RubyGems - cloud-mu - Versions diffs - 3.1.5 → 3.3.2 - Mend

cloud-mu 3.1.5 → 3.3.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (185) hide show

checksums.yaml +4 -4
data/Dockerfile +5 -1
data/ansible/roles/mu-windows/files/LaunchConfig.json +9 -0
data/ansible/roles/mu-windows/files/config.xml +76 -0
data/ansible/roles/mu-windows/tasks/main.yml +16 -0
data/bin/mu-adopt +16 -12
data/bin/mu-azure-tests +57 -0
data/bin/mu-cleanup +2 -4
data/bin/mu-configure +52 -0
data/bin/mu-deploy +3 -3
data/bin/mu-findstray-tests +25 -0
data/bin/mu-gen-docs +2 -4
data/bin/mu-load-config.rb +2 -1
data/bin/mu-node-manage +15 -16
data/bin/mu-run-tests +37 -12
data/cloud-mu.gemspec +3 -3
data/cookbooks/mu-activedirectory/resources/domain.rb +4 -4
data/cookbooks/mu-activedirectory/resources/domain_controller.rb +4 -4
data/cookbooks/mu-tools/libraries/helper.rb +1 -1
data/cookbooks/mu-tools/recipes/apply_security.rb +14 -14
data/cookbooks/mu-tools/recipes/aws_api.rb +9 -0
data/cookbooks/mu-tools/recipes/eks.rb +2 -2
data/cookbooks/mu-tools/recipes/windows-client.rb +25 -22
data/extras/clean-stock-amis +25 -19
data/extras/generate-stock-images +1 -0
data/extras/image-generators/AWS/win2k12.yaml +2 -0
data/extras/image-generators/AWS/win2k16.yaml +2 -0
data/extras/image-generators/AWS/win2k19.yaml +2 -0
data/modules/mommacat.ru +1 -1
data/modules/mu.rb +86 -98
data/modules/mu/adoption.rb +373 -58
data/modules/mu/cleanup.rb +214 -303
data/modules/mu/cloud.rb +128 -1733
data/modules/mu/cloud/database.rb +49 -0
data/modules/mu/cloud/dnszone.rb +44 -0
data/modules/mu/cloud/machine_images.rb +212 -0
data/modules/mu/cloud/providers.rb +81 -0
data/modules/mu/cloud/resource_base.rb +929 -0
data/modules/mu/cloud/server.rb +40 -0
data/modules/mu/cloud/server_pool.rb +1 -0
data/modules/mu/cloud/ssh_sessions.rb +228 -0
data/modules/mu/cloud/winrm_sessions.rb +237 -0
data/modules/mu/cloud/wrappers.rb +169 -0
data/modules/mu/config.rb +123 -81
data/modules/mu/config/alarm.rb +2 -6
data/modules/mu/config/bucket.rb +32 -3
data/modules/mu/config/cache_cluster.rb +2 -2
data/modules/mu/config/cdn.rb +100 -0
data/modules/mu/config/collection.rb +1 -1
data/modules/mu/config/container_cluster.rb +7 -2
data/modules/mu/config/database.rb +84 -105
data/modules/mu/config/database.yml +1 -2
data/modules/mu/config/dnszone.rb +5 -4
data/modules/mu/config/doc_helpers.rb +5 -6
data/modules/mu/config/endpoint.rb +2 -1
data/modules/mu/config/firewall_rule.rb +3 -19
data/modules/mu/config/folder.rb +1 -1
data/modules/mu/config/function.rb +17 -8
data/modules/mu/config/group.rb +1 -1
data/modules/mu/config/habitat.rb +1 -1
data/modules/mu/config/job.rb +89 -0
data/modules/mu/config/loadbalancer.rb +57 -11
data/modules/mu/config/log.rb +1 -1
data/modules/mu/config/msg_queue.rb +1 -1
data/modules/mu/config/nosqldb.rb +1 -1
data/modules/mu/config/notifier.rb +8 -19
data/modules/mu/config/ref.rb +92 -14
data/modules/mu/config/role.rb +1 -1
data/modules/mu/config/schema_helpers.rb +38 -37
data/modules/mu/config/search_domain.rb +1 -1
data/modules/mu/config/server.rb +12 -13
data/modules/mu/config/server_pool.rb +3 -7
data/modules/mu/config/storage_pool.rb +1 -1
