cloud-mu 3.1.2 → 3.2.0

data/modules/mu/{clouds → providers}/aws/alarm.rb

@@ -125,6 +125,8 @@ module MU
         # @param region [String]: The cloud provider region
         # @return [void]
         def self.cleanup(noop: false, ignoremaster: false, region: MU.curRegion, credentials: nil, flags: {})
+          MU.log "AWS::Alarm.cleanup: need to support flags['known']", MU::DEBUG, details: flags
+          MU.log "Placeholder: AWS Alarm artifacts do not support tags, so ignoremaster cleanup flag has no effect", MU::DEBUG, details: ignoremaster
           alarms = []
           # We don't have a way to tag alarms, so we try to delete them by the deploy ID. 
           # This can miss alarms in some cases (eg. cache_cluster) so we might want to delete alarms from each API as well.
@@ -252,9 +254,9 @@ module MU
         end
 
         # Cloud-specific configuration properties.
-        # @param config [MU::Config]: The calling MU::Config object
+        # @param _config [MU::Config]: The calling MU::Config object
         # @return [Array<Array,Hash>]: List of required fields, and json-schema Hash of cloud-specific configuration parameters for this resource
-        def self.schema(config)
+        def self.schema(_config)
           toplevel_required = []
           schema = {}
           [toplevel_required, schema]
@@ -319,7 +321,7 @@ module MU
               if !depclass.nil?
                 dimension["depclass"] = depclass
                 if !dimension["name"].nil? and !dimension["name"].empty?
-                  alarm["dependencies"] << { "name" => dimension["name"], "type" => depclass }
+                  MU::Config.addDependency(alarm, dimension["name"], depclass)
                 end
               end
             }

data/modules/mu/{clouds → providers}/aws/bucket.rb

@@ -33,7 +33,7 @@ module MU
           bucket_name = @deploy.getResourceName(@config["name"], max_length: 63).downcase
 
           MU.log "Creating S3 bucket #{bucket_name}"
-          resp = MU::Cloud::AWS.s3(credentials: @config['credentials'], region: @config['region']).create_bucket(
+          MU::Cloud::AWS.s3(credentials: @config['credentials'], region: @config['region']).create_bucket(
             acl: @config['acl'],
             bucket: bucket_name
           )
@@ -90,7 +90,6 @@ module MU
           tagBucket if !@config['scrub_mu_isms']
 
           current = cloud_desc
-
           if @config['policies']
             @config['policies'].each { |pol|
               pol['grant_to'] ||= [
@@ -98,9 +97,9 @@ module MU
               ]
             }
 
-            policy_docs = MU::Cloud::AWS::Role.genPolicyDocument(@config['policies'], deploy_obj: @deploy)
+            policy_docs = MU::Cloud.resourceClass("AWS", "Role").genPolicyDocument(@config['policies'], deploy_obj: @deploy, bucket_style: true)
             policy_docs.each { |doc|
-              MU.log "Applying S3 bucket policy #{doc.keys.first} to bucket #{@cloud_id}", MU::NOTICE, details: doc.values.first
+              MU.log "Applying S3 bucket policy #{doc.keys.first} to bucket #{@cloud_id}", MU::NOTICE, details: JSON.pretty_generate(doc.values.first)
               MU::Cloud::AWS.s3(credentials: @config['credentials'], region: @config['region']).put_bucket_policy(
                 bucket: @cloud_id,
                 policy: JSON.generate(doc.values.first)
@@ -177,10 +176,6 @@ module MU
           end
 
           begin
-puts data
-puts acl
-puts bucket
-puts path
             MU.log "Writing #{path} to S3 bucket #{bucket}"
             MU::Cloud::AWS.s3(region: region, credentials: credentials).put_object(
               acl: acl,
@@ -213,6 +208,7 @@ puts path
         # @param region [String]: The cloud provider region
         # @return [void]
         def self.cleanup(noop: false, ignoremaster: false, region: MU.curRegion, credentials: nil, flags: {})
+          MU.log "AWS::Bucket.cleanup: need to support flags['known']", MU::DEBUG, details: flags
 
           resp = MU::Cloud::AWS.s3(credentials: credentials, region: region).list_buckets
           if resp and resp.buckets
@@ -243,15 +239,21 @@ puts path
 
