RubyGems - cloud-mu - Versions diffs - 3.1.2 → 3.2.0 - Mend

cloud-mu 3.1.2 → 3.2.0

Files changed (201) hide show

checksums.yaml +4 -4
data/Dockerfile +15 -3
data/ansible/roles/mu-windows/README.md +33 -0
data/ansible/roles/mu-windows/defaults/main.yml +2 -0
data/ansible/roles/mu-windows/files/LaunchConfig.json +9 -0
data/ansible/roles/mu-windows/files/config.xml +76 -0
data/ansible/roles/mu-windows/handlers/main.yml +2 -0
data/ansible/roles/mu-windows/meta/main.yml +53 -0
data/ansible/roles/mu-windows/tasks/main.yml +36 -0
data/ansible/roles/mu-windows/tests/inventory +2 -0
data/ansible/roles/mu-windows/tests/test.yml +5 -0
data/ansible/roles/mu-windows/vars/main.yml +2 -0
data/bin/mu-adopt +10 -13
data/bin/mu-azure-tests +57 -0
data/bin/mu-cleanup +2 -4
data/bin/mu-configure +52 -0
data/bin/mu-deploy +3 -3
data/bin/mu-findstray-tests +25 -0
data/bin/mu-gen-docs +2 -4
data/bin/mu-load-config.rb +2 -3
data/bin/mu-node-manage +15 -16
data/bin/mu-run-tests +135 -37
data/cloud-mu.gemspec +22 -20
data/cookbooks/mu-activedirectory/resources/domain.rb +4 -4
data/cookbooks/mu-activedirectory/resources/domain_controller.rb +4 -4
data/cookbooks/mu-tools/libraries/helper.rb +3 -2
data/cookbooks/mu-tools/libraries/monkey.rb +35 -0
data/cookbooks/mu-tools/recipes/apply_security.rb +14 -14
data/cookbooks/mu-tools/recipes/aws_api.rb +9 -0
data/cookbooks/mu-tools/recipes/eks.rb +2 -2
data/cookbooks/mu-tools/recipes/google_api.rb +2 -2
data/cookbooks/mu-tools/recipes/selinux.rb +2 -1
data/cookbooks/mu-tools/recipes/windows-client.rb +163 -164
data/cookbooks/mu-tools/resources/disk.rb +1 -1
data/cookbooks/mu-tools/resources/windows_users.rb +44 -43
data/extras/clean-stock-amis +25 -19
data/extras/generate-stock-images +1 -0
data/extras/image-generators/AWS/win2k12.yaml +18 -13
data/extras/image-generators/AWS/win2k16.yaml +18 -13
data/extras/image-generators/AWS/win2k19.yaml +21 -0
data/extras/image-generators/Google/centos6.yaml +1 -0
data/extras/image-generators/Google/centos7.yaml +1 -1
data/modules/mommacat.ru +6 -16
data/modules/mu.rb +165 -111
data/modules/mu/adoption.rb +401 -68
data/modules/mu/cleanup.rb +199 -306
data/modules/mu/cloud.rb +100 -1632
data/modules/mu/cloud/database.rb +49 -0
data/modules/mu/cloud/dnszone.rb +46 -0
data/modules/mu/cloud/machine_images.rb +212 -0
data/modules/mu/cloud/providers.rb +81 -0
data/modules/mu/cloud/resource_base.rb +920 -0
data/modules/mu/cloud/server.rb +40 -0
data/modules/mu/cloud/server_pool.rb +1 -0
data/modules/mu/cloud/ssh_sessions.rb +228 -0
data/modules/mu/cloud/winrm_sessions.rb +237 -0
data/modules/mu/cloud/wrappers.rb +165 -0
data/modules/mu/config.rb +171 -1767
data/modules/mu/config/alarm.rb +2 -6
data/modules/mu/config/bucket.rb +4 -4
data/modules/mu/config/cache_cluster.rb +1 -1
data/modules/mu/config/collection.rb +4 -4
data/modules/mu/config/container_cluster.rb +9 -4
data/modules/mu/config/database.rb +83 -104
data/modules/mu/config/database.yml +1 -2
data/modules/mu/config/dnszone.rb +6 -6
data/modules/mu/config/doc_helpers.rb +516 -0
data/modules/mu/config/endpoint.rb +4 -4
data/modules/mu/config/firewall_rule.rb +103 -4
data/modules/mu/config/folder.rb +4 -4
data/modules/mu/config/function.rb +3 -3
data/modules/mu/config/group.rb +4 -4
data/modules/mu/config/habitat.rb +4 -4
data/modules/mu/config/loadbalancer.rb +60 -14
data/modules/mu/config/log.rb +4 -4
data/modules/mu/config/msg_queue.rb +4 -4
data/modules/mu/config/nosqldb.rb +4 -4
data/modules/mu/config/notifier.rb +3 -3
data/modules/mu/config/ref.rb +365 -0
data/modules/mu/config/role.rb +4 -4
data/modules/mu/config/schema_helpers.rb +509 -0
data/modules/mu/config/search_domain.rb +4 -4
data/modules/mu/config/server.rb +97 -70
data/modules/mu/config/server.yml +1 -0
data/modules/mu/config/server_pool.rb +5 -9
data/modules/mu/config/storage_pool.rb +1 -1
data/modules/mu/config/tail.rb +200 -0
data/modules/mu/config/user.rb +4 -4
data/modules/mu/config/vpc.rb +70 -27
data/modules/mu/config/vpc.yml +0 -1
data/modules/mu/defaults/AWS.yaml +83 -60
data/modules/mu/defaults/Azure.yaml +1 -0
data/modules/mu/defaults/Google.yaml +3 -2
data/modules/mu/deploy.rb +30 -26
data/modules/mu/groomer.rb +17 -2
data/modules/mu/groomers/ansible.rb +188 -41
data/modules/mu/groomers/chef.rb +116 -55
data/modules/mu/logger.rb +127 -148
data/modules/mu/master.rb +389 -2
data/modules/mu/master/chef.rb +3 -4
data/modules/mu/master/ldap.rb +3 -3
data/modules/mu/master/ssl.rb +12 -3
data/modules/mu/mommacat.rb +217 -2612
data/modules/mu/mommacat/daemon.rb +397 -0
data/modules/mu/mommacat/naming.rb +473 -0
data/modules/mu/mommacat/search.rb +495 -0
data/modules/mu/mommacat/storage.rb +722 -0
data/modules/mu/{clouds → providers}/README.md +1 -1
data/modules/mu/{clouds → providers}/aws.rb +271 -112
data/modules/mu/{clouds → providers}/aws/alarm.rb +5 -3
data/modules/mu/{clouds → providers}/aws/bucket.rb +26 -22