data/modules/mu/config/tail.rb +11 -0
data/modules/mu/config/user.rb +1 -1
data/modules/mu/config/vpc.rb +27 -23
data/modules/mu/config/vpc.yml +0 -1
data/modules/mu/defaults/AWS.yaml +90 -90
data/modules/mu/defaults/Azure.yaml +1 -0
data/modules/mu/defaults/Google.yaml +1 -0
data/modules/mu/deploy.rb +34 -20
data/modules/mu/groomer.rb +16 -1
data/modules/mu/groomers/ansible.rb +69 -4
data/modules/mu/groomers/chef.rb +51 -4
data/modules/mu/logger.rb +120 -144
data/modules/mu/master.rb +97 -4
data/modules/mu/mommacat.rb +160 -874
data/modules/mu/mommacat/daemon.rb +23 -14
data/modules/mu/mommacat/naming.rb +110 -3
data/modules/mu/mommacat/search.rb +497 -0
data/modules/mu/mommacat/storage.rb +252 -194
data/modules/mu/{clouds → providers}/README.md +1 -1
data/modules/mu/{clouds → providers}/aws.rb +258 -57
data/modules/mu/{clouds → providers}/aws/alarm.rb +3 -3
data/modules/mu/{clouds → providers}/aws/bucket.rb +275 -41
data/modules/mu/{clouds → providers}/aws/cache_cluster.rb +14 -50
data/modules/mu/providers/aws/cdn.rb +782 -0
data/modules/mu/{clouds → providers}/aws/collection.rb +5 -5
data/modules/mu/{clouds → providers}/aws/container_cluster.rb +95 -84
data/modules/mu/providers/aws/database.rb +1744 -0
data/modules/mu/{clouds → providers}/aws/dnszone.rb +26 -12
data/modules/mu/providers/aws/endpoint.rb +1072 -0
data/modules/mu/{clouds → providers}/aws/firewall_rule.rb +39 -32
data/modules/mu/{clouds → providers}/aws/folder.rb +1 -1
data/modules/mu/{clouds → providers}/aws/function.rb +289 -134
data/modules/mu/{clouds → providers}/aws/group.rb +18 -20
data/modules/mu/{clouds → providers}/aws/habitat.rb +3 -3
data/modules/mu/providers/aws/job.rb +466 -0
data/modules/mu/{clouds → providers}/aws/loadbalancer.rb +77 -47
data/modules/mu/{clouds → providers}/aws/log.rb +5 -5
data/modules/mu/{clouds → providers}/aws/msg_queue.rb +14 -11
data/modules/mu/{clouds → providers}/aws/nosqldb.rb +96 -5
data/modules/mu/{clouds → providers}/aws/notifier.rb +135 -63
data/modules/mu/{clouds → providers}/aws/role.rb +76 -48
data/modules/mu/{clouds → providers}/aws/search_domain.rb +172 -41
data/modules/mu/{clouds → providers}/aws/server.rb +66 -98
data/modules/mu/{clouds → providers}/aws/server_pool.rb +42 -60
data/modules/mu/{clouds → providers}/aws/storage_pool.rb +21 -38
data/modules/mu/{clouds → providers}/aws/user.rb +12 -16
data/modules/mu/{clouds → providers}/aws/userdata/README.md +0 -0
data/modules/mu/{clouds → providers}/aws/userdata/linux.erb +5 -4
data/modules/mu/{clouds → providers}/aws/userdata/windows.erb +0 -0
data/modules/mu/{clouds → providers}/aws/vpc.rb +143 -74
data/modules/mu/{clouds → providers}/aws/vpc_subnet.rb +0 -0
data/modules/mu/{clouds → providers}/azure.rb +13 -0
data/modules/mu/{clouds → providers}/azure/container_cluster.rb +1 -5
data/modules/mu/{clouds → providers}/azure/firewall_rule.rb +8 -1
data/modules/mu/{clouds → providers}/azure/habitat.rb +0 -0
data/modules/mu/{clouds → providers}/azure/loadbalancer.rb +0 -0
data/modules/mu/{clouds → providers}/azure/role.rb +0 -0
data/modules/mu/{clouds → providers}/azure/server.rb +32 -24
