cloud-mu 3.1.6 → 3.2.0

data/modules/mu/mommacat/storage.rb

@@ -88,16 +88,28 @@ module MU
       }
     end
 
+
     # Overwrite this deployment's configuration with a new version. Save the
     # previous version as well.
     # @param new_conf [Hash]: A new configuration, fully resolved by {MU::Config}
-    def updateBasketofKittens(new_conf)
+    def updateBasketofKittens(new_conf, skip_validation: false, new_metadata: nil, save_now: false)
       loadDeploy
       if new_conf == @original_config
-        MU.log "#{@deploy_id}", MU::WARN
         return
       end
 
+      scrub_with = nil
+
+      # Make sure the new config that we were just handed resolves and makes
+      # sense
+      if !skip_validation
+        f = Tempfile.new(@deploy_id)
+        f.write JSON.parse(JSON.generate(new_conf)).to_yaml
+        conf_engine = MU::Config.new(f.path) # will throw an exception if it's bad, adoption should catch this and cope reasonably
+        scrub_with = conf_engine.config
+        f.close
+      end
+
       backup = "#{deploy_dir}/basket_of_kittens.json.#{Time.now.to_i.to_s}"
       MU.log "Saving previous config of #{@deploy_id} to #{backup}"
       config = File.new(backup, File::CREAT|File::TRUNC|File::RDWR, 0600)
@@ -106,9 +118,26 @@ module MU
       config.flock(File::LOCK_UN)
       config.close
 
-      @original_config = new_conf
-#      save! # XXX this will happen later, more sensibly
-      MU.log "New config saved to #{deploy_dir}/basket_of_kittens.json"
+      @original_config = new_conf.clone
+
+      MU::Cloud.resource_types.each_pair { |res_type, attrs|
+        next if !@deployment.has_key?(attrs[:cfg_plural])
+        deletia = []
+        @deployment[attrs[:cfg_plural]].each_pair { |res_name, data|
+          orig_cfg = findResourceConfig(attrs[:cfg_plural], res_name, (scrub_with || @original_config))
+
+          if orig_cfg.nil?
+            MU.log "#{res_type} #{res_name} no longer configured, will remove deployment metadata", MU::NOTICE
+            deletia << res_name
+          end
+        }
+        @deployment[attrs[:cfg_plural]].reject! { |k, v| deletia.include?(k) }
+      }
+
+      if save_now
+        save!
+        MU.log "New config saved to #{deploy_dir}/basket_of_kittens.json"
+      end
     end
 
     @lock_semaphore = Mutex.new
@@ -147,11 +176,11 @@ module MU
     # @param id [String]: The lock identifier to release.
     # @param nonblock [Boolean]: Whether to block while waiting for the lock. In non-blocking mode, we simply return false if the lock is not available.
     # return [false, nil]
-    def self.lock(id, nonblock = false, global = false)
+    def self.lock(id, nonblock = false, global = false, deploy_id: MU.deploy_id)
       raise MuError, "Can't pass a nil id to MU::MommaCat.lock" if id.nil?
 
       if !global
-        lockdir = "#{deploy_dir(MU.deploy_id)}/locks"
+        lockdir = "#{deploy_dir(deploy_id)}/locks"
       else
         lockdir = File.expand_path(MU.dataDir+"/locks")
       end
@@ -186,11 +215,11 @@ module MU
 
     # Release a flock() lock.
     # @param id [String]: The lock identifier to release.
-    def self.unlock(id, global = false)
+    def self.unlock(id, global = false, deploy_id: MU.deploy_id)
       raise MuError, "Can't pass a nil id to MU::MommaCat.unlock" if id.nil?
       lockdir = nil
       if !global
-        lockdir = "#{deploy_dir(MU.deploy_id)}/locks"
+        lockdir = "#{deploy_dir(deploy_id)}/locks"
       else
         lockdir = File.expand_path(MU.dataDir+"/locks")
       end
@@ -512,48 +541,30 @@ module MU
       if !@original_config['scrub_mu_isms'] and !@no_artifacts
         credsets.each_pair { |cloud, creds|
           creds.uniq!
-          cloudclass = Object.const_get("MU").const_get("Cloud").const_get(cloud)
           creds.each { |credentials|
-            cloudclass.writeDeploySecret(@deploy_id, @deploy_secret, credentials: credentials)
+            MU::Cloud.cloudClass(cloud).writeDeploySecret(@deploy_id, @deploy_secret, credentials: credentials)
           }
         }
       end
     end
 
