RubyGems - cloud-mu - Versions diffs - 3.1.6 → 3.2.0 - Mend

cloud-mu 3.1.6 → 3.2.0

Files changed (154) hide show

checksums.yaml +4 -4
data/bin/mu-adopt +4 -12
data/bin/mu-azure-tests +57 -0
data/bin/mu-cleanup +2 -4
data/bin/mu-configure +37 -1
data/bin/mu-deploy +3 -3
data/bin/mu-findstray-tests +25 -0
data/bin/mu-gen-docs +2 -4
data/bin/mu-run-tests +23 -10
data/cloud-mu.gemspec +2 -2
data/cookbooks/mu-tools/libraries/helper.rb +1 -1
data/cookbooks/mu-tools/recipes/apply_security.rb +14 -14
data/cookbooks/mu-tools/recipes/aws_api.rb +9 -0
data/extras/generate-stock-images +1 -0
data/modules/mu.rb +82 -95
data/modules/mu/adoption.rb +356 -56
data/modules/mu/cleanup.rb +21 -20
data/modules/mu/cloud.rb +79 -1753
data/modules/mu/cloud/database.rb +49 -0
data/modules/mu/cloud/dnszone.rb +46 -0
data/modules/mu/cloud/machine_images.rb +212 -0
data/modules/mu/cloud/providers.rb +81 -0
data/modules/mu/cloud/resource_base.rb +920 -0
data/modules/mu/cloud/server.rb +40 -0
data/modules/mu/cloud/server_pool.rb +1 -0
data/modules/mu/cloud/ssh_sessions.rb +228 -0
data/modules/mu/cloud/winrm_sessions.rb +237 -0
data/modules/mu/cloud/wrappers.rb +165 -0
data/modules/mu/config.rb +122 -80
data/modules/mu/config/alarm.rb +2 -6
data/modules/mu/config/bucket.rb +1 -1
data/modules/mu/config/cache_cluster.rb +1 -1
data/modules/mu/config/collection.rb +1 -1
data/modules/mu/config/container_cluster.rb +2 -2
data/modules/mu/config/database.rb +83 -104
data/modules/mu/config/database.yml +1 -2
data/modules/mu/config/dnszone.rb +1 -1
data/modules/mu/config/doc_helpers.rb +4 -5
data/modules/mu/config/endpoint.rb +1 -1
data/modules/mu/config/firewall_rule.rb +3 -19
data/modules/mu/config/folder.rb +1 -1
data/modules/mu/config/function.rb +1 -1
data/modules/mu/config/group.rb +1 -1
data/modules/mu/config/habitat.rb +1 -1
data/modules/mu/config/loadbalancer.rb +57 -11
data/modules/mu/config/log.rb +1 -1
data/modules/mu/config/msg_queue.rb +1 -1
data/modules/mu/config/nosqldb.rb +1 -1
data/modules/mu/config/notifier.rb +1 -1
data/modules/mu/config/ref.rb +30 -4
data/modules/mu/config/role.rb +1 -1
data/modules/mu/config/schema_helpers.rb +30 -34
data/modules/mu/config/search_domain.rb +1 -1
data/modules/mu/config/server.rb +4 -12
data/modules/mu/config/server_pool.rb +3 -7
data/modules/mu/config/storage_pool.rb +1 -1
data/modules/mu/config/tail.rb +10 -0
data/modules/mu/config/user.rb +1 -1
data/modules/mu/config/vpc.rb +12 -17
data/modules/mu/defaults/AWS.yaml +32 -32
data/modules/mu/defaults/Azure.yaml +1 -0
data/modules/mu/defaults/Google.yaml +1 -0
data/modules/mu/deploy.rb +16 -15
data/modules/mu/groomer.rb +15 -0
