RubyGems - cloud-mu - Versions diffs - 3.1.2 → 3.2.0 - Mend

cloud-mu 3.1.2 → 3.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (201) hide show

checksums.yaml +4 -4
data/Dockerfile +15 -3
data/ansible/roles/mu-windows/README.md +33 -0
data/ansible/roles/mu-windows/defaults/main.yml +2 -0
data/ansible/roles/mu-windows/files/LaunchConfig.json +9 -0
data/ansible/roles/mu-windows/files/config.xml +76 -0
data/ansible/roles/mu-windows/handlers/main.yml +2 -0
data/ansible/roles/mu-windows/meta/main.yml +53 -0
data/ansible/roles/mu-windows/tasks/main.yml +36 -0
data/ansible/roles/mu-windows/tests/inventory +2 -0
data/ansible/roles/mu-windows/tests/test.yml +5 -0
data/ansible/roles/mu-windows/vars/main.yml +2 -0
data/bin/mu-adopt +10 -13
data/bin/mu-azure-tests +57 -0
data/bin/mu-cleanup +2 -4
data/bin/mu-configure +52 -0
data/bin/mu-deploy +3 -3
data/bin/mu-findstray-tests +25 -0
data/bin/mu-gen-docs +2 -4
data/bin/mu-load-config.rb +2 -3
data/bin/mu-node-manage +15 -16
data/bin/mu-run-tests +135 -37
data/cloud-mu.gemspec +22 -20
data/cookbooks/mu-activedirectory/resources/domain.rb +4 -4
data/cookbooks/mu-activedirectory/resources/domain_controller.rb +4 -4
data/cookbooks/mu-tools/libraries/helper.rb +3 -2
data/cookbooks/mu-tools/libraries/monkey.rb +35 -0
data/cookbooks/mu-tools/recipes/apply_security.rb +14 -14
data/cookbooks/mu-tools/recipes/aws_api.rb +9 -0
data/cookbooks/mu-tools/recipes/eks.rb +2 -2
data/cookbooks/mu-tools/recipes/google_api.rb +2 -2
data/cookbooks/mu-tools/recipes/selinux.rb +2 -1
data/cookbooks/mu-tools/recipes/windows-client.rb +163 -164
data/cookbooks/mu-tools/resources/disk.rb +1 -1
data/cookbooks/mu-tools/resources/windows_users.rb +44 -43
data/extras/clean-stock-amis +25 -19
data/extras/generate-stock-images +1 -0
data/extras/image-generators/AWS/win2k12.yaml +18 -13
data/extras/image-generators/AWS/win2k16.yaml +18 -13
data/extras/image-generators/AWS/win2k19.yaml +21 -0
data/extras/image-generators/Google/centos6.yaml +1 -0
data/extras/image-generators/Google/centos7.yaml +1 -1
data/modules/mommacat.ru +6 -16
data/modules/mu.rb +165 -111
data/modules/mu/adoption.rb +401 -68
data/modules/mu/cleanup.rb +199 -306
data/modules/mu/cloud.rb +100 -1632
data/modules/mu/cloud/database.rb +49 -0
data/modules/mu/cloud/dnszone.rb +46 -0
data/modules/mu/cloud/machine_images.rb +212 -0
data/modules/mu/cloud/providers.rb +81 -0
data/modules/mu/cloud/resource_base.rb +920 -0
data/modules/mu/cloud/server.rb +40 -0
data/modules/mu/cloud/server_pool.rb +1 -0
data/modules/mu/cloud/ssh_sessions.rb +228 -0
data/modules/mu/cloud/winrm_sessions.rb +237 -0
data/modules/mu/cloud/wrappers.rb +165 -0
data/modules/mu/config.rb +171 -1767
data/modules/mu/config/alarm.rb +2 -6
data/modules/mu/config/bucket.rb +4 -4
data/modules/mu/config/cache_cluster.rb +1 -1
data/modules/mu/config/collection.rb +4 -4
data/modules/mu/config/container_cluster.rb +9 -4
data/modules/mu/config/database.rb +83 -104
data/modules/mu/config/database.yml +1 -2
data/modules/mu/config/dnszone.rb +6 -6
data/modules/mu/config/doc_helpers.rb +516 -0
data/modules/mu/config/endpoint.rb +4 -4
data/modules/mu/config/firewall_rule.rb +103 -4
data/modules/mu/config/folder.rb +4 -4
data/modules/mu/config/function.rb +3 -3
data/modules/mu/config/group.rb +4 -4
data/modules/mu/config/habitat.rb +4 -4
data/modules/mu/config/loadbalancer.rb +60 -14
data/modules/mu/config/log.rb +4 -4
data/modules/mu/config/msg_queue.rb +4 -4
data/modules/mu/config/nosqldb.rb +4 -4
data/modules/mu/config/notifier.rb +3 -3
data/modules/mu/config/ref.rb +365 -0
data/modules/mu/config/role.rb +4 -4
data/modules/mu/config/schema_helpers.rb +509 -0
data/modules/mu/config/search_domain.rb +4 -4
data/modules/mu/config/server.rb +97 -70
data/modules/mu/config/server.yml +1 -0
data/modules/mu/config/server_pool.rb +5 -9
data/modules/mu/config/storage_pool.rb +1 -1
data/modules/mu/config/tail.rb +200 -0
data/modules/mu/config/user.rb +4 -4
data/modules/mu/config/vpc.rb +70 -27
data/modules/mu/config/vpc.yml +0 -1
data/modules/mu/defaults/AWS.yaml +83 -60
data/modules/mu/defaults/Azure.yaml +1 -0
data/modules/mu/defaults/Google.yaml +3 -2
data/modules/mu/deploy.rb +30 -26
data/modules/mu/groomer.rb +17 -2
data/modules/mu/groomers/ansible.rb +188 -41
data/modules/mu/groomers/chef.rb +116 -55
data/modules/mu/logger.rb +127 -148
data/modules/mu/master.rb +389 -2
data/modules/mu/master/chef.rb +3 -4
data/modules/mu/master/ldap.rb +3 -3
data/modules/mu/master/ssl.rb +12 -3
data/modules/mu/mommacat.rb +217 -2612
data/modules/mu/mommacat/daemon.rb +397 -0
data/modules/mu/mommacat/naming.rb +473 -0
data/modules/mu/mommacat/search.rb +495 -0
data/modules/mu/mommacat/storage.rb +722 -0
data/modules/mu/{clouds → providers}/README.md +1 -1
data/modules/mu/{clouds → providers}/aws.rb +271 -112
data/modules/mu/{clouds → providers}/aws/alarm.rb +5 -3
