RubyGems - cloud-mu - Versions diffs - 3.1.5 → 3.3.2 - Mend

cloud-mu 3.1.5 → 3.3.2

Files changed (185) hide show

checksums.yaml +4 -4
data/Dockerfile +5 -1
data/ansible/roles/mu-windows/files/LaunchConfig.json +9 -0
data/ansible/roles/mu-windows/files/config.xml +76 -0
data/ansible/roles/mu-windows/tasks/main.yml +16 -0
data/bin/mu-adopt +16 -12
data/bin/mu-azure-tests +57 -0
data/bin/mu-cleanup +2 -4
data/bin/mu-configure +52 -0
data/bin/mu-deploy +3 -3
data/bin/mu-findstray-tests +25 -0
data/bin/mu-gen-docs +2 -4
data/bin/mu-load-config.rb +2 -1
data/bin/mu-node-manage +15 -16
data/bin/mu-run-tests +37 -12
data/cloud-mu.gemspec +3 -3
data/cookbooks/mu-activedirectory/resources/domain.rb +4 -4
data/cookbooks/mu-activedirectory/resources/domain_controller.rb +4 -4
data/cookbooks/mu-tools/libraries/helper.rb +1 -1
data/cookbooks/mu-tools/recipes/apply_security.rb +14 -14
data/cookbooks/mu-tools/recipes/aws_api.rb +9 -0
data/cookbooks/mu-tools/recipes/eks.rb +2 -2
data/cookbooks/mu-tools/recipes/windows-client.rb +25 -22
data/extras/clean-stock-amis +25 -19
data/extras/generate-stock-images +1 -0
data/extras/image-generators/AWS/win2k12.yaml +2 -0
data/extras/image-generators/AWS/win2k16.yaml +2 -0
data/extras/image-generators/AWS/win2k19.yaml +2 -0
data/modules/mommacat.ru +1 -1
data/modules/mu.rb +86 -98
data/modules/mu/adoption.rb +373 -58
data/modules/mu/cleanup.rb +214 -303
data/modules/mu/cloud.rb +128 -1733
data/modules/mu/cloud/database.rb +49 -0
data/modules/mu/cloud/dnszone.rb +44 -0
data/modules/mu/cloud/machine_images.rb +212 -0
data/modules/mu/cloud/providers.rb +81 -0
data/modules/mu/cloud/resource_base.rb +929 -0
data/modules/mu/cloud/server.rb +40 -0
data/modules/mu/cloud/server_pool.rb +1 -0
data/modules/mu/cloud/ssh_sessions.rb +228 -0
data/modules/mu/cloud/winrm_sessions.rb +237 -0
data/modules/mu/cloud/wrappers.rb +169 -0
data/modules/mu/config.rb +123 -81
data/modules/mu/config/alarm.rb +2 -6
data/modules/mu/config/bucket.rb +32 -3
data/modules/mu/config/cache_cluster.rb +2 -2
data/modules/mu/config/cdn.rb +100 -0
data/modules/mu/config/collection.rb +1 -1
data/modules/mu/config/container_cluster.rb +7 -2
data/modules/mu/config/database.rb +84 -105
data/modules/mu/config/database.yml +1 -2
data/modules/mu/config/dnszone.rb +5 -4
data/modules/mu/config/doc_helpers.rb +5 -6
data/modules/mu/config/endpoint.rb +2 -1
data/modules/mu/config/firewall_rule.rb +3 -19
data/modules/mu/config/folder.rb +1 -1
data/modules/mu/config/function.rb +17 -8
data/modules/mu/config/group.rb +1 -1
data/modules/mu/config/habitat.rb +1 -1
data/modules/mu/config/job.rb +89 -0
data/modules/mu/config/loadbalancer.rb +57 -11
data/modules/mu/config/log.rb +1 -1
data/modules/mu/config/msg_queue.rb +1 -1
data/modules/mu/config/nosqldb.rb +1 -1
data/modules/mu/config/notifier.rb +8 -19
data/modules/mu/config/ref.rb +92 -14
data/modules/mu/config/role.rb +1 -1
data/modules/mu/config/schema_helpers.rb +38 -37
data/modules/mu/config/search_domain.rb +1 -1
data/modules/mu/config/server.rb +12 -13
data/modules/mu/config/server_pool.rb +3 -7
data/modules/mu/config/storage_pool.rb +1 -1
data/modules/mu/config/tail.rb +11 -0
data/modules/mu/config/user.rb +1 -1
data/modules/mu/config/vpc.rb +27 -23
data/modules/mu/config/vpc.yml +0 -1