     def loadObjects(delay_descriptor_load)
+      # Load up MU::Cloud objects for all our kittens in this deploy
+
       MU::Cloud.resource_types.each_pair { |res_type, attrs|
         type = attrs[:cfg_plural]
         next if !@deployment.has_key?(type)
 
+        deletia = {}
         @deployment[type].each_pair { |res_name, data|
-          orig_cfg = nil
-          if @original_config.has_key?(type)
-            @original_config[type].each { |resource|
-              if resource["name"] == res_name
-                orig_cfg = resource
-                break
-              end
-            }
-          end
-
-          # Some Server objects originated from ServerPools, get their
-          # configs from there
-          if type == "servers" and orig_cfg.nil? and
-              @original_config.has_key?("server_pools")
-            @original_config["server_pools"].each { |resource|
-              if resource["name"] == res_name
-                orig_cfg = resource
-                break
-              end
-            }
-          end
+          orig_cfg = findResourceConfig(type, res_name)
 
           if orig_cfg.nil?
             MU.log "Failed to locate original config for #{attrs[:cfg_name]} #{res_name} in #{@deploy_id}", MU::WARN if !["firewall_rules", "databases", "storage_pools", "cache_clusters", "alarms"].include?(type) # XXX shaddap
             next
           end
 
-          if orig_cfg['vpc'] and orig_cfg['vpc'].is_a?(Hash)
+          if orig_cfg['vpc']
             ref = if orig_cfg['vpc']['id'] and orig_cfg['vpc']['id'].is_a?(Hash)
               orig_cfg['vpc']['id']['mommacat'] = self
               MU::Config::Ref.get(orig_cfg['vpc']['id'])
@@ -566,18 +577,12 @@ module MU
           end
 
           begin
-            # Load up MU::Cloud objects for all our kittens in this deploy
-            orig_cfg['environment'] = @environment # not always set in old deploys
             if attrs[:has_multiples]
               data.keys.each { |mu_name|
-                attrs[:interface].new(mommacat: self, kitten_cfg: orig_cfg, mu_name: mu_name, delay_descriptor_load: delay_descriptor_load)
+                addKitten(type, res_name, attrs[:interface].new(mommacat: self, kitten_cfg: orig_cfg, mu_name: mu_name, delay_descriptor_load: delay_descriptor_load))
               }
             else
-              # XXX hack for old deployments, this can go away some day
-              if data['mu_name'].nil?
-                raise MuError, "Unable to find or guess a Mu name for #{res_type}: #{res_name} in #{@deploy_id}"
-              end
-              attrs[:interface].new(mommacat: self, kitten_cfg: orig_cfg, mu_name: data['mu_name'], cloud_id: data['cloud_id'])
+              addKitten(type, res_name, attrs[:interface].new(mommacat: self, kitten_cfg: orig_cfg, mu_name: data['mu_name'], cloud_id: data['cloud_id']))
             end
           rescue StandardError => e
             if e.class != MU::Cloud::MuCloudResourceNotImplemented
@@ -585,6 +590,7 @@ module MU
             end
           end
         }
+
       }
     end
 