data/modules/mu/{clouds → providers}/aws/cache_cluster.rb +33 -67
data/modules/mu/{clouds → providers}/aws/collection.rb +24 -23
data/modules/mu/{clouds → providers}/aws/container_cluster.rb +681 -721
data/modules/mu/providers/aws/database.rb +1744 -0
data/modules/mu/{clouds → providers}/aws/dnszone.rb +64 -63
data/modules/mu/{clouds → providers}/aws/endpoint.rb +22 -27
data/modules/mu/{clouds → providers}/aws/firewall_rule.rb +214 -244
data/modules/mu/{clouds → providers}/aws/folder.rb +7 -7
data/modules/mu/{clouds → providers}/aws/function.rb +17 -22
data/modules/mu/{clouds → providers}/aws/group.rb +23 -23
data/modules/mu/{clouds → providers}/aws/habitat.rb +17 -14
data/modules/mu/{clouds → providers}/aws/loadbalancer.rb +57 -48
data/modules/mu/{clouds → providers}/aws/log.rb +15 -12
data/modules/mu/{clouds → providers}/aws/msg_queue.rb +17 -16
data/modules/mu/{clouds → providers}/aws/nosqldb.rb +18 -11
data/modules/mu/{clouds → providers}/aws/notifier.rb +11 -6
data/modules/mu/{clouds → providers}/aws/role.rb +112 -86
data/modules/mu/{clouds → providers}/aws/search_domain.rb +39 -33
data/modules/mu/{clouds → providers}/aws/server.rb +835 -1133
data/modules/mu/{clouds → providers}/aws/server_pool.rb +56 -60
data/modules/mu/{clouds → providers}/aws/storage_pool.rb +24 -42
data/modules/mu/{clouds → providers}/aws/user.rb +21 -22
data/modules/mu/{clouds → providers}/aws/userdata/README.md +0 -0
data/modules/mu/{clouds → providers}/aws/userdata/linux.erb +0 -0
data/modules/mu/{clouds → providers}/aws/userdata/windows.erb +2 -1
data/modules/mu/{clouds → providers}/aws/vpc.rb +523 -929
data/modules/mu/providers/aws/vpc_subnet.rb +286 -0
data/modules/mu/{clouds → providers}/azure.rb +29 -9
data/modules/mu/{clouds → providers}/azure/container_cluster.rb +3 -8
data/modules/mu/{clouds → providers}/azure/firewall_rule.rb +18 -11
data/modules/mu/{clouds → providers}/azure/habitat.rb +8 -6
data/modules/mu/{clouds → providers}/azure/loadbalancer.rb +5 -5
data/modules/mu/{clouds → providers}/azure/role.rb +8 -10
data/modules/mu/{clouds → providers}/azure/server.rb +95 -48
data/modules/mu/{clouds → providers}/azure/user.rb +6 -8
data/modules/mu/{clouds → providers}/azure/userdata/README.md +0 -0
data/modules/mu/{clouds → providers}/azure/userdata/linux.erb +0 -0
data/modules/mu/{clouds → providers}/azure/userdata/windows.erb +0 -0
data/modules/mu/{clouds → providers}/azure/vpc.rb +16 -21
data/modules/mu/{clouds → providers}/cloudformation.rb +18 -7
data/modules/mu/{clouds → providers}/cloudformation/alarm.rb +3 -3
data/modules/mu/{clouds → providers}/cloudformation/cache_cluster.rb +3 -3
data/modules/mu/{clouds → providers}/cloudformation/collection.rb +3 -3
data/modules/mu/{clouds → providers}/cloudformation/database.rb +6 -17
data/modules/mu/{clouds → providers}/cloudformation/dnszone.rb +3 -3
data/modules/mu/{clouds → providers}/cloudformation/firewall_rule.rb +3 -3
data/modules/mu/{clouds → providers}/cloudformation/loadbalancer.rb +3 -3
data/modules/mu/{clouds → providers}/cloudformation/log.rb +3 -3
data/modules/mu/{clouds → providers}/cloudformation/server.rb +7 -7
data/modules/mu/{clouds → providers}/cloudformation/server_pool.rb +5 -5
data/modules/mu/{clouds → providers}/cloudformation/vpc.rb +5 -7
data/modules/mu/{clouds → providers}/docker.rb +0 -0
data/modules/mu/{clouds → providers}/google.rb +67 -30
data/modules/mu/{clouds → providers}/google/bucket.rb +13 -15
data/modules/mu/{clouds → providers}/google/container_cluster.rb +84 -77
data/modules/mu/{clouds → providers}/google/database.rb +10 -20
data/modules/mu/{clouds → providers}/google/firewall_rule.rb +15 -14
data/modules/mu/{clouds → providers}/google/folder.rb +20 -17
data/modules/mu/{clouds → providers}/google/function.rb +139 -167
data/modules/mu/{clouds → providers}/google/group.rb +29 -34
data/modules/mu/{clouds → providers}/google/habitat.rb +21 -22
data/modules/mu/{clouds → providers}/google/loadbalancer.rb +18 -20
data/modules/mu/{clouds → providers}/google/role.rb +92 -58
data/modules/mu/{clouds → providers}/google/server.rb +242 -155
data/modules/mu/{clouds → providers}/google/server_pool.rb +25 -44
data/modules/mu/{clouds → providers}/google/user.rb +95 -31
data/modules/mu/{clouds → providers}/google/userdata/README.md +0 -0
data/modules/mu/{clouds → providers}/google/userdata/linux.erb +0 -0
data/modules/mu/{clouds → providers}/google/userdata/windows.erb +0 -0
data/modules/mu/{clouds → providers}/google/vpc.rb +103 -79
data/modules/tests/bucket.yml +4 -0
data/modules/tests/centos6.yaml +11 -0
data/modules/tests/centos7.yaml +11 -0
data/modules/tests/centos8.yaml +12 -0
data/modules/tests/ecs.yaml +23 -0
data/modules/tests/includes-and-params.yaml +2 -1
data/modules/tests/rds.yaml +108 -0
data/modules/tests/regrooms/aws-iam.yaml +201 -0
data/modules/tests/regrooms/bucket.yml +19 -0
