RubyGems - cloud-mu - Versions diffs - 3.1.3 → 3.3.0 - Mend

cloud-mu 3.1.3 → 3.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (212) hide show

checksums.yaml +4 -4
data/Dockerfile +15 -3
data/ansible/roles/mu-windows/README.md +33 -0
data/ansible/roles/mu-windows/defaults/main.yml +2 -0
data/ansible/roles/mu-windows/files/LaunchConfig.json +9 -0
data/ansible/roles/mu-windows/files/config.xml +76 -0
data/ansible/roles/mu-windows/handlers/main.yml +2 -0
data/ansible/roles/mu-windows/meta/main.yml +53 -0
data/ansible/roles/mu-windows/tasks/main.yml +36 -0
data/ansible/roles/mu-windows/tests/inventory +2 -0
data/ansible/roles/mu-windows/tests/test.yml +5 -0
data/ansible/roles/mu-windows/vars/main.yml +2 -0
data/bin/mu-adopt +21 -13
data/bin/mu-azure-tests +57 -0
data/bin/mu-cleanup +2 -4
data/bin/mu-configure +52 -0
data/bin/mu-deploy +3 -3
data/bin/mu-findstray-tests +25 -0
data/bin/mu-gen-docs +2 -4
data/bin/mu-load-config.rb +4 -4
data/bin/mu-node-manage +15 -16
data/bin/mu-run-tests +147 -37
data/cloud-mu.gemspec +22 -20
data/cookbooks/mu-activedirectory/resources/domain.rb +4 -4
data/cookbooks/mu-activedirectory/resources/domain_controller.rb +4 -4
data/cookbooks/mu-tools/libraries/helper.rb +3 -2
data/cookbooks/mu-tools/libraries/monkey.rb +35 -0
data/cookbooks/mu-tools/recipes/apply_security.rb +14 -14
data/cookbooks/mu-tools/recipes/aws_api.rb +9 -0
data/cookbooks/mu-tools/recipes/eks.rb +2 -2
data/cookbooks/mu-tools/recipes/google_api.rb +2 -2
data/cookbooks/mu-tools/recipes/selinux.rb +2 -1
data/cookbooks/mu-tools/recipes/windows-client.rb +163 -164
data/cookbooks/mu-tools/resources/disk.rb +1 -1
data/cookbooks/mu-tools/resources/windows_users.rb +44 -43
data/extras/clean-stock-amis +25 -19
data/extras/generate-stock-images +1 -0
data/extras/image-generators/AWS/win2k12.yaml +18 -13
data/extras/image-generators/AWS/win2k16.yaml +18 -13
data/extras/image-generators/AWS/win2k19.yaml +21 -0
data/extras/image-generators/Google/centos6.yaml +1 -0
data/extras/image-generators/Google/centos7.yaml +1 -1
data/modules/mommacat.ru +6 -16
data/modules/mu.rb +158 -111
data/modules/mu/adoption.rb +404 -71
data/modules/mu/cleanup.rb +221 -306
data/modules/mu/cloud.rb +129 -1633
data/modules/mu/cloud/database.rb +49 -0
data/modules/mu/cloud/dnszone.rb +44 -0
data/modules/mu/cloud/machine_images.rb +212 -0
data/modules/mu/cloud/providers.rb +81 -0
data/modules/mu/cloud/resource_base.rb +926 -0
data/modules/mu/cloud/server.rb +40 -0
data/modules/mu/cloud/server_pool.rb +1 -0
data/modules/mu/cloud/ssh_sessions.rb +228 -0
data/modules/mu/cloud/winrm_sessions.rb +237 -0
data/modules/mu/cloud/wrappers.rb +169 -0
data/modules/mu/config.rb +171 -1767
data/modules/mu/config/alarm.rb +2 -6
data/modules/mu/config/bucket.rb +32 -3
data/modules/mu/config/cache_cluster.rb +2 -2
data/modules/mu/config/cdn.rb +100 -0
data/modules/mu/config/collection.rb +4 -4
data/modules/mu/config/container_cluster.rb +9 -4
data/modules/mu/config/database.rb +84 -105
data/modules/mu/config/database.yml +1 -2
data/modules/mu/config/dnszone.rb +10 -9
data/modules/mu/config/doc_helpers.rb +516 -0
data/modules/mu/config/endpoint.rb +5 -4
data/modules/mu/config/firewall_rule.rb +103 -4
data/modules/mu/config/folder.rb +4 -4
data/modules/mu/config/function.rb +19 -10
data/modules/mu/config/group.rb +4 -4
data/modules/mu/config/habitat.rb +4 -4
data/modules/mu/config/job.rb +89 -0
data/modules/mu/config/loadbalancer.rb +60 -14
data/modules/mu/config/log.rb +4 -4
data/modules/mu/config/msg_queue.rb +4 -4
data/modules/mu/config/nosqldb.rb +4 -4
data/modules/mu/config/notifier.rb +10 -21
data/modules/mu/config/ref.rb +411 -0
data/modules/mu/config/role.rb +4 -4
data/modules/mu/config/schema_helpers.rb +509 -0
data/modules/mu/config/search_domain.rb +4 -4
data/modules/mu/config/server.rb +98 -71
data/modules/mu/config/server.yml +1 -0
data/modules/mu/config/server_pool.rb +5 -9
data/modules/mu/config/storage_pool.rb +1 -1
data/modules/mu/config/tail.rb +200 -0
data/modules/mu/config/user.rb +4 -4
data/modules/mu/config/vpc.rb +71 -27
data/modules/mu/config/vpc.yml +0 -1
data/modules/mu/defaults/AWS.yaml +91 -68
data/modules/mu/defaults/Azure.yaml +1 -0
data/modules/mu/defaults/Google.yaml +3 -2
data/modules/mu/deploy.rb +43 -26
data/modules/mu/groomer.rb +17 -2
data/modules/mu/groomers/ansible.rb +188 -41
data/modules/mu/groomers/chef.rb +116 -55
data/modules/mu/logger.rb +127 -148
data/modules/mu/master.rb +410 -2
