cloud-mu 1.9.0.pre.beta → 2.0.0.pre.alpha

data/modules/mu/clouds/google/container_cluster.rb

@@ -39,14 +39,7 @@ module MU
             deploydata = describe[2]
             @config['availability_zone'] = deploydata['zone']
           else
-            @mu_name ||=
-              if @config and @config['engine'] and @config["engine"].match(/^sqlserver/)
-                @deploy.getResourceName(@config["name"], max_length: 15)
-              else
-                @deploy.getResourceName(@config["name"], max_length: 63)
-              end
-
-            @mu_name.gsub(/(--|-$)/i, "").gsub(/(_)/, "-").gsub!(/^[^a-z]/i, "")
+            @mu_name ||= @deploy.getResourceName(@config["name"], max_length: 40)
           end
         end
 
@@ -64,6 +57,14 @@ module MU
 
           @config['availability_zone'] ||= MU::Cloud::Google.listAZs(@config['region']).sample
 
+          if @vpc.nil? and @config['vpc'] and @config['vpc']['vpc_name']
+            @vpc = @deploy.findLitterMate(name: @config['vpc']['vpc_name'], type: "vpcs")
+          end
+
+          if !@vpc
+            raise MuError, "ContainerCluster #{@config['name']} unable to locate its resident VPC from #{@config['vpc']}"
+          end
+
           subnet = nil
           @vpc.subnets.each { |s|
             if s.az == @config['region']
@@ -71,12 +72,14 @@ module MU
               break
             end
           }
-
+puts @config['credentials']
           service_acct = MU::Cloud::Google::Server.createServiceAccount(
             @mu_name.downcase,
-            project: @config['project']
+            @deploy,
+            project: @config['project'],
+            credentials: @config['credentials']
           )
-          MU::Cloud::Google.grantDeploySecretAccess(service_acct.email)
+          MU::Cloud::Google.grantDeploySecretAccess(service_acct.email, credentials: @config['credentials'])
 
           @config['ssh_user'] ||= "mu"
 
@@ -118,7 +121,9 @@ module MU
           )
 
           MU.log "Creating GKE cluster #{@mu_name.downcase}", details: desc
-          cluster = MU::Cloud::Google.container.create_cluster(
+          pp @vpc.subnets.map { |x| x.config['name'] }
+          pp requestobj
+          cluster = MU::Cloud::Google.container(credentials: @config['credentials']).create_cluster(
             @config['project'],
             @config['availability_zone'],
             requestobj
@@ -126,7 +131,7 @@ module MU
 
           resp = nil
           begin
-            resp = MU::Cloud::Google.container.get_zone_cluster(@config["project"], @config['availability_zone'], @mu_name.downcase)
+            resp = MU::Cloud::Google.container(credentials: @config['credentials']).get_zone_cluster(@config["project"], @config['availability_zone'], @mu_name.downcase)
             sleep 30 if resp.status != "RUNNING"
           end while resp.nil? or resp.status != "RUNNING"
 #          labelCluster # XXX need newer API release
@@ -142,14 +147,15 @@ module MU
         # @param tag_value [String]: The value of the tag specified by tag_key to match when searching by tag.
         # @param flags [Hash]: Optional flags
         # @return [Array<Hash<String,OpenStruct>>]: The cloud provider's complete descriptions of matching ContainerClusters
-        def self.find(cloud_id: nil, region: MU.curRegion, tag_key: "Name", tag_value: nil, flags: {})
+        def self.find(cloud_id: nil, region: MU.curRegion, tag_key: "Name", tag_value: nil, flags: {}, credentials: nil)
+          flags["project"] ||= MU::Cloud::Google.defaultProject(credentials)
         end
 
         # Called automatically by {MU::Deploy#createResources}
         def groom
           deploydata = describe[2]
           @config['availability_zone'] ||= deploydata['zone']
-          resp = MU::Cloud::Google.container.get_zone_cluster(@config["project"], @config['availability_zone'], @mu_name.downcase)
+          resp = MU::Cloud::Google.container(credentials: @config['credentials']).get_zone_cluster(@config["project"], @config['availability_zone'], @mu_name.downcase)
 #          pp resp
 
