RubyGems - cloud-mu - Versions diffs - 3.1.2 → 3.2.0 - Mend

cloud-mu 3.1.2 → 3.2.0

Files changed (201) hide show

checksums.yaml +4 -4
data/Dockerfile +15 -3
data/ansible/roles/mu-windows/README.md +33 -0
data/ansible/roles/mu-windows/defaults/main.yml +2 -0
data/ansible/roles/mu-windows/files/LaunchConfig.json +9 -0
data/ansible/roles/mu-windows/files/config.xml +76 -0
data/ansible/roles/mu-windows/handlers/main.yml +2 -0
data/ansible/roles/mu-windows/meta/main.yml +53 -0
data/ansible/roles/mu-windows/tasks/main.yml +36 -0
data/ansible/roles/mu-windows/tests/inventory +2 -0
data/ansible/roles/mu-windows/tests/test.yml +5 -0
data/ansible/roles/mu-windows/vars/main.yml +2 -0
data/bin/mu-adopt +10 -13
data/bin/mu-azure-tests +57 -0
data/bin/mu-cleanup +2 -4
data/bin/mu-configure +52 -0
data/bin/mu-deploy +3 -3
data/bin/mu-findstray-tests +25 -0
data/bin/mu-gen-docs +2 -4
data/bin/mu-load-config.rb +2 -3
data/bin/mu-node-manage +15 -16
data/bin/mu-run-tests +135 -37
data/cloud-mu.gemspec +22 -20
data/cookbooks/mu-activedirectory/resources/domain.rb +4 -4
data/cookbooks/mu-activedirectory/resources/domain_controller.rb +4 -4
data/cookbooks/mu-tools/libraries/helper.rb +3 -2
data/cookbooks/mu-tools/libraries/monkey.rb +35 -0
data/cookbooks/mu-tools/recipes/apply_security.rb +14 -14
data/cookbooks/mu-tools/recipes/aws_api.rb +9 -0
data/cookbooks/mu-tools/recipes/eks.rb +2 -2
data/cookbooks/mu-tools/recipes/google_api.rb +2 -2
data/cookbooks/mu-tools/recipes/selinux.rb +2 -1
data/cookbooks/mu-tools/recipes/windows-client.rb +163 -164
data/cookbooks/mu-tools/resources/disk.rb +1 -1
data/cookbooks/mu-tools/resources/windows_users.rb +44 -43
data/extras/clean-stock-amis +25 -19
data/extras/generate-stock-images +1 -0
data/extras/image-generators/AWS/win2k12.yaml +18 -13
data/extras/image-generators/AWS/win2k16.yaml +18 -13
data/extras/image-generators/AWS/win2k19.yaml +21 -0
data/extras/image-generators/Google/centos6.yaml +1 -0
data/extras/image-generators/Google/centos7.yaml +1 -1
data/modules/mommacat.ru +6 -16
data/modules/mu.rb +165 -111
data/modules/mu/adoption.rb +401 -68
data/modules/mu/cleanup.rb +199 -306
data/modules/mu/cloud.rb +100 -1632
data/modules/mu/cloud/database.rb +49 -0
data/modules/mu/cloud/dnszone.rb +46 -0
data/modules/mu/cloud/machine_images.rb +212 -0
data/modules/mu/cloud/providers.rb +81 -0
data/modules/mu/cloud/resource_base.rb +920 -0
data/modules/mu/cloud/server.rb +40 -0
data/modules/mu/cloud/server_pool.rb +1 -0
data/modules/mu/cloud/ssh_sessions.rb +228 -0
data/modules/mu/cloud/winrm_sessions.rb +237 -0
data/modules/mu/cloud/wrappers.rb +165 -0
data/modules/mu/config.rb +171 -1767
data/modules/mu/config/alarm.rb +2 -6
data/modules/mu/config/bucket.rb +4 -4
data/modules/mu/config/cache_cluster.rb +1 -1
data/modules/mu/config/collection.rb +4 -4
data/modules/mu/config/container_cluster.rb +9 -4
data/modules/mu/config/database.rb +83 -104
data/modules/mu/config/database.yml +1 -2
data/modules/mu/config/dnszone.rb +6 -6
data/modules/mu/config/doc_helpers.rb +516 -0
data/modules/mu/config/endpoint.rb +4 -4
data/modules/mu/config/firewall_rule.rb +103 -4
data/modules/mu/config/folder.rb +4 -4
data/modules/mu/config/function.rb +3 -3
data/modules/mu/config/group.rb +4 -4
data/modules/mu/config/habitat.rb +4 -4
data/modules/mu/config/loadbalancer.rb +60 -14
data/modules/mu/config/log.rb +4 -4