@@ -687,5 +693,30 @@ module MU
       }
     end
 
+    def findResourceConfig(type, name, config = @original_config)
+      orig_cfg = nil
+      if config.has_key?(type)
+        config[type].each { |resource|
+          if resource["name"] == name
+            orig_cfg = resource
+            break
+          end
+        }
+      end
+  
+      # Some Server objects originated from ServerPools, get their
+      # configs from there
+      if type == "servers" and orig_cfg.nil? and config.has_key?("server_pools")
+        config["server_pools"].each { |resource|
+          if resource["name"] == name
+            orig_cfg = resource
+            break
+          end
+        }
+      end
+
+      orig_cfg
+    end
+
   end #class
 end #module

data/modules/mu/{clouds → providers}/README.md

@@ -89,7 +89,7 @@ Looking elsewhere in `cloud.rb` let's see what all we have to do:
     generic_instance_methods = [:create, :notify, :mu_name, :cloud_id, :config]
 ```
 
-Just the basics, for now. Here's what that will look like in the AWS layer, in the file `modules/mu/clouds/aws/function.rb`:
+Just the basics, for now. Here's what that will look like in the AWS layer, in the file `modules/mu/providers/aws/function.rb`:
 
 ```
 module MU

data/modules/mu/{clouds → providers}/aws.rb

@@ -39,7 +39,7 @@ module MU
       end
 
       # List all AWS projects available to our credentials
-      def self.listHabitats(credentials = nil)
+      def self.listHabitats(credentials = nil, use_cache: true)
         cfg = credConfig(credentials)
         return [] if !cfg or !cfg['account_number']
         [cfg['account_number']]
@@ -805,46 +805,41 @@ end
 
         @@instance_types ||= {}
         @@instance_types[region] ||= {}
-        next_token = nil
 
-        begin
-          # Pricing API isn't widely available, so ask a region we know supports
-          # it
-          resp = MU::Cloud::AWS.pricing(region: "us-east-1").get_products(
-            service_code: "AmazonEC2",
-            filters: [
-              {
-                field: "productFamily",
-                value: "Compute Instance",
-                type: "TERM_MATCH"
-              },
-              {
-                field: "tenancy",
-                value: "Shared",
-                type: "TERM_MATCH"
-              },
-              {
-                field: "location",
-                value: human_region,
-                type: "TERM_MATCH"
-              }
-            ],
-            next_token: next_token
-          )
-          resp.price_list.each { |pricing|
-            data = JSON.parse(pricing)
-            type = data["product"]["attributes"]["instanceType"]
-            next if @@instance_types[region].has_key?(type)
-            @@instance_types[region][type] = {}
-            ["ecu", "vcpu", "memory", "storage"].each { |a|
-              @@instance_types[region][type][a] = data["product"]["attributes"][a]
+        # Pricing API isn't widely available, so ask a region we know supports
+        # it
+        resp = MU::Cloud::AWS.pricing(region: "us-east-1").get_products(
+          service_code: "AmazonEC2",
+          filters: [
+            {
+              field: "productFamily",
+              value: "Compute Instance",
+              type: "TERM_MATCH"
+            },
+            {
+              field: "tenancy",
+              value: "Shared",
+              type: "TERM_MATCH"
+            },
+            {
+              field: "location",
+              value: human_region,
+              type: "TERM_MATCH"
             }
-            @@instance_types[region][type]["memory"].sub!(/ GiB/, "")
-            @@instance_types[region][type]["memory"] = @@instance_types[region][type]["memory"].to_f
-            @@instance_types[region][type]["vcpu"] = @@instance_types[region][type]["vcpu"].to_f
+          ]
+        )
+        resp.price_list.each { |pricing|
+          data = JSON.parse(pricing)
+          type = data["product"]["attributes"]["instanceType"]
+          next if @@instance_types[region].has_key?(type)
+          @@instance_types[region][type] = {}
+          ["ecu", "vcpu", "memory", "storage"].each { |a|
+            @@instance_types[region][type][a] = data["product"]["attributes"][a]
           }
-          next_token = resp.next_token
-        end while resp and next_token
+          @@instance_types[region][type]["memory"].sub!(/ GiB/, "")
+          @@instance_types[region][type]["memory"] = @@instance_types[region][type]["memory"].to_f
+          @@instance_types[region][type]["vcpu"] = @@instance_types[region][type]["vcpu"].to_f
+        }
 