data/modules/mu/{clouds → providers}/azure/user.rb +1 -1
data/modules/mu/{clouds → providers}/azure/userdata/README.md +0 -0
data/modules/mu/{clouds → providers}/azure/userdata/linux.erb +0 -0
data/modules/mu/{clouds → providers}/azure/userdata/windows.erb +0 -0
data/modules/mu/{clouds → providers}/azure/vpc.rb +4 -6
data/modules/mu/{clouds → providers}/cloudformation.rb +10 -0
data/modules/mu/{clouds → providers}/cloudformation/alarm.rb +3 -3
data/modules/mu/{clouds → providers}/cloudformation/cache_cluster.rb +3 -3
data/modules/mu/{clouds → providers}/cloudformation/collection.rb +3 -3
data/modules/mu/{clouds → providers}/cloudformation/database.rb +6 -17
data/modules/mu/{clouds → providers}/cloudformation/dnszone.rb +3 -3
data/modules/mu/{clouds → providers}/cloudformation/firewall_rule.rb +3 -3
data/modules/mu/{clouds → providers}/cloudformation/loadbalancer.rb +3 -3
data/modules/mu/{clouds → providers}/cloudformation/log.rb +3 -3
data/modules/mu/{clouds → providers}/cloudformation/server.rb +7 -7
data/modules/mu/{clouds → providers}/cloudformation/server_pool.rb +5 -5
data/modules/mu/{clouds → providers}/cloudformation/vpc.rb +3 -3
data/modules/mu/{clouds → providers}/docker.rb +0 -0
data/modules/mu/{clouds → providers}/google.rb +29 -6
data/modules/mu/{clouds → providers}/google/bucket.rb +4 -4
data/modules/mu/{clouds → providers}/google/container_cluster.rb +38 -20
data/modules/mu/{clouds → providers}/google/database.rb +5 -12
data/modules/mu/{clouds → providers}/google/firewall_rule.rb +5 -5
data/modules/mu/{clouds → providers}/google/folder.rb +5 -9
data/modules/mu/{clouds → providers}/google/function.rb +6 -6
data/modules/mu/{clouds → providers}/google/group.rb +9 -17
data/modules/mu/{clouds → providers}/google/habitat.rb +4 -8
data/modules/mu/{clouds → providers}/google/loadbalancer.rb +5 -5
data/modules/mu/{clouds → providers}/google/role.rb +50 -31
data/modules/mu/{clouds → providers}/google/server.rb +41 -24
data/modules/mu/{clouds → providers}/google/server_pool.rb +14 -14
data/modules/mu/{clouds → providers}/google/user.rb +34 -24
data/modules/mu/{clouds → providers}/google/userdata/README.md +0 -0
data/modules/mu/{clouds → providers}/google/userdata/linux.erb +0 -0
data/modules/mu/{clouds → providers}/google/userdata/windows.erb +0 -0
data/modules/mu/{clouds → providers}/google/vpc.rb +45 -14
data/modules/tests/aws-jobs-functions.yaml +46 -0
data/modules/tests/centos6.yaml +15 -0
data/modules/tests/centos7.yaml +15 -0
data/modules/tests/centos8.yaml +12 -0
data/modules/tests/ecs.yaml +2 -2
data/modules/tests/eks.yaml +1 -1
data/modules/tests/functions/node-function/lambda_function.js +10 -0
data/modules/tests/functions/python-function/lambda_function.py +12 -0
data/modules/tests/microservice_app.yaml +288 -0
data/modules/tests/rds.yaml +108 -0
data/modules/tests/regrooms/rds.yaml +123 -0
data/modules/tests/server-with-scrub-muisms.yaml +1 -1
data/modules/tests/super_complex_bok.yml +2 -2
data/modules/tests/super_simple_bok.yml +3 -5
data/spec/mu/clouds/azure_spec.rb +2 -2
metadata +122 -92
data/modules/mu/clouds/aws/database.rb +0 -1974
data/modules/mu/clouds/aws/endpoint.rb +0 -596