data/modules/mu/groomers/chef.rb +3 -0
data/modules/mu/logger.rb +120 -144
data/modules/mu/master.rb +1 -1
data/modules/mu/mommacat.rb +54 -25
data/modules/mu/mommacat/daemon.rb +10 -7
data/modules/mu/mommacat/naming.rb +82 -3
data/modules/mu/mommacat/search.rb +47 -15
data/modules/mu/mommacat/storage.rb +72 -41
data/modules/mu/{clouds → providers}/README.md +1 -1
data/modules/mu/{clouds → providers}/aws.rb +114 -47
data/modules/mu/{clouds → providers}/aws/alarm.rb +1 -1
data/modules/mu/{clouds → providers}/aws/bucket.rb +2 -2
data/modules/mu/{clouds → providers}/aws/cache_cluster.rb +10 -46
data/modules/mu/{clouds → providers}/aws/collection.rb +3 -3
data/modules/mu/{clouds → providers}/aws/container_cluster.rb +15 -33
data/modules/mu/providers/aws/database.rb +1744 -0
data/modules/mu/{clouds → providers}/aws/dnszone.rb +2 -5
data/modules/mu/{clouds → providers}/aws/endpoint.rb +2 -11
data/modules/mu/{clouds → providers}/aws/firewall_rule.rb +33 -29
data/modules/mu/{clouds → providers}/aws/folder.rb +0 -0
data/modules/mu/{clouds → providers}/aws/function.rb +2 -10
data/modules/mu/{clouds → providers}/aws/group.rb +9 -13
data/modules/mu/{clouds → providers}/aws/habitat.rb +1 -1
data/modules/mu/{clouds → providers}/aws/loadbalancer.rb +41 -33
data/modules/mu/{clouds → providers}/aws/log.rb +2 -2
data/modules/mu/{clouds → providers}/aws/msg_queue.rb +2 -8
data/modules/mu/{clouds → providers}/aws/nosqldb.rb +0 -0
data/modules/mu/{clouds → providers}/aws/notifier.rb +0 -0
data/modules/mu/{clouds → providers}/aws/role.rb +7 -7
data/modules/mu/{clouds → providers}/aws/search_domain.rb +8 -13
data/modules/mu/{clouds → providers}/aws/server.rb +55 -90
data/modules/mu/{clouds → providers}/aws/server_pool.rb +10 -33
data/modules/mu/{clouds → providers}/aws/storage_pool.rb +19 -36
data/modules/mu/{clouds → providers}/aws/user.rb +8 -12
data/modules/mu/{clouds → providers}/aws/userdata/README.md +0 -0
data/modules/mu/{clouds → providers}/aws/userdata/linux.erb +0 -0
data/modules/mu/{clouds → providers}/aws/userdata/windows.erb +0 -0
data/modules/mu/{clouds → providers}/aws/vpc.rb +135 -70
data/modules/mu/{clouds → providers}/aws/vpc_subnet.rb +0 -0
data/modules/mu/{clouds → providers}/azure.rb +4 -1
data/modules/mu/{clouds → providers}/azure/container_cluster.rb +1 -5
data/modules/mu/{clouds → providers}/azure/firewall_rule.rb +8 -1
data/modules/mu/{clouds → providers}/azure/habitat.rb +0 -0
data/modules/mu/{clouds → providers}/azure/loadbalancer.rb +0 -0
data/modules/mu/{clouds → providers}/azure/role.rb +0 -0
data/modules/mu/{clouds → providers}/azure/server.rb +30 -23
