cloud-mu 2.0.0.pre.alpha9 → 2.0.0.pre.beta1

data/modules/mu/clouds/aws/role.rb

@@ -93,7 +93,7 @@ module MU
             end
 
             if @config['import']
-              MU.log "Attaching canned #{@config['import'].size > 1 ? "policies" : "policy"} #{@config['import'].join(", ")} to role #{@mu_name}", MU::NOTICE, details: @config['credentials']
+              MU.log "Attaching canned #{@config['import'].size > 1 ? "policies" : "policy"} #{@config['import'].join(", ")} to role #{@mu_name}", MU::NOTICE
               configured_policies.concat(@config['import'].map { |p| p.gsub(/.*?\/([^:\/]+)$/, '\1') })
             end
 

data/modules/mu/clouds/aws/server.rb

@@ -1356,7 +1356,7 @@ module MU
           MU.log "Creating AMI from #{name}", details: ami_descriptor
           resp = nil
           begin
-            resp = MU::Cloud::AWS.ec2(region: region).create_image(ami_descriptor)
+            resp = MU::Cloud::AWS.ec2(region: region, credentials: credentials).create_image(ami_descriptor)
           rescue Aws::EC2::Errors::InvalidAMINameDuplicate => e
             MU.log "AMI #{name} already exists, skipping", MU::WARN
             return nil
@@ -1367,7 +1367,7 @@ module MU
           MU.log "AMI of #{name} in region #{region}: #{ami}"
           if make_public
             MU::Cloud::AWS::Server.waitForAMI(ami, region: region, credentials: credentials)
-            MU::Cloud::AWS.ec2(region: region).modify_image_attribute(
+            MU::Cloud::AWS.ec2(region: region, credentials: credentials).modify_image_attribute(
                 image_id: ami,
                 launch_permission: {add: [{group: "all"}]},
                 attribute: "launchPermission"
@@ -1381,7 +1381,7 @@ module MU
               next if r == region
               copythreads << Thread.new {
                 MU.dupGlobals(parent_thread_id)
-                copy = MU::Cloud::AWS.ec2(region: r).copy_image(
+                copy = MU::Cloud::AWS.ec2(region: r, credentials: credentials).copy_image(
                     source_region: region,
                     source_image_id: ami,
                     name: name,
@@ -1389,7 +1389,7 @@ module MU
                 )
                 MU.log "Initiated copy of #{ami} from #{region} to #{r}: #{copy.image_id}"
 
-                MU::MommaCat.createStandardTags(copy.image_id, region: r)
+                MU::MommaCat.createStandardTags(copy.image_id, region: r, credentials: credentials)
                 MU::MommaCat.createTag(copy.image_id, "Name", name, region: r, credentials: credentials)
                 if !tags.nil?
                   tags.each { |tag|
@@ -1398,7 +1398,7 @@ module MU
                 end
                 MU::Cloud::AWS::Server.waitForAMI(copy.image_id, region: r, credentials: credentials)
                 if make_public
-                  MU::Cloud::AWS.ec2(region: r).modify_image_attribute(
+                  MU::Cloud::AWS.ec2(region: r, credentials: credentials).modify_image_attribute(
                       image_id: copy.image_id,
                       launch_permission: {add: [{group: "all"}]},
                       attribute: "launchPermission"