         @@instance_types
       end
@@ -1251,7 +1246,7 @@ end
       # Mu Master, if we're in AWS.
       # @return [void]
       def self.openFirewallForClients
-        MU::Cloud.loadCloudType("AWS", :FirewallRule)
+        MU::Cloud.resourceClass("AWS", :FirewallRule)
         begin
           if File.exist?(Etc.getpwuid(Process.uid).dir+"/.chef/knife.rb")
             ::Chef::Config.from_file(Etc.getpwuid(Process.uid).dir+"/.chef/knife.rb")
@@ -1454,21 +1449,93 @@ end
         # Catch-all for AWS client methods. Essentially a pass-through with some
         # rescues for known silly endpoint behavior.
         def method_missing(method_sym, *arguments)
+          # make sure error symbols are loaded for our exception handling later
           require "aws-sdk-core"
+          require "aws-sdk-core/rds"
+          require "aws-sdk-core/ec2"
+          require "aws-sdk-core/route53"
+          require "aws-sdk-core/iam"
+          require "aws-sdk-core/efs"
+          require "aws-sdk-core/pricing"
+          require "aws-sdk-core/apigateway"
+          require "aws-sdk-core/ecs"
+          require "aws-sdk-core/eks"
+          require "aws-sdk-core/cloudwatchlogs"
+          require "aws-sdk-core/elasticloadbalancing"
+          require "aws-sdk-core/elasticloadbalancingv2"
+          require "aws-sdk-core/autoscaling"
+          require "aws-sdk-core/client_waiters"
+          require "aws-sdk-core/waiters/errors"
 