data/modules/mu/{clouds → providers}/azure/user.rb +1 -1
data/modules/mu/{clouds → providers}/azure/userdata/README.md +0 -0
data/modules/mu/{clouds → providers}/azure/userdata/linux.erb +0 -0
data/modules/mu/{clouds → providers}/azure/userdata/windows.erb +0 -0
data/modules/mu/{clouds → providers}/azure/vpc.rb +4 -6
data/modules/mu/{clouds → providers}/cloudformation.rb +1 -1
data/modules/mu/{clouds → providers}/cloudformation/alarm.rb +3 -3
data/modules/mu/{clouds → providers}/cloudformation/cache_cluster.rb +3 -3
data/modules/mu/{clouds → providers}/cloudformation/collection.rb +3 -3
data/modules/mu/{clouds → providers}/cloudformation/database.rb +6 -17
data/modules/mu/{clouds → providers}/cloudformation/dnszone.rb +3 -3
data/modules/mu/{clouds → providers}/cloudformation/firewall_rule.rb +3 -3
data/modules/mu/{clouds → providers}/cloudformation/loadbalancer.rb +3 -3
data/modules/mu/{clouds → providers}/cloudformation/log.rb +3 -3
data/modules/mu/{clouds → providers}/cloudformation/server.rb +7 -7
data/modules/mu/{clouds → providers}/cloudformation/server_pool.rb +5 -5
data/modules/mu/{clouds → providers}/cloudformation/vpc.rb +3 -3
data/modules/mu/{clouds → providers}/docker.rb +0 -0
data/modules/mu/{clouds → providers}/google.rb +14 -6
data/modules/mu/{clouds → providers}/google/bucket.rb +1 -1
data/modules/mu/{clouds → providers}/google/container_cluster.rb +28 -13
data/modules/mu/{clouds → providers}/google/database.rb +1 -8
data/modules/mu/{clouds → providers}/google/firewall_rule.rb +2 -2
data/modules/mu/{clouds → providers}/google/folder.rb +4 -8
data/modules/mu/{clouds → providers}/google/function.rb +3 -3
data/modules/mu/{clouds → providers}/google/group.rb +8 -16
data/modules/mu/{clouds → providers}/google/habitat.rb +3 -7
data/modules/mu/{clouds → providers}/google/loadbalancer.rb +1 -1
data/modules/mu/{clouds → providers}/google/role.rb +42 -34
data/modules/mu/{clouds → providers}/google/server.rb +25 -10
data/modules/mu/{clouds → providers}/google/server_pool.rb +10 -10
data/modules/mu/{clouds → providers}/google/user.rb +31 -21
data/modules/mu/{clouds → providers}/google/userdata/README.md +0 -0
data/modules/mu/{clouds → providers}/google/userdata/linux.erb +0 -0
data/modules/mu/{clouds → providers}/google/userdata/windows.erb +0 -0
data/modules/mu/{clouds → providers}/google/vpc.rb +37 -2
data/modules/tests/centos6.yaml +11 -0
data/modules/tests/centos7.yaml +11 -0
data/modules/tests/centos8.yaml +12 -0
data/modules/tests/rds.yaml +108 -0
data/modules/tests/regrooms/rds.yaml +123 -0
data/spec/mu/clouds/azure_spec.rb +2 -2
metadata +108 -89
data/modules/mu/clouds/aws/database.rb +0 -1974

