::Cloud::AWS.elb2(@config['region']).modify_load_balancer_attributes(
361
+ MU::Cloud::AWS.elb2(region: @config['region'], credentials: @config['credentials']).modify_load_balancer_attributes(
362
362
  load_balancer_arn: lb.load_balancer_arn,
363
363
  attributes: [
364
364
  {
@@ -374,7 +374,7 @@ module MU
374
374
  if @config['classic']
375
375
  if @config['connection_draining_timeout'] >= 0
376
376
  MU.log "Setting connection draining timeout to #{@config['connection_draining_timeout']} on #{lb.dns_name}"
377
- MU::Cloud::AWS.elb(@config['region']).modify_load_balancer_attributes(
377
+ MU::Cloud::AWS.elb(region: @config['region'], credentials: @config['credentials']).modify_load_balancer_attributes(
378
378
  load_balancer_name: @mu_name,
379
379
  load_balancer_attributes: {
380
380
  connection_draining: {
@@ -385,7 +385,7 @@ module MU
385
385
  )
386
386
  else
387
387
  MU.log "Disabling connection draining on #{lb.dns_name}"
388
- MU::Cloud::AWS.elb(@config['region']).modify_load_balancer_attributes(
388
+ MU::Cloud::AWS.elb(region: @config['region'], credentials: @config['credentials']).modify_load_balancer_attributes(
389
389
  load_balancer_name: @mu_name,
390
390
  load_balancer_attributes: {
391
391
  connection_draining: {
@@ -403,7 +403,7 @@ module MU
403
403
  MU.log "Disabling connection draining on #{lb.dns_name}"
404
404
  end
405
405
  @targetgroups.each_pair { |tg_name, tg|
406
- MU::Cloud::AWS.elb2(@config['region']).modify_target_group_attributes(
406
+ MU::Cloud::AWS.elb2(region: @config['region'], credentials: @config['credentials']).modify_target_group_attributes(
407
407
  target_group_arn: tg.target_group_arn,
408
408
  attributes: [
409
409
  {
@@ -419,7 +419,7 @@ module MU
419
419
  if !@config['access_log'].nil?
420
420
  MU.log "Setting access log params for #{lb.dns_name}", details: @config['access_log']
421
421
  if @config['classic']
422
- MU::Cloud::AWS.elb(@config['region']).modify_load_balancer_attributes(
422
+ MU::Cloud::AWS.elb(region: @config['region'], credentials: @config['credentials']).modify_load_balancer_attributes(
423
423
  load_balancer_name: @mu_name,
424
424
  load_balancer_attributes: {
425
425
  access_log: {
@@ -431,7 +431,7 @@ module MU
431
431
  }
432
432
  )
433
433
  else
434
- MU::Cloud::AWS.elb2(@config['region']).modify_load_balancer_attributes(
434
+ MU::Cloud::AWS.elb2(region: @config['region'], credentials: @config['credentials']).modify_load_balancer_attributes(
435
435
  load_balancer_arn: lb.load_balancer_arn,
436
436
  attributes: [
437
437
  {
@@ -461,7 +461,7 @@ module MU
461
461
  if !@config['lb_cookie_stickiness_policy']['timeout'].nil?
462
462
  cookie_policy[:cookie_expiration_period] = @config['lb_cookie_stickiness_policy']['timeout']
463
463
  end
464
- MU::Cloud::AWS.elb(@config['region']).create_lb_cookie_stickiness_policy(cookie_policy)
464
+ MU::Cloud::AWS.elb(region: @config['region'], credentials: @config['credentials']).create_lb_cookie_stickiness_policy(cookie_policy)
465
465
  lb_policy_names = Array.new
466
466
  lb_policy_names << @config['lb_cookie_stickiness_policy']['name']
467
467
  listener_policy = {
@@ -471,12 +471,12 @@ module MU
471
471
  lb_options[:listeners].each do |listener|
472
472
  if listener[:protocol].upcase == 'HTTP' or listener[:protocol].upcase == 'HTTPS'
473
473
  listener_policy[:load_balancer_port] = listener[:load_balancer_port]
474
- MU::Cloud::AWS.elb(@config['region']).set_load_balancer_policies_of_listener(listener_policy)
474
+ MU::Cloud::AWS.elb(region: @config['region'], credentials: @config['credentials']).set_load_balancer_policies_of_listener(listener_policy)
475
475
  end
476
476
  end
477
477
  else
478
478
  @targetgroups.each_pair { |tg_name, tg|
479
- MU::Cloud::AWS.elb2(@config['region']).modify_target_group_attributes(
479
+ MU::Cloud::AWS.elb2(region: @config['region'], credentials: @config['credentials']).modify_target_group_attributes(
480
480
  target_group_arn: tg.target_group_arn,
481
481
  attributes: [
482
482
  {
@@ -505,7 +505,7 @@ module MU
505
505
  policy_name: @config['app_cookie_stickiness_policy']['name'],
506
506
  cookie_name: @config['app_cookie_stickiness_policy']['cookie']
507
507
  }
508
- MU::Cloud::AWS.elb(@config['region']).create_app_cookie_stickiness_policy(cookie_policy)
508
+ MU::Cloud::AWS.elb(region: @config['region'], credentials: @config['credentials']).create_app_cookie_stickiness_policy(cookie_policy)
509
509
  lb_policy_names = Array.new
510
510
  lb_policy_names << @config['app_cookie_stickiness_policy']['name']
511
511
  listener_policy = {
@@ -515,7 +515,7 @@ module MU
515
515
  lb_options[:listeners].each do |listener|
516
516
  if listener[:protocol].upcase == 'HTTP' or listener[:protocol].upcase == 'HTTPS'
517
517
  listener_policy[:load_balancer_port] = listener[:load_balancer_port]
518
- MU::Cloud::AWS.elb(@config['region']).set_load_balancer_policies_of_listener(listener_policy)
518
+ MU::Cloud::AWS.elb(region: @config['region'], credentials: @config['credentials']).set_load_balancer_policies_of_listener(listener_policy)
519
519
  end
520
520
  end
521
521
  else
@@ -549,7 +549,7 @@ module MU
549
549
  # @return [String]
550
550
  def arn
551
551
  if @config['classic']
552
- "arn:"+(MU::Cloud::AWS.isGovCloud?(@config["region"]) ? "aws-us-gov" : "aws")+":elasticloadbalancing:"+@config['region']+":"+MU.account_number+":loadbalancer/"+@cloud_id
552
+ "arn:"+(MU::Cloud::AWS.isGovCloud?(@config["region"]) ? "aws-us-gov" : "aws")+":elasticloadbalancing:"+@config['region']+":"+MU::Cloud::AWS.credToAcct(@config['credentials'])+":loadbalancer/"+@cloud_id
553
553
  else
554
554
  cloud_desc.load_balancer_arn
555
555
  end
@@ -558,12 +558,12 @@ module MU
558
558
  # Wrapper for cloud_desc method that deals with elb vs. elb2 resources.
559
559
  def cloud_desc
560
560
  if @config['classic']
561
- resp = MU::Cloud::AWS.elb(@config['region']).describe_load_balancers(
561
+ resp = MU::Cloud::AWS.elb(region: @config['region'], credentials: @config['credentials']).describe_load_balancers(
562
562
  load_balancer_names: [@cloud_id]
563
563
  ).load_balancer_descriptions.first
564
564
  return resp
565
565
  else
566
- resp = MU::Cloud::AWS.elb2(@config['region']).describe_load_balancers(
566
+ resp = MU::Cloud::AWS.elb2(region: @config['region'], credentials: @config['credentials']).describe_load_balancers(
567
567
  names: [@cloud_id]
568
568
  ).load_balancers.first
569
569
  if @targetgroups.nil? and !@deploy.nil? and
@@ -571,7 +571,7 @@ module MU
571
571
  @deploy.deployment['loadbalancers'][@config['name']].has_key?("targetgroups")
572
572
  @targetgroups = {}
573
573
  @deploy.deployment['loadbalancers'][@config['name']]["targetgroups"].each_pair { |tg_name, tg_arn|
574
- @targetgroups[tg_name] = MU::Cloud::AWS.elb2(@config['region']).describe_target_groups(target_group_arns: [tg_arn]).target_groups.first
574
+ @targetgroups[tg_name] = MU::Cloud::AWS.elb2(region: @config['region'], credentials: @config['credentials']).describe_target_groups(target_group_arns: [tg_arn]).target_groups.first
575
575
  }
576
576
  end
577
577
 