data/modules/mu/master/chef.rb +3 -4
data/modules/mu/master/ldap.rb +3 -3
data/modules/mu/master/ssl.rb +12 -3
data/modules/mu/mommacat.rb +218 -2612
data/modules/mu/mommacat/daemon.rb +403 -0
data/modules/mu/mommacat/naming.rb +473 -0
data/modules/mu/mommacat/search.rb +495 -0
data/modules/mu/mommacat/storage.rb +722 -0
data/modules/mu/{clouds → providers}/README.md +1 -1
data/modules/mu/{clouds → providers}/aws.rb +380 -122
data/modules/mu/{clouds → providers}/aws/alarm.rb +7 -5
data/modules/mu/{clouds → providers}/aws/bucket.rb +297 -59
data/modules/mu/{clouds → providers}/aws/cache_cluster.rb +37 -71
data/modules/mu/providers/aws/cdn.rb +782 -0
data/modules/mu/{clouds → providers}/aws/collection.rb +26 -25
data/modules/mu/{clouds → providers}/aws/container_cluster.rb +724 -744
data/modules/mu/providers/aws/database.rb +1744 -0
data/modules/mu/{clouds → providers}/aws/dnszone.rb +88 -70
data/modules/mu/providers/aws/endpoint.rb +1072 -0
data/modules/mu/{clouds → providers}/aws/firewall_rule.rb +220 -247
data/modules/mu/{clouds → providers}/aws/folder.rb +8 -8
data/modules/mu/{clouds → providers}/aws/function.rb +300 -142
data/modules/mu/{clouds → providers}/aws/group.rb +31 -29
data/modules/mu/{clouds → providers}/aws/habitat.rb +18 -15
data/modules/mu/providers/aws/job.rb +466 -0
data/modules/mu/{clouds → providers}/aws/loadbalancer.rb +66 -56
data/modules/mu/{clouds → providers}/aws/log.rb +17 -14
data/modules/mu/{clouds → providers}/aws/msg_queue.rb +29 -19
data/modules/mu/{clouds → providers}/aws/nosqldb.rb +114 -16
data/modules/mu/{clouds → providers}/aws/notifier.rb +142 -65
data/modules/mu/{clouds → providers}/aws/role.rb +158 -118
data/modules/mu/{clouds → providers}/aws/search_domain.rb +201 -59
data/modules/mu/{clouds → providers}/aws/server.rb +844 -1139
data/modules/mu/{clouds → providers}/aws/server_pool.rb +74 -65
data/modules/mu/{clouds → providers}/aws/storage_pool.rb +26 -44
data/modules/mu/{clouds → providers}/aws/user.rb +24 -25
data/modules/mu/{clouds → providers}/aws/userdata/README.md +0 -0
data/modules/mu/{clouds → providers}/aws/userdata/linux.erb +5 -4
data/modules/mu/{clouds → providers}/aws/userdata/windows.erb +2 -1
data/modules/mu/{clouds → providers}/aws/vpc.rb +525 -931
data/modules/mu/providers/aws/vpc_subnet.rb +286 -0
data/modules/mu/{clouds → providers}/azure.rb +29 -9
data/modules/mu/{clouds → providers}/azure/container_cluster.rb +3 -8
data/modules/mu/{clouds → providers}/azure/firewall_rule.rb +18 -11
data/modules/mu/{clouds → providers}/azure/habitat.rb +8 -6
data/modules/mu/{clouds → providers}/azure/loadbalancer.rb +5 -5
data/modules/mu/{clouds → providers}/azure/role.rb +8 -10
data/modules/mu/{clouds → providers}/azure/server.rb +97 -49
data/modules/mu/{clouds → providers}/azure/user.rb +6 -8
data/modules/mu/{clouds → providers}/azure/userdata/README.md +0 -0
data/modules/mu/{clouds → providers}/azure/userdata/linux.erb +0 -0
data/modules/mu/{clouds → providers}/azure/userdata/windows.erb +0 -0
data/modules/mu/{clouds → providers}/azure/vpc.rb +16 -21
data/modules/mu/{clouds → providers}/cloudformation.rb +18 -7
data/modules/mu/{clouds → providers}/cloudformation/alarm.rb +3 -3
data/modules/mu/{clouds → providers}/cloudformation/cache_cluster.rb +3 -3
data/modules/mu/{clouds → providers}/cloudformation/collection.rb +3 -3
data/modules/mu/{clouds → providers}/cloudformation/database.rb +6 -17
data/modules/mu/{clouds → providers}/cloudformation/dnszone.rb +3 -3
data/modules/mu/{clouds → providers}/cloudformation/firewall_rule.rb +3 -3
data/modules/mu/{clouds → providers}/cloudformation/loadbalancer.rb +3 -3
data/modules/mu/{clouds → providers}/cloudformation/log.rb +3 -3
data/modules/mu/{clouds → providers}/cloudformation/server.rb +7 -7
data/modules/mu/{clouds → providers}/cloudformation/server_pool.rb +5 -5
data/modules/mu/{clouds → providers}/cloudformation/vpc.rb +5 -7
data/modules/mu/{clouds → providers}/docker.rb +0 -0
data/modules/mu/{clouds → providers}/google.rb +68 -30
data/modules/mu/{clouds → providers}/google/bucket.rb +13 -15
data/modules/mu/{clouds → providers}/google/container_cluster.rb +85 -78
data/modules/mu/{clouds → providers}/google/database.rb +11 -21
data/modules/mu/{clouds → providers}/google/firewall_rule.rb +15 -14
data/modules/mu/{clouds → providers}/google/folder.rb +20 -17
data/modules/mu/{clouds → providers}/google/function.rb +140 -168
data/modules/mu/{clouds → providers}/google/group.rb +29 -34