data/modules/mu/clouds/aws/server_pool.rb

@@ -212,6 +212,29 @@ module MU
 
         # Called automatically by {MU::Deploy#createResources}
         def groom
+          if @config['notifications'] and @config['notifications']['topic']
+# XXX expand to a full reference block for a Notification resource
+            arn = if @config['notifications']['topic'].match(/^arn:/)
+              @config['notifications']['topic']
+            else
+              "arn:#{MU::Cloud::AWS.isGovCloud?(@config['region']) ? "aws-us-gov" : "aws"}:sns:#{@config['region']}:#{MU::Cloud::AWS.credToAcct(@config['credentials'])}:#{@config['notifications']['topic']}"
+            end
+            eventmap = {
+              "launch" => "autoscaling:EC2_INSTANCE_LAUNCH",
+              "failed_launch" => "autoscaling:EC2_INSTANCE_LAUNCH_ERROR",
+              "terminate" => "autoscaling:EC2_INSTANCE_TERMINATE",
+              "failed_terminate" => "autoscaling:EC2_INSTANCE_TERMINATE_ERROR"
+            }
+            MU.log "Sending simple notifications (#{@config['notifications']['events'].join(", ")}) to #{arn}"
+            MU::Cloud::AWS.autoscale(region: @config['region'], credentials: @config['credentials']).put_notification_configuration(
+              auto_scaling_group_name: @mu_name,
+              topic_arn: arn,
+              notification_types: @config['notifications']['events'].map { |e|
+                eventmap[e]
+              }
+            )
+          end
+
           if @config['schedule']
             ext_actions = MU::Cloud::AWS.autoscale(region: @config['region'], credentials: @config['credentials']).describe_scheduled_actions(
               auto_scaling_group_name: @mu_name
@@ -357,6 +380,7 @@ module MU
                   newhash
                 end
                 policy_params[:target_tracking_configuration] = strToSym(policy['target_tracking_configuration'])
+                policy_params[:target_tracking_configuration].delete(:preferred_target_group)
                 if policy_params[:target_tracking_configuration][:predefined_metric_specification] and
                    policy_params[:target_tracking_configuration][:predefined_metric_specification][:predefined_metric_type] == "ALBRequestCountPerTarget"
                   lb_path = nil
@@ -364,10 +388,18 @@ module MU
                   if @deploy.deployment["loadbalancers"].size > 1
                     MU.log "Multiple load balancers attached to Autoscale group #{@mu_name}, guessing wildly which one to use for TargetTrackingScaling policy", MU::WARN
                   end
-                  if lb["targetgroups"].size > 1
-                    MU.log "Multiple target groups attached to Autoscale group #{@mu_name}, guessing wildly which one to use for TargetTrackingScaling policy", MU::WARN
+                  lb_path = if lb["targetgroups"].size > 1
+                    if policy['target_tracking_configuration']["preferred_target_group"] and
+                       lb["targetgroups"][policy['target_tracking_configuration']["preferred_target_group"]]
+                      lb["arn"].split(/:/)[5].sub(/^loadbalancer\//, "")+"/"+lb["targetgroups"][policy['target_tracking_configuration']["preferred_target_group"]].split(/:/)[5]
+                    else
+                      if policy['target_tracking_configuration']["preferred_target_group"]
+                        MU.log "preferred_target_group was set to '#{policy["preferred_target_group"]}' but I don't see a target group by that name", MU::WARN
+                      end
+                      MU.log "Multiple target groups attached to Autoscale group #{@mu_name}, guessing wildly which one to use for TargetTrackingScaling policy", MU::WARN, details: lb["targetgroups"].keys
+                      lb["arn"].split(/:/)[5].sub(/^loadbalancer\//, "")+"/"+lb["targetgroups"].values.first.split(/:/)[5]
+                    end
                   end
-                  lb_path = lb["arn"].split(/:/)[5].sub(/^loadbalancer\//, "")+"/"+lb["targetgroups"].values.first.split(/:/)[5]
 
                   policy_params[:target_tracking_configuration][:predefined_metric_specification][:resource_label] = lb_path
                 end
@@ -457,6 +489,26 @@ module MU
           toplevel_required = []
           