data/modules/tests/regrooms/rds.yaml +123 -0
data/modules/tests/server-with-scrub-muisms.yaml +1 -0
data/modules/tests/super_simple_bok.yml +1 -3
data/modules/tests/win2k12.yaml +17 -5
data/modules/tests/win2k16.yaml +25 -0
data/modules/tests/win2k19.yaml +25 -0
data/requirements.txt +1 -0
data/spec/mu/clouds/azure_spec.rb +2 -2
metadata +232 -154
data/extras/image-generators/AWS/windows.yaml +0 -18
data/modules/mu/clouds/aws/database.rb +0 -1985

data/modules/mu/{clouds → providers}/google/database.rb RENAMED

@@ -25,14 +25,7 @@ module MU
           @config["groomer"] = MU::Config.defaultGroomer unless @config["groomer"]
           @groomclass = MU::Groomer.loadGroomer(@config["groomer"])
-          @mu_name ||=
-            if @config and @config['engine'] and @config["engine"].match(/^sqlserver/)
-              @deploy.getResourceName(@config["name"], max_length: 15)
-            else
-              @deploy.getResourceName(@config["name"], max_length: 63)
-            end
-          @mu_name.gsub(/(--|-$)/i, "").gsub(/(_)/, "-").gsub!(/^[^a-z]/i, "")
+          @mu_name ||= @deploy.getResourceName(@config["name"], max_length: 63)
         end
         # Called automatically by {MU::Deploy#createResources}
@@ -68,8 +61,7 @@ module MU
         # Locate an existing Database or Databases and return an array containing matching GCP resource descriptors for those that match.
         # @return [Array<Hash<String,OpenStruct>>]: The cloud provider's complete descriptions of matching Databases
         def self.find(**args)
-          args[:project] ||= args[:habitat]
-          args[:project] ||= MU::Cloud::Google.defaultProject(args[:credentials])
+          args = MU::Cloud::Google.findLocationArgs(args)
         end
         # Called automatically by {MU::Deploy#createResources}
@@ -109,21 +101,21 @@ module MU
         # @param region [String]: The cloud provider region in which to operate
         # @return [void]
         def self.cleanup(noop: false, ignoremaster: false, region: MU.curRegion, credentials: nil, flags: {})
-          flags["project"] ||= MU::Cloud::Google.defaultProject(credentials)
-          skipsnapshots||= flags["skipsnapshots"]
-#          instances = MU::Cloud::Google.sql(credentials: credentials).list_instances(flags['project'], filter: %Q{userLabels.mu-id:"#{MU.deploy_id.downcase}"})
+          flags["habitat"] ||= MU::Cloud::Google.defaultProject(credentials)
+#          instances = MU::Cloud::Google.sql(credentials: credentials).list_instances(flags['habitat'], filter: %Q{userLabels.mu-id:"#{MU.deploy_id.downcase}"})
 #          if instances and instances.items
 #            instances.items.each { |instance|
 #              MU.log "Deleting Cloud SQL instance #{instance.name}"
-#              MU::Cloud::Google.sql(credentials: credentials).delete_instance(flags['project'], instance.name) if !noop
+#              MU::Cloud::Google.sql(credentials: credentials).delete_instance(flags['habitat'], instance.name) if !noop
 #            }
 #          end
         end
         # Cloud-specific configuration properties.
-        # @param config [MU::Config]: The calling MU::Config object
+        # @param _config [MU::Config]: The calling MU::Config object
         # @return [Array<Array,Hash>]: List of required fields, and json-schema Hash of cloud-specific configuration parameters for this resource
-        def self.schema(config)
+        def self.schema(_config)
           toplevel_required = []
           schema = {}
           [toplevel_required, schema]
@@ -131,9 +123,9 @@ module MU
         # Cloud-specific pre-processing of {MU::Config::BasketofKittens::databases}, bare and unvalidated.
         # @param db [Hash]: The resource to process and validate
-        # @param configurator [MU::Config]: The overall deployment configurator of which this resource is a member
+        # @param _configurator [MU::Config]: The overall deployment configurator of which this resource is a member
         # @return [Boolean]: True if validation succeeded, False otherwise
-        def self.validateConfig(db, configurator)
+        def self.validateConfig(db, _configurator)
           ok = true
           if db["create_cluster"]
@@ -144,8 +136,6 @@ module MU
           ok
         end
-        private
       end #class
     end #class
   end

data/modules/mu/{clouds → providers}/google/firewall_rule.rb RENAMED

@@ -172,8 +172,7 @@ end
         # @param args [Hash]: Hash of named arguments passed via Ruby's double-splat
         # @return [Hash<String,OpenStruct>]: The cloud provider's complete descriptions of matching resources
         def self.find(**args)
-          args[:project] ||= args[:habitat]
-          args[:project] ||= MU::Cloud::Google.defaultProject(args[:credentials])
+          args = MU::Cloud::Google.findLocationArgs(args)