data/modules/mu/defaults/AWS.yaml +90 -90
data/modules/mu/defaults/Azure.yaml +1 -0
data/modules/mu/defaults/Google.yaml +1 -0
data/modules/mu/deploy.rb +34 -20
data/modules/mu/groomer.rb +16 -1
data/modules/mu/groomers/ansible.rb +69 -4
data/modules/mu/groomers/chef.rb +51 -4
data/modules/mu/logger.rb +120 -144
data/modules/mu/master.rb +97 -4
data/modules/mu/mommacat.rb +160 -874
data/modules/mu/mommacat/daemon.rb +23 -14
data/modules/mu/mommacat/naming.rb +110 -3
data/modules/mu/mommacat/search.rb +497 -0
data/modules/mu/mommacat/storage.rb +252 -194
data/modules/mu/{clouds → providers}/README.md +1 -1
data/modules/mu/{clouds → providers}/aws.rb +258 -57
data/modules/mu/{clouds → providers}/aws/alarm.rb +3 -3
data/modules/mu/{clouds → providers}/aws/bucket.rb +275 -41
data/modules/mu/{clouds → providers}/aws/cache_cluster.rb +14 -50
data/modules/mu/providers/aws/cdn.rb +782 -0
data/modules/mu/{clouds → providers}/aws/collection.rb +5 -5
data/modules/mu/{clouds → providers}/aws/container_cluster.rb +95 -84
data/modules/mu/providers/aws/database.rb +1744 -0
data/modules/mu/{clouds → providers}/aws/dnszone.rb +26 -12
data/modules/mu/providers/aws/endpoint.rb +1072 -0
data/modules/mu/{clouds → providers}/aws/firewall_rule.rb +39 -32
data/modules/mu/{clouds → providers}/aws/folder.rb +1 -1
data/modules/mu/{clouds → providers}/aws/function.rb +289 -134
data/modules/mu/{clouds → providers}/aws/group.rb +18 -20
data/modules/mu/{clouds → providers}/aws/habitat.rb +3 -3
data/modules/mu/providers/aws/job.rb +466 -0
data/modules/mu/{clouds → providers}/aws/loadbalancer.rb +77 -47
data/modules/mu/{clouds → providers}/aws/log.rb +5 -5
data/modules/mu/{clouds → providers}/aws/msg_queue.rb +14 -11
data/modules/mu/{clouds → providers}/aws/nosqldb.rb +96 -5
data/modules/mu/{clouds → providers}/aws/notifier.rb +135 -63
data/modules/mu/{clouds → providers}/aws/role.rb +76 -48
data/modules/mu/{clouds → providers}/aws/search_domain.rb +172 -41
data/modules/mu/{clouds → providers}/aws/server.rb +66 -98
data/modules/mu/{clouds → providers}/aws/server_pool.rb +42 -60
data/modules/mu/{clouds → providers}/aws/storage_pool.rb +21 -38
data/modules/mu/{clouds → providers}/aws/user.rb +12 -16
data/modules/mu/{clouds → providers}/aws/userdata/README.md +0 -0
data/modules/mu/{clouds → providers}/aws/userdata/linux.erb +5 -4
data/modules/mu/{clouds → providers}/aws/userdata/windows.erb +0 -0
data/modules/mu/{clouds → providers}/aws/vpc.rb +143 -74
data/modules/mu/{clouds → providers}/aws/vpc_subnet.rb +0 -0
data/modules/mu/{clouds → providers}/azure.rb +13 -0
data/modules/mu/{clouds → providers}/azure/container_cluster.rb +1 -5
data/modules/mu/{clouds → providers}/azure/firewall_rule.rb +8 -1
data/modules/mu/{clouds → providers}/azure/habitat.rb +0 -0
data/modules/mu/{clouds → providers}/azure/loadbalancer.rb +0 -0
data/modules/mu/{clouds → providers}/azure/role.rb +0 -0
data/modules/mu/{clouds → providers}/azure/server.rb +32 -24
data/modules/mu/{clouds → providers}/azure/user.rb +1 -1
data/modules/mu/{clouds → providers}/azure/userdata/README.md +0 -0
data/modules/mu/{clouds → providers}/azure/userdata/linux.erb +0 -0
data/modules/mu/{clouds → providers}/azure/userdata/windows.erb +0 -0
data/modules/mu/{clouds → providers}/azure/vpc.rb +4 -6