data/modules/mu/{clouds → providers}/aws/bucket.rb +26 -22
data/modules/mu/{clouds → providers}/aws/cache_cluster.rb +33 -67
data/modules/mu/{clouds → providers}/aws/collection.rb +24 -23
data/modules/mu/{clouds → providers}/aws/container_cluster.rb +681 -721
data/modules/mu/providers/aws/database.rb +1744 -0
data/modules/mu/{clouds → providers}/aws/dnszone.rb +64 -63
data/modules/mu/{clouds → providers}/aws/endpoint.rb +22 -27
data/modules/mu/{clouds → providers}/aws/firewall_rule.rb +214 -244
data/modules/mu/{clouds → providers}/aws/folder.rb +7 -7
data/modules/mu/{clouds → providers}/aws/function.rb +17 -22
data/modules/mu/{clouds → providers}/aws/group.rb +23 -23
data/modules/mu/{clouds → providers}/aws/habitat.rb +17 -14
data/modules/mu/{clouds → providers}/aws/loadbalancer.rb +57 -48
data/modules/mu/{clouds → providers}/aws/log.rb +15 -12
data/modules/mu/{clouds → providers}/aws/msg_queue.rb +17 -16
data/modules/mu/{clouds → providers}/aws/nosqldb.rb +18 -11
data/modules/mu/{clouds → providers}/aws/notifier.rb +11 -6
data/modules/mu/{clouds → providers}/aws/role.rb +112 -86
data/modules/mu/{clouds → providers}/aws/search_domain.rb +39 -33
data/modules/mu/{clouds → providers}/aws/server.rb +835 -1133
data/modules/mu/{clouds → providers}/aws/server_pool.rb +56 -60
data/modules/mu/{clouds → providers}/aws/storage_pool.rb +24 -42
data/modules/mu/{clouds → providers}/aws/user.rb +21 -22
data/modules/mu/{clouds → providers}/aws/userdata/README.md +0 -0
data/modules/mu/{clouds → providers}/aws/userdata/linux.erb +0 -0
data/modules/mu/{clouds → providers}/aws/userdata/windows.erb +2 -1
data/modules/mu/{clouds → providers}/aws/vpc.rb +523 -929
data/modules/mu/providers/aws/vpc_subnet.rb +286 -0
data/modules/mu/{clouds → providers}/azure.rb +29 -9
data/modules/mu/{clouds → providers}/azure/container_cluster.rb +3 -8
data/modules/mu/{clouds → providers}/azure/firewall_rule.rb +18 -11
data/modules/mu/{clouds → providers}/azure/habitat.rb +8 -6
data/modules/mu/{clouds → providers}/azure/loadbalancer.rb +5 -5
data/modules/mu/{clouds → providers}/azure/role.rb +8 -10
data/modules/mu/{clouds → providers}/azure/server.rb +95 -48
data/modules/mu/{clouds → providers}/azure/user.rb +6 -8
data/modules/mu/{clouds → providers}/azure/userdata/README.md +0 -0
data/modules/mu/{clouds → providers}/azure/userdata/linux.erb +0 -0
data/modules/mu/{clouds → providers}/azure/userdata/windows.erb +0 -0
data/modules/mu/{clouds → providers}/azure/vpc.rb +16 -21
data/modules/mu/{clouds → providers}/cloudformation.rb +18 -7
data/modules/mu/{clouds → providers}/cloudformation/alarm.rb +3 -3
data/modules/mu/{clouds → providers}/cloudformation/cache_cluster.rb +3 -3
data/modules/mu/{clouds → providers}/cloudformation/collection.rb +3 -3
data/modules/mu/{clouds → providers}/cloudformation/database.rb +6 -17
data/modules/mu/{clouds → providers}/cloudformation/dnszone.rb +3 -3
data/modules/mu/{clouds → providers}/cloudformation/firewall_rule.rb +3 -3
data/modules/mu/{clouds → providers}/cloudformation/loadbalancer.rb +3 -3
data/modules/mu/{clouds → providers}/cloudformation/log.rb +3 -3
data/modules/mu/{clouds → providers}/cloudformation/server.rb +7 -7
data/modules/mu/{clouds → providers}/cloudformation/server_pool.rb +5 -5
data/modules/mu/{clouds → providers}/cloudformation/vpc.rb +5 -7
data/modules/mu/{clouds → providers}/docker.rb +0 -0
data/modules/mu/{clouds → providers}/google.rb +67 -30
data/modules/mu/{clouds → providers}/google/bucket.rb +13 -15
data/modules/mu/{clouds → providers}/google/container_cluster.rb +84 -77
data/modules/mu/{clouds → providers}/google/database.rb +10 -20
data/modules/mu/{clouds → providers}/google/firewall_rule.rb +15 -14
data/modules/mu/{clouds → providers}/google/folder.rb +20 -17
data/modules/mu/{clouds → providers}/google/function.rb +139 -167
data/modules/mu/{clouds → providers}/google/group.rb +29 -34
data/modules/mu/{clouds → providers}/google/habitat.rb +21 -22
data/modules/mu/{clouds → providers}/google/loadbalancer.rb +18 -20
data/modules/mu/{clouds → providers}/google/role.rb +92 -58
data/modules/mu/{clouds → providers}/google/server.rb +242 -155
data/modules/mu/{clouds → providers}/google/server_pool.rb +25 -44
data/modules/mu/{clouds → providers}/google/user.rb +95 -31
data/modules/mu/{clouds → providers}/google/userdata/README.md +0 -0
data/modules/mu/{clouds → providers}/google/userdata/linux.erb +0 -0
data/modules/mu/{clouds → providers}/google/userdata/windows.erb +0 -0
data/modules/mu/{clouds → providers}/google/vpc.rb +103 -79
data/modules/tests/bucket.yml +4 -0
data/modules/tests/centos6.yaml +11 -0
data/modules/tests/centos7.yaml +11 -0
data/modules/tests/centos8.yaml +12 -0
data/modules/tests/ecs.yaml +23 -0
data/modules/tests/includes-and-params.yaml +2 -1
data/modules/tests/rds.yaml +108 -0
data/modules/tests/regrooms/aws-iam.yaml +201 -0