@@ -600,7 +600,7 @@ module MU
600
600
  # @param targetgroups [Array<String>] The target group(s) of which this node should be made a member. Not applicable to classic LoadBalancers. If not supplied, the node will be registered to all available target groups on this LoadBalancer.
601
601
  def registerNode(instance_id, targetgroups: nil)
602
602
  if @config['classic'] or !@config.has_key?("classic")
603
- MU::Cloud::AWS.elb(@config['region']).register_instances_with_load_balancer(
603
+ MU::Cloud::AWS.elb(region: @config['region'], credentials: @config['credentials']).register_instances_with_load_balancer(
604
604
  load_balancer_name: @cloud_id,
605
605
  instances: [
606
606
  {instance_id: instance_id}
@@ -615,7 +615,7 @@ module MU
615
615
  targetgroups = @targetgroups.keys
616
616
  end
617
617
  targetgroups.each { |tg|
618
- MU::Cloud::AWS.elb2(@config['region']).register_targets(
618
+ MU::Cloud::AWS.elb2(region: @config['region'], credentials: @config['credentials']).register_targets(
619
619
  target_group_arn: @targetgroups[tg].target_group_arn,
620
620
  targets: [
621
621
  {id: instance_id}
@@ -625,12 +625,19 @@ module MU
625
625
  end
626
626
  end
627
627
 