           schema = {
+            "notifications" => {
+              "type" => "object",
+              "description" => "Send notifications to an SNS topic for basic AutoScaling events",
+              "properties" => {
+                "topic" => {
+                  "type" => "string",
+                  "description" => "The short name or ARN of an SNS topic which should receive notifications for basic Autoscaling events"
+                },
+               "events" => {
+                  "type" => "array",
+                  "description" => "The AutoScaling events which should generate a notification",
+                  "items" => {
+                    "type" => "string",
+                    "description" => "The AutoScaling events which should generate a notification",
+                    "enum" => ["launch", "failed_launch", "terminate", "failed_terminate"]
+                  },
+                  "default" => ["launch", "failed_launch", "terminate", "failed_terminate"]
+                }
+              }
+            },
             "generate_iam_role" => {
               "type" => "boolean",
               "default" => true,
@@ -625,6 +677,10 @@ module MU
                         "type" => "float",
                         "description" => "The target value for the metric."
                       },
+                      "preferred_target_group" => {
+                        "type" => "string",
+                        "description" => "If our load balancer has multiple target groups, prefer the one with this name instead of choosing one arbitrarily"
+                      },
                       "disable_scale_in" => {
                         "type" => "boolean",
                         "description" => "If set to true, new instances created by this policy will not be subject to termination by scaling in.",
@@ -665,6 +721,7 @@ module MU
                               "type" => "object",
                               "additionalProperties" => false,
                               "required" => ["name", "value"],
+                              "description" => "What resource to monitor with the alarm we are implicitly declaring",
                               "properties" => {
                                 "name" => {
                                   "type" => "string",

data/modules/mu/clouds/azure.rb

@@ -110,7 +110,6 @@ module MU
 
 
       # Fetch an Azure instance metadata parameter (example: public-ipv4).
-      # @param param [String]: The parameter name to fetch
       # @return [String, nil]
       def self.get_metadata()
         base_url = "http://169.254.169.254/metadata/instance"

data/modules/mu/clouds/google.rb

@@ -71,12 +71,20 @@ module MU
         $MU_CFG['google'].keys
       end
 
+      # Resolve the administrative Cloud Storage bucket for a given credential
+      # set, or return a default.
+      # @param credentials [String]
+      # @return [String]
       def self.adminBucketName(credentials = nil)
          #XXX find a default if this particular account doesn't have a log_bucket_name configured
         cfg = credConfig(credentials)
         cfg['log_bucket_name']
       end
 
+      # Resolve the administrative Cloud Storage bucket for a given credential
+      # set, or return a default.
+      # @param credentials [String]
+      # @return [String]
       def self.adminBucketUrl(credentials = nil)
         "gs://"+adminBucketName(credentials)+"/"
       end
@@ -121,7 +129,7 @@ module MU
             return name_only ? name : @@acct_to_profile_map[name.to_s]
           end
 # XXX whatever process might lead us to populate @@acct_to_profile_map with some mappings, like projectname -> account profile, goes here
-          raise MuError, "Google credential set #{name} was requested, but I see no such working credentials in mu.yaml"
+          return nil
         end
       end
 
@@ -532,7 +540,7 @@ module MU
         require 'google/apis/compute_beta'
 
         if subclass.nil?
-          @@compute_api[credentials] ||= MU::Cloud::Google::Endpoint.new(api: "ComputeBeta::ComputeService", scopes: ['https://www.googleapis.com/auth/cloud-platform', 'https://www.googleapis.com/auth/compute.readonly'], credentials: credentials)
+          @@compute_api[credentials] ||= MU::Cloud::Google::GoogleEndpoint.new(api: "ComputeBeta::ComputeService", scopes: ['https://www.googleapis.com/auth/cloud-platform', 'https://www.googleapis.com/auth/compute.readonly'], credentials: credentials)
           return @@compute_api[credentials]
         elsif subclass.is_a?(Symbol)
           return Object.const_get("::Google").const_get("Apis").const_get("ComputeBeta").const_get(subclass)
@@ -545,7 +553,7 @@ module MU
         require 'google/apis/storage_v1'
 
         if subclass.nil?
-          @@storage_api[credentials] ||= MU::Cloud::Google::Endpoint.new(api: "StorageV1::StorageService", scopes: ['https://www.googleapis.com/auth/cloud-platform'], credentials: credentials)
+          @@storage_api[credentials] ||= MU::Cloud::Google::GoogleEndpoint.new(api: "StorageV1::StorageService", scopes: ['https://www.googleapis.com/auth/cloud-platform'], credentials: credentials)
           return @@storage_api[credentials]
         elsif subclass.is_a?(Symbol)
           return Object.const_get("::Google").const_get("Apis").const_get("StorageV1").const_get(subclass)
@@ -558,7 +566,7 @@ module MU
         require 'google/apis/iam_v1'
 