data/modules/mu/{clouds → providers}/aws/dnszone.rb RENAMED

@@ -345,7 +345,7 @@ module MU
             rescue Aws::Route53::Errors::LastVPCAssociation => e
               MU.log e.inspect, MU::WARN
             rescue Aws::Route53::Errors::VPCAssociationNotFound
-              MU.log "VPC #{vpc_id} access to zone #{id} already revoked", MU::WARN
+              MU.log "VPC #{vpc_id} access to zone #{id} already revoked", MU::NOTICE
             end
           end
         end
@@ -825,10 +825,7 @@ module MU
               end
               if !record['mu_type'].nil?
-                zone["dependencies"] << {
-                  "type" => record['mu_type'],
-                  "name" => record['target']
-                }
+                MU::Config.addDependency(zone, record['target'], record['mu_type'])
               end
               if record.has_key?('healthchecks') && !record['healthchecks'].empty?

data/modules/mu/{clouds → providers}/aws/endpoint.rb RENAMED

@@ -472,11 +472,7 @@ MU::Cloud::AWS.apig(region: @config['region'], credentials: @config['credentials
           endpoint['methods'].each { |m|
             if m['integrate_with'] and m['integrate_with']['name']
               if m['integrate_with']['type'] != "aws_generic"
-                endpoint['dependencies'] ||= []
-                endpoint['dependencies'] << {
-                  "type" => m['integrate_with']['type'],
-                  "name" => m['integrate_with']['name']
-                }
+                MU::Config.addDependency(endpoint, m['integrate_with']['name'], m['integrate_with']['type'])
               end
               m['integrate_with']['backend_http_method'] ||= m['type']
@@ -525,13 +521,8 @@ MU::Cloud::AWS.apig(region: @config['region'], credentials: @config['credentials
                 end
                 configurator.insertKitten(roledesc, "roles")
-                endpoint['dependencies'] ||= []
                 m['iam_role'] = endpoint['name']+"-"+m['integrate_with']['name']
-                endpoint['dependencies'] << {
-                  "type" => "role",
-                  "name" => endpoint['name']+"-"+m['integrate_with']['name']
-                }
+                MU::Config.addDependency(endpoint, m['iam_role'], "role")
               end
             end
           }