           retries = 0
           begin
             MU.log "Calling #{method_sym} in #{@region}", MU::DEBUG, details: arguments
-            retval = nil
-            if !arguments.nil? and arguments.size == 1
-              retval = @api.method(method_sym).call(arguments[0])
-            elsif !arguments.nil? and arguments.size > 0
-              retval = @api.method(method_sym).call(*arguments)
-            else
-              retval = @api.method(method_sym).call
+
+              retval = if !arguments.nil? and arguments.size == 1
+                @api.method(method_sym).call(arguments[0])
+              elsif !arguments.nil? and arguments.size > 0
+                @api.method(method_sym).call(*arguments)
+              else
+                @api.method(method_sym).call
+              end
+
+            if !retval.nil?
+              begin
+              page_markers = [:marker, :next_token]
+              paginator = nil
+              new_page = nil
+              [:next_token, :marker].each { |m|
+                if !retval.nil? and retval.respond_to?(m)
+                  paginator = m
+                  new_page = retval.send(paginator)
+                  break
+                end
+              }
+
+              if paginator and new_page and !new_page.empty?
+                resp = retval.respond_to?(:__getobj__) ? retval.__getobj__ : retval
+                concat_to = resp.class.instance_methods(false).reject { |m|
+                  m.to_s.match(/=$/) or m == paginator or resp.send(m).nil? or !resp.send(m).is_a?(Array)
+                }
+                if concat_to.size != 1
+                  MU.log "Tried to figure out where I might append paginated results for a #{resp.class.name}, but failed", MU::DEBUG, details: concat_to
+                else
+                  concat_to = concat_to.first
+                  new_args = arguments ? arguments.dup : [{}]
+                  begin
+                    if new_args.is_a?(Array)
+                      new_args << {} if new_args.empty?
+                      if new_args.size == 1 and new_args.first.is_a?(Hash)
+                        new_args[0][paginator] = new_page
+                      else
+                        MU.log "I don't know how to insert a #{paginator} into these arguments for #{method_sym}", MU::WARN, details: new_args
+                      end
+                    elsif new_args.is_a?(Hash)
+                      new_args[paginator] = new_page
+                    end
+
+                    MU.log "Attempting magic pagination for #{method_sym}", MU::DEBUG, details: new_args
+
+#                    resp = if !arguments.nil? and arguments.size == 1
+#                      @api.method(method_sym).call(new_args[0])
+#                    elsif !arguments.nil? and arguments.size > 0
+                    resp = @api.method(method_sym).call(*new_args)
+#                    end
+                    break if resp.nil?
+                    resp = resp.__getobj__ if resp.respond_to?(:__getobj__)
+                    retval.send(concat_to).concat(resp.send(concat_to))
+                    new_page = resp.send(paginator) if !resp.nil?
+                  end while !resp.nil? and !new_page.nil? and !new_page.empty?
+                end
+              end
+              rescue StandardError => e
+                MU.log "Made a good-faith effort to auto-paginate API call to #{method_sym} and failed with #{e.message}", MU::DEBUG, details: arguments
+                raise e
+              end
             end
+
             return retval
-          rescue Aws::EC2::Errors::InternalError, Aws::EC2::Errors::RequestLimitExceeded, Aws::EC2::Errors::Unavailable, Aws::Route53::Errors::Throttling, Aws::ElasticLoadBalancing::Errors::HttpFailureException, Aws::EC2::Errors::Http503Error, Aws::AutoScaling::Errors::Http503Error, Aws::AutoScaling::Errors::InternalFailure, Aws::AutoScaling::Errors::ServiceUnavailable, Aws::Route53::Errors::ServiceUnavailable, Aws::ElasticLoadBalancing::Errors::Throttling, Aws::RDS::Errors::ClientUnavailable, Aws::Waiters::Errors::UnexpectedError, Aws::ElasticLoadBalancing::Errors::ServiceUnavailable, Aws::ElasticLoadBalancingV2::Errors::Throttling, Seahorse::Client::NetworkingError, Aws::IAM::Errors::Throttling, Aws::EFS::Errors::ThrottlingException, Aws::Pricing::Errors::ThrottlingException, Aws::APIGateway::Errors::TooManyRequestsException, Aws::ECS::Errors::ThrottlingException, Net::ReadTimeout, Faraday::TimeoutError, Aws::CloudWatchLogs::Errors::ThrottlingException => e
+          rescue Aws::RDS::Errors::Throttling, Aws::EC2::Errors::InternalError, Aws::EC2::Errors::RequestLimitExceeded, Aws::EC2::Errors::Unavailable, Aws::Route53::Errors::Throttling, Aws::ElasticLoadBalancing::Errors::HttpFailureException, Aws::EC2::Errors::Http503Error, Aws::AutoScaling::Errors::Http503Error, Aws::AutoScaling::Errors::InternalFailure, Aws::AutoScaling::Errors::ServiceUnavailable, Aws::Route53::Errors::ServiceUnavailable, Aws::ElasticLoadBalancing::Errors::Throttling, Aws::RDS::Errors::ClientUnavailable, Aws::Waiters::Errors::UnexpectedError, Aws::ElasticLoadBalancing::Errors::ServiceUnavailable, Aws::ElasticLoadBalancingV2::Errors::Throttling, Seahorse::Client::NetworkingError, Aws::IAM::Errors::Throttling, Aws::EFS::Errors::ThrottlingException, Aws::Pricing::Errors::ThrottlingException, Aws::APIGateway::Errors::TooManyRequestsException, Aws::ECS::Errors::ThrottlingException, Net::ReadTimeout, Faraday::TimeoutError, Aws::CloudWatchLogs::Errors::ThrottlingException => e
             if e.class.name == "Seahorse::Client::NetworkingError" and e.message.match(/Name or service not known/)
               MU.log e.inspect, MU::ERR
               raise e

data/modules/mu/{clouds → providers}/aws/alarm.rb

@@ -321,7 +321,7 @@ module MU
               if !depclass.nil?
                 dimension["depclass"] = depclass
                 if !dimension["name"].nil? and !dimension["name"].empty?
-                  alarm["dependencies"] << { "name" => dimension["name"], "type" => depclass }
+                  MU::Config.addDependency(alarm, dimension["name"], depclass)
                 end
               end
             }