data/modules/mu/config/msg_queue.rb +4 -4
data/modules/mu/config/nosqldb.rb +4 -4
data/modules/mu/config/notifier.rb +3 -3
data/modules/mu/config/ref.rb +365 -0
data/modules/mu/config/role.rb +4 -4
data/modules/mu/config/schema_helpers.rb +509 -0
data/modules/mu/config/search_domain.rb +4 -4
data/modules/mu/config/server.rb +97 -70
data/modules/mu/config/server.yml +1 -0
data/modules/mu/config/server_pool.rb +5 -9
data/modules/mu/config/storage_pool.rb +1 -1
data/modules/mu/config/tail.rb +200 -0
data/modules/mu/config/user.rb +4 -4
data/modules/mu/config/vpc.rb +70 -27
data/modules/mu/config/vpc.yml +0 -1
data/modules/mu/defaults/AWS.yaml +83 -60
data/modules/mu/defaults/Azure.yaml +1 -0
data/modules/mu/defaults/Google.yaml +3 -2
data/modules/mu/deploy.rb +30 -26
data/modules/mu/groomer.rb +17 -2
data/modules/mu/groomers/ansible.rb +188 -41
data/modules/mu/groomers/chef.rb +116 -55
data/modules/mu/logger.rb +127 -148
data/modules/mu/master.rb +389 -2
data/modules/mu/master/chef.rb +3 -4
data/modules/mu/master/ldap.rb +3 -3
data/modules/mu/master/ssl.rb +12 -3
data/modules/mu/mommacat.rb +217 -2612
data/modules/mu/mommacat/daemon.rb +397 -0
data/modules/mu/mommacat/naming.rb +473 -0
data/modules/mu/mommacat/search.rb +495 -0
data/modules/mu/mommacat/storage.rb +722 -0
data/modules/mu/{clouds → providers}/README.md +1 -1
data/modules/mu/{clouds → providers}/aws.rb +271 -112
data/modules/mu/{clouds → providers}/aws/alarm.rb +5 -3
data/modules/mu/{clouds → providers}/aws/bucket.rb +26 -22
data/modules/mu/{clouds → providers}/aws/cache_cluster.rb +33 -67
data/modules/mu/{clouds → providers}/aws/collection.rb +24 -23
data/modules/mu/{clouds → providers}/aws/container_cluster.rb +681 -721
data/modules/mu/providers/aws/database.rb +1744 -0
data/modules/mu/{clouds → providers}/aws/dnszone.rb +64 -63
data/modules/mu/{clouds → providers}/aws/endpoint.rb +22 -27
data/modules/mu/{clouds → providers}/aws/firewall_rule.rb +214 -244
data/modules/mu/{clouds → providers}/aws/folder.rb +7 -7
data/modules/mu/{clouds → providers}/aws/function.rb +17 -22
data/modules/mu/{clouds → providers}/aws/group.rb +23 -23
data/modules/mu/{clouds → providers}/aws/habitat.rb +17 -14
data/modules/mu/{clouds → providers}/aws/loadbalancer.rb +57 -48
data/modules/mu/{clouds → providers}/aws/log.rb +15 -12
data/modules/mu/{clouds → providers}/aws/msg_queue.rb +17 -16
data/modules/mu/{clouds → providers}/aws/nosqldb.rb +18 -11
data/modules/mu/{clouds → providers}/aws/notifier.rb +11 -6
data/modules/mu/{clouds → providers}/aws/role.rb +112 -86
data/modules/mu/{clouds → providers}/aws/search_domain.rb +39 -33
data/modules/mu/{clouds → providers}/aws/server.rb +835 -1133
data/modules/mu/{clouds → providers}/aws/server_pool.rb +56 -60
data/modules/mu/{clouds → providers}/aws/storage_pool.rb +24 -42
data/modules/mu/{clouds → providers}/aws/user.rb +21 -22
data/modules/mu/{clouds → providers}/aws/userdata/README.md +0 -0
data/modules/mu/{clouds → providers}/aws/userdata/linux.erb +0 -0
data/modules/mu/{clouds → providers}/aws/userdata/windows.erb +2 -1
data/modules/mu/{clouds → providers}/aws/vpc.rb +523 -929
data/modules/mu/providers/aws/vpc_subnet.rb +286 -0
data/modules/mu/{clouds → providers}/azure.rb +29 -9
data/modules/mu/{clouds → providers}/azure/container_cluster.rb +3 -8
data/modules/mu/{clouds → providers}/azure/firewall_rule.rb +18 -11
data/modules/mu/{clouds → providers}/azure/habitat.rb +8 -6