data/modules/mu/{clouds → providers}/aws/vpc.rb RENAMED

@@ -18,7 +18,7 @@ module MU
       # Creation of Virtual Private Clouds and associated artifacts (routes, subnets, etc).
       class VPC < MU::Cloud::VPC
-        require 'mu/clouds/aws/vpc_subnet'
+        require 'mu/providers/aws/vpc_subnet'
         # Initialize this cloud resource object. Calling +super+ will invoke the initializer defined under {MU::Cloud}, which should set the attribtues listed in {MU::Cloud::PUBLIC_ATTRS} as well as applicable dependency shortcuts, like +@vpc+, for us.
         # @param args [Hash]: Hash of named arguments passed via Ruby's double-splat
@@ -209,7 +209,7 @@ module MU
           if !MU::Cloud::AWS.isGovCloud?(@config['region'])
             mu_zone = MU::Cloud::DNSZone.find(cloud_id: "platform-mu", credentials: @config['credentials']).values.first
             if !mu_zone.nil?
-              MU::Cloud::AWS::DNSZone.toggleVPCAccess(id: mu_zone.id, vpc_id: @cloud_id, region: @config['region'], credentials: @config['credentials'])
+              MU::Cloud.resourceClass("AWS", "DNSZone").toggleVPCAccess(id: mu_zone.id, vpc_id: @cloud_id, region: @config['region'], credentials: @config['credentials'])
             end
           end
 					loadSubnets
@@ -822,11 +822,11 @@ module MU
         # @param ignoremaster [Boolean]: If true, will remove resources not flagged as originating from this Mu server
         # @param region [String]: The cloud provider region
         # @return [void]
-        def self.cleanup(noop: false, ignoremaster: false, region: MU.curRegion, credentials: nil, flags: {})
+        def self.cleanup(noop: false, deploy_id: MU.deploy_id, ignoremaster: false, region: MU.curRegion, credentials: nil, flags: {})
           MU.log "AWS::VPC.cleanup: need to support flags['known']", MU::DEBUG, details: flags
           tagfilters = [
-            {name: "tag:MU-ID", values: [MU.deploy_id]}
+            {name: "tag:MU-ID", values: [deploy_id]}
           ]
           if !ignoremaster
             tagfilters << {name: "tag:MU-MASTER-IP", values: [MU.mu_public_ip]}
@@ -838,9 +838,23 @@ module MU
             vpcs = resp if !resp.empty?
           }
+#          resp = MU::Cloud::AWS.ec2(region: @config['region'], credentials: @config['credentials']).describe_vpc_peering_connections(
+#            filters: [
+#              {
+#                name: "requester-vpc-info.vpc-id",
+#                values: [@cloud_id]
+#              },
+#              {
+#                name: "accepter-vpc-info.vpc-id",
+#                values: [peer_id.to_s]
+#              }
+#            ]
+#          )
           if !vpcs.empty?
             gwthreads = []
             vpcs.each { |vpc|
+              purge_peering_connections(noop, vpc.vpc_id, region: region, credentials: credentials)
               # NAT gateways don't have any tags, and we can't assign them a name. Lets find them based on a VPC ID
               gwthreads << Thread.new {
                 purge_nat_gateways(noop, vpc_id: vpc.vpc_id, region: region, credentials: credentials)
@@ -862,7 +876,7 @@ module MU
 #          unless noop
 #            MU::Cloud::AWS.iam.list_roles.roles.each{ |role|
-#              match_string = "#{MU.deploy_id}.*TRAFFIC-LOG"
+#              match_string = "#{deploy_id}.*TRAFFIC-LOG"
 #            }
 #          end
         end
@@ -916,11 +930,7 @@ module MU
             logdesc["tags"] = vpc["tags"] if !vpc["tags"].nil?
 #            logdesc["optional_tags"] = vpc["optional_tags"] if !vpc["optional_tags"].nil?
             configurator.insertKitten(logdesc, "logs")
-            vpc['dependencies'] ||= []
-            vpc['dependencies'] << {
-              "type" => "log",
-              "name" => vpc['name']+"loggroup"
-            }
+            MU::Config.addDependency(vpc, vpc['name']+"loggroup", "log")
             roledesc = {
               "name" => vpc['name']+"logrole",
@@ -958,11 +968,7 @@ module MU
             roledesc["tags"] = vpc["tags"] if !vpc["tags"].nil?
             roledesc["optional_tags"] = vpc["optional_tags"] if !vpc["optional_tags"].nil?
             configurator.insertKitten(roledesc, "roles")
-            vpc['dependencies'] ||= []
-            vpc['dependencies'] << {
-              "type" => "role",
-              "name" => vpc['name']+"logrole"
-            }
+            MU::Config.addDependency(vpc, vpc['name']+"logrole", "role")
           end
           subnet_routes = Hash.new
@@ -1013,10 +1019,7 @@ module MU
                 subnet_routes[table['name']].each { |subnet|
                   nat_routes[subnet] = route['nat_host_name']
                 }
-                vpc['dependencies'] << {
-                  "type" => "server",
-                  "name" => route['nat_host_name']
-                }
+                MU::Config.addDependency(vpc, route['nat_host_name'], "server", no_create_wait: true)
               elsif route['gateway'] == '#NAT'
                 vpc['create_nat_gateway'] = true
                 private_rtbs << table['name']