data/modules/tests/regrooms/bucket.yml +19 -0
data/modules/tests/regrooms/rds.yaml +123 -0
data/modules/tests/server-with-scrub-muisms.yaml +1 -0
data/modules/tests/super_simple_bok.yml +1 -3
data/modules/tests/win2k12.yaml +17 -5
data/modules/tests/win2k16.yaml +25 -0
data/modules/tests/win2k19.yaml +25 -0
data/requirements.txt +1 -0
data/spec/mu/clouds/azure_spec.rb +2 -2
metadata +232 -154
data/extras/image-generators/AWS/windows.yaml +0 -18
data/modules/mu/clouds/aws/database.rb +0 -1985

data/modules/mu/{clouds → providers}/google/database.rb RENAMED

@@ -25,14 +25,7 @@ module MU
           @config["groomer"] = MU::Config.defaultGroomer unless @config["groomer"]
           @groomclass = MU::Groomer.loadGroomer(@config["groomer"])
-          @mu_name ||=
-            if @config and @config['engine'] and @config["engine"].match(/^sqlserver/)
-              @deploy.getResourceName(@config["name"], max_length: 15)
-            else
-              @deploy.getResourceName(@config["name"], max_length: 63)
-            end
-          @mu_name.gsub(/(--|-$)/i, "").gsub(/(_)/, "-").gsub!(/^[^a-z]/i, "")
+          @mu_name ||= @deploy.getResourceName(@config["name"], max_length: 63)
         end
         # Called automatically by {MU::Deploy#createResources}
@@ -68,8 +61,7 @@ module MU
         # Locate an existing Database or Databases and return an array containing matching GCP resource descriptors for those that match.
         # @return [Array<Hash<String,OpenStruct>>]: The cloud provider's complete descriptions of matching Databases
         def self.find(**args)
-          args[:project] ||= args[:habitat]
-          args[:project] ||= MU::Cloud::Google.defaultProject(args[:credentials])
+          args = MU::Cloud::Google.findLocationArgs(args)
         end
         # Called automatically by {MU::Deploy#createResources}
@@ -109,21 +101,21 @@ module MU
         # @param region [String]: The cloud provider region in which to operate
         # @return [void]
         def self.cleanup(noop: false, ignoremaster: false, region: MU.curRegion, credentials: nil, flags: {})
-          flags["project"] ||= MU::Cloud::Google.defaultProject(credentials)
-          skipsnapshots||= flags["skipsnapshots"]
-#          instances = MU::Cloud::Google.sql(credentials: credentials).list_instances(flags['project'], filter: %Q{userLabels.mu-id:"#{MU.deploy_id.downcase}"})
+          flags["habitat"] ||= MU::Cloud::Google.defaultProject(credentials)
+#          instances = MU::Cloud::Google.sql(credentials: credentials).list_instances(flags['habitat'], filter: %Q{userLabels.mu-id:"#{MU.deploy_id.downcase}"})
 #          if instances and instances.items
 #            instances.items.each { |instance|
 #              MU.log "Deleting Cloud SQL instance #{instance.name}"
-#              MU::Cloud::Google.sql(credentials: credentials).delete_instance(flags['project'], instance.name) if !noop
+#              MU::Cloud::Google.sql(credentials: credentials).delete_instance(flags['habitat'], instance.name) if !noop
 #            }
 #          end
         end
         # Cloud-specific configuration properties.
-        # @param config [MU::Config]: The calling MU::Config object
+        # @param _config [MU::Config]: The calling MU::Config object
         # @return [Array<Array,Hash>]: List of required fields, and json-schema Hash of cloud-specific configuration parameters for this resource
-        def self.schema(config)
+        def self.schema(_config)
           toplevel_required = []
           schema = {}
           [toplevel_required, schema]
@@ -131,9 +123,9 @@ module MU
         # Cloud-specific pre-processing of {MU::Config::BasketofKittens::databases}, bare and unvalidated.
         # @param db [Hash]: The resource to process and validate
-        # @param configurator [MU::Config]: The overall deployment configurator of which this resource is a member
+        # @param _configurator [MU::Config]: The overall deployment configurator of which this resource is a member
         # @return [Boolean]: True if validation succeeded, False otherwise
-        def self.validateConfig(db, configurator)
+        def self.validateConfig(db, _configurator)
           ok = true
           if db["create_cluster"]
@@ -144,8 +136,6 @@ module MU
           ok
         end
-        private
       end #class
     end #class
   end

data/modules/mu/{clouds → providers}/google/firewall_rule.rb RENAMED

@@ -172,8 +172,7 @@ end
         # @param args [Hash]: Hash of named arguments passed via Ruby's double-splat
         # @return [Hash<String,OpenStruct>]: The cloud provider's complete descriptions of matching resources
         def self.find(**args)
-          args[:project] ||= args[:habitat]
-          args[:project] ||= MU::Cloud::Google.defaultProject(args[:credentials])
+          args = MU::Cloud::Google.findLocationArgs(args)