data/modules/mu/{clouds → providers}/cloudformation.rb +10 -0
data/modules/mu/{clouds → providers}/cloudformation/alarm.rb +3 -3
data/modules/mu/{clouds → providers}/cloudformation/cache_cluster.rb +3 -3
data/modules/mu/{clouds → providers}/cloudformation/collection.rb +3 -3
data/modules/mu/{clouds → providers}/cloudformation/database.rb +6 -17
data/modules/mu/{clouds → providers}/cloudformation/dnszone.rb +3 -3
data/modules/mu/{clouds → providers}/cloudformation/firewall_rule.rb +3 -3
data/modules/mu/{clouds → providers}/cloudformation/loadbalancer.rb +3 -3
data/modules/mu/{clouds → providers}/cloudformation/log.rb +3 -3
data/modules/mu/{clouds → providers}/cloudformation/server.rb +7 -7
data/modules/mu/{clouds → providers}/cloudformation/server_pool.rb +5 -5
data/modules/mu/{clouds → providers}/cloudformation/vpc.rb +3 -3
data/modules/mu/{clouds → providers}/docker.rb +0 -0
data/modules/mu/{clouds → providers}/google.rb +29 -6
data/modules/mu/{clouds → providers}/google/bucket.rb +4 -4
data/modules/mu/{clouds → providers}/google/container_cluster.rb +38 -20
data/modules/mu/{clouds → providers}/google/database.rb +5 -12
data/modules/mu/{clouds → providers}/google/firewall_rule.rb +5 -5
data/modules/mu/{clouds → providers}/google/folder.rb +5 -9
data/modules/mu/{clouds → providers}/google/function.rb +6 -6
data/modules/mu/{clouds → providers}/google/group.rb +9 -17
data/modules/mu/{clouds → providers}/google/habitat.rb +4 -8
data/modules/mu/{clouds → providers}/google/loadbalancer.rb +5 -5
data/modules/mu/{clouds → providers}/google/role.rb +50 -31
data/modules/mu/{clouds → providers}/google/server.rb +41 -24
data/modules/mu/{clouds → providers}/google/server_pool.rb +14 -14
data/modules/mu/{clouds → providers}/google/user.rb +34 -24
data/modules/mu/{clouds → providers}/google/userdata/README.md +0 -0
data/modules/mu/{clouds → providers}/google/userdata/linux.erb +0 -0
data/modules/mu/{clouds → providers}/google/userdata/windows.erb +0 -0
data/modules/mu/{clouds → providers}/google/vpc.rb +45 -14
data/modules/tests/aws-jobs-functions.yaml +46 -0
data/modules/tests/centos6.yaml +15 -0
data/modules/tests/centos7.yaml +15 -0
data/modules/tests/centos8.yaml +12 -0
data/modules/tests/ecs.yaml +2 -2
data/modules/tests/eks.yaml +1 -1
data/modules/tests/functions/node-function/lambda_function.js +10 -0
data/modules/tests/functions/python-function/lambda_function.py +12 -0
data/modules/tests/microservice_app.yaml +288 -0
data/modules/tests/rds.yaml +108 -0
data/modules/tests/regrooms/rds.yaml +123 -0
data/modules/tests/server-with-scrub-muisms.yaml +1 -1
data/modules/tests/super_complex_bok.yml +2 -2
data/modules/tests/super_simple_bok.yml +3 -5
data/spec/mu/clouds/azure_spec.rb +2 -2
metadata +122 -92
data/modules/mu/clouds/aws/database.rb +0 -1974
data/modules/mu/clouds/aws/endpoint.rb +0 -596

@@ -0,0 +1,169 @@
+# Copyright:: Copyright (c) 2020 eGlobalTech, Inc., all rights reserved
+#
+# Licensed under the BSD-3 license (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License in the root of the project or at
+#
+#     http://egt-labs.com/mu/LICENSE.html
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+module MU
+  # Plugins under this namespace serve as interfaces to cloud providers and
+  # other provisioning layers.