data/modules/mu/{clouds → providers}/azure/loadbalancer.rb +5 -5
data/modules/mu/{clouds → providers}/azure/role.rb +8 -10
data/modules/mu/{clouds → providers}/azure/server.rb +95 -48
data/modules/mu/{clouds → providers}/azure/user.rb +6 -8
data/modules/mu/{clouds → providers}/azure/userdata/README.md +0 -0
data/modules/mu/{clouds → providers}/azure/userdata/linux.erb +0 -0
data/modules/mu/{clouds → providers}/azure/userdata/windows.erb +0 -0
data/modules/mu/{clouds → providers}/azure/vpc.rb +16 -21
data/modules/mu/{clouds → providers}/cloudformation.rb +18 -7
data/modules/mu/{clouds → providers}/cloudformation/alarm.rb +3 -3
data/modules/mu/{clouds → providers}/cloudformation/cache_cluster.rb +3 -3
data/modules/mu/{clouds → providers}/cloudformation/collection.rb +3 -3
data/modules/mu/{clouds → providers}/cloudformation/database.rb +6 -17
data/modules/mu/{clouds → providers}/cloudformation/dnszone.rb +3 -3
data/modules/mu/{clouds → providers}/cloudformation/firewall_rule.rb +3 -3
data/modules/mu/{clouds → providers}/cloudformation/loadbalancer.rb +3 -3
data/modules/mu/{clouds → providers}/cloudformation/log.rb +3 -3
data/modules/mu/{clouds → providers}/cloudformation/server.rb +7 -7
data/modules/mu/{clouds → providers}/cloudformation/server_pool.rb +5 -5
data/modules/mu/{clouds → providers}/cloudformation/vpc.rb +5 -7
data/modules/mu/{clouds → providers}/docker.rb +0 -0
data/modules/mu/{clouds → providers}/google.rb +67 -30
data/modules/mu/{clouds → providers}/google/bucket.rb +13 -15
data/modules/mu/{clouds → providers}/google/container_cluster.rb +84 -77
data/modules/mu/{clouds → providers}/google/database.rb +10 -20
data/modules/mu/{clouds → providers}/google/firewall_rule.rb +15 -14
data/modules/mu/{clouds → providers}/google/folder.rb +20 -17
data/modules/mu/{clouds → providers}/google/function.rb +139 -167
data/modules/mu/{clouds → providers}/google/group.rb +29 -34
data/modules/mu/{clouds → providers}/google/habitat.rb +21 -22
data/modules/mu/{clouds → providers}/google/loadbalancer.rb +18 -20
data/modules/mu/{clouds → providers}/google/role.rb +92 -58
data/modules/mu/{clouds → providers}/google/server.rb +242 -155
data/modules/mu/{clouds → providers}/google/server_pool.rb +25 -44
data/modules/mu/{clouds → providers}/google/user.rb +95 -31
data/modules/mu/{clouds → providers}/google/userdata/README.md +0 -0
data/modules/mu/{clouds → providers}/google/userdata/linux.erb +0 -0
data/modules/mu/{clouds → providers}/google/userdata/windows.erb +0 -0
data/modules/mu/{clouds → providers}/google/vpc.rb +103 -79
data/modules/tests/bucket.yml +4 -0
data/modules/tests/centos6.yaml +11 -0
data/modules/tests/centos7.yaml +11 -0
data/modules/tests/centos8.yaml +12 -0
data/modules/tests/ecs.yaml +23 -0
data/modules/tests/includes-and-params.yaml +2 -1
data/modules/tests/rds.yaml +108 -0
data/modules/tests/regrooms/aws-iam.yaml +201 -0
data/modules/tests/regrooms/bucket.yml +19 -0
data/modules/tests/regrooms/rds.yaml +123 -0
data/modules/tests/server-with-scrub-muisms.yaml +1 -0
data/modules/tests/super_simple_bok.yml +1 -3
data/modules/tests/win2k12.yaml +17 -5
data/modules/tests/win2k16.yaml +25 -0
data/modules/tests/win2k19.yaml +25 -0
data/requirements.txt +1 -0
data/spec/mu/clouds/azure_spec.rb +2 -2
metadata +232 -154
data/extras/image-generators/AWS/windows.yaml +0 -18
data/modules/mu/clouds/aws/database.rb +0 -1985