data/modules/mu/{clouds → providers}/google/habitat.rb +21 -22
data/modules/mu/{clouds → providers}/google/loadbalancer.rb +19 -21
data/modules/mu/{clouds → providers}/google/role.rb +94 -58
data/modules/mu/{clouds → providers}/google/server.rb +243 -156
data/modules/mu/{clouds → providers}/google/server_pool.rb +26 -45
data/modules/mu/{clouds → providers}/google/user.rb +95 -31
data/modules/mu/{clouds → providers}/google/userdata/README.md +0 -0
data/modules/mu/{clouds → providers}/google/userdata/linux.erb +0 -0
data/modules/mu/{clouds → providers}/google/userdata/windows.erb +0 -0
data/modules/mu/{clouds → providers}/google/vpc.rb +103 -79
data/modules/tests/aws-jobs-functions.yaml +46 -0
data/modules/tests/bucket.yml +4 -0
data/modules/tests/centos6.yaml +15 -0
data/modules/tests/centos7.yaml +15 -0
data/modules/tests/centos8.yaml +12 -0
data/modules/tests/ecs.yaml +23 -0
data/modules/tests/eks.yaml +1 -1
data/modules/tests/functions/node-function/lambda_function.js +10 -0
data/modules/tests/functions/python-function/lambda_function.py +12 -0
data/modules/tests/includes-and-params.yaml +2 -1
data/modules/tests/microservice_app.yaml +288 -0
data/modules/tests/rds.yaml +108 -0
data/modules/tests/regrooms/aws-iam.yaml +201 -0
data/modules/tests/regrooms/bucket.yml +19 -0
data/modules/tests/regrooms/rds.yaml +123 -0
data/modules/tests/server-with-scrub-muisms.yaml +2 -1
data/modules/tests/super_complex_bok.yml +2 -2
data/modules/tests/super_simple_bok.yml +3 -5
data/modules/tests/win2k12.yaml +17 -5
data/modules/tests/win2k16.yaml +25 -0
data/modules/tests/win2k19.yaml +25 -0
data/requirements.txt +1 -0
data/spec/mu/clouds/azure_spec.rb +2 -2
metadata +240 -154
data/extras/image-generators/AWS/windows.yaml +0 -18
data/modules/mu/clouds/aws/database.rb +0 -1985
data/modules/mu/clouds/aws/endpoint.rb +0 -592

data/modules/mu/{clouds → providers}/google/server.rb RENAMED

@@ -87,7 +87,7 @@ module MU
             img = fetchImage(image_id, credentials: credentials)
             return DateTime.new if img.nil?
             return DateTime.parse(img.creation_timestamp)
-          rescue ::Google::Apis::ClientError => e
+          rescue ::Google::Apis::ClientError
           end
           return DateTime.new
@@ -164,19 +164,26 @@ module MU
         def self.diskConfig(config, create = true, disk_as_url = true, credentials: nil)
           disks = []
           if config['image_id'].nil? and config['basis'].nil?
-            pp config.keys
             raise MuError, "Can't generate disk configuration for server #{config['name']} without an image ID or basis specified"
           end
           img = fetchImage(config['image_id'] || config['basis']['launch_config']['image_id'], credentials: credentials)
-# XXX slurp settings from /dev/sda or w/e by convention?
+#          if img.source_disk and img.source_disk.match(/projects\/([^\/]+)\/zones\/([^\/]+)\/disks\/(.*)/)
+#            _junk, proj, az, name = Regexp.last_match
+#            disk_desc = MU::Cloud::Google.compute(credentials: credentials).get_disk(proj, az, name)
+#            pp disk_desc
+#            raise "nah"
+#          end
           disktype = "projects/#{config['project']}/zones/#{config['availability_zone']}/diskTypes/pd-standard"
-          disktype = "pd-standard" if !disk_as_url
-# disk_type: projects/project/zones/#{config['availability_zone']}/diskTypes/pd-standard Other values include pd-ssd and local-ssd
+          disktype.gsub!(/.*?\/([^\/])$/, '\1') if !disk_as_url
           imageobj = MU::Cloud::Google.compute(:AttachedDiskInitializeParams).new(
             source_image: img.self_link,
-            disk_size_gb: 10, # this is binary? 2gb, that says
+            disk_size_gb: img.disk_size_gb,
             disk_type: disktype,
           )
           disks << MU::Cloud::Google.compute(:AttachedDisk).new(
@@ -247,15 +254,22 @@ next if !create
             subnet_cfg = config['vpc']['subnets'].sample
           end
           subnet = vpc.getSubnet(name: subnet_cfg['subnet_name'], cloud_id: subnet_cfg['subnet_id'])
           if subnet.nil?
-            raise MuError, "Couldn't find subnet details for #{subnet_cfg['subnet_name'] || subnet_cfg['subnet_id']} while configuring Server #{config['name']} (VPC: #{vpc.mu_name})"
+            if config['vpc']['name']
+              subnet = vpc.getSubnet(name: config['vpc']['name']+subnet_cfg['subnet_name'], cloud_id: subnet_cfg['subnet_id'])
+            end
+            if subnet.nil?