628
+ # Does this resource type exist as a global (cloud-wide) artifact, or
629
+ # is it localized to a region/zone?
630
+ # @return [Boolean]
631
+ def self.isGlobal?
632
+ false
633
+ end
634
+
628
635
  # Remove all load balancers associated with the currently loaded deployment.
629
636
  # @param noop [Boolean]: If true, will only print what would be done
630
637
  # @param ignoremaster [Boolean]: If true, will remove resources not flagged as originating from this Mu server
631
638
  # @param region [String]: The cloud provider region
632
639
  # @return [void]
633
- def self.cleanup(noop: false, ignoremaster: false, region: MU.curRegion, flags: {})
640
+ def self.cleanup(noop: false, ignoremaster: false, region: MU.curRegion, credentials: nil, flags: {})
634
641
  raise MuError, "Can't touch ELBs without MU-ID" if MU.deploy_id.nil? or MU.deploy_id.empty?
635
642
 
636
643
  # Check for tags matching the current deploy identifier on an elb or
@@ -639,14 +646,14 @@ module MU
639
646
  # @param region [String]: The cloud provider region
640
647
  # @param ignoremaster [Boolean]: Whether to ignore the MU-MASTER-IP tag
641
648
  # @param classic [Boolean]: Whether to look for a classic ELB instead of an ALB (ELB2)
642
- def self.checkForTagMatch(arn, region, ignoremaster, classic = false)
649
+ def self.checkForTagMatch(arn, region, ignoremaster, credentials, classic = false)
643
650
  tags = []
644
651
  if classic
645
- tags = MU::Cloud::AWS.elb(region).describe_tags(
652
+ tags = MU::Cloud::AWS.elb(credentials: credentials, region: region).describe_tags(
646
653
  load_balancer_names: [arn]
647
654
  ).tag_descriptions.first.tags
648
655
  else
649
- tags = MU::Cloud::AWS.elb2(region).describe_tags(
656
+ tags = MU::Cloud::AWS.elb2(credentials: credentials, region: region).describe_tags(
650
657
  resource_arns: [arn]
651
658
  ).tag_descriptions.first.tags
652
659
  end
@@ -669,8 +676,8 @@ module MU
669
676
  end
670
677
 
671
678
 
672
- resp = MU::Cloud::AWS.elb(region).describe_load_balancers
673
- resp2 = MU::Cloud::AWS.elb2(region).describe_load_balancers
679
+ resp = MU::Cloud::AWS.elb(credentials: credentials, region: region).describe_load_balancers
680
+ resp2 = MU::Cloud::AWS.elb2(credentials: credentials, region: region).describe_load_balancers
674
681
  (resp.load_balancer_descriptions + resp2.load_balancers).each { |lb|
675
682
  classic = true
676
683
  if lb.class.name != "Aws::ElasticLoadBalancing::Types::LoadBalancerDescription" and !lb.type.nil? and lb.type == "application"
@@ -680,9 +687,9 @@ module MU
680
687
  tags = []
681
688
  matched = false
682
689
  if classic
683
- matched = self.checkForTagMatch(lb.load_balancer_name, region, ignoremaster, classic)
690
+ matched = self.checkForTagMatch(lb.load_balancer_name, region, ignoremaster, credentials, classic)
684
691
  else
685
- matched = self.checkForTagMatch(lb.load_balancer_arn, region, ignoremaster, classic)
692
+ matched = self.checkForTagMatch(lb.load_balancer_arn, region, ignoremaster, credentials, classic)
686
693
  end
687
694
  if matched
688
695
  if !MU::Cloud::AWS.isGovCloud?
@@ -690,35 +697,35 @@ module MU
690
697
  end
691
698
  MU.log "Removing Elastic Load Balancer #{lb.load_balancer_name}"
692
699
  if classic
693
- MU::Cloud::AWS.elb(region).delete_load_balancer(load_balancer_name: lb.load_balancer_name) if !noop
700
+ MU::Cloud::AWS.elb(credentials: credentials, region: region).delete_load_balancer(load_balancer_name: lb.load_balancer_name) if !noop
694
701
  else
695
- MU::Cloud::AWS.elb2(region).describe_listeners(
702
+ MU::Cloud::AWS.elb2(credentials: credentials, region: region).describe_listeners(
696
703
  load_balancer_arn: lb.load_balancer_arn
697
704
  ).listeners.each { |l|
698
705
  MU.log "Removing ALB Listener #{l.listener_arn}"
699
- MU::Cloud::AWS.elb2(region).delete_listener(
706
+ MU::Cloud::AWS.elb2(credentials: credentials, region: region).delete_listener(
700
707
  listener_arn: l.listener_arn
701
708
  ) if !noop
702
709
  }
703
- tgs = MU::Cloud::AWS.elb2(region).describe_target_groups.target_groups
710
+ tgs = MU::Cloud::AWS.elb2(credentials: credentials, region: region).describe_target_groups.target_groups
704
711
  begin
705
712
  if lb.state.code == "provisioning"
706
713
  MU.log "Waiting for ALB #{lb.load_balancer_name} to leave 'provisioning' state", MU::NOTICE
707
714
  sleep 45
708
- lb = MU::Cloud::AWS.elb2(region).describe_load_balancers(
715
+ lb = MU::Cloud::AWS.elb2(credentials: credentials, region: region).describe_load_balancers(
709
716
  load_balancer_arns: [lb.load_balancer_arn]
710
717
  ).load_balancers.first
711
718
  end
712
719
  end while lb.state.code == "provisioning"
713
- MU::Cloud::AWS.elb2(region).delete_load_balancer(load_balancer_arn: lb.load_balancer_arn) if !noop
720
+ MU::Cloud::AWS.elb2(credentials: credentials, region: region).delete_load_balancer(load_balancer_arn: lb.load_balancer_arn) if !noop
714
721
 
