cloud-mu 1.9.0.pre.beta → 2.0.0.pre.alpha

data/modules/mu/clouds/google/server_pool.rb

@@ -76,7 +76,7 @@ module MU
 #            machine_type: "zones/"+az+"/machineTypes/"+size,
             machine_type: size,
             labels: labels,
-            disks: MU::Cloud::Google::Server.diskConfig(@config, false, false),
+            disks: MU::Cloud::Google::Server.diskConfig(@config, false, false, credentials: @config['credentials']),
             network_interfaces: MU::Cloud::Google::Server.interfaceConfig(@config, @vpc),
             metadata: {
               :items => [
@@ -94,7 +94,7 @@ module MU
           )
 
           MU.log "Creating instance template #{@mu_name}", details: template_obj
-          template = MU::Cloud::Google.compute.insert_instance_template(
+          template = MU::Cloud::Google.compute(credentials: @config['credentials']).insert_instance_template(
             @config['project'],
             template_obj
           )
@@ -116,7 +116,7 @@ module MU
           )
 
           MU.log "Creating region instance group manager #{@mu_name}", details: mgr_obj
-          mgr = MU::Cloud::Google.compute.insert_region_instance_group_manager(
+          mgr = MU::Cloud::Google.compute(credentials: @config['credentials']).insert_region_instance_group_manager(
             @config['project'],
             @config['region'],
             mgr_obj
@@ -142,7 +142,7 @@ module MU
           )
 
           MU.log "Creating autoscaler policy #{@mu_name}", details: scaler_obj
-          MU::Cloud::Google.compute.insert_region_autoscaler(
+          MU::Cloud::Google.compute(credentials: @config['credentials']).insert_region_autoscaler(
             @config['project'],
             @config['region'],
             scaler_obj
@@ -165,7 +165,8 @@ module MU
         # @param tag_value [String]: The value of the tag specified by tag_key to match when searching by tag.
         # @param flags [Hash]: Optional flags
         # @return [Array<Hash<String,OpenStruct>>]: The cloud provider's complete descriptions of matching ServerPools
-        def self.find(cloud_id: nil, region: MU.curRegion, tag_key: "Name", tag_value: nil, flags: {})
+        def self.find(cloud_id: nil, region: MU.curRegion, tag_key: "Name", tag_value: nil, flags: {}, credentials: nil)
+          flags["project"] ||= MU::Cloud::Google.defaultProject(credentials)
           MU.log "XXX ServerPool.find not yet implemented", MU::WARN
           return {}
         end
@@ -226,7 +227,7 @@ module MU
 
             real_image = nil
             begin
-              real_image = MU::Cloud::Google::Server.fetchImage(launch['image_id'].to_s)
+              real_image = MU::Cloud::Google::Server.fetchImage(launch['image_id'].to_s, credentials: pool['credentials'])
             rescue ::Google::Apis::ClientError => e
               MU.log e.inspect, MU::WARN
             end
@@ -242,17 +243,24 @@ module MU
           ok
         end
 
+        # Does this resource type exist as a global (cloud-wide) artifact, or
+        # is it localized to a region/zone?
+        # @return [Boolean]
+        def self.isGlobal?
+          false
+        end
+
         # Remove all autoscale groups associated with the currently loaded deployment.
         # @param noop [Boolean]: If true, will only print what would be done
         # @param ignoremaster [Boolean]: If true, will remove resources not flagged as originating from this Mu server
         # @param region [String]: The cloud provider region
         # @return [void]
-        def self.cleanup(noop: false, ignoremaster: false, region: MU.curRegion, flags: {})
-          flags["project"] ||= MU::Cloud::Google.defaultProject
+        def self.cleanup(noop: false, ignoremaster: false, region: MU.curRegion, credentials: nil, flags: {})
+          flags["project"] ||= MU::Cloud::Google.defaultProject(credentials)
 
           if !flags["global"]
             ["region_autoscaler", "region_instance_group_manager"].each { |type|
-              MU::Cloud::Google.compute.delete(
+              MU::Cloud::Google.compute(credentials: credentials).delete(
                 type,
                 flags["project"],
                 region,
@@ -260,7 +268,7 @@ module MU
               )
             }
           else
-            MU::Cloud::Google.compute.delete(
+            MU::Cloud::Google.compute(credentials: credentials).delete(
               "instance_template",
               flags["project"],
               noop

