cloud-mu 3.1.3 → 3.1.4

data/modules/mu/clouds/google/container_cluster.rb

@@ -250,7 +250,7 @@ module MU
           @config['master_az'] = @config['region']
           parent_arg = "projects/"+@config['project']+"/locations/"+@config['master_az']
 
-          cluster = MU::Cloud::Google.container(credentials: @config['credentials']).create_project_location_cluster(
+          MU::Cloud::Google.container(credentials: @config['credentials']).create_project_location_cluster(
             parent_arg,
             requestobj
           )
@@ -277,11 +277,9 @@ module MU
 
           me = cloud_desc
 
-          parent_arg = "projects/"+@config['project']+"/locations/"+me.location
-
           # Enable/disable basic auth
           authcfg = {}
-          action = nil
+
           if @config['master_user'] and (me.master_auth.username != @config['master_user'] or !me.master_auth.password)
             authcfg[:username] = @config['master_user']
             authcfg[:password] = Password.pronounceable(16..18)
@@ -368,15 +366,24 @@ module MU
             }
           end
 
+          # map from GKE Kuberentes addon parameter names to our BoK equivalent
+          # fields so we can check all these programmatically
+          addon_map = {
+            :horizontal_pod_autoscaling => 'horizontal_pod_autoscaling',
+            :http_load_balancing => 'http_load_balancing',
+            :kubernetes_dashboard => 'dashboard',
+            :network_policy_config => 'network_policy_addon'
+          }
+
           if @config['kubernetes']
-            if (me.addons_config.horizontal_pod_autoscaling.disabled and @config['kubernetes']['horizontal_pod_autoscaling']) or
-               (!me.addons_config.horizontal_pod_autoscaling and !@config['kubernetes']['horizontal_pod_autoscaling']) or
-               (me.addons_config.http_load_balancing.disabled and @config['kubernetes']['http_load_balancing']) or
-               (!me.addons_config.http_load_balancing and !@config['kubernetes']['http_load_balancing']) or
-               (me.addons_config.kubernetes_dashboard.disabled and @config['kubernetes']['dashboard']) or
-               (!me.addons_config.kubernetes_dashboard and !@config['kubernetes']['dashboard']) or
-               (me.addons_config.network_policy_config.disabled and @config['kubernetes']['network_policy_addon']) or
-               (!me.addons_config.network_policy_config and !@config['kubernetes']['network_policy_addon'])
+            have_changes = false
+            addon_map.each_pair { |param, bok_param|
+              if (me.addons_config.send(param).disabled and @config['kubernetes'][bok_param]) or
+                 (!me.addons_config.send(param) and !@config['kubernetes'][bok_param])
+                have_changes = true
+              end
+            }
+            if have_changes
               updates << { :desired_addons_config => MU::Cloud::Google.container(:AddonsConfig).new(
                 horizontal_pod_autoscaling: MU::Cloud::Google.container(:HorizontalPodAutoscaling).new(
                   disabled: !@config['kubernetes']['horizontal_pod_autoscaling']
@@ -471,9 +478,7 @@ module MU
         # Locate an existing ContainerCluster or ContainerClusters and return an array containing matching GCP resource descriptors for those that match.
         # @return [Array<Hash<String,OpenStruct>>]: The cloud provider's complete descriptions of matching ContainerClusters
         def self.find(**args)
-          args[:project] ||= args[:habitat]
-          args[:project] ||= MU::Cloud::Google.defaultProject(args[:credentials])
-          location = args[:region] || args[:availability_zone] || "-"
+          args = MU::Cloud::Google.findLocationArgs(args)
 
           found = {}
 
@@ -486,7 +491,7 @@ module MU
             found[args[:cloud_id]] = resp if resp
           else
             resp = begin
-              MU::Cloud::Google.container(credentials: args[:credentials]).list_project_location_clusters("projects/#{args[:project]}/locations/#{location}")
+              MU::Cloud::Google.container(credentials: args[:credentials]).list_project_location_clusters("projects/#{args[:project]}/locations/#{args[:location]}")
             rescue ::Google::Apis::ClientError => e
               raise e if !e.message.match(/forbidden:/)
             end
@@ -503,7 +508,7 @@ module MU
         # Reverse-map our cloud description into a runnable config hash.
         # We assume that any values we have in +@config+ are placeholders, and
         # calculate our own accordingly based on what's live in the cloud.
-        def toKitten(rootparent: nil, billing: nil, habitats: nil)
+        def toKitten(**_args)
 