data/modules/mu/{clouds → providers}/aws/firewall_rule.rb RENAMED

@@ -18,7 +18,7 @@ module MU
     class AWS
       # A firewall ruleset as configured in {MU::Config::BasketofKittens::firewall_rules}
       class FirewallRule < MU::Cloud::FirewallRule
-        require "mu/clouds/aws/vpc"
+        require "mu/providers/aws/vpc"
         @admin_sgs = Hash.new
         @admin_sg_semaphore = Mutex.new
@@ -398,7 +398,7 @@ module MU
           # Some services create sneaky rogue ENIs which then block removal of
           # associated security groups. Find them and fry them.
-          MU::Cloud::AWS::VPC.purge_interfaces(noop, filters, region: region, credentials: credentials)
+          MU::Cloud.resourceClass("AWS", "VPC").purge_interfaces(noop, filters, region: region, credentials: credentials)
           resp = MU::Cloud::AWS.ec2(credentials: credentials, region: region).describe_security_groups(
             filters: filters
@@ -421,7 +421,7 @@ module MU
               # try to get out from under loose network interfaces with which
               # we're associated
               if sg.vpc_id
-                default_sg = MU::Cloud::AWS::VPC.getDefaultSg(sg.vpc_id, region: region, credentials: credentials)
+                default_sg = MU::Cloud.resourceClass("AWS", "VPC").getDefaultSg(sg.vpc_id, region: region, credentials: credentials)
                 if default_sg
                   eni_resp = MU::Cloud::AWS.ec2(credentials: credentials, region: region).describe_network_interfaces(
                     filters: [ {name: "group-id", values: [sg.group_id]} ]
@@ -514,6 +514,31 @@ module MU
         end
         private_class_method :revoke_rules
+        # Return an AWS-specific chunk of schema commonly used in the +ingress_rules+ parameter of other resource types.
+        # @return [Hash]
+        def self.ingressRuleAddtlSchema
+          {
+            "items" => {
+              "properties" => {
+                "sgs" => {
+                  "type" => "array",
+                  "items" => {
+                    "description" => "Other AWS Security Groups; resources that are associated with this group will have this rule applied to their traffic",
+                    "type" => "string"
+                  }
+                },
+                "lbs" => {
+                  "type" => "array",
+                  "items" => {
+                    "description" => "AWS Load Balancers which will have this rule applied to their traffic",
+                    "type" => "string"
+                  }
+                }
+              }
+            }
+          }
+        end
         # Cloud-specific configuration properties.
         # @param _config [MU::Config]: The calling MU::Config object
         # @return [Array<Array,Hash>]: List of required fields, and json-schema Hash of cloud-specific configuration parameters for this resource
@@ -623,36 +648,16 @@ module MU
             if rule['firewall_rules']
               rule['firewall_rules'].each { |sg|
-                if sg.is_a?(MU::Config::Ref) and sg.name
-  	              acl["dependencies"] << {
-    	              "type" => "firewall_rule",
-      	            "name" => sg.name,
-                    "no_create_wait" => true
-	                }
-                elsif sg['name'] and !sg['deploy_id']
-  	              acl["dependencies"] << {
-    	              "type" => "firewall_rule",
-      	            "name" => sg['name'],
-                    "no_create_wait" => true
-	                }
+                if sg['name'] and !sg['deploy_id']
+                  MU::Config.addDependency(acl, sg['name'], "firewall_rule", no_create_wait: true)
                 end
               }
             end
             if rule['loadbalancers']
               rule['loadbalancers'].each { |lb|
-                if lb.is_a?(MU::Config::Ref) and lb.name
-  	              acl["dependencies"] << {
-    	              "type" => "loadbalancer",
-      	            "name" => lb.name,
-                    "phase" => "groom"
-	                }
-                elsif lb['name'] and !lb['deploy_id']
-  	              acl["dependencies"] << {
-                    "type" => "loadbalancer",
-                    "name" => lb['name'],
-                    "phase" => "groom"
-	                }
+                if lb['name'] and !lb['deploy_id']
+                  MU::Config.addDependency(acl, lb['name'], "loadbalancer", phase: "groom")
                 end
               }
             end
@@ -739,7 +744,6 @@ module MU
         # "ingress_rules" structure parsed and validated by MU::Config.
         #########################################################################
         def setRules(rules, add_to_self: false, ingress: true, egress: false)
-          describe
           # XXX warn about attempt to set rules before we exist
           return if rules.nil? or rules.size == 0 or !@cloud_id
@@ -760,7 +764,7 @@ module MU
           ec2_rules = convertToEc2(rules)
           return if ec2_rules.nil?
-          ext_permissions = MU.structToHash(cloud_desc.ip_permissions)
+          ext_permissions = MU.structToHash(cloud_desc(use_cache: false).ip_permissions)
           purge_extraneous_rules(ec2_rules, ext_permissions)