           found = {}
           resp = begin
@@ -207,15 +206,19 @@ end
         # Remove all security groups (firewall rulesets) associated with the currently loaded deployment.
         # @param noop [Boolean]: If true, will only print what would be done
         # @param ignoremaster [Boolean]: If true, will remove resources not flagged as originating from this Mu server
-        # @param region [String]: The cloud provider region
         # @return [void]
-        def self.cleanup(noop: false, ignoremaster: false, region: MU.curRegion, credentials: nil, flags: {})
-          flags["project"] ||= MU::Cloud::Google.defaultProject(credentials)
-          return if !MU::Cloud::Google::Habitat.isLive?(flags["project"], credentials)
+        def self.cleanup(noop: false, ignoremaster: false, credentials: nil, flags: {})
+          flags["habitat"] ||= MU::Cloud::Google.defaultProject(credentials)
+          return if !MU::Cloud.resourceClass("Google", "Habitat").isLive?(flags["habitat"], credentials)
+          filter = %Q{(labels.mu-id = "#{MU.deploy_id.downcase}")}
+          if !ignoremaster and MU.mu_public_ip
+            filter += %Q{ AND (labels.mu-master-ip = "#{MU.mu_public_ip.gsub(/\./, "_")}")}
+          end
+          MU.log "Placeholder: Google FirewallRule artifacts do not support labels, so ignoremaster cleanup flag has no effect", MU::DEBUG, details: filter
           MU::Cloud::Google.compute(credentials: credentials).delete(
             "firewall",
-            flags["project"],
+            flags["habitat"],
             nil,
             noop
           )
@@ -224,7 +227,7 @@ end
         # Reverse-map our cloud description into a runnable config hash.
         # We assume that any values we have in +@config+ are placeholders, and
         # calculate our own accordingly based on what's live in the cloud.
-        def toKitten(rootparent: nil, billing: nil, habitats: nil)
+        def toKitten(**_args)
           if cloud_desc.name.match(/^[a-f0-9]+$/)
             gke_ish = true
@@ -362,9 +365,9 @@ end
         end
         # Cloud-specific configuration properties.
-        # @param config [MU::Config]: The calling MU::Config object
+        # @param _config [MU::Config]: The calling MU::Config object
         # @return [Array<Array,Hash>]: List of required fields, and json-schema Hash of cloud-specific configuration parameters for this resource
-        def self.schema(config = nil)
+        def self.schema(_config = nil)
           toplevel_required = []
           schema = {
             "rules" => {
@@ -437,7 +440,7 @@ end
             elsif acl['vpc']['habitat'] and acl['vpc']['habitat']['name']
               acl['vpc']['project'] = acl['vpc']['habitat']['name']
             end
-            correct_vpc = MU::Cloud::Google::VPC.pickVPC(
+            correct_vpc = MU::Cloud.resourceClass("Google", "VPC").pickVPC(
               acl['vpc'],
               acl,
               "firewall_rule",
@@ -523,7 +526,7 @@ end
             end
           }
-          rules_by_class.reject! { |k, v| v.size == 0 }
+          rules_by_class.reject! { |_k, v| v.size == 0 }
           # Generate other firewall rule objects to cover the other behaviors
           # we've requested, if indeed we've done so.
@@ -543,8 +546,6 @@ end
           ok
         end
-        private
       end #class
     end #class
   end

data/modules/mu/{clouds → providers}/google/folder.rb RENAMED

@@ -48,7 +48,7 @@ module MU
           folder_obj = MU::Cloud::Google.folder(:Folder).new(params)
           MU.log "Creating folder #{name_string} under #{parent}", details: folder_obj
-          resp = MU::Cloud::Google.folder(credentials: @config['credentials']).create_folder(folder_obj, parent: parent)
+          MU::Cloud::Google.folder(credentials: @config['credentials']).create_folder(folder_obj, parent: parent)
           # Wait for list_folders output to be consistent (for the folder we
           # just created to show up)
@@ -125,10 +125,12 @@ module MU
           nil
         end
+        @cached_cloud_desc = nil
         # Return the cloud descriptor for the Folder
         # @return [Google::Apis::Core::Hashable]
-        def cloud_desc
-          @cached_cloud_desc ||= MU::Cloud::Google::Folder.find(cloud_id: @cloud_id, credentials: @config['credentials']).values.first
+        def cloud_desc(use_cache: true)
+          return @cached_cloud_desc if @cached_cloud_desc and use_cache
+          @cached_cloud_desc = MU::Cloud::Google::Folder.find(cloud_id: @cloud_id, credentials: @config['credentials']).values.first
           @habitat_id ||= @cached_cloud_desc.parent.sub(/^(folders|organizations)\//, "")
           @cached_cloud_desc
         end
@@ -136,7 +138,7 @@ module MU
         # Return the metadata for this folders's configuration
         # @return [Hash]
         def notify
-          desc = MU.structToHash(MU::Cloud::Google.folder(credentials: @config['credentials']).get_folder("folders/"+@cloud_id))
+          desc = MU.structToHash(cloud_desc)
           desc["mu_name"] = @mu_name
           desc["parent"] = @parent
           desc["cloud_id"] = @cloud_id
@@ -160,7 +162,12 @@ module MU
         # @param noop [Boolean]: If true, will only print what would be done
         # @param ignoremaster [Boolean]: If true, will remove resources not flagged as originating from this Mu server
         # @return [void]
-        def self.cleanup(noop: false, ignoremaster: false, credentials: nil, flags: {}, region: MU.myRegion)
+        def self.cleanup(noop: false, ignoremaster: false, credentials: nil, flags: {})
+          filter = %Q{(labels.mu-id = "#{MU.deploy_id.downcase}")}
+          if !ignoremaster and MU.mu_public_ip
+            filter += %Q{ AND (labels.mu-master-ip = "#{MU.mu_public_ip.gsub(/\./, "_")}")}
+          end
+          MU.log "Placeholder: Google Folder artifacts do not support labels, so ignoremaster cleanup flag has no effect", MU::DEBUG, details: filter