           found = {}
           resp = begin
@@ -207,15 +206,19 @@ end
         # Remove all security groups (firewall rulesets) associated with the currently loaded deployment.
         # @param noop [Boolean]: If true, will only print what would be done
         # @param ignoremaster [Boolean]: If true, will remove resources not flagged as originating from this Mu server
-        # @param region [String]: The cloud provider region
         # @return [void]
-        def self.cleanup(noop: false, ignoremaster: false, region: MU.curRegion, credentials: nil, flags: {})
-          flags["project"] ||= MU::Cloud::Google.defaultProject(credentials)
-          return if !MU::Cloud::Google::Habitat.isLive?(flags["project"], credentials)
+        def self.cleanup(noop: false, ignoremaster: false, credentials: nil, flags: {})
+          flags["habitat"] ||= MU::Cloud::Google.defaultProject(credentials)
+          return if !MU::Cloud.resourceClass("Google", "Habitat").isLive?(flags["habitat"], credentials)
+          filter = %Q{(labels.mu-id = "#{MU.deploy_id.downcase}")}
+          if !ignoremaster and MU.mu_public_ip
+            filter += %Q{ AND (labels.mu-master-ip = "#{MU.mu_public_ip.gsub(/\./, "_")}")}
+          end
+          MU.log "Placeholder: Google FirewallRule artifacts do not support labels, so ignoremaster cleanup flag has no effect", MU::DEBUG, details: filter
           MU::Cloud::Google.compute(credentials: credentials).delete(
             "firewall",
-            flags["project"],
+            flags["habitat"],
             nil,
             noop
           )
@@ -224,7 +227,7 @@ end
         # Reverse-map our cloud description into a runnable config hash.
         # We assume that any values we have in +@config+ are placeholders, and
         # calculate our own accordingly based on what's live in the cloud.
-        def toKitten(rootparent: nil, billing: nil, habitats: nil)
+        def toKitten(**_args)
           if cloud_desc.name.match(/^[a-f0-9]+$/)
             gke_ish = true
@@ -362,9 +365,9 @@ end
         end
         # Cloud-specific configuration properties.
-        # @param config [MU::Config]: The calling MU::Config object
+        # @param _config [MU::Config]: The calling MU::Config object
         # @return [Array<Array,Hash>]: List of required fields, and json-schema Hash of cloud-specific configuration parameters for this resource
-        def self.schema(config = nil)
+        def self.schema(_config = nil)
           toplevel_required = []
           schema = {
             "rules" => {
@@ -437,7 +440,7 @@ end
             elsif acl['vpc']['habitat'] and acl['vpc']['habitat']['name']
               acl['vpc']['project'] = acl['vpc']['habitat']['name']
             end
-            correct_vpc = MU::Cloud::Google::VPC.pickVPC(
+            correct_vpc = MU::Cloud.resourceClass("Google", "VPC").pickVPC(
               acl['vpc'],
               acl,
               "firewall_rule",
@@ -523,7 +526,7 @@ end
             end
           }
-          rules_by_class.reject! { |k, v| v.size == 0 }
+          rules_by_class.reject! { |_k, v| v.size == 0 }
           # Generate other firewall rule objects to cover the other behaviors
           # we've requested, if indeed we've done so.
@@ -543,8 +546,6 @@ end
           ok
         end
-        private
       end #class
     end #class
   end

data/modules/mu/{clouds → providers}/google/folder.rb RENAMED

@@ -48,7 +48,7 @@ module MU
           folder_obj = MU::Cloud::Google.folder(:Folder).new(params)
           MU.log "Creating folder #{name_string} under #{parent}", details: folder_obj
-          resp = MU::Cloud::Google.folder(credentials: @config['credentials']).create_folder(folder_obj, parent: parent)
+          MU::Cloud::Google.folder(credentials: @config['credentials']).create_folder(folder_obj, parent: parent)
           # Wait for list_folders output to be consistent (for the folder we
           # just created to show up)
@@ -125,10 +125,12 @@ module MU
           nil
         end
+        @cached_cloud_desc = nil
         # Return the cloud descriptor for the Folder
         # @return [Google::Apis::Core::Hashable]
-        def cloud_desc
-          @cached_cloud_desc ||= MU::Cloud::Google::Folder.find(cloud_id: @cloud_id, credentials: @config['credentials']).values.first
+        def cloud_desc(use_cache: true)
+          return @cached_cloud_desc if @cached_cloud_desc and use_cache
+          @cached_cloud_desc = MU::Cloud::Google::Folder.find(cloud_id: @cloud_id, credentials: @config['credentials']).values.first
           @habitat_id ||= @cached_cloud_desc.parent.sub(/^(folders|organizations)\//, "")
           @cached_cloud_desc
         end
@@ -136,7 +138,7 @@ module MU
         # Return the metadata for this folders's configuration
         # @return [Hash]
         def notify
-          desc = MU.structToHash(MU::Cloud::Google.folder(credentials: @config['credentials']).get_folder("folders/"+@cloud_id))
+          desc = MU.structToHash(cloud_desc)
           desc["mu_name"] = @mu_name
           desc["parent"] = @parent
           desc["cloud_id"] = @cloud_id
@@ -160,7 +162,12 @@ module MU
         # @param noop [Boolean]: If true, will only print what would be done
         # @param ignoremaster [Boolean]: If true, will remove resources not flagged as originating from this Mu server
         # @return [void]
-        def self.cleanup(noop: false, ignoremaster: false, credentials: nil, flags: {}, region: MU.myRegion)
+        def self.cleanup(noop: false, ignoremaster: false, credentials: nil, flags: {})
+          filter = %Q{(labels.mu-id = "#{MU.deploy_id.downcase}")}
+          if !ignoremaster and MU.mu_public_ip
+            filter += %Q{ AND (labels.mu-master-ip = "#{MU.mu_public_ip.gsub(/\./, "_")}")}
+          end
+          MU.log "Placeholder: Google Folder artifacts do not support labels, so ignoremaster cleanup flag has no effect", MU::DEBUG, details: filter
