cloud-mu 2.1.0beta → 3.0.0beta

data/modules/mu/clouds/azure/habitat.rb

@@ -0,0 +1,167 @@
+# Copyright:: Copyright (c) 2019 eGlobalTech, Inc., all rights reserved
+#
+# Licensed under the BSD-3 license (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License in the root of the project or at
+#
+#     http://egt-labs.com/mu/LICENSE.html
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+module MU
+  class Cloud
+    class Azure
+      # Creates an Azure directory as configured in {MU::Config::BasketofKittens::habitats}
+      class Habitat < MU::Cloud::Habitat
+
+        # Placeholder method, just here to see which bits of the subscription
+        # API actually work. Delete this once we actually have enough
+        # functionality for a real implementation.
+        def self.testcalls
+
+#pp MU::Cloud::Azure::Habitat.find
+
+          pp MU::Cloud::Azure.billing.enrollment_accounts.list
+
+#          pp MU::Cloud::Azure.subfactory.api.class.name
+
+#          pp MU::Cloud::Azure.subfactory.subscription_factory.create_subscription_in_enrollment_account # this should barf
+        end
+
+        # Initialize this cloud resource object. Calling +super+ will invoke the initializer defined under {MU::Cloud}, which should set the attribtues listed in {MU::Cloud::PUBLIC_ATTRS} as well as applicable dependency shortcuts, like <tt>@vpc</tt>, for us.
+        # @param args [Hash]: Hash of named arguments passed via Ruby's double-splat
+        def initialize(**args)
+          super
+
+          cloud_desc if @cloud_id # XXX why don't I have this on regroom?
+          if !@cloud_id and cloud_desc and cloud_desc.project_id
+            @cloud_id = cloud_desc.project_id
+          end
+
+          if !mu_name.nil?
+            @mu_name = mu_name
+          elsif @config['scrub_mu_isms']
+            @mu_name = @config['name']
+          else
+            @mu_name = @deploy.getResourceName(@config['name'])
+          end
+        end
+
+        # Called automatically by {MU::Deploy#createResources}
+        def create
+        end
+
+        # Called automatically by {MU::Deploy#createResources}
+        def groom
+        end
+
+        # Return the cloud descriptor for the Habitat
+        def cloud_desc
+          @cached_cloud_desc ||= MU::Cloud::Azure::Habitat.find(cloud_id: @cloud_id).values.first
+#          @habitat_id ||= @cached_cloud_desc.parent.id if @cached_cloud_desc
+          @cached_cloud_desc
+        end
+
+        # Return the metadata for this project's configuration
+        # @return [Hash]
+        def notify
+#          MU.structToHash(MU::Cloud::Google.resource_manager(credentials: @config['credentials']).get_project(@cloud_id))
+          {}
+        end
+
+        # Does this resource type exist as a global (cloud-wide) artifact, or
+        # is it localized to a region/zone?
+        # @return [Boolean]
+        def self.isGlobal?
+          true
+        end
+
+        # Denote whether this resource implementation is experiment, ready for
+        # testing, or ready for production use.
+        def self.quality
+          MU::Cloud::ALPHA
+        end
+
+        # Check whether is in the +ACTIVE+ state and has billing enabled.
+        # @param project_id [String]
+        # @return [Boolean]
+        def self.isLive?(project_id, credentials = nil)
+          true
+        end
+
+        # Stub method. Azure resources are cleaned up by removing the parent
+        # resource group.
+        # @return [void]
+        def self.cleanup(**args)
+        end
+
+        @@list_projects_cache = nil
+
+        # Locate and return cloud provider descriptors of this resource type
+        # which match the provided parameters, or all visible resources if no
+        # filters are specified. At minimum, implementations of +find+ must
+        # honor +credentials+ and +cloud_id+ arguments. We may optionally
+        # support other search methods, such as +tag_key+ and +tag_value+, or
+        # cloud-specific arguments like +project+. See also {MU::MommaCat.findStray}.
+        # @param args [Hash]: Hash of named arguments passed via Ruby's double-splat
+        # @return [Hash<String,OpenStruct>]: The cloud provider's complete descriptions of matching resources
+        def self.find(**args)
+#MU.log "habitat.find called by #{caller[0]}", MU::WARN, details: args
+          found = {}
+
+          args[:cloud_id] ||= args[:project]
+# XXX we probably want to cache this
+# XXX but why are we being called over and over?