data/modules/mu/clouds/google/user.rb

@@ -44,7 +44,7 @@ module MU
               )
             )
             MU.log "Creating service account #{@mu_name}"
-            MU::Cloud::Google.iam.create_service_account(
+            MU::Cloud::Google.iam(credentials: @config['credentials']).create_service_account(
               "projects/"+@config['project'],
               req_obj
             )
@@ -57,12 +57,12 @@ module MU
             bind_human_user
           else
             if @config['create_api_key']
-              resp = MU::Cloud::Google.iam.list_project_service_account_keys(
+              resp = MU::Cloud::Google.iam(credentials: @config['credentials']).list_project_service_account_keys(
                 cloud_desc.name
               )
               if resp.keys.size == 0
                 MU.log "Generating API keys for service account #{@mu_name}"
-                resp = MU::Cloud::Google.iam.create_service_account_key(
+                resp = MU::Cloud::Google.iam(credentials: @config['credentials']).create_service_account_key(
                   cloud_desc.name
                 )
                 scratchitem = MU::Master.storeScratchPadSecret("Google Cloud Service Account credentials for #{@mu_name}:\n<pre style='text-align:left;'>#{resp.private_key_data}</pre>")
@@ -77,7 +77,7 @@ module MU
           if @config['type'] == "interactive"
             return nil
           else
-            resp = MU::Cloud::Google.iam.list_project_service_accounts(
+            resp = MU::Cloud::Google.iam(credentials: @config['credentials']).list_project_service_accounts(
               "projects/"+@config["project"]
             )
 
@@ -103,14 +103,21 @@ module MU
           }
         end
 
+        # Does this resource type exist as a global (cloud-wide) artifact, or
+        # is it localized to a region/zone?
+        # @return [Boolean]
+        def self.isGlobal?
+          true
+        end
+
         # Remove all users associated with the currently loaded deployment.
         # @param noop [Boolean]: If true, will only print what would be done
         # @param ignoremaster [Boolean]: If true, will remove resources not flagged as originating from this Mu server
         # @param region [String]: The cloud provider region
         # @return [void]
-        def self.cleanup(noop: false, ignoremaster: false, region: MU.curRegion, flags: {})
-          flags["project"] ||= MU::Cloud::Google.defaultProject
-          resp = MU::Cloud::Google.iam.list_project_service_accounts(
+        def self.cleanup(noop: false, ignoremaster: false, region: MU.curRegion, credentials: nil, flags: {})
+          flags["project"] ||= MU::Cloud::Google.defaultProject(credentials)
+          resp = MU::Cloud::Google.iam(credentials: credentials).list_project_service_accounts(
             "projects/"+flags["project"]
           )
 
@@ -120,7 +127,7 @@ module MU
                 begin
                   MU.log "Deleting service account #{sa.name}", details: sa
                   if !noop
-                    MU::Cloud::Google.iam.delete_project_service_account(sa.name)
+                    MU::Cloud::Google.iam(credentials: credentials).delete_project_service_account(sa.name)
                   end
                 rescue ::Google::Apis::ClientError => e
                   raise e if !e.message.match(/^notFound: /)
@@ -130,14 +137,15 @@ module MU
           end
         end
 
-        # Locate an existing user group.
+        # Locate an existing user.
         # @param cloud_id [String]: The cloud provider's identifier for this resource.
         # @param region [String]: The cloud provider region.
         # @param flags [Hash]: Optional flags
         # @return [OpenStruct]: The cloud provider's complete descriptions of matching user group.
-        def self.find(cloud_id: nil, region: MU.curRegion, flags: {})
+        def self.find(cloud_id: nil, region: MU.curRegion, credentials: nil, flags: {})
+          flags["project"] ||= MU::Cloud::Google.defaultProject(credentials)
           found = nil
-          resp = MU::Cloud::Google.iam.list_project_service_accounts(
+          resp = MU::Cloud::Google.iam(credentials: credentials).list_project_service_accounts(
             "projects/"+flags["project"]
           )
 