data/modules/mu/{clouds → providers}/aws/folder.rb RENAMED

File without changes

data/modules/mu/{clouds → providers}/aws/function.rb RENAMED

@@ -505,11 +505,7 @@ MU.log shortname, MU::NOTICE, details: function.configuration.role
             function["add_firewall_rules"] << {"name" => fwname}
             function["permissions"] ||= []
             function["permissions"] << "network"
-            function['dependencies'] ||= []
-            function['dependencies'] << {
-              "name" => fwname,
-              "type" => "firewall_rule"
-            }
+            MU::Config.addDependency(function, fwname, "firewall_rule")
           end
           if !function['iam_role']
@@ -541,13 +537,9 @@ MU.log shortname, MU::NOTICE, details: function.configuration.role
             }
             configurator.insertKitten(roledesc, "roles")
-            function['dependencies'] ||= []
             function['iam_role'] = function['name']+"execrole"
-            function['dependencies'] << {
-              "type" => "role",
-              "name" => function['name']+"execrole"
-            }
+            MU::Config.addDependency(function, function['name']+"execrole", "role")
           end
           ok

data/modules/mu/{clouds → providers}/aws/group.rb RENAMED

@@ -60,7 +60,7 @@ module MU
               userid = user
               userdesc = @deploy.findLitterMate(name: user, type: "users")
               userid = userdesc.cloud_id if userdesc
-              found = MU::Cloud::AWS::User.find(cloud_id: userid)
+              found = MU::Cloud.resourceClass("AWS", "User").find(cloud_id: userid)
               if found.size == 1
                 userdesc = found.values.first
                 MU.log "Adding IAM user #{userdesc.path}#{userdesc.user_name} to group #{@mu_name}", MU::NOTICE
@@ -88,7 +88,7 @@ module MU
           # Create these if necessary, then append them to the list of
           # attachable_policies
           if @config['raw_policies']
-            pol_arns = MU::Cloud::AWS::Role.manageRawPolicies(
+            pol_arns = MU::Cloud.resourceClass("AWS", "Role").manageRawPolicies(
               @config['raw_policies'],
               basename: @deploy.getResourceName(@config['name']),
               credentials: @credentials
@@ -114,7 +114,7 @@ module MU
             attached_policies.each { |a|
               if !configured_policies.include?(a.policy_arn)
                 MU.log "Removing IAM policy #{a.policy_arn} from group #{@mu_name}", MU::NOTICE
-                MU::Cloud::AWS::Role.purgePolicy(a.policy_arn, @credentials)
+                MU::Cloud.resourceClass("AWS", "Role").purgePolicy(a.policy_arn, @credentials)
               else
                 configured_policies.delete(a.policy_arn)
               end
@@ -131,7 +131,7 @@ module MU
           end
           if @config['inline_policies']
-            docs = MU::Cloud::AWS::Role.genPolicyDocument(@config['inline_policies'], deploy_obj: @deploy)
+            docs = MU::Cloud.resourceClass("AWS", "Role").genPolicyDocument(@config['inline_policies'], deploy_obj: @deploy)
             docs.each { |doc|
               MU.log "Putting user policy #{doc.keys.first} to group #{@cloud_id} "
               MU::Cloud::AWS.iam(credentials: @credentials).put_group_policy(
@@ -291,7 +291,7 @@ module MU
             resp.policy_names.each { |pol_name|
               pol = MU::Cloud::AWS.iam(credentials: @credentials).get_group_policy(group_name: @cloud_id, policy_name: pol_name)
               doc = JSON.parse(URI.decode(pol.policy_document))
-              bok["inline_policies"] = MU::Cloud::AWS::Role.doc2MuPolicies(pol.policy_name, doc, bok["inline_policies"])
+              bok["inline_policies"] = MU::Cloud.resourceClass("AWS", "Role").doc2MuPolicies(pol.policy_name, doc, bok["inline_policies"])
             }
           end
@@ -324,7 +324,7 @@ module MU
         def self.schema(_config)
           toplevel_required = []
           polschema = MU::Config::Role.schema["properties"]["policies"]
-          polschema.deep_merge!(MU::Cloud::AWS::Role.condition_schema)
+          polschema.deep_merge!(MU::Cloud.resourceClass("AWS", "Role").condition_schema)
           schema = {
             "inline_policies" => polschema,
@@ -364,7 +364,7 @@ style long name, like +IAMTESTS-DEV-2018112815-IS-GROUP-FOO+. This parameter wil
           # If we're attaching some managed policies, make sure all of the ones
           # that should already exist do indeed exist
           if group['attachable_policies']
-            ok = false if !MU::Cloud::AWS::Role.validateAttachablePolicies(
+            ok = false if !MU::Cloud.resourceClass("AWS", "Role").validateAttachablePolicies(
               group['attachable_policies'],
               credentials: group['credentials'],
               region: group['region']
@@ -378,13 +378,9 @@ style long name, like +IAMTESTS-DEV-2018112815-IS-GROUP-FOO+. This parameter wil
           if group['members']
             group['members'].each { |user|
               if configurator.haveLitterMate?(user, "users")
-                group["dependencies"] ||= []
-                group["dependencies"] << {
-                  "type" => "user",
-                  "name" => user
-                }
+                MU::Config.addDependency(group, user, "user")
               else
-                found = MU::Cloud::AWS::User.find(cloud_id: user)
+                found = MU::Cloud.resourceClass("AWS", "User").find(cloud_id: user)
                 if found.nil? or found.empty?
                   MU.log "Error in members for group #{group['name']}: No such user #{user}", MU::ERR
                   ok = false

data/modules/mu/{clouds → providers}/aws/habitat.rb RENAMED

@@ -144,7 +144,7 @@ module MU
         def self.orgMasterCreds?(credentials = nil)
           acct_num = MU::Cloud::AWS.iam(credentials:  credentials).list_users.users.first.arn.split(/:/)[4]
-          parentorg = MU::Cloud::AWS::Folder.find(credentials: credentials).values.first
+          parentorg = MU::Cloud.resourceClass("AWS", "Folder").find(credentials: credentials).values.first
           acct_num == parentorg.master_account_id
         end

