RubyGems - cloud-mu - Versions diffs - 1.9.0.pre.beta - Mend

cloud-mu 1.9.0.pre.beta

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (618) hide show

checksums.yaml +7 -0
data/Berksfile +56 -0
data/Berksfile.lock +250 -0
data/Jenkinsfile +184 -0
data/LICENSE.md +37 -0
data/README.md +26 -0
data/bin/mu-aws-setup +376 -0
data/bin/mu-cleanup +68 -0
data/bin/mu-configure +1133 -0
data/bin/mu-deploy +166 -0
data/bin/mu-firewall-allow-clients +30 -0
data/bin/mu-gcp-setup +200 -0
data/bin/mu-gen-docs +34 -0
data/bin/mu-gen-env +42 -0
data/bin/mu-load-config.rb +158 -0
data/bin/mu-node-manage +683 -0
data/bin/mu-self-update +228 -0
data/bin/mu-ssh +23 -0
data/bin/mu-tunnel-nagios +144 -0
data/bin/mu-upload-chef-artifacts +757 -0
data/bin/mu-user-manage +275 -0
data/cookbooks/awscli/LICENSE +37 -0
data/cookbooks/awscli/README.md +58 -0
data/cookbooks/awscli/attributes/default.rb +1 -0
data/cookbooks/awscli/libraries/instance_metadata.rb +21 -0
data/cookbooks/awscli/metadata.rb +20 -0
data/cookbooks/awscli/recipes/default.rb +56 -0
data/cookbooks/awscli/templates/default/config.erb +18 -0
data/cookbooks/mu-activedirectory/CHANGELOG.md +13 -0
data/cookbooks/mu-activedirectory/LICENSE +37 -0
data/cookbooks/mu-activedirectory/README.md +6 -0
data/cookbooks/mu-activedirectory/attributes/default.rb +98 -0
data/cookbooks/mu-activedirectory/files/default/password-auth +32 -0
data/cookbooks/mu-activedirectory/files/default/sshd_pol.pp +0 -0
data/cookbooks/mu-activedirectory/files/default/sshd_pol.te +32 -0
data/cookbooks/mu-activedirectory/files/default/syslogd_oddjobd.pp +0 -0
data/cookbooks/mu-activedirectory/files/default/syslogd_oddjobd.te +10 -0
data/cookbooks/mu-activedirectory/files/default/system-auth +34 -0
data/cookbooks/mu-activedirectory/files/default/winbindpol.pp +0 -0
data/cookbooks/mu-activedirectory/files/default/winbindpol.te +37 -0
data/cookbooks/mu-activedirectory/libraries/config.rb +106 -0
data/cookbooks/mu-activedirectory/libraries/helper.rb +86 -0
data/cookbooks/mu-activedirectory/metadata.rb +17 -0
data/cookbooks/mu-activedirectory/providers/domain.rb +152 -0
data/cookbooks/mu-activedirectory/providers/domain_controller.rb +89 -0
data/cookbooks/mu-activedirectory/providers/domain_node.rb +275 -0
data/cookbooks/mu-activedirectory/recipes/default.rb +8 -0
data/cookbooks/mu-activedirectory/recipes/domain-controller.rb +44 -0
data/cookbooks/mu-activedirectory/recipes/domain-node.rb +50 -0
data/cookbooks/mu-activedirectory/recipes/domain.rb +43 -0
data/cookbooks/mu-activedirectory/recipes/sssd.rb +185 -0
data/cookbooks/mu-activedirectory/resources/domain.rb +25 -0
data/cookbooks/mu-activedirectory/resources/domain_controller.rb +25 -0
data/cookbooks/mu-activedirectory/resources/domain_node.rb +20 -0
data/cookbooks/mu-activedirectory/templates/default/dhclient-eth0.conf.erb +4 -0
data/cookbooks/mu-activedirectory/templates/default/interface +0 -0
data/cookbooks/mu-activedirectory/templates/default/krb5.conf.erb +23 -0
data/cookbooks/mu-activedirectory/templates/default/ntp.conf.erb +56 -0
data/cookbooks/mu-activedirectory/templates/default/smb.conf.erb +33 -0
data/cookbooks/mu-activedirectory/templates/default/sssd.conf.erb +60 -0
data/cookbooks/mu-activedirectory/templates/windows/Backup.xml.erb +20 -0
data/cookbooks/mu-activedirectory/templates/windows/bkupInfo.xml.erb +1 -0
data/cookbooks/mu-activedirectory/templates/windows/gpreprt.xml.erb +198 -0
data/cookbooks/mu-activedirectory/templates/windows/gptmpl.inf.erb +12 -0
data/cookbooks/mu-activedirectory/templates/windows/manifest.xml.erb +1 -0
data/cookbooks/mu-firewall/CHANGELOG.md +11 -0
data/cookbooks/mu-firewall/LICENSE +37 -0
data/cookbooks/mu-firewall/README.md +5 -0
data/cookbooks/mu-firewall/attributes/default.rb +3 -0
data/cookbooks/mu-firewall/metadata.rb +16 -0
data/cookbooks/mu-firewall/recipes/default.rb +10 -0
data/cookbooks/mu-glusterfs/CHANGELOG.md +13 -0
data/cookbooks/mu-glusterfs/LICENSE +37 -0
data/cookbooks/mu-glusterfs/README.md +5 -0
data/cookbooks/mu-glusterfs/attributes/default.rb +34 -0
data/cookbooks/mu-glusterfs/metadata.rb +17 -0
data/cookbooks/mu-glusterfs/recipes/client.rb +62 -0
data/cookbooks/mu-glusterfs/recipes/default.rb +16 -0
data/cookbooks/mu-glusterfs/recipes/samba.rb +57 -0
data/cookbooks/mu-glusterfs/recipes/server.rb +200 -0
data/cookbooks/mu-glusterfs/templates/default/mu-gluster-client.erb +71 -0
data/cookbooks/mu-glusterfs/templates/default/smb.conf.erb +14 -0
data/cookbooks/mu-jenkins/CHANGELOG.md +13 -0
data/cookbooks/mu-jenkins/LICENSE +37 -0
data/cookbooks/mu-jenkins/README.md +105 -0
data/cookbooks/mu-jenkins/attributes/default.rb +42 -0
data/cookbooks/mu-jenkins/files/default/cleanup_deploy_config.xml +73 -0
data/cookbooks/mu-jenkins/files/default/deploy_config.xml +44 -0
data/cookbooks/mu-jenkins/metadata.rb +21 -0
data/cookbooks/mu-jenkins/recipes/default.rb +195 -0
data/cookbooks/mu-jenkins/recipes/node-ssh-config.rb +54 -0
data/cookbooks/mu-jenkins/recipes/public_key.rb +24 -0
data/cookbooks/mu-jenkins/templates/default/example_job.config.xml.erb +24 -0
data/cookbooks/mu-jenkins/templates/default/org.jvnet.hudson.plugins.SSHBuildWrapper.xml.erb +14 -0
data/cookbooks/mu-jenkins/templates/default/ssh_config.erb +6 -0
data/cookbooks/mu-master/CHANGELOG.md +13 -0
data/cookbooks/mu-master/LICENSE +37 -0
data/cookbooks/mu-master/README.md +6 -0
data/cookbooks/mu-master/attributes/default.rb +95 -0
data/cookbooks/mu-master/files/default/0-mu-log-server.conf +19 -0
data/cookbooks/mu-master/files/default/addRSA.ldif +8 -0
data/cookbooks/mu-master/files/default/check_mem.pl +197 -0
data/cookbooks/mu-master/files/default/cloudamatic.png +0 -0
data/cookbooks/mu-master/files/default/dirsrv_admin.pp +0 -0
data/cookbooks/mu-master/files/default/dirsrv_admin.te +13 -0
data/cookbooks/mu-master/files/default/nagios_selinux.pp +0 -0
data/cookbooks/mu-master/files/default/nagios_selinux.te +51 -0
data/cookbooks/mu-master/files/default/nagios_selinux_7.pp +0 -0
data/cookbooks/mu-master/files/default/nagios_selinux_7.te +17 -0
data/cookbooks/mu-master/files/default/pam_sshd +18 -0
data/cookbooks/mu-master/files/default/ssl_enable.ldif +18 -0
data/cookbooks/mu-master/files/default/syslogd_oddjobd.pp +0 -0
data/cookbooks/mu-master/files/default/syslogd_oddjobd.te +10 -0
data/cookbooks/mu-master/files/default/vimrc +19 -0
data/cookbooks/mu-master/libraries/mu.rb +29 -0
data/cookbooks/mu-master/metadata.rb +30 -0
data/cookbooks/mu-master/providers/user.rb +41 -0
data/cookbooks/mu-master/recipes/389ds.rb +164 -0
data/cookbooks/mu-master/recipes/basepackages.rb +58 -0
data/cookbooks/mu-master/recipes/caching_nameserver.rb +37 -0
data/cookbooks/mu-master/recipes/default.rb +451 -0
data/cookbooks/mu-master/recipes/eks-kubectl.rb +41 -0
data/cookbooks/mu-master/recipes/firewall-holes.rb +70 -0
data/cookbooks/mu-master/recipes/init.rb +542 -0
data/cookbooks/mu-master/recipes/ssl-certs.rb +109 -0
data/cookbooks/mu-master/recipes/sssd.rb +89 -0
data/cookbooks/mu-master/recipes/update_nagios_only.rb +242 -0
data/cookbooks/mu-master/recipes/vault.rb +111 -0
data/cookbooks/mu-master/resources/user.rb +19 -0
data/cookbooks/mu-master/templates/default/389-directory-setup.inf.erb +28 -0
data/cookbooks/mu-master/templates/default/chef-server.rb.erb +18 -0
data/cookbooks/mu-master/templates/default/dhclient-eth0.conf.erb +9 -0
data/cookbooks/mu-master/templates/default/mu-momma-cat.erb +149 -0
data/cookbooks/mu-master/templates/default/mu.rc.erb +9 -0
data/cookbooks/mu-master/templates/default/openssl.cnf.erb +354 -0
data/cookbooks/mu-master/templates/default/sssd.conf.erb +44 -0
data/cookbooks/mu-master/templates/default/web_app.conf.erb +90 -0
data/cookbooks/mu-mongo/CHANGELOG.md +13 -0
data/cookbooks/mu-mongo/LICENSE +37 -0
data/cookbooks/mu-mongo/README.md +5 -0
data/cookbooks/mu-mongo/attributes/default.rb +22 -0
data/cookbooks/mu-mongo/files/default/keyfile +16 -0