@@ -194,7 +202,7 @@ module MU
           # admin_directory only works in a GSuite environment
           if !user['name'].match(/@/i) and $MU_CFG['google']['masquerade_as']
             # XXX flesh this check out, need to test with a GSuite site
-            pp MU::Cloud::Google.admin_directory.get_user(user['name'])
+            pp MU::Cloud::Google.admin_directory(credentials: user['credentials']).get_user(user['name'])
           end
 
           if user['groups'] and user['groups'].size > 0 and
@@ -215,7 +223,7 @@ module MU
 
         def bind_human_user
           bindings = []
-          ext_policy = MU::Cloud::Google.resource_manager.get_project_iam_policy(
+          ext_policy = MU::Cloud::Google.resource_manager(credentials: @config['credentials']).get_project_iam_policy(
             @config['project']
           )
 
@@ -247,7 +255,7 @@ module MU
             MU.log "Adding #{@config['name']} to Google Cloud project #{@config['project']}", details: @config['roles']
 
             begin
-              MU::Cloud::Google.resource_manager.set_project_iam_policy(
+              MU::Cloud::Google.resource_manager(credentials: @config['credentials']).set_project_iam_policy(
                 @config['project'],
                 req_obj
               )

data/modules/mu/clouds/google/vpc.rb

@@ -63,7 +63,7 @@ module MU
 #            i_pv4_range: @config['ip_block']
           )
           MU.log "Creating network #{@mu_name} (#{@config['ip_block']}) in project #{@config['project']}", details: networkobj
-          resp = MU::Cloud::Google.compute.insert_network(@config['project'], networkobj)
+          resp = MU::Cloud::Google.compute(credentials: @config['credentials']).insert_network(@config['project'], networkobj)
           @url = resp.self_link # XXX needs to go in notify
           @cloud_id = resp.name
 
@@ -83,7 +83,7 @@ module MU
                   network: @url,
                   region: subnet['availability_zone']
                 )
-                resp = MU::Cloud::Google.compute.insert_subnetwork(@config['project'], subnet['availability_zone'], subnetobj)
+                resp = MU::Cloud::Google.compute(credentials: @config['credentials']).insert_subnetwork(@config['project'], subnet['availability_zone'], subnetobj)
   
               }
             }
@@ -121,15 +121,20 @@ module MU
           base = MU.structToHash(cloud_desc)
           base["cloud_id"] = @cloud_id
           base.merge!(@config.to_h)
+if @config['name'] == "gkeprivate"
+  pp base.keys
+  puts base['cloud_id']
+end
+
           base
         end
 
         # Describe this VPC from the cloud platform's perspective
         # @return [Hash]
         def cloud_desc
-          @config['project'] ||= MU::Cloud::Google.defaultProject
+          @config['project'] ||= MU::Cloud::Google.defaultProject(@config['credentials'])
 
-          resp = MU::Cloud::Google.compute.get_network(@config['project'], @cloud_id)
+          resp = MU::Cloud::Google.compute(credentials: @config['credentials']).get_network(@config['project'], @cloud_id)
           if @cloud_id.nil? or @cloud_id == ""
             MU.log "Couldn't describe #{self}, @cloud_id #{@cloud_id.nil? ? "undefined" : "empty" }", MU::ERR
             return nil
@@ -137,7 +142,7 @@ module MU
 
           resp = resp.to_h
           @url ||= resp[:self_link]
-          routes = MU::Cloud::Google.compute.list_routes(
+          routes = MU::Cloud::Google.compute(credentials: @config['credentials']).list_routes(
             @config['project'],
             filter: "network eq #{@cloud_id}"
           ).items
@@ -162,38 +167,66 @@ module MU
           if !@config['peers'].nil?
             count = 0
             @config['peers'].each { |peer|
-              tag_key, tag_value = peer['vpc']['tag'].split(/=/, 2) if !peer['vpc']['tag'].nil?
-              if peer['vpc']['deploy_id'].nil? and peer['vpc']['vpc_id'].nil? and tag_key.nil?
-                peer['vpc']['deploy_id'] = @deploy.deploy_id
-              end
+              if peer['vpc']['vpc_name']
+                peer_obj = @deploy.findLitterMate(name: peer['vpc']['vpc_name'], type: "vpcs")
+                if peer_obj
+                  if peer_obj.config['peers']
+                    skipme = false
+                    peer_obj.config['peers'].each { |peerpeer|
+                      if peerpeer['vpc']['vpc_name'] == @config['name'] and
+                         (peer['vpc']['vpc_name'] <=> @config['name']) == -1
+                        skipme = true
+                        MU.log "VPCs #{peer['vpc']['vpc_name']} and #{@config['name']} both declare mutual peering connection, ignoring #{@config['name']}'s redundant declaration", MU::DEBUG
+# XXX and if deploy_id matches or is unset
+                      end
+                    }
+                    next if skipme
+                  end
+                end
 