           bok = {
             "cloud" => "Google",
@@ -739,7 +744,6 @@ module MU
         # @param region [String]: The cloud provider region in which to operate
         # @return [void]
         def self.cleanup(noop: false, ignoremaster: false, region: MU.curRegion, credentials: nil, flags: {})
-          skipsnapshots = flags["skipsnapshots"]
 
           flags["project"] ||= MU::Cloud::Google.defaultProject(credentials)
           return if !MU::Cloud::Google::Habitat.isLive?(flags["project"], credentials)
@@ -756,7 +760,9 @@ module MU
           clusters.uniq.each { |cluster|
             if !cluster.resource_labels or (
                  !cluster.name.match(/^#{Regexp.quote(MU.deploy_id)}\-/i) and
-                 cluster.resource_labels['mu-id'] != MU.deploy_id.downcase
+                 (cluster.resource_labels['mu-id'] != MU.deploy_id.downcase or
+                  (!ignoremaster and cluster.resource_labels['mu-master-ip'] != MU.mu_public_ip.gsub(/\./, "_"))
+                 )
                )
               next
             end
@@ -1037,29 +1043,7 @@ module MU
               ok = false
             end
           else
-            user = {
-              "name" => cluster['name'],
-              "cloud" => "Google",
-              "project" => cluster["project"],
-              "credentials" => cluster["credentials"],
-              "type" => "service"
-            }
-            if user["name"].length < 6
-              user["name"] += Password.pronounceable(6)
-            end
-            configurator.insertKitten(user, "users", true)
-            cluster['dependencies'] ||= []
-            cluster['service_account'] = MU::Config::Ref.get(
-              type: "users",
-              cloud: "Google",
-              name: cluster["name"],
-              project: cluster["project"],
-              credentials: cluster["credentials"]
-            )
-            cluster['dependencies'] << {
-              "type" => "user",
-              "name" => user["name"]
-            }
+            cluster = MU::Cloud::Google::User.genericServiceAccount(cluster, configurator)
           end
 
           if cluster['dependencies']
@@ -1223,6 +1207,7 @@ module MU
           @@server_config[credentials][az] = MU::Cloud::Google.container(credentials: credentials).get_project_location_server_config(parent_arg)
           @@server_config[credentials][az]
         end
+        private_class_method :defaults
 
         def writeKubeConfig
           kube_conf = @deploy.deploy_dir+"/kubeconfig-#{@config['name']}"

data/modules/mu/clouds/google/database.rb

@@ -68,8 +68,7 @@ module MU
         # Locate an existing Database or Databases and return an array containing matching GCP resource descriptors for those that match.
         # @return [Array<Hash<String,OpenStruct>>]: The cloud provider's complete descriptions of matching Databases
         def self.find(**args)
-          args[:project] ||= args[:habitat]
-          args[:project] ||= MU::Cloud::Google.defaultProject(args[:credentials])
+          args = MU::Cloud::Google.findLocationArgs(args)
         end
 
         # Called automatically by {MU::Deploy#createResources}
@@ -110,7 +109,7 @@ module MU
         # @return [void]
         def self.cleanup(noop: false, ignoremaster: false, region: MU.curRegion, credentials: nil, flags: {})
           flags["project"] ||= MU::Cloud::Google.defaultProject(credentials)
-          skipsnapshots||= flags["skipsnapshots"]
+
 #          instances = MU::Cloud::Google.sql(credentials: credentials).list_instances(flags['project'], filter: %Q{userLabels.mu-id:"#{MU.deploy_id.downcase}"})
 #          if instances and instances.items
 #            instances.items.each { |instance|
@@ -121,9 +120,9 @@ module MU
         end
 
         # Cloud-specific configuration properties.
-        # @param config [MU::Config]: The calling MU::Config object
+        # @param _config [MU::Config]: The calling MU::Config object
         # @return [Array<Array,Hash>]: List of required fields, and json-schema Hash of cloud-specific configuration parameters for this resource
-        def self.schema(config)
+        def self.schema(_config)
           toplevel_required = []
           schema = {}
           [toplevel_required, schema]
@@ -131,9 +130,9 @@ module MU
 