+              raise MuError, "Couldn't find subnet details for #{subnet_cfg['subnet_name'] || subnet_cfg['subnet_id']} while configuring Server #{config['name']} (VPC: #{vpc.mu_name})"
+            end
           end
           base_iface_obj = {
             :network => vpc.url,
             :subnetwork => subnet.url
           }
           if config['associate_public_ip']
             base_iface_obj[:access_configs] = [
               MU::Cloud::Google.compute(:AccessConfig).new
@@ -322,7 +336,7 @@ next if !create
             end
             metadata["startup-script"] = @userdata if @userdata and !@userdata.empty?
-            deploykey = @config['ssh_user']+":"+@deploy.ssh_public_key
+            deploykey = @config["ssh_user"]+":"+@deploy.ssh_public_key
             if metadata["ssh-keys"]
               metadata["ssh-keys"] += "\n"+deploykey
             else
@@ -348,7 +362,7 @@ next if !create
             desc[:labels]["name"] = @mu_name.downcase
             if @config['network_tags'] and @config['network_tags'].size > 0
-              desc[:tags] = U::Cloud::Google.compute(:Tags).new(
+              desc[:tags] = MU::Cloud::Google.compute(:Tags).new(
                 items: @config['network_tags']
               )
             end
@@ -369,7 +383,7 @@ next if !create
                 sleep 10
               end
             rescue ::Google::Apis::ClientError => e
-              MU.log e.message, MU::ERR
+              MU.log e.message+" inserting instance into #{@project_id}/#{@config['availability_zone']}", MU::ERR, details: instanceobj
               raise e
             end while @cloud_id.nil?
@@ -394,7 +408,7 @@ next if !create
             notify
-          rescue Exception => e
+          rescue StandardError => e
             if !cloud_desc.nil? and !done
               MU.log "Aborted before I could finish setting up #{@config['name']}, cleaning it up. Stack trace will print once cleanup is complete.", MU::WARN if !@deploy.nocleanup
               MU::MommaCat.unlockAll
@@ -445,7 +459,7 @@ next if !create
           )
           begin
             sleep 5
-          end while cloud_desc.status != "TERMINATED" # means STOPPED
+          end while cloud_desc(use_cache: false).status != "TERMINATED" # means STOPPED
         end
         # Ask the Google API to start this node
@@ -462,30 +476,30 @@ next if !create
         end
         # Ask the Google API to restart this node
-        # XXX unimplemented
-        def reboot(hard = false)
+        # @param _hard [Boolean]: [IGNORED] Force a stop/start. This is the only available way to restart an instance in Google, so this flag is ignored.
+        def reboot(_hard = false)
           return if @cloud_id.nil?
+          stop
+          start
         end
         # Figure out what's needed to SSH into this server.
         # @return [Array<String>]: nat_ssh_key, nat_ssh_user, nat_ssh_host, canonical_ip, ssh_user, ssh_key_name, alternate_names
         def getSSHConfig
-          node, config, deploydata = describe(cloud_id: @cloud_id)
+          describe(cloud_id: @cloud_id)
 # XXX add some awesome alternate names from metadata and make sure they end
 # up in MU::MommaCat's ssh config wangling
-          ssh_keydir = Etc.getpwuid(Process.uid).dir+"/.ssh"
           return nil if @config.nil? or @deploy.nil?
           nat_ssh_key = nat_ssh_user = nat_ssh_host = nil
-          if !@config["vpc"].nil? and !MU::Cloud::Google::VPC.haveRouteToInstance?(cloud_desc, region: @config['region'], credentials: @config['credentials'])
+          if !@config["vpc"].nil? and !MU::Cloud.resourceClass("Google", "VPC").haveRouteToInstance?(cloud_desc, credentials: @config['credentials'])
             if !@nat.nil?
               if @nat.cloud_desc.nil?
                 MU.log "NAT was missing cloud descriptor when called in #{@mu_name}'s getSSHConfig", MU::ERR
                 return nil
               end
-              foo, bar, baz, nat_ssh_host, nat_ssh_user, nat_ssh_key  = @nat.getSSHConfig
+              _foo, _bar, _baz, nat_ssh_host, nat_ssh_user, nat_ssh_key  = @nat.getSSHConfig
               if nat_ssh_user.nil? and !nat_ssh_host.nil?
                 MU.log "#{@config["name"]} (#{MU.deploy_id}) is configured to use #{@config['vpc']} NAT #{nat_ssh_host}, but username isn't specified. Guessing root.", MU::ERR, details: caller
                 nat_ssh_user = "root"
@@ -495,7 +509,8 @@ next if !create
           if @config['ssh_user'].nil?
             if windows?
-              @config['ssh_user'] = "Administrator"
+              @config['ssh_user'] = @config['windows_admin_user']
+              @config['ssh_user'] ||= "Administrator"
             else
               @config['ssh_user'] = "root"
             end
@@ -512,26 +527,24 @@ next if !create
             @cloud_id = instance_id
           end
-          instance = cloud_desc
-          node, config, deploydata = describe(cloud_id: @cloud_id)
+          node, _config, deploydata = describe(cloud_id: @cloud_id)
           instance = cloud_desc
           raise MuError, "Couldn't find instance of #{@mu_name} (#{@cloud_id})" if !instance
           return false if !MU::MommaCat.lock(@cloud_id+"-orchestrate", true)
           return false if !MU::MommaCat.lock(@cloud_id+"-groom", true)
 #          MU::Cloud::AWS.createStandardTags(@cloud_id, region: @config['region'])
-#          MU::MommaCat.createTag(@cloud_id, "Name", node, region: @config['region'])
+#          MU::Cloud::AWS.createTag(@cloud_id, "Name", node, region: @config['region'])
 #
 #          if @config['optional_tags']
 #            MU::MommaCat.listOptionalTags.each { |key, value|
-#              MU::MommaCat.createTag(@cloud_id, key, value, region: @config['region'])
+#              MU::Cloud::AWS.createTag(@cloud_id, key, value, region: @config['region'])