+
+          if args[:cloud_id]
+            found[args[:cloud_id]] = MU::Cloud::Azure.subs.subscriptions.get(args[:cloud_id])
+          else
+            MU::Cloud::Azure.subs.subscriptions.list.each { |sub|
+              found[sub.subscription_id] = sub
+            }
+          end
+
+          found
+        end
+
+        # Reverse-map our cloud description into a runnable config hash.
+        # We assume that any values we have in +@config+ are placeholders, and
+        # calculate our own accordingly based on what's live in the cloud.
+        def toKitten(rootparent: nil, billing: nil)
+          bok = {
+            "cloud" => "Azure",
+            "credentials" => @config['credentials']
+          }
+
+          bok
+        end
+
+        # Cloud-specific configuration properties.
+        # @param config [MU::Config]: The calling MU::Config object
+        # @return [Array<Array,Hash>]: List of required fields, and json-schema Hash of cloud-specific configuration parameters for this resource
+        def self.schema(config)
+          toplevel_required = []
+          schema = {
+          }
+          [toplevel_required, schema]
+        end
+
+        # Cloud-specific pre-processing of {MU::Config::BasketofKittens::habitats}, bare and unvalidated.
+        # @param habitat [Hash]: The resource to process and validate
+        # @param configurator [MU::Config]: The overall deployment configurator of which this resource is a member
+        # @return [Boolean]: True if validation succeeded, False otherwise
+        def self.validateConfig(habitat, configurator)
+          ok = true
+          habitat['region'] ||= MU::Cloud::Azure.myRegion(habitat['credentials'])
+
+          ok
+        end
+
+      end
+    end
+  end
+end

data/modules/mu/clouds/azure/loadbalancer.rb

@@ -0,0 +1,205 @@
+# Copyright:: Copyright (c) 2019 eGlobalTech, Inc., all rights reserved
+#
+# Licensed under the BSD-3 license (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License in the root of the project or at
+#
+#     http://egt-labs.com/mu/LICENSE.html
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+module MU
+  class Cloud
+    class Azure
+      # A load balancer as configured in {MU::Config::BasketofKittens::loadbalancers}
+      class LoadBalancer < MU::Cloud::LoadBalancer
+
+        # Initialize this cloud resource object. Calling +super+ will invoke the initializer defined under {MU::Cloud}, which should set the attribtues listed in {MU::Cloud::PUBLIC_ATTRS} as well as applicable dependency shortcuts, like <tt>@vpc</tt>, for us.
+        # @param args [Hash]: Hash of named arguments passed via Ruby's double-splat
+        def initialize(**args)
+          super
+          @mu_name ||= @deploy.getResourceName(@config["name"])
+        end
+
+        # Called automatically by {MU::Deploy#createResources}
+        def create
+          create_update
+        end
+
+        # Called automatically by {MU::Deploy#createResources}
+        def groom
+          create_update
+
+          if cloud_desc.tags != @tags
+            tags_obj = MU::Cloud::Azure.network(:TagsObject).new
+            tags_obj.tags = @tags
+            MU.log "Updating tags on LoadBalancer #{@mu_name}", MU::NOTICE, details: @tags
+            MU::Cloud::Azure.network(credentials: @config['credentials']).load_balancers.update_tags(@resource_group, @mu_name, tags_obj)
+          end
+        end
+
+        # Return the metadata for this LoadBalancer
+        # @return [Hash]
+        def notify
+        end
+
+        # Register a Server node with an existing LoadBalancer.
+        #
+        # @param instance_id [String] A node to register.
+        # @param targetgroups [Array<String>] The target group(s) of which this node should be made a member. Not applicable to classic LoadBalancers. If not supplied, the node will be registered to all available target groups on this LoadBalancer.
+        def registerNode(instance_id, targetgroups: nil)
+        end
+
+        # Does this resource type exist as a global (cloud-wide) artifact, or
+        # is it localized to a region/zone?
+        # @return [Boolean]
+        def self.isGlobal?
+          false
+        end
+
+        # Denote whether this resource implementation is experiment, ready for
+        # testing, or ready for production use.
+        def self.quality
+          MU::Cloud::ALPHA
+        end
+
+        # Stub method. Azure resources are cleaned up by removing the parent
+        # resource group.