         # Cloud-specific pre-processing of {MU::Config::BasketofKittens::databases}, bare and unvalidated.
         # @param db [Hash]: The resource to process and validate
-        # @param configurator [MU::Config]: The overall deployment configurator of which this resource is a member
+        # @param _configurator [MU::Config]: The overall deployment configurator of which this resource is a member
         # @return [Boolean]: True if validation succeeded, False otherwise
-        def self.validateConfig(db, configurator)
+        def self.validateConfig(db, _configurator)
           ok = true
 
           if db["create_cluster"]
@@ -144,8 +143,6 @@ module MU
           ok
         end
 
-        private
-
       end #class
     end #class
   end

data/modules/mu/clouds/google/firewall_rule.rb

@@ -172,8 +172,7 @@ end
         # @param args [Hash]: Hash of named arguments passed via Ruby's double-splat
         # @return [Hash<String,OpenStruct>]: The cloud provider's complete descriptions of matching resources
         def self.find(**args)
-          args[:project] ||= args[:habitat]
-          args[:project] ||= MU::Cloud::Google.defaultProject(args[:credentials])
+          args = MU::Cloud::Google.findLocationArgs(args)
 
           found = {}
           resp = begin
@@ -207,11 +206,15 @@ end
         # Remove all security groups (firewall rulesets) associated with the currently loaded deployment.
         # @param noop [Boolean]: If true, will only print what would be done
         # @param ignoremaster [Boolean]: If true, will remove resources not flagged as originating from this Mu server
-        # @param region [String]: The cloud provider region
         # @return [void]
-        def self.cleanup(noop: false, ignoremaster: false, region: MU.curRegion, credentials: nil, flags: {})
+        def self.cleanup(noop: false, ignoremaster: false, credentials: nil, flags: {})
           flags["project"] ||= MU::Cloud::Google.defaultProject(credentials)
           return if !MU::Cloud::Google::Habitat.isLive?(flags["project"], credentials)
+          filter = %Q{(labels.mu-id = "#{MU.deploy_id.downcase}")}
+          if !ignoremaster and MU.mu_public_ip
+            filter += %Q{ AND (labels.mu-master-ip = "#{MU.mu_public_ip.gsub(/\./, "_")}")}
+          end
+          MU.log "Placeholder: Google FirewallRule artifacts do not support labels, so ignoremaster cleanup flag has no effect", MU::DEBUG, details: filter
 
           MU::Cloud::Google.compute(credentials: credentials).delete(
             "firewall",
@@ -224,7 +227,7 @@ end
         # Reverse-map our cloud description into a runnable config hash.
         # We assume that any values we have in +@config+ are placeholders, and
         # calculate our own accordingly based on what's live in the cloud.
-        def toKitten(rootparent: nil, billing: nil, habitats: nil)
+        def toKitten(**_args)
 
           if cloud_desc.name.match(/^[a-f0-9]+$/)
             gke_ish = true
@@ -362,9 +365,9 @@ end
         end
 
         # Cloud-specific configuration properties.
-        # @param config [MU::Config]: The calling MU::Config object
+        # @param _config [MU::Config]: The calling MU::Config object
         # @return [Array<Array,Hash>]: List of required fields, and json-schema Hash of cloud-specific configuration parameters for this resource
-        def self.schema(config = nil)
+        def self.schema(_config = nil)
           toplevel_required = []
           schema = {
             "rules" => {
@@ -523,7 +526,7 @@ end
             end
           }
 
-          rules_by_class.reject! { |k, v| v.size == 0 }
+          rules_by_class.reject! { |_k, v| v.size == 0 }
 
           # Generate other firewall rule objects to cover the other behaviors
           # we've requested, if indeed we've done so.
@@ -543,8 +546,6 @@ end
           ok
         end
 
-        private
-
       end #class
     end #class
   end

data/modules/mu/clouds/google/folder.rb

@@ -48,7 +48,7 @@ module MU
           folder_obj = MU::Cloud::Google.folder(:Folder).new(params)
 