+  class Cloud
+    # In this file: generic class method wrappers for all resource types.
+    @@resource_types.keys.each { |name|
+      Object.const_get("MU").const_get("Cloud").const_get(name).class_eval {
+        def self.shortname
+          name.sub(/.*?::([^:]+)$/, '\1')
+        end
+        def self.cfg_plural
+          MU::Cloud.resource_types[shortname.to_sym][:cfg_plural]
+        end
+        def self.has_multiples
+          MU::Cloud.resource_types[shortname.to_sym][:has_multiples]
+        end
+        def self.cfg_name
+          MU::Cloud.resource_types[shortname.to_sym][:cfg_name]
+        end
+        def self.can_live_in_vpc
+          MU::Cloud.resource_types[shortname.to_sym][:can_live_in_vpc]
+        end
+        def self.waits_on_parent_completion
+          MU::Cloud.resource_types[shortname.to_sym][:waits_on_parent_completion]
+        end
+        def self.deps_wait_on_my_creation
+          MU::Cloud.resource_types[shortname.to_sym][:deps_wait_on_my_creation]
+        end
+        # Defaults any resources that don't declare their release-readiness to
+        # ALPHA. That'll learn 'em.
+        def self.quality
+          MU::Cloud::ALPHA
+        end
+        # Return a list of "container" artifacts, by class, that apply to this
+        # resource type in a cloud provider. This is so methods that call find
+        # know whether to call +find+ with identifiers for parent resources.
+        # This is similar in purpose to the +isGlobal?+ resource class method,
+        # which tells our search functions whether or not a resource scopes to
+        # a region.  In almost all cases this is one-entry list consisting of
+        # +:Habitat+. Notable exceptions include most implementations of
+        # +Habitat+, which either reside inside a +:Folder+ or nothing at all;
+        # whereas a +:Folder+ tends to not have any containing parent. Very few
+        # resource implementations will need to override this.
+        # A +nil+ entry in this list is interpreted as "this resource can be
+        # global."
+        # @return [Array<Symbol,nil>]
+        def self.canLiveIn
+          if self.shortname == "Folder"
+            [nil, :Folder]
+          elsif self.shortname == "Habitat"
+            [:Folder]
+          else
+            [:Habitat]
+          end
+        end
+        def self.find(*flags)
+          allfound = {}
+          MU::Cloud.availableClouds.each { |cloud|
+            begin
+              args = flags.first
+              next if args[:cloud] and args[:cloud] != cloud
+              # skip this cloud if we have a region argument that makes no
+              # sense there
+              cloudbase = MU::Cloud.cloudClass(cloud)
+              next if cloudbase.listCredentials.nil? or cloudbase.listCredentials.empty? or cloudbase.credConfig(args[:credentials]).nil?
+              if args[:region] and cloudbase.respond_to?(:listRegions)
+                if !cloudbase.listRegions(credentials: args[:credentials])
+                  MU.log "Failed to get region list for credentials #{args[:credentials]} in cloud #{cloud}", MU::ERR, details: caller
+                else
+                  next if !cloudbase.listRegions(credentials: args[:credentials]).include?(args[:region])
+                end
+              end
+              begin
+                cloudclass = MU::Cloud.resourceClass(cloud, shortname)
+              rescue MU::MuError
+                next
+              end
+              found = cloudclass.find(args)
+              if !found.nil?
+                if found.is_a?(Hash)
+                  allfound.merge!(found)
+                else
+                  raise MuError, "#{cloudclass}.find returned a non-Hash result"
+                end
+              end
+            rescue MuCloudResourceNotImplemented
+            end
+          }
+          allfound
+        end
+        # Wrapper for the cleanup class method of underlying cloud object implementations.