+        # @return [void]
+        def self.cleanup(**args)
+        end
+
+        # Cloud-specific configuration properties.
+        # @param config [MU::Config]: The calling MU::Config object
+        # @return [Array<Array,Hash>]: List of required fields, and json-schema Hash of cloud-specific configuration parameters for this resource
+        def self.schema(config)
+          toplevel_required = []
+          schema = {
+#            "named_ports" => {
+#              "type" => "array",
+#              "items" => {
+#                "type" => "object",
+#                "required" => ["name", "port"],
+#                "additionalProperties" => false,
+#                "description" => "A named network port for a Azure instance group, used for health checks and forwarding targets.",
+#                "properties" => {
+#                  "name" => {
+#                    "type" => "string"
+#                  },
+#                  "port" => {
+#                    "type" => "integer"
+#                  }
+#                }
+#              }
+#            }
+          }
+          [toplevel_required, schema]
+        end
+
+        # Cloud-specific pre-processing of {MU::Config::BasketofKittens::loadbalancers}, bare and unvalidated.
+        # @param lb [Hash]: The resource to process and validate
+        # @param configurator [MU::Config]: The overall deployment configurator of which this resource is a member
+        # @return [Boolean]: True if validation succeeded, False otherwise
+        def self.validateConfig(lb, configurator)
+          ok = true
+          lb['region'] ||= MU::Cloud::Azure.myRegion(lb['credentials'])
+
+          ok
+        end
+
+        # Locate and return cloud provider descriptors of this resource type
+        # which match the provided parameters, or all visible resources if no
+        # filters are specified. At minimum, implementations of +find+ must
+        # honor +credentials+ and +cloud_id+ arguments. We may optionally
+        # support other search methods, such as +tag_key+ and +tag_value+, or
+        # cloud-specific arguments like +project+. See also {MU::MommaCat.findStray}.
+        # @param args [Hash]: Hash of named arguments passed via Ruby's double-splat
+        # @return [Hash<String,OpenStruct>]: The cloud provider's complete descriptions of matching resources
+        def self.find(**args)
+          found = {}
+
+          # Azure resources are namedspaced by resource group. If we weren't
+          # told one, we may have to search all the ones we can see.
+          resource_groups = if args[:resource_group]
+            [args[:resource_group]]
+          elsif args[:cloud_id] and args[:cloud_id].is_a?(MU::Cloud::Azure::Id)
+            [args[:cloud_id].resource_group]
+          else
+            MU::Cloud::Azure.resources(credentials: args[:credentials]).resource_groups.list.map { |rg| rg.name }
+          end
+
+          if args[:cloud_id]
+            id_str = args[:cloud_id].is_a?(MU::Cloud::Azure::Id) ? args[:cloud_id].name : args[:cloud_id]
+            resource_groups.each { |rg|
+              resp = MU::Cloud::Azure.network(credentials: args[:credentials]).load_balancers.get(rg, id_str)
+              found[Id.new(resp.id)] = resp if resp
+            }
+          else
+            if args[:resource_group]
+              MU::Cloud::Azure.network(credentials: args[:credentials]).load_balancers.list(args[:resource_group]).each { |lb|
+                found[Id.new(lb.id)] = lb
+              }
+            else
+              MU::Cloud::Azure.network(credentials: args[:credentials]).load_balancers.list_all.each { |net|
+                found[Id.new(lb.id)] = lb
+              }
+            end
+          end
+
+          found
+        end
+
+        private
+
+        def create_update
