cloud-mu 1.9.0.pre.beta
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +7 -0
- data/Berksfile +56 -0
- data/Berksfile.lock +250 -0
- data/Jenkinsfile +184 -0
- data/LICENSE.md +37 -0
- data/README.md +26 -0
- data/bin/mu-aws-setup +376 -0
- data/bin/mu-cleanup +68 -0
- data/bin/mu-configure +1133 -0
- data/bin/mu-deploy +166 -0
- data/bin/mu-firewall-allow-clients +30 -0
- data/bin/mu-gcp-setup +200 -0
- data/bin/mu-gen-docs +34 -0
- data/bin/mu-gen-env +42 -0
- data/bin/mu-load-config.rb +158 -0
- data/bin/mu-node-manage +683 -0
- data/bin/mu-self-update +228 -0
- data/bin/mu-ssh +23 -0
- data/bin/mu-tunnel-nagios +144 -0
- data/bin/mu-upload-chef-artifacts +757 -0
- data/bin/mu-user-manage +275 -0
- data/cookbooks/awscli/LICENSE +37 -0
- data/cookbooks/awscli/README.md +58 -0
- data/cookbooks/awscli/attributes/default.rb +1 -0
- data/cookbooks/awscli/libraries/instance_metadata.rb +21 -0
- data/cookbooks/awscli/metadata.rb +20 -0
- data/cookbooks/awscli/recipes/default.rb +56 -0
- data/cookbooks/awscli/templates/default/config.erb +18 -0
- data/cookbooks/mu-activedirectory/CHANGELOG.md +13 -0
- data/cookbooks/mu-activedirectory/LICENSE +37 -0
- data/cookbooks/mu-activedirectory/README.md +6 -0
- data/cookbooks/mu-activedirectory/attributes/default.rb +98 -0
- data/cookbooks/mu-activedirectory/files/default/password-auth +32 -0
- data/cookbooks/mu-activedirectory/files/default/sshd_pol.pp +0 -0
- data/cookbooks/mu-activedirectory/files/default/sshd_pol.te +32 -0
- data/cookbooks/mu-activedirectory/files/default/syslogd_oddjobd.pp +0 -0
- data/cookbooks/mu-activedirectory/files/default/syslogd_oddjobd.te +10 -0
- data/cookbooks/mu-activedirectory/files/default/system-auth +34 -0
- data/cookbooks/mu-activedirectory/files/default/winbindpol.pp +0 -0
- data/cookbooks/mu-activedirectory/files/default/winbindpol.te +37 -0
- data/cookbooks/mu-activedirectory/libraries/config.rb +106 -0
- data/cookbooks/mu-activedirectory/libraries/helper.rb +86 -0
- data/cookbooks/mu-activedirectory/metadata.rb +17 -0
- data/cookbooks/mu-activedirectory/providers/domain.rb +152 -0
- data/cookbooks/mu-activedirectory/providers/domain_controller.rb +89 -0
- data/cookbooks/mu-activedirectory/providers/domain_node.rb +275 -0
- data/cookbooks/mu-activedirectory/recipes/default.rb +8 -0
- data/cookbooks/mu-activedirectory/recipes/domain-controller.rb +44 -0
- data/cookbooks/mu-activedirectory/recipes/domain-node.rb +50 -0
- data/cookbooks/mu-activedirectory/recipes/domain.rb +43 -0
- data/cookbooks/mu-activedirectory/recipes/sssd.rb +185 -0
- data/cookbooks/mu-activedirectory/resources/domain.rb +25 -0
- data/cookbooks/mu-activedirectory/resources/domain_controller.rb +25 -0
- data/cookbooks/mu-activedirectory/resources/domain_node.rb +20 -0
- data/cookbooks/mu-activedirectory/templates/default/dhclient-eth0.conf.erb +4 -0
- data/cookbooks/mu-activedirectory/templates/default/interface +0 -0
- data/cookbooks/mu-activedirectory/templates/default/krb5.conf.erb +23 -0
- data/cookbooks/mu-activedirectory/templates/default/ntp.conf.erb +56 -0
- data/cookbooks/mu-activedirectory/templates/default/smb.conf.erb +33 -0
- data/cookbooks/mu-activedirectory/templates/default/sssd.conf.erb +60 -0
- data/cookbooks/mu-activedirectory/templates/windows/Backup.xml.erb +20 -0
- data/cookbooks/mu-activedirectory/templates/windows/bkupInfo.xml.erb +1 -0
- data/cookbooks/mu-activedirectory/templates/windows/gpreprt.xml.erb +198 -0
- data/cookbooks/mu-activedirectory/templates/windows/gptmpl.inf.erb +12 -0
- data/cookbooks/mu-activedirectory/templates/windows/manifest.xml.erb +1 -0
- data/cookbooks/mu-firewall/CHANGELOG.md +11 -0
- data/cookbooks/mu-firewall/LICENSE +37 -0
- data/cookbooks/mu-firewall/README.md +5 -0
- data/cookbooks/mu-firewall/attributes/default.rb +3 -0
- data/cookbooks/mu-firewall/metadata.rb +16 -0
- data/cookbooks/mu-firewall/recipes/default.rb +10 -0
- data/cookbooks/mu-glusterfs/CHANGELOG.md +13 -0
- data/cookbooks/mu-glusterfs/LICENSE +37 -0
- data/cookbooks/mu-glusterfs/README.md +5 -0
- data/cookbooks/mu-glusterfs/attributes/default.rb +34 -0
- data/cookbooks/mu-glusterfs/metadata.rb +17 -0
- data/cookbooks/mu-glusterfs/recipes/client.rb +62 -0
- data/cookbooks/mu-glusterfs/recipes/default.rb +16 -0
- data/cookbooks/mu-glusterfs/recipes/samba.rb +57 -0
- data/cookbooks/mu-glusterfs/recipes/server.rb +200 -0
- data/cookbooks/mu-glusterfs/templates/default/mu-gluster-client.erb +71 -0
- data/cookbooks/mu-glusterfs/templates/default/smb.conf.erb +14 -0
- data/cookbooks/mu-jenkins/CHANGELOG.md +13 -0
- data/cookbooks/mu-jenkins/LICENSE +37 -0
- data/cookbooks/mu-jenkins/README.md +105 -0
- data/cookbooks/mu-jenkins/attributes/default.rb +42 -0
- data/cookbooks/mu-jenkins/files/default/cleanup_deploy_config.xml +73 -0
- data/cookbooks/mu-jenkins/files/default/deploy_config.xml +44 -0
- data/cookbooks/mu-jenkins/metadata.rb +21 -0
- data/cookbooks/mu-jenkins/recipes/default.rb +195 -0
- data/cookbooks/mu-jenkins/recipes/node-ssh-config.rb +54 -0
- data/cookbooks/mu-jenkins/recipes/public_key.rb +24 -0
- data/cookbooks/mu-jenkins/templates/default/example_job.config.xml.erb +24 -0
- data/cookbooks/mu-jenkins/templates/default/org.jvnet.hudson.plugins.SSHBuildWrapper.xml.erb +14 -0
- data/cookbooks/mu-jenkins/templates/default/ssh_config.erb +6 -0
- data/cookbooks/mu-master/CHANGELOG.md +13 -0
- data/cookbooks/mu-master/LICENSE +37 -0
- data/cookbooks/mu-master/README.md +6 -0
- data/cookbooks/mu-master/attributes/default.rb +95 -0
- data/cookbooks/mu-master/files/default/0-mu-log-server.conf +19 -0
- data/cookbooks/mu-master/files/default/addRSA.ldif +8 -0
- data/cookbooks/mu-master/files/default/check_mem.pl +197 -0
- data/cookbooks/mu-master/files/default/cloudamatic.png +0 -0
- data/cookbooks/mu-master/files/default/dirsrv_admin.pp +0 -0
- data/cookbooks/mu-master/files/default/dirsrv_admin.te +13 -0
- data/cookbooks/mu-master/files/default/nagios_selinux.pp +0 -0
- data/cookbooks/mu-master/files/default/nagios_selinux.te +51 -0
- data/cookbooks/mu-master/files/default/nagios_selinux_7.pp +0 -0
- data/cookbooks/mu-master/files/default/nagios_selinux_7.te +17 -0
- data/cookbooks/mu-master/files/default/pam_sshd +18 -0
- data/cookbooks/mu-master/files/default/ssl_enable.ldif +18 -0
- data/cookbooks/mu-master/files/default/syslogd_oddjobd.pp +0 -0
- data/cookbooks/mu-master/files/default/syslogd_oddjobd.te +10 -0
- data/cookbooks/mu-master/files/default/vimrc +19 -0
- data/cookbooks/mu-master/libraries/mu.rb +29 -0
- data/cookbooks/mu-master/metadata.rb +30 -0
- data/cookbooks/mu-master/providers/user.rb +41 -0
- data/cookbooks/mu-master/recipes/389ds.rb +164 -0
- data/cookbooks/mu-master/recipes/basepackages.rb +58 -0
- data/cookbooks/mu-master/recipes/caching_nameserver.rb +37 -0
- data/cookbooks/mu-master/recipes/default.rb +451 -0
- data/cookbooks/mu-master/recipes/eks-kubectl.rb +41 -0
- data/cookbooks/mu-master/recipes/firewall-holes.rb +70 -0
- data/cookbooks/mu-master/recipes/init.rb +542 -0
- data/cookbooks/mu-master/recipes/ssl-certs.rb +109 -0
- data/cookbooks/mu-master/recipes/sssd.rb +89 -0
- data/cookbooks/mu-master/recipes/update_nagios_only.rb +242 -0
- data/cookbooks/mu-master/recipes/vault.rb +111 -0
- data/cookbooks/mu-master/resources/user.rb +19 -0
- data/cookbooks/mu-master/templates/default/389-directory-setup.inf.erb +28 -0
- data/cookbooks/mu-master/templates/default/chef-server.rb.erb +18 -0
- data/cookbooks/mu-master/templates/default/dhclient-eth0.conf.erb +9 -0
- data/cookbooks/mu-master/templates/default/mu-momma-cat.erb +149 -0
- data/cookbooks/mu-master/templates/default/mu.rc.erb +9 -0
- data/cookbooks/mu-master/templates/default/openssl.cnf.erb +354 -0
- data/cookbooks/mu-master/templates/default/sssd.conf.erb +44 -0
- data/cookbooks/mu-master/templates/default/web_app.conf.erb +90 -0