data/cookbooks/mu-mongo/files/default/remove_nodes.js +5 -0
data/cookbooks/mu-mongo/metadata.rb +17 -0
data/cookbooks/mu-mongo/recipes/default.rb +149 -0
data/cookbooks/mu-mongo/recipes/yum-update-rule.rb +18 -0
data/cookbooks/mu-mongo/templates/default/mongo_create_openfema_db.js.erb +2 -0
data/cookbooks/mu-mongo/templates/default/mongo_init.js.erb +1 -0
data/cookbooks/mu-mongo/templates/default/mongo_logrotate.erb +14 -0
data/cookbooks/mu-mongo/templates/default/mongo_replset_addnodes.js.erb +6 -0
data/cookbooks/mu-mongo/templates/default/replset_init.js.erb +2 -0
data/cookbooks/mu-openvpn/CHANGELOG.md +13 -0
data/cookbooks/mu-openvpn/LICENSE +37 -0
data/cookbooks/mu-openvpn/README.md +6 -0
data/cookbooks/mu-openvpn/attributes/default.rb +119 -0
data/cookbooks/mu-openvpn/metadata.rb +18 -0
data/cookbooks/mu-openvpn/recipes/default.rb +108 -0
data/cookbooks/mu-openvpn/templates/default/users.json.erb +42 -0
data/cookbooks/mu-php54/CHANGELOG.md +12 -0
data/cookbooks/mu-php54/LICENSE +37 -0
data/cookbooks/mu-php54/README.md +0 -0
data/cookbooks/mu-php54/files/centos/php.ini +1802 -0
data/cookbooks/mu-php54/files/ubuntu/php.ini +1870 -0
data/cookbooks/mu-php54/metadata.rb +21 -0
data/cookbooks/mu-php54/recipes/default.rb +97 -0
data/cookbooks/mu-splunk/CHANGELOG.md +37 -0
data/cookbooks/mu-splunk/LICENSE +37 -0
data/cookbooks/mu-splunk/README.md +451 -0
data/cookbooks/mu-splunk/attributes/default.rb +95 -0
data/cookbooks/mu-splunk/attributes/upgrade.rb +49 -0
data/cookbooks/mu-splunk/definitions/splunk_installer.rb +103 -0
data/cookbooks/mu-splunk/files/default/splunk-nocheck +10 -0
data/cookbooks/mu-splunk/libraries/helpers.rb +72 -0
data/cookbooks/mu-splunk/libraries/splunk_app_provider.rb +156 -0
data/cookbooks/mu-splunk/libraries/splunk_app_resource.rb +43 -0
data/cookbooks/mu-splunk/metadata.json +30 -0
data/cookbooks/mu-splunk/metadata.rb +17 -0
data/cookbooks/mu-splunk/recipes/client.rb +143 -0
data/cookbooks/mu-splunk/recipes/default.rb +31 -0
data/cookbooks/mu-splunk/recipes/disabled.rb +41 -0
data/cookbooks/mu-splunk/recipes/install_forwarder.rb +23 -0
data/cookbooks/mu-splunk/recipes/install_server.rb +23 -0
data/cookbooks/mu-splunk/recipes/server.rb +53 -0
data/cookbooks/mu-splunk/recipes/service.rb +95 -0
data/cookbooks/mu-splunk/recipes/setup_auth.rb +49 -0
data/cookbooks/mu-splunk/recipes/setup_ssl.rb +63 -0
data/cookbooks/mu-splunk/recipes/upgrade.rb +94 -0
data/cookbooks/mu-splunk/recipes/user.rb +34 -0
data/cookbooks/mu-splunk/templates/default/base_logs_unix_inputs.conf.erb +26 -0
data/cookbooks/mu-splunk/templates/default/inputs.conf.erb +13 -0
data/cookbooks/mu-splunk/templates/default/outputs.conf.erb +9 -0
data/cookbooks/mu-splunk/templates/default/splunk-init.erb +74 -0
data/cookbooks/mu-splunk/templates/default/system-web.conf.erb +7 -0
data/cookbooks/mu-tools/CHANGELOG.md +12 -0
data/cookbooks/mu-tools/LICENSE +37 -0
data/cookbooks/mu-tools/README.md +188 -0
data/cookbooks/mu-tools/attributes/default.rb +142 -0
data/cookbooks/mu-tools/attributes/ebs_rolling_snapshots.rb +3 -0
data/cookbooks/mu-tools/files/amazon/etc/freshclam.conf +235 -0
data/cookbooks/mu-tools/files/centos/CentOS-Base.repo +52 -0
data/cookbooks/mu-tools/files/centos/etc/bashrc +93 -0
data/cookbooks/mu-tools/files/centos/etc/freshclam.conf +235 -0
data/cookbooks/mu-tools/files/centos/etc/login.defs +72 -0
data/cookbooks/mu-tools/files/centos/etc/profile +77 -0
data/cookbooks/mu-tools/files/centos/etc/security/limits.conf +57 -0
data/cookbooks/mu-tools/files/centos/etc/sysconfig/init +19 -0
data/cookbooks/mu-tools/files/centos/etc/sysctl.conf +82 -0
data/cookbooks/mu-tools/files/centos-6/README_MU +0 -0
data/cookbooks/mu-tools/files/centos-6/etc/audit/stig.rules +173 -0
data/cookbooks/mu-tools/files/centos-6/etc/bashrc +90 -0
data/cookbooks/mu-tools/files/centos-6/etc/login.defs +70 -0
data/cookbooks/mu-tools/files/centos-6/etc/pam.d/su +12 -0
data/cookbooks/mu-tools/files/centos-6/etc/profile +83 -0
data/cookbooks/mu-tools/files/centos-6/etc/securetty +12 -0
data/cookbooks/mu-tools/files/centos-6/etc/sysconfig/init +30 -0
data/cookbooks/mu-tools/files/centos-6/etc/sysctl.conf +40 -0
data/cookbooks/mu-tools/files/default/Mu_CA.pem +34 -0
data/cookbooks/mu-tools/files/default/PSWindowsUpdate.zip +0 -0
data/cookbooks/mu-tools/files/default/ebs_snapshots.py +123 -0
data/cookbooks/mu-tools/files/default/etc/BANNER +0 -0
data/cookbooks/mu-tools/files/default/etc/BANNER-FEDERAL +19 -0
data/cookbooks/mu-tools/files/default/gpo_no_uac.zip +0 -0
data/cookbooks/mu-tools/files/default/mypol.pp +0 -0
data/cookbooks/mu-tools/files/default/mypol.te +37 -0
data/cookbooks/mu-tools/files/default/nrpe_c7.pp +0 -0
data/cookbooks/mu-tools/files/default/nrpe_c7.te +31 -0
data/cookbooks/mu-tools/files/default/nrpe_check_disk.pp +0 -0
data/cookbooks/mu-tools/files/default/nrpe_check_disk.te +11 -0
data/cookbooks/mu-tools/files/default/nrpe_disk.pp +0 -0
data/cookbooks/mu-tools/files/default/nrpe_disk.te +10 -0
data/cookbooks/mu-tools/files/default/nrpe_file.pp +0 -0
data/cookbooks/mu-tools/files/default/nrpe_file.te +31 -0
data/cookbooks/mu-tools/files/default/ntrights +0 -0
data/cookbooks/mu-tools/files/default/serverclass.conf +18 -0
data/cookbooks/mu-tools/files/default/splunk-apps/base_logs_unix/local/app.conf +1 -0
data/cookbooks/mu-tools/files/default/splunk-apps/base_logs_unix/local/inputs.conf +13 -0
data/cookbooks/mu-tools/files/default/splunk-apps/base_logs_windows/local/app.conf +1 -0
data/cookbooks/mu-tools/files/default/splunk-apps/base_logs_windows/local/inputs.conf +8 -0
data/cookbooks/mu-tools/files/default/sshd_pol.pp +0 -0
data/cookbooks/mu-tools/files/default/sshd_pol.te +32 -0
data/cookbooks/mu-tools/files/redhat/etc/bashrc +93 -0
data/cookbooks/mu-tools/files/redhat/etc/freshclam.conf +235 -0
data/cookbooks/mu-tools/files/redhat/etc/login.defs +72 -0
data/cookbooks/mu-tools/files/redhat/etc/profile +77 -0
data/cookbooks/mu-tools/files/redhat/etc/security/limits.conf +57 -0
data/cookbooks/mu-tools/files/redhat/etc/sysconfig/init +19 -0
data/cookbooks/mu-tools/files/redhat/etc/sysctl.conf +82 -0
data/cookbooks/mu-tools/files/redhat-6/README_MU +0 -0
data/cookbooks/mu-tools/files/redhat-6/etc/audit/stig.rules +173 -0
data/cookbooks/mu-tools/files/redhat-6/etc/bashrc +90 -0
data/cookbooks/mu-tools/files/redhat-6/etc/login.defs +70 -0
data/cookbooks/mu-tools/files/redhat-6/etc/pam.d/su +12 -0
data/cookbooks/mu-tools/files/redhat-6/etc/profile +83 -0
data/cookbooks/mu-tools/files/redhat-6/etc/securetty +12 -0
data/cookbooks/mu-tools/files/redhat-6/etc/sysconfig/init +30 -0
data/cookbooks/mu-tools/files/redhat-6/etc/sysctl.conf +40 -0
data/cookbooks/mu-tools/files/redhat-7.1/etc/freshclam.conf +235 -0
data/cookbooks/mu-tools/files/ubuntu-12.04/etc/bash.bashrc +64 -0
data/cookbooks/mu-tools/files/ubuntu-12.04/etc/common-session +30 -0
data/cookbooks/mu-tools/files/ubuntu-12.04/etc/login.defs +338 -0
data/cookbooks/mu-tools/files/ubuntu-12.04/etc/profile +30 -0
data/cookbooks/mu-tools/files/ubuntu-12.04/etc/security/limits.conf +56 -0
data/cookbooks/mu-tools/files/ubuntu-12.04/etc/sysctl.conf +60 -0
data/cookbooks/mu-tools/libraries/helper.rb +292 -0
data/cookbooks/mu-tools/metadata.rb +28 -0
data/cookbooks/mu-tools/recipes/add_admin_ssh_keys.rb +35 -0
data/cookbooks/mu-tools/recipes/apply_security.rb +440 -0
data/cookbooks/mu-tools/recipes/aws_api.rb +23 -0
data/cookbooks/mu-tools/recipes/base_repositories.rb +31 -0
data/cookbooks/mu-tools/recipes/cisbenchmark.rb +59 -0
data/cookbooks/mu-tools/recipes/clamav.rb +53 -0
data/cookbooks/mu-tools/recipes/cloudinit.rb +58 -0
data/cookbooks/mu-tools/recipes/configure_oracle_tools.rb +81 -0
data/cookbooks/mu-tools/recipes/disable-requiretty.rb +22 -0
data/cookbooks/mu-tools/recipes/ebs_rolling_snapshots.rb +75 -0
data/cookbooks/mu-tools/recipes/efs.rb +70 -0
data/cookbooks/mu-tools/recipes/eks.rb +160 -0
data/cookbooks/mu-tools/recipes/gcloud.rb +98 -0