715
722
 
716
723
  tgs.each { |tg|
717
- if self.checkForTagMatch(tg.target_group_arn, region, ignoremaster)
724
+ if self.checkForTagMatch(tg.target_group_arn, region, ignoremaster, credentials)
718
725
  MU.log "Removing Load Balancer Target Group #{tg.target_group_name}"
719
726
  retries = 0
720
727
  begin
721
- MU::Cloud::AWS.elb2(region).delete_target_group(target_group_arn: tg.target_group_arn) if !noop
728
+ MU::Cloud::AWS.elb2(credentials: credentials, region: region).delete_target_group(target_group_arn: tg.target_group_arn) if !noop
722
729
  rescue Aws::ElasticLoadBalancingV2::Errors::ResourceInUse => e
723
730
  if retries < 6
724
731
  retries = retries + 1
@@ -833,7 +840,7 @@ module MU
833
840
  # @param tag_value [String]: The value of the tag specified by tag_key to match when searching by tag.
834
841
  # @param flags [Hash]: Optional flags
835
842
  # @return [Array<Hash<String,OpenStruct>>]: The cloud provider's complete descriptions of matching LoadBalancers
836
- def self.find(cloud_id: nil, region: MU.curRegion, tag_key: "Name", tag_value: nil, flags: {})
843
+ def self.find(cloud_id: nil, region: MU.curRegion, tag_key: "Name", tag_value: nil, credentials: nil, flags: {})
837
844
  classic = flags['classic'] ? true : false
838
845
 
839
846
  matches = {}
@@ -841,9 +848,9 @@ module MU
841
848
  arn2name = {}
842
849
  resp = nil
843
850
  if classic
844
- resp = MU::Cloud::AWS.elb(region).describe_load_balancers().load_balancer_descriptions
851
+ resp = MU::Cloud::AWS.elb(region: region, credentials: credentials).describe_load_balancers().load_balancer_descriptions
845
852
  else
846
- resp = MU::Cloud::AWS.elb2(region).describe_load_balancers().load_balancers
853
+ resp = MU::Cloud::AWS.elb2(region: region, credentials: credentials).describe_load_balancers().load_balancers
847
854
  end
848
855
 
849
856
  resp.each { |lb|
@@ -859,11 +866,11 @@ module MU
859
866
  if !tag_key.nil? and !tag_value.nil? and !tag_key.empty? and list.size > 0
860
867
  tag_descriptions = nil
861
868
  if classic
862
- tag_descriptions = MU::Cloud::AWS.elb(region).describe_tags(
869
+ tag_descriptions = MU::Cloud::AWS.elb(region: region, credentials: credentials).describe_tags(
863
870
  load_balancer_names: list.keys
864
871
  ).tag_descriptions
865
872
  else
866
- tag_descriptions = MU::Cloud::AWS.elb2(region).describe_tags(
873
+ tag_descriptions = MU::Cloud::AWS.elb2(region: region, credentials: credentials).describe_tags(
867
874
  resource_arns: list.values.map { |l| l.load_balancer_arn }
868
875
  ).tag_descriptions
869
876
  end