- data/cookbooks/mu-mongo/CHANGELOG.md +13 -0
- data/cookbooks/mu-mongo/LICENSE +37 -0
- data/cookbooks/mu-mongo/README.md +5 -0
- data/cookbooks/mu-mongo/attributes/default.rb +22 -0
- data/cookbooks/mu-mongo/files/default/keyfile +16 -0
- data/cookbooks/mu-mongo/files/default/remove_nodes.js +5 -0
- data/cookbooks/mu-mongo/metadata.rb +17 -0
- data/cookbooks/mu-mongo/recipes/default.rb +149 -0
- data/cookbooks/mu-mongo/recipes/yum-update-rule.rb +18 -0
- data/cookbooks/mu-mongo/templates/default/mongo_create_openfema_db.js.erb +2 -0
- data/cookbooks/mu-mongo/templates/default/mongo_init.js.erb +1 -0
- data/cookbooks/mu-mongo/templates/default/mongo_logrotate.erb +14 -0
- data/cookbooks/mu-mongo/templates/default/mongo_replset_addnodes.js.erb +6 -0
- data/cookbooks/mu-mongo/templates/default/replset_init.js.erb +2 -0
- data/cookbooks/mu-openvpn/CHANGELOG.md +13 -0
- data/cookbooks/mu-openvpn/LICENSE +37 -0
- data/cookbooks/mu-openvpn/README.md +6 -0
- data/cookbooks/mu-openvpn/attributes/default.rb +119 -0
- data/cookbooks/mu-openvpn/metadata.rb +18 -0
- data/cookbooks/mu-openvpn/recipes/default.rb +108 -0
- data/cookbooks/mu-openvpn/templates/default/users.json.erb +42 -0
- data/cookbooks/mu-php54/CHANGELOG.md +12 -0
- data/cookbooks/mu-php54/LICENSE +37 -0
- data/cookbooks/mu-php54/README.md +0 -0
- data/cookbooks/mu-php54/files/centos/php.ini +1802 -0
- data/cookbooks/mu-php54/files/ubuntu/php.ini +1870 -0
- data/cookbooks/mu-php54/metadata.rb +21 -0
- data/cookbooks/mu-php54/recipes/default.rb +97 -0
- data/cookbooks/mu-splunk/CHANGELOG.md +37 -0
- data/cookbooks/mu-splunk/LICENSE +37 -0
- data/cookbooks/mu-splunk/README.md +451 -0
- data/cookbooks/mu-splunk/attributes/default.rb +95 -0
- data/cookbooks/mu-splunk/attributes/upgrade.rb +49 -0
- data/cookbooks/mu-splunk/definitions/splunk_installer.rb +103 -0
- data/cookbooks/mu-splunk/files/default/splunk-nocheck +10 -0
- data/cookbooks/mu-splunk/libraries/helpers.rb +72 -0
- data/cookbooks/mu-splunk/libraries/splunk_app_provider.rb +156 -0
- data/cookbooks/mu-splunk/libraries/splunk_app_resource.rb +43 -0
- data/cookbooks/mu-splunk/metadata.json +30 -0
- data/cookbooks/mu-splunk/metadata.rb +17 -0
- data/cookbooks/mu-splunk/recipes/client.rb +143 -0
- data/cookbooks/mu-splunk/recipes/default.rb +31 -0
- data/cookbooks/mu-splunk/recipes/disabled.rb +41 -0
- data/cookbooks/mu-splunk/recipes/install_forwarder.rb +23 -0
- data/cookbooks/mu-splunk/recipes/install_server.rb +23 -0
- data/cookbooks/mu-splunk/recipes/server.rb +53 -0
- data/cookbooks/mu-splunk/recipes/service.rb +95 -0
- data/cookbooks/mu-splunk/recipes/setup_auth.rb +49 -0
- data/cookbooks/mu-splunk/recipes/setup_ssl.rb +63 -0
- data/cookbooks/mu-splunk/recipes/upgrade.rb +94 -0
- data/cookbooks/mu-splunk/recipes/user.rb +34 -0
- data/cookbooks/mu-splunk/templates/default/base_logs_unix_inputs.conf.erb +26 -0
- data/cookbooks/mu-splunk/templates/default/inputs.conf.erb +13 -0
- data/cookbooks/mu-splunk/templates/default/outputs.conf.erb +9 -0
- data/cookbooks/mu-splunk/templates/default/splunk-init.erb +74 -0
- data/cookbooks/mu-splunk/templates/default/system-web.conf.erb +7 -0
- data/cookbooks/mu-tools/CHANGELOG.md +12 -0
- data/cookbooks/mu-tools/LICENSE +37 -0
- data/cookbooks/mu-tools/README.md +188 -0
- data/cookbooks/mu-tools/attributes/default.rb +142 -0
- data/cookbooks/mu-tools/attributes/ebs_rolling_snapshots.rb +3 -0
- data/cookbooks/mu-tools/files/amazon/etc/freshclam.conf +235 -0
- data/cookbooks/mu-tools/files/centos/CentOS-Base.repo +52 -0
- data/cookbooks/mu-tools/files/centos/etc/bashrc +93 -0
- data/cookbooks/mu-tools/files/centos/etc/freshclam.conf +235 -0
- data/cookbooks/mu-tools/files/centos/etc/login.defs +72 -0
- data/cookbooks/mu-tools/files/centos/etc/profile +77 -0
- data/cookbooks/mu-tools/files/centos/etc/security/limits.conf +57 -0
- data/cookbooks/mu-tools/files/centos/etc/sysconfig/init +19 -0
- data/cookbooks/mu-tools/files/centos/etc/sysctl.conf +82 -0
- data/cookbooks/mu-tools/files/centos-6/README_MU +0 -0
- data/cookbooks/mu-tools/files/centos-6/etc/audit/stig.rules +173 -0
- data/cookbooks/mu-tools/files/centos-6/etc/bashrc +90 -0
- data/cookbooks/mu-tools/files/centos-6/etc/login.defs +70 -0
- data/cookbooks/mu-tools/files/centos-6/etc/pam.d/su +12 -0
- data/cookbooks/mu-tools/files/centos-6/etc/profile +83 -0
- data/cookbooks/mu-tools/files/centos-6/etc/securetty +12 -0
- data/cookbooks/mu-tools/files/centos-6/etc/sysconfig/init +30 -0
- data/cookbooks/mu-tools/files/centos-6/etc/sysctl.conf +40 -0
- data/cookbooks/mu-tools/files/default/Mu_CA.pem +34 -0
- data/cookbooks/mu-tools/files/default/PSWindowsUpdate.zip +0 -0
- data/cookbooks/mu-tools/files/default/ebs_snapshots.py +123 -0
- data/cookbooks/mu-tools/files/default/etc/BANNER +0 -0
- data/cookbooks/mu-tools/files/default/etc/BANNER-FEDERAL +19 -0
- data/cookbooks/mu-tools/files/default/gpo_no_uac.zip +0 -0
- data/cookbooks/mu-tools/files/default/mypol.pp +0 -0
- data/cookbooks/mu-tools/files/default/mypol.te +37 -0
- data/cookbooks/mu-tools/files/default/nrpe_c7.pp +0 -0
- data/cookbooks/mu-tools/files/default/nrpe_c7.te +31 -0
- data/cookbooks/mu-tools/files/default/nrpe_check_disk.pp +0 -0
- data/cookbooks/mu-tools/files/default/nrpe_check_disk.te +11 -0
- data/cookbooks/mu-tools/files/default/nrpe_disk.pp +0 -0
- data/cookbooks/mu-tools/files/default/nrpe_disk.te +10 -0
- data/cookbooks/mu-tools/files/default/nrpe_file.pp +0 -0
- data/cookbooks/mu-tools/files/default/nrpe_file.te +31 -0
- data/cookbooks/mu-tools/files/default/ntrights +0 -0
- data/cookbooks/mu-tools/files/default/serverclass.conf +18 -0
- data/cookbooks/mu-tools/files/default/splunk-apps/base_logs_unix/local/app.conf +1 -0
- data/cookbooks/mu-tools/files/default/splunk-apps/base_logs_unix/local/inputs.conf +13 -0
- data/cookbooks/mu-tools/files/default/splunk-apps/base_logs_windows/local/app.conf +1 -0
- data/cookbooks/mu-tools/files/default/splunk-apps/base_logs_windows/local/inputs.conf +8 -0
- data/cookbooks/mu-tools/files/default/sshd_pol.pp +0 -0
- data/cookbooks/mu-tools/files/default/sshd_pol.te +32 -0
- data/cookbooks/mu-tools/files/redhat/etc/bashrc +93 -0
- data/cookbooks/mu-tools/files/redhat/etc/freshclam.conf +235 -0
- data/cookbooks/mu-tools/files/redhat/etc/login.defs +72 -0
- data/cookbooks/mu-tools/files/redhat/etc/profile +77 -0
- data/cookbooks/mu-tools/files/redhat/etc/security/limits.conf +57 -0
- data/cookbooks/mu-tools/files/redhat/etc/sysconfig/init +19 -0
- data/cookbooks/mu-tools/files/redhat/etc/sysctl.conf +82 -0
- data/cookbooks/mu-tools/files/redhat-6/README_MU +0 -0
- data/cookbooks/mu-tools/files/redhat-6/etc/audit/stig.rules +173 -0
- data/cookbooks/mu-tools/files/redhat-6/etc/bashrc +90 -0
- data/cookbooks/mu-tools/files/redhat-6/etc/login.defs +70 -0
- data/cookbooks/mu-tools/files/redhat-6/etc/pam.d/su +12 -0
- data/cookbooks/mu-tools/files/redhat-6/etc/profile +83 -0
- data/cookbooks/mu-tools/files/redhat-6/etc/securetty +12 -0
- data/cookbooks/mu-tools/files/redhat-6/etc/sysconfig/init +30 -0
- data/cookbooks/mu-tools/files/redhat-6/etc/sysctl.conf +40 -0
- data/cookbooks/mu-tools/files/redhat-7.1/etc/freshclam.conf +235 -0
- data/cookbooks/mu-tools/files/ubuntu-12.04/etc/bash.bashrc +64 -0
- data/cookbooks/mu-tools/files/ubuntu-12.04/etc/common-session +30 -0
- data/cookbooks/mu-tools/files/ubuntu-12.04/etc/login.defs +338 -0
- data/cookbooks/mu-tools/files/ubuntu-12.04/etc/profile +30 -0
- data/cookbooks/mu-tools/files/ubuntu-12.04/etc/security/limits.conf +56 -0
- data/cookbooks/mu-tools/files/ubuntu-12.04/etc/sysctl.conf +60 -0
- data/cookbooks/mu-tools/libraries/helper.rb +292 -0
- data/cookbooks/mu-tools/metadata.rb +28 -0
- data/cookbooks/mu-tools/recipes/add_admin_ssh_keys.rb +35 -0
- data/cookbooks/mu-tools/recipes/apply_security.rb +440 -0