           # We can't label GCP folders, and their names are too short to encode
           # Mu deploy IDs, so all we can do is rely on flags['known'] passed in
           # from cleanup, which relies on our metadata to know what's ours.
@@ -229,10 +236,10 @@ module MU
         # @return [Hash<String,OpenStruct>]: The cloud provider's complete descriptions of matching resources
         def self.find(**args)
           found = {}
           # Recursively search a GCP folder hierarchy for a folder matching our
           # supplied name or identifier.
           def self.find_matching_folder(parent, name: nil, id: nil, credentials: nil)
             resp = MU::Cloud::Google.folder(credentials: credentials).list_folders(parent: parent)
             if resp and resp.folders
               resp.folders.each { |f|
@@ -271,6 +278,7 @@ module MU
             end
           else
             resp = MU::Cloud::Google.folder(credentials: args[:credentials]).list_folders(parent: parent)
             if resp and resp.folders
               resp.folders.each { |folder|
                 next if folder.lifecycle_state == "DELETE_REQUESTED"
@@ -293,7 +301,7 @@ module MU
         # Reverse-map our cloud description into a runnable config hash.
         # We assume that any values we have in +@config+ are placeholders, and
         # calculate our own accordingly based on what's live in the cloud.
-        def toKitten(rootparent: nil, billing: nil, habitats: nil)
+        def toKitten(**args)
           bok = {
             "cloud" => "Google",
             "credentials" => @config['credentials']
@@ -303,16 +311,15 @@ module MU
           bok['cloud_id'] = cloud_desc.name
           bok['name'] = cloud_desc.display_name#+bok['cloud_id'] # only way to guarantee uniqueness
           if cloud_desc.parent.match(/^folders\/(.*)/)
-MU.log bok['display_name']+" generating reference", MU::NOTICE, details: cloud_desc.parent
             bok['parent'] = MU::Config::Ref.get(
               id: cloud_desc.parent,
               cloud: "Google",
               credentials: @config['credentials'],
               type: "folders"
             )
-          elsif rootparent
+          elsif args[:rootparent]
             bok['parent'] = {
-              'id' => rootparent.is_a?(String) ? rootparent : rootparent.cloud_desc.name
+              'id' => args[:rootparent].is_a?(String) ? args[:rootparent] : args[:rootparent].cloud_desc.name
             }
           else
             bok['parent'] = { 'id' => cloud_desc.parent }
@@ -322,9 +329,9 @@ MU.log bok['display_name']+" generating reference", MU::NOTICE, details: cloud_d
         end
         # Cloud-specific configuration properties.
-        # @param config [MU::Config]: The calling MU::Config object
+        # @param _config [MU::Config]: The calling MU::Config object
         # @return [Array<Array,Hash>]: List of required fields, and json-schema Hash of cloud-specific configuration parameters for this resource
-        def self.schema(config)
+        def self.schema(_config)
           toplevel_required = []
           schema = {
             "display_name" => {
@@ -348,11 +355,7 @@ MU.log bok['display_name']+" generating reference", MU::NOTICE, details: cloud_d
           end
           if folder['parent'] and folder['parent']['name'] and !folder['parent']['deploy_id'] and configurator.haveLitterMate?(folder['parent']['name'], "folders")
-            folder["dependencies"] ||= []
-            folder["dependencies"] << {
-              "type" => "folder",
-              "name" => folder['parent']['name']
-            }
+            MU::Config.addDependency(folder, folder['parent']['name'], "folder")
           end
           ok

data/modules/mu/{clouds → providers}/google/function.rb RENAMED

@@ -108,98 +108,9 @@ module example.com/cloudfunction
         # Called automatically by {MU::Deploy#createResources}
         def create
-          labels = Hash[@tags.keys.map { |k|
-            [k.downcase, @tags[k].downcase.gsub(/[^-_a-z0-9]/, '-')] }
-          ]
-          labels["name"] = MU::Cloud::Google.nameStr(@mu_name)
           location = "projects/"+@config['project']+"/locations/"+@config['region']
-          sa = nil
-          retries = 0
-          begin
-            sa_ref = MU::Config::Ref.get(@config['service_account'])
-            sa = @deploy.findLitterMate(name: sa_ref.name, type: "users")
-            if !sa or !sa.cloud_desc
-              sleep 10
-            end
-          rescue ::Google::Apis::ClientError => e
-            if e.message.match(/notFound:/)
-              sleep 10
-              retries += 1
-              retry
-            end
-          end while !sa or !sa.cloud_desc and retries < 5
-          if !sa or !sa.cloud_desc
-            raise MuError, "Failed to get service account cloud id from #{@config['service_account'].to_s}"
-          end
-          desc = {
-            name: location+"/functions/"+@mu_name.downcase,
-            runtime: @config['runtime'],
-            timeout: @config['timeout'].to_s+"s",
-#            entry_point: "hello_world",
-            entry_point: @config['handler'],
-            description: @deploy.deploy_id,
-            service_account_email: sa.cloud_desc.email,
-            labels: labels,
-            available_memory_mb: @config['memory']
-          }
-          # XXX This network argument is deprecated in favor of using VPC
-          # Connectors. Which would be fine, except there's no API support for
-          # interacting with VPC Connectors. Can't create them, can't list them,
-          # can't do anything except pass their ids into Cloud Functions or
-          # AppEngine and hope for the best.