data/cookbooks/mu-tools/recipes/google_api.rb +25 -0
data/cookbooks/mu-tools/recipes/maldet.rb +67 -0
data/cookbooks/mu-tools/recipes/nagios.rb +19 -0
data/cookbooks/mu-tools/recipes/newclient.rb +23 -0
data/cookbooks/mu-tools/recipes/nrpe.rb +115 -0
data/cookbooks/mu-tools/recipes/python_pip.rb +35 -0
data/cookbooks/mu-tools/recipes/retrieve_application.rb +51 -0
data/cookbooks/mu-tools/recipes/rsyslog.rb +65 -0
data/cookbooks/mu-tools/recipes/set_local_fw.rb +57 -0
data/cookbooks/mu-tools/recipes/set_mu_hostname.rb +81 -0
data/cookbooks/mu-tools/recipes/split_var_partitions.rb +86 -0
data/cookbooks/mu-tools/recipes/splunk-client.rb +69 -0
data/cookbooks/mu-tools/recipes/splunk-server.rb +104 -0
data/cookbooks/mu-tools/recipes/store_inspec_attr.rb +8 -0
data/cookbooks/mu-tools/recipes/updates.rb +96 -0
data/cookbooks/mu-tools/recipes/windows-client.rb +202 -0
data/cookbooks/mu-tools/resources/aws_windows.rb +33 -0
data/cookbooks/mu-tools/resources/disk.rb +88 -0
data/cookbooks/mu-tools/resources/mommacat_request.rb +11 -0
data/cookbooks/mu-tools/resources/scheduled_tasks.rb +29 -0
data/cookbooks/mu-tools/resources/sshd_service.rb +45 -0
data/cookbooks/mu-tools/resources/windows_users.rb +242 -0
data/cookbooks/mu-tools/templates/amazon/sshd_config.erb +168 -0
data/cookbooks/mu-tools/templates/centos-6/sshd_config.erb +212 -0
data/cookbooks/mu-tools/templates/centos-7/sshd_config.erb +215 -0
data/cookbooks/mu-tools/templates/default/0-mu-log-client.conf.erb +13 -0
data/cookbooks/mu-tools/templates/default/conf.maldet.erb +137 -0
data/cookbooks/mu-tools/templates/default/etc_hosts.erb +30 -0
data/cookbooks/mu-tools/templates/default/etc_pamd_password-auth.erb +14 -0
data/cookbooks/mu-tools/templates/default/etc_pamd_system-auth.erb +14 -0
data/cookbooks/mu-tools/templates/default/etc_sysconfig_network.erb +12 -0
data/cookbooks/mu-tools/templates/default/kubeconfig.erb +29 -0
data/cookbooks/mu-tools/templates/default/kubelet.service.erb +35 -0
data/cookbooks/mu-tools/templates/default/maldet_scanall.sh.erb +15 -0
data/cookbooks/mu-tools/templates/default/nrpe.cfg.erb +233 -0
data/cookbooks/mu-tools/templates/redhat-6/sshd_config.erb +213 -0
data/cookbooks/mu-tools/templates/redhat-7/sshd_config.erb +215 -0
data/cookbooks/mu-tools/templates/ubuntu-12.04/sshd_config.erb +146 -0
data/cookbooks/mu-tools/templates/ubuntu-14.04/sshd_config.erb +145 -0
data/cookbooks/mu-tools/templates/windows/Backup.xml.erb +20 -0
data/cookbooks/mu-tools/templates/windows/bkupInfo.xml.erb +1 -0
data/cookbooks/mu-tools/templates/windows/gpreprt.xml.erb +214 -0
data/cookbooks/mu-tools/templates/windows/gptmpl.inf.erb +12 -0
data/cookbooks/mu-tools/templates/windows/manifest.xml.erb +1 -0
data/cookbooks/mu-tools/templates/windows/set_ad_dns_scheduled_task.ps1.erb +6 -0
data/cookbooks/mu-tools/templates/windows/sshd_config.erb +136 -0
data/cookbooks/mu-utility/CHANGELOG.md +12 -0
data/cookbooks/mu-utility/LICENSE +37 -0
data/cookbooks/mu-utility/README.md +6 -0
data/cookbooks/mu-utility/attributes/default.rb +1 -0
data/cookbooks/mu-utility/libraries/matchers.rb +21 -0
data/cookbooks/mu-utility/metadata.rb +16 -0
data/cookbooks/mu-utility/recipes/apt.rb +23 -0
data/cookbooks/mu-utility/recipes/cleanup_image_helper.rb +118 -0
data/cookbooks/mu-utility/recipes/iptables.rb +26 -0
data/cookbooks/mu-utility/recipes/luks.rb +18 -0
data/cookbooks/mu-utility/recipes/nat.rb +104 -0
data/cookbooks/mu-utility/recipes/php.rb +33 -0
data/cookbooks/mu-utility/recipes/rdp_gateway.rb +83 -0
data/cookbooks/mu-utility/recipes/remi.rb +44 -0
data/cookbooks/mu-utility/recipes/vim.rb +26 -0
data/cookbooks/mu-utility/recipes/windows_basics.rb +37 -0
data/cookbooks/mu-utility/recipes/zip.rb +26 -0
data/cookbooks/mu-utility/templates/default/BundleConfig.xml.erb +34 -0
data/cookbooks/mu-utility/templates/default/config.xml.erb +60 -0
data/cookbooks/nagios/Berksfile +8 -0
data/cookbooks/nagios/CHANGELOG.md +589 -0
data/cookbooks/nagios/CONTRIBUTING.md +11 -0
data/cookbooks/nagios/LICENSE +37 -0
data/cookbooks/nagios/README.md +328 -0
data/cookbooks/nagios/TESTING.md +2 -0
data/cookbooks/nagios/attributes/config.rb +171 -0
data/cookbooks/nagios/attributes/default.rb +228 -0
data/cookbooks/nagios/chefignore +102 -0
data/cookbooks/nagios/definitions/command.rb +33 -0
data/cookbooks/nagios/definitions/contact.rb +33 -0
data/cookbooks/nagios/definitions/contactgroup.rb +33 -0
data/cookbooks/nagios/definitions/host.rb +33 -0
data/cookbooks/nagios/definitions/hostdependency.rb +33 -0
data/cookbooks/nagios/definitions/hostescalation.rb +34 -0
data/cookbooks/nagios/definitions/hostgroup.rb +33 -0
data/cookbooks/nagios/definitions/nagios_conf.rb +38 -0
data/cookbooks/nagios/definitions/resource.rb +33 -0
data/cookbooks/nagios/definitions/service.rb +33 -0
data/cookbooks/nagios/definitions/servicedependency.rb +33 -0
data/cookbooks/nagios/definitions/serviceescalation.rb +34 -0
data/cookbooks/nagios/definitions/servicegroup.rb +33 -0
data/cookbooks/nagios/definitions/timeperiod.rb +33 -0
data/cookbooks/nagios/libraries/base.rb +314 -0
data/cookbooks/nagios/libraries/command.rb +91 -0
data/cookbooks/nagios/libraries/contact.rb +230 -0
data/cookbooks/nagios/libraries/contactgroup.rb +112 -0
data/cookbooks/nagios/libraries/custom_option.rb +36 -0
data/cookbooks/nagios/libraries/data_bag_helper.rb +23 -0
data/cookbooks/nagios/libraries/default.rb +90 -0
data/cookbooks/nagios/libraries/host.rb +412 -0
data/cookbooks/nagios/libraries/hostdependency.rb +181 -0
data/cookbooks/nagios/libraries/hostescalation.rb +173 -0
data/cookbooks/nagios/libraries/hostgroup.rb +119 -0
data/cookbooks/nagios/libraries/nagios.rb +282 -0
data/cookbooks/nagios/libraries/resource.rb +59 -0
data/cookbooks/nagios/libraries/service.rb +455 -0
data/cookbooks/nagios/libraries/servicedependency.rb +215 -0
data/cookbooks/nagios/libraries/serviceescalation.rb +195 -0
data/cookbooks/nagios/libraries/servicegroup.rb +144 -0
data/cookbooks/nagios/libraries/timeperiod.rb +160 -0
data/cookbooks/nagios/libraries/users_helper.rb +54 -0
data/cookbooks/nagios/metadata.rb +25 -0
data/cookbooks/nagios/recipes/_load_databag_config.rb +153 -0
data/cookbooks/nagios/recipes/_load_default_config.rb +241 -0
data/cookbooks/nagios/recipes/apache.rb +48 -0
data/cookbooks/nagios/recipes/default.rb +204 -0
data/cookbooks/nagios/recipes/nginx.rb +82 -0
data/cookbooks/nagios/recipes/pagerduty.rb +143 -0
data/cookbooks/nagios/recipes/server_package.rb +40 -0
data/cookbooks/nagios/recipes/server_source.rb +164 -0
data/cookbooks/nagios/templates/default/apache2.conf.erb +96 -0
data/cookbooks/nagios/templates/default/cgi.cfg.erb +266 -0
data/cookbooks/nagios/templates/default/commands.cfg.erb +13 -0
data/cookbooks/nagios/templates/default/contacts.cfg.erb +37 -0
data/cookbooks/nagios/templates/default/hostgroups.cfg.erb +25 -0
data/cookbooks/nagios/templates/default/hosts.cfg.erb +15 -0
data/cookbooks/nagios/templates/default/htpasswd.users.erb +6 -0
data/cookbooks/nagios/templates/default/nagios.cfg.erb +22 -0
data/cookbooks/nagios/templates/default/nginx.conf.erb +62 -0
data/cookbooks/nagios/templates/default/pagerduty.cgi.erb +185 -0
data/cookbooks/nagios/templates/default/resource.cfg.erb +27 -0
data/cookbooks/nagios/templates/default/servicedependencies.cfg.erb +15 -0
data/cookbooks/nagios/templates/default/servicegroups.cfg.erb +14 -0
data/cookbooks/nagios/templates/default/services.cfg.erb +14 -0
data/cookbooks/nagios/templates/default/templates.cfg.erb +31 -0
data/cookbooks/nagios/templates/default/timeperiods.cfg.erb +13 -0
data/cookbooks/s3fs/CHANGELOG.md +13 -0
data/cookbooks/s3fs/LICENSE +37 -0
data/cookbooks/s3fs/README.md +6 -0
data/cookbooks/s3fs/attributes/default.rb +15 -0
data/cookbooks/s3fs/files/default/fuse-2.9.3.zip +0 -0
data/cookbooks/s3fs/metadata.rb +16 -0
data/cookbooks/s3fs/recipes/default.rb +91 -0
data/data_bags/demo/app.json +7 -0