               begin
                 tags = MU::Cloud::AWS.s3(credentials: credentials, region: region).get_bucket_tagging(bucket: bucket.name).tag_set
+                deploy_match = false
+                master_match = false
                 tags.each { |tag|
                   if tag.key == "MU-ID" and tag.value == MU.deploy_id
-                    MU.log "Deleting S3 Bucket #{bucket.name}"
-                    if !noop
-                      MU::Cloud::AWS.s3(credentials: credentials, region: region).delete_bucket(bucket: bucket.name)
-                    end
-                    break
+                    deploy_match = true
+                  elsif tag.key == "MU-MASTER-IP" and tag.value == MU.mu_public_ip
+                    master_match = true
                   end
                 }
+                if deploy_match and (ignoremaster or master_match)
+                  MU.log "Deleting S3 Bucket #{bucket.name}"
+                  if !noop
+                    MU::Cloud::AWS.s3(credentials: credentials, region: region).delete_bucket(bucket: bucket.name)
+                  end
+                end
               rescue Aws::S3::Errors::NoSuchTagSet, Aws::S3::Errors::PermanentRedirect
                 next
               end
@@ -302,12 +304,12 @@ puts path
         end
 
         # Cloud-specific configuration properties.
-        # @param config [MU::Config]: The calling MU::Config object
+        # @param _config [MU::Config]: The calling MU::Config object
         # @return [Array<Array,Hash>]: List of required fields, and json-schema Hash of cloud-specific configuration parameters for this resource
-        def self.schema(config)
+        def self.schema(_config)
           toplevel_required = []
           schema = {
-            "policies" => MU::Cloud::AWS::Role.condition_schema,
+            "policies" => MU::Cloud.resourceClass("AWS", "Role").condition_schema,
             "acl" => {
               "type" => "string",
               "enum" => ["private", "public-read", "public-read-write", "authenticated-read"],
@@ -325,15 +327,15 @@ puts path
         # Cloud-specific pre-processing of {MU::Config::BasketofKittens::bucket}, bare and unvalidated.
 
         # @param bucket [Hash]: The resource to process and validate
-        # @param configurator [MU::Config]: The overall deployment configurator of which this resource is a member
+        # @param _configurator [MU::Config]: The overall deployment configurator of which this resource is a member
         # @return [Boolean]: True if validation succeeded, False otherwise
-        def self.validateConfig(bucket, configurator)
+        def self.validateConfig(bucket, _configurator)
           ok = true
 
           if bucket['policies']
             bucket['policies'].each { |pol|
               if !pol['permissions'] or pol['permissions'].empty?
-                pol['permissions'] = ["s3:GetObject"]
+                pol['permissions'] = ["s3:GetObject", "s3:ListBucket"]
               end
             }
           end
@@ -341,11 +343,13 @@ puts path
           ok
         end
 
-        private
-
         # AWS doesn't really implement a useful describe_ method for S3 buckets;
         # instead we run the million little individual API calls to construct
         # an approximation for our uses
+        # @param bucket [String]:
+        # @param minimal [Boolean]:
+        # @param credentials [String]:
+        # @param region [String]:
         def self.describe_bucket(bucket, minimal: false, credentials: nil, region: nil)
           @@region_cache = {}
           @@region_cache_semaphore = Mutex.new
@@ -372,7 +376,7 @@ puts path
                 }
               end
 
-            rescue Aws::S3::Errors::NoSuchCORSConfiguration, Aws::S3::Errors::ServerSideEncryptionConfigurationNotFoundError, Aws::S3::Errors::NoSuchLifecycleConfiguration, Aws::S3::Errors::NoSuchBucketPolicy, Aws::S3::Errors::ReplicationConfigurationNotFoundError, Aws::S3::Errors::NoSuchTagSet, Aws::S3::Errors::NoSuchWebsiteConfiguration => e
+            rescue Aws::S3::Errors::NoSuchCORSConfiguration, Aws::S3::Errors::ServerSideEncryptionConfigurationNotFoundError, Aws::S3::Errors::NoSuchLifecycleConfiguration, Aws::S3::Errors::NoSuchBucketPolicy, Aws::S3::Errors::ReplicationConfigurationNotFoundError, Aws::S3::Errors::NoSuchTagSet, Aws::S3::Errors::NoSuchWebsiteConfiguration
               desc[method] = nil
               next
             end

data/modules/mu/{clouds → providers}/aws/cache_cluster.rb

@@ -170,7 +170,7 @@ module MU
             # config_struct[:preferred_cache_cluster_a_zs] = @config["preferred_cache_cluster_azs"]
 
