RubyGems - cloud-mu - Versions diffs - 3.1.6 → 3.2.0 - Mend

cloud-mu 3.1.6 → 3.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (154) hide show

checksums.yaml +4 -4
data/bin/mu-adopt +4 -12
data/bin/mu-azure-tests +57 -0
data/bin/mu-cleanup +2 -4
data/bin/mu-configure +37 -1
data/bin/mu-deploy +3 -3
data/bin/mu-findstray-tests +25 -0
data/bin/mu-gen-docs +2 -4
data/bin/mu-run-tests +23 -10
data/cloud-mu.gemspec +2 -2
data/cookbooks/mu-tools/libraries/helper.rb +1 -1
data/cookbooks/mu-tools/recipes/apply_security.rb +14 -14
data/cookbooks/mu-tools/recipes/aws_api.rb +9 -0
data/extras/generate-stock-images +1 -0
data/modules/mu.rb +82 -95
data/modules/mu/adoption.rb +356 -56
data/modules/mu/cleanup.rb +21 -20
data/modules/mu/cloud.rb +79 -1753
data/modules/mu/cloud/database.rb +49 -0
data/modules/mu/cloud/dnszone.rb +46 -0
data/modules/mu/cloud/machine_images.rb +212 -0
data/modules/mu/cloud/providers.rb +81 -0
data/modules/mu/cloud/resource_base.rb +920 -0
data/modules/mu/cloud/server.rb +40 -0
data/modules/mu/cloud/server_pool.rb +1 -0
data/modules/mu/cloud/ssh_sessions.rb +228 -0
data/modules/mu/cloud/winrm_sessions.rb +237 -0
data/modules/mu/cloud/wrappers.rb +165 -0
data/modules/mu/config.rb +122 -80
data/modules/mu/config/alarm.rb +2 -6
data/modules/mu/config/bucket.rb +1 -1
data/modules/mu/config/cache_cluster.rb +1 -1
data/modules/mu/config/collection.rb +1 -1
data/modules/mu/config/container_cluster.rb +2 -2
data/modules/mu/config/database.rb +83 -104
data/modules/mu/config/database.yml +1 -2
data/modules/mu/config/dnszone.rb +1 -1
data/modules/mu/config/doc_helpers.rb +4 -5
data/modules/mu/config/endpoint.rb +1 -1
data/modules/mu/config/firewall_rule.rb +3 -19
data/modules/mu/config/folder.rb +1 -1
data/modules/mu/config/function.rb +1 -1
data/modules/mu/config/group.rb +1 -1
data/modules/mu/config/habitat.rb +1 -1
data/modules/mu/config/loadbalancer.rb +57 -11
data/modules/mu/config/log.rb +1 -1
data/modules/mu/config/msg_queue.rb +1 -1
data/modules/mu/config/nosqldb.rb +1 -1
data/modules/mu/config/notifier.rb +1 -1
data/modules/mu/config/ref.rb +30 -4
data/modules/mu/config/role.rb +1 -1
data/modules/mu/config/schema_helpers.rb +30 -34
data/modules/mu/config/search_domain.rb +1 -1
data/modules/mu/config/server.rb +4 -12
data/modules/mu/config/server_pool.rb +3 -7
data/modules/mu/config/storage_pool.rb +1 -1
data/modules/mu/config/tail.rb +10 -0
data/modules/mu/config/user.rb +1 -1
data/modules/mu/config/vpc.rb +12 -17
data/modules/mu/defaults/AWS.yaml +32 -32
data/modules/mu/defaults/Azure.yaml +1 -0
data/modules/mu/defaults/Google.yaml +1 -0
data/modules/mu/deploy.rb +16 -15
data/modules/mu/groomer.rb +15 -0
data/modules/mu/groomers/chef.rb +3 -0
data/modules/mu/logger.rb +120 -144
data/modules/mu/master.rb +1 -1
data/modules/mu/mommacat.rb +54 -25
data/modules/mu/mommacat/daemon.rb +10 -7
data/modules/mu/mommacat/naming.rb +82 -3
data/modules/mu/mommacat/search.rb +47 -15
data/modules/mu/mommacat/storage.rb +72 -41
data/modules/mu/{clouds → providers}/README.md +1 -1
data/modules/mu/{clouds → providers}/aws.rb +114 -47
data/modules/mu/{clouds → providers}/aws/alarm.rb +1 -1
data/modules/mu/{clouds → providers}/aws/bucket.rb +2 -2
data/modules/mu/{clouds → providers}/aws/cache_cluster.rb +10 -46
data/modules/mu/{clouds → providers}/aws/collection.rb +3 -3
data/modules/mu/{clouds → providers}/aws/container_cluster.rb +15 -33
data/modules/mu/providers/aws/database.rb +1744 -0
data/modules/mu/{clouds → providers}/aws/dnszone.rb +2 -5
data/modules/mu/{clouds → providers}/aws/endpoint.rb +2 -11
data/modules/mu/{clouds → providers}/aws/firewall_rule.rb +33 -29