-              peer_obj = MU::MommaCat.findStray(
-                  "Google",
-                  "vpcs",
-                  deploy_id: peer['vpc']['deploy_id'],
-                  cloud_id: peer['vpc']['vpc_id'],
-                  name: peer['vpc']['vpc_name'],
-                  tag_key: tag_key,
-                  tag_value: tag_value,
-                  dummy_ok: true
-              )
+              else
+                tag_key, tag_value = peer['vpc']['tag'].split(/=/, 2) if !peer['vpc']['tag'].nil?
+                if peer['vpc']['deploy_id'].nil? and peer['vpc']['vpc_id'].nil? and tag_key.nil?
+                  peer['vpc']['deploy_id'] = @deploy.deploy_id
+                end
 
-              raise MuError, "No result looking for #{@mu_name}'s peer VPCs (#{peer['vpc']})" if peer_obj.nil? or peer_obj.first.nil?
+                peer_obj = MU::MommaCat.findStray(
+                    "Google",
+                    "vpcs",
+                    deploy_id: peer['vpc']['deploy_id'],
+                    cloud_id: peer['vpc']['vpc_id'],
+                    name: peer['vpc']['vpc_name'],
+                    tag_key: tag_key,
+                    tag_value: tag_value,
+                    dummy_ok: true
+                ).first
+              end
+
+              raise MuError, "No result looking for #{@mu_name}'s peer VPCs (#{peer['vpc']})" if peer_obj.nil?
 
-              url = peer_obj.first.cloudobj.url || peer_obj.first.cloudobj.deploydata['self_link']
+              url = if peer_obj.cloudobj.url
+                peer_obj.cloudobj.url
+              elsif peer_obj.cloudobj.deploydata
+                peer_obj.cloudobj.deploydata['self_link']
+              else
+                pp peer_obj.cloudobj.cloud_desc
+                raise MuError, "Can't find the damn URL of my damn peer VPC #{peer['vpc']}"
+              end
+              cnxn_name = MU::Cloud::Google.nameStr(@mu_name+"-peer-"+count.to_s)
               peerreq = MU::Cloud::Google.compute(:NetworksAddPeeringRequest).new(
-                name: MU::Cloud::Google.nameStr(@mu_name+"-peer-"+count.to_s),
+                name: cnxn_name,
                 auto_create_routes: true,
                 peer_network: url
               )
 
-              MU.log "Peering #{@mu_name} with #{url}", details: peerreq
-              MU::Cloud::Google.compute.add_network_peering(
+              MU.log "Peering #{@url} with #{url}, connection name is #{cnxn_name}", details: peerreq
+
+              MU::Cloud::Google.compute(credentials: @config['credentials']).add_network_peering(
                 @config['project'],
                 @cloud_id,
                 peerreq
               )
-
+              count += 1
             }
           end
         end
@@ -204,19 +237,19 @@ module MU
         # @param tag_key [String]: A tag key to search.
         # @param tag_value [String]: The value of the tag specified by tag_key to match when searching by tag.
         # @return [Array<Hash<String,OpenStruct>>]: The cloud provider's complete descriptions of matching VPCs
-        def self.find(cloud_id: nil, region: MU.curRegion, tag_key: "Name", tag_value: nil, flags: {})
-          flags["project"] ||= MU::Cloud::Google.defaultProject
-#MU.log "CALLED MU::Cloud::Google::VPC.find(#{cloud_id}, #{region}, #{tag_key}, #{tag_value}) from #{caller[0]}", MU::NOTICE, details: flags
+        def self.find(cloud_id: nil, region: MU.curRegion, tag_key: "Name", tag_value: nil, flags: {}, credentials: nil)
+          flags["project"] ||= MU::Cloud::Google.defaultProject(credentials)
+#MU.log "CALLED MU::Cloud::Google::VPC.find(#{cloud_id}, #{region}, #{tag_key}, #{tag_value}) with credentials #{credentials} from #{caller[0]}", MU::NOTICE, details: flags
 