             MU.log "Creating cache replication group #{@config['identifier']}"
-            resp = MU::Cloud::AWS.elasticache(region: @config['region'], credentials: @config['credentials']).create_replication_group(config_struct).replication_group
+            MU::Cloud::AWS.elasticache(region: @config['region'], credentials: @config['credentials']).create_replication_group(config_struct).replication_group
 
             wait_start_time = Time.now
             retries = 0
@@ -180,7 +180,7 @@ module MU
                 waiter.before_attempt do |attempts|
                   MU.log "Waiting for cache replication group #{@config['identifier']} to become available", MU::NOTICE if attempts % 5 == 0
                 end
-                waiter.before_wait do |attempts, r|
+                waiter.before_wait do |_attempts, r|
                   throw :success if r.replication_groups.first.status == "available"
                   throw :failure if Time.now - wait_start_time > 1800
                 end
@@ -199,7 +199,7 @@ module MU
               addStandardTags(member, "cluster", region: @config['region'])
             }
 
-            MU::Cloud::AWS::DNSZone.genericMuDNSEntry(
+            MU::Cloud.resourceClass("AWS", "DNSZone").genericMuDNSEntry(
               name: resp.replication_group_id,
               target: "#{resp.node_groups.first.primary_endpoint.address}.",
               cloudclass: MU::Cloud::CacheCluster,
@@ -207,7 +207,7 @@ module MU
             )
 
             resp.node_groups.first.node_group_members.each { |member|
-              MU::Cloud::AWS::DNSZone.genericMuDNSEntry(
+              MU::Cloud.resourceClass("AWS", "DNSZone").genericMuDNSEntry(
                 name: member.cache_cluster_id,
                 target: "#{member.read_endpoint.address}.",
                 cloudclass: MU::Cloud::CacheCluster,
@@ -228,7 +228,7 @@ module MU
 
             MU.log "Creating cache cluster #{@config['identifier']}"
             begin
-              resp = MU::Cloud::AWS.elasticache(region: @config['region'], credentials: @config['credentials']).create_cache_cluster(config_struct).cache_cluster
+              MU::Cloud::AWS.elasticache(region: @config['region'], credentials: @config['credentials']).create_cache_cluster(config_struct).cache_cluster
             rescue ::Aws::ElastiCache::Errors::InvalidParameterValue => e
               if e.message.match(/security group (sg-[^\s]+)/)
                 bad_sg = Regexp.last_match[1]
@@ -248,7 +248,7 @@ module MU
                 waiter.before_attempt do |attempts|
                   MU.log "Waiting for cache cluster #{@config['identifier']} to become available", MU::NOTICE if attempts % 5 == 0
                 end
-                waiter.before_wait do |attempts, r|
+                waiter.before_wait do |_attempts, r|
                   throw :success if r.cache_clusters.first.cache_cluster_status  == "available"
                   throw :failure if Time.now - wait_start_time > 1800
                 end
@@ -270,7 +270,7 @@ module MU
         def createSubnetGroup
           subnet_ids = []
           if @config["vpc"] && !@config["vpc"].empty?
-            raise MuError, "Didn't find the VPC specified in #{@config["vpc"]}" unless @vpc
+            raise MuError.new "Didn't find the VPC specified for #{@mu_name}", details: @config["vpc"].to_h unless @vpc
 
             vpc_id = @vpc.cloud_id
 
@@ -283,7 +283,7 @@ module MU
             else
               @config["vpc"]["subnets"].each { |subnet|
                 subnet_obj = @vpc.getSubnet(cloud_id: subnet["subnet_id"].to_s, name: subnet["subnet_name"].to_s)
-                raise MuError, "Couldn't find a live subnet matching #{subnet} in #{@vpc} (#{@vpc.subnets})" if subnet_obj.nil?
+                raise MuError.new "Couldn't find a live subnet matching #{subnet} in #{@vpc}", details: @vpc.subnets if subnet_obj.nil?
                 subnet_ids << subnet_obj.cloud_id
               }
             end
@@ -317,7 +317,7 @@ module MU
                 "vpc_id" => vpc_id,
                 "subnets" => mu_subnets
               }
-              using_default_vpc = true
+
               MU.log "Using default VPC for cache cluster #{@config['identifier']}"
             end
           end
@@ -327,30 +327,13 @@ module MU
           else
             MU.log "Creating subnet group #{@config["subnet_group_name"]} for cache cluster #{@config['identifier']}"
 