 #            }
 #          end
 #
 #          if !@config['tags'].nil?
 #            @config['tags'].each { |tag|
-#              MU::MommaCat.createTag(@cloud_id, tag['key'], tag['value'], region: @config['region'])
+#              MU::Cloud::AWS.createTag(@cloud_id, tag['key'], tag['value'], region: @config['region'])
 #            }
 #          end
 #          MU.log "Tagged #{node} (#{@cloud_id}) with MU-ID=#{MU.deploy_id}", MU::DEBUG
@@ -609,8 +622,8 @@ next if !create
             @named = true
           end
-          nat_ssh_key, nat_ssh_user, nat_ssh_host, canonical_ip, ssh_user, ssh_key_name = getSSHConfig
-          if !nat_ssh_host and !MU::Cloud::Google::VPC.haveRouteToInstance?(cloud_desc, region: @config['region'], credentials: @config['credentials'])
+          _nat_ssh_key, _nat_ssh_user, nat_ssh_host, _canonical_ip, _ssh_user, _ssh_key_name = getSSHConfig
+          if !nat_ssh_host and !MU::Cloud.resourceClass("Google", "VPC").haveRouteToInstance?(cloud_desc, credentials: @config['credentials'])
 # XXX check if canonical_ip is in the private ranges
 #            raise MuError, "#{node} has no NAT host configured, and I have no other route to it"
           end
@@ -641,8 +654,8 @@ next if !create
         # Locate an existing instance or instances and return an array containing matching AWS resource descriptors for those that match.
         # @return [Array<Hash<String,OpenStruct>>]: The cloud provider's complete descriptions of matching instances
         def self.find(**args)
-          args[:project] ||= args[:habitat]
-          args[:project] ||= MU::Cloud::Google.defaultProject(args[:credentials])
+          args = MU::Cloud::Google.findLocationArgs(args)
           if !args[:region].nil? and MU::Cloud::Google.listRegions.include?(args[:region])
             regions = [args[:region]]
           else
@@ -720,9 +733,6 @@ next if !create
         # Return a description of this resource appropriate for deployment
         # metadata. Arguments reflect the return values of the MU::Cloud::[Resource].describe method
         def notify
-          node, config, deploydata = describe(cloud_id: @cloud_id, update_cache: true)
-          deploydata = {} if deploydata.nil?
           if cloud_desc.nil?
             raise MuError, "Failed to load instance metadata for #{@config['mu_name']}/#{@cloud_id}"
           end
@@ -783,7 +793,7 @@ next if !create
           MU::MommaCat.lock(@cloud_id+"-groom")
-          node, config, deploydata = describe(cloud_id: @cloud_id)
+          node, _config, deploydata = describe(cloud_id: @cloud_id)
           if node.nil? or node.empty?
             raise MuError, "MU::Cloud::Google::Server.groom was called without a mu_name"
@@ -798,29 +808,6 @@ next if !create
 #          punchAdminNAT
-#          MU::Cloud::AWS::Server.tagVolumes(@cloud_id)
-          # If we have a loadbalancer configured, attach us to it
-#          if !@config['loadbalancers'].nil?
-#            if @loadbalancers.nil?
-#              raise MuError, "#{@mu_name} is configured to use LoadBalancers, but none have been loaded by dependencies()"
-#            end
-#            @loadbalancers.each { |lb|
-#              lb.registerNode(@cloud_id)
-#            }
-#          end
-          # Let us into any databases we depend on.
-          # This is probelmtic with autscaling - old ips are not removed, and access to the database can easily be given at the BoK level
-          # if @dependencies.has_key?("database")
-            # @dependencies['database'].values.each { |db|
-              # db.allowHost(@deploydata["private_ip_address"]+"/32")
-              # if @deploydata["public_ip_address"]
-                # db.allowHost(@deploydata["public_ip_address"]+"/32")
-              # end
-            # }
-          # end
           @groomer.saveDeployData
           begin
@@ -859,9 +846,9 @@ next if !create
                 project: @project_id,
                 exclude_storage: img_cfg['image_exclude_storage'],
                 make_public: img_cfg['public'],
-                tags: @config['tags'],
+                tags: @tags,
                 zone: @config['availability_zone'],
-                family: @config['family'],
+                family: img_cfg['family'],
                 credentials: @config['credentials']
             )
             @deploy.notify("images", @config['name'], {"image_id" => image_id})
@@ -897,50 +884,50 @@ next if !create
             raise MuError, "Failed to find instance '#{instance_id}' in createImage"
           end
-          labels = {}
-          MU::MommaCat.listStandardTags.each_pair { |key, value|
-            if !value.nil?