data/modules/mu/{clouds → providers}/aws/bucket.rb

@@ -97,7 +97,7 @@ module MU
               ]
             }
 
-            policy_docs = MU::Cloud::AWS::Role.genPolicyDocument(@config['policies'], deploy_obj: @deploy, bucket_style: true)
+            policy_docs = MU::Cloud.resourceClass("AWS", "Role").genPolicyDocument(@config['policies'], deploy_obj: @deploy, bucket_style: true)
             policy_docs.each { |doc|
               MU.log "Applying S3 bucket policy #{doc.keys.first} to bucket #{@cloud_id}", MU::NOTICE, details: JSON.pretty_generate(doc.values.first)
               MU::Cloud::AWS.s3(credentials: @config['credentials'], region: @config['region']).put_bucket_policy(
@@ -309,7 +309,7 @@ module MU
         def self.schema(_config)
           toplevel_required = []
           schema = {
-            "policies" => MU::Cloud::AWS::Role.condition_schema,
+            "policies" => MU::Cloud.resourceClass("AWS", "Role").condition_schema,
             "acl" => {
               "type" => "string",
               "enum" => ["private", "public-read", "public-read-write", "authenticated-read"],

data/modules/mu/{clouds → providers}/aws/cache_cluster.rb

@@ -199,7 +199,7 @@ module MU
               addStandardTags(member, "cluster", region: @config['region'])
             }
 
-            MU::Cloud::AWS::DNSZone.genericMuDNSEntry(
+            MU::Cloud.resourceClass("AWS", "DNSZone").genericMuDNSEntry(
               name: resp.replication_group_id,
               target: "#{resp.node_groups.first.primary_endpoint.address}.",
               cloudclass: MU::Cloud::CacheCluster,
@@ -207,7 +207,7 @@ module MU
             )
 
             resp.node_groups.first.node_group_members.each { |member|
-              MU::Cloud::AWS::DNSZone.genericMuDNSEntry(
+              MU::Cloud.resourceClass("AWS", "DNSZone").genericMuDNSEntry(
                 name: member.cache_cluster_id,
                 target: "#{member.read_endpoint.address}.",
                 cloudclass: MU::Cloud::CacheCluster,
@@ -270,7 +270,7 @@ module MU
         def createSubnetGroup
           subnet_ids = []
           if @config["vpc"] && !@config["vpc"].empty?
-            raise MuError, "Didn't find the VPC specified in #{@config["vpc"]}" unless @vpc
+            raise MuError.new "Didn't find the VPC specified for #{@mu_name}", details: @config["vpc"].to_h unless @vpc
 
             vpc_id = @vpc.cloud_id
 
@@ -283,7 +283,7 @@ module MU
             else
               @config["vpc"]["subnets"].each { |subnet|
                 subnet_obj = @vpc.getSubnet(cloud_id: subnet["subnet_id"].to_s, name: subnet["subnet_name"].to_s)
-                raise MuError, "Couldn't find a live subnet matching #{subnet} in #{@vpc} (#{@vpc.subnets})" if subnet_obj.nil?
+                raise MuError.new "Couldn't find a live subnet matching #{subnet} in #{@vpc}", details: @vpc.subnets if subnet_obj.nil?
                 subnet_ids << subnet_obj.cloud_id
               }
             end
@@ -333,24 +333,7 @@ module MU
               subnet_ids: subnet_ids
             )
 
-            # Find NAT and create holes in security groups.
-            # Adding just for consistency, but do we really need this for cache clusters? I guess Nagios and such..
-            if @config["vpc"]["nat_host_name"] || @config["vpc"]["nat_host_id"] || @config["vpc"]["nat_host_tag"] || @config["vpc"]["nat_host_ip"]
-              nat = @nat
-              if nat.is_a?(Struct) && nat.nat_gateway_id && nat.nat_gateway_id.start_with?("nat-")
-                MU.log "Using NAT Gateway, not modifying security groups"
-              else
-                _nat_name, _nat_conf, nat_deploydata = @nat.describe
-                @deploy.kittens['firewall_rules'].values.each { |acl|
-  # XXX if a user doesn't set up dependencies correctly, this can die horribly on a NAT that's still in mid-creation. Fix this... possibly in the config parser.
-                  if acl.config["admin"]
-                    acl.addRule([nat_deploydata["private_ip_address"]], proto: "tcp")
-                    acl.addRule([nat_deploydata["private_ip_address"]], proto: "udp")
-                    break
-                  end
-                }
-              end
-            end
+            allowBastionAccess
 