data/data_bags/nagios_services/chef.json +6 -0
data/data_bags/nagios_services/linux_diskspace.json +5 -0
data/data_bags/nagios_services/momma_cat.json +6 -0
data/data_bags/nagios_services/mu-master-memory.json +5 -0
data/data_bags/nagios_services/nagios_ui.json +6 -0
data/data_bags/nagios_services/node_ssh.json +6 -0
data/data_bags/nagios_services/ssh.json +6 -0
data/demo/lambda_test.yaml +29 -0
data/environments/DEV.json +8 -0
data/environments/PROD.json +8 -0
data/environments/dev.json +8 -0
data/environments/development.json +8 -0
data/environments/prod.json +8 -0
data/extras/README.md +1 -0
data/extras/admin-role-binding.yaml +16 -0
data/extras/admin-user.yaml +6 -0
data/extras/aws-auth-cm.yaml.erb +12 -0
data/extras/clean-stock-amis +48 -0
data/extras/git-fix-permissions-hook +12 -0
data/extras/gitlab-eks-helper.sh.erb +20 -0
data/extras/image-generators/README.md +2 -0
data/extras/image-generators/aws/centos6.yaml +18 -0
data/extras/image-generators/aws/centos7-govcloud.yaml +24 -0
data/extras/image-generators/aws/centos7.yaml +17 -0
data/extras/image-generators/aws/rhel7.yaml +17 -0
data/extras/image-generators/aws/win2k12.yaml +16 -0
data/extras/image-generators/aws/win2k16.yaml +16 -0
data/extras/image-generators/aws/windows.yaml +18 -0
data/extras/image-generators/gcp/centos6.yaml +17 -0
data/extras/lambda_waf_domain_blacklist.py +103 -0
data/extras/platform_berksfile_base +50 -0
data/extras/ruby_rpm/build.sh +17 -0
data/extras/ruby_rpm/muby.spec +44 -0
data/extras/vault_tools/README.md +6 -0
data/extras/vault_tools/export_vaults.sh +3 -0
data/extras/vault_tools/recreate_vaults.sh +5 -0
data/extras/vault_tools/test_vaults.sh +5 -0
data/install/README.md +8 -0
data/install/cfn_create_mu_master.json +1034 -0
data/install/chef-server.rb.erb +19 -0
data/install/deprecated-bash-library.sh +1891 -0
data/install/images/Usage.png +0 -0
data/install/installer +71 -0
data/install/jenkinskeys.rb +8 -0
data/install/user-dot-murc.erb +14 -0
data/modules/html.erb +19 -0
data/modules/mommacat.ru +426 -0
data/modules/mu/cleanup.rb +339 -0
data/modules/mu/cloud.rb +1446 -0
data/modules/mu/clouds/README.md +201 -0
data/modules/mu/clouds/aws/alarm.rb +319 -0
data/modules/mu/clouds/aws/cache_cluster.rb +1010 -0
data/modules/mu/clouds/aws/collection.rb +373 -0
data/modules/mu/clouds/aws/container_cluster.rb +667 -0
data/modules/mu/clouds/aws/database.rb +1836 -0
data/modules/mu/clouds/aws/dnszone.rb +911 -0
data/modules/mu/clouds/aws/firewall_rule.rb +641 -0
data/modules/mu/clouds/aws/folder.rb +92 -0
data/modules/mu/clouds/aws/function.rb +349 -0
data/modules/mu/clouds/aws/group.rb +251 -0
data/modules/mu/clouds/aws/loadbalancer.rb +888 -0
data/modules/mu/clouds/aws/log.rb +363 -0
data/modules/mu/clouds/aws/msg_queue.rb +480 -0
data/modules/mu/clouds/aws/notification.rb +139 -0
data/modules/mu/clouds/aws/role.rb +656 -0
data/modules/mu/clouds/aws/search_domain.rb +646 -0
data/modules/mu/clouds/aws/server.rb +2294 -0
data/modules/mu/clouds/aws/server_pool.rb +1388 -0
data/modules/mu/clouds/aws/storage_pool.rb +495 -0
data/modules/mu/clouds/aws/user.rb +382 -0
data/modules/mu/clouds/aws/userdata/README.md +4 -0
data/modules/mu/clouds/aws/userdata/linux.erb +179 -0
data/modules/mu/clouds/aws/userdata/windows.erb +278 -0
data/modules/mu/clouds/aws/vpc.rb +1943 -0
data/modules/mu/clouds/aws.rb +1009 -0
data/modules/mu/clouds/cloudformation/alarm.rb +146 -0
data/modules/mu/clouds/cloudformation/cache_cluster.rb +167 -0
data/modules/mu/clouds/cloudformation/collection.rb +117 -0
data/modules/mu/clouds/cloudformation/database.rb +278 -0
data/modules/mu/clouds/cloudformation/dnszone.rb +274 -0
data/modules/mu/clouds/cloudformation/firewall_rule.rb +308 -0
data/modules/mu/clouds/cloudformation/loadbalancer.rb +193 -0
data/modules/mu/clouds/cloudformation/log.rb +170 -0
data/modules/mu/clouds/cloudformation/server.rb +370 -0
data/modules/mu/clouds/cloudformation/server_pool.rb +279 -0
data/modules/mu/clouds/cloudformation/vpc.rb +322 -0
data/modules/mu/clouds/cloudformation.rb +733 -0
data/modules/mu/clouds/docker.rb +30 -0
data/modules/mu/clouds/google/container_cluster.rb +290 -0
data/modules/mu/clouds/google/database.rb +152 -0
data/modules/mu/clouds/google/firewall_rule.rb +267 -0
data/modules/mu/clouds/google/group.rb +164 -0
data/modules/mu/clouds/google/loadbalancer.rb +479 -0
data/modules/mu/clouds/google/server.rb +1510 -0
data/modules/mu/clouds/google/server_pool.rb +274 -0
data/modules/mu/clouds/google/user.rb +266 -0
data/modules/mu/clouds/google/userdata/README.md +4 -0
data/modules/mu/clouds/google/userdata/linux.erb +137 -0
data/modules/mu/clouds/google/userdata/windows.erb +275 -0
data/modules/mu/clouds/google/vpc.rb +890 -0
data/modules/mu/clouds/google.rb +811 -0
data/modules/mu/config/README.md +11 -0
data/modules/mu/config/alarm.rb +271 -0
data/modules/mu/config/cache_cluster.rb +172 -0
data/modules/mu/config/collection.rb +87 -0
data/modules/mu/config/container_cluster.rb +103 -0
data/modules/mu/config/container_cluster.yml +36 -0
data/modules/mu/config/database.rb +458 -0
data/modules/mu/config/database.yml +26 -0
data/modules/mu/config/dnszone.rb +327 -0
data/modules/mu/config/firewall_rule.rb +118 -0
data/modules/mu/config/folder.rb +70 -0
data/modules/mu/config/function.rb +140 -0
data/modules/mu/config/group.rb +64 -0
data/modules/mu/config/loadbalancer.rb +482 -0
data/modules/mu/config/log.rb +47 -0
data/modules/mu/config/log.yml +6 -0
data/modules/mu/config/msg_queue.rb +47 -0
data/modules/mu/config/msg_queue.yml +9 -0
data/modules/mu/config/notification.rb +44 -0
data/modules/mu/config/project.rb +71 -0
data/modules/mu/config/role.rb +102 -0
data/modules/mu/config/search_domain.rb +61 -0
data/modules/mu/config/search_domain.yml +25 -0
data/modules/mu/config/server.rb +587 -0
data/modules/mu/config/server.yml +8 -0
data/modules/mu/config/server_pool.rb +216 -0
data/modules/mu/config/server_pool.yml +71 -0
data/modules/mu/config/storage_pool.rb +145 -0
data/modules/mu/config/user.rb +78 -0
data/modules/mu/config/vpc.rb +743 -0
data/modules/mu/config/vpc.yml +6 -0
data/modules/mu/config.rb +2000 -0
data/modules/mu/defaults/README.md +2 -0
data/modules/mu/defaults/amazon_images.yaml +121 -0
data/modules/mu/defaults/google_images.yaml +16 -0
data/modules/mu/deploy.rb +686 -0
data/modules/mu/groomer.rb +123 -0
data/modules/mu/groomers/README.md +58 -0
data/modules/mu/groomers/chef.rb +1024 -0
data/modules/mu/kittens.rb +11319 -0
data/modules/mu/logger.rb +208 -0
data/modules/mu/master/README.md +27 -0
data/modules/mu/master/chef.rb +471 -0
data/modules/mu/master/ldap.rb +1005 -0
data/modules/mu/master.rb +415 -0
data/modules/mu/mommacat.rb +2703 -0
data/modules/mu-load-config.rb +1 -0
data/modules/mu.rb +724 -0
data/modules/scratchpad.erb +1 -0
data/modules/tests/super_complex_bok.yml +41 -0
data/modules/tests/super_simple_bok.yml +40 -0
data/mu.gemspec +62 -0
data/roles/demo-dbservice-configure.json +19 -0
data/roles/demo-portal-configure.json +19 -0
data/roles/mu-master-jenkins.json +24 -0
data/roles/mu-master-nagios-only.json +13 -0
data/roles/mu-master.json +12 -0
data/roles/mu-node.json +19 -0
data/roles/mu-splunk-server.json +13 -0
data/roles/mu-splunk.json +13 -0
data/test/clean_up.py +25 -0
data/test/demo-test-profile/README.md +3 -0
data/test/demo-test-profile/controls/flask.rb +84 -0
data/test/demo-test-profile/inspec.lock +7 -0
data/test/demo-test-profile/inspec.yml +11 -0
data/test/etco-test-profile/README.md +3 -0
data/test/etco-test-profile/controls/all-in-one.rb +182 -0
data/test/etco-test-profile/inspec.lock +7 -0
data/test/etco-test-profile/inspec.yml +11 -0
data/test/exec_inspec.py +246 -0
data/test/exec_mu_install.py +241 -0
data/test/exec_retry.py +44 -0
data/test/mu-master-test/README.md +3 -0
data/test/mu-master-test/controls/all_in_one.rb +557 -0
data/test/mu-master-test/inspec.lock +3 -0
data/test/mu-master-test/inspec.yml +11 -0