           MU.log "Creating folder #{name_string} under #{parent}", details: folder_obj
-          resp = MU::Cloud::Google.folder(credentials: @config['credentials']).create_folder(folder_obj, parent: parent)
+          MU::Cloud::Google.folder(credentials: @config['credentials']).create_folder(folder_obj, parent: parent)
 
           # Wait for list_folders output to be consistent (for the folder we
           # just created to show up)
@@ -125,10 +125,12 @@ module MU
           nil
         end
 
+        @cached_cloud_desc = nil
         # Return the cloud descriptor for the Folder
         # @return [Google::Apis::Core::Hashable]
-        def cloud_desc
-          @cached_cloud_desc ||= MU::Cloud::Google::Folder.find(cloud_id: @cloud_id, credentials: @config['credentials']).values.first
+        def cloud_desc(use_cache: true)
+          return @cached_cloud_desc if @cached_cloud_desc and use_cache
+          @cached_cloud_desc = MU::Cloud::Google::Folder.find(cloud_id: @cloud_id, credentials: @config['credentials']).values.first
           @habitat_id ||= @cached_cloud_desc.parent.sub(/^(folders|organizations)\//, "")
           @cached_cloud_desc
         end
@@ -160,7 +162,12 @@ module MU
         # @param noop [Boolean]: If true, will only print what would be done
         # @param ignoremaster [Boolean]: If true, will remove resources not flagged as originating from this Mu server
         # @return [void]
-        def self.cleanup(noop: false, ignoremaster: false, credentials: nil, flags: {}, region: MU.myRegion)
+        def self.cleanup(noop: false, ignoremaster: false, credentials: nil, flags: {})
+          filter = %Q{(labels.mu-id = "#{MU.deploy_id.downcase}")}
+          if !ignoremaster and MU.mu_public_ip
+            filter += %Q{ AND (labels.mu-master-ip = "#{MU.mu_public_ip.gsub(/\./, "_")}")}
+          end
+          MU.log "Placeholder: Google Folder artifacts do not support labels, so ignoremaster cleanup flag has no effect", MU::DEBUG, details: filter
           # We can't label GCP folders, and their names are too short to encode
           # Mu deploy IDs, so all we can do is rely on flags['known'] passed in
           # from cleanup, which relies on our metadata to know what's ours.
@@ -293,7 +300,7 @@ module MU
         # Reverse-map our cloud description into a runnable config hash.
         # We assume that any values we have in +@config+ are placeholders, and
         # calculate our own accordingly based on what's live in the cloud.
-        def toKitten(rootparent: nil, billing: nil, habitats: nil)
+        def toKitten(**args)
           bok = {
             "cloud" => "Google",
             "credentials" => @config['credentials']
@@ -310,9 +317,9 @@ MU.log bok['display_name']+" generating reference", MU::NOTICE, details: cloud_d
               credentials: @config['credentials'],
               type: "folders"
             )
-          elsif rootparent
+          elsif args[:rootparent]
             bok['parent'] = {
-              'id' => rootparent.is_a?(String) ? rootparent : rootparent.cloud_desc.name
+              'id' => args[:rootparent].is_a?(String) ? args[:rootparent] : args[:rootparent].cloud_desc.name
             }
           else
             bok['parent'] = { 'id' => cloud_desc.parent }
@@ -322,9 +329,9 @@ MU.log bok['display_name']+" generating reference", MU::NOTICE, details: cloud_d
         end
 
         # Cloud-specific configuration properties.
-        # @param config [MU::Config]: The calling MU::Config object
+        # @param _config [MU::Config]: The calling MU::Config object
         # @return [Array<Array,Hash>]: List of required fields, and json-schema Hash of cloud-specific configuration parameters for this resource
-        def self.schema(config)
+        def self.schema(_config)
           toplevel_required = []
           schema = {
             "display_name" => {

data/modules/mu/clouds/google/function.rb

@@ -108,98 +108,9 @@ module example.com/cloudfunction
 
         # Called automatically by {MU::Deploy#createResources}
         def create
-          labels = Hash[@tags.keys.map { |k|
-            [k.downcase, @tags[k].downcase.gsub(/[^-_a-z0-9]/, '-')] }
-          ]
-          labels["name"] = MU::Cloud::Google.nameStr(@mu_name)
 