             if @dependencies.has_key?('firewall_rule')
               @config["security_group_ids"] = []
@@ -430,7 +413,7 @@ module MU
               }
             end
             # XXX this should be a call to @deploy.nameKitten
-            MU::Cloud::AWS::DNSZone.createRecordsFromConfig(@config['dns_records'], target: repl_group.node_groups.first.primary_endpoint.address)
+            MU::Cloud.resourceClass("AWS", "DNSZone").createRecordsFromConfig(@config['dns_records'], target: repl_group.node_groups.first.primary_endpoint.address)
 
             deploy_struct = {
               "identifier" => repl_group.replication_group_id,
@@ -703,26 +686,7 @@ module MU
               "type" => "boolean",
               "description" => "Create a replication group; will be set automatically if +engine+ is +redis+ and +node_count+ is greated than one."
             },
-            "ingress_rules" => {
-              "items" => {
-                "properties" => {
-                  "sgs" => {
-                    "type" => "array",
-                    "items" => {
-                      "description" => "Other AWS Security Groups; resources that are associated with this group will have this rule applied to their traffic",
-                      "type" => "string"
-                    }
-                  },
-                  "lbs" => {
-                    "type" => "array",
-                    "items" => {
-                      "description" => "AWS Load Balancers which will have this rule applied to their traffic",
-                      "type" => "string"
-                    }
-                  }
-                }
-              }
-            }
+            "ingress_rules" => MU::Cloud.resourceClass("AWS", "FirewallRule").ingressRuleAddtlSchema
           }
           [toplevel_required, schema]
         end
@@ -823,7 +787,7 @@ module MU
           end
 
           # The API is broken, cluster.cache_nodes is returnning an empty array, and the only URL we can get is the config one with cluster.configuration_endpoint.address.
-          # MU::Cloud::AWS::DNSZone.genericMuDNSEntry(name: cluster_id, target: , cloudclass: MU::Cloud::CacheCluster, delete: true)
+          # MU::Cloud.resourceClass("AWS", "DNSZone").genericMuDNSEntry(name: cluster_id, target: , cloudclass: MU::Cloud::CacheCluster, delete: true)
           
           if %w{deleting deleted}.include?(cluster.cache_cluster_status)
             MU.log "#{cluster_id} has already been terminated", MU::WARN
@@ -925,10 +889,10 @@ module MU
           end
 
           # What's the likelihood of having more than one node group? maybe iterate over node_groups instead of assuming there is only one?
-          MU::Cloud::AWS::DNSZone.genericMuDNSEntry(name: repl_group_id, target: repl_group.node_groups.first.primary_endpoint.address, cloudclass: MU::Cloud::CacheCluster, delete: true)
+          MU::Cloud.resourceClass("AWS", "DNSZone").genericMuDNSEntry(name: repl_group_id, target: repl_group.node_groups.first.primary_endpoint.address, cloudclass: MU::Cloud::CacheCluster, delete: true)
           # Assuming we also created DNS records for each of our cluster's read endpoint.
           repl_group.node_groups.first.node_group_members.each { |member|
-            MU::Cloud::AWS::DNSZone.genericMuDNSEntry(name: member.cache_cluster_id, target: member.read_endpoint.address, cloudclass: MU::Cloud::CacheCluster, delete: true)
+            MU::Cloud.resourceClass("AWS", "DNSZone").genericMuDNSEntry(name: member.cache_cluster_id, target: member.read_endpoint.address, cloudclass: MU::Cloud::CacheCluster, delete: true)
           }
           
           if %w{deleting deleted}.include?(repl_group.status)