 #          labelCluster # XXX need newer API release
@@ -176,32 +182,44 @@ module MU
 
         # Register a description of this cluster instance with this deployment's metadata.
         def notify
-          desc = MU.structToHash(MU::Cloud::Google.container.get_zone_cluster(@config["project"], @config['availability_zone'], @mu_name.downcase))
+          desc = MU.structToHash(MU::Cloud::Google.container(credentials: @config['credentials']).get_zone_cluster(@config["project"], @config['availability_zone'], @mu_name.downcase))
           desc["project"] = @config['project']
           desc["cloud_id"] = @cloud_id
           desc["mu_name"] = @mu_name.downcase
           desc
         end
 
+        # Does this resource type exist as a global (cloud-wide) artifact, or
+        # is it localized to a region/zone?
+        # @return [Boolean]
+        def self.isGlobal?
+          false
+        end
+
         # Called by {MU::Cleanup}. Locates resources that were created by the
         # currently-loaded deployment, and purges them.
         # @param noop [Boolean]: If true, will only print what would be done
         # @param ignoremaster [Boolean]: If true, will remove resources not flagged as originating from this Mu server
         # @param region [String]: The cloud provider region in which to operate
         # @return [void]
-        def self.cleanup(skipsnapshots: false, noop: false, ignoremaster: false, region: MU.curRegion, flags: {})
-          flags["project"] ||= MU::Cloud::Google.defaultProject
+        def self.cleanup(noop: false, ignoremaster: false, region: MU.curRegion, credentials: nil, flags: {})
+          skipsnapshots = flags["skipsnapshots"]
+
+          flags["project"] ||= MU::Cloud::Google.defaultProject(credentials)
           MU::Cloud::Google.listAZs(region).each { |az|
-            found = MU::Cloud::Google.container.list_zone_clusters(flags["project"], az)
-#filter: "description eq #{MU.deploy_id}"
+            found = MU::Cloud::Google.container(credentials: credentials).list_zone_clusters(flags["project"], az)
             if found and found.clusters
               found.clusters.each { |cluster|
-                next if !cluster.name.match(/^#{Regexp.quote(MU.deploy_id)}\-/i)
+
+                if !cluster.name.match(/^#{Regexp.quote(MU.deploy_id)}\-/i) and
+                   cluster.resource_labels['mu-id'] != MU.deploy_id.downcase
+                  next
+                end
                 MU.log "Deleting GKE cluster #{cluster.name}"
                 if !noop
-                  MU::Cloud::Google.container.delete_zone_cluster(flags["project"], az, cluster.name)
+                  MU::Cloud::Google.container(credentials: credentials).delete_zone_cluster(flags["project"], az, cluster.name)
                   begin
-                    MU::Cloud::Google.container.get_zone_cluster(flags["project"], az, cluster.name)
+                    MU::Cloud::Google.container(credentials: credentials).get_zone_cluster(flags["project"], az, cluster.name)
                     sleep 60
                   rescue ::Google::Apis::ClientError => e
                     if e.message.match(/is currently creating cluster/)
@@ -281,7 +299,7 @@ module MU
           labelset = MU::Cloud::Google.container(:SetLabelsRequest).new(
             resource_labels: labels
           )
-          MU::Cloud::Google.container.resource_project_zone_cluster_labels(@config["project"], @config['availability_zone'], @mu_name.downcase, labelset)
+          MU::Cloud::Google.container(credentials: @config['credentials']).resource_project_zone_cluster_labels(@config["project"], @config['availability_zone'], @mu_name.downcase, labelset)
         end
 
       end #class

data/modules/mu/clouds/google/database.rb

@@ -74,7 +74,7 @@ module MU
             instance_type: "CLOUD_SQL_INSTANCE" # TODO: READ_REPLICA_INSTANCE
           )
           pp instance_desc
-          pp MU::Cloud::Google.sql.insert_instance(@config['project'], instance_desc)
+          pp MU::Cloud::Google.sql(credentials: @config['credentials']).insert_instance(@config['project'], instance_desc)
         end
 