data/modules/mu/{clouds → providers}/aws/folder.rb +0 -0
data/modules/mu/{clouds → providers}/aws/function.rb +2 -10
data/modules/mu/{clouds → providers}/aws/group.rb +9 -13
data/modules/mu/{clouds → providers}/aws/habitat.rb +1 -1
data/modules/mu/{clouds → providers}/aws/loadbalancer.rb +41 -33
data/modules/mu/{clouds → providers}/aws/log.rb +2 -2
data/modules/mu/{clouds → providers}/aws/msg_queue.rb +2 -8
data/modules/mu/{clouds → providers}/aws/nosqldb.rb +0 -0
data/modules/mu/{clouds → providers}/aws/notifier.rb +0 -0
data/modules/mu/{clouds → providers}/aws/role.rb +7 -7
data/modules/mu/{clouds → providers}/aws/search_domain.rb +8 -13
data/modules/mu/{clouds → providers}/aws/server.rb +55 -90
data/modules/mu/{clouds → providers}/aws/server_pool.rb +10 -33
data/modules/mu/{clouds → providers}/aws/storage_pool.rb +19 -36
data/modules/mu/{clouds → providers}/aws/user.rb +8 -12
data/modules/mu/{clouds → providers}/aws/userdata/README.md +0 -0
data/modules/mu/{clouds → providers}/aws/userdata/linux.erb +0 -0
data/modules/mu/{clouds → providers}/aws/userdata/windows.erb +0 -0
data/modules/mu/{clouds → providers}/aws/vpc.rb +135 -70
data/modules/mu/{clouds → providers}/aws/vpc_subnet.rb +0 -0
data/modules/mu/{clouds → providers}/azure.rb +4 -1
data/modules/mu/{clouds → providers}/azure/container_cluster.rb +1 -5
data/modules/mu/{clouds → providers}/azure/firewall_rule.rb +8 -1
data/modules/mu/{clouds → providers}/azure/habitat.rb +0 -0
data/modules/mu/{clouds → providers}/azure/loadbalancer.rb +0 -0
data/modules/mu/{clouds → providers}/azure/role.rb +0 -0
data/modules/mu/{clouds → providers}/azure/server.rb +30 -23
data/modules/mu/{clouds → providers}/azure/user.rb +1 -1
data/modules/mu/{clouds → providers}/azure/userdata/README.md +0 -0
data/modules/mu/{clouds → providers}/azure/userdata/linux.erb +0 -0
data/modules/mu/{clouds → providers}/azure/userdata/windows.erb +0 -0
data/modules/mu/{clouds → providers}/azure/vpc.rb +4 -6
data/modules/mu/{clouds → providers}/cloudformation.rb +1 -1
data/modules/mu/{clouds → providers}/cloudformation/alarm.rb +3 -3
data/modules/mu/{clouds → providers}/cloudformation/cache_cluster.rb +3 -3
data/modules/mu/{clouds → providers}/cloudformation/collection.rb +3 -3
data/modules/mu/{clouds → providers}/cloudformation/database.rb +6 -17
data/modules/mu/{clouds → providers}/cloudformation/dnszone.rb +3 -3
data/modules/mu/{clouds → providers}/cloudformation/firewall_rule.rb +3 -3
data/modules/mu/{clouds → providers}/cloudformation/loadbalancer.rb +3 -3
data/modules/mu/{clouds → providers}/cloudformation/log.rb +3 -3
data/modules/mu/{clouds → providers}/cloudformation/server.rb +7 -7
data/modules/mu/{clouds → providers}/cloudformation/server_pool.rb +5 -5
data/modules/mu/{clouds → providers}/cloudformation/vpc.rb +3 -3
data/modules/mu/{clouds → providers}/docker.rb +0 -0
data/modules/mu/{clouds → providers}/google.rb +14 -6
data/modules/mu/{clouds → providers}/google/bucket.rb +1 -1
data/modules/mu/{clouds → providers}/google/container_cluster.rb +28 -13
data/modules/mu/{clouds → providers}/google/database.rb +1 -8
data/modules/mu/{clouds → providers}/google/firewall_rule.rb +2 -2
data/modules/mu/{clouds → providers}/google/folder.rb +4 -8
data/modules/mu/{clouds → providers}/google/function.rb +3 -3
data/modules/mu/{clouds → providers}/google/group.rb +8 -16
data/modules/mu/{clouds → providers}/google/habitat.rb +3 -7
data/modules/mu/{clouds → providers}/google/loadbalancer.rb +1 -1
data/modules/mu/{clouds → providers}/google/role.rb +42 -34
data/modules/mu/{clouds → providers}/google/server.rb +25 -10
data/modules/mu/{clouds → providers}/google/server_pool.rb +10 -10
data/modules/mu/{clouds → providers}/google/user.rb +31 -21