-          if @config['vpc_connector']
-            desc[:vpc_connector] = @config['vpc_connector']
-          elsif @vpc
-            desc[:network] = @vpc.url.sub(/^.*?\/projects\//, 'projects/')
-          end
-          if @config['triggers']
-            desc[:event_trigger] = MU::Cloud::Google.function(:EventTrigger).new(
-              event_type: @config['triggers'].first['event'],
-              resource: @config['triggers'].first['resource']
-            )
-          else
-            desc[:https_trigger] = MU::Cloud::Google.function(:HttpsTrigger).new
-          end
-          if @config['environment_variable']
-            @config['environment_variable'].each { |var|
-              desc[:environment_variables] ||= {}
-              desc[:environment_variables][var["key"].to_s] = var["value"].to_s
-            }
-          end
-#          hello_code = nil
-#          HELLO_WORLDS.each_pair { |runtime, code|
-#            if @config['runtime'].match(/^#{Regexp.quote(runtime)}/)
-#              hello_code = code
-#              break
-#            end
-#          }
-          if @config['code']['gs_url']
-            desc[:source_archive_url] = @config['code']['gs_url']
-          elsif @config['code']['zip_file']
-            desc[:source_archive_url] = MU::Cloud::Google::Function.uploadPackage(@config['code']['zip_file'], @mu_name+"-cloudfunction.zip", credentials: @credentials)
-          end
-#          Dir.mktmpdir(@mu_name) { |dir|
-#            hello_code.each_pair { |file, contents|
-#              f = File.open(dir+"/"+file, "w")
-#              f.puts contents
-#              f.close
-#              Zip::File.open(dir+"/function.zip", Zip::File::CREATE) { |z|
-#                z.add(file, dir+"/"+file)
-#              }
-#            }
-#            desc[:source_archive_url] = MU::Cloud::Google::Function.uploadPackage(dir+"/function.zip", @mu_name+"-cloudfunction.zip", credentials: @credentials)
-#          }
-          func_obj = MU::Cloud::Google.function(:CloudFunction).new(desc)
+          func_obj = buildDesc
           MU.log "Creating Cloud Function #{@mu_name} in #{location}", details: func_obj
           resp = MU::Cloud::Google.function(credentials: @credentials).create_project_location_function(location, func_obj)
           @cloud_id = resp.name
@@ -214,27 +125,26 @@ module example.com/cloudfunction
           labels["name"] = MU::Cloud::Google.nameStr(@mu_name)
           if cloud_desc.labels != labels
-            desc[:labels] = labels
+            need_update = true
           end
           if cloud_desc.runtime != @config['runtime']
-            desc[:runtime] = @config['runtime']
+            need_update = true
           end
           if cloud_desc.timeout != @config['timeout'].to_s+"s"
-            desc[:timeout] = @config['timeout'].to_s+"s"
+            need_update = true
           end
           if cloud_desc.entry_point != @config['handler']
-            desc[:entry_point] = @config['handler']
+            need_update = true
           end
           if cloud_desc.available_memory_mb != @config['memory']
-            desc[:available_memory_mb] = @config['memory']
+            need_update = true
           end
           if @config['environment_variable']
             @config['environment_variable'].each { |var|
               if !cloud_desc.environment_variables or
                  cloud_desc.environment_variables[var["key"].to_s] != var["value"].to_s
-                desc[:environment_variables] ||= {}
-                desc[:environment_variables][var["key"].to_s] = var["value"].to_s
+                need_update = true
               end
             }
           end
@@ -242,10 +152,7 @@ module example.com/cloudfunction
             if !cloud_desc.event_trigger or
                cloud_desc.event_trigger.event_type != @config['triggers'].first['event'] or
                cloud_desc.event_trigger.resource != @config['triggers'].first['resource']
-              desc[:event_trigger] = MU::Cloud::Google.function(:EventTrigger).new(
-                event_type: @config['triggers'].first['event'],
-                resource: @config['triggers'].first['resource']
-              )
+              need_update = true
             end
           end
@@ -254,7 +161,6 @@ module example.com/cloudfunction
             File.read("#{dir}/current.zip")
           }
-          source_url = nil
           new = if @config['code']['zip_file']
             File.read(@config['code']['zip_file'])
           elsif @config['code']['gs_url']
@@ -269,37 +175,21 @@ module example.com/cloudfunction
           if @config['code']['gs_url'] and
              (@config['code']['gs_url'] != cloud_desc.source_archive_url or
              current != new)
-            desc[:source_archive_url] = @config['code']['gs_url']
+            need_update = true
           elsif @config['code']['zip_file'] and current != new
+            need_update = true
             desc[:source_archive_url] = MU::Cloud::Google::Function.uploadPackage(@config['code']['zip_file'], @mu_name+"-cloudfunction.zip", credentials: @credentials)
           end
-          if desc.size > 0
-            # A trigger and some code must always be specified, apparently. The
-            # endpoint hangs indefinitely if either is missing. Charming.