+          @config['region'] ||= MU::Cloud::Azure.myRegion(@config['credentials'])
+
+# XXX expose that second argument to BoK language to use a pre-existing resource
+          ip_obj = MU::Cloud::Azure.fetchPublicIP(@resource_group, @mu_name, credentials: @config['credentials'], region: @config['region'], tags: @tags)
+
+# XXX can have multiples of these
+          front_obj = MU::Cloud::Azure.network(:FrontendIPConfiguration).new
+          front_obj.name = @mu_name
+          front_obj.public_ipaddress = ip_obj
+          front_obj.private_ipallocation_method = "Dynamic"
+
+          lb_obj = MU::Cloud::Azure.network(:LoadBalancer).new
+          lb_obj.frontend_ipconfigurations = [front_obj]
+          lb_obj.location = @config['region']
+          lb_obj.tags = @tags
+
+
+          need_apply = false
+          ext_lb = MU::Cloud::Azure.network(credentials: @config['credentials']).load_balancers.get(
+            @resource_group,
+            @mu_name
+          )
+          if ext_lb
+            pp ext_lb
+            @cloud_id = MU::Cloud::Azure::Id.new(ext_lb.id)
+          end
+#MU.log "WHAT I GOT", MU::NOTICE, details: ext_lb
+#MU.log "WHAT I NEED", MU::NOTICE, details: @config
+
+          if !ext_lb
+            MU.log "Creating Load Balancer #{@mu_name} in #{@config['region']}", details: lb_obj
+            need_apply = true
+          elsif ext_lb.frontend_ipconfigurations != lb_obj.frontend_ipconfigurations
+            MU.log "Updating Network Security Group #{@mu_name} in #{@config['region']}", MU::NOTICE, details: lb_obj
+            need_apply = true
+          end
+
+          if need_apply
+            resp = MU::Cloud::Azure.network(credentials: @config['credentials']).load_balancers.create_or_update(@resource_group, @mu_name, lb_obj)
+            @cloud_id = Id.new(resp.id)
+          end
+        end
+
+      end
+    end
+  end
+end

data/modules/mu/clouds/azure/role.rb

@@ -0,0 +1,211 @@
+# Copyright:: Copyright (c) 2018 eGlobalTech, Inc., all rights reserved
+#
+# Licensed under the BSD-3 license (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License in the root of the project or at
+#
+#     http://egt-labs.com/mu/LICENSE.html
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+module MU
+  class Cloud
+    class Azure
+      # A user as configured in {MU::Config::BasketofKittens::roles}
+      class Role < MU::Cloud::Role
+
+        # Initialize this cloud resource object. Calling +super+ will invoke the initializer defined under {MU::Cloud}, which should set the attribtues listed in {MU::Cloud::PUBLIC_ATTRS} as well as applicable dependency shortcuts, like <tt>@vpc</tt>, for us.
+        # @param args [Hash]: Hash of named arguments passed via Ruby's double-splat
+        def initialize(**args)
+          super
+          if !mu_name.nil?
+            @mu_name = mu_name
+            @cloud_id = Id.new(cloud_desc.id) if @cloud_id
+          else
+            @mu_name ||= @deploy.getResourceName(@config["name"], max_length: 31)
+          end
+
+        end
+
+        # Called automatically by {MU::Deploy#createResources}
+        def create
+        end
+
+        # Called automatically by {MU::Deploy#createResources}
+        def groom
+        end
+
+        # Return the metadata for this user configuration
+        # @return [Hash]
+        def notify
+          description = MU.structToHash(cloud_desc)
+          if description
+            description.delete(:etag)
+            return description
+          end
+          {
+          }
+        end
+
+        # Does this resource type exist as a global (cloud-wide) artifact, or
+        # is it localized to a region/zone?
+        # @return [Boolean]
+        def self.isGlobal?
+          false
+        end
+
+        # Denote whether this resource implementation is experiment, ready for
+        # testing, or ready for production use.