data/modules/mu/{clouds → providers}/google/userdata/README.md +0 -0
data/modules/mu/{clouds → providers}/google/userdata/linux.erb +0 -0
data/modules/mu/{clouds → providers}/google/userdata/windows.erb +0 -0
data/modules/mu/{clouds → providers}/google/vpc.rb +37 -2
data/modules/tests/centos6.yaml +11 -0
data/modules/tests/centos7.yaml +11 -0
data/modules/tests/centos8.yaml +12 -0
data/modules/tests/rds.yaml +108 -0
data/modules/tests/regrooms/rds.yaml +123 -0
data/spec/mu/clouds/azure_spec.rb +2 -2
metadata +108 -89
data/modules/mu/clouds/aws/database.rb +0 -1974

data/modules/mu/{clouds → providers}/aws/search_domain.rb RENAMED

@@ -156,8 +156,8 @@ module MU
             begin
               resp = MU::Cloud::AWS.iam(credentials: credentials).list_roles(marker: marker)
               resp.roles.each{ |role|
-                # XXX Maybe we should have a more generic way to delete IAM profiles and policies. The call itself should be moved from MU::Cloud::AWS::Server.
-#                MU::Cloud::AWS::Server.removeIAMProfile(role.role_name) if role.role_name.match(/^#{Regexp.quote(MU.deploy_id)}/)
+                # XXX Maybe we should have a more generic way to delete IAM profiles and policies. The call itself should be moved from MU::Cloud.resourceClass("AWS", "Server").
+#                MU::Cloud.resourceClass("AWS", "Server").removeIAMProfile(role.role_name) if role.role_name.match(/^#{Regexp.quote(MU.deploy_id)}/)
               }
               marker = resp.marker
             end while resp.is_truncated
@@ -378,9 +378,9 @@ module MU
           if dom['slow_logs']
             if configurator.haveLitterMate?(dom['slow_logs'], "log")
-              dom['dependencies'] << { "name" => dom['slow_logs'], "type" => "log" }
+              MU::Config.addDependency(dom, dom['slow_logs'], "log")
             else
-              log_group = MU::Cloud::AWS::Log.find(cloud_id: dom['slow_logs'], region: dom['region']).values.first
+              log_group = MU::Cloud.resourceClass("AWS", "Log").find(cloud_id: dom['slow_logs'], region: dom['region']).values.first
               if !log_group
                 MU.log "Specified slow_logs CloudWatch log group '#{dom['slow_logs']}' in SearchDomain '#{dom['name']}' doesn't appear to exist", MU::ERR
                 ok = false
@@ -395,7 +395,7 @@ module MU
               "credentials" => dom['credentials']
             }
             ok = false if !configurator.insertKitten(log_group, "logs")
-            dom['dependencies'] << { "name" => dom['slow_logs'], "type" => "log" }
+            MU::Config.addDependency(dom, dom['slow_logs'], "log")
           end
           if dom['advanced_options']
@@ -456,12 +456,7 @@ module MU
                 ]
               }
               configurator.insertKitten(roledesc, "roles")
-              dom['dependencies'] ||= []
-              dom['dependencies'] << {
-                "type" => "role",
-                "name" => dom['name']+"cognitorole"
-              }
+              MU::Config.addDependency(dom, dom['name']+"cognitorole", "role")
             end
           end
@@ -525,7 +520,7 @@ module MU
               arn = @config['slow_logs']
             else
               log_group = @deploy.findLitterMate(type: "log", name: @config['slow_logs'])
-              log_group = MU::Cloud::AWS::Log.find(cloud_id: log_group.mu_name, region: log_group.cloudobj.config['region']).values.first
+              log_group = MU::Cloud.resourceClass("AWS", "Log").find(cloud_id: log_group.mu_name, region: log_group.cloudobj.config['region']).values.first
               if log_group.nil? or log_group.arn.nil?