- data/cookbooks/mu-tools/recipes/aws_api.rb +23 -0
- data/cookbooks/mu-tools/recipes/base_repositories.rb +31 -0
- data/cookbooks/mu-tools/recipes/cisbenchmark.rb +59 -0
- data/cookbooks/mu-tools/recipes/clamav.rb +53 -0
- data/cookbooks/mu-tools/recipes/cloudinit.rb +58 -0
- data/cookbooks/mu-tools/recipes/configure_oracle_tools.rb +81 -0
- data/cookbooks/mu-tools/recipes/disable-requiretty.rb +22 -0
- data/cookbooks/mu-tools/recipes/ebs_rolling_snapshots.rb +75 -0
- data/cookbooks/mu-tools/recipes/efs.rb +70 -0
- data/cookbooks/mu-tools/recipes/eks.rb +160 -0
- data/cookbooks/mu-tools/recipes/gcloud.rb +98 -0
- data/cookbooks/mu-tools/recipes/google_api.rb +25 -0
- data/cookbooks/mu-tools/recipes/maldet.rb +67 -0
- data/cookbooks/mu-tools/recipes/nagios.rb +19 -0
- data/cookbooks/mu-tools/recipes/newclient.rb +23 -0
- data/cookbooks/mu-tools/recipes/nrpe.rb +115 -0
- data/cookbooks/mu-tools/recipes/python_pip.rb +35 -0
- data/cookbooks/mu-tools/recipes/retrieve_application.rb +51 -0
- data/cookbooks/mu-tools/recipes/rsyslog.rb +65 -0
- data/cookbooks/mu-tools/recipes/set_local_fw.rb +57 -0
- data/cookbooks/mu-tools/recipes/set_mu_hostname.rb +81 -0
- data/cookbooks/mu-tools/recipes/split_var_partitions.rb +86 -0
- data/cookbooks/mu-tools/recipes/splunk-client.rb +69 -0
- data/cookbooks/mu-tools/recipes/splunk-server.rb +104 -0
- data/cookbooks/mu-tools/recipes/store_inspec_attr.rb +8 -0
- data/cookbooks/mu-tools/recipes/updates.rb +96 -0
- data/cookbooks/mu-tools/recipes/windows-client.rb +202 -0
- data/cookbooks/mu-tools/resources/aws_windows.rb +33 -0
- data/cookbooks/mu-tools/resources/disk.rb +88 -0
- data/cookbooks/mu-tools/resources/mommacat_request.rb +11 -0
- data/cookbooks/mu-tools/resources/scheduled_tasks.rb +29 -0
- data/cookbooks/mu-tools/resources/sshd_service.rb +45 -0
- data/cookbooks/mu-tools/resources/windows_users.rb +242 -0
- data/cookbooks/mu-tools/templates/amazon/sshd_config.erb +168 -0
- data/cookbooks/mu-tools/templates/centos-6/sshd_config.erb +212 -0
- data/cookbooks/mu-tools/templates/centos-7/sshd_config.erb +215 -0
- data/cookbooks/mu-tools/templates/default/0-mu-log-client.conf.erb +13 -0
- data/cookbooks/mu-tools/templates/default/conf.maldet.erb +137 -0
- data/cookbooks/mu-tools/templates/default/etc_hosts.erb +30 -0
- data/cookbooks/mu-tools/templates/default/etc_pamd_password-auth.erb +14 -0
- data/cookbooks/mu-tools/templates/default/etc_pamd_system-auth.erb +14 -0
- data/cookbooks/mu-tools/templates/default/etc_sysconfig_network.erb +12 -0
- data/cookbooks/mu-tools/templates/default/kubeconfig.erb +29 -0
- data/cookbooks/mu-tools/templates/default/kubelet.service.erb +35 -0
- data/cookbooks/mu-tools/templates/default/maldet_scanall.sh.erb +15 -0
- data/cookbooks/mu-tools/templates/default/nrpe.cfg.erb +233 -0
- data/cookbooks/mu-tools/templates/redhat-6/sshd_config.erb +213 -0
- data/cookbooks/mu-tools/templates/redhat-7/sshd_config.erb +215 -0
- data/cookbooks/mu-tools/templates/ubuntu-12.04/sshd_config.erb +146 -0
- data/cookbooks/mu-tools/templates/ubuntu-14.04/sshd_config.erb +145 -0
- data/cookbooks/mu-tools/templates/windows/Backup.xml.erb +20 -0
- data/cookbooks/mu-tools/templates/windows/bkupInfo.xml.erb +1 -0
- data/cookbooks/mu-tools/templates/windows/gpreprt.xml.erb +214 -0
- data/cookbooks/mu-tools/templates/windows/gptmpl.inf.erb +12 -0
- data/cookbooks/mu-tools/templates/windows/manifest.xml.erb +1 -0
- data/cookbooks/mu-tools/templates/windows/set_ad_dns_scheduled_task.ps1.erb +6 -0
- data/cookbooks/mu-tools/templates/windows/sshd_config.erb +136 -0
- data/cookbooks/mu-utility/CHANGELOG.md +12 -0
- data/cookbooks/mu-utility/LICENSE +37 -0
- data/cookbooks/mu-utility/README.md +6 -0
- data/cookbooks/mu-utility/attributes/default.rb +1 -0
- data/cookbooks/mu-utility/libraries/matchers.rb +21 -0
- data/cookbooks/mu-utility/metadata.rb +16 -0
- data/cookbooks/mu-utility/recipes/apt.rb +23 -0
- data/cookbooks/mu-utility/recipes/cleanup_image_helper.rb +118 -0
- data/cookbooks/mu-utility/recipes/iptables.rb +26 -0
- data/cookbooks/mu-utility/recipes/luks.rb +18 -0
- data/cookbooks/mu-utility/recipes/nat.rb +104 -0
- data/cookbooks/mu-utility/recipes/php.rb +33 -0
- data/cookbooks/mu-utility/recipes/rdp_gateway.rb +83 -0
- data/cookbooks/mu-utility/recipes/remi.rb +44 -0
- data/cookbooks/mu-utility/recipes/vim.rb +26 -0
- data/cookbooks/mu-utility/recipes/windows_basics.rb +37 -0
- data/cookbooks/mu-utility/recipes/zip.rb +26 -0
- data/cookbooks/mu-utility/templates/default/BundleConfig.xml.erb +34 -0
- data/cookbooks/mu-utility/templates/default/config.xml.erb +60 -0
- data/cookbooks/nagios/Berksfile +8 -0
- data/cookbooks/nagios/CHANGELOG.md +589 -0
- data/cookbooks/nagios/CONTRIBUTING.md +11 -0
- data/cookbooks/nagios/LICENSE +37 -0
- data/cookbooks/nagios/README.md +328 -0
- data/cookbooks/nagios/TESTING.md +2 -0
- data/cookbooks/nagios/attributes/config.rb +171 -0
- data/cookbooks/nagios/attributes/default.rb +228 -0
- data/cookbooks/nagios/chefignore +102 -0
- data/cookbooks/nagios/definitions/command.rb +33 -0
- data/cookbooks/nagios/definitions/contact.rb +33 -0
- data/cookbooks/nagios/definitions/contactgroup.rb +33 -0
- data/cookbooks/nagios/definitions/host.rb +33 -0
- data/cookbooks/nagios/definitions/hostdependency.rb +33 -0
- data/cookbooks/nagios/definitions/hostescalation.rb +34 -0
- data/cookbooks/nagios/definitions/hostgroup.rb +33 -0
- data/cookbooks/nagios/definitions/nagios_conf.rb +38 -0
- data/cookbooks/nagios/definitions/resource.rb +33 -0
- data/cookbooks/nagios/definitions/service.rb +33 -0
- data/cookbooks/nagios/definitions/servicedependency.rb +33 -0
- data/cookbooks/nagios/definitions/serviceescalation.rb +34 -0
- data/cookbooks/nagios/definitions/servicegroup.rb +33 -0
- data/cookbooks/nagios/definitions/timeperiod.rb +33 -0
- data/cookbooks/nagios/libraries/base.rb +314 -0
- data/cookbooks/nagios/libraries/command.rb +91 -0
- data/cookbooks/nagios/libraries/contact.rb +230 -0
- data/cookbooks/nagios/libraries/contactgroup.rb +112 -0
- data/cookbooks/nagios/libraries/custom_option.rb +36 -0
- data/cookbooks/nagios/libraries/data_bag_helper.rb +23 -0
- data/cookbooks/nagios/libraries/default.rb +90 -0
- data/cookbooks/nagios/libraries/host.rb +412 -0
- data/cookbooks/nagios/libraries/hostdependency.rb +181 -0
- data/cookbooks/nagios/libraries/hostescalation.rb +173 -0
- data/cookbooks/nagios/libraries/hostgroup.rb +119 -0
- data/cookbooks/nagios/libraries/nagios.rb +282 -0
- data/cookbooks/nagios/libraries/resource.rb +59 -0
- data/cookbooks/nagios/libraries/service.rb +455 -0
- data/cookbooks/nagios/libraries/servicedependency.rb +215 -0
- data/cookbooks/nagios/libraries/serviceescalation.rb +195 -0
- data/cookbooks/nagios/libraries/servicegroup.rb +144 -0
- data/cookbooks/nagios/libraries/timeperiod.rb +160 -0
- data/cookbooks/nagios/libraries/users_helper.rb +54 -0
- data/cookbooks/nagios/metadata.rb +25 -0
- data/cookbooks/nagios/recipes/_load_databag_config.rb +153 -0
- data/cookbooks/nagios/recipes/_load_default_config.rb +241 -0
- data/cookbooks/nagios/recipes/apache.rb +48 -0
- data/cookbooks/nagios/recipes/default.rb +204 -0
- data/cookbooks/nagios/recipes/nginx.rb +82 -0
- data/cookbooks/nagios/recipes/pagerduty.rb +143 -0
- data/cookbooks/nagios/recipes/server_package.rb +40 -0
- data/cookbooks/nagios/recipes/server_source.rb +164 -0
- data/cookbooks/nagios/templates/default/apache2.conf.erb +96 -0
- data/cookbooks/nagios/templates/default/cgi.cfg.erb +266 -0
- data/cookbooks/nagios/templates/default/commands.cfg.erb +13 -0
- data/cookbooks/nagios/templates/default/contacts.cfg.erb +37 -0
- data/cookbooks/nagios/templates/default/hostgroups.cfg.erb +25 -0
- data/cookbooks/nagios/templates/default/hosts.cfg.erb +15 -0
- data/cookbooks/nagios/templates/default/htpasswd.users.erb +6 -0
- data/cookbooks/nagios/templates/default/nagios.cfg.erb +22 -0