data/modules/mu/config/endpoint.rb CHANGED

@@ -14,7 +14,7 @@
 module MU
   class Config
-    # Basket of Kittens config schema and parser logic. See modules/mu/clouds/*/api.rb
+    # Basket of Kittens config schema and parser logic. See modules/mu/providers/*/api.rb
     class Endpoint
       # Base configuration schema for an Endpoint (e.g. AWS API Gateway)
@@ -57,10 +57,10 @@ module MU
       end
       # Generic pre-processing of {MU::Config::BasketofKittens::endpoints}, bare and unvalidated.
-      # @param endpoint [Hash]: The resource to process and validate
-      # @param configurator [MU::Config]: The overall deployment configurator of which this resource is a member
+      # @param _endpoint [Hash]: The resource to process and validate
+      # @param _configurator [MU::Config]: The overall deployment configurator of which this resource is a member
       # @return [Boolean]: True if validation succeeded, False otherwise
-      def self.validate(endpoint, configurator)
+      def self.validate(_endpoint, _configurator)
         ok = true
         ok

data/modules/mu/config/firewall_rule.rb CHANGED

@@ -14,7 +14,7 @@
 module MU
   class Config
-    # Basket of Kittens config schema and parser logic. See modules/mu/clouds/*/firewall_rule.rb
+    # Basket of Kittens config schema and parser logic. See modules/mu/providers/*/firewall_rule.rb
     class FirewallRule
       # Base configuration schema for a FirewallRule
@@ -100,14 +100,113 @@ module MU
       end
       # Generic pre-processing of {MU::Config::BasketofKittens::firewall_rules}, bare and unvalidated.
-      # @param acl [Hash]: The resource to process and validate
-      # @param configurator [MU::Config]: The overall deployment configurator of which this resource is a member
+      # @param _acl [Hash]: The resource to process and validate
+      # @param _configurator [MU::Config]: The overall deployment configurator of which this resource is a member
       # @return [Boolean]: True if validation succeeded, False otherwise
-      def self.validate(acl, configurator)
+      def self.validate(_acl, _configurator)
         ok = true
         ok
       end
     end
+    # FirewallRules can reference other FirewallRules, which means we need to do
+    # an extra pass to make sure we get all intra-stack dependencies correct.
+    # @param acl [Hash]: The configuration hash for the FirewallRule to check
+    # @return [Hash]
+    def resolveIntraStackFirewallRefs(acl, delay_validation = false)
+      acl["rules"].each { |acl_include|
+        if acl_include['sgs']
+          acl_include['sgs'].each { |sg_ref|
+            if haveLitterMate?(sg_ref, "firewall_rules")
+              MU::Config.addDependency(acl, sg_ref, "firewall_rule", no_create_wait: true)
+              siblingfw = haveLitterMate?(sg_ref, "firewall_rules")
+              if !siblingfw["#MU_VALIDATED"]
+# XXX raise failure somehow
+                insertKitten(siblingfw, "firewall_rules", delay_validation: delay_validation)
+              end
+            end
+          }
+        end
+      }
+      acl
+    end
+    # Generate configuration for the general-purpose admin firewall rulesets
+    # (security groups in AWS). Note that these are unique to regions and
+    # individual VPCs (as well as Classic, which is just a degenerate case of
+    # a VPC for our purposes.
+    # @param vpc [Hash]: A VPC reference as defined in our config schema. This originates with the calling resource, so we'll peel out just what we need (a name or cloud id of a VPC).
+    # @param admin_ip [String]: Optional string of an extra IP address to allow blanket access to the calling resource.
+    # @param cloud [String]: The parent resource's cloud plugin identifier
+    # @param region [String]: Cloud provider region, if applicable.
+    # @return [Hash<String>]: A dependency description that the calling resource can then add to itself.