data/test/mu-tools-test/README.md +3 -0
data/test/mu-tools-test/controls/base.rb +265 -0
data/test/mu-tools-test/inspec.lock +3 -0
data/test/mu-tools-test/inspec.yml +8 -0
data/test/simple-server-php-test/README.md +3 -0
data/test/simple-server-php-test/controls/apachephp.rb +25 -0
data/test/simple-server-php-test/controls/example.rb +19 -0
data/test/simple-server-php-test/inspec.lock +7 -0
data/test/simple-server-php-test/inspec.yml +12 -0
data/test/simple-server-rails-test/README.md +3 -0
data/test/simple-server-rails-test/controls/rails.rb +188 -0
data/test/simple-server-rails-test/inspec.lock +7 -0
data/test/simple-server-rails-test/inspec.yml +11 -0
data/test/simple-windows-test/README.md +3 -0
data/test/simple-windows-test/controls/windows.rb +20 -0
data/test/simple-windows-test/inspec.lock +7 -0
data/test/simple-windows-test/inspec.yml +11 -0
data/test/smoke_test.rb +75 -0
data/test/wordpress-test/README.md +3 -0
data/test/wordpress-test/controls/wordpress.rb +97 -0
data/test/wordpress-test/inspec.lock +7 -0
data/test/wordpress-test/inspec.yml +11 -0
metadata +979 -0

data/modules/mu/clouds/google/vpc.rb ADDED Viewed

@@ -0,0 +1,890 @@
+# Copyright:: Copyright (c) 2017 eGlobalTech, Inc., all rights reserved
+#
+# Licensed under the BSD-3 license (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License in the root of the project or at
+#
+#     http://egt-labs.com/mu/LICENSE.html
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+module MU
+  class Cloud
+    class Google
+      # Creation of Virtual Private Clouds and associated artifacts (routes, subnets, etc).
+      class VPC < MU::Cloud::VPC
+        @deploy = nil
+        @config = nil
+        attr_reader :mu_name
+        attr_reader :cloud_id
+        attr_reader :url
+        attr_reader :config
+        # @param mommacat [MU::MommaCat]: A {MU::Mommacat} object containing the deploy of which this resource is/will be a member.
+        # @param kitten_cfg [Hash]: The fully parsed and resolved {MU::Config} resource descriptor as defined in {MU::Config::BasketofKittens::vpcs}
+        def initialize(mommacat: nil, kitten_cfg: nil, mu_name: nil, cloud_id: nil)
+          @deploy = mommacat
+          @config = MU::Config.manxify(kitten_cfg)
+          @subnets = []
+          @subnetcachesemaphore = Mutex.new
+          if cloud_id and cloud_id.match(/^https:\/\//)
+            @url = cloud_id.clone
+            @cloud_id = cloud_id.to_s.gsub(/.*?\//, "")
+          elsif cloud_id and !cloud_id.empty?
+            @cloud_id = cloud_id.to_s
+          end
+          if !mu_name.nil?
+            @mu_name = mu_name
+            if @cloud_id.nil? or @cloud_id.empty?
+              @cloud_id = MU::Cloud::Google.nameStr(@mu_name)
+            end
+            loadSubnets
+          elsif @config['scrub_mu_isms']
+            @mu_name = @config['name']
+          else
+            @mu_name = @deploy.getResourceName(@config['name'])
+          end
+        end
+        # Called automatically by {MU::Deploy#createResources}
+        def create
+          networkobj = MU::Cloud::Google.compute(:Network).new(
+            name: MU::Cloud::Google.nameStr(@mu_name),
+            description: @deploy.deploy_id,
+            auto_create_subnetworks: false
+#            i_pv4_range: @config['ip_block']
+          )
+          MU.log "Creating network #{@mu_name} (#{@config['ip_block']}) in project #{@config['project']}", details: networkobj
+          resp = MU::Cloud::Google.compute.insert_network(@config['project'], networkobj)
+          @url = resp.self_link # XXX needs to go in notify
+          @cloud_id = resp.name
+          if @config['subnets']
+            subnetthreads = []
+            parent_thread_id = Thread.current.object_id
+            @config['subnets'].each { |subnet|
+              subnetthreads << Thread.new {
+                MU.dupGlobals(parent_thread_id)
+                subnet_name = @config['name']+"-"+subnet['name']
+                subnet_mu_name = MU::Cloud::Google.nameStr(@deploy.getResourceName(subnet_name))
+                MU.log "Creating subnetwork #{subnet_mu_name} (#{subnet['ip_block']}) in project #{@config['project']}", details: subnet
+                subnetobj = MU::Cloud::Google.compute(:Subnetwork).new(
+                  name: subnet_mu_name,
+                  description: @deploy.deploy_id,
+                  ip_cidr_range: subnet['ip_block'],
+                  network: @url,
+                  region: subnet['availability_zone']
+                )
+                resp = MU::Cloud::Google.compute.insert_subnetwork(@config['project'], subnet['availability_zone'], subnetobj)
+              }
+            }
+            subnetthreads.each do |t|
+              t.join
+            end
+          end
+          route_table_ids = []
+          if !@config['route_tables'].nil?
+            @config['route_tables'].each { |rtb|
+              rtb['routes'].each { |route|
+                # GCP does these for us, by default
+                next if route['destination_network'] == "0.0.0.0/0" and
+                        route['gateway'] == "#INTERNET"
+                # sibling NAT host routes will get set up our groom phrase
+                next if route['gateway'] == "#NAT" and !route['nat_host_name'].nil?
+                createRoute(route, network: @url)
+              }
+            }
+          end
+        end
+        # Configure IP traffic logging on a given VPC/Subnet. Logs are saved in cloudwatch based on the network interface ID of each instance.
+        # @param log_group_name [String]: The name of the CloudWatch log group all logs will be saved in.
+        # @param resource_id [String]: The cloud provider's identifier of the resource that traffic logging will be enabled on.
+        # @param resource_type [String]: What resource type to enable logging on (VPC or Subnet).
+        # @param traffic_type [String]: What traffic to log (ALL, ACCEPT or REJECT).
+        def trafficLogging(log_group_name: nil, resource_id: nil, resource_type: "VPC", traffic_type: "ALL")
+        end
+        # Describe this VPC
+        # @return [Hash]
+        def notify
+          base = MU.structToHash(cloud_desc)
+          base["cloud_id"] = @cloud_id
+          base.merge!(@config.to_h)
+          base
+        end
+        # Describe this VPC from the cloud platform's perspective
+        # @return [Hash]
+        def cloud_desc
+          @config['project'] ||= MU::Cloud::Google.defaultProject
+          resp = MU::Cloud::Google.compute.get_network(@config['project'], @cloud_id)
+          if @cloud_id.nil? or @cloud_id == ""
+            MU.log "Couldn't describe #{self}, @cloud_id #{@cloud_id.nil? ? "undefined" : "empty" }", MU::ERR
+            return nil
+          end
+          resp = resp.to_h
+          @url ||= resp[:self_link]
+          routes = MU::Cloud::Google.compute.list_routes(
+            @config['project'],
+            filter: "network eq #{@cloud_id}"
+          ).items
+          resp[:routes] = routes.map { |r| r.to_h } if routes
+# XXX subnets too
+          resp
+        end
+        # Called automatically by {MU::Deploy#createResources}
+        def groom
+          rtb = @config['route_tables'].first
+          rtb['routes'].each { |route|
+            # If we had a sibling server being spun up as a NAT, rig up the
+            # route that the hosts behind it will need.
+            if route['gateway'] == "#NAT" and !route['nat_host_name'].nil?
+              createRoute(route, network: @url)
+            end
+          }
+          if !@config['peers'].nil?
+            count = 0
+            @config['peers'].each { |peer|
+              tag_key, tag_value = peer['vpc']['tag'].split(/=/, 2) if !peer['vpc']['tag'].nil?
+              if peer['vpc']['deploy_id'].nil? and peer['vpc']['vpc_id'].nil? and tag_key.nil?