         if subclass.nil?
-          @@iam_api[credentials] ||= MU::Cloud::Google::Endpoint.new(api: "IamV1::IamService", scopes: ['https://www.googleapis.com/auth/cloud-platform'], credentials: credentials)
+          @@iam_api[credentials] ||= MU::Cloud::Google::GoogleEndpoint.new(api: "IamV1::IamService", scopes: ['https://www.googleapis.com/auth/cloud-platform'], credentials: credentials)
           return @@iam_api[credentials]
         elsif subclass.is_a?(Symbol)
           return Object.const_get("::Google").const_get("Apis").const_get("IamV1").const_get(subclass)
@@ -572,7 +580,7 @@ module MU
     
         if subclass.nil?
           begin
-            @@admin_directory_api[credentials] ||= MU::Cloud::Google::Endpoint.new(api: "AdminDirectoryV1::DirectoryService", scopes: ['https://www.googleapis.com/auth/admin.directory.group.member.readonly', 'https://www.googleapis.com/auth/admin.directory.group.readonly', 'https://www.googleapis.com/auth/admin.directory.user.readonly', 'https://www.googleapis.com/auth/admin.directory.domain.readonly', 'https://www.googleapis.com/auth/admin.directory.orgunit.readonly', 'https://www.googleapis.com/auth/admin.directory.rolemanagement.readonly', 'https://www.googleapis.com/auth/admin.directory.customer.readonly'], masquerade: MU::Cloud::Google.credConfig(credentials)['masquerade_as'], credentials: credentials)
+            @@admin_directory_api[credentials] ||= MU::Cloud::Google::GoogleEndpoint.new(api: "AdminDirectoryV1::DirectoryService", scopes: ['https://www.googleapis.com/auth/admin.directory.group.member.readonly', 'https://www.googleapis.com/auth/admin.directory.group.readonly', 'https://www.googleapis.com/auth/admin.directory.user.readonly', 'https://www.googleapis.com/auth/admin.directory.domain.readonly', 'https://www.googleapis.com/auth/admin.directory.orgunit.readonly', 'https://www.googleapis.com/auth/admin.directory.rolemanagement.readonly', 'https://www.googleapis.com/auth/admin.directory.customer.readonly'], masquerade: MU::Cloud::Google.credConfig(credentials)['masquerade_as'], credentials: credentials)
           rescue Signet::AuthorizationError => e
             MU.log "Cannot masquerade as #{MU::Cloud::Google.credConfig(credentials)['masquerade_as']}", MU::ERROR, details: "You can only use masquerade_as with GSuite. For more information on delegating GSuite authority to a service account, see:\nhttps://developers.google.com/identity/protocols/OAuth2ServiceAccount#delegatingauthority"
             raise e
@@ -589,7 +597,7 @@ module MU
         require 'google/apis/cloudresourcemanager_v1'
 
         if subclass.nil?
-          @@resource_api[credentials] ||= MU::Cloud::Google::Endpoint.new(api: "CloudresourcemanagerV1::CloudResourceManagerService", scopes: ['https://www.googleapis.com/auth/cloud-platform'], credentials: credentials)
+          @@resource_api[credentials] ||= MU::Cloud::Google::GoogleEndpoint.new(api: "CloudresourcemanagerV1::CloudResourceManagerService", scopes: ['https://www.googleapis.com/auth/cloud-platform'], credentials: credentials)
           return @@resource_api[credentials]
         elsif subclass.is_a?(Symbol)
           return Object.const_get("::Google").const_get("Apis").const_get("CloudresourcemanagerV1").const_get(subclass)
@@ -602,7 +610,7 @@ module MU
         require 'google/apis/cloudresourcemanager_v2beta1'
 