+    def adminFirewallRuleset(vpc: nil, admin_ip: nil, region: nil, cloud: nil, credentials: nil, rules_only: false)
+      if !cloud or (cloud == "AWS" and !region)
+        raise MuError, "Cannot call adminFirewallRuleset without specifying the parent's region and cloud provider"
+      end
+      hosts = Array.new
+      hosts << "#{MU.my_public_ip}/32" if MU.my_public_ip
+      hosts << "#{MU.my_private_ip}/32" if MU.my_private_ip
+      hosts << "#{MU.mu_public_ip}/32" if MU.mu_public_ip
+      hosts << "#{admin_ip}/32" if admin_ip
+      hosts.uniq!
+      rules = []
+      if cloud == "Google"
+        rules = [
+          { "ingress" => true, "proto" => "all", "hosts" => hosts },
+          { "egress" => true, "proto" => "all", "hosts" => hosts }
+        ]
+      else
+        rules = [
+          { "proto" => "tcp", "port_range" => "0-65535", "hosts" => hosts },
+          { "proto" => "udp", "port_range" => "0-65535", "hosts" => hosts },
+          { "proto" => "icmp", "port_range" => "-1", "hosts" => hosts }
+        ]
+      end
+      if rules_only
+        return rules
+      end
+      name = "admin"
+      name += credentials.to_s if credentials
+      realvpc = nil
+      if vpc
+        realvpc = {}
+        ['vpc_name', 'vpc_id'].each { |p|
+          if vpc[p]
+            vpc[p.sub(/^vpc_/, '')] = vpc[p]
+            vpc.delete(p)
+          end
+        }
+        ['cloud', 'id', 'name', 'deploy_id', 'habitat', 'credentials'].each { |field|
+          realvpc[field] = vpc[field] if !vpc[field].nil?
+        }
+        if !realvpc['id'].nil? and !realvpc['id'].empty?
+          # Stupid kludge for Google cloud_ids which are sometimes URLs and
+          # sometimes not. Requirements are inconsistent from scenario to
+          # scenario.
+          name = name + "-" + realvpc['id'].gsub(/.*\//, "")
+          realvpc['id'] = getTail("id", value: realvpc['id'], prettyname: "Admin Firewall Ruleset #{name} Target VPC",  cloudtype: "AWS::EC2::VPC::Id") if realvpc["id"].is_a?(String)
+        elsif !realvpc['name'].nil?
+          name = name + "-" + realvpc['name']
+        end
+      end
+      acl = {"name" => name, "rules" => rules, "vpc" => realvpc, "cloud" => cloud, "admin" => true, "credentials" => credentials }
+      if cloud == "Google" and acl["vpc"] and acl["vpc"]["habitat"]
+        acl['project'] = acl["vpc"]["habitat"]["id"] || acl["vpc"]["habitat"]["name"]
+      end
+      acl.delete("vpc") if !acl["vpc"]
+      if !MU::Cloud.resourceClass(cloud, "FirewallRule").isGlobal? and !region.nil? and !region.empty?
+        acl["region"] = region
+      end
+      @admin_firewall_rules << acl if !@admin_firewall_rules.include?(acl)
+      return {"type" => "firewall_rule", "name" => name}
+    end
   end
 end

data/modules/mu/config/folder.rb CHANGED

@@ -14,7 +14,7 @@
 module MU
   class Config
-    # Basket of Kittens config schema and parser logic. See modules/mu/clouds/*/folder.rb
+    # Basket of Kittens config schema and parser logic. See modules/mu/providers/*/folder.rb
     class Folder
       # Base configuration schema for a Folder
@@ -59,10 +59,10 @@ module MU
       end
       # Generic pre-processing of {MU::Config::BasketofKittens::folder}, bare and unvalidated.
-      # @param folder [Hash]: The resource to process and validate
-      # @param configurator [MU::Config]: The overall deployment configurator of which this resource is a member
+      # @param _folder [Hash]: The resource to process and validate
+      # @param _configurator [MU::Config]: The overall deployment configurator of which this resource is a member
       # @return [Boolean]: True if validation succeeded, False otherwise
-      def self.validate(folder, configurator)
+      def self.validate(_folder, _configurator)
         ok = true
         ok
       end