         # Locate an existing Database or Databases and return an array containing matching GCP resource descriptors for those that match.
@@ -84,7 +84,8 @@ module MU
         # @param tag_value [String]: The value of the tag specified by tag_key to match when searching by tag.
         # @param flags [Hash]: Optional flags
         # @return [Array<Hash<String,OpenStruct>>]: The cloud provider's complete descriptions of matching Databases
-        def self.find(cloud_id: nil, region: MU.curRegion, tag_key: "Name", tag_value: nil, flags: {})
+        def self.find(cloud_id: nil, region: MU.curRegion, tag_key: "Name", tag_value: nil, flags: {}, credentials: nil)
+          flags["project"] ||= MU::Cloud::Google.defaultProject(credentials)
         end
 
         # Called automatically by {MU::Deploy#createResources}
@@ -103,19 +104,27 @@ module MU
         def allowHost(cidr)
         end
 
+        # Does this resource type exist as a global (cloud-wide) artifact, or
+        # is it localized to a region/zone?
+        # @return [Boolean]
+        def self.isGlobal?
+          false
+        end
+
         # Called by {MU::Cleanup}. Locates resources that were created by the
         # currently-loaded deployment, and purges them.
         # @param noop [Boolean]: If true, will only print what would be done
         # @param ignoremaster [Boolean]: If true, will remove resources not flagged as originating from this Mu server
         # @param region [String]: The cloud provider region in which to operate
         # @return [void]
-        def self.cleanup(skipsnapshots: false, noop: false, ignoremaster: false, region: MU.curRegion, flags: {})
-          flags["project"] ||= MU::Cloud::Google.defaultProject
-          instances = MU::Cloud::Google.sql.list_instances(flags['project'], filter: %Q{userLabels.mu-id:"#{MU.deploy_id.downcase}"})
+        def self.cleanup(noop: false, ignoremaster: false, region: MU.curRegion, credentials: nil, flags: {})
+          flags["project"] ||= MU::Cloud::Google.defaultProject(credentials)
+          skipsnapshots||= flags["skipsnapshots"]
+          instances = MU::Cloud::Google.sql(credentials: credentials).list_instances(flags['project'], filter: %Q{userLabels.mu-id:"#{MU.deploy_id.downcase}"})
           if instances and instances.items
             instances.items.each { |instance|
               MU.log "Deleting Cloud SQL instance #{instance.name}"
-              MU::Cloud::Google.sql.delete_instance(flags['project'], instance.name) if !noop
+              MU::Cloud::Google.sql(credentials: credentials).delete_instance(flags['project'], instance.name) if !noop
             }
           end
         end

data/modules/mu/clouds/google/firewall_rule.rb

@@ -40,9 +40,9 @@ module MU
             @cloud_id ||= MU::Cloud::Google.nameStr(@mu_name+"-ingress-allow")
           else
             if !@vpc.nil?
-              @mu_name = @deploy.getResourceName(@config['name'], need_unique_string: true)
+              @mu_name = @deploy.getResourceName(@config['name'], need_unique_string: true, max_length: 61)
             else
-              @mu_name = @deploy.getResourceName(@config['name'])
+              @mu_name = @deploy.getResourceName(@config['name'], max_length: 61)
             end
           end
 
@@ -77,7 +77,7 @@ module MU
 
             ["ingress", "egress"].each { |dir|
               if rule[dir] or (dir == "ingress" and !rule.has_key?("egress"))
-                setname = MU::Cloud::Google.nameStr(@mu_name+"-"+dir+"-"+(rule['deny'] ? "deny" : "allow"))
+                setname = @deploy.getResourceName(@mu_name+"-"+dir+"-"+(rule['deny'] ? "deny" : "allow"), max_length: 61).downcase
                 @cloud_id ||= setname
                 allrules[setname] ||= {
                   :name => setname,
@@ -110,7 +110,7 @@ module MU
             threads << Thread.new { 
               fwobj = MU::Cloud::Google.compute(:Firewall).new(fwdesc)
               MU.log "Creating firewall #{fwdesc[:name]} in project #{@config['project']}", details: fwobj
-              resp = MU::Cloud::Google.compute.insert_firewall(@config['project'], fwobj)
+              resp = MU::Cloud::Google.compute(credentials: @config['credentials']).insert_firewall(@config['project'], fwobj)
 # XXX Check for empty (no hosts) sets
 #  MU.log "Can't create empty firewalls in Google Cloud, skipping #{@mu_name}", MU::WARN
             }
@@ -155,11 +155,11 @@ module MU
         # @param tag_value [String]: The value of the tag specified by tag_key to match when searching by tag.
         # @param flags [Hash]: Optional flags
         # @return [Array<Hash<String,OpenStruct>>]: The cloud provider's complete descriptions of matching FirewallRules
-        def self.find(cloud_id: nil, region: MU.curRegion, tag_key: "Name", tag_value: nil, flags: {})
-          flags["project"] ||= MU::Cloud::Google.defaultProject
+        def self.find(cloud_id: nil, region: MU.curRegion, tag_key: "Name", tag_value: nil, flags: {}, credentials: nil)
+          flags["project"] ||= MU::Cloud::Google.defaultProject(credentials)
 