-              labels[key.downcase] = value.downcase.gsub(/[^a-z0-9\-\_]/i, "_")
-            end
-          }
+          labels = Hash[tags.keys.map { |k|
+            [k.downcase, tags[k].downcase.gsub(/[^-_a-z0-9]/, '-')] }
+          ]
+          labels["name"] = name
           bootdisk = nil
           threads = []
           parent_thread_id = Thread.current.object_id
-          instance[instance_id].disks.each { |disk|
-            threads << Thread.new {
-              Thread.abort_on_exception = false
-              MU.dupGlobals(parent_thread_id)
-              if disk.boot
-                bootdisk = disk.source
-              else
-                snapobj = MU::Cloud::Google.compute(:Snapshot).new(
-                  name: name+"-"+disk.device_name,
-                  description: "Mu image created from #{name} (#{disk.device_name})"
-                )
-                diskname = disk.source.gsub(/.*?\//, "")
-                MU.log "Creating snapshot of #{diskname} in #{zone}", MU::NOTICE, details: snapobj
-                snap = MU::Cloud::Google.compute(credentials: credentials).create_disk_snapshot(
-                  project,
-                  zone,
-                  diskname,
-                  snapobj
-                )
-                MU::Cloud::Google.compute(credentials: credentials).set_snapshot_labels(
-                  project,
-                  snap.name,
-                  MU::Cloud::Google.compute(:GlobalSetLabelsRequest).new(
-                    label_fingerprint: snap.label_fingerprint,
-                    labels: labels.merge({
-                      "mu-device-name" => disk.device_name,
-                      "mu-parent-image" => name,
-                      "mu-orig-zone" => zone
-                    })
+          if !exclude_storage
+            instance[instance_id].disks.each { |disk|
+              threads << Thread.new {
+                Thread.abort_on_exception = false
+                MU.dupGlobals(parent_thread_id)
+                if disk.boot
+                  bootdisk = disk.source
+                else
+                  snapobj = MU::Cloud::Google.compute(:Snapshot).new(
+                    name: name+"-"+disk.device_name,
+                    description: "Mu image created from #{name} (#{disk.device_name})"
                   )
-                )
-              end
+                  diskname = disk.source.gsub(/.*?\//, "")
+                  MU.log "Creating snapshot of #{diskname} in #{zone}", MU::NOTICE, details: snapobj
+                  snap = MU::Cloud::Google.compute(credentials: credentials).create_disk_snapshot(
+                    project,
+                    zone,
+                    diskname,
+                    snapobj
+                  )
+                  MU::Cloud::Google.compute(credentials: credentials).set_snapshot_labels(
+                    project,
+                    snap.name,
+                    MU::Cloud::Google.compute(:GlobalSetLabelsRequest).new(
+                      label_fingerprint: snap.label_fingerprint,
+                      labels: labels.merge({
+                        "mu-device-name" => disk.device_name,
+                        "mu-parent-image" => name,
+                        "mu-orig-zone" => zone
+                      })
+                    )
+                  )
+                end
+              }
             }
-          }
+          end
           threads.each do |t|
             t.join
           end
@@ -954,10 +941,28 @@ next if !create
           }
           image_desc[:family] = family if family
-          newimage = MU::Cloud::Google.compute(credentials: @config['credentials']).insert_image(
+          MU.log "Creating image of #{name}", MU::NOTICE, details: image_desc
+          newimage = MU::Cloud::Google.compute(credentials: credentials).insert_image(
             project,
             MU::Cloud::Google.compute(:Image).new(image_desc)
           )
+          if make_public
+            MU.log "Making image #{newimage.name} public"
+            MU::Cloud::Google.compute(credentials: credentials).set_image_iam_policy(
+              project,
+              newimage.name,
+              MU::Cloud::Google.compute(:GlobalSetPolicyRequest).new(
+                bindings: [
+                  MU::Cloud::Google.compute(:Binding).new(
+                    members: ["allAuthenticatedUsers"],
+                    role: "roles/compute.imageUser"
+                  )
+                ],
+              )
+            )
+          end
           newimage.name
         end
@@ -966,7 +971,7 @@ next if !create
         # bastion hosts that may be in the path, see getSSHConfig if that's what
         # you need.
         def canonicalIP
-          mu_name, config, deploydata = describe(cloud_id: @cloud_id)
+          describe(cloud_id: @cloud_id)
           if !cloud_desc
             raise MuError, "Couldn't retrieve cloud descriptor for server #{self}"
@@ -987,7 +992,7 @@ next if !create
           # Our deploydata gets corrupted often with server pools, this will cause us to use the wrong IP to identify a node
           # which will cause us to create certificates, DNS records and other artifacts with incorrect information which will cause our deploy to fail.
           # The cloud_id is always correct so lets use 'cloud_desc' to get the correct IPs
-          if MU::Cloud::Google::VPC.haveRouteToInstance?(cloud_desc, credentials: @config['credentials']) or public_ips.size == 0
+          if MU::Cloud.resourceClass("Google", "VPC").haveRouteToInstance?(cloud_desc, credentials: @config['credentials']) or public_ips.size == 0
             @config['canonical_ip'] = private_ips.first
             return private_ips.first
           else
@@ -996,10 +1001,109 @@ next if !create
           end
         end
+        # Return all of the IP addresses, public and private, from all of our
+        # network interfaces.
+        # @return [Array<String>]
+        def listIPs
+          ips = []