           resp = {}
           if cloud_id
-            vpc = MU::Cloud::Google.compute.get_network(
+            vpc = MU::Cloud::Google.compute(credentials: credentials).get_network(
               flags['project'],
               cloud_id.to_s.sub(/^.*?\/([^\/]+)$/, '\1')
             )
             resp[cloud_id] = vpc if !vpc.nil?
           else # XXX other criteria
-            MU::Cloud::Google.compute.list_networks(
+            MU::Cloud::Google.compute(credentials: credentials).list_networks(
               flags["project"]
             ).items.each { |vpc|
               resp[vpc.name] = vpc
@@ -224,7 +257,7 @@ module MU
           end
 #MU.log "THINGY", MU::WARN, details: resp
           resp.each_pair { |cloud_id, vpc|
-            routes = MU::Cloud::Google.compute.list_routes(
+            routes = MU::Cloud::Google.compute(credentials: credentials).list_routes(
               flags["project"],
               filter: "network eq #{vpc.self_link}"
             ).items
@@ -259,7 +292,7 @@ module MU
 
           resp = nil
           MU::Cloud::Google.listRegions(@config['us_only']).each { |r|
-            resp = MU::Cloud::Google.compute.list_subnetworks(
+            resp = MU::Cloud::Google.compute(credentials: @config['credentials']).list_subnetworks(
               @config['project'],
               r,
               filter: "network eq #{network[:self_link]}"
@@ -415,13 +448,13 @@ module MU
         # @param target_instance [OpenStruct]: The cloud descriptor of the instance to check.
         # @param region [String]: The cloud provider region of the target subnet.
         # @return [Boolean]
-        def self.haveRouteToInstance?(target_instance, region: MU.curRegion)
-          project ||= MU::Cloud::Google.defaultProject
+        def self.haveRouteToInstance?(target_instance, region: MU.curRegion, credentials: nil)
+          project ||= MU::Cloud::Google.defaultProject(credentials)
           return false if MU.myCloud != "Google"
 # XXX see if we reside in the same Network and overlap subnets
 # XXX see if we peer with the target's Network
           target_instance.network_interfaces.each { |iface|
-            resp = MU::Cloud::Google.compute.list_routes(
+            resp = MU::Cloud::Google.compute(credentials: credentials).list_routes(
               project,
               filter: "network eq #{iface.network}"
             )
@@ -456,19 +489,26 @@ MU.log "ROUTES TO #{target_instance.name}", MU::WARN, details: resp
         def self.get_route_tables(subnet_ids: [], vpc_ids: [], region: MU.curRegion)
         end
 
+        # Does this resource type exist as a global (cloud-wide) artifact, or
+        # is it localized to a region/zone?
+        # @return [Boolean]
+        def self.isGlobal?
+          true
+        end
+
         # Remove all VPC resources associated with the currently loaded deployment.
         # @param noop [Boolean]: If true, will only print what would be done
         # @param ignoremaster [Boolean]: If true, will remove resources not flagged as originating from this Mu server
         # @param region [String]: The cloud provider region
         # @return [void]
-        def self.cleanup(noop: false, ignoremaster: false, region: MU.curRegion, flags: {})
-          flags["project"] ||= MU::Cloud::Google.defaultProject
+        def self.cleanup(noop: false, ignoremaster: false, region: MU.curRegion, credentials: nil, flags: {})
+          flags["project"] ||= MU::Cloud::Google.defaultProject(credentials)
 