           # We can't label GCP folders, and their names are too short to encode
           # Mu deploy IDs, so all we can do is rely on flags['known'] passed in
           # from cleanup, which relies on our metadata to know what's ours.
@@ -229,10 +236,10 @@ module MU
         # @return [Hash<String,OpenStruct>]: The cloud provider's complete descriptions of matching resources
         def self.find(**args)
           found = {}
           # Recursively search a GCP folder hierarchy for a folder matching our
           # supplied name or identifier.
           def self.find_matching_folder(parent, name: nil, id: nil, credentials: nil)
             resp = MU::Cloud::Google.folder(credentials: credentials).list_folders(parent: parent)
             if resp and resp.folders
               resp.folders.each { |f|
@@ -271,6 +278,7 @@ module MU
             end
           else
             resp = MU::Cloud::Google.folder(credentials: args[:credentials]).list_folders(parent: parent)
             if resp and resp.folders
               resp.folders.each { |folder|
                 next if folder.lifecycle_state == "DELETE_REQUESTED"
@@ -293,7 +301,7 @@ module MU
         # Reverse-map our cloud description into a runnable config hash.
         # We assume that any values we have in +@config+ are placeholders, and
         # calculate our own accordingly based on what's live in the cloud.
-        def toKitten(rootparent: nil, billing: nil, habitats: nil)
+        def toKitten(**args)
           bok = {
             "cloud" => "Google",
             "credentials" => @config['credentials']
@@ -303,16 +311,15 @@ module MU
           bok['cloud_id'] = cloud_desc.name
           bok['name'] = cloud_desc.display_name#+bok['cloud_id'] # only way to guarantee uniqueness
           if cloud_desc.parent.match(/^folders\/(.*)/)
-MU.log bok['display_name']+" generating reference", MU::NOTICE, details: cloud_desc.parent
             bok['parent'] = MU::Config::Ref.get(
               id: cloud_desc.parent,
               cloud: "Google",
               credentials: @config['credentials'],
               type: "folders"
             )
-          elsif rootparent
+          elsif args[:rootparent]
             bok['parent'] = {
-              'id' => rootparent.is_a?(String) ? rootparent : rootparent.cloud_desc.name
+              'id' => args[:rootparent].is_a?(String) ? args[:rootparent] : args[:rootparent].cloud_desc.name
             }
           else
             bok['parent'] = { 'id' => cloud_desc.parent }
@@ -322,9 +329,9 @@ MU.log bok['display_name']+" generating reference", MU::NOTICE, details: cloud_d
         end
         # Cloud-specific configuration properties.
-        # @param config [MU::Config]: The calling MU::Config object
+        # @param _config [MU::Config]: The calling MU::Config object
         # @return [Array<Array,Hash>]: List of required fields, and json-schema Hash of cloud-specific configuration parameters for this resource
-        def self.schema(config)
+        def self.schema(_config)
           toplevel_required = []
           schema = {
             "display_name" => {
@@ -348,11 +355,7 @@ MU.log bok['display_name']+" generating reference", MU::NOTICE, details: cloud_d
           end
           if folder['parent'] and folder['parent']['name'] and !folder['parent']['deploy_id'] and configurator.haveLitterMate?(folder['parent']['name'], "folders")
-            folder["dependencies"] ||= []
-            folder["dependencies"] << {
-              "type" => "folder",
-              "name" => folder['parent']['name']
-            }
+            MU::Config.addDependency(folder, folder['parent']['name'], "folder")
           end
           ok

data/modules/mu/{clouds → providers}/google/function.rb RENAMED

@@ -108,98 +108,9 @@ module example.com/cloudfunction
         # Called automatically by {MU::Deploy#createResources}
         def create
-          labels = Hash[@tags.keys.map { |k|
-            [k.downcase, @tags[k].downcase.gsub(/[^-_a-z0-9]/, '-')] }
-          ]
-          labels["name"] = MU::Cloud::Google.nameStr(@mu_name)
           location = "projects/"+@config['project']+"/locations/"+@config['region']
-          sa = nil
-          retries = 0
-          begin
-            sa_ref = MU::Config::Ref.get(@config['service_account'])
-            sa = @deploy.findLitterMate(name: sa_ref.name, type: "users")
-            if !sa or !sa.cloud_desc
-              sleep 10
-            end
-          rescue ::Google::Apis::ClientError => e
-            if e.message.match(/notFound:/)
-              sleep 10
-              retries += 1
-              retry
-            end
-          end while !sa or !sa.cloud_desc and retries < 5
-          if !sa or !sa.cloud_desc
-            raise MuError, "Failed to get service account cloud id from #{@config['service_account'].to_s}"
-          end
-          desc = {
-            name: location+"/functions/"+@mu_name.downcase,
-            runtime: @config['runtime'],
-            timeout: @config['timeout'].to_s+"s",
-#            entry_point: "hello_world",
-            entry_point: @config['handler'],
-            description: @deploy.deploy_id,
-            service_account_email: sa.cloud_desc.email,
-            labels: labels,
-            available_memory_mb: @config['memory']
-          }
-          # XXX This network argument is deprecated in favor of using VPC
-          # Connectors. Which would be fine, except there's no API support for
-          # interacting with VPC Connectors. Can't create them, can't list them,
-          # can't do anything except pass their ids into Cloud Functions or
-          # AppEngine and hope for the best.