-            resp = MU::Cloud::AWS.elasticache(region: @config['region'], credentials: @config['credentials']).create_cache_subnet_group(
+            MU::Cloud::AWS.elasticache(region: @config['region'], credentials: @config['credentials']).create_cache_subnet_group(
               cache_subnet_group_name: @config["subnet_group_name"],
               cache_subnet_group_description: @config["subnet_group_name"],
               subnet_ids: subnet_ids
             )
 
-            # Find NAT and create holes in security groups.
-            # Adding just for consistency, but do we really need this for cache clusters? I guess Nagios and such..
-            if @config["vpc"]["nat_host_name"] || @config["vpc"]["nat_host_id"] || @config["vpc"]["nat_host_tag"] || @config["vpc"]["nat_host_ip"]
-              nat = @nat
-              if nat.is_a?(Struct) && nat.nat_gateway_id && nat.nat_gateway_id.start_with?("nat-")
-                MU.log "Using NAT Gateway, not modifying security groups"
-              else
-                nat_name, nat_conf, nat_deploydata = @nat.describe
-                @deploy.kittens['firewall_rules'].each_pair { |name, acl|
-  # XXX if a user doesn't set up dependencies correctly, this can die horribly on a NAT that's still in mid-creation. Fix this... possibly in the config parser.
-                  if acl.config["admin"]
-                    acl.addRule([nat_deploydata["private_ip_address"]], proto: "tcp")
-                    acl.addRule([nat_deploydata["private_ip_address"]], proto: "udp")
-                    break
-                  end
-                }
-              end
-            end
+            allowBastionAccess
 
             if @dependencies.has_key?('firewall_rule')
               @config["security_group_ids"] = []
@@ -364,7 +347,7 @@ module MU
         # Create a Cache Cluster parameter group.
         def createParameterGroup        
           MU.log "Creating a cache cluster parameter group #{@config["parameter_group_name"]}"
-          resp = MU::Cloud::AWS.elasticache(region: @config['region'], credentials: @config['credentials']).create_cache_parameter_group(
+          MU::Cloud::AWS.elasticache(region: @config['region'], credentials: @config['credentials']).create_cache_parameter_group(
             cache_parameter_group_name: @config["parameter_group_name"],
             cache_parameter_group_family: @config["parameter_group_family"],
             description: "Parameter group for #{@config["parameter_group_family"]}"
@@ -404,7 +387,7 @@ module MU
         def self.getCacheClusterById(cc_id, region: MU.curRegion, credentials: nil)
           begin
             MU::Cloud::AWS.elasticache(region: region, credentials: credentials).describe_cache_clusters(cache_cluster_id: cc_id).cache_clusters.first
-          rescue Aws::ElastiCache::Errors::CacheClusterNotFound => e
+          rescue Aws::ElastiCache::Errors::CacheClusterNotFound
             nil
           end
         end
@@ -430,7 +413,7 @@ module MU
               }
             end
             # XXX this should be a call to @deploy.nameKitten
-            MU::Cloud::AWS::DNSZone.createRecordsFromConfig(@config['dns_records'], target: repl_group.node_groups.first.primary_endpoint.address)
+            MU::Cloud.resourceClass("AWS", "DNSZone").createRecordsFromConfig(@config['dns_records'], target: repl_group.node_groups.first.primary_endpoint.address)
 
             deploy_struct = {
               "identifier" => repl_group.replication_group_id,
@@ -532,7 +515,7 @@ module MU
 
           attempts = 0
           begin
-           snapshot = MU::Cloud::AWS.elasticache(region: @config['region'], credentials: @config['credentials']).create_snapshot(
+           MU::Cloud::AWS.elasticache(region: @config['region'], credentials: @config['credentials']).create_snapshot(
               cache_cluster_id: @config["identifier"],
               snapshot_name: snap_id
             )
@@ -669,7 +652,7 @@ module MU
                 threads << Thread.new(replication_group) { |myrepl_group|
                   MU.dupGlobals(parent_thread_id)
                   Thread.abort_on_exception = true
-                  MU::Cloud::AWS::CacheCluster.terminate_replication_group(myrepl_group, noop: noop, skipsnapshots: skipsnapshots, region: region, deploy_id: MU.deploy_id, cloud_id: myrepl_group.replication_group_id, credentials: credentials)
+                  terminate_replication_group(myrepl_group, noop: noop, skipsnapshots: skipsnapshots, region: region, credentials: credentials)
                 }
               }
             end
@@ -681,7 +664,7 @@ module MU
                 threads << Thread.new(cluster) { |mycluster|
                   MU.dupGlobals(parent_thread_id)
                   Thread.abort_on_exception = true
-                  MU::Cloud::AWS::CacheCluster.terminate_cache_cluster(mycluster, noop: noop, skipsnapshots: skipsnapshots, region: region, deploy_id: MU.deploy_id, cloud_id: mycluster.cache_cluster_id, credentials: credentials)
+                  terminate_cache_cluster(mycluster, noop: noop, skipsnapshots: skipsnapshots, region: region, credentials: credentials)
                 }
               }
             end
@@ -694,35 +677,16 @@ module MU
         end
 