-          purge_subnets(noop, project: flags['project'])
+          purge_subnets(noop, project: flags['project'], credentials: credentials)
           ["route", "network"].each { |type|
 # XXX tagged routes aren't showing up in list, and the networks that own them
 # fail to delete silently
-            MU::Cloud::Google.compute.delete(
+            MU::Cloud::Google.compute(credentials: credentials).delete(
               type,
               flags["project"],
               nil,
@@ -558,6 +598,8 @@ MU.log "ROUTES TO #{target_instance.name}", MU::WARN, details: resp
             vpc['route_tables'].each { |tbl|
               newvpc = {
                 "name" => vpc['name']+"-"+tbl['name'],
+                "credentials" => vpc['credentials'],
+                "virtual_name" => vpc['name'],
                 "ip_block" => blocks.shift,
                 "route_tables" => [tbl],
                 "parent_block" => vpc['ip_block'],
@@ -587,9 +629,9 @@ MU.log "ROUTES TO #{target_instance.name}", MU::WARN, details: resp
 # XXX we need routes to peered Networks too
 
             if has_nat or has_deny
-              ok = false if !genStandardSubnetACLs(vpc['parent_block'] || vpc['ip_block'], vpc['name'], configurator, vpc["project"], false)
+              ok = false if !genStandardSubnetACLs(vpc['parent_block'] || vpc['ip_block'], vpc['name'], configurator, vpc["project"], false, credentials: vpc['credentials'])
             else
-              ok = false if !genStandardSubnetACLs(vpc['parent_block'] || vpc['ip_block'], vpc['name'], configurator, vpc["project"])
+              ok = false if !genStandardSubnetACLs(vpc['parent_block'] || vpc['ip_block'], vpc['name'], configurator, vpc["project"], credentials: vpc['credentials'])
             end
             if has_nat and !has_deny
               vpc['route_tables'].first["routes"] << {
@@ -613,6 +655,7 @@ MU.log "ROUTES TO #{target_instance.name}", MU::WARN, details: resp
               if route['gateway'] == "#NAT"
                 nat_cfg = MU::Cloud::Google::Server.genericNAT
                 nat_cfg['name'] = vpc['name']+"-natstion-"+nat_count.to_s
+                nat_cfg['credentials'] = vpc['credentials']
                 # XXX ingress/egress rules?
                 # XXX for master too if applicable
                 nat_cfg["application_attributes"] = {
@@ -649,10 +692,11 @@ MU.log "ROUTES TO #{target_instance.name}", MU::WARN, details: resp
 
         private
 
-        def self.genStandardSubnetACLs(vpc_cidr, vpc_name, configurator, project, publicroute = true)
+        def self.genStandardSubnetACLs(vpc_cidr, vpc_name, configurator, project, publicroute = true, credentials: nil)
           private_acl = {
-            "name" => vpc_name+"-routables",
+            "name" => vpc_name+"-rt",
             "cloud" => "Google",
+            "credentials" => credentials,
             "project" => project,
             "vpc" => { "vpc_name" => vpc_name },
             "dependencies" => [ { "type" => "vpc", "name" => vpc_name } ],
@@ -712,7 +756,7 @@ MU.log "ROUTES TO #{target_instance.name}", MU::WARN, details: resp
             end
 # several other cases missing for various types of routers (raw IPs, instance ids, etc) XXX
           elsif route['gateway'] == "#DENY"
-            resp = MU::Cloud::Google.compute.list_routes(
+            resp = MU::Cloud::Google.compute(credentials: @config['credentials']).list_routes(
               @config['project'],
               filter: "network eq #{network}"
             )
@@ -721,7 +765,7 @@ MU.log "ROUTES TO #{target_instance.name}", MU::WARN, details: resp
               resp.items.each { |r|
                 next if r.next_hop_gateway.nil? or !r.next_hop_gateway.match(/\/global\/gateways\/default-internet-gateway$/)
                 MU.log "Removing standard route #{r.name} per our #DENY entry"
-                MU::Cloud::Google.compute.delete_route(@config['project'], r.name)
+                MU::Cloud::Google.compute(credentials: @config['credentials']).delete_route(@config['project'], r.name)
               }
             end
           elsif route['gateway'] == "#INTERNET"
@@ -748,11 +792,11 @@ MU.log "ROUTES TO #{target_instance.name}", MU::WARN, details: resp
 