-          if @config['vpc_connector']
-            desc[:vpc_connector] = @config['vpc_connector']
-          elsif @vpc
-            desc[:network] = @vpc.url.sub(/^.*?\/projects\//, 'projects/')
-          end
-          if @config['triggers']
-            desc[:event_trigger] = MU::Cloud::Google.function(:EventTrigger).new(
-              event_type: @config['triggers'].first['event'],
-              resource: @config['triggers'].first['resource']
-            )
-          else
-            desc[:https_trigger] = MU::Cloud::Google.function(:HttpsTrigger).new
-          end
-          if @config['environment_variable']
-            @config['environment_variable'].each { |var|
-              desc[:environment_variables] ||= {}
-              desc[:environment_variables][var["key"].to_s] = var["value"].to_s
-            }
-          end
-#          hello_code = nil
-#          HELLO_WORLDS.each_pair { |runtime, code|
-#            if @config['runtime'].match(/^#{Regexp.quote(runtime)}/)
-#              hello_code = code
-#              break
-#            end
-#          }
-          if @config['code']['gs_url']
-            desc[:source_archive_url] = @config['code']['gs_url']
-          elsif @config['code']['zip_file']
-            desc[:source_archive_url] = MU::Cloud::Google::Function.uploadPackage(@config['code']['zip_file'], @mu_name+"-cloudfunction.zip", credentials: @credentials)
-          end
-#          Dir.mktmpdir(@mu_name) { |dir|
-#            hello_code.each_pair { |file, contents|
-#              f = File.open(dir+"/"+file, "w")
-#              f.puts contents
-#              f.close
-#              Zip::File.open(dir+"/function.zip", Zip::File::CREATE) { |z|
-#                z.add(file, dir+"/"+file)
-#              }
-#            }
-#            desc[:source_archive_url] = MU::Cloud::Google::Function.uploadPackage(dir+"/function.zip", @mu_name+"-cloudfunction.zip", credentials: @credentials)
-#          }
-          func_obj = MU::Cloud::Google.function(:CloudFunction).new(desc)
+          func_obj = buildDesc
           MU.log "Creating Cloud Function #{@mu_name} in #{location}", details: func_obj
           resp = MU::Cloud::Google.function(credentials: @credentials).create_project_location_function(location, func_obj)
           @cloud_id = resp.name
@@ -214,27 +125,26 @@ module example.com/cloudfunction
           labels["name"] = MU::Cloud::Google.nameStr(@mu_name)
           if cloud_desc.labels != labels
-            desc[:labels] = labels
+            need_update = true
           end
           if cloud_desc.runtime != @config['runtime']
-            desc[:runtime] = @config['runtime']
+            need_update = true
           end
           if cloud_desc.timeout != @config['timeout'].to_s+"s"
-            desc[:timeout] = @config['timeout'].to_s+"s"
+            need_update = true
           end
           if cloud_desc.entry_point != @config['handler']
-            desc[:entry_point] = @config['handler']
+            need_update = true
           end
           if cloud_desc.available_memory_mb != @config['memory']
-            desc[:available_memory_mb] = @config['memory']
+            need_update = true
           end
           if @config['environment_variable']
             @config['environment_variable'].each { |var|
               if !cloud_desc.environment_variables or
                  cloud_desc.environment_variables[var["key"].to_s] != var["value"].to_s
-                desc[:environment_variables] ||= {}
-                desc[:environment_variables][var["key"].to_s] = var["value"].to_s
+                need_update = true
               end
             }
           end
@@ -242,10 +152,7 @@ module example.com/cloudfunction
             if !cloud_desc.event_trigger or
                cloud_desc.event_trigger.event_type != @config['triggers'].first['event'] or
                cloud_desc.event_trigger.resource != @config['triggers'].first['resource']
-              desc[:event_trigger] = MU::Cloud::Google.function(:EventTrigger).new(
-                event_type: @config['triggers'].first['event'],
-                resource: @config['triggers'].first['resource']
-              )
+              need_update = true
             end
           end
@@ -254,7 +161,6 @@ module example.com/cloudfunction
             File.read("#{dir}/current.zip")
           }
-          source_url = nil
           new = if @config['code']['zip_file']
             File.read(@config['code']['zip_file'])
           elsif @config['code']['gs_url']
@@ -269,37 +175,21 @@ module example.com/cloudfunction
           if @config['code']['gs_url'] and
              (@config['code']['gs_url'] != cloud_desc.source_archive_url or
              current != new)
-            desc[:source_archive_url] = @config['code']['gs_url']
+            need_update = true
           elsif @config['code']['zip_file'] and current != new
+            need_update = true
             desc[:source_archive_url] = MU::Cloud::Google::Function.uploadPackage(@config['code']['zip_file'], @mu_name+"-cloudfunction.zip", credentials: @credentials)
           end
-          if desc.size > 0
-            # A trigger and some code must always be specified, apparently. The
-            # endpoint hangs indefinitely if either is missing. Charming.