         # Cloud-specific configuration properties.
-        # @param config [MU::Config]: The calling MU::Config object
+        # @param _config [MU::Config]: The calling MU::Config object
         # @return [Array<Array,Hash>]: List of required fields, and json-schema Hash of cloud-specific configuration parameters for this resource
-        def self.schema(config)
+        def self.schema(_config)
           toplevel_required = []
           schema = {
             "create_replication_group" => {
               "type" => "boolean",
               "description" => "Create a replication group; will be set automatically if +engine+ is +redis+ and +node_count+ is greated than one."
             },
-            "ingress_rules" => {
-              "items" => {
-                "properties" => {
-                  "sgs" => {
-                    "type" => "array",
-                    "items" => {
-                      "description" => "Other AWS Security Groups; resources that are associated with this group will have this rule applied to their traffic",
-                      "type" => "string"
-                    }
-                  },
-                  "lbs" => {
-                    "type" => "array",
-                    "items" => {
-                      "description" => "AWS Load Balancers which will have this rule applied to their traffic",
-                      "type" => "string"
-                    }
-                  }
-                }
-              }
-            }
+            "ingress_rules" => MU::Cloud.resourceClass("AWS", "FirewallRule").ingressRuleAddtlSchema
           }
           [toplevel_required, schema]
         end
@@ -804,9 +768,8 @@ module MU
         # @param noop [Boolean]: If true, will only print what would be done.
         # @param skipsnapshots [Boolean]: If true, will not create a last snapshot before terminating the Cache Cluster.
         # @param region [String]: The cloud provider's region in which to operate.
-        # @param cloud_id [String]: The cloud provider's identifier for this resource.
         # @return [void]
-        def self.terminate_cache_cluster(cluster, noop: false, skipsnapshots: false, region: MU.curRegion, deploy_id: MU.deploy_id, mu_name: nil, cloud_id: nil, credentials: nil)
+        def self.terminate_cache_cluster(cluster, noop: false, skipsnapshots: false, region: MU.curRegion, credentials: nil)
           raise MuError, "terminate_cache_cluster requires a non-nil cache cluster descriptor" if cluster.nil? || cluster.empty?
 
           cluster_id = cluster.cache_cluster_id
@@ -824,7 +787,7 @@ module MU
           end
 
           # The API is broken, cluster.cache_nodes is returnning an empty array, and the only URL we can get is the config one with cluster.configuration_endpoint.address.
-          # MU::Cloud::AWS::DNSZone.genericMuDNSEntry(name: cluster_id, target: , cloudclass: MU::Cloud::CacheCluster, delete: true)
+          # MU::Cloud.resourceClass("AWS", "DNSZone").genericMuDNSEntry(name: cluster_id, target: , cloudclass: MU::Cloud::CacheCluster, delete: true)
           
           if %w{deleting deleted}.include?(cluster.cache_cluster_status)
             MU.log "#{cluster_id} has already been terminated", MU::WARN
@@ -874,7 +837,7 @@ module MU
                   waiter.before_attempt do |attempts|
                     MU.log "Waiting for cache cluster #{cluster_id} to delete..", MU::NOTICE if attempts % 10 == 0
                   end
-                  waiter.before_wait do |attempts, resp|
+                  waiter.before_wait do |_attempts, resp|
                     throw :success if resp.cache_clusters.first.cache_cluster_status  == "deleted"
                     throw :failure if Time.now - wait_start_time > 1800
                   end
@@ -893,19 +856,19 @@ module MU
           MU.log "#{cluster_id} has been terminated"
 
           unless noop
-            MU::Cloud::AWS::CacheCluster.delete_subnet_group(subnet_group, region: region, credentials: credentials) if subnet_group
-            MU::Cloud::AWS::CacheCluster.delete_parameter_group(parameter_group, region: region, credentials: credentials) if parameter_group && !parameter_group.start_with?("default")
+            delete_subnet_group(subnet_group, region: region, credentials: credentials) if subnet_group
+            delete_parameter_group(parameter_group, region: region, credentials: credentials) if parameter_group && !parameter_group.start_with?("default")
           end
         end
+        private_class_method :terminate_cache_cluster
 