+        def self.cleanup(*flags)
+          ok = true
+          params = flags.first
+          clouds = MU::Cloud.supportedClouds
+          if params[:cloud]
+            clouds = [params[:cloud]]
+            params.delete(:cloud)
+          end
+          params[:deploy_id] ||= MU.deploy_id
+          if !params[:deploy_id] or params[:deploy_id].empty?
+            raise MuError, "Can't call cleanup methods without a deploy id"
+          end
+          clouds.each { |cloud|
+            begin
+              cloudclass = MU::Cloud.resourceClass(cloud, shortname)
+              if cloudclass.isGlobal?
+                params.delete(:region)
+              end
+              raise MuCloudResourceNotImplemented if !cloudclass.respond_to?(:cleanup) or cloudclass.method(:cleanup).owner.to_s != "#<Class:#{cloudclass}>"
+              MU.log "Invoking #{cloudclass}.cleanup from #{shortname}", MU::DEBUG, details: flags
+              cloudclass.cleanup(params)
+            rescue MuCloudResourceNotImplemented
+              MU.log "No #{cloud} implementation of #{shortname}.cleanup, skipping", MU::DEBUG, details: flags
+            rescue StandardError => e
+              in_msg = cloud
+              if params and params[:region]
+                in_msg += " "+params[:region]
+              end
+              if params and params[:flags] and params[:flags]["project"] and !params[:flags]["project"].empty?
+                in_msg += " project "+params[:flags]["project"]
+              end
+              MU.log "Skipping #{shortname} cleanup method in #{in_msg} due to #{e.class.name}: #{e.message}", MU::WARN, details: e.backtrace
+              ok = false
+            end
+          }
+          MU::MommaCat.unlockAll
+          ok
+        end
+      } # end dynamic class generation block
+    } # end resource type iteration
+  end
+end

data/modules/mu/config.rb CHANGED

@@ -77,7 +77,7 @@ module MU
       if config.is_a?(Hash)
         newhash = {}
         config.each_pair { |key, val|
-          next if remove_runtime_keys and key.match(/^#MU_/)
+          next if remove_runtime_keys and (key.nil? or key.match(/^#MU_/))
           next if val.is_a?(Array) and val.empty?
           newhash[key] = self.manxify(val, remove_runtime_keys: remove_runtime_keys)
         }
@@ -430,6 +430,39 @@ module MU
       @config.freeze
     end
+    # Insert a dependency into the config hash of a resource, with sensible
+    # error checking and de-duplication.
+    # @param resource [Hash]
+    # @param name [String]
+    # @param type [String]
+    # @param phase [String]
+    # @param no_create_wait [Boolean]
+    def self.addDependency(resource, name, type, phase: "create", no_create_wait: false)
+      if ![nil, "create", "groom"].include?(phase)
+        raise MuError, "Invalid phase '#{phase}' while adding dependency #{type} #{name} to #{resource['name']}"
+      end
+      resource['dependencies'] ||= []
+      _shortclass, cfg_name, _cfg_plural, _classname = MU::Cloud.getResourceNames(type)
+      resource['dependencies'].each { |dep|
+        if dep['type'] == cfg_name and dep['name'].to_s == name.to_s
+          dep["no_create_wait"] = no_create_wait
+          dep["phase"] = phase if phase
+          return
+        end
+      }
+      newdep = {
+        "type" => cfg_name,
+        "name"  => name.to_s,
+        "no_create_wait" => no_create_wait
+      }
+      newdep["phase"] = phase if phase
+      resource['dependencies'] << newdep
+    end
     # See if a given resource is configured in the current stack
     # @param name [String]: The name of the resource being checked
     # @param type [String]: The type of resource being checked
@@ -485,7 +518,8 @@ module MU
     # @param ignore_duplicates [Boolean]: Do not raise an exception if we attempt to insert a resource with a +name+ field that's already in use
     def insertKitten(descriptor, type, delay_validation = false, ignore_duplicates: false, overwrite: false)
       append = false
-#      start = Time.now
+      start = Time.now
       shortclass, cfg_name, cfg_plural, classname = MU::Cloud.getResourceNames(type)
       MU.log "insertKitten on #{cfg_name} #{descriptor['name']} (delay_validation: #{delay_validation.to_s})", MU::DEBUG, details: caller[0]
