cloud-mu 3.1.6 → 3.2.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/bin/mu-adopt +4 -12
- data/bin/mu-azure-tests +57 -0
- data/bin/mu-cleanup +2 -4
- data/bin/mu-configure +37 -1
- data/bin/mu-deploy +3 -3
- data/bin/mu-findstray-tests +25 -0
- data/bin/mu-gen-docs +2 -4
- data/bin/mu-run-tests +23 -10
- data/cloud-mu.gemspec +2 -2
- data/cookbooks/mu-tools/libraries/helper.rb +1 -1
- data/cookbooks/mu-tools/recipes/apply_security.rb +14 -14
- data/cookbooks/mu-tools/recipes/aws_api.rb +9 -0
- data/extras/generate-stock-images +1 -0
- data/modules/mu.rb +82 -95
- data/modules/mu/adoption.rb +356 -56
- data/modules/mu/cleanup.rb +21 -20
- data/modules/mu/cloud.rb +79 -1753
- data/modules/mu/cloud/database.rb +49 -0
- data/modules/mu/cloud/dnszone.rb +46 -0
- data/modules/mu/cloud/machine_images.rb +212 -0
- data/modules/mu/cloud/providers.rb +81 -0
- data/modules/mu/cloud/resource_base.rb +920 -0
- data/modules/mu/cloud/server.rb +40 -0
- data/modules/mu/cloud/server_pool.rb +1 -0
- data/modules/mu/cloud/ssh_sessions.rb +228 -0
- data/modules/mu/cloud/winrm_sessions.rb +237 -0
- data/modules/mu/cloud/wrappers.rb +165 -0
- data/modules/mu/config.rb +122 -80
- data/modules/mu/config/alarm.rb +2 -6
- data/modules/mu/config/bucket.rb +1 -1
- data/modules/mu/config/cache_cluster.rb +1 -1
- data/modules/mu/config/collection.rb +1 -1
- data/modules/mu/config/container_cluster.rb +2 -2
- data/modules/mu/config/database.rb +83 -104
- data/modules/mu/config/database.yml +1 -2
- data/modules/mu/config/dnszone.rb +1 -1
- data/modules/mu/config/doc_helpers.rb +4 -5
- data/modules/mu/config/endpoint.rb +1 -1
- data/modules/mu/config/firewall_rule.rb +3 -19
- data/modules/mu/config/folder.rb +1 -1
- data/modules/mu/config/function.rb +1 -1
- data/modules/mu/config/group.rb +1 -1
- data/modules/mu/config/habitat.rb +1 -1
- data/modules/mu/config/loadbalancer.rb +57 -11
- data/modules/mu/config/log.rb +1 -1
- data/modules/mu/config/msg_queue.rb +1 -1
- data/modules/mu/config/nosqldb.rb +1 -1
- data/modules/mu/config/notifier.rb +1 -1
- data/modules/mu/config/ref.rb +30 -4
- data/modules/mu/config/role.rb +1 -1
- data/modules/mu/config/schema_helpers.rb +30 -34
- data/modules/mu/config/search_domain.rb +1 -1
- data/modules/mu/config/server.rb +4 -12
- data/modules/mu/config/server_pool.rb +3 -7
- data/modules/mu/config/storage_pool.rb +1 -1
- data/modules/mu/config/tail.rb +10 -0
- data/modules/mu/config/user.rb +1 -1
- data/modules/mu/config/vpc.rb +12 -17
- data/modules/mu/defaults/AWS.yaml +32 -32
- data/modules/mu/defaults/Azure.yaml +1 -0
- data/modules/mu/defaults/Google.yaml +1 -0
- data/modules/mu/deploy.rb +16 -15
- data/modules/mu/groomer.rb +15 -0
- data/modules/mu/groomers/chef.rb +3 -0
- data/modules/mu/logger.rb +120 -144
- data/modules/mu/master.rb +1 -1
- data/modules/mu/mommacat.rb +54 -25
- data/modules/mu/mommacat/daemon.rb +10 -7
- data/modules/mu/mommacat/naming.rb +82 -3