         # Remove a Cache Cluster Replication Group and associated artifacts
         # @param repl_group [OpenStruct]: The cloud provider's description of the Cache Cluster artifact.
         # @param noop [Boolean]: If true, will only print what would be done.
         # @param skipsnapshots [Boolean]: If true, will not create a last snapshot before terminating the Cache Cluster.
         # @param region [String]: The cloud provider's region in which to operate.
-        # @param cloud_id [String]: The cloud provider's identifier for this resource.
         # @return [void]
-        def self.terminate_replication_group(repl_group, noop: false, skipsnapshots: false, region: MU.curRegion, deploy_id: MU.deploy_id, mu_name: nil, cloud_id: nil, credentials: nil)
+        def self.terminate_replication_group(repl_group, noop: false, skipsnapshots: false, region: MU.curRegion, credentials: nil)
           raise MuError, "terminate_replication_group requires a non-nil cache replication group descriptor" if repl_group.nil? || repl_group.empty?
 
           repl_group_id = repl_group.replication_group_id
@@ -926,10 +889,10 @@ module MU
           end
 
           # What's the likelihood of having more than one node group? maybe iterate over node_groups instead of assuming there is only one?
-          MU::Cloud::AWS::DNSZone.genericMuDNSEntry(name: repl_group_id, target: repl_group.node_groups.first.primary_endpoint.address, cloudclass: MU::Cloud::CacheCluster, delete: true)
+          MU::Cloud.resourceClass("AWS", "DNSZone").genericMuDNSEntry(name: repl_group_id, target: repl_group.node_groups.first.primary_endpoint.address, cloudclass: MU::Cloud::CacheCluster, delete: true)
           # Assuming we also created DNS records for each of our cluster's read endpoint.
           repl_group.node_groups.first.node_group_members.each { |member|
-            MU::Cloud::AWS::DNSZone.genericMuDNSEntry(name: member.cache_cluster_id, target: member.read_endpoint.address, cloudclass: MU::Cloud::CacheCluster, delete: true)
+            MU::Cloud.resourceClass("AWS", "DNSZone").genericMuDNSEntry(name: member.cache_cluster_id, target: member.read_endpoint.address, cloudclass: MU::Cloud::CacheCluster, delete: true)
           }
           
           if %w{deleting deleted}.include?(repl_group.status)
@@ -983,7 +946,7 @@ module MU
                   waiter.before_attempt do |attempts|
                     MU.log "Waiting for #{repl_group_id} to delete..", MU::NOTICE if attempts % 10 == 0
                   end
-                  waiter.before_wait do |attempts, resp|
+                  waiter.before_wait do |_attempts, resp|
                     throw :success if resp.replication_groups.first.status == "deleted"
                     throw :failure if Time.now - wait_start_time > 1800
                   end
@@ -1005,6 +968,7 @@ module MU
             MU::Cloud::AWS::CacheCluster.delete_parameter_group(parameter_group, region: region) if parameter_group && !parameter_group.start_with?("default")
           end
         end
+        private_class_method :terminate_replication_group
 
         # Remove a Cache Cluster Subnet Group.
         # @param subnet_group_id [string]: The cloud provider's ID of the cache cluster subnet group.
@@ -1026,6 +990,7 @@ module MU
             MU.log "Subnet group #{subnet_group_id} is not in a removable state after several retries, giving up. #{e.inspect}", MU::ERR
           end
         end
+        private_class_method :delete_subnet_group
 
         # Remove a Cache Cluster Parameter Group.
         # @param parameter_group_id [string]: The cloud provider's ID of the cache cluster parameter group.
@@ -1049,6 +1014,7 @@ module MU
             MU.log "Parameter group #{parameter_group_id} is not in a removable state after several retries, giving up. #{e.inspect}", MU::ERR
           end
         end
+        private_class_method :delete_parameter_group
       end
     end
   end