@@ -525,7 +559,7 @@ module MU
       # cloud-specific schema.
       schemaclass = Object.const_get("MU").const_get("Config").const_get(shortclass)
       myschema = Marshal.load(Marshal.dump(MU::Config.schema["properties"][cfg_plural]["items"]))
-      more_required, more_schema = Object.const_get("MU").const_get("Cloud").const_get(descriptor["cloud"]).const_get(shortclass.to_s).schema(self)
+      more_required, more_schema = MU::Cloud.resourceClass(descriptor["cloud"], type).schema(self)
       if more_schema
         MU::Config.schemaMerge(myschema["properties"], more_schema, descriptor["cloud"])
       end
@@ -544,7 +578,7 @@ module MU
       end
       # Make sure a sensible region has been targeted, if applicable
-      classobj = Object.const_get("MU").const_get("Cloud").const_get(descriptor["cloud"])
+      classobj = MU::Cloud.cloudClass(descriptor["cloud"])
       if descriptor["region"]
         valid_regions = classobj.listRegions
         if !valid_regions.include?(descriptor["region"])
@@ -557,11 +591,7 @@ module MU
         if descriptor['project'].nil?
           descriptor.delete('project')
         elsif haveLitterMate?(descriptor['project'], "habitats")
-          descriptor['dependencies'] ||= []
-          descriptor['dependencies'] << {
-            "type" => "habitat",
-            "name" => descriptor['project']
-          }
+          MU::Config.addDependency(descriptor, descriptor['project'], "habitat")
         end
       end
@@ -589,21 +619,16 @@ module MU
         if !descriptor["vpc"]["name"].nil? and
            haveLitterMate?(descriptor["vpc"]["name"], "vpcs") and
            descriptor["vpc"]['deploy_id'].nil? and
-           descriptor["vpc"]['id'].nil?
-          descriptor["dependencies"] << {
-            "type" => "vpc",
-            "name" => descriptor["vpc"]["name"],
-          }
+           descriptor["vpc"]['id'].nil? and
+           !(cfg_name == "vpc" and descriptor['name'] == descriptor['vpc']['name'])
+          MU::Config.addDependency(descriptor, descriptor['vpc']['name'], "vpc")
           siblingvpc = haveLitterMate?(descriptor["vpc"]["name"], "vpcs")
           if siblingvpc and siblingvpc['bastion'] and
              ["server", "server_pool", "container_cluster"].include?(cfg_name) and
              !descriptor['bastion']
-            if descriptor['name'] != siblingvpc['bastion'].to_h['name']
-              descriptor["dependencies"] << {
-                "type" => "server",
-                "name" => siblingvpc['bastion'].to_h['name']
-              }
+            if descriptor['name'] != siblingvpc['bastion']['name']
+              MU::Config.addDependency(descriptor, siblingvpc['bastion']['name'], "server")
             end
           end
@@ -665,7 +690,6 @@ module MU
       if (descriptor['ingress_rules'] or
          ["server", "server_pool", "database", "cache_cluster"].include?(cfg_name))
         descriptor['ingress_rules'] ||= []
-        fw_classobj = Object.const_get("MU").const_get("Cloud").const_get(descriptor["cloud"]).const_get("FirewallRule")
         acl = haveLitterMate?(fwname, "firewall_rules")
         already_exists = !acl.nil?
@@ -676,7 +700,7 @@ module MU
           "region" => descriptor['region'],
           "credentials" => descriptor["credentials"]
         }
-        if !fw_classobj.isGlobal?
+        if !MU::Cloud.resourceClass(descriptor["cloud"], "FirewallRule").isGlobal?
           acl['region'] = descriptor['region']
           acl['region'] ||= classobj.myRegion(acl['credentials'])
         else
@@ -702,10 +726,7 @@ module MU
       if !descriptor["loadbalancers"].nil?
         descriptor["loadbalancers"].each { |lb|
           if !lb["concurrent_load_balancer"].nil?