           found = {}
-          resp = MU::Cloud::Google.compute.list_firewalls(flags["project"])
+          resp = MU::Cloud::Google.compute(credentials: credentials).list_firewalls(flags["project"])
           if resp and resp.items
             resp.items.each { |fw|
               next if !cloud_id.nil? and fw.name != cloud_id
@@ -169,15 +169,21 @@ module MU
           found
         end
 
+        # Does this resource type exist as a global (cloud-wide) artifact, or
+        # is it localized to a region/zone?
+        # @return [Boolean]
+        def self.isGlobal?
+          true
+        end
+
         # Remove all security groups (firewall rulesets) associated with the currently loaded deployment.
         # @param noop [Boolean]: If true, will only print what would be done
         # @param ignoremaster [Boolean]: If true, will remove resources not flagged as originating from this Mu server
         # @param region [String]: The cloud provider region
         # @return [void]
-        def self.cleanup(noop: false, ignoremaster: false, region: MU.curRegion, flags: {})
-          flags["project"] ||= MU::Cloud::Google.defaultProject
-
-          MU::Cloud::Google.compute.delete(
+        def self.cleanup(noop: false, ignoremaster: false, region: MU.curRegion, credentials: nil, flags: {})
+          flags["project"] ||= MU::Cloud::Google.defaultProject(credentials)
+          MU::Cloud::Google.compute(credentials: credentials).delete(
             "firewall",
             flags["project"],
             nil,
@@ -247,20 +253,6 @@ module MU
 
         private
 
-        ########################################################################
-        # Manufacture an EC2 security group. The second parameter, rules, is an
-        # "ingress_rules" structure parsed and validated by MU::Config.
-        ########################################################################
-        def setRules(rules, add_to_self: false, ingress: true, egress: false)
-        end
-
-        ########################################################################
-        # Convert our config languages description of firewall rules into
-        # Amazon's.  This rule structure is as defined in MU::Config.
-        ########################################################################
-        def convertToEc2(rules)
-        end
-
       end #class
     end #class
   end

data/modules/mu/clouds/google/group.rb

@@ -49,12 +49,19 @@ module MU
           }
         end
 
+        # Does this resource type exist as a global (cloud-wide) artifact, or
+        # is it localized to a region/zone?
+        # @return [Boolean]
+        def self.isGlobal?
+          true
+        end
+
         # Remove all groups associated with the currently loaded deployment.
         # @param noop [Boolean]: If true, will only print what would be done
         # @param ignoremaster [Boolean]: If true, will remove resources not flagged as originating from this Mu server
         # @param region [String]: The cloud provider region
         # @return [void]
-        def self.cleanup(noop: false, ignoremaster: false, region: MU.curRegion, flags: {})
+        def self.cleanup(noop: false, ignoremaster: false, region: MU.curRegion, credentials: nil, flags: {})
         end
 
         # Locate an existing group group.
@@ -62,7 +69,8 @@ module MU
         # @param region [String]: The cloud provider region.
         # @param flags [Hash]: Optional flags
         # @return [OpenStruct]: The cloud provider's complete descriptions of matching group group.
-        def self.find(cloud_id: nil, region: MU.curRegion, flags: {})
+        def self.find(cloud_id: nil, region: MU.curRegion, credentials: nil, flags: {})
+          flags["project"] ||= MU::Cloud::Google.defaultProject(credentials)
           found = nil
           found
         end
@@ -113,7 +121,7 @@ module MU
 
         def bind_group
           bindings = []
-          ext_policy = MU::Cloud::Google.resource_manager.get_project_iam_policy(
+          ext_policy = MU::Cloud::Google.resource_manager(credentials: @config['credentials']).get_project_iam_policy(
             @config['project']
           )
 