- data/cookbooks/nagios/templates/default/nginx.conf.erb +62 -0
- data/cookbooks/nagios/templates/default/pagerduty.cgi.erb +185 -0
- data/cookbooks/nagios/templates/default/resource.cfg.erb +27 -0
- data/cookbooks/nagios/templates/default/servicedependencies.cfg.erb +15 -0
- data/cookbooks/nagios/templates/default/servicegroups.cfg.erb +14 -0
- data/cookbooks/nagios/templates/default/services.cfg.erb +14 -0
- data/cookbooks/nagios/templates/default/templates.cfg.erb +31 -0
- data/cookbooks/nagios/templates/default/timeperiods.cfg.erb +13 -0
- data/cookbooks/s3fs/CHANGELOG.md +13 -0
- data/cookbooks/s3fs/LICENSE +37 -0
- data/cookbooks/s3fs/README.md +6 -0
- data/cookbooks/s3fs/attributes/default.rb +15 -0
- data/cookbooks/s3fs/files/default/fuse-2.9.3.zip +0 -0
- data/cookbooks/s3fs/metadata.rb +16 -0
- data/cookbooks/s3fs/recipes/default.rb +91 -0
- data/data_bags/demo/app.json +7 -0
- data/data_bags/nagios_services/chef.json +6 -0
- data/data_bags/nagios_services/linux_diskspace.json +5 -0
- data/data_bags/nagios_services/momma_cat.json +6 -0
- data/data_bags/nagios_services/mu-master-memory.json +5 -0
- data/data_bags/nagios_services/nagios_ui.json +6 -0
- data/data_bags/nagios_services/node_ssh.json +6 -0
- data/data_bags/nagios_services/ssh.json +6 -0
- data/demo/lambda_test.yaml +29 -0
- data/environments/DEV.json +8 -0
- data/environments/PROD.json +8 -0
- data/environments/dev.json +8 -0
- data/environments/development.json +8 -0
- data/environments/prod.json +8 -0
- data/extras/README.md +1 -0
- data/extras/admin-role-binding.yaml +16 -0
- data/extras/admin-user.yaml +6 -0
- data/extras/aws-auth-cm.yaml.erb +12 -0
- data/extras/clean-stock-amis +48 -0
- data/extras/git-fix-permissions-hook +12 -0
- data/extras/gitlab-eks-helper.sh.erb +20 -0
- data/extras/image-generators/README.md +2 -0
- data/extras/image-generators/aws/centos6.yaml +18 -0
- data/extras/image-generators/aws/centos7-govcloud.yaml +24 -0
- data/extras/image-generators/aws/centos7.yaml +17 -0
- data/extras/image-generators/aws/rhel7.yaml +17 -0
- data/extras/image-generators/aws/win2k12.yaml +16 -0
- data/extras/image-generators/aws/win2k16.yaml +16 -0
- data/extras/image-generators/aws/windows.yaml +18 -0
- data/extras/image-generators/gcp/centos6.yaml +17 -0
- data/extras/lambda_waf_domain_blacklist.py +103 -0
- data/extras/platform_berksfile_base +50 -0
- data/extras/ruby_rpm/build.sh +17 -0
- data/extras/ruby_rpm/muby.spec +44 -0
- data/extras/vault_tools/README.md +6 -0
- data/extras/vault_tools/export_vaults.sh +3 -0
- data/extras/vault_tools/recreate_vaults.sh +5 -0
- data/extras/vault_tools/test_vaults.sh +5 -0
- data/install/README.md +8 -0
- data/install/cfn_create_mu_master.json +1034 -0
- data/install/chef-server.rb.erb +19 -0
- data/install/deprecated-bash-library.sh +1891 -0
- data/install/images/Usage.png +0 -0
- data/install/installer +71 -0
- data/install/jenkinskeys.rb +8 -0
- data/install/user-dot-murc.erb +14 -0
- data/modules/html.erb +19 -0
- data/modules/mommacat.ru +426 -0
- data/modules/mu/cleanup.rb +339 -0
- data/modules/mu/cloud.rb +1446 -0
- data/modules/mu/clouds/README.md +201 -0
- data/modules/mu/clouds/aws/alarm.rb +319 -0
- data/modules/mu/clouds/aws/cache_cluster.rb +1010 -0
- data/modules/mu/clouds/aws/collection.rb +373 -0
- data/modules/mu/clouds/aws/container_cluster.rb +667 -0
- data/modules/mu/clouds/aws/database.rb +1836 -0
- data/modules/mu/clouds/aws/dnszone.rb +911 -0
- data/modules/mu/clouds/aws/firewall_rule.rb +641 -0
- data/modules/mu/clouds/aws/folder.rb +92 -0
- data/modules/mu/clouds/aws/function.rb +349 -0
- data/modules/mu/clouds/aws/group.rb +251 -0
- data/modules/mu/clouds/aws/loadbalancer.rb +888 -0
- data/modules/mu/clouds/aws/log.rb +363 -0
- data/modules/mu/clouds/aws/msg_queue.rb +480 -0
- data/modules/mu/clouds/aws/notification.rb +139 -0
- data/modules/mu/clouds/aws/role.rb +656 -0
- data/modules/mu/clouds/aws/search_domain.rb +646 -0
- data/modules/mu/clouds/aws/server.rb +2294 -0
- data/modules/mu/clouds/aws/server_pool.rb +1388 -0
- data/modules/mu/clouds/aws/storage_pool.rb +495 -0
- data/modules/mu/clouds/aws/user.rb +382 -0
- data/modules/mu/clouds/aws/userdata/README.md +4 -0
- data/modules/mu/clouds/aws/userdata/linux.erb +179 -0
- data/modules/mu/clouds/aws/userdata/windows.erb +278 -0
- data/modules/mu/clouds/aws/vpc.rb +1943 -0
- data/modules/mu/clouds/aws.rb +1009 -0
- data/modules/mu/clouds/cloudformation/alarm.rb +146 -0
- data/modules/mu/clouds/cloudformation/cache_cluster.rb +167 -0
- data/modules/mu/clouds/cloudformation/collection.rb +117 -0
- data/modules/mu/clouds/cloudformation/database.rb +278 -0
- data/modules/mu/clouds/cloudformation/dnszone.rb +274 -0
- data/modules/mu/clouds/cloudformation/firewall_rule.rb +308 -0
- data/modules/mu/clouds/cloudformation/loadbalancer.rb +193 -0
- data/modules/mu/clouds/cloudformation/log.rb +170 -0
- data/modules/mu/clouds/cloudformation/server.rb +370 -0
- data/modules/mu/clouds/cloudformation/server_pool.rb +279 -0
- data/modules/mu/clouds/cloudformation/vpc.rb +322 -0
- data/modules/mu/clouds/cloudformation.rb +733 -0
- data/modules/mu/clouds/docker.rb +30 -0
- data/modules/mu/clouds/google/container_cluster.rb +290 -0
- data/modules/mu/clouds/google/database.rb +152 -0
- data/modules/mu/clouds/google/firewall_rule.rb +267 -0
- data/modules/mu/clouds/google/group.rb +164 -0
- data/modules/mu/clouds/google/loadbalancer.rb +479 -0
- data/modules/mu/clouds/google/server.rb +1510 -0
- data/modules/mu/clouds/google/server_pool.rb +274 -0
- data/modules/mu/clouds/google/user.rb +266 -0
- data/modules/mu/clouds/google/userdata/README.md +4 -0
- data/modules/mu/clouds/google/userdata/linux.erb +137 -0
- data/modules/mu/clouds/google/userdata/windows.erb +275 -0
- data/modules/mu/clouds/google/vpc.rb +890 -0
- data/modules/mu/clouds/google.rb +811 -0
- data/modules/mu/config/README.md +11 -0
- data/modules/mu/config/alarm.rb +271 -0
- data/modules/mu/config/cache_cluster.rb +172 -0
- data/modules/mu/config/collection.rb +87 -0
- data/modules/mu/config/container_cluster.rb +103 -0
- data/modules/mu/config/container_cluster.yml +36 -0
- data/modules/mu/config/database.rb +458 -0
- data/modules/mu/config/database.yml +26 -0
- data/modules/mu/config/dnszone.rb +327 -0
- data/modules/mu/config/firewall_rule.rb +118 -0
- data/modules/mu/config/folder.rb +70 -0
- data/modules/mu/config/function.rb +140 -0
- data/modules/mu/config/group.rb +64 -0
- data/modules/mu/config/loadbalancer.rb +482 -0
- data/modules/mu/config/log.rb +47 -0
- data/modules/mu/config/log.yml +6 -0
- data/modules/mu/config/msg_queue.rb +47 -0
- data/modules/mu/config/msg_queue.yml +9 -0
- data/modules/mu/config/notification.rb +44 -0
- data/modules/mu/config/project.rb +71 -0
- data/modules/mu/config/role.rb +102 -0
- data/modules/mu/config/search_domain.rb +61 -0
- data/modules/mu/config/search_domain.yml +25 -0
- data/modules/mu/config/server.rb +587 -0
- data/modules/mu/config/server.yml +8 -0
- data/modules/mu/config/server_pool.rb +216 -0
- data/modules/mu/config/server_pool.yml +71 -0
- data/modules/mu/config/storage_pool.rb +145 -0
- data/modules/mu/config/user.rb +78 -0
- data/modules/mu/config/vpc.rb +743 -0
- data/modules/mu/config/vpc.yml +6 -0
- data/modules/mu/config.rb +2000 -0
- data/modules/mu/defaults/README.md +2 -0
- data/modules/mu/defaults/amazon_images.yaml +121 -0
- data/modules/mu/defaults/google_images.yaml +16 -0
- data/modules/mu/deploy.rb +686 -0
- data/modules/mu/groomer.rb +123 -0
- data/modules/mu/groomers/README.md +58 -0
- data/modules/mu/groomers/chef.rb +1024 -0
- data/modules/mu/kittens.rb +11319 -0
- data/modules/mu/logger.rb +208 -0
- data/modules/mu/master/README.md +27 -0
- data/modules/mu/master/chef.rb +471 -0
- data/modules/mu/master/ldap.rb +1005 -0
- data/modules/mu/master.rb +415 -0