-            descriptor["dependencies"] << {
-              "type" => "loadbalancer",
-              "name" => lb["concurrent_load_balancer"]
-            }
+            MU::Config.addDependency(descriptor, lb["concurrent_load_balancer"], "loadbalancer")
           end
         }
       end
@@ -714,10 +735,7 @@ module MU
       if !descriptor["storage_pools"].nil?
         descriptor["storage_pools"].each { |sp|
           if sp["name"]
-            descriptor["dependencies"] << {
-              "type" => "storage_pool",
-              "name" => sp["name"]
-            }
+            MU::Config.addDependency(descriptor, sp["name"], "storage_pool")
           end
         }
       end
@@ -728,10 +746,7 @@ module MU
           next if !acl_include["name"] and !acl_include["rule_name"]
           acl_include["name"] ||= acl_include["rule_name"]
           if haveLitterMate?(acl_include["name"], "firewall_rules")
-            descriptor["dependencies"] << {
-              "type" => "firewall_rule",
-              "name" => acl_include["name"]
-            }
+            MU::Config.addDependency(descriptor, acl_include["name"], "firewall_rule", no_create_wait: (cfg_name == "vpc"))
           elsif acl_include["name"]
             MU.log shortclass.to_s+" #{descriptor['name']} depends on FirewallRule #{acl_include["name"]}, but no such rule declared.", MU::ERR
             ok = false
@@ -831,7 +846,7 @@ module MU
         # Run the cloud class's deeper validation, unless we've already failed
         # on stuff that will cause spurious alarms further in
         if ok
-          parser = Object.const_get("MU").const_get("Cloud").const_get(descriptor["cloud"]).const_get(shortclass.to_s)
+          parser = MU::Cloud.resourceClass(descriptor['cloud'], type)
           original_descriptor = MU::Config.stripConfig(descriptor)
           passed = parser.validateConfig(descriptor, self)
@@ -841,7 +856,7 @@ module MU
           end
           # Make sure we've been configured with the right credentials
-          cloudbase = Object.const_get("MU").const_get("Cloud").const_get(descriptor['cloud'])
+          cloudbase = MU::Cloud.cloudClass(descriptor['cloud'])
           credcfg = cloudbase.credConfig(descriptor['credentials'])
           if !credcfg or credcfg.empty?
             raise ValidationError, "#{descriptor['cloud']} #{cfg_name} #{descriptor['name']} declares credential set #{descriptor['credentials']}, but no such credentials exist for that cloud provider"
@@ -857,60 +872,92 @@ module MU
         @kittens[cfg_plural] << descriptor if append
       }
+      MU.log "insertKitten completed #{cfg_name} #{descriptor['name']} in #{sprintf("%.2fs", Time.now-start)}", MU::DEBUG
       ok
     end
     # For our resources which specify intra-stack dependencies, make sure those
     # dependencies are actually declared.
-    # TODO check for loops
-    def self.check_dependencies(config)
+    def check_dependencies
       ok = true
-      config.each_pair { |type, values|
-        if values.instance_of?(Array)
-          values.each { |resource|
-            if resource.kind_of?(Hash) and !resource["dependencies"].nil?
-              append = []
-              delete = []
-              resource["dependencies"].each { |dependency|
-                _shortclass, cfg_name, cfg_plural, _classname = MU::Cloud.getResourceNames(dependency["type"])
-                found = false
-                names_seen = []
-                if !config[cfg_plural].nil?
-                  config[cfg_plural].each { |service|
-                    names_seen << service["name"].to_s
-                    found = true if service["name"].to_s == dependency["name"].to_s
-                    if service["virtual_name"]
-                      names_seen << service["virtual_name"].to_s
-                      if service["virtual_name"].to_s == dependency["name"].to_s
-                        found = true
-                        append_me = dependency.dup
-                        append_me['name'] = service['name']
-                        append << append_me
-                        delete << dependency
-                      end
-                    end
+      @config.each_pair { |type, values|
+        next if !values.instance_of?(Array)
+        _shortclass, cfg_name, _cfg_plural, _classname = MU::Cloud.getResourceNames(type, false)
+        next if !cfg_name
+        values.each { |resource|
+          next if !resource.kind_of?(Hash) or resource["dependencies"].nil?