-            if !desc[:https_trigger] and !desc[:event_trigger]
-              if cloud_desc.https_trigger
-                desc[:https_trigger] = MU::Cloud::Google.function(:HttpsTrigger).new
-              else
-                desc[:event_trigger] = cloud_desc.event_trigger
-              end
-            end
-            if !desc[:source_archive_url] and !desc[:source_upload_url]
-              if cloud_desc.source_archive_url
-                desc[:source_archive_url] = cloud_desc.source_archive_url
-              else
-                desc[:source_upload_url] = cloud_desc.source_upload_url
-              end
-            end
-            func_obj = MU::Cloud::Google.function(:CloudFunction).new(desc)
+          if need_update
+            func_obj = buildDesc
             MU.log "Updating Cloud Function #{@mu_name}", MU::NOTICE, details: func_obj
             begin
-              MU::Cloud::Google.function(credentials: @credentials).patch_project_location_function(
-                @cloud_id,
-                func_obj
-              )
-            rescue ::Google::Apis::ClientError => e
+#              MU::Cloud::Google.function(credentials: @credentials).patch_project_location_function(
+#                @cloud_id,
+#                func_obj
+#              )
+            rescue ::Google::Apis::ClientError
               MU.log "Error updating Cloud Function #{@mu_name}.", MU::ERR
               if desc[:source_archive_url]
                 main_file = nil
@@ -344,13 +234,13 @@ module example.com/cloudfunction
         # @param region [String]: The cloud provider region
         # @return [void]
         def self.cleanup(noop: false, ignoremaster: false, region: MU.curRegion, credentials: nil, flags: {})
-          flags["project"] ||= MU::Cloud::Google.defaultProject(credentials)
-          return if !MU::Cloud::Google::Habitat.isLive?(flags["project"], credentials)
+          flags["habitat"] ||= MU::Cloud::Google.defaultProject(credentials)
+          return if !MU::Cloud.resourceClass("Google", "Habitat").isLive?(flags["habitat"], credentials)
           # Make sure we catch regional *and* zone functions
-          found = MU::Cloud::Google::Function.find(credentials: credentials, region: region, project: flags["project"])
+          found = MU::Cloud::Google::Function.find(credentials: credentials, region: region, project: flags["habitat"])
           found.each_pair { |cloud_id, desc|
             if (desc.description and desc.description == MU.deploy_id) or
-               (desc.labels and desc.labels["mu-id"] == MU.deploy_id.downcase) or
+               (desc.labels and desc.labels["mu-id"] == MU.deploy_id.downcase and (ignoremaster or desc.labels["mu-master-ip"] == MU.mu_public_ip.gsub(/\./, "_"))) or
                (flags["known"] and flags["known"].include?(cloud_id))
               MU.log "Deleting Cloud Function #{desc.name}"
               if !noop
@@ -364,9 +254,7 @@ module example.com/cloudfunction
         # Locate an existing project
         # @return [Hash<OpenStruct>]: The cloud provider's complete descriptions of matching project
         def self.find(**args)
-          args[:project] ||= args[:habitat]
-          args[:project] ||= MU::Cloud::Google.defaultProject(args[:credentials])
-          location = args[:region] || args[:availability_zone] || "-"
+          args = MU::Cloud::Google.findLocationArgs(args)
           found = {}
@@ -379,7 +267,7 @@ module example.com/cloudfunction
             found[args[:cloud_id]] = resp if resp
           else
             resp = begin
-              MU::Cloud::Google.function(credentials: args[:credentials]).list_project_location_functions("projects/#{args[:project]}/locations/#{location}")
+              MU::Cloud::Google.function(credentials: args[:credentials]).list_project_location_functions("projects/#{args[:project]}/locations/#{args[:location]}")
             rescue ::Google::Apis::ClientError => e
               raise e if !e.message.match(/forbidden:/)
             end
@@ -397,7 +285,7 @@ module example.com/cloudfunction
         # Reverse-map our cloud description into a runnable config hash.
         # We assume that any values we have in +@config+ are placeholders, and
         # calculate our own accordingly based on what's live in the cloud.
-        def toKitten(rootparent: nil, billing: nil, habitats: nil)
+        def toKitten(**_args)
           bok = {
             "cloud" => "Google",
             "cloud_id" => @cloud_id,
@@ -452,7 +340,7 @@ module example.com/cloudfunction
           end
           codefile = bok["project"]+"_"+bok["region"]+"_"+bok["name"]+".zip"
-          MU::Cloud::Google::Function.downloadPackage(@cloud_id, codefile, credentials: @config['credentials'])
+          return nil if !MU::Cloud::Google::Function.downloadPackage(@cloud_id, codefile, credentials: @config['credentials'])
           bok['code'] = {
             'zip_file' => codefile
           }
@@ -460,7 +348,6 @@ module example.com/cloudfunction
           bok
         end
         # Cloud-specific configuration properties.
         # @param config [MU::Config]: The calling MU::Config object
         # @return [Array<Array,Hash>]: List of required fields, and json-schema Hash of cloud-specific configuration parameters for this resource
@@ -486,7 +373,7 @@ module example.com/cloudfunction
                 }
               }
             },
-            "service_account" => MU::Cloud::Google::Server.schema(config)[1]["service_account"],
+            "service_account" => MU::Cloud.resourceClass("Google", "Server").schema(config)[1]["service_account"],
             "runtime" => {
               "type" => "string",
               "enum" => %w{nodejs go python nodejs8 nodejs10 python37 go111 go113},
@@ -495,8 +382,14 @@ module example.com/cloudfunction
               "type" => "string",
               "description" => "+DEPRECATED+ VPC Connector to attach, of the form +projects/my-project/locations/some-region/connectors/my-connector+. This option will be removed once proper google-cloud-sdk support for VPC Connectors becomes available, at which point we will piggyback on the normal +vpc+ stanza and resolve connectors as needed."
             },
+            "vpc_connector_allow_all_egress" => {
+              "type" => "boolean",
+              "default" => false,
+              "description" => "+DEPRECATED+ Allow VPC connector egress traffic to any IP range, instead of just private IPs. This option will be removed once proper google-cloud-sdk support for VPC Connectors becomes available, at which point we will piggyback on the normal +vpc+ stanza and resolve connectors as needed."