data/modules/mu/config/function.rb CHANGED

@@ -14,7 +14,7 @@
 module MU
   class Config
-    # Basket of Kittens config schema and parser logic. See modules/mu/clouds/*/function.rb
+    # Basket of Kittens config schema and parser logic. See modules/mu/providers/*/function.rb
     class Function
       # Base configuration schema for a Function
@@ -99,9 +99,9 @@ module MU
       # Generic pre-processing of {MU::Config::BasketofKittens::functions}, bare and unvalidated.
       # @param function [Hash]: The resource to process and validate
-      # @param configurator [MU::Config]: The overall deployment configurator of which this resource is a member
+      # @param _configurator [MU::Config]: The overall deployment configurator of which this resource is a member
       # @return [Boolean]: True if validation succeeded, False otherwise
-      def self.validate(function, configurator)
+      def self.validate(function, _configurator)
         ok = true
         if !function['code']
           ok = false

data/modules/mu/config/group.rb CHANGED

@@ -14,7 +14,7 @@
 module MU
   class Config
-    # Basket of Kittens config schema and parser logic. See modules/mu/clouds/*/group.rb
+    # Basket of Kittens config schema and parser logic. See modules/mu/providers/*/group.rb
     class Group
       # Base configuration schema for a Group
@@ -51,10 +51,10 @@ module MU
       end
       # Generic pre-processing of {MU::Config::BasketofKittens::group}, bare and unvalidated.
-      # @param group [Hash]: The resource to process and validate
-      # @param configurator [MU::Config]: The overall deployment configurator of which this resource is a member
+      # @param _group [Hash]: The resource to process and validate
+      # @param _configurator [MU::Config]: The overall deployment configurator of which this resource is a member
       # @return [Boolean]: True if validation succeeded, False otherwise
-      def self.validate(group, configurator)
+      def self.validate(_group, _configurator)
         ok = true
         ok
       end

data/modules/mu/config/habitat.rb CHANGED

@@ -14,7 +14,7 @@
 module MU
   class Config
-    # Basket of Kittens config schema and parser logic. See modules/mu/clouds/*/project.rb
+    # Basket of Kittens config schema and parser logic. See modules/mu/providers/*/project.rb
     class Habitat
       # Base configuration schema for a Habitat
@@ -38,10 +38,10 @@ module MU
       end
       # Generic pre-processing of {MU::Config::BasketofKittens::habitat}, bare and unvalidated.
-      # @param habitat [Hash]: The resource to process and validate
-      # @param configurator [MU::Config]: The overall deployment configurator of which this resource is a member
+      # @param _habitat [Hash]: The resource to process and validate
+      # @param _configurator [MU::Config]: The overall deployment configurator of which this resource is a member
       # @return [Boolean]: True if validation succeeded, False otherwise
-      def self.validate(habitat, configurator)
+      def self.validate(_habitat, _configurator)
         ok = true
         ok
       end