                 raise MuError, "Failed to retrieve ARN of sibling LogGroup '#{@config['slow_logs']}'"
               end
@@ -552,7 +547,7 @@ module MU
               params[:log_publishing_options]["SEARCH_SLOW_LOGS"] = {}
               params[:log_publishing_options]["SEARCH_SLOW_LOGS"][:enabled] = true
               params[:log_publishing_options]["SEARCH_SLOW_LOGS"][:cloud_watch_logs_log_group_arn] = arn
-              MU::Cloud::AWS::Log.allowService("es.amazonaws.com", arn, @config['region'])
+              MU::Cloud.resourceClass("AWS", "Log").allowService("es.amazonaws.com", arn, @config['region'])
             end
           end

data/modules/mu/{clouds → providers}/aws/server.rb RENAMED

@@ -145,7 +145,7 @@ module MU
               raise MuError, "My second argument should be a hash of variables to pass into ERB templates"
             end
             $mu = OpenStruct.new(template_variables)
-            userdata_dir = File.expand_path(MU.myRoot+"/modules/mu/clouds/aws/userdata")
+            userdata_dir = File.expand_path(MU.myRoot+"/modules/mu/providers/aws/userdata")
             platform = "linux" if %w{centos centos6 centos7 ubuntu ubuntu14 rhel rhel7 rhel71 amazon}.include? platform
             platform = "windows" if %w{win2k12r2 win2k12 win2k8 win2k8r2 win2k16}.include? platform
             erbfile = "#{userdata_dir}/#{platform}.erb"
@@ -299,7 +299,7 @@ module MU
             raise MuError, "Got null subnet id out of #{@config['vpc']}"
           end
           MU.log "Deploying #{@mu_name} into VPC #{@vpc.cloud_id} Subnet #{subnet.cloud_id}"
-          punchAdminNAT
+          allowBastionAccess
           instance_descriptor[:subnet_id] = subnet.cloud_id
         end
@@ -399,13 +399,13 @@ module MU
       # Figure out what's needed to SSH into this server.
       # @return [Array<String>]: nat_ssh_key, nat_ssh_user, nat_ssh_host, canonical_ip, ssh_user, ssh_key_name, alternate_names
       def getSSHConfig
-        describe(cloud_id: @cloud_id)
+        cloud_desc(use_cache: false) # make sure we're current
 # XXX add some awesome alternate names from metadata and make sure they end
 # up in MU::MommaCat's ssh config wangling
         return nil if @config.nil? or @deploy.nil?
         nat_ssh_key = nat_ssh_user = nat_ssh_host = nil
-        if !@config["vpc"].nil? and !MU::Cloud::AWS::VPC.haveRouteToInstance?(cloud_desc, region: @config['region'], credentials: @config['credentials'])
+        if !@config["vpc"].nil? and !MU::Cloud.resourceClass("AWS", "VPC").haveRouteToInstance?(cloud_desc, region: @config['region'], credentials: @config['credentials'])
           if !@nat.nil?
             if @nat.is_a?(Struct) && @nat.nat_gateway_id && @nat.nat_gateway_id.start_with?("nat-")
               raise MuError, "Configured to use NAT Gateway, but I have no route to instance. Either use Bastion, or configure VPC peering"