- data/modules/mu/mommacat.rb +2703 -0
- data/modules/mu-load-config.rb +1 -0
- data/modules/mu.rb +724 -0
- data/modules/scratchpad.erb +1 -0
- data/modules/tests/super_complex_bok.yml +41 -0
- data/modules/tests/super_simple_bok.yml +40 -0
- data/mu.gemspec +62 -0
- data/roles/demo-dbservice-configure.json +19 -0
- data/roles/demo-portal-configure.json +19 -0
- data/roles/mu-master-jenkins.json +24 -0
- data/roles/mu-master-nagios-only.json +13 -0
- data/roles/mu-master.json +12 -0
- data/roles/mu-node.json +19 -0
- data/roles/mu-splunk-server.json +13 -0
- data/roles/mu-splunk.json +13 -0
- data/test/clean_up.py +25 -0
- data/test/demo-test-profile/README.md +3 -0
- data/test/demo-test-profile/controls/flask.rb +84 -0
- data/test/demo-test-profile/inspec.lock +7 -0
- data/test/demo-test-profile/inspec.yml +11 -0
- data/test/etco-test-profile/README.md +3 -0
- data/test/etco-test-profile/controls/all-in-one.rb +182 -0
- data/test/etco-test-profile/inspec.lock +7 -0
- data/test/etco-test-profile/inspec.yml +11 -0
- data/test/exec_inspec.py +246 -0
- data/test/exec_mu_install.py +241 -0
- data/test/exec_retry.py +44 -0
- data/test/mu-master-test/README.md +3 -0
- data/test/mu-master-test/controls/all_in_one.rb +557 -0
- data/test/mu-master-test/inspec.lock +3 -0
- data/test/mu-master-test/inspec.yml +11 -0
- data/test/mu-tools-test/README.md +3 -0
- data/test/mu-tools-test/controls/base.rb +265 -0
- data/test/mu-tools-test/inspec.lock +3 -0
- data/test/mu-tools-test/inspec.yml +8 -0
- data/test/simple-server-php-test/README.md +3 -0
- data/test/simple-server-php-test/controls/apachephp.rb +25 -0
- data/test/simple-server-php-test/controls/example.rb +19 -0
- data/test/simple-server-php-test/inspec.lock +7 -0
- data/test/simple-server-php-test/inspec.yml +12 -0
- data/test/simple-server-rails-test/README.md +3 -0
- data/test/simple-server-rails-test/controls/rails.rb +188 -0
- data/test/simple-server-rails-test/inspec.lock +7 -0
- data/test/simple-server-rails-test/inspec.yml +11 -0
- data/test/simple-windows-test/README.md +3 -0
- data/test/simple-windows-test/controls/windows.rb +20 -0
- data/test/simple-windows-test/inspec.lock +7 -0
- data/test/simple-windows-test/inspec.yml +11 -0
- data/test/smoke_test.rb +75 -0
- data/test/wordpress-test/README.md +3 -0
- data/test/wordpress-test/controls/wordpress.rb +97 -0
- data/test/wordpress-test/inspec.lock +7 -0
- data/test/wordpress-test/inspec.yml +11 -0
- metadata +979 -0
|
@@ -0,0 +1,92 @@
|
|
|
1
|
+
# Copyright:: Copyright (c) 2014 eGlobalTech, Inc., all rights reserved
|
|
2
|
+
#
|
|
3
|
+
# Licensed under the BSD-3 license (the "License");
|
|
4
|
+
# you may not use this file except in compliance with the License.
|
|
5
|
+
# You may obtain a copy of the License in the root of the project or at
|
|
6
|
+
#
|
|
7
|
+
# http://egt-labs.com/mu/LICENSE.html
|
|
8
|
+
#
|
|
9
|
+
# Unless required by applicable law or agreed to in writing, software
|
|
10
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
11
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
12
|
+
# See the License for the specific language governing permissions and
|
|
13
|
+
# limitations under the License.
|
|
14
|
+
|
|
15
|
+
module MU
|
|
16
|
+
class Cloud
|
|
17
|
+
class AWS
|
|
18
|
+
# A log as configured in {MU::Config::BasketofKittens::logs}
|
|
19
|
+
class Folder < MU::Cloud::Folder
|
|
20
|
+
@deploy = nil
|
|
21
|
+
@config = nil
|
|
22
|
+
attr_reader :mu_name
|
|
23
|
+
attr_reader :config
|
|
24
|
+
attr_reader :cloud_id
|
|
25
|
+
|
|
26
|
+
# @param mommacat [MU::MommaCat]: A {MU::Mommacat} object containing the deploy of which this resource is/will be a member.
|
|
27
|
+
# @param kitten_cfg [Hash]: The fully parsed and resolved {MU::Config} resource descriptor as defined in {MU::Config::BasketofKittens::logs}
|
|
28
|
+
def initialize(mommacat: nil, kitten_cfg: nil, mu_name: nil, cloud_id: nil)
|
|
29
|
+
@deploy = mommacat
|
|
30
|
+
@config = MU::Config.manxify(kitten_cfg)
|
|
31
|
+
@cloud_id ||= cloud_id
|
|
32
|
+
@mu_name ||= @deploy.getResourceName(@config["name"])
|
|
33
|
+
end
|
|
34
|
+
|
|
35
|
+
# Called automatically by {MU::Deploy#createResources}
|
|
36
|
+
def create
|
|
37
|
+
end
|
|
38
|
+
|
|
39
|
+
# Canonical Amazon Resource Number for this resource
|
|
40
|
+
# @return [String]
|
|
41
|
+
def arn
|
|
42
|
+
end
|
|
43
|
+
|
|
44
|
+
# Return the metadata for this log configuration
|
|
45
|
+
# @return [Hash]
|
|
46
|
+
def notify
|
|
47
|
+
{
|
|
48
|
+
}
|
|
49
|
+
end
|
|
50
|
+
|
|
51
|
+
# Remove all logs associated with the currently loaded deployment.
|
|
52
|
+
# @param noop [Boolean]: If true, will only print what would be done
|
|
53
|
+
# @param ignoremaster [Boolean]: If true, will remove resources not flagged as originating from this Mu server
|
|
54
|
+
# @param region [String]: The cloud provider region
|
|
55
|
+
# @return [void]
|
|
56
|
+
def self.cleanup(noop: false, ignoremaster: false, region: MU.curRegion, flags: {})
|
|
57
|
+
end
|
|
58
|
+
|
|
59
|
+
# Locate an existing log group.
|
|
60
|
+
# @param cloud_id [String]: The cloud provider's identifier for this resource.
|
|
61
|
+
# @param region [String]: The cloud provider region.
|
|
62
|
+
# @param flags [Hash]: Optional flags
|
|
63
|
+
# @return [OpenStruct]: The cloud provider's complete descriptions of matching log group.
|
|
64
|
+
def self.find(cloud_id: nil, region: MU.curRegion, flags: {})
|
|
65
|
+
found = nil
|
|
66
|
+
found
|
|
67
|
+
end
|
|
68
|
+
|
|
69
|
+
# Cloud-specific configuration properties.
|
|
70
|
+
# @param config [MU::Config]: The calling MU::Config object
|
|
71
|
+
# @return [Array<Array,Hash>]: List of required fields, and json-schema Hash of cloud-specific configuration parameters for this resource
|
|
72
|
+
def self.schema(config)
|
|
73
|
+
toplevel_required = []
|
|
74
|
+
schema = {
|
|
75
|
+
}
|
|
76
|
+
[toplevel_required, schema]
|
|
77
|
+
end
|
|
78
|
+
|
|
79
|
+
# Cloud-specific pre-processing of {MU::Config::BasketofKittens::logs}, bare and unvalidated.
|
|
80
|
+
# @param log [Hash]: The resource to process and validate
|
|
81
|
+
# @param configurator [MU::Config]: The overall deployment configurator of which this resource is a member
|
|
82
|
+
# @return [Boolean]: True if validation succeeded, False otherwise
|
|
83
|
+
def self.validateConfig(log, configurator)
|
|
84
|
+
ok = true
|
|
85
|
+
|
|
86
|
+
ok
|
|
87
|
+
end
|
|
88
|
+
|
|
89
|
+
end
|
|
90
|
+
end
|
|
91
|
+
end
|
|
92
|
+
end
|
|
@@ -0,0 +1,349 @@
|
|
|
1
|
+
# Copyright:: Copyright (c) 2018 eGlobalTech, Inc., all rights reserved
|
|
2
|
+
#
|
|
3
|
+
# Licensed under the BSD-3 license (the "License");
|
|
4
|
+
# you may not use this file except in compliance with the License.
|
|
5
|
+
# You may obtain a copy of the License in the root of the project or at
|
|
6
|
+
#
|
|
7
|
+
# http://egt-labs.com/mu/LICENSE.html
|
|
8
|
+
#
|
|
9
|
+
# Unless required by applicable law or agreed to in writing, software
|
|
10
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
11
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
12
|
+
# See the License for the specific language governing permissions and
|
|
13
|
+
# limitations under the License.
|
|
14
|
+
|
|
15
|
+
module MU
|
|
16
|
+
class Cloud
|
|
17
|
+
class AWS
|
|
18
|
+
# A function as configured in {MU::Config::BasketofKittens::functions}
|
|
19
|
+
class Function < MU::Cloud::Function
|
|
20
|
+
@deploy = nil
|
|
21
|
+
@config = nil
|
|
22
|
+
attr_reader :mu_name
|
|
23
|
+
attr_reader :config
|
|
24
|
+
attr_reader :cloud_id
|
|
25
|
+
|
|
26
|
+
@cloudformation_data = {}
|
|
27
|
+
attr_reader :cloudformation_data
|
|
28
|
+
|
|
29
|
+
# @param mommacat [MU::MommaCat]: A {MU::Mommacat} object containing the deploy of which this resource is/will be a member.