data/modules/mu/config/loadbalancer.rb CHANGED

@@ -14,7 +14,7 @@
 module MU
   class Config
-    # Basket of Kittens config schema and parser logic. See modules/mu/clouds/*/loadbalancer.rb
+    # Basket of Kittens config schema and parser logic. See modules/mu/providers/*/loadbalancer.rb
     class LoadBalancer
       # Generate schema for a LoadBalancer health check
@@ -64,6 +64,45 @@ module MU
         }
       end
+      # Generate schema for a LoadBalancer redirect
+      # @return [Hash]
+      def self.redirect
+        {
+          "type" => "object",
+          "title" => "redirect",
+          "additionalProperties" => false,
+          "description" => "Instruct our LoadBalancer to redirect traffic to another host, port, and/or path.",
+          "properties" => {
+            "protocol" => {
+              "type" => "string",
+              "default" => "HTTPS"
+            },
+            "port" => {
+              "type" => "integer",
+              "default" => 443
+            },
+            "host" => {
+              "type" => "string",
+              "default" => "\#{host}"
+            },
+            "path" => {
+              "type" => "string",
+              "default" => "/\#{path}"
+            },
+            "query" => {
+              "type" => "string",
+              "default" => "\#{query}"
+            },
+            "status_code" => {
+              "type" => "integer",
+              "description" => "The HTTP status code when issuing a redirect",
+              "default" => 301,
+              "enum" => [301, 302]
+            },
+          }
+        }
+      end
       # Base configuration schema for a LoadBalancer
       # @return [Hash]
       def self.schema
@@ -261,7 +300,7 @@ module MU
               "type" => "array",
               "items" => {
                 "type" => "object",
-                "required" => ["lb_protocol", "lb_port", "instance_protocol", "instance_port"],
+                "required" => ["lb_protocol", "lb_port"],
                 "additionalProperties" => false,
                 "description" => "A list of port/protocols which this Load Balancer should answer.",
                 "properties" => {
@@ -279,6 +318,7 @@ module MU
                     "enum" => ["HTTP", "HTTPS", "TCP", "SSL", "UDP"],
                     "description" => "Specifies the load balancer transport protocol to use for routing - HTTP, HTTPS, TCP, SSL, or UDP. SSL and UDP are only valid in Google Cloud."
                   },
+                  "redirect" => MU::Config::LoadBalancer.redirect,
                   "targetgroup" => {
                     "type" => "string",
                     "description" => "Which of our declared targetgroups should be the back-end for this listener's traffic"
@@ -309,14 +349,14 @@ module MU
                     "items" => {
                       "type" => "object",
                       "description" => "Rules to route requests to different target groups based on the request path",
-                      "required" => ["conditions", "order"],
+                      "required" => ["order", "conditions"],
                       "additionalProperties" => false,
                       "properties" => {
                         "conditions" => {
                           "type" => "array",
                           "items" => {
                             "type" => "object",
-                            "description" => "Rule condition",
+                            "description" => "Rule conditionl; if none are specified (or if none match) the default action will be set.",
                             "required" => ["field", "values"],
                             "additionalProperties" => false,
                             "properties" => {
@@ -339,16 +379,17 @@ module MU
                           "type" => "array",
                           "items" => {
                             "type" => "object",
-                            "description" => "Rule action",
-                            "required" => ["action", "targetgroup"],
+                            "description" => "Rule action, which must specify one of +targetgroup+ or +redirect+",
+                            "required" => ["action"],
                             "additionalProperties" => false,
                             "properties" => {
                               "action" => {
                                 "type" => "string",
                                 "default" => "forward",
                                 "description" => "An action to take when a match occurs. Currently, only forwarding to a targetgroup is supported.",
-                                "enum" => ["forward"]
+                                "enum" => ["forward", "redirect"]
                               },
+                              "redirect" => MU::Config::LoadBalancer.redirect,
                               "targetgroup" => {
                                 "type" => "string",
                                 "description" => "Which of our declared targetgroups should be the recipient of this traffic. If left unspecified, will default to the default targetgroup of this listener."
@@ -383,9 +424,9 @@ module MU
       # Generic pre-processing of {MU::Config::BasketofKittens::loadbalancers}, bare and unvalidated.
       # @param lb [Hash]: The resource to process and validate
-      # @param configurator [MU::Config]: The overall deployment configurator of which this resource is a member
+      # @param _configurator [MU::Config]: The overall deployment configurator of which this resource is a member
       # @return [Boolean]: True if validation succeeded, False otherwise
-      def self.validate(lb, configurator)
+      def self.validate(lb, _configurator)
         ok = true
         # Convert old-school listener declarations into target groups and health
         # checks, for which AWS and Google both have equivalents.
@@ -405,13 +446,18 @@ module MU
               "proto" => l["instance_protocol"],
               "port" => l["instance_port"]
             }
-            if lb["healthcheck"]
-              hc_target = lb['healthcheck']['target'].match(/^([^:]+):(\d+)(.*)/)
-              tg["healthcheck"] = lb['healthcheck'].dup
+            if l["redirect"]
+              tg["proto"] ||= l["redirect"]["protocol"]
+              tg["port"] ||= l["redirect"]["port"]
+            end
+            l['healthcheck'] ||= lb['healthcheck'] if lb['healthcheck']
+            if l["healthcheck"]
+              hc_target = l['healthcheck']['target'].match(/^([^:]+):(\d+)(.*)/)
+              tg["healthcheck"] = l['healthcheck'].dup
               proto = ["HTTP", "HTTPS"].include?(hc_target[1]) ? hc_target[1] : l["instance_protocol"]
               tg['healthcheck']['target'] = "#{proto}:#{hc_target[2]}#{hc_target[3]}"
               tg['healthcheck']["httpcode"] = "200,301,302"
-              MU.log "Converting classic-style ELB health check target #{lb['healthcheck']['target']} to ALB style for target group #{tgname} (#{l["instance_protocol"]}:#{l["instance_port"]}).", details: tg['healthcheck']
+              MU.log "Converting classic-style ELB health check target #{l['healthcheck']['target']} to ALB style for target group #{tgname} (#{l["instance_protocol"]}:#{l["instance_port"]}).", details: tg['healthcheck']
             end
             lb["targetgroups"] << tg
           }
@@ -446,7 +492,7 @@ module MU
                 else
                   found = false
                   lb['targetgroups'].each { |tg|
-                    if l['targetgroup'] == action['targetgroup']
+                    if tg['name'] == action['targetgroup']
                       found = true
                       break
                     end