+          addme = []
+          deleteme = []
+          resource["dependencies"].each { |dependency|
+            # make sure the thing we depend on really exists
+            sibling = haveLitterMate?(dependency['name'], dependency['type'])
+            if !sibling
+              MU.log "Missing dependency: #{type}{#{resource['name']}} needs #{cfg_name}{#{dependency['name']}}", MU::ERR
+              ok = false
+              next
+            end
+            # Fudge dependency declarations to quash virtual_names that we know
+            # are extraneous. Note that wee can't do all virtual names here; we
+            # have no way to guess which of a collection of resources is the
+            # real correct one.
+            if sibling['virtual_name'] == dependency['name']
+              real_resources = []
+              found_exact = false
+              resource["dependencies"].each { |dep_again|
+                if dep_again['type'] == dependency['type'] and sibling['name'] == dep_again['name']
+                  dependency['name'] = sibling['name']
+                  found_exact = true
+                  break
+                end
+              }
+              if !found_exact
+                all_siblings = haveLitterMate?(dependency['name'], dependency['type'], has_multiple: true)
+                if all_siblings.size > 0
+                  all_siblings.each { |s|
+                    newguy = dependency.clone
+                    newguy['name'] = s['name']
+                    addme << newguy
                   }
+                  deleteme << dependency
+                  MU.log "Expanding dependency which maps to virtual resources to all matching real resources", MU::NOTICE, details: { sibling['virtual_name'] => addme }
+                  next
                 end
-                if !found
-                  MU.log "Missing dependency: #{type}{#{resource['name']}} needs #{cfg_name}{#{dependency['name']}}", MU::ERR, details: names_seen
+              end
+            end
+            # Check for a circular relationship that will lead to a deadlock
+            # when creating resource. This only goes one layer deep, and does
+            # not consider groom-phase deadlocks.
+            if dependency['phase'] == "groom" or dependency['no_create_wait'] or (
+                 !MU::Cloud.resourceClass(sibling['cloud'], type).deps_wait_on_my_creation and
+                 !MU::Cloud.resourceClass(resource['cloud'], type).waits_on_parent_completion
+               )
+              next
+            end
+            if sibling['dependencies']
+              sibling['dependencies'].each { |sib_dep|
+                next if sib_dep['type'] != cfg_name or sib_dep['no_create_wait']
+                cousin = haveLitterMate?(sib_dep['name'], sib_dep['type'])
+                if cousin and cousin['name'] == resource['name']
+                  MU.log "Circular dependency between #{type} #{resource['name']} <=> #{dependency['type']} #{dependency['name']}", MU::ERR, details: [ resource['name'] => dependency, sibling['name'] => sib_dep ]
                   ok = false
                 end
               }
-              if append.size > 0
-                append.uniq!
-                resource["dependencies"].concat(append)
-              end
-              if delete.size > 0
-                delete.each { |delete_me|
-                  resource["dependencies"].delete(delete_me)
-                }
-              end
             end
           }
-        end
+          resource["dependencies"].reject! { |dep| deleteme.include?(dep) }
+          resource["dependencies"].concat(addme)
+          resource["dependencies"].uniq!
+        }
       }
-      return ok
+      ok
     end
     # Ugly text-manipulation to recursively resolve some placeholder strings
@@ -1191,12 +1238,7 @@ module MU
                     "port" => db["port"],
                     "sgs" => [cfg_name+server['name']]
                   }
-                  ruleset["dependencies"] << {
-                    "name" => cfg_name+server['name'],
-                    "type" => "firewall_rule",
-                    "no_create_wait" => true
-                  }
+                  MU::Config.addDependency(ruleset, cfg_name+server['name'], "firewall_rule", no_create_wait: true)
                 end
               }
             }
@@ -1214,7 +1256,7 @@ module MU
       types.each { |type|
         config[type] = @kittens[type] if @kittens[type].size > 0
       }
-      ok = false if !MU::Config.check_dependencies(config)
+      ok = false if !check_dependencies
       # TODO enforce uniqueness of resource names
       raise ValidationError if !ok