|
|
30
|
+
# @param kitten_cfg [Hash]: The fully parsed and resolved {MU::Config} resource descriptor as defined in {MU::Config::BasketofKittens::functions}
|
|
31
|
+
def initialize(mommacat: nil, kitten_cfg: nil, mu_name: nil, cloud_id: nil)
|
|
32
|
+
@deploy = mommacat
|
|
33
|
+
@config = MU::Config.manxify(kitten_cfg)
|
|
34
|
+
@cloud_id ||= cloud_id
|
|
35
|
+
@mu_name ||= @deploy.getResourceName(@config["name"])
|
|
36
|
+
end
|
|
37
|
+
|
|
38
|
+
|
|
39
|
+
def get_role_arn(name)
|
|
40
|
+
begin
|
|
41
|
+
role = MU::Cloud::AWS.iam(@config['region']).get_role({
|
|
42
|
+
role_name: name.to_s
|
|
43
|
+
})
|
|
44
|
+
return role['role']['arn']
|
|
45
|
+
rescue Exception => e
|
|
46
|
+
Mu.log "#{e}", MU::ERR
|
|
47
|
+
end
|
|
48
|
+
end
|
|
49
|
+
|
|
50
|
+
def get_vpc_config(vpc_name, subnet_name, sg_name,region=@config['region'])
|
|
51
|
+
if !subnet_name.nil? and !sg_name.nil? and !vpc_name.nil?
|
|
52
|
+
## get vpc_id
|
|
53
|
+
## get sub_id and verify its in the same vpc
|
|
54
|
+
## get sg_id and verify its in the same vpc
|
|
55
|
+
ec2_client = MU::Cloud::AWS.ec2(region)
|
|
56
|
+
|
|
57
|
+
vpc_filter = ec2_client.describe_vpcs({
|
|
58
|
+
filters: [{ name: 'tag-value', values: [vpc_name] }]
|
|
59
|
+
})
|
|
60
|
+
bok_vpc_id = vpc_filter.vpcs[0].vpc_id
|
|
61
|
+
|
|
62
|
+
sub_filter = ec2_client.describe_subnets({
|
|
63
|
+
filters: [{ name: 'tag-value', values: [subnet_name] }]
|
|
64
|
+
})
|
|
65
|
+
|
|
66
|
+
sub_id = nil
|
|
67
|
+
sub_filter.subnets.each do |each|
|
|
68
|
+
if each.vpc_id == bok_vpc_id
|
|
69
|
+
sub_id = each.subnet_id
|
|
70
|
+
break
|
|
71
|
+
end
|
|
72
|
+
end
|
|
73
|
+
|
|
74
|
+
sg_filter = ec2_client.describe_security_groups({
|
|
75
|
+
filters: [{ name: 'group-name', values: [sg_name] }]
|
|
76
|
+
})
|
|
77
|
+
|
|
78
|
+
|
|
79
|
+
if sg_filter.security_groups[0].vpc_id.to_s != bok_vpc_id
|
|
80
|
+
MU.log "Security Group: #{sg_name} is not part of the VPC: #{vpc_name}", MU::ERR
|
|
81
|
+
raise MuError, "Please provide security group name that exists in the vpc"
|
|
82
|
+
end
|
|
83
|
+
|
|
84
|
+
#sub_id = sub_filter.subnets[0].subnet_id
|
|
85
|
+
sg_id = sg_filter.security_groups[0].group_id
|
|
86
|
+
return {subnet_ids: [sub_id], security_group_ids: [sg_id]}
|
|
87
|
+
else
|
|
88
|
+
MU.log "Function: #{@config['name']}, Missing either subnet_name or security_group_name or vpc_name in the vpc stanza!", MU::ERR
|
|
89
|
+
raise MuError, "Insufficient parameters for locating vpc resource ids ==> #{@config['name']}"
|
|
90
|
+
end
|
|
91
|
+
end
|
|
92
|
+
|
|
93
|
+
|
|
94
|
+
def assign_tag(resource_arn, tag_list, region=@config['region'])
|
|
95
|
+
begin
|
|
96
|
+
tag_list.each do |each_pair|
|
|
97
|
+
tag_resp = MU::Cloud::AWS.lambda(region).tag_resource({
|
|
98
|
+
resource: resource_arn,
|
|
99
|
+
tags: each_pair
|
|
100
|
+
})
|
|
101
|
+
end
|
|
102
|
+
rescue Exception => e
|
|
103
|
+
MU.log e, MU::ERR
|
|
104
|
+
end
|
|
105
|
+
end
|
|
106
|
+
|
|
107
|
+
|
|
108
|
+
# Called automatically by {MU::Deploy#createResources}
|
|
109
|
+
def create
|
|
110
|
+
role_arn = get_role_arn(@config['iam_role'])
|
|
111
|
+
|
|
112
|
+
lambda_properties = {
|
|
113
|
+
code: {},
|
|
114
|
+
function_name: @mu_name,
|
|
115
|
+
handler: @config['handler'],
|
|
116
|
+
publish: true,
|
|
117
|
+
role: role_arn,
|
|
118
|
+
runtime: @config['runtime'],
|
|
119
|
+
}
|
|
120
|
+
|
|
121
|
+
if @config['code']['zip_file']
|
|
122
|
+
zip = File.read(@config['code']['zip_file'])
|
|
123
|
+
MU.log "Uploading deployment package from #{@config['code']['zip_file']}"
|
|
124
|
+
lambda_properties[:code][:zip_file] = zip
|
|
125
|
+
else
|
|
126
|
+
lambda_properties[:code][:s3_bucket] = @config['code']['s3_bucket']
|
|
127
|
+
lambda_properties[:code][:s3_key] = @config['code']['s3_key']
|
|
128
|
+
if @config['code']['s3_object_version']
|
|
129
|
+
lambda_properties[:code][:s3_object_version] = @config['code']['s3_object_version']
|
|
130
|
+
end
|
|
131
|
+
end
|
|
132
|
+
|
|
133
|
+
if @config.has_key?('timeout')
|
|
134
|
+
lambda_properties[:timeout] = @config['timeout'].to_i ## secs
|
|
135
|
+
end
|
|
136
|
+
|
|
137
|
+
if @config.has_key?('memory')
|
|
138
|
+
lambda_properties[:memory_size] = @config['memory'].to_i
|
|
139
|
+
end
|
|
140
|
+
|
|
141
|
+
if @config.has_key?('environment_variables')
|
|
142
|
+
lambda_properties[:environment] = {
|
|
143
|
+
variables: {@config['environment_variables'][0]['key'] => @config['environment_variables'][0]['value']}
|
|
144
|
+
}
|
|
145
|
+
end
|
|
146
|
+
|
|
147
|
+
lambda_properties[:tags] = {}
|
|
148
|
+
MU::MommaCat.listStandardTags.each_pair { |k, v|
|
|
149
|
+
lambda_properties[:tags][k] = v
|
|
150
|
+
}
|
|
151
|
+
if @config['tags']
|
|
152
|
+
@config['tags'].each { |tag|
|
|
153
|
+
lambda_properties[:tags][tag.key.first] = tag.values.first
|
|
154
|
+
}
|
|
155
|
+
end
|
|
156
|
+
|
|
157
|
+
if @config.has_key?('vpc')
|
|
158
|
+
### get vpc and subnet_name
|
|
159
|
+
### find the subnet_id
|
|
160
|
+
sub_name = @config['vpc']['subnet_name']
|
|
161
|
+
vpc_name = @config['vpc']['vpc_name']
|
|
162
|
+
sg_name = @config['vpc']['security_group_name']
|
|
163
|
+
vpc_conf = get_vpc_config(vpc_name,sub_name,sg_name)
|
|
164
|
+
lambda_properties[:vpc_config] = vpc_conf
|
|
165
|
+
end
|
|
166
|
+
|
|
167
|
+
MU::Cloud::AWS.lambda(@config['region']).create_function(lambda_properties)
|
|
168
|
+
end
|
|
169
|
+
|
|
170
|
+
def groom
|
|
171
|
+
desc = MU::Cloud::AWS.lambda(@config['region']).get_function(
|
|
172
|
+
function_name: @mu_name
|
|
173
|
+
)
|
|
174
|
+
func_arn = desc.configuration.function_arn if !desc.empty?