+                peer['vpc']['deploy_id'] = @deploy.deploy_id
+              end
+              peer_obj = MU::MommaCat.findStray(
+                  "Google",
+                  "vpcs",
+                  deploy_id: peer['vpc']['deploy_id'],
+                  cloud_id: peer['vpc']['vpc_id'],
+                  name: peer['vpc']['vpc_name'],
+                  tag_key: tag_key,
+                  tag_value: tag_value,
+                  dummy_ok: true
+              )
+              raise MuError, "No result looking for #{@mu_name}'s peer VPCs (#{peer['vpc']})" if peer_obj.nil? or peer_obj.first.nil?
+              url = peer_obj.first.cloudobj.url || peer_obj.first.cloudobj.deploydata['self_link']
+              peerreq = MU::Cloud::Google.compute(:NetworksAddPeeringRequest).new(
+                name: MU::Cloud::Google.nameStr(@mu_name+"-peer-"+count.to_s),
+                auto_create_routes: true,
+                peer_network: url
+              )
+              MU.log "Peering #{@mu_name} with #{url}", details: peerreq
+              MU::Cloud::Google.compute.add_network_peering(
+                @config['project'],
+                @cloud_id,
+                peerreq
+              )
+            }
+          end
+        end
+        # Locate an existing VPC or VPCs and return an array containing matching Google cloud resource descriptors for those that match.
+        # @param cloud_id [String]: The cloud provider's identifier for this resource.
+        # @param region [String]: The cloud provider region
+        # @param tag_key [String]: A tag key to search.
+        # @param tag_value [String]: The value of the tag specified by tag_key to match when searching by tag.
+        # @return [Array<Hash<String,OpenStruct>>]: The cloud provider's complete descriptions of matching VPCs
+        def self.find(cloud_id: nil, region: MU.curRegion, tag_key: "Name", tag_value: nil, flags: {})
+          flags["project"] ||= MU::Cloud::Google.defaultProject
+#MU.log "CALLED MU::Cloud::Google::VPC.find(#{cloud_id}, #{region}, #{tag_key}, #{tag_value}) from #{caller[0]}", MU::NOTICE, details: flags
+          resp = {}
+          if cloud_id
+            vpc = MU::Cloud::Google.compute.get_network(
+              flags['project'],
+              cloud_id.to_s.sub(/^.*?\/([^\/]+)$/, '\1')
+            )
+            resp[cloud_id] = vpc if !vpc.nil?
+          else # XXX other criteria
+            MU::Cloud::Google.compute.list_networks(
+              flags["project"]
+            ).items.each { |vpc|
+              resp[vpc.name] = vpc
+            }
+          end
+#MU.log "THINGY", MU::WARN, details: resp
+          resp.each_pair { |cloud_id, vpc|
+            routes = MU::Cloud::Google.compute.list_routes(
+              flags["project"],
+              filter: "network eq #{vpc.self_link}"
+            ).items
+#            pp routes
+          }
+#MU.log "RETURNING RESPONSE FROM VPC FIND (#{resp.class.name})", MU::WARN, details: resp
+          resp
+        end
+        # Return an array of MU::Cloud::Google::VPC::Subnet objects describe the
+        # member subnets of this VPC.
+        #
+        # @return [Array<MU::Cloud::Google::VPC::Subnet>]
+        def subnets
+          if @subnets.nil? or @subnets.size == 0
+            return loadSubnets
+          end
+          return @subnets
+        end
+        # Describe subnets associated with this VPC. We'll compose identifying
+        # information similar to what MU::Cloud.describe builds for first-class
+        # resources.
+        # @return [Array<Hash>]: A list of cloud provider identifiers of subnets associated with this VPC.
+        def loadSubnets
+          network = cloud_desc
+          if network.nil?
+            MU.log "Unabled to load cloud description in #{self}", MU::ERR
+            return nil
+          end
+          found = []
+          resp = nil
+          MU::Cloud::Google.listRegions(@config['us_only']).each { |r|
+            resp = MU::Cloud::Google.compute.list_subnetworks(
+              @config['project'],
+              r,
+              filter: "network eq #{network[:self_link]}"
+            )
+            next if resp.nil? or resp.items.nil?
+            resp.items.each { |subnet|
+              found << subnet
+            }
+          }
+          @subnetcachesemaphore.synchronize {
+            @subnets ||= []
+            ext_ids = @subnets.each.collect { |s| s.cloud_id }
+            # If we're a plain old Mu resource, load our config and deployment
+            # metadata. Like ya do.
+            if !@config.nil? and @config.has_key?("subnets")
+              @config['subnets'].each { |subnet|
+                subnet['mu_name'] = @mu_name+"-"+subnet['name'] if !subnet.has_key?("mu_name")
+                subnet['region'] = @config['region']
+                found.each { |desc|
+                  if desc.ip_cidr_range == subnet["ip_block"]
+                    subnet["cloud_id"] = desc.name
+                    subnet["url"] = desc.self_link
+                    subnet['az'] = desc.region.gsub(/.*?\//, "")
+                    break
+                  end
+                }
+                if !ext_ids.include?(subnet["cloud_id"])
+                  @subnets << MU::Cloud::Google::VPC::Subnet.new(self, subnet)
+                end
+              }
+            # Of course we might be loading up a dummy subnet object from a
+            # foreign or non-Mu-created VPC and subnet. So make something up.
+            elsif !found.nil?
+              found.each { |desc|
+                subnet = {}
+                subnet["ip_block"] = desc.ip_cidr_range
+                subnet["name"] = subnet["ip_block"].gsub(/[\.\/]/, "_")
+                subnet['mu_name'] = @mu_name+"-"+subnet['name']
+                subnet["cloud_id"] = desc.name
+                subnet['az'] = subnet['region'] = desc.region.gsub(/.*?\//, "")
+                if !ext_ids.include?(desc.name)
+                  @subnets << MU::Cloud::Google::VPC::Subnet.new(self, subnet)
+                end
+              }
+            end
+          }
+          return @subnets
+        end
+        # Given some search criteria try locating a NAT Gaateway in this VPC.
+        # @param nat_cloud_id [String]: The cloud provider's identifier for this NAT.
+        # @param nat_filter_key [String]: A cloud provider filter to help identify the resource, used in conjunction with nat_filter_value.
+        # @param nat_filter_value [String]: A cloud provider filter to help identify the resource, used in conjunction with nat_filter_key.
+        # @param region [String]: The cloud provider region of the target instance.
+        def findNat(nat_cloud_id: nil, nat_filter_key: nil, nat_filter_value: nil, region: MU.curRegion)
+        end
+        # Given some search criteria for a {MU::Cloud::Server}, see if we can
+        # locate a NAT host in this VPC.
+        # @param nat_name [String]: The name of the resource as defined in its 'name' Basket of Kittens field, typically used in conjunction with deploy_id.
+        # @param nat_cloud_id [String]: The cloud provider's identifier for this NAT.
+        # @param nat_tag_key [String]: A cloud provider tag to help identify the resource, used in conjunction with tag_value.
+        # @param nat_tag_value [String]: A cloud provider tag to help identify the resource, used in conjunction with tag_key.
+        # @param nat_ip [String]: An IP address associated with the NAT instance.
+        def findBastion(nat_name: nil, nat_cloud_id: nil, nat_tag_key: nil, nat_tag_value: nil, nat_ip: nil)
+          nat = nil
+          deploy_id = nil
+          nat_name = nat_name.to_s if !nat_name.nil? and nat_name.class.to_s == "MU::Config::Tail"
+          nat_ip = nat_ip.to_s if !nat_ip.nil? and nat_ip.class.to_s == "MU::Config::Tail"
+          nat_cloud_id = nat_cloud_id.to_s if !nat_cloud_id.nil? and nat_cloud_id.class.to_s == "MU::Config::Tail"
+          nat_tag_key = nat_tag_key.to_s if !nat_tag_key.nil? and nat_tag_key.class.to_s == "MU::Config::Tail"
+          nat_tag_value = nat_tag_value.to_s if !nat_tag_value.nil? and nat_tag_value.class.to_s == "MU::Config::Tail"
+          # If we're searching by name, assume it's part of this here deploy.
+          if nat_cloud_id.nil? and !@deploy.nil?
+            deploy_id = @deploy.deploy_id
+          end
+          found = MU::MommaCat.findStray(
+            "Google",
+            "server",
+            name: nat_name,
+            cloud_id: nat_cloud_id,
+            deploy_id: deploy_id,
+            tag_key: nat_tag_key,
+            tag_value: nat_tag_value,
+            allow_multi: true,
+            dummy_ok: true,
+            calling_deploy: @deploy
+          )
+# XXX wat
+          return nil if found.nil? || found.empty?
+          if found.size > 1
+            found.each { |nat|
+              # Try some cloud-specific criteria
+              cloud_desc = nat.cloud_desc
+              if !nat_host_ip.nil? and
+# XXX this is AWS code, is wrong here
+                  (cloud_desc.private_ip_address == nat_host_ip or cloud_desc.public_ip_address == nat_host_ip)
+                return nat
+              elsif cloud_desc.vpc_id == @cloud_id
+                # XXX Strictly speaking we could have different NATs in different
+                # subnets, so this can be wrong in corner cases. Why you'd
+                # architect something that obnoxiously, I have no idea.
+                return nat
+              end
+            }
+          elsif found.size == 1
+            return found.first
+          end
+          return nil
+        end
+        # Check for a subnet in this VPC matching one or more of the specified
+        # criteria, and return it if found.
+        def getSubnet(cloud_id: nil, name: nil, tag_key: nil, tag_value: nil, ip_block: nil)
+          loadSubnets
+          if !cloud_id.nil? and cloud_id.match(/^https:\/\//)
+            cloud_id.gsub!(/.*?\//, "")
+          end
+          MU.log "getSubnet(cloud_id: #{cloud_id}, name: #{name}, tag_key: #{tag_key}, tag_value: #{tag_value}, ip_block: #{ip_block})", MU::DEBUG, details: caller[0]
+          @subnets.each { |subnet|
+            if !cloud_id.nil? and !subnet.cloud_id.nil? and subnet.cloud_id.to_s == cloud_id.to_s
+              return subnet
+            elsif !name.nil? and !subnet.name.nil? and subnet.name.to_s == name.to_s
+              return subnet
+            end
+          }
+          return nil
+        end
+        # Get the subnets associated with an instance.