- data/modules/mu/mommacat/search.rb +47 -15
- data/modules/mu/mommacat/storage.rb +72 -41
- data/modules/mu/{clouds → providers}/README.md +1 -1
- data/modules/mu/{clouds → providers}/aws.rb +114 -47
- data/modules/mu/{clouds → providers}/aws/alarm.rb +1 -1
- data/modules/mu/{clouds → providers}/aws/bucket.rb +2 -2
- data/modules/mu/{clouds → providers}/aws/cache_cluster.rb +10 -46
- data/modules/mu/{clouds → providers}/aws/collection.rb +3 -3
- data/modules/mu/{clouds → providers}/aws/container_cluster.rb +15 -33
- data/modules/mu/providers/aws/database.rb +1744 -0
- data/modules/mu/{clouds → providers}/aws/dnszone.rb +2 -5
- data/modules/mu/{clouds → providers}/aws/endpoint.rb +2 -11
- data/modules/mu/{clouds → providers}/aws/firewall_rule.rb +33 -29
- data/modules/mu/{clouds → providers}/aws/folder.rb +0 -0
- data/modules/mu/{clouds → providers}/aws/function.rb +2 -10
- data/modules/mu/{clouds → providers}/aws/group.rb +9 -13
- data/modules/mu/{clouds → providers}/aws/habitat.rb +1 -1
- data/modules/mu/{clouds → providers}/aws/loadbalancer.rb +41 -33
- data/modules/mu/{clouds → providers}/aws/log.rb +2 -2
- data/modules/mu/{clouds → providers}/aws/msg_queue.rb +2 -8
- data/modules/mu/{clouds → providers}/aws/nosqldb.rb +0 -0
- data/modules/mu/{clouds → providers}/aws/notifier.rb +0 -0
- data/modules/mu/{clouds → providers}/aws/role.rb +7 -7
- data/modules/mu/{clouds → providers}/aws/search_domain.rb +8 -13
- data/modules/mu/{clouds → providers}/aws/server.rb +55 -90
- data/modules/mu/{clouds → providers}/aws/server_pool.rb +10 -33
- data/modules/mu/{clouds → providers}/aws/storage_pool.rb +19 -36
- data/modules/mu/{clouds → providers}/aws/user.rb +8 -12
- data/modules/mu/{clouds → providers}/aws/userdata/README.md +0 -0
- data/modules/mu/{clouds → providers}/aws/userdata/linux.erb +0 -0
- data/modules/mu/{clouds → providers}/aws/userdata/windows.erb +0 -0
- data/modules/mu/{clouds → providers}/aws/vpc.rb +135 -70
- data/modules/mu/{clouds → providers}/aws/vpc_subnet.rb +0 -0
- data/modules/mu/{clouds → providers}/azure.rb +4 -1
- data/modules/mu/{clouds → providers}/azure/container_cluster.rb +1 -5
- data/modules/mu/{clouds → providers}/azure/firewall_rule.rb +8 -1
- data/modules/mu/{clouds → providers}/azure/habitat.rb +0 -0
- data/modules/mu/{clouds → providers}/azure/loadbalancer.rb +0 -0
- data/modules/mu/{clouds → providers}/azure/role.rb +0 -0
- data/modules/mu/{clouds → providers}/azure/server.rb +30 -23
- data/modules/mu/{clouds → providers}/azure/user.rb +1 -1
- data/modules/mu/{clouds → providers}/azure/userdata/README.md +0 -0
- data/modules/mu/{clouds → providers}/azure/userdata/linux.erb +0 -0
- data/modules/mu/{clouds → providers}/azure/userdata/windows.erb +0 -0
- data/modules/mu/{clouds → providers}/azure/vpc.rb +4 -6
- data/modules/mu/{clouds → providers}/cloudformation.rb +1 -1
- data/modules/mu/{clouds → providers}/cloudformation/alarm.rb +3 -3