@@ -1225,7 +1228,7 @@ module MU
                   # suits me just fine
                 rescue Aws::EC2::Errors::AuthFailure => e
                   if !tried_lbs and iface.attachment.instance_owner_id == "amazon-elb"
-                    MU::Cloud::AWS::LoadBalancer.cleanup(
+                    MU::Cloud.resourceClass("AWS", "LoadBalancer").cleanup(
                       noop: noop,
                       region: region,
                       credentials: credentials,
@@ -1265,12 +1268,73 @@ module MU
           nil
         end
+        # Try to locate the default VPC for a region, and return a BoK-style
+        # config fragment for something that might want to live in it.
+        def self.defaultVpc(region, credentials)
+          cfg_fragment = nil
+          MU::Cloud::AWS.ec2(region: region, credentials: credentials).describe_vpcs.vpcs.each { |vpc|
+            if vpc.is_default
+              cfg_fragment = {
+                "id" => vpc.vpc_id,
+                "cloud" => "AWS",
+                "region" => region,
+                "credentials" => credentials
+              }
+              cfg_fragment['subnets'] = MU::Cloud::AWS.ec2(region: region, credentials: credentials).describe_subnets(
+                filters: [
+                  {
+                    name: "vpc-id",
+                    values: [vpc.vpc_id]
+                  }
+                ]
+              ).subnets.map { |s| { "subnet_id" => s.subnet_id } }
+              break
+            end
+          }
+          cfg_fragment
+        end
+        # Return a {MU::Config::Ref} that indicates this VPC.
+        # @param subnet_ids [Array<String>]: Optional list of subnet ids with which to infer a +subnet_pref+ parameter.
+        # @return [MU::Config::Ref]
+        def getReference(subnet_ids = [])
+          have_private = have_public = false
+          subnets.each { |s|
+            next if subnet_ids and !subnet_ids.empty? and !subnet_ids.include?(s.cloud_id)
+            if s.private?
+              have_private = true
+            else
+              have_public = true
+            end
+          }
+          subnet_pref = if have_private == have_public
+            "any"
+          elsif have_private
+            "all_private"
+          elsif have_public
+            "all_public"
+          end
+          MU::Config::Ref.get(
+            id: @cloud_id,
+            cloud: "AWS",
+            credentials: @credentials,
+            region: @config['region'],
+            type: "vpcs",
+            subnet_pref: subnet_pref
+          )
+        end
         private
         def peerWith(peer)
           peer_ref = MU::Config::Ref.get(peer['vpc'])
           peer_obj = peer_ref.kitten
-          peer_id = peer_ref.cloud_id
+          peer_id = peer_ref.kitten.cloud_id
+          if peer_id == @cloud_id
+            MU.log "#{@mu_name} attempted to peer with itself (#{@cloud_id})", MU::ERR, details: peer
+            raise "#{@mu_name} attempted to peer with itself (#{@cloud_id})"
+          end
           if peer_obj and peer_obj.config['peers']
             peer_obj.config['peers'].each { |peerpeer|
@@ -1679,6 +1743,61 @@ module MU
         end
         private_class_method :purge_dhcpopts
+        def self.purge_peering_connections(noop, vpc_id, region: MU.curRegion, credentials: nil)
+          my_peer_conns = MU::Cloud::AWS.ec2(credentials: credentials, region: region).describe_vpc_peering_connections(
+            filters: [
+              {
+                name: "requester-vpc-info.vpc-id",
+                values: [vpc_id]
+              }
+            ]
+          ).vpc_peering_connections
+          my_peer_conns.concat(MU::Cloud::AWS.ec2(credentials: credentials, region: region).describe_vpc_peering_connections(
+            filters: [
+              {
+                name: "accepter-vpc-info.vpc-id",
+                values: [vpc_id]
+              }
+            ]
+          ).vpc_peering_connections)
+          my_peer_conns.each { |cnxn|
+            [cnxn.accepter_vpc_info.vpc_id, cnxn.requester_vpc_info.vpc_id].each { |peer_vpc|
+              MU::Cloud::AWS::VPC.listAllSubnetRouteTables(peer_vpc, region: region, credentials: credentials).each { |rtb_id|
+                begin
+                  resp = MU::Cloud::AWS.ec2(credentials: credentials, region: region).describe_route_tables(
+                    route_table_ids: [rtb_id]
+                  )
+                rescue Aws::EC2::Errors::InvalidRouteTableIDNotFound
+                  next
+                end
+                resp.route_tables.each { |rtb|
+                  rtb.routes.each { |route|
+                    if route.vpc_peering_connection_id == cnxn.vpc_peering_connection_id
+                      MU.log "Removing route #{route.destination_cidr_block} from route table #{rtb_id} in VPC #{peer_vpc}"
+                      MU::Cloud::AWS.ec2(credentials: credentials, region: region).delete_route(
+                          route_table_id: rtb_id,