+        def self.quality
+          MU::Cloud::ALPHA
+        end
+
+        # Assign this role object to a given principal (create a RoleAssignment)
+        # @param principal [MU::Cloud::Azure::Id]
+        def assignTo(principal)
+          MU::Cloud::Azure::Role.assignTo(principal_id, role_id: @cloud_id)
+        end
+
+        # Assign a role to a particular principal (create a RoleAssignment). We
+        # support multiple ways of referring to a role
+        # @param principal [MU::Cloud::Azure::Id]
+        def self.assignTo(principal, role_name: nil, role_id: nil, credentials: nil)
+# XXX subscription might need extraction
+          if !role_name and !role_id
+            raise MuError, "Role.assignTo requries one of role_name, role_id, or permissions in order to look up roles for association"
+
+          end
+
+          existing = MU::Cloud::Azure.authorization(credentials: credentials).role_assignments.list()
+
+          roles = MU::Cloud::Azure::Role.find(cloud_id: role_id, role_name: role_name, credentials: credentials)
+          role = roles.values.first # XXX handle failures and multiples
+
+          assign_obj = MU::Cloud::Azure.authorization(:RoleAssignmentCreateParameters, model_version: "V2018_09_01_preview").new
+          assign_obj.principal_id = principal
+          assign_obj.principal_type = "ServicePrincipal"
+          assign_obj.role_definition_id = role.id
+
+          # TODO this should defintiely be configurable, and for most Mu
+          # deploy resources will be scoped to the resource group level
+          scope = "/subscriptions/"+MU::Cloud::Azure.default_subscription(credentials)
+
+          role_name = begin
+            role.role_name
+          rescue NoMethodError
+            role.properties.role_name
+          end
+          
+          used_ids = []
+          existing.each { |ext_assignment|
+            used_ids << ext_assignment.name
+            if ext_assignment.role_definition_id == role.id and
+               ext_assignment.scope == scope and
+               ext_assignment.principal_id == principal
+              return
+            end
+          }
+
+          guid = nil
+          begin
+            guid = MU::Cloud::Azure.genGUID
+          end while used_ids.include?(guid)
+
+          MU.log "Assigning role '#{role_name}' to principal #{principal}", details: assign_obj
+          MU::Cloud::Azure.authorization(credentials: credentials).role_assignments.create(
+            scope,
+            guid,
+            assign_obj
+          )
+        end
+
+        @@role_list_cache = {}
+        @@role_list_semaphore = Mutex.new
+
+        # Locate and return cloud provider descriptors of this resource type
+        # which match the provided parameters, or all visible resources if no
+        # filters are specified. At minimum, implementations of +find+ must
+        # honor +credentials+ and +cloud_id+ arguments. We may optionally
+        # support other search methods, such as +tag_key+ and +tag_value+, or
+        # cloud-specific arguments like +project+. See also {MU::MommaCat.findStray}.
+        # @param args [Hash]: Hash of named arguments passed via Ruby's double-splat
+        # @return [Hash<String,OpenStruct>]: The cloud provider's complete descriptions of matching resources
+        def self.find(**args)
+          found = {}
+
+          sub_id = MU::Cloud::Azure.default_subscription(args[:credentials])
+          scope = "/subscriptions/"+sub_id
+
+          if args[:cloud_id]
+            id_str = args[:cloud_id].is_a?(MU::Cloud::Azure::Id) ? args[:cloud_id].name : args[:cloud_id]
+            begin
+              resp = MU::Cloud::Azure.authorization(credentials: args[:credentials]).role_definitions.get(scope, id_str)
+              found[Id.new(resp.id)] = resp
+            rescue MsRestAzure::AzureOperationError => e
+              # this is fine, we're doing a blind search after all
+            end
+          else
+            @@role_list_semaphore.synchronize {
+              if !@@role_list_cache[scope]
+                @@role_list_cache[scope] = Hash[MU::Cloud::Azure.authorization(credentials: args[:credentials]).role_definitions.list(scope).map { |r| [Id.new(r.id), r] }]
+              end
+            }
+            if args[:role_name]
+              @@role_list_cache[scope].each_pair { |key, role|
+                begin
+                  if role.role_name == args[:role_name]
+                    found[Id.new(role.id)] = role
+                    break
+                  end
+                rescue NoMethodError
+                  if role.properties.role_name == args[:role_name]
+                    found[Id.new(role.id)] = role
+                    break
+                  end
+                end
+              }
+            else
+              found = @@role_list_cache[scope].dup
+            end
+          end
+
+          found
+        end
+
+        # Stub method. Azure resources are cleaned up by removing the parent
+        # resource group.
+        # @return [void]
+        def self.cleanup(**args)
+        end
+
+        # Cloud-specific configuration properties.
+        # @param config [MU::Config]: The calling MU::Config object
+        # @return [Array<Array,Hash>]: List of required fields, and json-schema Hash of cloud-specific configuration parameters for this resource
+        def self.schema(config)
+          toplevel_required = []
+          schema = {
+          }
+          [toplevel_required, schema]
+        end
+
+        # Cloud-specific pre-processing of {MU::Config::BasketofKittens::roles}, bare and unvalidated.
+        # @param role [Hash]: The resource to process and validate
+        # @param configurator [MU::Config]: The overall deployment configurator of which this resource is a member
+        # @return [Boolean]: True if validation succeeded, False otherwise
+        def self.validateConfig(role, configurator)
+          ok = true
+          role['region'] ||= MU::Cloud::Azure.myRegion(role['credentials'])
+
+          ok
+        end
+
+        private
+
+      end
+    end
+  end
+end