data/modules/mu/config/log.rb CHANGED

@@ -14,7 +14,7 @@
 module MU
   class Config
-    # Basket of Kittens config schema and parser logic. See modules/mu/clouds/*/log.rb
+    # Basket of Kittens config schema and parser logic. See modules/mu/providers/*/log.rb
     class Log
       # Base configuration schema for a Log
@@ -36,10 +36,10 @@ module MU
       end
       # Generic pre-processing of {MU::Config::BasketofKittens::logs}, bare and unvalidated.
-      # @param log [Hash]: The resource to process and validate
-      # @param configurator [MU::Config]: The overall deployment configurator of which this resource is a member
+      # @param _log [Hash]: The resource to process and validate
+      # @param _configurator [MU::Config]: The overall deployment configurator of which this resource is a member
       # @return [Boolean]: True if validation succeeded, False otherwise
-      def self.validate(log, configurator)
+      def self.validate(_log, _configurator)
         ok = true
         ok
       end

data/modules/mu/config/msg_queue.rb CHANGED

@@ -14,7 +14,7 @@
 module MU
   class Config
-    # Basket of Kittens config schema and parser logic. See modules/mu/clouds/*/msg_queue.rb
+    # Basket of Kittens config schema and parser logic. See modules/mu/providers/*/msg_queue.rb
     class MsgQueue
       # Base configuration schema for a MsgQueue
@@ -34,10 +34,10 @@ module MU
       end
       # Generic pre-processing of {MU::Config::BasketofKittens::msg_queues}, bare and unvalidated.
-      # @param queue [Hash]: The resource to process and validate
-      # @param configurator [MU::Config]: The overall deployment configurator of which this resource is a member
+      # @param _queue [Hash]: The resource to process and validate
+      # @param _configurator [MU::Config]: The overall deployment configurator of which this resource is a member
       # @return [Boolean]: True if validation succeeded, False otherwise
-      def self.validate(queue, configurator)
+      def self.validate(_queue, _configurator)
         ok = true
         ok
       end

data/modules/mu/config/nosqldb.rb CHANGED

@@ -14,7 +14,7 @@
 module MU
   class Config
-    # Basket of Kittens config schema and parser logic. See modules/mu/clouds/*/nosqldb.rb
+    # Basket of Kittens config schema and parser logic. See modules/mu/providers/*/nosqldb.rb
     class NoSQLDB
       # Base configuration schema for a Bucket
@@ -35,10 +35,10 @@ module MU
       end
       # Generic pre-processing of {MU::Config::BasketofKittens::nosqldbs}, bare and unvalidated.
-      # @param db [Hash]: The resource to process and validate
-      # @param configurator [MU::Config]: The overall deployment configurator of which this resource is a member
+      # @param _db [Hash]: The resource to process and validate
+      # @param _configurator [MU::Config]: The overall deployment configurator of which this resource is a member
       # @return [Boolean]: True if validation succeeded, False otherwise
-      def self.validate(db, configurator)
+      def self.validate(_db, _configurator)
         ok = true
         ok