@@ -444,8 +444,7 @@ module MU
       # administravia for a new instance.
       def postBoot(instance_id = nil)
         @cloud_id ||= instance_id
-        node, _config, deploydata = describe(cloud_id: @cloud_id)
-        @mu_name ||= node
+        _node, _config, deploydata = describe(cloud_id: @cloud_id)
         raise MuError, "Couldn't find instance #{@mu_name} (#{@cloud_id})" if !cloud_desc
         return false if !MU::MommaCat.lock(@cloud_id+"-orchestrate", true)
@@ -482,7 +481,7 @@ module MU
           end
         }
-        punchAdminNAT
+        allowBastionAccess
         setAlarms
@@ -615,7 +614,7 @@ module MU
           return nil
         end
-        asgs = MU::Cloud::AWS::ServerPool.find(
+        asgs = MU::Cloud.resourceClass("AWS", "ServerPool").find(
           instance_id: @cloud_id,
           region: @config['region'],
           credentials: @credentials
@@ -725,15 +724,15 @@ module MU
           if int.groups.size > 0
-            require 'mu/clouds/aws/firewall_rule'
-            ifaces = MU::Cloud::AWS::FirewallRule.getAssociatedInterfaces(int.groups.map { |sg| sg.group_id }, credentials: @credentials, region: @config['region'])
+            require 'mu/providers/aws/firewall_rule'
+            ifaces = MU::Cloud.resourceClass("AWS", "FirewallRule").getAssociatedInterfaces(int.groups.map { |sg| sg.group_id }, credentials: @credentials, region: @config['region'])
             done_local_rules = false
             int.groups.each { |sg|
               if !done_local_rules and ifaces[sg.group_id].size == 1
-                sg_desc = MU::Cloud::AWS::FirewallRule.find(cloud_id: sg.group_id, credentials: @credentials, region: @config['region']).values.first
+                sg_desc = MU::Cloud.resourceClass("AWS", "FirewallRule").find(cloud_id: sg.group_id, credentials: @credentials, region: @config['region']).values.first
                 if sg_desc
-                  bok["ingress_rules"] = MU::Cloud::AWS::FirewallRule.rulesToBoK(sg_desc.ip_permissions)
-                  bok["ingress_rules"].concat(MU::Cloud::AWS::FirewallRule.rulesToBoK(sg_desc.ip_permissions_egress, egress: true))
+                  bok["ingress_rules"] = MU::Cloud.resourceClass("AWS", "FirewallRule").rulesToBoK(sg_desc.ip_permissions)
+                  bok["ingress_rules"].concat(MU::Cloud.resourceClass("AWS", "FirewallRule").rulesToBoK(sg_desc.ip_permissions_egress, egress: true))
                   done_local_rules = true
                   next
                 end
@@ -802,44 +801,13 @@ module MU
           end
           deploydata["region"] = @config['region'] if !@config['region'].nil?
           if !@named
-            MU::MommaCat.nameKitten(self)
+            MU::MommaCat.nameKitten(self, no_dns: true)
             @named = true
           end
           return deploydata
         end
-        # If the specified server is in a VPC, and has a NAT, make sure we'll
-        # be letting ssh traffic in from said NAT.
-        def punchAdminNAT
-          if @config['vpc'].nil? or
-            (
-              !@config['vpc'].has_key?("nat_host_id") and
-              !@config['vpc'].has_key?("nat_host_tag") and
-              !@config['vpc'].has_key?("nat_host_ip") and
-              !@config['vpc'].has_key?("nat_host_name")
-            )
-            return nil
-          end
-          return nil if @nat.is_a?(Struct) && @nat.nat_gateway_id && @nat.nat_gateway_id.start_with?("nat-")
-          dependencies if @nat.nil?
-          if @nat.nil? or @nat.cloud_desc.nil?
-            raise MuError, "#{@mu_name} (#{MU.deploy_id}) is configured to use #{@config['vpc']} but I can't find the cloud descriptor for a matching NAT instance"
-          end
-          MU.log "Adding administrative holes for NAT host #{@nat.cloud_desc.private_ip_address} to #{@mu_name}"
-          if !@deploy.kittens['firewall_rules'].nil?
-            @deploy.kittens['firewall_rules'].values.each { |acl|
-              if acl.config["admin"]
-                acl.addRule([@nat.cloud_desc.private_ip_address], proto: "tcp")
-                acl.addRule([@nat.cloud_desc.private_ip_address], proto: "udp")
-                acl.addRule([@nat.cloud_desc.private_ip_address], proto: "icmp")
-              end
-            }
-          end
-        end
         # Called automatically by {MU::Deploy#createResources}
         def groom
           MU::MommaCat.lock(@cloud_id+"-groom")
@@ -851,7 +819,7 @@ module MU
             end
           end
-          punchAdminNAT
+          allowBastionAccess
           tagVolumes
@@ -883,12 +851,25 @@ module MU
           begin
             getIAMProfile
+            dbs = @deploy.findLitterMate(type: "database", return_all: true)
+            if dbs
+              dbs.each_pair { |sib_name, sib|
+                @groomer.groomer_class.grantSecretAccess(@mu_name, sib_name, "database_credentials")
+                if sib.config and sib.config['auth_vault']
+                  @groomer.groomer_class.grantSecretAccess(@mu_name, sib.config['auth_vault']['vault'], sib.config['auth_vault']['item'])
+                end
+              }
+            end
             if @config['groom'].nil? or @config['groom']
               @groomer.run(purpose: "Full Initial Run", max_retries: 15, reboot_first_fail: (windows? and @config['groomer'] != "Ansible"), timeout: @config['groomer_timeout'])
             end
           rescue MU::Groomer::RunError => e
+            raise e if !@config['create_image'].nil? and !@config['image_created']
             MU.log "Proceeding after failed initial Groomer run, but #{@mu_name} may not behave as expected!", MU::WARN, details: e.message
           rescue StandardError => e
+            raise e if !@config['create_image'].nil? and !@config['image_created']
             MU.log "Caught #{e.inspect} on #{@mu_name} in an unexpected place (after @groomer.run on Full Initial Run)", MU::ERR
           end
@@ -961,7 +942,7 @@ module MU
           # Our deploydata gets corrupted often with server pools, this will cause us to use the wrong IP to identify a node
           # which will cause us to create certificates, DNS records and other artifacts with incorrect information which will cause our deploy to fail.