- data/modules/mu/{clouds → providers}/cloudformation/cache_cluster.rb +3 -3
- data/modules/mu/{clouds → providers}/cloudformation/collection.rb +3 -3
- data/modules/mu/{clouds → providers}/cloudformation/database.rb +6 -17
- data/modules/mu/{clouds → providers}/cloudformation/dnszone.rb +3 -3
- data/modules/mu/{clouds → providers}/cloudformation/firewall_rule.rb +3 -3
- data/modules/mu/{clouds → providers}/cloudformation/loadbalancer.rb +3 -3
- data/modules/mu/{clouds → providers}/cloudformation/log.rb +3 -3
- data/modules/mu/{clouds → providers}/cloudformation/server.rb +7 -7
- data/modules/mu/{clouds → providers}/cloudformation/server_pool.rb +5 -5
- data/modules/mu/{clouds → providers}/cloudformation/vpc.rb +3 -3
- data/modules/mu/{clouds → providers}/docker.rb +0 -0
- data/modules/mu/{clouds → providers}/google.rb +14 -6
- data/modules/mu/{clouds → providers}/google/bucket.rb +1 -1
- data/modules/mu/{clouds → providers}/google/container_cluster.rb +28 -13
- data/modules/mu/{clouds → providers}/google/database.rb +1 -8
- data/modules/mu/{clouds → providers}/google/firewall_rule.rb +2 -2
- data/modules/mu/{clouds → providers}/google/folder.rb +4 -8
- data/modules/mu/{clouds → providers}/google/function.rb +3 -3
- data/modules/mu/{clouds → providers}/google/group.rb +8 -16
- data/modules/mu/{clouds → providers}/google/habitat.rb +3 -7
- data/modules/mu/{clouds → providers}/google/loadbalancer.rb +1 -1
- data/modules/mu/{clouds → providers}/google/role.rb +42 -34
- data/modules/mu/{clouds → providers}/google/server.rb +25 -10
- data/modules/mu/{clouds → providers}/google/server_pool.rb +10 -10
- data/modules/mu/{clouds → providers}/google/user.rb +31 -21
- data/modules/mu/{clouds → providers}/google/userdata/README.md +0 -0
- data/modules/mu/{clouds → providers}/google/userdata/linux.erb +0 -0
- data/modules/mu/{clouds → providers}/google/userdata/windows.erb +0 -0
- data/modules/mu/{clouds → providers}/google/vpc.rb +37 -2
- data/modules/tests/centos6.yaml +11 -0
- data/modules/tests/centos7.yaml +11 -0
- data/modules/tests/centos8.yaml +12 -0
- data/modules/tests/rds.yaml +108 -0
- data/modules/tests/regrooms/rds.yaml +123 -0
- data/spec/mu/clouds/azure_spec.rb +2 -2
- metadata +108 -89
- data/modules/mu/clouds/aws/database.rb +0 -1974
|
@@ -67,7 +67,7 @@ module MU
|
|
|
67
67
|
if target['vpc']["subnet_name"]
|
|
68
68
|
subnet_obj = vpc.getSubnet(name: target['vpc']["subnet_name"])
|
|
69
69
|
if subnet_obj.nil?
|
|
70
|
-
raise MuError, "Failed to locate subnet from #{
|
|
70
|
+
raise MuError, "Failed to locate subnet from #{target['vpc']["subnet_name"]} in StoragePool #{@config['name']}:#{target['name']}"
|
|
71
71
|
end
|
|
72
72
|
target['vpc']['subnet_id'] = subnet_obj.cloud_id
|
|
73
73
|
end
|
|
@@ -261,49 +261,29 @@ module MU
|
|
|
261
261
|
targets = {}
|
|
262
262
|
|
|
263
263
|
if @config['mount_points'] && !@config['mount_points'].empty?