+            },
             "code" => {
               "type" => "object",
+              "description" => "Zipped deployment package to upload to our function.",
               "properties" => {
                 "gs_url" => {
                   "type" => "string",
@@ -523,8 +416,13 @@ module example.com/cloudfunction
             cloud_desc.source_archive_url.match(/^gs:\/\/([^\/]+)\/(.*)/)
             bucket = Regexp.last_match[1]
             path = Regexp.last_match[2]
-            current = nil
-            MU::Cloud::Google.storage(credentials: credentials).get_object(bucket, path, download_dest: zipfile)
+            begin
+              MU::Cloud::Google.storage(credentials: credentials).get_object(bucket, path, download_dest: zipfile)
+            rescue ::Google::Apis::ClientError => e
+              MU.log "Couldn't retrieve gs://#{bucket}/#{path} for #{function_id}", MU::WARN, details: e.inspect
+              return false
+            end
           elsif cloud_desc.source_upload_url
             resp = MU::Cloud::Google.function(credentials: credentials).generate_function_download_url(
               function_id
@@ -535,6 +433,7 @@ module example.com/cloudfunction
               f.close
             end
           end
+          true
         end
         # Upload a zipfile to our admin Cloud Storage bucket, for use by
@@ -625,32 +524,7 @@ module example.com/cloudfunction
               ok = false
             end
           else
-            user = {
-              "name" => function['name'],
-              "cloud" => "Google",
-              "project" => function["project"],
-              "credentials" => function["credentials"],
-              "type" => "service"
-            }
-            if user["name"].length < 6
-              user["name"] += Password.pronounceable(6)
-            end
-            if function['roles']
-              user['roles'] = function['roles'].dup
-            end
-            configurator.insertKitten(user, "users", true)
-            function['dependencies'] ||= []
-            function['service_account'] = MU::Config::Ref.get(
-              type: "users",
-              cloud: "Google",
-              name: user["name"],
-              project: user["project"],
-              credentials: user["credentials"]
-            )
-            function['dependencies'] << {
-              "type" => "user",
-              "name" => user["name"]
-            }
+            function = MU::Cloud.resourceClass("Google", "User").genericServiceAccount(function, configurator)
           end
 #          siblings = configurator.haveLitterMate?(nil, "vpcs", has_multiple: true)
@@ -673,6 +547,104 @@ module example.com/cloudfunction
           ok
         end
+        private
+        def buildDesc
+          labels = Hash[@tags.keys.map { |k|
+            [k.downcase, @tags[k].downcase.gsub(/[^-_a-z0-9]/, '-')] }
+          ]
+          labels["name"] = MU::Cloud::Google.nameStr(@mu_name)
+          location = "projects/"+@config['project']+"/locations/"+@config['region']
+          sa = nil
+          retries = 0
+          begin
+            sa_ref = MU::Config::Ref.get(@config['service_account'])
+            sa = @deploy.findLitterMate(name: sa_ref.name, type: "users")
+            if !sa or !sa.cloud_desc
+              sleep 10
+            end
+          rescue ::Google::Apis::ClientError => e
+            if e.message.match(/notFound:/)
+              sleep 10
+              retries += 1
+              retry
+            end
+          end while !sa or !sa.cloud_desc and retries < 5
+          if !sa or !sa.cloud_desc
+            raise MuError, "Failed to get service account cloud id from #{@config['service_account'].to_s}"
+          end
+          desc = {
+            name: location+"/functions/"+@mu_name.downcase,
+            runtime: @config['runtime'],
+            timeout: @config['timeout'].to_s+"s",
+#            entry_point: "hello_world",
+            entry_point: @config['handler'],
+            description: @deploy.deploy_id,
+            service_account_email: sa.cloud_desc.email,
+            labels: labels,
+            available_memory_mb: @config['memory']
+          }
+          # XXX This network argument is deprecated in favor of using VPC
+          # Connectors. Which would be fine, except there's no API support for
+          # interacting with VPC Connectors. Can't create them, can't list them,
+          # can't do anything except pass their ids into Cloud Functions or
+          # AppEngine and hope for the best.
+          if @config['vpc_connector']
+            desc[:vpc_connector] = @config['vpc_connector']
+            desc[:vpc_connector_egress_settings] = @config['vpc_connector_allow_all_egress'] ? "ALL_TRAFFIC" : "PRIVATE_RANGES_ONLY"
+            pp desc
+          elsif @vpc
+            desc[:network] = @vpc.url.sub(/^.*?\/projects\//, 'projects/')
+          end
+          if @config['triggers']
+            desc[:event_trigger] = MU::Cloud::Google.function(:EventTrigger).new(
+              event_type: @config['triggers'].first['event'],
+              resource: @config['triggers'].first['resource']
+            )
+          else
+            desc[:https_trigger] = MU::Cloud::Google.function(:HttpsTrigger).new
+          end
+          if @config['environment_variable']
+            @config['environment_variable'].each { |var|
+              desc[:environment_variables] ||= {}
+              desc[:environment_variables][var["key"].to_s] = var["value"].to_s
+            }
+          end
+#          hello_code = nil
+#          HELLO_WORLDS.each_pair { |runtime, code|
+#            if @config['runtime'].match(/^#{Regexp.quote(runtime)}/)
+#              hello_code = code
+#              break
+#            end
+#          }
+          if @config['code']['gs_url']
+            desc[:source_archive_url] = @config['code']['gs_url']
+          elsif @config['code']['zip_file']
+            desc[:source_archive_url] = MU::Cloud::Google::Function.uploadPackage(@config['code']['zip_file'], @mu_name+"-cloudfunction.zip", credentials: @credentials)
+          end
+#          Dir.mktmpdir(@mu_name) { |dir|
+#            hello_code.each_pair { |file, contents|
+#              f = File.open(dir+"/"+file, "w")
+#              f.puts contents
+#              f.close
+#              Zip::File.open(dir+"/function.zip", Zip::File::CREATE) { |z|
+#                z.add(file, dir+"/"+file)
+#              }
+#            }
+#            desc[:source_archive_url] = MU::Cloud::Google::Function.uploadPackage(dir+"/function.zip", @mu_name+"-cloudfunction.zip", credentials: @credentials)
+#          }
+          MU::Cloud::Google.function(:CloudFunction).new(desc)
+        end
       end
     end
   end