         if subclass.nil?
-          @@resource2_api[credentials] ||= MU::Cloud::Google::Endpoint.new(api: "CloudresourcemanagerV2beta1::CloudResourceManagerService", scopes: ['https://www.googleapis.com/auth/cloud-platform'], credentials: credentials)
+          @@resource2_api[credentials] ||= MU::Cloud::Google::GoogleEndpoint.new(api: "CloudresourcemanagerV2beta1::CloudResourceManagerService", scopes: ['https://www.googleapis.com/auth/cloud-platform'], credentials: credentials)
           return @@resource2_api[credentials]
         elsif subclass.is_a?(Symbol)
           return Object.const_get("::Google").const_get("Apis").const_get("CloudresourcemanagerV2beta1").const_get(subclass)
@@ -615,7 +623,7 @@ module MU
         require 'google/apis/container_v1'
 
         if subclass.nil?
-          @@container_api[credentials] ||= MU::Cloud::Google::Endpoint.new(api: "ContainerV1::ContainerService", scopes: ['https://www.googleapis.com/auth/cloud-platform'], credentials: credentials)
+          @@container_api[credentials] ||= MU::Cloud::Google::GoogleEndpoint.new(api: "ContainerV1::ContainerService", scopes: ['https://www.googleapis.com/auth/cloud-platform'], credentials: credentials)
           return @@container_api[credentials]
         elsif subclass.is_a?(Symbol)
           return Object.const_get("::Google").const_get("Apis").const_get("ContainerV1").const_get(subclass)
@@ -628,7 +636,7 @@ module MU
         require 'google/apis/servicemanagement_v1'
 
         if subclass.nil?
-          @@service_api[credentials] ||= MU::Cloud::Google::Endpoint.new(api: "ServicemanagementV1::ServiceManagementService", scopes: ['https://www.googleapis.com/auth/cloud-platform'], credentials: credentials)
+          @@service_api[credentials] ||= MU::Cloud::Google::GoogleEndpoint.new(api: "ServicemanagementV1::ServiceManagementService", scopes: ['https://www.googleapis.com/auth/cloud-platform'], credentials: credentials)
           return @@service_api[credentials]
         elsif subclass.is_a?(Symbol)
           return Object.const_get("::Google").const_get("Apis").const_get("ServicemanagementV1").const_get(subclass)
@@ -641,20 +649,33 @@ module MU
         require 'google/apis/sqladmin_v1beta4'
 
         if subclass.nil?
-          @@sql_api[credentials] ||= MU::Cloud::Google::Endpoint.new(api: "SqladminV1beta4::SQLAdminService", scopes: ['https://www.googleapis.com/auth/cloud-platform'], credentials: credentials)
+          @@sql_api[credentials] ||= MU::Cloud::Google::GoogleEndpoint.new(api: "SqladminV1beta4::SQLAdminService", scopes: ['https://www.googleapis.com/auth/cloud-platform'], credentials: credentials)
           return @@sql_api[credentials]
         elsif subclass.is_a?(Symbol)
           return Object.const_get("::Google").const_get("Apis").const_get("SqladminV1beta4").const_get(subclass)
         end
       end
 
+      # Google's Firestore (NoSQL) Service API
+      # @param subclass [<Google::Apis::FirestoreV1>]: If specified, will return the class ::Google::Apis::FirestoreV1::subclass instead of an API client instance
+      def self.firestore(subclass = nil, credentials: nil)
+        require 'google/apis/firestore_v1'
+
+        if subclass.nil?
+          @@firestore_api[credentials] ||= MU::Cloud::Google::GoogleEndpoint.new(api: "FirestoreV1::FirestoreService", scopes: ['https://www.googleapis.com/auth/cloud-platform'], credentials: credentials)
+          return @@firestore_api[credentials]
+        elsif subclass.is_a?(Symbol)
+          return Object.const_get("::Google").const_get("Apis").const_get("FirestoreV1").const_get(subclass)
+        end
+      end
+
       # Google's StackDriver Logging Service API
       # @param subclass [<Google::Apis::LoggingV2>]: If specified, will return the class ::Google::Apis::LoggingV2::subclass instead of an API client instance
       def self.logging(subclass = nil, credentials: nil)
         require 'google/apis/logging_v2'
 