data/modules/mu/{clouds → providers}/aws/loadbalancer.rb RENAMED

@@ -163,7 +163,7 @@ module MU
           dnsthread = Thread.new {
             if !MU::Cloud::AWS.isGovCloud?
               MU.dupGlobals(parent_thread_id)
-              generic_mu_dns = MU::Cloud::AWS::DNSZone.genericMuDNSEntry(name: @mu_name, target: "#{lb.dns_name}.", cloudclass: MU::Cloud::LoadBalancer, sync_wait: @config['dns_sync_wait'])
+              generic_mu_dns = MU::Cloud.resourceClass("AWS", "DNSZone").genericMuDNSEntry(name: @mu_name, target: "#{lb.dns_name}.", cloudclass: MU::Cloud::LoadBalancer, sync_wait: @config['dns_sync_wait'])
             end
           }
@@ -239,16 +239,35 @@ module MU
             end
           end
+          redirect_block = Proc.new { |r|
+            {
+              :protocol => r['protocol'],
+              :port => r['port'].to_s,
+              :host => r['host'],
+              :path => r['path'],
+              :query => r['query'],
+              :status_code => "HTTP_"+r['status_code'].to_s
+            }
+          }
           if !@config['classic']
             @config["listeners"].each { |l|
-              if !@targetgroups.has_key?(l['targetgroup'])
-                raise MuError, "Listener in #{@mu_name} configured for target group #{l['targetgroup']}, but I don't have data on a targetgroup by that name"
-              end
-              listen_descriptor = {
-                :default_actions => [{
+              action = if l['redirect']
+                {
+                  :type => "redirect",
+                  :redirect_config => redirect_block.call(l['redirect'])
+                }
+              else
+                if !@targetgroups.has_key?(l['targetgroup'])
+                  raise MuError, "Listener in #{@mu_name} configured for target group #{l['targetgroup']}, but I don't have data on a targetgroup by that name"
+                end
+                {
                   :target_group_arn => @targetgroups[l['targetgroup']].target_group_arn,
                   :type => "forward"
-                }],
+                }
+              end
+              listen_descriptor = {
+                :default_actions => [ action ],
                 :load_balancer_arn => lb.load_balancer_arn,
                 :port => l['lb_port'],
                 :protocol => l['lb_protocol']
@@ -276,10 +295,17 @@ module MU
                     :actions => []
                   }
                   rule['actions'].each { |a|
-                    rule_descriptor[:actions] << {
-                      :target_group_arn => @targetgroups[a['targetgroup']].target_group_arn,
-                      :type => a['action']
-                    }
+                    rule_descriptor[:actions] << if a['action'] == "forward"
+                      {
+                        :target_group_arn => @targetgroups[a['targetgroup']].target_group_arn,
+                        :type => a['action']
+                      }
+                    elsif a['action'] == "redirect"
+                      {
+                        :redirect_config => redirect_block.call(rule['redirect']),
+                        :type => a['action']
+                      }
+                    end
                   }
                   MU::Cloud::AWS.elb2(region: @config['region'], credentials: @config['credentials']).create_rule(rule_descriptor)
                 }
@@ -536,7 +562,7 @@ module MU
               }
             end
             if !MU::Cloud::AWS.isGovCloud?
-              MU::Cloud::AWS::DNSZone.createRecordsFromConfig(@config['dns_records'], target: cloud_desc.dns_name)
+              MU::Cloud.resourceClass("AWS", "DNSZone").createRecordsFromConfig(@config['dns_records'], target: cloud_desc.dns_name)
             end
           end
@@ -706,7 +732,7 @@ module MU
               end
               if matched
                 if !MU::Cloud::AWS.isGovCloud?
-                  MU::Cloud::AWS::DNSZone.genericMuDNSEntry(name: lb.load_balancer_name, target: lb.dns_name, cloudclass: MU::Cloud::LoadBalancer, delete: true) if !noop
+                  MU::Cloud.resourceClass("AWS", "DNSZone").genericMuDNSEntry(name: lb.load_balancer_name, target: lb.dns_name, cloudclass: MU::Cloud::LoadBalancer, delete: true) if !noop
                 end
                 if classic
                   MU.log "Removing Elastic Load Balancer #{lb.load_balancer_name}"
@@ -793,26 +819,7 @@ module MU
                 }
               }
             },
-            "ingress_rules" => {
-              "items" => {
-                "properties" => {
-                  "sgs" => {
-                    "type" => "array",
-                    "items" => {
-                      "description" => "Other AWS Security Groups; resources that are associated with this group will have this rule applied to their traffic",
-                      "type" => "string"
-                    }
-                  },
-                  "lbs" => {
-                    "type" => "array",
-                    "items" => {
-                      "description" => "AWS Load Balancers which will have this rule applied to their traffic",
-                      "type" => "string"
-                    }
-                  }
-                }
-              }
-            }
+            "ingress_rules" => MU::Cloud.resourceClass("AWS", "FirewallRule").ingressRuleAddtlSchema
           }
           [toplevel_required, schema]
         end
@@ -923,6 +930,7 @@ module MU
           return matches
         end
       end
     end
   end