+        # @param instance_id [String]: The cloud identifier of the instance
+        # @param instance [String]: A cloud descriptor for the instance, to save us an API call if we already have it
+        # @param region [String]: The cloud provider region of the target instance
+        # @return [Array<String>]
+        def self.getInstanceSubnets(instance_id: nil, instance: nil, region: MU.curRegion)
+        end
+        @route_cache = {}
+        @rtb_cache = {}
+        @rtb_cache_semaphore = Mutex.new
+        # Check whether we (the Mu Master) have a direct route to a particular
+        # instance. Useful for skipping hops through bastion hosts to get
+        # directly at child nodes in peered VPCs, the public internet, and the
+        # like.
+        # @param target_instance [OpenStruct]: The cloud descriptor of the instance to check.
+        # @param region [String]: The cloud provider region of the target subnet.
+        # @return [Boolean]
+        def self.haveRouteToInstance?(target_instance, region: MU.curRegion)
+          project ||= MU::Cloud::Google.defaultProject
+          return false if MU.myCloud != "Google"
+# XXX see if we reside in the same Network and overlap subnets
+# XXX see if we peer with the target's Network
+          target_instance.network_interfaces.each { |iface|
+            resp = MU::Cloud::Google.compute.list_routes(
+              project,
+              filter: "network eq #{iface.network}"
+            )
+            if resp and resp.items
+MU.log "ROUTES TO #{target_instance.name}", MU::WARN, details: resp
+            end
+          }
+          false
+        end
+        # updates the route table cache (@rtb_cache).
+        # @param subnet_key [String]: The subnet/subnets route tables will be extracted from.
+        # @param use_cache [Boolean]: If to use the existing cache and add records to cache only if missing, or to also replace exising records in cache.
+        # @param region [String]: The cloud provider region of the target subnet.
+        def self.update_route_tables_cache(subnet_key, use_cache: true, region: MU.curRegion)
+        end
+        # Checks if the MU master has a route to a subnet in a peered VPC. Can be used on any subnets
+        # @param source_subnets_key [String]: The subnet/subnets on one side of the peered VPC.
+        # @param target_subnets_key [String]: The subnet/subnets on the other side of the peered VPC.
+        # @param instance_id [String]: The instance ID in the target subnet/subnets.
+        # @return [Boolean]
+        def self.have_route_peered_vpc?(source_subnets_key, target_subnets_key, instance_id)
+        end
+        # Retrieves the route tables of used by subnets
+        # @param subnet_ids [Array]: The cloud identifier of the subnets to retrieve the route tables for.
+        # @param vpc_ids [Array]: The cloud identifier of the VPCs to retrieve route tables for.
+        # @param region [String]: The cloud provider region of the target subnet.
+        # @return [Array<OpenStruct>]: The cloud provider's complete descriptions of the route tables
+        def self.get_route_tables(subnet_ids: [], vpc_ids: [], region: MU.curRegion)
+        end
+        # Remove all VPC resources associated with the currently loaded deployment.
+        # @param noop [Boolean]: If true, will only print what would be done
+        # @param ignoremaster [Boolean]: If true, will remove resources not flagged as originating from this Mu server
+        # @param region [String]: The cloud provider region
+        # @return [void]
+        def self.cleanup(noop: false, ignoremaster: false, region: MU.curRegion, flags: {})
+          flags["project"] ||= MU::Cloud::Google.defaultProject
+          purge_subnets(noop, project: flags['project'])
+          ["route", "network"].each { |type|
+# XXX tagged routes aren't showing up in list, and the networks that own them
+# fail to delete silently
+            MU::Cloud::Google.compute.delete(
+              type,
+              flags["project"],
+              nil,
+              noop
+            )
+          }
+        end
+        # Cloud-specific configuration properties.
+        # @param config [MU::Config]: The calling MU::Config object
+        # @return [Array<Array,Hash>]: List of required fields, and json-schema Hash of cloud-specific configuration parameters for this resource
+        def self.schema(config)
+          toplevel_required = []
+          schema = {
+            "regions" => {
+              "type" => "array",
+              "items" => MU::Config.region_primitive
+            },
+            "project" => {
+              "type" => "string",
+              "description" => "The project into which to deploy resources"
+            }
+          }
+          [toplevel_required, schema]
+        end
+        # Cloud-specific pre-processing of {MU::Config::BasketofKittens::vpcs}, bare and unvalidated.
+        # @param vpc [Hash]: The resource to process and validate
+        # @param configurator [MU::Config]: The overall deployment configurator of which this resource is a member
+        # @return [Boolean]: True if validation succeeded, False otherwise
+        def self.validateConfig(vpc, configurator)
+          ok = true
+          if vpc['create_standard_subnets']
+            # Manufacture some generic routes, if applicable.
+            if !vpc['route_tables'] or vpc['route_tables'].empty?
+              vpc['route_tables'] = [
+                {
+                  "name" => "internet",
+                  "routes" => [ { "destination_network" => "0.0.0.0/0", "gateway" => "#INTERNET" } ]
+                },
+                {
+                  "name" => "private",
+                  "routes" => [ { "destination_network" => "0.0.0.0/0", "gateway" => "#NAT" } ]
+                }
+              ]
+            end
+            # Generate a set of subnets per route, if none are declared
+            if !vpc['subnets'] or vpc['subnets'].empty?
+              if vpc['regions'].nil? or vpc['regions'].empty?
+                vpc['regions'] = MU::Cloud::Google.listRegions(vpc['us_only'])
+              end
+              blocks = configurator.divideNetwork(vpc['ip_block'], vpc['regions'].size*vpc['route_tables'].size, 29)
+              ok = false if blocks.nil?
+              vpc["subnets"] = []
+              vpc['route_tables'].each { |t|
+                count = 0
+                vpc['regions'].each { |r|
+                  block = blocks.shift
+                  vpc["subnets"] << {
+                    "availability_zone" => r,
+                    "route_table" => t["name"],
+                    "ip_block" => block.to_s,
+                    "name" => "Subnet"+count.to_s+t["name"].capitalize,
+                    "map_public_ips" => true
+                  }
+                  count = count + 1
+                }
+              }
+            end
+          end
+          # Google VPCs can't have routes that are anything other than global
+          # (they can be tied to individual instances by tags, but w/e). So we
+          # decompose our VPCs into littler VPCs, one for each declared route
+          # table, so that the routes therein will only apply to the portion of
+          # our network we want them to.
+          if vpc['route_tables'].size > 1
+            blocks = configurator.divideNetwork(vpc['ip_block'], vpc['route_tables'].size*2, 29)
+            peernames = []
+            vpc['route_tables'].each { |tbl|
+              peernames << vpc['name']+"-"+tbl['name']
+            }
+            vpc['route_tables'].each { |tbl|
+              newvpc = {
+                "name" => vpc['name']+"-"+tbl['name'],
+                "ip_block" => blocks.shift,
+                "route_tables" => [tbl],
+                "parent_block" => vpc['ip_block'],
+                "subnets" => []
+              }
+              MU.log "Splitting VPC #{newvpc['name']} off from #{vpc['name']}", MU::NOTICE
+              vpc.each_pair { |key, val|
+                next if ["name", "route_tables", "subnets", "ip_block"].include?(key)
+                newvpc[key] = val
+              }
+              newvpc['peers'] ||= []
+              peernames.each { |peer|
+                if peer != vpc['name']+"-"+tbl['name']
+                  newvpc['peers'] << { "vpc" => { "vpc_name" => peer } }
+                end
+              }
+              vpc["subnets"].each { |subnet|
+                newvpc["subnets"] << subnet if subnet["route_table"] == tbl["name"]
+              }
+              ok = false if !configurator.insertKitten(newvpc, "vpcs", true)
+            }
+            configurator.removeKitten(vpc['name'], "vpcs")
+          else
+            has_nat = vpc['route_tables'].first["routes"].include?({"gateway"=>"#NAT", "destination_network"=>"0.0.0.0/0"})
+            has_deny = vpc['route_tables'].first["routes"].include?({"gateway"=>"#DENY", "destination_network"=>"0.0.0.0/0"})
+# XXX we need routes to peered Networks too
+            if has_nat or has_deny
+              ok = false if !genStandardSubnetACLs(vpc['parent_block'] || vpc['ip_block'], vpc['name'], configurator, vpc["project"], false)
+            else
+              ok = false if !genStandardSubnetACLs(vpc['parent_block'] || vpc['ip_block'], vpc['name'], configurator, vpc["project"])
+            end
+            if has_nat and !has_deny
+              vpc['route_tables'].first["routes"] << {
+                "gateway"=>"#DENY",
+                "destination_network"=>"0.0.0.0/0"
+              }
+            end
+            nat_count = 0
+            # You know what, let's just guarantee that we'll have a route from
+            # this master, always
+            # XXX this confuses machines that don't have public IPs
+            if !vpc['scrub_mu_isms']
+#              vpc['route_tables'].first["routes"] << {
+#                'gateway' => "#INTERNET",
+#                'destination_network' => MU.mu_public_ip+"/32"
+#              }
+            end
+            vpc['route_tables'].first["routes"].each { |route|
+              # No such thing as a NAT gateway in Google... so make an instance
+              # that'll do the deed.
+              if route['gateway'] == "#NAT"
+                nat_cfg = MU::Cloud::Google::Server.genericNAT
+                nat_cfg['name'] = vpc['name']+"-natstion-"+nat_count.to_s
+                # XXX ingress/egress rules?