+                          destination_cidr_block: route.destination_cidr_block
+                      ) if !noop
+                    end
+                  }
+                }
+              }
+            }
+            MU.log "Deleting VPC peering connection #{cnxn.vpc_peering_connection_id}"
+            begin
+              MU::Cloud::AWS.ec2(credentials: credentials, region: region).delete_vpc_peering_connection(
+                vpc_peering_connection_id: cnxn.vpc_peering_connection_id
+              ) if !noop
+            rescue Aws::EC2::Errors::InvalidStateTransition
+              MU.log "VPC peering connection #{cnxn.vpc_peering_connection_id} not in removable (state #{cnxn.status.code})", MU::WARN
+            rescue Aws::EC2::Errors::OperationNotPermitted => e
+              MU.log "VPC peering connection #{cnxn.vpc_peering_connection_id} refuses to delete: #{e.message}", MU::WARN
+            end
+          }
+        end
+        private_class_method :purge_peering_connections
         # Remove all VPCs associated with the currently loaded deployment.
         # @param noop [Boolean]: If true, will only print what would be done
         # @param tagfilters [Array<Hash>]: EC2 tags to filter against when search for resources to purge
@@ -1693,60 +1812,10 @@ module MU
           return if vpcs.nil? or vpcs.size == 0
           vpcs.each { |vpc|
-            my_peer_conns = MU::Cloud::AWS.ec2(credentials: credentials, region: region).describe_vpc_peering_connections(
-              filters: [
-                {
-                  name: "requester-vpc-info.vpc-id",
-                  values: [vpc.vpc_id]
-                }
-              ]
-            ).vpc_peering_connections
-            my_peer_conns.concat(MU::Cloud::AWS.ec2(credentials: credentials, region: region).describe_vpc_peering_connections(
-              filters: [
-                {
-                  name: "accepter-vpc-info.vpc-id",
-                  values: [vpc.vpc_id]
-                }
-              ]
-            ).vpc_peering_connections)
-            my_peer_conns.each { |cnxn|
-              [cnxn.accepter_vpc_info.vpc_id, cnxn.requester_vpc_info.vpc_id].each { |peer_vpc|
-                MU::Cloud::AWS::VPC.listAllSubnetRouteTables(peer_vpc, region: region, credentials: credentials).each { |rtb_id|
-                  begin
-                    resp = MU::Cloud::AWS.ec2(credentials: credentials, region: region).describe_route_tables(
-                      route_table_ids: [rtb_id]
-                    )
-                  rescue Aws::EC2::Errors::InvalidRouteTableIDNotFound
-                    next
-                  end
-                  resp.route_tables.each { |rtb|
-                    rtb.routes.each { |route|
-                      if route.vpc_peering_connection_id == cnxn.vpc_peering_connection_id
-                        MU.log "Removing route #{route.destination_cidr_block} from route table #{rtb_id} in VPC #{peer_vpc}"
-                        MU::Cloud::AWS.ec2(credentials: credentials, region: region).delete_route(
-                            route_table_id: rtb_id,
-                            destination_cidr_block: route.destination_cidr_block
-                        ) if !noop
-                      end
-                    }
-                  }
-                }
-              }
-              MU.log "Deleting VPC peering connection #{cnxn.vpc_peering_connection_id}"
-              begin
-                MU::Cloud::AWS.ec2(credentials: credentials, region: region).delete_vpc_peering_connection(
-                    vpc_peering_connection_id: cnxn.vpc_peering_connection_id
-                ) if !noop
-              rescue Aws::EC2::Errors::InvalidStateTransition
-                MU.log "VPC peering connection #{cnxn.vpc_peering_connection_id} not in removable (state #{cnxn.status.code})", MU::WARN
-              rescue Aws::EC2::Errors::OperationNotPermitted => e
-                MU.log "VPC peering connection #{cnxn.vpc_peering_connection_id} refuses to delete: #{e.message}", MU::WARN
-              end
-            }
+            purge_peering_connections(noop, vpc.vpc_id, region: region, credentials: credentials)
             on_retry = Proc.new {
-              MU::Cloud::AWS::FirewallRule.cleanup(
+              MU::Cloud.resourceClass("AWS", "FirewallRule").cleanup(
                 noop: noop,
                 region: region,
                 credentials: credentials,
@@ -1763,7 +1832,7 @@ module MU
             if !MU::Cloud::AWS.isGovCloud?(region)
               mu_zone = MU::Cloud::DNSZone.find(cloud_id: "platform-mu", region: region, credentials: credentials).values.first
               if !mu_zone.nil?
-                MU::Cloud::AWS::DNSZone.toggleVPCAccess(id: mu_zone.id, vpc_id: vpc.vpc_id, remove: true, credentials: credentials)
+                MU::Cloud.resourceClass("AWS", "DNSZone").toggleVPCAccess(id: mu_zone.id, vpc_id: vpc.vpc_id, remove: true, credentials: credentials)
               end
             end
           }