@@ -145,12 +153,12 @@ module MU
             MU.log "Adding group #{@config['name']} to Google Cloud project #{@config['project']}", details: @config['roles']
 
             begin
-              MU::Cloud::Google.resource_manager.set_project_iam_policy(
+              MU::Cloud::Google.resource_manager(credentials: @config['credentials']).set_project_iam_policy(
                 @config['project'],
                 req_obj
               )
             rescue ::Google::Apis::ClientError => e
-              if e.message.match(/does not exist/i) and !$MU_CFG['google']['masquerade_as']
+              if e.message.match(/does not exist/i) and !MU::Cloud::Google.credConfig(@config['credentials'])['masquerade_as']
                 raise MuError, "Group #{@config['name']} does not exist, and we cannot create Google groups in non-GSuite environments.\nVisit https://groups.google.com to manage groups."
               end
               raise e

data/modules/mu/clouds/google/habitat.rb

@@ -0,0 +1,105 @@
+# Copyright:: Copyright (c) 2019 eGlobalTech, Inc., all rights reserved
+#
+# Licensed under the BSD-3 license (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License in the root of the project or at
+#
+#     http://egt-labs.com/mu/LICENSE.html
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+module MU
+  class Cloud
+    class Google
+      # Creates an Google project as configured in {MU::Config::BasketofKittens::habitats}
+      class Habitat < MU::Cloud::Habitat
+        @deploy = nil
+        @config = nil
+
+        attr_reader :mu_name
+        attr_reader :config
+        attr_reader :cloud_id
+
+        # @param mommacat [MU::MommaCat]: A {MU::Mommacat} object containing the deploy of which this resource is/will be a member.
+        # @param kitten_cfg [Hash]: The fully parsed and resolved {MU::Config} resource descriptor as defined in {MU::Config::BasketofKittens::habitats}
+        def initialize(mommacat: nil, kitten_cfg: nil, mu_name: nil, cloud_id: nil)
+          @deploy = mommacat
+          @config = MU::Config.manxify(kitten_cfg)
+          @cloud_id ||= cloud_id
+          @mu_name ||= @deploy.getResourceName(@config["name"])
+        end
+
+        # Called automatically by {MU::Deploy#createResources}
+        def create
+        end
+
+        # Return the cloud descriptor for the Habitat
+        def cloud_desc
+          MU::Cloud::Google::Habitat.find(cloud_id: @cloud_id).values.first
+        end
+
+        # Canonical Amazon Resource Number for this resource
+        # @return [String]
+        def arn
+          nil
+        end
+
+        # Return the metadata for this project's configuration
+        # @return [Hash]
+        def notify
+          {
+          }
+        end
+
+        # Does this resource type exist as a global (cloud-wide) artifact, or
+        # is it localized to a region/zone?
+        # @return [Boolean]
+        def self.isGlobal?
+          true
+        end
+
+        # Remove all Google projects associated with the currently loaded deployment. Try to, anyway.
+        # @param noop [Boolean]: If true, will only print what would be done
+        # @param ignoremaster [Boolean]: If true, will remove resources not flagged as originating from this Mu server
+        # @param region [String]: The cloud provider region
+        # @return [void]
+        def self.cleanup(noop: false, ignoremaster: false, region: MU.curRegion, credentials: nil, flags: {})
+        end
+
+        # Locate an existing project
+        # @param cloud_id [String]: The cloud provider's identifier for this resource.
+        # @param region [String]: The cloud provider region.
+        # @param flags [Hash]: Optional flags
+        # @return [OpenStruct]: The cloud provider's complete descriptions of matching project
+        def self.find(cloud_id: nil, region: MU.curRegion, credentials: nil, flags: {})
+          {}
+        end
+
+        # Cloud-specific configuration properties.
+        # @param config [MU::Config]: The calling MU::Config object
+        # @return [Array<Array,Hash>]: List of required fields, and json-schema Hash of cloud-specific configuration parameters for this resource
+        def self.schema(config)
+          toplevel_required = []
+          schema = {
+          }
+          [toplevel_required, schema]
+        end
+
+        # Cloud-specific pre-processing of {MU::Config::BasketofKittens::habitats}, bare and unvalidated.
+        # @param habitat [Hash]: The resource to process and validate
+        # @param configurator [MU::Config]: The overall deployment configurator of which this resource is a member
+        # @return [Boolean]: True if validation succeeded, False otherwise
+        def self.validateConfig(habitat, configurator)
+          ok = true
+
+          ok
+        end
+
+      end
+    end
+  end
+end