-            if !desc[:https_trigger] and !desc[:event_trigger]
-              if cloud_desc.https_trigger
-                desc[:https_trigger] = MU::Cloud::Google.function(:HttpsTrigger).new
-              else
-                desc[:event_trigger] = cloud_desc.event_trigger
-              end
-            end
-            if !desc[:source_archive_url] and !desc[:source_upload_url]
-              if cloud_desc.source_archive_url
-                desc[:source_archive_url] = cloud_desc.source_archive_url
-              else
-                desc[:source_upload_url] = cloud_desc.source_upload_url
-              end
-            end
-            func_obj = MU::Cloud::Google.function(:CloudFunction).new(desc)
+          if need_update
+            func_obj = buildDesc
             MU.log "Updating Cloud Function #{@mu_name}", MU::NOTICE, details: func_obj
             begin
-              MU::Cloud::Google.function(credentials: @credentials).patch_project_location_function(
-                @cloud_id,
-                func_obj
-              )
-            rescue ::Google::Apis::ClientError => e
+#              MU::Cloud::Google.function(credentials: @credentials).patch_project_location_function(
+#                @cloud_id,
+#                func_obj
+#              )
+            rescue ::Google::Apis::ClientError
               MU.log "Error updating Cloud Function #{@mu_name}.", MU::ERR
               if desc[:source_archive_url]
                 main_file = nil
@@ -344,13 +234,13 @@ module example.com/cloudfunction
         # @param region [String]: The cloud provider region
         # @return [void]
         def self.cleanup(noop: false, ignoremaster: false, region: MU.curRegion, credentials: nil, flags: {})
-          flags["project"] ||= MU::Cloud::Google.defaultProject(credentials)
-          return if !MU::Cloud::Google::Habitat.isLive?(flags["project"], credentials)
+          flags["habitat"] ||= MU::Cloud::Google.defaultProject(credentials)
+          return if !MU::Cloud.resourceClass("Google", "Habitat").isLive?(flags["habitat"], credentials)
           # Make sure we catch regional *and* zone functions
-          found = MU::Cloud::Google::Function.find(credentials: credentials, region: region, project: flags["project"])
+          found = MU::Cloud::Google::Function.find(credentials: credentials, region: region, project: flags["habitat"])
           found.each_pair { |cloud_id, desc|
             if (desc.description and desc.description == MU.deploy_id) or
-               (desc.labels and desc.labels["mu-id"] == MU.deploy_id.downcase) or
+               (desc.labels and desc.labels["mu-id"] == MU.deploy_id.downcase and (ignoremaster or desc.labels["mu-master-ip"] == MU.mu_public_ip.gsub(/\./, "_"))) or
                (flags["known"] and flags["known"].include?(cloud_id))
               MU.log "Deleting Cloud Function #{desc.name}"
               if !noop
@@ -364,9 +254,7 @@ module example.com/cloudfunction
         # Locate an existing project
         # @return [Hash<OpenStruct>]: The cloud provider's complete descriptions of matching project
         def self.find(**args)
-          args[:project] ||= args[:habitat]
-          args[:project] ||= MU::Cloud::Google.defaultProject(args[:credentials])
-          location = args[:region] || args[:availability_zone] || "-"
+          args = MU::Cloud::Google.findLocationArgs(args)
           found = {}
@@ -379,7 +267,7 @@ module example.com/cloudfunction
             found[args[:cloud_id]] = resp if resp
           else
             resp = begin
-              MU::Cloud::Google.function(credentials: args[:credentials]).list_project_location_functions("projects/#{args[:project]}/locations/#{location}")
+              MU::Cloud::Google.function(credentials: args[:credentials]).list_project_location_functions("projects/#{args[:project]}/locations/#{args[:location]}")
             rescue ::Google::Apis::ClientError => e
               raise e if !e.message.match(/forbidden:/)
             end
@@ -397,7 +285,7 @@ module example.com/cloudfunction
         # Reverse-map our cloud description into a runnable config hash.
         # We assume that any values we have in +@config+ are placeholders, and
         # calculate our own accordingly based on what's live in the cloud.
-        def toKitten(rootparent: nil, billing: nil, habitats: nil)
+        def toKitten(**_args)
           bok = {
             "cloud" => "Google",
             "cloud_id" => @cloud_id,
@@ -452,7 +340,7 @@ module example.com/cloudfunction
           end
           codefile = bok["project"]+"_"+bok["region"]+"_"+bok["name"]+".zip"
-          MU::Cloud::Google::Function.downloadPackage(@cloud_id, codefile, credentials: @config['credentials'])
+          return nil if !MU::Cloud::Google::Function.downloadPackage(@cloud_id, codefile, credentials: @config['credentials'])
           bok['code'] = {
             'zip_file' => codefile
           }
@@ -460,7 +348,6 @@ module example.com/cloudfunction
           bok
         end
         # Cloud-specific configuration properties.
         # @param config [MU::Config]: The calling MU::Config object
         # @return [Array<Array,Hash>]: List of required fields, and json-schema Hash of cloud-specific configuration parameters for this resource
@@ -486,7 +373,7 @@ module example.com/cloudfunction
                 }
               }
             },
-            "service_account" => MU::Cloud::Google::Server.schema(config)[1]["service_account"],
+            "service_account" => MU::Cloud.resourceClass("Google", "Server").schema(config)[1]["service_account"],
             "runtime" => {
               "type" => "string",
               "enum" => %w{nodejs go python nodejs8 nodejs10 python37 go111 go113},
@@ -495,8 +382,14 @@ module example.com/cloudfunction
               "type" => "string",
               "description" => "+DEPRECATED+ VPC Connector to attach, of the form +projects/my-project/locations/some-region/connectors/my-connector+. This option will be removed once proper google-cloud-sdk support for VPC Connectors becomes available, at which point we will piggyback on the normal +vpc+ stanza and resolve connectors as needed."
             },
+            "vpc_connector_allow_all_egress" => {
+              "type" => "boolean",
+              "default" => false,
+              "description" => "+DEPRECATED+ Allow VPC connector egress traffic to any IP range, instead of just private IPs. This option will be removed once proper google-cloud-sdk support for VPC Connectors becomes available, at which point we will piggyback on the normal +vpc+ stanza and resolve connectors as needed."