|
|
175
|
+
|
|
176
|
+
# tag_function = assign_tag(lambda_func.function_arn, @config['tags'])
|
|
177
|
+
|
|
178
|
+
### The most common triggers can be ==> SNS, S3, Cron, API-Gateway
|
|
179
|
+
### API-Gateway => no direct way of getting api gateway id.
|
|
180
|
+
### API-Gateway => Have to create an api gateway first!
|
|
181
|
+
### API-Gateway => Using the creation object, get the api_gateway_id
|
|
182
|
+
### For other triggers => ?
|
|
183
|
+
|
|
184
|
+
### to add or to not add triggers
|
|
185
|
+
### triggers must exist prior
|
|
186
|
+
if @config['triggers']
|
|
187
|
+
@config['triggers'].each { |tr|
|
|
188
|
+
trigger_arn = assume_trigger_arns(tr['service'], tr['name'])
|
|
189
|
+
|
|
190
|
+
trigger_properties = {
|
|
191
|
+
action: "lambda:InvokeFunction",
|
|
192
|
+
function_name: @mu_name,
|
|
193
|
+
principal: "#{tr['service'].downcase}.amazonaws.com",
|
|
194
|
+
source_arn: trigger_arn,
|
|
195
|
+
statement_id: "#{@mu_name}-ID-1",
|
|
196
|
+
}
|
|
197
|
+
p trigger_arn
|
|
198
|
+
p trigger_properties
|
|
199
|
+
|
|
200
|
+
MU.log trigger_properties, MU::DEBUG
|
|
201
|
+
begin
|
|
202
|
+
add_trigger = MU::Cloud::AWS.lambda(@config['region']).add_permission(trigger_properties)
|
|
203
|
+
rescue Aws::Lambda::Errors::ResourceConflictException
|
|
204
|
+
# XXX check properly for existence
|
|
205
|
+
end
|
|
206
|
+
adjust_trigger(tr['service'], trigger_arn, func_arn, @mu_name)
|
|
207
|
+
}
|
|
208
|
+
|
|
209
|
+
end
|
|
210
|
+
end
|
|
211
|
+
|
|
212
|
+
|
|
213
|
+
def assume_trigger_arns(svc, name)
|
|
214
|
+
supported_triggers = %w(apigateway sns events event cloudwatch_event)
|
|
215
|
+
if supported_triggers.include?(svc.downcase)
|
|
216
|
+
arn = nil
|
|
217
|
+
case svc.downcase
|
|
218
|
+
when 'sns'
|
|
219
|
+
arn = "arn:aws:sns:#{@config['region']}:#{MU.account_number}:#{name}"
|
|
220
|
+
when 'alarm','events', 'event', 'cloudwatch_event'
|
|
221
|
+
arn = "arn:aws:events:#{@config['region']}:#{MU.account_number}:rule/#{name}"
|
|
222
|
+
when 'apigateway'
|
|
223
|
+
arn = "arn:aws:apigateway:#{@config['region']}:#{MU.account_number}:#{name}"
|
|
224
|
+
when 's3'
|
|
225
|
+
arn = ''
|
|
226
|
+
end
|
|
227
|
+
else
|
|
228
|
+
raise MuError, "Trigger type not yet supported! => #{type}"
|
|
229
|
+
end
|
|
230
|
+
|
|
231
|
+
return arn
|
|
232
|
+
end
|
|
233
|
+
|
|
234
|
+
|
|
235
|
+
def adjust_trigger(trig_type, trig_arn, func_arn, func_id=nil, protocol='lambda',region=@config['region'])
|
|
236
|
+
|
|
237
|
+
case trig_type
|
|
238
|
+
|
|
239
|
+
when 'sns'
|
|
240
|
+
|
|
241
|
+
sns_client = MU::Cloud::AWS.sns(@config['region'])
|
|
242
|
+
sub_to_what = sns_client.subscribe({
|
|
243
|
+
topic_arn: trig_arn,
|
|
244
|
+
protocol: protocol,
|
|
245
|
+
endpoint: func_arn
|
|
246
|
+
})
|
|
247
|
+
when 'event','cloudwatch_event', 'events'
|
|
248
|
+
client = MU::Cloud::AWS.cloudwatch_events(@config['region']).put_targets({
|
|
249
|
+
rule: @config['trigger']['name'],
|
|
250
|
+
targets: [
|
|
251
|
+
{
|
|
252
|
+
id: func_id,
|
|
253
|
+
arn: func_arn
|
|
254
|
+
}
|
|
255
|
+
]
|
|
256
|
+
})
|
|
257
|
+
when 'apigateway'
|
|
258
|
+
MU.log "Creation of API Gateway integrations not yet implemented, you'll have to do this manually", MU::WARN, details: "(because we'll basically have to implement all of APIG for this)"
|
|
259
|
+
end
|
|
260
|
+
end
|
|
261
|
+
|
|
262
|
+
|
|
263
|
+
# Return the metadata for this Function rule
|
|
264
|
+
# @return [Hash]
|
|
265
|
+
def notify
|
|
266
|
+
deploy_struct = {
|
|
267
|
+
}
|
|
268
|
+
return deploy_struct
|
|
269
|
+
end
|
|
270
|
+
|
|
271
|
+
|
|
272
|
+
|
|
273
|
+
|
|
274
|
+
# Remove all functions associated with the currently loaded deployment.
|
|
275
|
+
# @param noop [Boolean]: If true, will only print what would be done
|
|
276
|
+
# @param ignoremaster [Boolean]: If true, will remove resources not flagged as originating from this Mu server
|
|
277
|
+
# @param region [String]: The cloud provider region
|
|
278
|
+
# @return [void]
|
|
279
|
+
def self.cleanup(noop: false, ignoremaster: false, region: MU.curRegion, flags: {})
|
|
280
|
+
MU::Cloud::AWS.lambda(region).list_functions.functions.each { |f|
|
|
281
|
+
desc = MU::Cloud::AWS.lambda(region).get_function(
|
|
282
|
+
function_name: f.function_name
|
|
283
|
+
)
|
|
284
|
+
if desc.tags and desc.tags["MU-ID"] == MU.deploy_id
|
|
285
|
+
MU.log "Deleting Lambda function #{f.function_name}"
|
|
286
|
+
if !noop
|
|
287
|
+
MU::Cloud::AWS.lambda(region).delete_function(
|
|
288
|
+
function_name: f.function_name
|
|
289
|
+
)
|
|
290
|
+
end
|
|
291
|
+
end
|
|
292
|
+
}
|
|
293
|
+
|
|
294
|
+
end
|
|
295
|
+
|
|
296
|
+
# Canonical Amazon Resource Number for this resource
|
|
297
|
+
# @return [String]
|
|
298
|
+
def arn
|
|
299
|
+
cloud_desc.function_arn
|
|
300
|
+
end
|
|
301
|
+
|
|
302
|
+
# Locate an existing function.
|
|
303
|
+
# @param cloud_id [String]: The cloud provider's identifier for this resource.
|
|
304
|
+
# @param region [String]: The cloud provider region.
|
|
305
|
+
# @param flags [Hash]: Optional flags
|
|
306
|
+
# @return [OpenStruct]: The cloud provider's complete descriptions of matching function.
|
|
307
|
+
def self.find(cloud_id: nil, func_name: nil, region: MU.curRegion, flags: {})
|
|
308
|
+
func = nil
|
|
309
|
+
if !func_name.nil?
|
|
310
|
+
all_functions = MU::Cloud::AWS.lambda(region).list_functions
|
|
311
|
+
if all_functions.include?(func_name)
|
|
312
|
+
all_functions.functions.each do |x|
|
|
313
|
+
if x.function_name == func_name
|
|
314
|
+
func = x
|
|
315
|
+
break
|
|
316
|
+
end
|
|
317
|
+
end
|
|
318
|
+
end
|
|
319
|
+
end
|
|
320
|
+
|
|
321
|
+
return func
|
|
322
|
+
end
|
|
323
|
+
|
|
324
|
+
|
|
325
|
+
|
|
326
|
+
|
|
327
|
+
# Cloud-specific configuration properties.
|
|
328
|
+
# @param config [MU::Config]: The calling MU::Config object
|
|
329
|
+
# @return [Array<Array,Hash>]: List of required fields, and json-schema Hash of cloud-specific configuration parameters for this resource
|
|
330
|
+
def self.schema(config)
|
|
331
|
+
toplevel_required = []
|
|
332
|
+
schema = {}
|
|
333
|
+
[toplevel_required, schema]
|
|
334
|
+
end
|
|
335
|
+
|
|
336
|
+
# Cloud-specific pre-processing of {MU::Config::BasketofKittens::functions}, bare and unvalidated.
|
|
337
|
+
# @param function [Hash]: The resource to process and validate
|
|
338
|
+
# @param configurator [MU::Config]: The overall deployment configurator of which this resource is a member
|
|
339
|
+
# @return [Boolean]: True if validation succeeded, False otherwise
|
|
340
|
+
def self.validateConfig(function, configurator)
|
|
341
|
+
ok = true
|
|
342
|
+
|
|
343
|
+
ok
|
|
344
|
+
end
|
|
345
|
+
|
|
346
|
+
end
|
|
347
|
+
end
|
|
348
|
+
end
|
|
349
|
+
end
|
|
@@ -0,0 +1,251 @@
|
|
|
1
|
+
# Copyright:: Copyright (c) 2018 eGlobalTech, Inc., all rights reserved
|
|
2
|
+
#
|
|
3
|
+
# Licensed under the BSD-3 license (the "License");
|
|
4
|
+
# you may not use this file except in compliance with the License.
|
|
5
|
+
# You may obtain a copy of the License in the root of the project or at
|
|
6
|
+
#
|
|
7
|
+
# http://egt-labs.com/mu/LICENSE.html
|
|
8
|
+
#
|
|
9
|
+
# Unless required by applicable law or agreed to in writing, software
|
|
10
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
11
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
12
|
+
# See the License for the specific language governing permissions and
|
|
13
|
+
# limitations under the License.
|
|
14
|
+
|
|
15
|
+
module MU
|
|
16
|
+
class Cloud
|
|
17
|
+
class AWS
|
|
18
|
+
# A group as configured in {MU::Config::BasketofKittens::groups}
|
|
19
|
+
class Group < MU::Cloud::Group
|
|
20
|
+
@deploy = nil
|
|
21
|
+
@config = nil
|
|
22
|
+
attr_reader :mu_name
|
|
23
|
+
attr_reader :config
|
|
24
|
+
attr_reader :cloud_id
|
|
25
|
+
|
|
26
|
+
# @param mommacat [MU::MommaCat]: A {MU::Mommacat} object containing the deploy of which this resource is/will be a member.