           location = "projects/"+@config['project']+"/locations/"+@config['region']
-          sa = nil
-          retries = 0
-          begin
-            sa_ref = MU::Config::Ref.get(@config['service_account'])
-            sa = @deploy.findLitterMate(name: sa_ref.name, type: "users")
-            if !sa or !sa.cloud_desc
-              sleep 10
-            end
-          rescue ::Google::Apis::ClientError => e
-            if e.message.match(/notFound:/)
-              sleep 10
-              retries += 1
-              retry
-            end
-          end while !sa or !sa.cloud_desc and retries < 5
-
-          if !sa or !sa.cloud_desc
-            raise MuError, "Failed to get service account cloud id from #{@config['service_account'].to_s}"
-          end
-
-          desc = {
-            name: location+"/functions/"+@mu_name.downcase,
-            runtime: @config['runtime'],
-            timeout: @config['timeout'].to_s+"s",
-#            entry_point: "hello_world",
-            entry_point: @config['handler'],
-            description: @deploy.deploy_id,
-            service_account_email: sa.cloud_desc.email,
-            labels: labels,
-            available_memory_mb: @config['memory']
-          }
-
-          # XXX This network argument is deprecated in favor of using VPC
-          # Connectors. Which would be fine, except there's no API support for
-          # interacting with VPC Connectors. Can't create them, can't list them,
-          # can't do anything except pass their ids into Cloud Functions or 
-          # AppEngine and hope for the best.
-          if @config['vpc_connector']
-            desc[:vpc_connector] = @config['vpc_connector']
-          elsif @vpc
-            desc[:network] = @vpc.url.sub(/^.*?\/projects\//, 'projects/')
-          end
-
-          if @config['triggers']
-            desc[:event_trigger] = MU::Cloud::Google.function(:EventTrigger).new(
-              event_type: @config['triggers'].first['event'],
-              resource: @config['triggers'].first['resource']
-            )
-          else
-            desc[:https_trigger] = MU::Cloud::Google.function(:HttpsTrigger).new
-          end
-
-
-          if @config['environment_variable']
-            @config['environment_variable'].each { |var|
-              desc[:environment_variables] ||= {}
-              desc[:environment_variables][var["key"].to_s] = var["value"].to_s
-            }
-          end
-
-#          hello_code = nil
-#          HELLO_WORLDS.each_pair { |runtime, code|
-#            if @config['runtime'].match(/^#{Regexp.quote(runtime)}/)
-#              hello_code = code
-#              break
-#            end
-#          }
-          if @config['code']['gs_url']
-            desc[:source_archive_url] = @config['code']['gs_url']
-          elsif @config['code']['zip_file']
-            desc[:source_archive_url] = MU::Cloud::Google::Function.uploadPackage(@config['code']['zip_file'], @mu_name+"-cloudfunction.zip", credentials: @credentials)
-          end
-
-#          Dir.mktmpdir(@mu_name) { |dir|
-#            hello_code.each_pair { |file, contents|
-#              f = File.open(dir+"/"+file, "w")
-#              f.puts contents
-#              f.close
-#              Zip::File.open(dir+"/function.zip", Zip::File::CREATE) { |z|
-#                z.add(file, dir+"/"+file)
-#              }
-#            }
-#            desc[:source_archive_url] = MU::Cloud::Google::Function.uploadPackage(dir+"/function.zip", @mu_name+"-cloudfunction.zip", credentials: @credentials)
-#          }
-
-          func_obj = MU::Cloud::Google.function(:CloudFunction).new(desc)
+          func_obj = buildDesc
           MU.log "Creating Cloud Function #{@mu_name} in #{location}", details: func_obj
           resp = MU::Cloud::Google.function(credentials: @credentials).create_project_location_function(location, func_obj)
           @cloud_id = resp.name
@@ -214,27 +125,26 @@ module example.com/cloudfunction
           labels["name"] = MU::Cloud::Google.nameStr(@mu_name)
 
           if cloud_desc.labels != labels
-            desc[:labels] = labels
+            need_update = true
           end
 