data/modules/mu/clouds/google/loadbalancer.rb

@@ -95,13 +95,13 @@ module MU
             end
             if @config['global']
               MU.log "Creating Global Forwarding Rule #{@mu_name}", MU::NOTICE, details: ruleobj
-              resp = MU::Cloud::Google.compute.insert_global_forwarding_rule(
+              resp = MU::Cloud::Google.compute(credentials: @config['credentials']).insert_global_forwarding_rule(
                 @config['project'],
                 ruleobj
               )
             else
               MU.log "Creating regional Forwarding Rule #{@mu_name} in #{@config['region']}", MU::NOTICE, details: ruleobj
-              resp = MU::Cloud::Google.compute.insert_forwarding_rule(
+              resp = MU::Cloud::Google.compute(credentials: @config['credentials']).insert_forwarding_rule(
                 @config['project'],
                 @config['region'],
                 ruleobj
@@ -119,12 +119,12 @@ module MU
         # @return [Hash]
         def notify
           rules = {}
-          resp = MU::Cloud::Google.compute.list_global_forwarding_rules(
+          resp = MU::Cloud::Google.compute(credentials: @config['credentials']).list_global_forwarding_rules(
             @config["project"],
             filter: "description eq #{@deploy.deploy_id}"
           )
           if resp.nil? or resp.items.nil? or resp.items.size == 0
-            resp = MU::Cloud::Google.compute.list_forwarding_rules(
+            resp = MU::Cloud::Google.compute(credentials: @config['credentials']).list_forwarding_rules(
               @config["project"],
               @config['region'],
               filter: "description eq #{@deploy.deploy_id}"
@@ -147,17 +147,24 @@ module MU
         def registerNode(instance_id, targetgroups: nil)
         end
 
+        # Does this resource type exist as a global (cloud-wide) artifact, or
+        # is it localized to a region/zone?
+        # @return [Boolean]
+        def self.isGlobal?
+          true
+        end
+
         # Remove all load balancers associated with the currently loaded deployment.
         # @param noop [Boolean]: If true, will only print what would be done
         # @param ignoremaster [Boolean]: If true, will remove resources not flagged as originating from this Mu server
         # @param region [String]: The cloud provider region
         # @return [void]
-        def self.cleanup(noop: false, ignoremaster: false, region: MU.curRegion, flags: {})
-          flags["project"] ||= MU::Cloud::Google.defaultProject
+        def self.cleanup(noop: false, ignoremaster: false, region: nil, credentials: nil, flags: {})
+          flags["project"] ||= MU::Cloud::Google.defaultProject(credentials)
 
           if region
             ["forwarding_rule", "region_backend_service"].each { |type|
-              MU::Cloud::Google.compute.delete(
+              MU::Cloud::Google.compute(credentials: credentials).delete(
                 type,
                 flags["project"],
                 region,
@@ -168,7 +175,7 @@ module MU
 
           if flags['global']
             ["global_forwarding_rule", "target_http_proxy", "target_https_proxy", "url_map", "backend_service", "health_check", "http_health_check", "https_health_check"].each { |type|
-              MU::Cloud::Google.compute.delete(
+              MU::Cloud::Google.compute(credentials: credentials).delete(
                 type,
                 flags["project"],
                 noop
@@ -296,7 +303,8 @@ module MU
         # @param tag_value [String]: The value of the tag specified by tag_key to match when searching by tag.
         # @param flags [Hash]: Optional flags
         # @return [Array<Hash<String,OpenStruct>>]: The cloud provider's complete descriptions of matching LoadBalancers
-        def self.find(cloud_id: nil, region: MU.curRegion, tag_key: "Name", tag_value: nil, flags: {})
+        def self.find(cloud_id: nil, region: MU.curRegion, tag_key: "Name", tag_value: nil, flags: {}, credentials: nil)
+          flags["project"] ||= MU::Cloud::Google.defaultProject(credentials)
         end
 