data/modules/mu/{clouds → providers}/aws/vpc_subnet.rb RENAMED

File without changes

data/modules/mu/{clouds → providers}/azure.rb RENAMED

@@ -47,6 +47,11 @@ module MU
         guid_chunks.join("-")
       end
+      # List all Azure subscriptions available to our credentials
+      def self.listHabitats(credentials = nil, use_cache: true)
+        []
+      end
       # A hook that is always called just before any of the instance method of
       # our resource implementations gets invoked, so that we can ensure that
       # repetitive setup tasks (like resolving +:resource_group+ for Azure
@@ -77,6 +82,11 @@ module MU
         [:resource_group]
       end
+      # Is this a "real" cloud provider, or a stub like CloudFormation?
+      def self.virtual?
+        false
+      end
       # Stub class to represent Azure's resource identifiers, which look like:
       # /subscriptions/3d20ddd8-4652-4074-adda-0d127ef1f0e0/resourceGroups/mu/providers/Microsoft.Network/virtualNetworks/mu-vnet
       # Various API calls need chunks of this in different contexts, and this
@@ -274,6 +284,9 @@ module MU
           end
           raise e
         end
+        if !sdk_response
+          raise MuError, "Nil response from Azure API attempting list_locations(#{subscription})"
+        end
         sdk_response.value.each do | region |
           @@regions.push(region.name)

data/modules/mu/{clouds → providers}/azure/container_cluster.rb RENAMED

@@ -218,11 +218,7 @@ module MU
               "Azure Kubernetes Service Cluster Admin Role"
             ]
           }
-          cluster['dependencies'] ||= []
-          cluster['dependencies'] << {
-            "type" => "user",
-            "name" => cluster["name"]+"user"
-          }
+          MU::Config.addDependency(cluster, cluster['name']+"user", "user")
           ok = false if !configurator.insertKitten(svcacct_desc, "users")

data/modules/mu/{clouds → providers}/azure/firewall_rule.rb RENAMED

@@ -337,7 +337,14 @@ module MU
         # We assume that any values we have in +@config+ are placeholders, and
         # calculate our own accordingly based on what's live in the cloud.
         def toKitten(**args)
-          bok = {}
+          bok = {
+            "cloud" => "Azure",
+            "name" => cloud_desc.name,
+            "project" => @config['project'],
+            "credentials" => @config['credentials'],
+            "cloud_id" => @cloud_id.to_s
+          }
           bok
         end