|
|
264
|
+
mount_targets = MU::Cloud::AWS.efs(region: @config['region'], credentials: @config['credentials']).describe_mount_targets(
|
|
265
|
+
file_system_id: storage_pool.file_system_id
|
|
266
|
+
).mount_targets
|
|
267
|
+
|
|
264
268
|
@config['mount_points'].each { |mp|
|
|
265
269
|
subnet = nil
|
|
266
270
|
dependencies
|
|
267
|
-
mp_vpc =
|
|
268
|
-
@deploy.findLitterMate(type: "vpc", name: mp['vpc']['vpc_name'], credentials: @config['credentials'])
|
|
269
|
-
elsif mp['vpc']
|
|
270
|
-
MU::MommaCat.findStray(
|
|
271
|
-
@config['cloud'],
|
|
272
|
-
"vpcs",
|
|
273
|
-
deploy_id: mp['vpc']["deploy_id"],
|
|
274
|
-
credentials: @config['credentials'],
|
|
275
|
-
mu_name: mp['vpc']["mu_name"],
|
|
276
|
-
cloud_id: mp['vpc']['vpc_id'],
|
|
277
|
-
region: @config['region'],
|
|
278
|
-
dummy_ok: false
|
|
279
|
-
).first
|
|
280
|
-
# XXX non-sibling, findStray version
|
|
281
|
-
end
|
|
271
|
+
mp_vpc = MU::Config::Ref.get(mp['vpc']).kitten
|
|
282
272
|
|
|
283
|
-
mount_targets = MU::Cloud::AWS.efs(region: @config['region'], credentials: @config['credentials']).describe_mount_targets(
|
|
284
|
-
file_system_id: storage_pool.file_system_id
|
|
285
|
-
).mount_targets
|
|
286
273
|
|
|
287
|
-
|
|
288
|
-
|
|
289
|
-
|
|
274
|
+
subnet_obj = mp_vpc.subnets.select { |s|
|
|
275
|
+
s.name == mp["vpc"]["subnet_name"] or s.cloud_id == mp["vpc"]["subnet_id"]
|
|
276
|
+
}.first
|
|
290
277
|
mount_target = nil
|
|
291
|
-
|
|
292
|
-
|
|
293
|
-
|
|
294
|
-
|
|
295
|
-
|
|
296
|
-
|
|
297
|
-
|
|
298
|
-
}
|
|
299
|
-
break if mount_target
|
|
278
|
+
mount_targets.each { |t|
|
|
279
|
+
subnet_cidr_obj = NetAddr::IPv4Net.parse(subnet_obj.ip_block)
|
|
280
|
+
if subnet_cidr_obj.contains(NetAddr::IPv4.parse(t.ip_address))
|
|
281
|
+
mount_target = t
|
|
282
|
+
subnet = subnet_obj.cloud_desc
|
|
283
|
+
break
|
|
284
|
+
end
|
|
300
285
|
}
|
|
301
286
|
|
|
302
|
-
# mount_target = MU::Cloud::AWS.efs(region: @config['region'], credentials: @config['credentials']).describe_mount_targets(
|
|
303
|
-
# mount_target_id: mp["cloud_id"]
|
|
304
|
-
# ).mount_targets.first
|
|
305
|
-
|
|
306
|
-
|
|
307
287
|
targets[mp["name"]] = {
|
|
308
288
|
"owner_id" => mount_target.owner_id,
|
|
309
289
|
"cloud_id" => mount_target.mount_target_id,
|
|
@@ -493,6 +473,9 @@ module MU
|
|
|
493
473
|
|
|
494
474
|
if pool['mount_points'] && !pool['mount_points'].empty?
|
|
495
475
|
pool['mount_points'].each{ |mp|
|
|
476
|
+
if mp['vpc'] and mp['vpc']['name']
|
|
477
|
+
MU::Config.addDependency(pool, mp['vpc']['name'], "vpc")
|
|
478
|
+
end
|
|
496
479
|
if mp['ingress_rules']
|
|
497
480
|
fwname = "storage-#{mp['name']}"
|
|
498
481
|
acl = {
|
|
@@ -109,7 +109,7 @@ module MU
|
|
|
109
109
|
# Create these if necessary, then append them to the list of
|
|
110
110
|
# attachable_policies
|
|
111
111
|
if @config['raw_policies']
|
|
112
|
-
pol_arns = MU::Cloud
|
|
112
|
+
pol_arns = MU::Cloud.resourceClass("AWS", "Role").manageRawPolicies(
|
|
113
113
|
@config['raw_policies'],
|
|
114
114
|
basename: @deploy.getResourceName(@config['name']),
|
|
115
115
|
credentials: @credentials
|
|
@@ -135,7 +135,7 @@ module MU
|
|
|
135
135
|