         private
@@ -312,7 +320,7 @@ module MU
             default_service: backend.self_link
           )
           MU.log "Creating url map #{tg['name']}", details: urlmap_obj
-          urlmap = MU::Cloud::Google.compute.insert_url_map(
+          urlmap = MU::Cloud::Google.compute(credentials: @config['credentials']).insert_url_map(
             @config['project'],
             urlmap_obj
           )
@@ -326,20 +334,20 @@ module MU
           if tg['proto'] == "HTTP"
             target_obj = MU::Cloud::Google.compute(:TargetHttpProxy).new(desc)
             MU.log "Creating http target proxy #{tg['name']}", details: target_obj
-            MU::Cloud::Google.compute.insert_target_http_proxy(
+            MU::Cloud::Google.compute(credentials: @config['credentials']).insert_target_http_proxy(
               @config['project'],
               target_obj
             )
           else
-            certdata = @deploy.nodeSSLCerts(self, 2048)
+            certdata = @deploy.nodeSSLCerts(self, false, 2048)
             cert_pem = certdata[0].to_s+File.read("/etc/pki/Mu_CA.pem")
-            gcpcert = MU::Cloud::Google.createSSLCertificate(@mu_name.downcase+"-"+tg['name'], cert_pem, certdata[1])
+            gcpcert = MU::Cloud::Google.createSSLCertificate(@mu_name.downcase+"-"+tg['name'], cert_pem, certdata[1], credentials: @config['credentials'])
 
 # TODO we need a method like MU::Cloud::AWS.findSSLCertificate, with option to hunt down an existing one
             desc[:ssl_certificates] = [gcpcert.self_link]
             target_obj = MU::Cloud::Google.compute(:TargetHttpsProxy).new(desc)
             MU.log "Creating https target proxy #{tg['name']}", details: target_obj
-            MU::Cloud::Google.compute.insert_target_https_proxy(
+            MU::Cloud::Google.compute(credentials: @config['credentials']).insert_target_https_proxy(
               @config['project'],
               target_obj
             )
@@ -385,13 +393,13 @@ module MU
           backend_obj = MU::Cloud::Google.compute(:BackendService).new(desc)
           MU.log "Creating backend service #{MU::Cloud::Google.nameStr(@deploy.getResourceName(tg["name"]))}", details: backend_obj
           if @config['private'] and !@config['global']
-            return MU::Cloud::Google.compute.insert_region_backend_service(
+            return MU::Cloud::Google.compute(credentials: @config['credentials']).insert_region_backend_service(
               @config['project'],
               @config['region'],
               backend_obj
             )
           else
-            return MU::Cloud::Google.compute.insert_backend_service(
+            return MU::Cloud::Google.compute(credentials: @config['credentials']).insert_backend_service(
               @config['project'],
               backend_obj
             )
@@ -399,7 +407,7 @@ module MU
         end
 
         def createHealthCheck(hc, namebase)
-          MU.log "HEALTH CHECK", MU::NOTICE, details: hc
+#          MU.log "HEALTH CHECK", MU::NOTICE, details: hc
           target = hc['target'].match(/^([^:]+):(\d+)(.*)/)
           proto = target[1]
           port = target[2]
@@ -421,12 +429,12 @@ module MU
 # type: SSL, HTTP2
             MU.log "Creating #{proto} health check #{name}", details: hc_obj
             if proto == "HTTP"
-              return MU::Cloud::Google.compute.insert_http_health_check(
+              return MU::Cloud::Google.compute(credentials: @config['credentials']).insert_http_health_check(
                 @config['project'],
                 hc_obj
               )
             else
-              return MU::Cloud::Google.compute.insert_https_health_check(
+              return MU::Cloud::Google.compute(credentials: @config['credentials']).insert_https_health_check(
                 @config['project'],
                 hc_obj
               )
@@ -466,7 +474,7 @@ module MU
             end
             hc_obj = MU::Cloud::Google.compute(:HealthCheck).new(desc)
             MU.log "INSERTING HEALTH CHECK", MU::NOTICE, details: hc_obj
-            return MU::Cloud::Google.compute.insert_health_check(
+            return MU::Cloud::Google.compute(credentials: @config['credentials']).insert_health_check(
               @config['project'],
               hc_obj
             )