+          cloud_desc.network_interfaces.each { |iface|
+            ips << iface.network_ip
+            if iface.access_configs
+              iface.access_configs.each { |acfg|
+                ips << acfg.nat_ip if acfg.nat_ip
+              }
+            end
+          }
+          ips
+        end
         # return [String]: A password string.
-        def getWindowsAdminPassword
+        def getWindowsAdminPassword(use_cache: true)
+          @config['windows_auth_vault'] ||= {
+            "vault" => @mu_name,
+            "item" => "windows_credentials",
+            "password_field" => "password"
+          }
+          if use_cache
+            begin
+              win_admin_password = @groomer.getSecret(
+                vault: @config['windows_auth_vault']['vault'],
+                item: @config['windows_auth_vault']['item'],
+                field: @config["windows_auth_vault"]["password_field"]
+              )
+              return win_admin_password if win_admin_password
+            rescue MU::Groomer::MuNoSuchSecret, MU::Groomer::RunError
+            end
+          end
+          require 'openssl/oaep'
+          timeout = 300
+          serial_out = nil
+          key = OpenSSL::PKey::RSA.generate 2048
+          missing_response = Proc.new {
+            !serial_out or !serial_out.contents or serial_out.contents.empty? or JSON.parse(serial_out.contents)["userName"] != @config['windows_admin_username']
+          }
+          did_metadata = false
+          MU.retrier(loop_if: missing_response, wait: 10, max: timeout/10) {
+            serial_out = MU::Cloud::Google.compute(credentials: @credentials).get_instance_serial_port_output(@project_id, @config['availability_zone'], @cloud_id, port: 4)
+            if missing_response.call and
+               !cloud_desc(use_cache: false).metadata.items.map { |i| i.key }.include?("windows-keys")
+              keybytes = Base64.decode64(key.public_key.export.gsub(/-----(?:BEGIN|END) PUBLIC KEY-----/, ''))
+              modulus = keybytes.byteslice(33,256)
+              exponent = keybytes.byteslice(291,3)
+              keydata = {
+                "userName" => @config['windows_admin_username'],
+                "modulus" => Base64.strict_encode64(modulus),
+                "exponent" => Base64.strict_encode64(exponent),
+                "email" => MU.muCfg['mu_admin_email'],
+                "expireOn" => (Time.now.utc+timeout).strftime('%Y-%m-%dT%H:%M:%SZ')
+              }
+              new_items = cloud_desc.metadata.items.map { |item|
+                MU::Cloud::Google.compute(:Metadata)::Item.new(
+                  key: item.key,
+                  value: item.value
+                )
+              }
+              new_items.reject! { |item| item.key == "windows-keys" }
+              new_items << MU::Cloud::Google.compute(:Metadata)::Item.new(
+                key: "windows-keys",
+                value: JSON.generate(keydata)
+              )
+              new_metadata = MU::Cloud::Google.compute(:Metadata).new(
+                fingerprint: cloud_desc(use_cache: false).metadata.fingerprint,
+                items: new_items
+              )
+              MU::Cloud::Google.compute(credentials: @credentials).set_instance_metadata(@project_id, @config['availability_zone'], @cloud_id, new_metadata)
+            end
+          }
+          return nil if missing_response.call
+          pwdata = JSON.parse(serial_out.contents)
+          if pwdata['encryptedPassword'] and pwdata['userName'] == @config['windows_admin_username']
+            decrypted_pw = key.private_decrypt_oaep(Base64.strict_decode64(pwdata['encryptedPassword']))
+            creds = {
+              "username" => @config['windows_admin_username'],
+              "password" => decrypted_pw,
+              "sshd_username" => "sshd_service",
+              "sshd_password" => decrypted_pw
+            }
+            @groomer.saveSecret(vault: @mu_name, item: "windows_credentials", data: creds, permissions: "name:#{@mu_name}")
+            return decrypted_pw
+          end
+          nil
         end
         # Add a volume to this instance
         # @param dev [String]: Device name to use when attaching to instance
         # @param size [String]: Size (in gb) of the new volume
@@ -1017,7 +1121,7 @@ next if !create
             description: description,
             zone: @config['availability_zone'],
 #            type: "projects/#{config['project']}/zones/#{config['availability_zone']}/diskTypes/pd-ssd",
-            type: "projects/#{@project_id}/zones/#{@config['availability_zone']}/diskTypes/pd-standard",
+            type: "projects/#{@project_id}/zones/#{@config['availability_zone']}/diskTypes/#{type}",
 # Other values include pd-ssd and local-ssd
             name: resname
           )
@@ -1045,7 +1149,7 @@ next if !create
           )
           MU.log "Attaching disk #{resname} to #{@cloud_id} at #{devname}"
-          attachment = MU::Cloud::Google.compute(credentials: @config['credentials']).attach_disk(
+          MU::Cloud::Google.compute(credentials: @config['credentials']).attach_disk(
             @project_id,
             @config['availability_zone'],
             @cloud_id,
@@ -1064,7 +1168,7 @@ next if !create
         # Reverse-map our cloud description into a runnable config hash.
         # We assume that any values we have in +@config+ are placeholders, and
         # calculate our own accordingly based on what's live in the cloud.
-        def toKitten(rootparent: nil, billing: nil, habitats: nil)
+        def toKitten(**_args)
           bok = {
             "cloud" => "Google",
             "credentials" => @config['credentials'],
@@ -1186,41 +1290,47 @@ next if !create
         # @param ignoremaster [Boolean]: If true, will remove resources not flagged as originating from this Mu server
         # @param region [String]: The cloud provider region
         # @return [void]
-        def self.cleanup(noop: false, ignoremaster: false, region: MU.curRegion, credentials: nil, flags: {})
-          flags["project"] ||= MU::Cloud::Google.defaultProject(credentials)
-          return if !MU::Cloud::Google::Habitat.isLive?(flags["project"], credentials)
-          skipsnapshots = flags["skipsnapshots"]
-          onlycloud = flags["onlycloud"]
+        def self.cleanup(noop: false, deploy_id: MU.deploy_id, ignoremaster: false, region: MU.curRegion, credentials: nil, flags: {})
+          flags["habitat"] ||= MU::Cloud::Google.defaultProject(credentials)
+          return if !MU::Cloud.resourceClass("Google", "Habitat").isLive?(flags["habitat"], credentials)
 # XXX make damn sure MU.deploy_id is set
+          filter = %Q{(labels.mu-id = "#{MU.deploy_id.downcase}")}
+          if !ignoremaster and MU.mu_public_ip
+            filter += %Q{ AND (labels.mu-master-ip = "#{MU.mu_public_ip.gsub(/\./, "_")}")}
+          end
           MU::Cloud::Google.listAZs(region).each { |az|
             disks = []
             resp = MU::Cloud::Google.compute(credentials: credentials).list_instances(
-              flags["project"],
+              flags["habitat"],
               az,
-              filter: "description eq #{MU.deploy_id}"
+              filter: filter
             )
             if !resp.items.nil? and resp.items.size > 0
               resp.items.each { |instance|
-                saname = instance.tags.items.first.gsub(/[^a-z]/, "") # XXX this nonsense again
                 MU.log "Terminating instance #{instance.name}"
                 if !instance.disks.nil? and instance.disks.size > 0
                   instance.disks.each { |disk|
                     disks << disk if !disk.auto_delete
                   }
                 end
-                deletia = MU::Cloud::Google.compute(credentials: credentials).delete_instance(
-                  flags["project"],
+                MU::Cloud::Google.compute(credentials: credentials).delete_instance(
+                  flags["habitat"],
                   az,
                   instance.name
                 ) if !noop
-                MU.log "Removing service account #{saname}"
-                begin
-                  MU::Cloud::Google.iam(credentials: credentials).delete_project_service_account(
-                    "projects/#{flags["project"]}/serviceAccounts/#{saname}@#{flags["project"]}.iam.gserviceaccount.com"
-                  ) if !noop
-                rescue ::Google::Apis::ClientError => e
-                  raise e if !e.message.match(/^notFound: /)
+                if instance.service_accounts
+                  instance.service_accounts.each { |sa|
+                    MU.log "Removing service account #{sa.email}"
+                    begin
+                      MU::Cloud::Google.iam(credentials: credentials).delete_project_service_account(
+                        "projects/#{flags["habitat"]}/serviceAccounts/#{sa.email}"
+                      ) if !noop
+                    rescue ::Google::Apis::ClientError => e
+                      raise e if !e.message.match(/^notFound: /)