attached_policies.each { |a|
|
|
136
136
|
if !configured_policies.include?(a.policy_arn)
|
|
137
137
|
MU.log "Removing IAM policy #{a.policy_arn} from user #{@mu_name}", MU::NOTICE
|
|
138
|
-
MU::Cloud
|
|
138
|
+
MU::Cloud.resourceClass("AWS", "Role").purgePolicy(a.policy_arn, @credentials)
|
|
139
139
|
else
|
|
140
140
|
configured_policies.delete(a.policy_arn)
|
|
141
141
|
end
|
|
@@ -151,7 +151,7 @@ module MU
|
|
|
151
151
|
end
|
|
152
152
|
|
|
153
153
|
if @config['inline_policies']
|
|
154
|
-
docs = MU::Cloud
|
|
154
|
+
docs = MU::Cloud.resourceClass("AWS", "Role").genPolicyDocument(@config['inline_policies'], deploy_obj: @deploy)
|
|
155
155
|
docs.each { |doc|
|
|
156
156
|
MU.log "Putting user policy #{doc.keys.first} to user #{@cloud_id} "
|
|
157
157
|
MU::Cloud::AWS.iam(credentials: @credentials).put_user_policy(
|
|
@@ -431,7 +431,7 @@ MU.log e.inspect, MU::ERR, details: policy
|
|
|
431
431
|
resp.policy_names.each { |pol_name|
|
|
432
432
|
pol = MU::Cloud::AWS.iam(credentials: @credentials).get_user_policy(user_name: @cloud_id, policy_name: pol_name)
|
|
433
433
|
doc = JSON.parse(URI.decode(pol.policy_document))
|
|
434
|
-
bok["inline_policies"] = MU::Cloud
|
|
434
|
+
bok["inline_policies"] = MU::Cloud.resourceClass("AWS", "Role").doc2MuPolicies(pol.policy_name, doc, bok["inline_policies"])
|
|
435
435
|
}
|
|
436
436
|
end
|
|
437
437
|
|
|
@@ -465,7 +465,7 @@ MU.log e.inspect, MU::ERR, details: policy
|
|
|
465
465
|
def self.schema(_config)
|
|
466
466
|
toplevel_required = []
|
|
467
467
|
polschema = MU::Config::Role.schema["properties"]["policies"]
|
|
468
|
-
polschema.deep_merge!(MU::Cloud
|
|
468
|
+
polschema.deep_merge!(MU::Cloud.resourceClass("AWS", "Role").condition_schema)
|
|
469
469
|
|
|
470
470
|
schema = {
|
|
471
471
|
"inline_policies" => polschema,
|
|
@@ -517,7 +517,7 @@ style long name, like +IAMTESTS-DEV-2018112815-IS-USER-FOO+"
|
|
|
517
517
|
# If we're attaching some managed policies, make sure all of the ones
|
|
518
518
|
# that should already exist do indeed exist
|
|
519
519
|
if user['attachable_policies']
|
|
520
|
-
ok = false if !MU::Cloud
|
|
520
|
+
ok = false if !MU::Cloud.resourceClass("AWS", "Role").validateAttachablePolicies(
|
|
521
521
|
user['attachable_policies'],
|
|
522
522
|
credentials: user['credentials'],
|
|
523
523
|
region: user['region']
|
|
@@ -530,7 +530,7 @@ style long name, like +IAMTESTS-DEV-2018112815-IS-USER-FOO+"
|
|
|
530
530
|
if configurator.haveLitterMate?(group, "groups")
|
|
531
531
|
need_dependency = true
|
|
532
532
|
else
|
|
533
|
-
found = MU::Cloud
|
|
533
|
+
found = MU::Cloud.resourceClass("AWS", "Group").find(cloud_id: group)
|
|
534
534
|
if found.nil? or found.empty? or (configurator.updating and
|
|
535
535
|
found.values.first.group.path == "/"+configurator.updating+"/")
|
|
536
536
|
groupdesc = {
|
|
@@ -542,11 +542,7 @@ style long name, like +IAMTESTS-DEV-2018112815-IS-USER-FOO+"
|
|
|
542
542
|
end
|
|
543
543
|
|
|
544
544
|
if need_dependency
|
|
545
|
-
user
|
|
546
|
-
user["dependencies"] << {
|
|
547
|
-
"type" => "group",
|
|
548
|
-
"name" => group
|
|
549
|
-
}
|
|
545
|
+
MU::Config.addDependency(user, group, "group")