data/modules/mu/{clouds → providers}/azure/habitat.rb RENAMED

File without changes

data/modules/mu/{clouds → providers}/azure/loadbalancer.rb RENAMED

File without changes

data/modules/mu/{clouds → providers}/azure/role.rb RENAMED

File without changes

data/modules/mu/{clouds → providers}/azure/server.rb RENAMED

@@ -146,7 +146,7 @@ module MU
           return nil if @config.nil? or @deploy.nil?
           nat_ssh_key = nat_ssh_user = nat_ssh_host = nil
-          if !@config["vpc"].nil? and !MU::Cloud::Azure::VPC.haveRouteToInstance?(cloud_desc, region: @config['region'], credentials: @config['credentials'])
+          if !@config["vpc"].nil? and !MU::Cloud.resourceClass("Azure", "VPC").haveRouteToInstance?(cloud_desc, region: @config['region'], credentials: @config['credentials'])
             if !@nat.nil? and @nat.mu_name != @mu_name
               if @nat.cloud_desc.nil?
@@ -189,7 +189,7 @@ module MU
           end
           _nat_ssh_key, _nat_ssh_user, nat_ssh_host, _canonical_ip, _ssh_user, _ssh_key_name = getSSHConfig
-          if !nat_ssh_host and !MU::Cloud::Azure::VPC.haveRouteToInstance?(cloud_desc, region: @config['region'], credentials: @config['credentials'])
+          if !nat_ssh_host and !MU::Cloud.resourceClass("Azure", "VPC").haveRouteToInstance?(cloud_desc, region: @config['region'], credentials: @config['credentials'])
 # XXX check if canonical_ip is in the private ranges
 #            raise MuError, "#{node} has no NAT host configured, and I have no other route to it"
           end
@@ -384,7 +384,7 @@ module MU
           # Our deploydata gets corrupted often with server pools, this will cause us to use the wrong IP to identify a node
           # which will cause us to create certificates, DNS records and other artifacts with incorrect information which will cause our deploy to fail.
           # The cloud_id is always correct so lets use 'cloud_desc' to get the correct IPs
-          if MU::Cloud::Azure::VPC.haveRouteToInstance?(cloud_desc, credentials: @config['credentials']) or public_ips.size == 0
+          if MU::Cloud.resourceClass("Azure", "VPC").haveRouteToInstance?(cloud_desc, credentials: @config['credentials']) or public_ips.size == 0
             @config['canonical_ip'] = private_ips.first
             return private_ips.first
           else
@@ -393,6 +393,28 @@ module MU
           end
         end
+        # Return all of the IP addresses, public and private, from all of our
+        # network interfaces.
+        # @return [Array<String>]
+        def listIPs
+          ips = []
+          cloud_desc.network_profile.network_interfaces.each { |iface|
+            iface_id = Id.new(iface.is_a?(Hash) ? iface['id'] : iface.id)
+            iface_desc = MU::Cloud::Azure.network(credentials: @credentials).network_interfaces.get(@resource_group, iface_id.to_s)
+            iface_desc.ip_configurations.each { |ipcfg|
+              ips << ipcfg.private_ipaddress
+              if ipcfg.respond_to?(:public_ipaddress) and ipcfg.public_ipaddress
+                ip_id = Id.new(ipcfg.public_ipaddress.id)
+                ip_desc = MU::Cloud::Azure.network(credentials: @credentials).public_ipaddresses.get(@resource_group, ip_id.to_s)
+                if ip_desc
+                  ips << ip_desc.ip_address
+                end
+              end
+            }
+          }
+          ips
+        end
         # return [String]: A password string.
         def getWindowsAdminPassword
         end
@@ -430,7 +452,7 @@ module MU
         # @param ignoremaster [Boolean]: If true, will remove resources not flagged as originating from this Mu server
         # @param region [String]: The cloud provider region
         # @return [void]
-        def self.cleanup(noop: false, ignoremaster: false, region: MU.curRegion, credentials: nil, flags: {})
+        def self.cleanup(noop: false, deploy_id: MU.deploy_id, ignoremaster: false, region: MU.curRegion, credentials: nil, flags: {})
         end
         # Cloud-specific configuration properties.
@@ -441,7 +463,7 @@ module MU
           hosts_schema = MU::Config::CIDR_PRIMITIVE
           hosts_schema["pattern"] = "^(\\d+\\.\\d+\\.\\d+\\.\\d+\/[0-9]{1,2}|\\*)$"
           schema = {
-            "roles" => MU::Cloud::Azure::User.schema(config)[1]["roles"],
+            "roles" => MU::Cloud.resourceClass("Azure", "User").schema(config)[1]["roles"],
             "ingress_rules" => {
               "items" => {
                 "properties" => {
@@ -497,8 +519,7 @@ module MU
             foundmatch = false
             MU::Cloud.availableClouds.each { |cloud|
               next if cloud == "Azure"
-              cloudbase = Object.const_get("MU").const_get("Cloud").const_get(cloud)
-              foreign_types = (cloudbase.listInstanceTypes).values.first
+              foreign_types = (MU::Cloud.cloudClass(cloud).listInstanceTypes).values.first
               if foreign_types.size == 1
                 foreign_types = foreign_types.values.first
               end
@@ -590,18 +611,8 @@ module MU
             if !configurator.insertKitten(vpc, "vpcs", true)
               ok = false
             end
-            server['dependencies'] ||= []
-            server['dependencies'] << {
-              "type" => "vpc",
-              "name" => server['name']+"vpc"
-            }
-# XXX what happens if there's no natstion here?
-            server['dependencies'] << {
-              "type" => "server",
-              "name" => server['name']+"vpc-natstion",
-              "phase" => "groom"
-            }
+            MU::Config.addDependency(server, server['name']+"vpc", "vpc")
+            MU::Config.addDependency(server, server['name']+"vpc-natstion", "server", phase: "groom")
             server['vpc'] = {
               "name" => server['name']+"vpc",
               "subnet_pref" => "private"
@@ -618,17 +629,14 @@ module MU
             "credentials" => server["credentials"],
             "roles" => server["roles"]
           }
-          server['dependencies'] ||= []
-          server['dependencies'] << {
-            "type" => "user",
-            "name" => server["name"]+"user"
-          }
+          MU::Config.addDependency(server, server['name']+"user", "user")
           ok = false if !configurator.insertKitten(svcacct_desc, "users")
           ok
         end
+        # stub
         def self.diskConfig(config, create = true, disk_as_url = true, credentials: nil)
         end