           if route['gateway'] != "#DENY"
             begin
-              MU::Cloud::Google.compute.get_route(@config['project'], routename)
+              MU::Cloud::Google.compute(credentials: @config['credentials']).get_route(@config['project'], routename)
             rescue ::Google::Apis::ClientError, MU::MuError => e
               if e.message.match(/notFound/)
                 MU.log "Creating route #{routename} in project #{@config['project']}", details: routeobj
-                resp = MU::Cloud::Google.compute.insert_route(@config['project'], routeobj)
+                resp = MU::Cloud::Google.compute(credentials: @config['credentials']).insert_route(@config['project'], routeobj)
               else
                 # TODO can't update GCP routes, would have to delete and re-create
               end
@@ -786,7 +830,7 @@ MU.log "ROUTES TO #{target_instance.name}", MU::WARN, details: resp
 
         # Remove all network interfaces associated with the currently loaded deployment.
         # @param noop [Boolean]: If true, will only print what would be done
-        # @param tagfilters [Array<Hash>]: EC2 tags to filter against when search for resources to purge
+        # @param tagfilters [Array<Hash>]: Labels to filter against when search for resources to purge
         # @param region [String]: The cloud provider region
         # @return [void]
         def self.purge_interfaces(noop = false, tagfilters = [{name: "tag:MU-ID", values: [MU.deploy_id]}], region: MU.curRegion)
@@ -794,16 +838,17 @@ MU.log "ROUTES TO #{target_instance.name}", MU::WARN, details: resp
 
         # Remove all subnets associated with the currently loaded deployment.
         # @param noop [Boolean]: If true, will only print what would be done
-        # @param tagfilters [Array<Hash>]: EC2 tags to filter against when search for resources to purge
+        # @param tagfilters [Array<Hash>]: Labels to filter against when search for resources to purge
         # @param regions [Array<String>]: The cloud provider regions to check
         # @return [void]
-        def self.purge_subnets(noop = false, tagfilters = [{name: "tag:MU-ID", values: [MU.deploy_id]}], regions: MU::Cloud::Google.listRegions, project: MU::Cloud::Google.defaultProject)
+        def self.purge_subnets(noop = false, tagfilters = [{name: "tag:MU-ID", values: [MU.deploy_id]}], regions: MU::Cloud::Google.listRegions, project: nil, credentials: nil)
+          project ||= MU::Cloud::Google.defaultProject(credentials)
           parent_thread_id = Thread.current.object_id
           regionthreads = []
           regions.each { |r|
             regionthreads << Thread.new {
               MU.dupGlobals(parent_thread_id)
-              MU::Cloud::Google.compute.delete(
+              MU::Cloud::Google.compute(credentials: credentials).delete(
                 "subnetwork",
                 project,
                 r,
@@ -816,23 +861,6 @@ MU.log "ROUTES TO #{target_instance.name}", MU::WARN, details: resp
           end
         end
 
-        # Remove all DHCP options sets associated with the currently loaded
-        # deployment.
-        # @param noop [Boolean]: If true, will only print what would be done
-        # @param tagfilters [Array<Hash>]: EC2 tags to filter against when search for resources to purge
-        # @param region [String]: The cloud provider region
-        # @return [void]
-        def self.purge_dhcpopts(noop = false, tagfilters = [{name: "tag:MU-ID", values: [MU.deploy_id]}], region: MU.curRegion)
-        end
-
-        # Remove all VPCs associated with the currently loaded deployment.
-        # @param noop [Boolean]: If true, will only print what would be done
-        # @param tagfilters [Array<Hash>]: EC2 tags to filter against when search for resources to purge
-        # @param region [String]: The cloud provider region
-        # @return [void]
-        def self.purge_vpcs(noop = false, tagfilters = [{name: "tag:MU-ID", values: [MU.deploy_id]}], region: MU.curRegion)
-        end
-
         protected
 
         # Subnets are almost a first-class resource. So let's kinda sorta treat
@@ -869,7 +897,7 @@ MU.log "ROUTES TO #{target_instance.name}", MU::WARN, details: resp
           # Is this subnet privately-routable only, or public?
           # @return [Boolean]
           def private?
-            routes = MU::Cloud::Google.compute.list_routes(
+            routes = MU::Cloud::Google.compute(credentials: @parent.config['credentials']).list_routes(
               @parent.config['project'],
               filter: "network eq #{@parent.url}"
             ).items