         if subclass.nil?
-          @@logging_api[credentials] ||= MU::Cloud::Google::Endpoint.new(api: "LoggingV2::LoggingService", scopes: ['https://www.googleapis.com/auth/cloud-platform'], credentials: credentials)
+          @@logging_api[credentials] ||= MU::Cloud::Google::GoogleEndpoint.new(api: "LoggingV2::LoggingService", scopes: ['https://www.googleapis.com/auth/cloud-platform'], credentials: credentials)
           return @@logging_api[credentials]
         elsif subclass.is_a?(Symbol)
           return Object.const_get("::Google").const_get("Apis").const_get("LoggingV2").const_get(subclass)
@@ -667,7 +688,7 @@ module MU
       # Wrapper class for Google APIs, so that we can catch some common
       # transient endpoint errors without having to spray rescues all over the
       # codebase.
-      class Endpoint
+      class GoogleEndpoint
         @api = nil
         @credentials = nil
         attr_reader :issuer
@@ -945,6 +966,7 @@ module MU
       @@resource_api = {}
       @@resource2_api = {}
       @@service_api = {}
+      @@firestore_api = {}
       @@admin_directory_api = {}
     end
   end

data/modules/mu/clouds/google/bucket.rb

@@ -0,0 +1,179 @@
+# Copyright:: Copyright (c) 2019 eGlobalTech, Inc., all rights reserved
+#
+# Licensed under the BSD-3 license (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License in the root of the project or at
+#
+#     http://egt-labs.com/mu/LICENSE.html
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+module MU
+  class Cloud
+    class Google
+      # Support for Google Cloud Storage
+      class Bucket < MU::Cloud::Bucket
+        @deploy = nil
+        @config = nil
+
+        attr_reader :mu_name
+        attr_reader :config
+        attr_reader :cloud_id
+
+        # @param mommacat [MU::MommaCat]: A {MU::Mommacat} object containing the deploy of which this resource is/will be a member.
+        # @param kitten_cfg [Hash]: The fully parsed and resolved {MU::Config} resource descriptor as defined in {MU::Config::BasketofKittens::logs}
+        def initialize(mommacat: nil, kitten_cfg: nil, mu_name: nil, cloud_id: nil)
+          @deploy = mommacat
+          @config = MU::Config.manxify(kitten_cfg)
+          @cloud_id ||= cloud_id
+          @mu_name ||= @deploy.getResourceName(@config["name"])
+        end
+
+        # Called automatically by {MU::Deploy#createResources}
+        def create
+          MU::Cloud::Google.storage(credentials: credentials).insert_bucket(@config['project'], bucket_descriptor)
+          @cloud_id = @mu_name.downcase
+        end
+
+        # Called automatically by {MU::Deploy#createResources}
+        def groom
+          current = cloud_desc
+          changed = false
+
+          if !current.versioning.enabled and @config['versioning']
+            MU.log "Enabling versioning on Cloud Storage bucket #{@cloud_id}", MU::NOTICE
+            changed = true
+          elsif current.versioning.enabled and !@config['versioning']
+            MU.log "Disabling versioning on Cloud Storage bucket #{@cloud_id}", MU::NOTICE
+            changed = true
+          end
+
+          if current.website.nil? and @config['web']
+            MU.log "Enabling website service on Cloud Storage bucket #{@cloud_id}", MU::NOTICE
+            changed = true
+          elsif !current.website.nil? and !@config['web']
+            MU.log "Disabling website service on Cloud Storage bucket #{@cloud_id}", MU::NOTICE
+            changed = true
+          end
+
+          if changed
+            MU::Cloud::Google.storage(credentials: credentials).patch_bucket(@cloud_id, bucket_descriptor)
+          end
+        end
+
+        # Does this resource type exist as a global (cloud-wide) artifact, or
+        # is it localized to a region/zone?
+        # @return [Boolean]
+        def self.isGlobal?
+          true
+        end
+
+        # Remove all buckets associated with the currently loaded deployment.
+        # @param noop [Boolean]: If true, will only print what would be done