data/modules/mu/{clouds → providers}/aws/log.rb RENAMED

@@ -233,8 +233,8 @@ module MU
 #          unless noop
 #            MU::Cloud::AWS.iam(credentials: credentials).list_roles.roles.each{ |role|
 #              match_string = "#{MU.deploy_id}.*CloudTrail"
-              # Maybe we should have a more generic way to delete IAM profiles and policies. The call itself should be moved from MU::Cloud::AWS::Server.
-#              MU::Cloud::AWS::Server.removeIAMProfile(role.role_name) if role.role_name.match(match_string)
+              # Maybe we should have a more generic way to delete IAM profiles and policies. The call itself should be moved from MU::Cloud.resourceClass("AWS", "Server").
+#              MU::Cloud.resourceClass("AWS", "Server").removeIAMProfile(role.role_name) if role.role_name.match(match_string)
 #            }
 #          end
         end

data/modules/mu/{clouds → providers}/aws/msg_queue.rb RENAMED

@@ -327,16 +327,10 @@ module MU
               failq.delete("failqueue")
               ok = false if !configurator.insertKitten(failq, "msg_queues")
               queue['failqueue']['name'] = failq['name']
-              queue['dependencies'] << {
-                "name" => failq['name'],
-                "type" => "msg_queue"
-              }
+              MU::Config.addDependency(queue, failq["name"], "msg_queue")
             else
               if configurator.haveLitterMate?(queue['failqueue']['name'], "msg_queue")
-                queue['dependencies'] << {
-                  "name" => queue['failqueue']['name'],
-                  "type" => "msg_queue"
-                }
+                MU::Config.addDependency(queue, queue['failqueue']['name'], "msg_queue")
               else
                 failq = MU::Cloud::AWS::MsgQueue.find(cloud_id: queue['failqueue']['name'])
                 if !failq

data/modules/mu/{clouds → providers}/aws/nosqldb.rb RENAMED

File without changes

data/modules/mu/{clouds → providers}/aws/notifier.rb RENAMED

File without changes

data/modules/mu/{clouds → providers}/aws/role.rb RENAMED

@@ -615,7 +615,6 @@ end
                   )
                   JSON.parse(URI.decode(version.policy_version.document))
                 end
                 bok["policies"] = MU::Cloud::AWS::Role.doc2MuPolicies(pol.policy_name, doc, bok["policies"])
               end
             }
@@ -695,6 +694,7 @@ end
           end
           bok["attachable_policies"].uniq! if bok["attachable_policies"]
+          bok["name"].gsub!(/[^a-zA-Z0-9_\-]/, "_")
           bok
         end
@@ -707,6 +707,10 @@ end
         def self.doc2MuPolicies(basename, doc, policies = [])
           policies ||= []
+          if !doc["Statement"].is_a?(Array)
+            doc["Statement"] = [doc["Statement"]]
+          end
           doc["Statement"].each { |s|
             if !s["Action"]
               MU.log "Statement in policy document for #{basename} didn't have an Action field", MU::WARN, details: doc
@@ -925,7 +929,7 @@ end
           toplevel_required = []
           aws_resource_types = MU::Cloud.resource_types.keys.reject { |t|
             begin
-              MU::Cloud.loadCloudType("AWS", t)
+              MU::Cloud.resourceClass("AWS", t)
               false
             rescue MuCloudResourceNotImplemented
               true
@@ -1087,11 +1091,7 @@ end
             role['policies'].each { |policy|
               policy['targets'].each { |target|
                 if target['type']
-                  role['dependencies'] ||= []
-                  role['dependencies'] << {
-                    "name" => target['identifier'],
-                    "type" => target['type']
-                  }
+                  MU::Config.addDependency(role, target['identifier'], target['type'])
                 end
               }
             }