|
|
27
|
+
# @param kitten_cfg [Hash]: The fully parsed and resolved {MU::Config} resource descriptor as defined in {MU::Config::BasketofKittens::groups}
|
|
28
|
+
def initialize(mommacat: nil, kitten_cfg: nil, mu_name: nil, cloud_id: nil)
|
|
29
|
+
@deploy = mommacat
|
|
30
|
+
@config = MU::Config.manxify(kitten_cfg)
|
|
31
|
+
@cloud_id ||= cloud_id
|
|
32
|
+
|
|
33
|
+
@mu_name ||= if @config['unique_name']
|
|
34
|
+
@deploy.getResourceName(@config["name"])
|
|
35
|
+
else
|
|
36
|
+
@config['name']
|
|
37
|
+
end
|
|
38
|
+
end
|
|
39
|
+
|
|
40
|
+
# Called automatically by {MU::Deploy#createResources}
|
|
41
|
+
def create
|
|
42
|
+
begin
|
|
43
|
+
MU::Cloud::AWS.iam.get_group(
|
|
44
|
+
group_name: @mu_name,
|
|
45
|
+
path: @config['path']
|
|
46
|
+
)
|
|
47
|
+
if !@config['use_if_exists']
|
|
48
|
+
raise MuError, "IAM group #{@mu_name} already exists and use_if_exists is false"
|
|
49
|
+
end
|
|
50
|
+
rescue Aws::IAM::Errors::NoSuchEntity => e
|
|
51
|
+
@config['path'] ||= "/"+@deploy.deploy_id+"/"
|
|
52
|
+
MU.log "Creating IAM group #{@config['path']}#{@mu_name}"
|
|
53
|
+
MU::Cloud::AWS.iam.create_group(
|
|
54
|
+
group_name: @mu_name,
|
|
55
|
+
path: @config['path']
|
|
56
|
+
)
|
|
57
|
+
end
|
|
58
|
+
end
|
|
59
|
+
|
|
60
|
+
# Called automatically by {MU::Deploy#createResources}
|
|
61
|
+
def groom
|
|
62
|
+
if @config['members']
|
|
63
|
+
ext = cloud_desc.users.map { |u| u.user_name }
|
|
64
|
+
|
|
65
|
+
@config['members'].each { |user|
|
|
66
|
+
next if ext.include?(user)
|
|
67
|
+
|
|
68
|
+
userid = user
|
|
69
|
+
userdesc = @deploy.findLitterMate(name: user, type: "users")
|
|
70
|
+
userid = userdesc.cloud_id if userdesc
|
|
71
|
+
found = MU::Cloud::AWS::User.find(cloud_id: userid)
|
|
72
|
+
if found.size == 1
|
|
73
|
+
userdesc = found.values.first
|
|
74
|
+
MU.log "Adding IAM user #{userdesc.path}#{userdesc.user_name} to group #{@mu_name}", MU::NOTICE
|
|
75
|
+
MU::Cloud::AWS.iam.add_user_to_group(
|
|
76
|
+
user_name: userid,
|
|
77
|
+
group_name: @mu_name
|
|
78
|
+
)
|
|
79
|
+
else
|
|
80
|
+
MU.log "IAM user #{userid} doesn't seem to exist, can't add to group #{@mu_name}", MU::ERR
|
|
81
|
+
end
|
|
82
|
+
}
|
|
83
|
+
|
|
84
|
+
if @config['purge_extra_members']
|
|
85
|
+
extras = cloud_desc.users.map { |u| u.user_name } - @config['members']
|
|
86
|
+
extras.each { |user_name|
|
|
87
|
+
MU.log "Purging user #{user_name} from IAM group #{@cloud_id}", MU::NOTICE
|
|
88
|
+
MU::Cloud::AWS.iam.remove_user_from_group(
|
|
89
|
+
user_name: user_name,
|
|
90
|
+
group_name: @cloud_id
|
|
91
|
+
)
|
|
92
|
+
}
|
|
93
|
+
end
|
|
94
|
+
end
|
|
95
|
+
|
|
96
|
+
if @config['iam_policies']
|
|
97
|
+
@dependencies["role"].each_pair { |rolename, roleobj|
|
|
98
|
+
roleobj.cloudobj.bindTo("group", @cloud_id)
|
|
99
|
+
}
|
|
100
|
+
end
|
|
101
|
+
end
|
|
102
|
+
|
|
103
|
+
# Canonical Amazon Resource Number for this resource
|
|
104
|
+
# @return [String]
|
|
105
|
+
def arn
|
|
106
|
+
cloud_desc.arn
|
|
107
|
+
end
|
|
108
|
+
|
|
109
|
+
|
|
110
|
+
# Fetch the AWS API description of this group
|
|
111
|
+
# return [Struct]
|
|
112
|
+
def cloud_desc
|
|
113
|
+
MU::Cloud::AWS.iam.get_group(
|
|
114
|
+
group_name: @mu_name
|
|
115
|
+
)
|
|
116
|
+
end
|
|
117
|
+
|
|
118
|
+
# Return the metadata for this group configuration
|
|
119
|
+
# @return [Hash]
|
|
120
|
+
def notify
|
|
121
|
+
descriptor = MU.structToHash(cloud_desc)
|
|
122
|
+
descriptor["cloud_id"] = @mu_name
|
|
123
|
+
descriptor
|
|
124
|
+
end
|
|
125
|
+
|
|
126
|
+
# Remove all groups associated with the currently loaded deployment.
|
|
127
|
+
# @param noop [Boolean]: If true, will only print what would be done
|
|
128
|
+
# @param ignoremaster [Boolean]: If true, will remove resources not flagged as originating from this Mu server
|
|
129
|
+
# @param region [String]: The cloud provider region
|
|
130
|
+
# @return [void]
|
|
131
|
+
def self.cleanup(noop: false, ignoremaster: false, region: MU.curRegion, flags: {})
|
|
132
|
+
resp = MU::Cloud::AWS.iam.list_groups(
|
|
133
|
+
path_prefix: "/"+MU.deploy_id+"/"
|
|
134
|
+
)
|
|
135
|
+
if resp and resp.groups
|
|
136
|
+
resp.groups.each { |g|
|
|
137
|
+
MU.log "Deleting IAM group #{g.path}#{g.group_name}"
|
|
138
|
+
if !noop
|
|
139
|
+
desc = MU::Cloud::AWS.iam.get_group(
|
|
140
|
+
group_name: g.group_name
|
|
141
|
+
)
|
|
142
|
+
desc.users.each { |u|
|
|
143
|
+
MU::Cloud::AWS.iam.remove_user_from_group(
|
|
144
|
+
user_name: u.user_name,
|
|
145
|
+
group_name: g.group_name
|
|
146
|
+
)
|
|
147
|
+
}
|
|
148
|
+
MU::Cloud::AWS.iam.delete_group(
|
|
149
|
+
group_name: g.group_name
|
|
150
|
+
)
|
|
151
|
+
end
|
|
152
|
+
}
|
|
153
|
+
end
|
|
154
|
+
end
|
|
155
|
+
|
|
156
|
+
# Locate an existing group group.
|
|
157
|
+
# @param cloud_id [String]: The cloud provider's identifier for this resource.
|
|
158
|
+
# @param region [String]: The cloud provider region.
|
|
159
|
+
# @param flags [Hash]: Optional flags
|
|
160
|
+
# @return [OpenStruct]: The cloud provider's complete descriptions of matching group group.
|
|
161
|
+
def self.find(cloud_id: nil, region: MU.curRegion, flags: {})
|
|
162
|
+
found = nil
|
|
163
|
+
begin
|
|
164
|
+
resp = MU::Cloud::AWS.iam.get_group(
|
|
165
|
+
group_name: cloud_id
|
|
166
|
+
)
|
|
167
|
+
found ||= {}
|
|
168
|
+
found[cloud_id] = resp
|
|
169
|
+
rescue Aws::IAM::Errors::NoSuchEntity
|
|
170
|
+
end
|
|
171
|
+
found
|
|
172
|
+
end
|
|
173
|
+
|
|
174
|
+
# Cloud-specific configuration properties.
|
|
175
|
+
# @param config [MU::Config]: The calling MU::Config object
|
|
176
|
+
# @return [Array<Array,Hash>]: List of required fields, and json-schema Hash of cloud-specific configuration parameters for this resource
|
|
177
|
+
def self.schema(config)
|
|
178
|
+
toplevel_required = []
|
|
179
|
+
schema = {
|
|
180
|
+
"unique_name" => {
|
|
181
|
+
"type" => "boolean",
|
|
182
|
+
"description" => "Instead of creating/updating a group with
|
|
183
|
+
the exact name specified in the 'name' field, generate a unique-per-deploy Mu-
|
|
184
|
+
style long name, like +IAMTESTS-DEV-2018112815-IS-GROUP-FOO+. This parameter will automatically be set to +true+ if it is left unspecified and +use_if_exists+ is set to +false+."
|
|
185
|
+
},
|
|
186
|
+
"path" => {
|
|
187
|
+
"type" => "string",
|
|
188
|
+
"description" => "AWS IAM groups can be namespaced with a path (ex: +/organization/unit/group+). If not specified, and if we do not see a matching existing group under +/+ with +use_if_exists+ set, we will prepend the deploy identifier to the path of groups we create. Ex: +/IAMTESTS-DEV-2018112910-GR/mygroup+.",
|
|
189
|
+
"pattern" => '^\/(?:[^\/]+(?:\/[^\/]+)*\/$)?'
|
|
190
|
+
},
|
|
191
|
+
"iam_policies" => {
|
|
192
|
+
"type" => "array",
|
|
193
|
+
"items" => {
|
|
194
|
+
"description" => "A key (name) with a value that is an Amazon-compatible policy document. See https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_examples.html for example policies.",
|
|
195
|
+
"type" => "object"
|
|
196
|
+
}
|
|
197
|
+
}
|
|
198
|
+
}
|
|
199
|
+
[toplevel_required, schema]
|
|
200
|
+
end
|
|
201
|
+
|
|
202
|
+
# Cloud-specific pre-processing of {MU::Config::BasketofKittens::groups}, bare and unvalidated.
|
|
203
|
+
# @param group [Hash]: The resource to process and validate
|
|
204
|
+
# @param configurator [MU::Config]: The overall deployment configurator of which this resource is a member
|
|
205
|
+
# @return [Boolean]: True if validation succeeded, False otherwise
|
|
206
|
+
def self.validateConfig(group, configurator)
|
|
207
|
+
ok = true
|
|
208
|
+
|
|
209
|
+
if group['iam_policies'] and group['iam_policies'].size > 0
|
|
210
|
+
roledesc = {
|
|
211
|
+
"name" => group["name"]+"role",
|
|
212
|
+
"bare_policies" => true,
|
|
213
|
+
"iam_policies" => group['iam_policies'].dup
|
|
214
|
+
}
|
|
215
|
+
configurator.insertKitten(roledesc, "roles")
|
|
216
|
+
group["dependencies"] ||= []
|
|
217
|
+
group["dependencies"] << {
|
|
218
|
+
"type" => "role",
|
|
219
|
+
"name" => group["name"]+"role"
|
|
220
|
+
}
|
|
221
|
+
end
|
|
222
|
+
|
|
223
|
+
if !group['use_if_exists'] and group['unique_name'].nil?
|
|
224
|
+
group['unique_name'] = true
|
|
225
|
+
end
|
|
226
|
+
|
|
227
|
+
if group['members']
|
|
228
|
+
group['members'].each { |user|
|
|
229
|
+
if configurator.haveLitterMate?(user, "users")
|
|
230
|
+
group["dependencies"] ||= []
|
|
231
|
+
group["dependencies"] << {
|
|
232
|
+
"type" => "user",
|
|
233
|
+
"name" => user
|
|
234
|
+
}
|
|
235
|
+
else
|
|
236
|
+
found = MU::Cloud::AWS::User.find(cloud_id: user)
|
|
237
|
+
if found.nil? or found.empty?
|
|
238
|
+
MU.log "Error in members for group #{group['name']}: No such user #{user}", MU::ERR
|
|
239
|
+
ok = false
|
|
240
|
+
end
|
|
241
|
+
end
|
|
242
|
+
}
|
|
243
|
+
end
|
|
244
|
+
|
|
245
|
+
ok
|
|
246
|
+
end
|
|
247
|
+
|
|
248
|
+
end
|
|
249
|
+
end
|
|
250
|
+
end
|
|
251
|
+
end
|