           if cloud_desc.runtime != @config['runtime']
-            desc[:runtime] = @config['runtime']
+            need_update = true
           end
           if cloud_desc.timeout != @config['timeout'].to_s+"s"
-            desc[:timeout] = @config['timeout'].to_s+"s"
+            need_update = true
           end
           if cloud_desc.entry_point != @config['handler']
-            desc[:entry_point] = @config['handler']
+            need_update = true
           end
           if cloud_desc.available_memory_mb != @config['memory']
-            desc[:available_memory_mb] = @config['memory']
+            need_update = true
           end
           if @config['environment_variable']
             @config['environment_variable'].each { |var|
               if !cloud_desc.environment_variables or
                  cloud_desc.environment_variables[var["key"].to_s] != var["value"].to_s
-                desc[:environment_variables] ||= {}
-                desc[:environment_variables][var["key"].to_s] = var["value"].to_s
+                need_update = true
               end
             }
           end
@@ -242,10 +152,7 @@ module example.com/cloudfunction
             if !cloud_desc.event_trigger or
                cloud_desc.event_trigger.event_type != @config['triggers'].first['event'] or
                cloud_desc.event_trigger.resource != @config['triggers'].first['resource']
-              desc[:event_trigger] = MU::Cloud::Google.function(:EventTrigger).new(
-                event_type: @config['triggers'].first['event'],
-                resource: @config['triggers'].first['resource']
-              )
+              need_update = true
             end
           end
 
@@ -254,7 +161,6 @@ module example.com/cloudfunction
             File.read("#{dir}/current.zip")
           }
 
-          source_url = nil
           new = if @config['code']['zip_file']
             File.read(@config['code']['zip_file'])
           elsif @config['code']['gs_url']
@@ -269,37 +175,21 @@ module example.com/cloudfunction
           if @config['code']['gs_url'] and
              (@config['code']['gs_url'] != cloud_desc.source_archive_url or
              current != new)
-            desc[:source_archive_url] = @config['code']['gs_url']
+            need_update = true
           elsif @config['code']['zip_file'] and current != new
+            need_update = true
             desc[:source_archive_url] = MU::Cloud::Google::Function.uploadPackage(@config['code']['zip_file'], @mu_name+"-cloudfunction.zip", credentials: @credentials)
           end
 
-          if desc.size > 0
-            # A trigger and some code must always be specified, apparently. The
-            # endpoint hangs indefinitely if either is missing. Charming.
-            if !desc[:https_trigger] and !desc[:event_trigger]
-              if cloud_desc.https_trigger
-                desc[:https_trigger] = MU::Cloud::Google.function(:HttpsTrigger).new
-              else
-                desc[:event_trigger] = cloud_desc.event_trigger
-              end
-            end
-            if !desc[:source_archive_url] and !desc[:source_upload_url]
-              if cloud_desc.source_archive_url
-                desc[:source_archive_url] = cloud_desc.source_archive_url
-              else
-                desc[:source_upload_url] = cloud_desc.source_upload_url
-              end
-            end
-
-            func_obj = MU::Cloud::Google.function(:CloudFunction).new(desc)
+          if need_update
+            func_obj = buildDesc
             MU.log "Updating Cloud Function #{@mu_name}", MU::NOTICE, details: func_obj
             begin
-              MU::Cloud::Google.function(credentials: @credentials).patch_project_location_function(
-                @cloud_id, 
-                func_obj
-              )
-            rescue ::Google::Apis::ClientError => e
+#              MU::Cloud::Google.function(credentials: @credentials).patch_project_location_function(
+#                @cloud_id, 
+#                func_obj
+#              )
+            rescue ::Google::Apis::ClientError
               MU.log "Error updating Cloud Function #{@mu_name}.", MU::ERR
               if desc[:source_archive_url]
                 main_file = nil
@@ -350,7 +240,7 @@ module example.com/cloudfunction
           found = MU::Cloud::Google::Function.find(credentials: credentials, region: region, project: flags["project"])
           found.each_pair { |cloud_id, desc|
             if (desc.description and desc.description == MU.deploy_id) or
-               (desc.labels and desc.labels["mu-id"] == MU.deploy_id.downcase) or
+               (desc.labels and desc.labels["mu-id"] == MU.deploy_id.downcase and (ignoremaster or desc.labels["mu-master-ip"] == MU.mu_public_ip.gsub(/\./, "_"))) or
                (flags["known"] and flags["known"].include?(cloud_id))
               MU.log "Deleting Cloud Function #{desc.name}"
               if !noop
@@ -364,9 +254,7 @@ module example.com/cloudfunction
         # Locate an existing project
         # @return [Hash<OpenStruct>]: The cloud provider's complete descriptions of matching project
         def self.find(**args)
-          args[:project] ||= args[:habitat]
-          args[:project] ||= MU::Cloud::Google.defaultProject(args[:credentials])
-          location = args[:region] || args[:availability_zone] || "-"
+          args = MU::Cloud::Google.findLocationArgs(args)
 