+        # @param ignoremaster [Boolean]: If true, will remove resources not flagged as originating from this Mu server
+        # @param region [String]: The cloud provider region
+        # @return [void]
+        def self.cleanup(noop: false, ignoremaster: false, region: MU.curRegion, credentials: nil, flags: {})
+          flags["project"] ||= MU::Cloud::Google.defaultProject(credentials)
+
+          resp = MU::Cloud::Google.storage(credentials: credentials).list_buckets(flags['project'])
+          if resp and resp.items
+            resp.items.each { |bucket|
+              if bucket.labels and bucket.labels["mu-id"] == MU.deploy_id.downcase
+                MU.log "Deleting Cloud Storage bucket #{bucket.name}"
+                if !noop
+                  MU::Cloud::Google.storage(credentials: credentials).delete_bucket(bucket.name)
+                end
+              end
+            }
+          end
+        end
+
+        # Return the metadata for this user cofiguration
+        # @return [Hash]
+        def notify
+          MU.structToHash(cloud_desc)
+        end
+
+        # Locate an existing bucket.
+        # @param cloud_id [String]: The cloud provider's identifier for this resource.
+        # @param region [String]: The cloud provider region.
+        # @param flags [Hash]: Optional flags
+        # @return [OpenStruct]: The cloud provider's complete descriptions of matching bucket.
+        def self.find(cloud_id: nil, region: MU.curRegion, credentials: nil, flags: {})
+          found = {}
+          if cloud_id
+            found[cloud_id] = MU::Cloud::Google.storage(credentials: credentials).get_bucket(cloud_id)
+          end
+          found
+        end
+
+        # Cloud-specific configuration properties.
+        # @param config [MU::Config]: The calling MU::Config object
+        # @return [Array<Array,Hash>]: List of required fields, and json-schema Hash of cloud-specific configuration parameters for this resource
+        def self.schema(config)
+          toplevel_required = []
+          schema = {
+            "storage_class" => {
+              "type" => "string",
+              "enum" => ["MULTI_REGIONAL", "REGIONAL", "STANDARD", "NEARLINE", "COLDLINE", "DURABLE_REDUCED_AVAILABILITY"],
+              "default" => "STANDARD"
+            }
+          }
+          [toplevel_required, schema]
+        end
+
+        # Cloud-specific pre-processing of {MU::Config::BasketofKittens::bucket}, bare and unvalidated.
+
+        # @param bucket [Hash]: The resource to process and validate
+        # @param configurator [MU::Config]: The overall deployment configurator of which this resource is a member
+        # @return [Boolean]: True if validation succeeded, False otherwise
+        def self.validateConfig(bucket, configurator)
+          ok = true
+
+          ok
+        end
+
+        private
+
+        # create and return the Google::Apis::StorageV1::Bucket object used by
+        # both +insert_bucket+ and +patch_bucket+
+        def bucket_descriptor
+          labels = {}
+          MU::MommaCat.listStandardTags.each_pair { |name, value|
+            if !value.nil?
+              labels[name.downcase] = value.downcase.gsub(/[^a-z0-9\-\_]/i, "_")
+            end
+          }
+          labels["name"] = @mu_name.downcase
+
+          params = {
+            :name => @mu_name.downcase,
+            :labels => labels,
+            :storage_class => @config['storage_class'],
+          }
+
+          if @config['web']
+            params[:website] = MU::Cloud::Google.storage(:Bucket)::Website.new(
+              main_page_suffix: @config['web_index_object'],
+              not_found_page: @config['web_error_object']
+            )
+          end
+
+          if @config['versioning']
+            params[:versioning] = MU::Cloud::Google.storage(:Bucket)::Versioning.new(enabled: true)
+          else
+            params[:versioning] = MU::Cloud::Google.storage(:Bucket)::Versioning.new(enabled: false)
+          end
+
+          MU::Cloud::Google.storage(:Bucket).new(params)
+        end
+
+      end
+    end
+  end
+end