           # The cloud_id is always correct so lets use 'cloud_desc' to get the correct IPs
-          if MU::Cloud::AWS::VPC.haveRouteToInstance?(cloud_desc, region: @config['region'], credentials: @config['credentials']) or @deploydata["public_ip_address"].nil?
+          if MU::Cloud.resourceClass("AWS", "VPC").haveRouteToInstance?(cloud_desc, region: @config['region'], credentials: @config['credentials']) or @deploydata["public_ip_address"].nil?
             @config['canonical_ip'] = cloud_desc.private_ip_address
             @deploydata["private_ip_address"] = cloud_desc.private_ip_address
             return cloud_desc.private_ip_address
@@ -1181,10 +1162,7 @@ module MU
             end
           end
-          if @cloud_id.nil?
-            describe
-            @cloud_id = cloud_desc.instance_id
-          end
+          @cloud_id ||= cloud_desc(use_cache: false).instance_id
           ssh_keydir = "#{Etc.getpwuid(Process.uid).dir}/.ssh"
           ssh_key_name = @deploy.ssh_key_name
@@ -1318,7 +1296,7 @@ module MU
           if @deploy
             MU::Cloud::AWS.createStandardTags(
-              resource_id,
+              creation.volume_id,
               region: @config['region'],
               credentials: @config['credentials'],
               optional: @config['optional_tags'],
@@ -1577,7 +1555,11 @@ module MU
           return if !instance
           id ||= instance.instance_id
-          MU::MommaCat.lock(".cleanup-"+id)
+          begin
+            MU::MommaCat.lock(".cleanup-"+id)
+          rescue Errno::ENOENT => e
+            MU.log "No lock for terminating instance #{id} due to missing metadata", MU::DEBUG
+          end
           ips, names = getAddresses(instance, region: region, credentials: credentials)
           targets = ips +names
@@ -1632,7 +1614,11 @@ module MU
           end
           MU.log "#{instance.instance_id}#{server_obj ? " ("+server_obj.mu_name+")" : ""} terminated" if !noop
-          MU::MommaCat.unlock(".cleanup-"+id)
+          begin
+            MU::MommaCat.unlock(".cleanup-"+id)
+          rescue Errno::ENOENT => e
+            MU.log "No lock for terminating instance #{id} due to missing metadata", MU::DEBUG
+          end
         end
@@ -1690,26 +1676,7 @@ module MU
                 "type" => "object"
               }
             },
-            "ingress_rules" => {
-              "items" => {
-                "properties" => {
-                  "sgs" => {
-                    "type" => "array",
-                    "items" => {
-                      "description" => "Other AWS Security Groups; resources that are associated with this group will have this rule applied to their traffic",
-                      "type" => "string"
-                    }
-                  },
-                  "lbs" => {
-                    "type" => "array",
-                    "items" => {
-                      "description" => "AWS Load Balancers which will have this rule applied to their traffic",
-                      "type" => "string"
-                    }
-                  }
-                }
-              }
-            },
+            "ingress_rules" => MU::Cloud.resourceClass("AWS", "FirewallRule").ingressRuleAddtlSchema,
             "ssh_user" => {
               "type" => "string",
               "default" => "root",
@@ -1777,8 +1744,7 @@ module MU
             MU::Cloud.availableClouds.each { |cloud|
               next if cloud == "AWS"
-              cloudbase = Object.const_get("MU").const_get("Cloud").const_get(cloud)
-              foreign_types = (cloudbase.listInstanceTypes).values.first
+              foreign_types = (MU::Cloud.cloudClass(cloud).listInstanceTypes).values.first
               if foreign_types.size == 1
                 foreign_types = foreign_types.values.first
               end
@@ -1845,12 +1811,7 @@ module MU
           end
           configurator.insertKitten(role, "roles")
-          server["dependencies"] ||= []
-          server["dependencies"] << {
-            "type" => "role",
-            "name" => server["name"]
-          }
+          MU::Config.addDependency(server, server["name"], "role")