           found = {}
 
@@ -379,7 +267,7 @@ module example.com/cloudfunction
             found[args[:cloud_id]] = resp if resp
           else
             resp = begin
-              MU::Cloud::Google.function(credentials: args[:credentials]).list_project_location_functions("projects/#{args[:project]}/locations/#{location}")
+              MU::Cloud::Google.function(credentials: args[:credentials]).list_project_location_functions("projects/#{args[:project]}/locations/#{args[:location]}")
             rescue ::Google::Apis::ClientError => e
               raise e if !e.message.match(/forbidden:/)
             end
@@ -397,7 +285,7 @@ module example.com/cloudfunction
         # Reverse-map our cloud description into a runnable config hash.
         # We assume that any values we have in +@config+ are placeholders, and
         # calculate our own accordingly based on what's live in the cloud.
-        def toKitten(rootparent: nil, billing: nil, habitats: nil)
+        def toKitten(**_args)
           bok = {
             "cloud" => "Google",
             "cloud_id" => @cloud_id,
@@ -460,7 +348,6 @@ module example.com/cloudfunction
           bok
         end
 
-
         # Cloud-specific configuration properties.
         # @param config [MU::Config]: The calling MU::Config object
         # @return [Array<Array,Hash>]: List of required fields, and json-schema Hash of cloud-specific configuration parameters for this resource
@@ -495,8 +382,14 @@ module example.com/cloudfunction
               "type" => "string",
               "description" => "+DEPRECATED+ VPC Connector to attach, of the form +projects/my-project/locations/some-region/connectors/my-connector+. This option will be removed once proper google-cloud-sdk support for VPC Connectors becomes available, at which point we will piggyback on the normal +vpc+ stanza and resolve connectors as needed."
             },
+            "vpc_connector_allow_all_egress" => {
+              "type" => "boolean",
+              "default" => false,
+              "description" => "+DEPRECATED+ Allow VPC connector egress traffic to any IP range, instead of just private IPs. This option will be removed once proper google-cloud-sdk support for VPC Connectors becomes available, at which point we will piggyback on the normal +vpc+ stanza and resolve connectors as needed."
+            },
             "code" => {
               "type" => "object",  
+              "description" => "Zipped deployment package to upload to our function.", 
               "properties" => {  
                 "gs_url" => {
                   "type" => "string",
@@ -523,7 +416,7 @@ module example.com/cloudfunction
             cloud_desc.source_archive_url.match(/^gs:\/\/([^\/]+)\/(.*)/)
             bucket = Regexp.last_match[1]
             path = Regexp.last_match[2]
-            current = nil
+
             MU::Cloud::Google.storage(credentials: credentials).get_object(bucket, path, download_dest: zipfile)
           elsif cloud_desc.source_upload_url
             resp = MU::Cloud::Google.function(credentials: credentials).generate_function_download_url(
@@ -625,32 +518,7 @@ module example.com/cloudfunction
               ok = false
             end
           else
-            user = {
-              "name" => function['name'],
-              "cloud" => "Google",
-              "project" => function["project"],
-              "credentials" => function["credentials"],
-              "type" => "service"
-            }
-            if user["name"].length < 6
-              user["name"] += Password.pronounceable(6)
-            end
-            if function['roles']
-              user['roles'] = function['roles'].dup
-            end
-            configurator.insertKitten(user, "users", true)
-            function['dependencies'] ||= []
-            function['service_account'] = MU::Config::Ref.get(
-              type: "users",
-              cloud: "Google",
-              name: user["name"],
-              project: user["project"],
-              credentials: user["credentials"]
-            )
-            function['dependencies'] << {
-              "type" => "user",
-              "name" => user["name"]
-            }
+            function = MU::Cloud::Google::User.genericServiceAccount(function, configurator)
           end
 