+                    end
+                  }
                 end
 # XXX wait-loop on pending?
 #                pp deletia
@@ -1233,7 +1343,7 @@ next if !create
 # XXX honor snapshotting
             MU::Cloud::Google.compute(credentials: credentials).delete(
               "disk",
-              flags["project"],
+              flags["habitat"],
               az,
               noop
             ) if !noop
@@ -1246,7 +1356,11 @@ next if !create
         def self.schema(config)
           toplevel_required = []
           schema = {
-            "roles" => MU::Cloud::Google::User.schema(config)[1]["roles"],
+            "roles" => MU::Cloud.resourceClass("Google", "User").schema(config)[1]["roles"],
+            "windows_admin_username" => {
+              "type" => "string",
+              "default" => "muadmin"
+            },
             "create_image" => {
               "properties" => {
                 "family" => {
@@ -1353,8 +1467,7 @@ next if !create
             foundmatch = false
             MU::Cloud.availableClouds.each { |cloud|
               next if cloud == "Google"
-              cloudbase = Object.const_get("MU").const_get("Cloud").const_get(cloud)
-              foreign_types = (cloudbase.listInstanceTypes).values.first
+              foreign_types = (MU::Cloud.cloudClass(cloud).listInstanceTypes).values.first
               if foreign_types.size == 1
                 foreign_types = foreign_types.values.first
               end
@@ -1411,6 +1524,7 @@ next if !create
           end
           if server['service_account']
+            server['service_account'] = server['service_account'].to_h
             server['service_account']['cloud'] = "Google"
             server['service_account']['habitat'] ||= server['project']
             found = MU::Config::Ref.get(server['service_account'])
@@ -1419,37 +1533,12 @@ next if !create
               ok = false
             end
           else
-            user = {
-              "name" => server['name'],
-              "cloud" => "Google",
-              "project" => server["project"],
-              "credentials" => server["credentials"],
-              "type" => "service"
-            }
-            if user["name"].length < 6
-              user["name"] += Password.pronounceable(6)
-            end
-            if server['roles']
-              user['roles'] = server['roles'].dup
-            end
-            configurator.insertKitten(user, "users", true)
-            server['dependencies'] ||= []
-            server['service_account'] = MU::Config::Ref.get(
-              type: "users",
-              cloud: "Google",
-              name: user["name"],
-              project: user["project"],
-              credentials: user["credentials"]
-            )
-            server['dependencies'] << {
-              "type" => "user",
-              "name" => user["name"]
-            }
+            server = MU::Cloud.resourceClass("Google", "User").genericServiceAccount(server, configurator)
           end
           subnets = nil
           if !server['vpc']
-            vpcs = MU::Cloud::Google::VPC.find(credentials: server['credentials'])
+            vpcs = MU::Cloud.resourceClass("Google", "VPC").find(credentials: server['credentials'])
             if vpcs["default"]
               server["vpc"] ||= {}
               server["vpc"]["vpc_id"] = vpcs["default"].self_link
@@ -1464,7 +1553,7 @@ next if !create
           if !server['vpc']['subnet_id'] and server['vpc']['subnet_name'].nil?
             if !subnets
               if server["vpc"]["vpc_id"]
-                vpcs = MU::Cloud::Google::VPC.find(cloud_id: server["vpc"]["vpc_id"])
+                vpcs = MU::Cloud.resourceClass("Google", "VPC").find(cloud_id: server["vpc"]["vpc_id"])
                 subnets = vpcs["default"].subnetworks.sample
               end
             end
@@ -1509,7 +1598,7 @@ next if !create
             img_project = Regexp.last_match[1]
             img_name = Regexp.last_match[2]
             begin
-              img = MU::Cloud::Google.compute(credentials: server['credentials']).get_image(img_project, img_name)
+              MU::Cloud::Google.compute(credentials: server['credentials']).get_image(img_project, img_name)
               snaps = MU::Cloud::Google.compute(credentials: server['credentials']).list_snapshots(
                 img_project,
                 filter: "name eq #{img_name}-.*"
@@ -1548,8 +1637,6 @@ next if !create
           ok
         end
-        private
       end #class
     end #class
   end