         end
         # Cloud-specific pre-processing of {MU::Config::BasketofKittens::servers}, bare and unvalidated.
@@ -1901,10 +1862,7 @@ module MU
             server["loadbalancers"].each { |lb|
               lb["name"] ||= lb["concurrent_load_balancer"]
               if lb["name"]
-                server["dependencies"] << {
-                  "type" => "loadbalancer",
-                  "name" => lb["name"]
-                }
+                MU::Config.addDependency(server, lb["name"], "loadbalancer")
               end
             }
           end
@@ -2019,6 +1977,13 @@ module MU
           configured_storage
         end
+        # Return all of the IP addresses, public and private, from all of our
+        # network interfaces.
+        # @return [Array<String>]
+        def listIPs
+          MU::Cloud::AWS::Server.getAddresses(cloud_desc).first
+        end
         private
         def bootstrapGroomer
@@ -2144,7 +2109,7 @@ module MU
             subnet = @vpc.getSubnet(cloud_id: cloud_desc.subnet_id)
             _nat_ssh_key, _nat_ssh_user, nat_ssh_host, _canonical_ip, _ssh_user, _ssh_key_name = getSSHConfig
-            if subnet.private? and !nat_ssh_host and !MU::Cloud::AWS::VPC.haveRouteToInstance?(cloud_desc, region: @config['region'], credentials: @config['credentials'])
+            if subnet.private? and !nat_ssh_host and !MU::Cloud.resourceClass("AWS", "VPC").haveRouteToInstance?(cloud_desc, region: @config['region'], credentials: @config['credentials'])
               raise MuError, "#{@mu_name} is in a private subnet (#{subnet}), but has no bastion host configured, and I have no other route to it"
             end
@@ -2236,15 +2201,15 @@ module MU
               alarm["dimensions"] = [{:name => "InstanceId", :value => @cloud_id}]
               if alarm["enable_notifications"]
-                topic_arn = MU::Cloud::AWS::Notification.createTopic(alarm["notification_group"], region: @config["region"], credentials: @config['credentials'])
-                MU::Cloud::AWS::Notification.subscribe(arn: topic_arn, protocol: alarm["notification_type"], endpoint: alarm["notification_endpoint"], region: @config["region"], credentials: @config["credentials"])
+                topic_arn = MU::Cloud.resourceClass("AWS", "Notification").createTopic(alarm["notification_group"], region: @config["region"], credentials: @config['credentials'])
+                MU::Cloud.resourceClass("AWS", "Notification").subscribe(arn: topic_arn, protocol: alarm["notification_type"], endpoint: alarm["notification_endpoint"], region: @config["region"], credentials: @config["credentials"])
                 alarm["alarm_actions"] = [topic_arn]
                 alarm["ok_actions"]  = [topic_arn]
               end
               alarm_name = alarm_obj ? alarm_obj.cloud_id : "#{@mu_name}-#{alarm['name']}".upcase
-              MU::Cloud::AWS::Alarm.setAlarm(
+              MU::Cloud.resourceClass("AWS", "Alarm").setAlarm(
                 name: alarm_name,
                 ok_actions: alarm["ok_actions"],
                 alarm_actions: alarm["alarm_actions"],

data/modules/mu/{clouds → providers}/aws/server_pool.rb RENAMED

@@ -120,7 +120,7 @@ module MU
                   if !@deploy.nocleanup
                     Thread.new {
                       MU.dupGlobals(parent_thread_id)
-                      MU::Cloud::AWS::Server.terminateInstance(id: member.instance_id)
+                      MU::Cloud.resourceClass("AWS", "Server").terminateInstance(id: member.instance_id)
                     }
                   end
                 end
@@ -813,26 +813,7 @@ module MU
                 }
               }
             },
-            "ingress_rules" => {
-              "items" => {
-                "properties" => {
-                  "sgs" => {
-                    "type" => "array",
-                    "items" => {
-                      "description" => "Other AWS Security Groups; resources that are associated with this group will have this rule applied to their traffic",
-                      "type" => "string"
-                    }
-                  },
-                  "lbs" => {
-                    "type" => "array",
-                    "items" => {
-                      "description" => "AWS Load Balancers which will have this rule applied to their traffic",
-                      "type" => "string"
-                    }
-                  }
-                }
-              }
-            }
+            "ingress_rules" => MU::Cloud.resourceClass("AWS", "FirewallRule").ingressRuleAddtlSchema
           }
           [toplevel_required, schema]
         end
@@ -905,7 +886,7 @@ module MU
             launch = pool["basis"]["launch_config"]
             launch['iam_policies'] ||= pool['iam_policies']
-            launch['size'] = MU::Cloud::AWS::Server.validateInstanceType(launch["size"], pool["region"])
+            launch['size'] = MU::Cloud.resourceClass("AWS", "Server").validateInstanceType(launch["size"], pool["region"])
             ok = false if launch['size'].nil?