 #          siblings = configurator.haveLitterMate?(nil, "vpcs", has_multiple: true)
@@ -673,6 +541,104 @@ module example.com/cloudfunction
           ok
         end
 
+        private
+
+        def buildDesc
+          labels = Hash[@tags.keys.map { |k|
+            [k.downcase, @tags[k].downcase.gsub(/[^-_a-z0-9]/, '-')] }
+          ]
+          labels["name"] = MU::Cloud::Google.nameStr(@mu_name)
+
+          location = "projects/"+@config['project']+"/locations/"+@config['region']
+          sa = nil
+          retries = 0
+          begin
+            sa_ref = MU::Config::Ref.get(@config['service_account'])
+            sa = @deploy.findLitterMate(name: sa_ref.name, type: "users")
+            if !sa or !sa.cloud_desc
+              sleep 10
+            end
+          rescue ::Google::Apis::ClientError => e
+            if e.message.match(/notFound:/)
+              sleep 10
+              retries += 1
+              retry
+            end
+          end while !sa or !sa.cloud_desc and retries < 5
+
+          if !sa or !sa.cloud_desc
+            raise MuError, "Failed to get service account cloud id from #{@config['service_account'].to_s}"
+          end
+
+          desc = {
+            name: location+"/functions/"+@mu_name.downcase,
+            runtime: @config['runtime'],
+            timeout: @config['timeout'].to_s+"s",
+#            entry_point: "hello_world",
+            entry_point: @config['handler'],
+            description: @deploy.deploy_id,
+            service_account_email: sa.cloud_desc.email,
+            labels: labels,
+            available_memory_mb: @config['memory']
+          }
+
+          # XXX This network argument is deprecated in favor of using VPC
+          # Connectors. Which would be fine, except there's no API support for
+          # interacting with VPC Connectors. Can't create them, can't list them,
+          # can't do anything except pass their ids into Cloud Functions or 
+          # AppEngine and hope for the best.
+          if @config['vpc_connector']
+            desc[:vpc_connector] = @config['vpc_connector']
+            desc[:vpc_connector_egress_settings] = @config['vpc_connector_allow_all_egress'] ? "ALL_TRAFFIC" : "PRIVATE_RANGES_ONLY"
+            pp desc
+          elsif @vpc
+            desc[:network] = @vpc.url.sub(/^.*?\/projects\//, 'projects/')
+          end
+
+          if @config['triggers']
+            desc[:event_trigger] = MU::Cloud::Google.function(:EventTrigger).new(
+              event_type: @config['triggers'].first['event'],
+              resource: @config['triggers'].first['resource']
+            )
+          else
+            desc[:https_trigger] = MU::Cloud::Google.function(:HttpsTrigger).new
+          end
+
+
+          if @config['environment_variable']
+            @config['environment_variable'].each { |var|
+              desc[:environment_variables] ||= {}
+              desc[:environment_variables][var["key"].to_s] = var["value"].to_s
+            }
+          end
+
+#          hello_code = nil
+#          HELLO_WORLDS.each_pair { |runtime, code|
+#            if @config['runtime'].match(/^#{Regexp.quote(runtime)}/)
+#              hello_code = code
+#              break
+#            end
+#          }
+          if @config['code']['gs_url']
+            desc[:source_archive_url] = @config['code']['gs_url']
+          elsif @config['code']['zip_file']
+            desc[:source_archive_url] = MU::Cloud::Google::Function.uploadPackage(@config['code']['zip_file'], @mu_name+"-cloudfunction.zip", credentials: @credentials)
+          end
+
+#          Dir.mktmpdir(@mu_name) { |dir|
+#            hello_code.each_pair { |file, contents|
+#              f = File.open(dir+"/"+file, "w")
+#              f.puts contents
+#              f.close
+#              Zip::File.open(dir+"/function.zip", Zip::File::CREATE) { |z|
+#                z.add(file, dir+"/"+file)
+#              }
+#            }
+#            desc[:source_archive_url] = MU::Cloud::Google::Function.uploadPackage(dir+"/function.zip", @mu_name+"-cloudfunction.zip", credentials: @credentials)
+#          }
+          MU::Cloud::Google.function(:CloudFunction).new(desc)
+        end
+
       end
     end
   end