+            },
             "code" => {
               "type" => "object",
+              "description" => "Zipped deployment package to upload to our function.",
               "properties" => {
                 "gs_url" => {
                   "type" => "string",
@@ -523,8 +416,13 @@ module example.com/cloudfunction
             cloud_desc.source_archive_url.match(/^gs:\/\/([^\/]+)\/(.*)/)
             bucket = Regexp.last_match[1]
             path = Regexp.last_match[2]
-            current = nil
-            MU::Cloud::Google.storage(credentials: credentials).get_object(bucket, path, download_dest: zipfile)
+            begin
+              MU::Cloud::Google.storage(credentials: credentials).get_object(bucket, path, download_dest: zipfile)
+            rescue ::Google::Apis::ClientError => e
+              MU.log "Couldn't retrieve gs://#{bucket}/#{path} for #{function_id}", MU::WARN, details: e.inspect
+              return false
+            end
           elsif cloud_desc.source_upload_url
             resp = MU::Cloud::Google.function(credentials: credentials).generate_function_download_url(
               function_id
@@ -535,6 +433,7 @@ module example.com/cloudfunction
               f.close
             end
           end
+          true
         end
         # Upload a zipfile to our admin Cloud Storage bucket, for use by
@@ -625,32 +524,7 @@ module example.com/cloudfunction
               ok = false
             end
           else
-            user = {
-              "name" => function['name'],
-              "cloud" => "Google",
-              "project" => function["project"],
-              "credentials" => function["credentials"],
-              "type" => "service"
-            }
-            if user["name"].length < 6
-              user["name"] += Password.pronounceable(6)
-            end
-            if function['roles']
-              user['roles'] = function['roles'].dup
-            end
-            configurator.insertKitten(user, "users", true)
-            function['dependencies'] ||= []
-            function['service_account'] = MU::Config::Ref.get(
-              type: "users",
-              cloud: "Google",
-              name: user["name"],
-              project: user["project"],
-              credentials: user["credentials"]
-            )
-            function['dependencies'] << {
-              "type" => "user",
-              "name" => user["name"]
-            }
+            function = MU::Cloud.resourceClass("Google", "User").genericServiceAccount(function, configurator)
           end
 #          siblings = configurator.haveLitterMate?(nil, "vpcs", has_multiple: true)
@@ -673,6 +547,104 @@ module example.com/cloudfunction
           ok
         end
+        private
+        def buildDesc
+          labels = Hash[@tags.keys.map { |k|
+            [k.downcase, @tags[k].downcase.gsub(/[^-_a-z0-9]/, '-')] }
+          ]
+          labels["name"] = MU::Cloud::Google.nameStr(@mu_name)
+          location = "projects/"+@config['project']+"/locations/"+@config['region']
+          sa = nil
+          retries = 0
+          begin
+            sa_ref = MU::Config::Ref.get(@config['service_account'])
+            sa = @deploy.findLitterMate(name: sa_ref.name, type: "users")
+            if !sa or !sa.cloud_desc
+              sleep 10
+            end
+          rescue ::Google::Apis::ClientError => e
+            if e.message.match(/notFound:/)
+              sleep 10
+              retries += 1
+              retry
+            end
+          end while !sa or !sa.cloud_desc and retries < 5
+          if !sa or !sa.cloud_desc
+            raise MuError, "Failed to get service account cloud id from #{@config['service_account'].to_s}"
+          end
+          desc = {
+            name: location+"/functions/"+@mu_name.downcase,
+            runtime: @config['runtime'],
+            timeout: @config['timeout'].to_s+"s",
+#            entry_point: "hello_world",
+            entry_point: @config['handler'],
+            description: @deploy.deploy_id,
+            service_account_email: sa.cloud_desc.email,
+            labels: labels,
+            available_memory_mb: @config['memory']
+          }
+          # XXX This network argument is deprecated in favor of using VPC
+          # Connectors. Which would be fine, except there's no API support for
+          # interacting with VPC Connectors. Can't create them, can't list them,
+          # can't do anything except pass their ids into Cloud Functions or
+          # AppEngine and hope for the best.
+          if @config['vpc_connector']
+            desc[:vpc_connector] = @config['vpc_connector']
+            desc[:vpc_connector_egress_settings] = @config['vpc_connector_allow_all_egress'] ? "ALL_TRAFFIC" : "PRIVATE_RANGES_ONLY"
+            pp desc
+          elsif @vpc
+            desc[:network] = @vpc.url.sub(/^.*?\/projects\//, 'projects/')
+          end
+          if @config['triggers']
+            desc[:event_trigger] = MU::Cloud::Google.function(:EventTrigger).new(
+              event_type: @config['triggers'].first['event'],
+              resource: @config['triggers'].first['resource']
+            )
+          else
+            desc[:https_trigger] = MU::Cloud::Google.function(:HttpsTrigger).new
+          end
+          if @config['environment_variable']
+            @config['environment_variable'].each { |var|
+              desc[:environment_variables] ||= {}
+              desc[:environment_variables][var["key"].to_s] = var["value"].to_s
+            }
+          end
+#          hello_code = nil
+#          HELLO_WORLDS.each_pair { |runtime, code|
+#            if @config['runtime'].match(/^#{Regexp.quote(runtime)}/)
+#              hello_code = code
+#              break
+#            end
+#          }
+          if @config['code']['gs_url']
+            desc[:source_archive_url] = @config['code']['gs_url']
+          elsif @config['code']['zip_file']
+            desc[:source_archive_url] = MU::Cloud::Google::Function.uploadPackage(@config['code']['zip_file'], @mu_name+"-cloudfunction.zip", credentials: @credentials)
+          end
+#          Dir.mktmpdir(@mu_name) { |dir|
+#            hello_code.each_pair { |file, contents|
+#              f = File.open(dir+"/"+file, "w")
+#              f.puts contents
+#              f.close
+#              Zip::File.open(dir+"/function.zip", Zip::File::CREATE) { |z|
+#                z.add(file, dir+"/"+file)
+#              }
+#            }
+#            desc[:source_archive_url] = MU::Cloud::Google::Function.uploadPackage(dir+"/function.zip", @mu_name+"-cloudfunction.zip", credentials: @credentials)
+#          }
+          MU::Cloud::Google.function(:CloudFunction).new(desc)
+        end
       end
     end
   end