             if !launch['generate_iam_role']
               if !launch['iam_role'] and pool['cloud'] != "CloudFormation"
@@ -949,11 +930,7 @@ module MU
               role['credentials'] = pool['credentials'] if pool['credentials']
               configurator.insertKitten(role, "roles")
-              pool["dependencies"] ||= []
-              pool["dependencies"] << {
-                "type" => "role",
-                "name" => pool["name"]
-              }
+              MU::Config.addDependency(pool, pool['name'], "role")
             end
             launch["ami_id"] ||= launch["image_id"]
             if launch["server"].nil? and launch["instance_id"].nil? and launch["ami_id"].nil?
@@ -967,7 +944,7 @@ module MU
               end
             end
             if launch["server"] != nil
-              pool["dependencies"] << {"type" => "server", "name" => launch["server"]}
+              MU::Config.addDependency(pool, launch["server"], "server", phase: "groom")
 # XXX I dunno, maybe toss an error if this isn't done already
 #              servers.each { |server|
 #                if server["name"] == launch["server"]
@@ -1123,7 +1100,7 @@ module MU
               end
             end
-#            MU::Cloud::AWS::Server.removeIAMProfile(resource_id)
+#            MU::Cloud.resourceClass("AWS", "Server").removeIAMProfile(resource_id)
             # Generally there should be a launch_configuration of the same name
             # XXX search for these independently, too?
@@ -1164,14 +1141,14 @@ module MU
             @config['basis']['launch_config']["ami_id"] = @deploy.deployment["images"][@config['basis']['launch_config']["server"]]["image_id"]
             MU.log "Using AMI '#{@config['basis']['launch_config']["ami_id"]}' from sibling server #{@config['basis']['launch_config']["server"]} in ServerPool #{@mu_name}"
           elsif !@config['basis']['launch_config']["instance_id"].nil?
-            @config['basis']['launch_config']["ami_id"] = MU::Cloud::AWS::Server.createImage(
+            @config['basis']['launch_config']["ami_id"] = MU::Cloud.resourceClass("AWS", "Server").createImage(
               name: @mu_name,
               instance_id: @config['basis']['launch_config']["instance_id"],
               credentials: @config['credentials'],
               region: @config['region']
             )[@config['region']]
           end
-          MU::Cloud::AWS::Server.waitForAMI(@config['basis']['launch_config']["ami_id"], credentials: @config['credentials'])
+          MU::Cloud.resourceClass("AWS", "Server").waitForAMI(@config['basis']['launch_config']["ami_id"], credentials: @config['credentials'])
           oldlaunch = MU::Cloud::AWS.autoscale(region: @config['region'], credentials: @config['credentials']).describe_launch_configurations(
             launch_configuration_names: [@mu_name]
@@ -1226,12 +1203,12 @@ module MU
                   vol.delete("encrypted")
                 end
               end
-              mapping, _cfm_mapping = MU::Cloud::AWS::Server.convertBlockDeviceMapping(vol)
+              mapping, _cfm_mapping = MU::Cloud.resourceClass("AWS", "Server").convertBlockDeviceMapping(vol)
               storage << mapping
             }
           end
-          storage.concat(MU::Cloud::AWS::Server.ephemeral_mappings)
+          storage.concat(MU::Cloud.resourceClass("AWS", "Server").ephemeral_mappings)
           if @config['basis']['launch_config']['generate_iam_role']
             role = @deploy.findLitterMate(name: @config['name'], type: "roles")