+                # XXX for master too if applicable
+                nat_cfg["application_attributes"] = {
+                  "nat" => {
+                    "private_net" => vpc["parent_block"].to_s
+                  }
+                }
+                route['nat_host_name'] = nat_cfg['name']
+                route['priority'] = 100
+                vpc["dependencies"] << {
+                  "type" => "server",
+                  "name" => nat_cfg['name'],
+                }
+                nat_cfg['vpc'] = {
+                  "vpc_name" => vpc["name"],
+                  "subnet_pref" => "any"
+                }
+                nat_count = nat_count + 1
+                ok = false if !configurator.insertKitten(nat_cfg, "servers", true)
+              end
+            }
+          end
+#          MU.log "GOOGLE VPC", MU::WARN, details: vpc
+          ok
+        end
+        # @param route [Hash]: A route description, per the Basket of Kittens schema
+        # @param server [MU::Cloud::Google::Server]: Instance to which this route will apply
+        def createRouteForInstance(route, server)
+          createRoute(route, network: @url, tags: [MU::Cloud::Google.nameStr(server.mu_name)])
+        end
+        private
+        def self.genStandardSubnetACLs(vpc_cidr, vpc_name, configurator, project, publicroute = true)
+          private_acl = {
+            "name" => vpc_name+"-routables",
+            "cloud" => "Google",
+            "project" => project,
+            "vpc" => { "vpc_name" => vpc_name },
+            "dependencies" => [ { "type" => "vpc", "name" => vpc_name } ],
+            "rules" => [
+              { "ingress" => true, "proto" => "all", "hosts" => [vpc_cidr] }
+            ]
+          }
+#          if publicroute
+#          XXX distinguish between "I have a NAT" and "I really shouldn't be
+#          able to talk to the world"
+            private_acl["rules"] << {
+              "egress" => true, "proto" => "all", "hosts" => ["0.0.0.0/0"]
+            }
+#          else
+#            private_acl["rules"] << {
+#              "egress" => true, "proto" => "all", "hosts" => [vpc_cidr], "weight" => 999
+#            }
+#            private_acl["rules"] << {
+#              "egress" => true, "proto" => "all", "hosts" => ["0.0.0.0/0"], "deny" => true
+#            }
+#          end
+          configurator.insertKitten(private_acl, "firewall_rules", true)
+        end
+        # Helper method for manufacturing routes. Expect to be called from
+        # {MU::Cloud::Google::VPC#create} or {MU::Cloud::Google::VPC#groom}.
+        # @param route [Hash]: A route description, per the Basket of Kittens schema
+        # @param network [String]: Cloud identifier of the VPC to which we're adding this route
+        # @param tags [Array<String>]: Instance tags to which this route applies. If empty, applies to entire VPC.
+        # @return [Hash]: The modified configuration that was originally passed in.
+        def createRoute(route, network: @url, tags: [])
+          routename = MU::Cloud::Google.nameStr(@mu_name+"-route-"+route['destination_network'])
+          if !tags.nil? and tags.size > 0
+            routename = MU::Cloud::Google.nameStr(routename+"-"+tags.first).slice(0,63)
+          end
+          route["priority"] ||= 999
+          if route['gateway'] == "#NAT"
+            if !route['nat_host_name'].nil? or !route['nat_host_id'].nil?
+                sleep 5
+              nat_instance = findBastion(
+                nat_name: route["nat_host_name"],
+                nat_cloud_id: route["nat_host_id"]
+              )
+              if nat_instance.nil? or nat_instance.cloud_desc.nil?
+                raise MuError, "Failed to find NAT host for #NAT route in #{@mu_name} (#{route})"
+              end
+              routeobj = ::Google::Apis::ComputeBeta::Route.new(
+                name: routename,
+                next_hop_instance: nat_instance.cloud_desc.self_link,
+                dest_range: route['destination_network'],
+                priority: route["priority"],
+                description: @deploy.deploy_id,
+                tags: tags,
+                network: network
+              )
+            end
+# several other cases missing for various types of routers (raw IPs, instance ids, etc) XXX
+          elsif route['gateway'] == "#DENY"
+            resp = MU::Cloud::Google.compute.list_routes(
+              @config['project'],
+              filter: "network eq #{network}"
+            )
+            if !resp.nil? and !resp.items.nil?
+              resp.items.each { |r|
+                next if r.next_hop_gateway.nil? or !r.next_hop_gateway.match(/\/global\/gateways\/default-internet-gateway$/)
+                MU.log "Removing standard route #{r.name} per our #DENY entry"
+                MU::Cloud::Google.compute.delete_route(@config['project'], r.name)
+              }
+            end
+          elsif route['gateway'] == "#INTERNET"
+            routeobj = ::Google::Apis::ComputeBeta::Route.new(
+              name: routename,
+              next_hop_gateway: "global/gateways/default-internet-gateway",
+              dest_range: route['destination_network'],
+              priority: route["priority"],
+              description: @deploy.deploy_id,
+              tags: tags,
+              network: network
+            )
+          else
+            routeobj = ::Google::Apis::ComputeBeta::Route.new(
+              name: routename,
+              dest_range: route['destination_network'],
+              network: network,
+              priority: route["priority"],
+              description: @deploy.deploy_id,
+              tags: tags,
+              next_hop_network: network
+            )
+          end
+          if route['gateway'] != "#DENY"
+            begin
+              MU::Cloud::Google.compute.get_route(@config['project'], routename)
+            rescue ::Google::Apis::ClientError, MU::MuError => e
+              if e.message.match(/notFound/)
+                MU.log "Creating route #{routename} in project #{@config['project']}", details: routeobj
+                resp = MU::Cloud::Google.compute.insert_route(@config['project'], routeobj)
+              else
+                # TODO can't update GCP routes, would have to delete and re-create
+              end
+            end
+          end
+        end
+        # Remove all network gateways associated with the currently loaded deployment.
+        # @param noop [Boolean]: If true, will only print what would be done
+        # @param region [String]: The cloud provider region
+        # @return [void]
+        def self.purge_gateways(noop = false, tagfilters = [{name: "tag:MU-ID", values: [MU.deploy_id]}], region: MU.curRegion)
+        end
+        # Remove all NAT gateways associated with the VPC of the currently loaded deployment.
+        # @param noop [Boolean]: If true, will only print what would be done
+        # @param vpc_id [String]: The cloud provider's unique VPC identifier
+        # @param region [String]: The cloud provider region
+        # @return [void]
+        def self.purge_nat_gateways(noop = false, vpc_id: nil, region: MU.curRegion)
+        end
+        # Remove all VPC endpoints associated with the VPC of the currently loaded deployment.
+        # @param noop [Boolean]: If true, will only print what would be done
+        # @param vpc_id [String]: The cloud provider's unique VPC identifier
+        # @param region [String]: The cloud provider region
+        # @return [void]
+        def self.purge_endpoints(noop = false, vpc_id: nil, region: MU.curRegion)
+        end
+        # Remove all network interfaces associated with the currently loaded deployment.
+        # @param noop [Boolean]: If true, will only print what would be done
+        # @param tagfilters [Array<Hash>]: EC2 tags to filter against when search for resources to purge
+        # @param region [String]: The cloud provider region
+        # @return [void]
+        def self.purge_interfaces(noop = false, tagfilters = [{name: "tag:MU-ID", values: [MU.deploy_id]}], region: MU.curRegion)
+        end
+        # Remove all subnets associated with the currently loaded deployment.
+        # @param noop [Boolean]: If true, will only print what would be done
+        # @param tagfilters [Array<Hash>]: EC2 tags to filter against when search for resources to purge
+        # @param regions [Array<String>]: The cloud provider regions to check
+        # @return [void]
+        def self.purge_subnets(noop = false, tagfilters = [{name: "tag:MU-ID", values: [MU.deploy_id]}], regions: MU::Cloud::Google.listRegions, project: MU::Cloud::Google.defaultProject)
+          parent_thread_id = Thread.current.object_id
+          regionthreads = []
+          regions.each { |r|
+            regionthreads << Thread.new {
+              MU.dupGlobals(parent_thread_id)
+              MU::Cloud::Google.compute.delete(
+                "subnetwork",
+                project,
+                r,
+                noop
+              )
+            }
+          }
+          regionthreads.each do |t|
+            t.join
+          end
+        end
+        # Remove all DHCP options sets associated with the currently loaded
+        # deployment.
+        # @param noop [Boolean]: If true, will only print what would be done
+        # @param tagfilters [Array<Hash>]: EC2 tags to filter against when search for resources to purge
+        # @param region [String]: The cloud provider region
+        # @return [void]
+        def self.purge_dhcpopts(noop = false, tagfilters = [{name: "tag:MU-ID", values: [MU.deploy_id]}], region: MU.curRegion)
+        end
+        # Remove all VPCs associated with the currently loaded deployment.
+        # @param noop [Boolean]: If true, will only print what would be done
+        # @param tagfilters [Array<Hash>]: EC2 tags to filter against when search for resources to purge
+        # @param region [String]: The cloud provider region
+        # @return [void]
+        def self.purge_vpcs(noop = false, tagfilters = [{name: "tag:MU-ID", values: [MU.deploy_id]}], region: MU.curRegion)
+        end
+        protected
+        # Subnets are almost a first-class resource. So let's kinda sorta treat
+        # them like one. This should only be invoked on objects that already
+        # exists in the cloud layer.
+        class Subnet < MU::Cloud::Google::VPC
+          attr_reader :cloud_id
+          attr_reader :url
+          attr_reader :ip_block
+          attr_reader :mu_name
+          attr_reader :name
+          attr_reader :az
+          # @param parent [MU::Cloud::Google::VPC]: The parent VPC of this subnet.
+          # @param config [Hash<String>]:
+          def initialize(parent, config)
+            @parent = parent
+            @config = MU::Config.manxify(config)
+            @cloud_id = config['cloud_id']
+            @url = config['url']
+            @mu_name = config['mu_name']
+            @name = config['name']
+            @deploydata = config # This is a dummy for the sake of describe()
+            @az = config['az']
+            @ip_block = config['ip_block']
+          end
+          # Return the cloud identifier for the default route of this subnet.
+          def defaultRoute
+          end
+          # Is this subnet privately-routable only, or public?
+          # @return [Boolean]
+          def private?
+            routes = MU::Cloud::Google.compute.list_routes(
+              @parent.config['project'],
+              filter: "network eq #{@parent.url}"
+            ).items
+            routes.map { |r|
+              if r.dest_range == "0.0.0.0/0" and !r.next_hop_gateway.nil? and
+                 (r.tags.nil? or r.tags.size == 0) and
+                 r.next_hop_gateway.match(/\/global\/gateways\/default-internet-gateway/)
+                return false
+              end
+            }
+            return true
+          end
+        end
+      end #class
+    end #class
+  end
+end #module