|
|
550
546
|
end
|
|
551
547
|
}
|
|
552
548
|
end
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
@@ -18,7 +18,7 @@ module MU
|
|
|
18
18
|
|
|
19
19
|
# Creation of Virtual Private Clouds and associated artifacts (routes, subnets, etc).
|
|
20
20
|
class VPC < MU::Cloud::VPC
|
|
21
|
-
require 'mu/
|
|
21
|
+
require 'mu/providers/aws/vpc_subnet'
|
|
22
22
|
|
|
23
23
|
# Initialize this cloud resource object. Calling +super+ will invoke the initializer defined under {MU::Cloud}, which should set the attribtues listed in {MU::Cloud::PUBLIC_ATTRS} as well as applicable dependency shortcuts, like +@vpc+, for us.
|
|
24
24
|
# @param args [Hash]: Hash of named arguments passed via Ruby's double-splat
|
|
@@ -209,7 +209,7 @@ module MU
|
|
|
209
209
|
if !MU::Cloud::AWS.isGovCloud?(@config['region'])
|
|
210
210
|
mu_zone = MU::Cloud::DNSZone.find(cloud_id: "platform-mu", credentials: @config['credentials']).values.first
|
|
211
211
|
if !mu_zone.nil?
|
|
212
|
-
MU::Cloud
|
|
212
|
+
MU::Cloud.resourceClass("AWS", "DNSZone").toggleVPCAccess(id: mu_zone.id, vpc_id: @cloud_id, region: @config['region'], credentials: @config['credentials'])
|
|
213
213
|
end
|
|
214
214
|
end
|
|
215
215
|
loadSubnets
|
|
@@ -838,9 +838,23 @@ module MU
|
|
|
838
838
|
vpcs = resp if !resp.empty?
|
|
839
839
|
}
|
|
840
840
|
|
|
841
|
+
# resp = MU::Cloud::AWS.ec2(region: @config['region'], credentials: @config['credentials']).describe_vpc_peering_connections(
|
|
842
|
+
# filters: [
|
|
843
|
+
# {
|
|
844
|
+
# name: "requester-vpc-info.vpc-id",
|
|
845
|
+
# values: [@cloud_id]
|
|
846
|
+
# },
|
|
847
|
+
# {
|
|
848
|
+
# name: "accepter-vpc-info.vpc-id",
|
|
849
|
+
# values: [peer_id.to_s]
|
|
850
|
+
# }
|
|
851
|
+
# ]
|
|
852
|
+
# )
|
|
853
|
+
|
|
841
854
|
if !vpcs.empty?
|
|
842
855
|
gwthreads = []
|
|
843
856
|
vpcs.each { |vpc|
|
|
857
|
+
purge_peering_connections(noop, vpc.vpc_id, region: region, credentials: credentials)
|
|
844
858
|
# NAT gateways don't have any tags, and we can't assign them a name. Lets find them based on a VPC ID
|
|
845
859
|
gwthreads << Thread.new {
|
|
846
860
|
purge_nat_gateways(noop, vpc_id: vpc.vpc_id, region: region, credentials: credentials)
|
|
@@ -916,11 +930,7 @@ module MU
|
|
|
916
930
|
logdesc["tags"] = vpc["tags"] if !vpc["tags"].nil?
|
|
917
931
|
# logdesc["optional_tags"] = vpc["optional_tags"] if !vpc["optional_tags"].nil?
|
|
918
932
|
configurator.insertKitten(logdesc, "logs")
|
|
919
|
-
vpc['
|
|
920
|
-
vpc['dependencies'] << {
|
|
921
|
-
"type" => "log",
|
|
922
|
-
"name" => vpc['name']+"loggroup"
|
|
923
|
-
}
|
|
933
|
+
MU::Config.addDependency(vpc, vpc['name']+"loggroup", "log")
|
|
924
934
|
|
|
925
935
|
roledesc = {
|
|
926
936
|
"name" => vpc['name']+"logrole",
|
|
@@ -958,11 +968,7 @@ module MU
|
|
|
958
968
|
roledesc["tags"] = vpc["tags"] if !vpc["tags"].nil?
|
|
959
969
|
roledesc["optional_tags"] = vpc["optional_tags"] if !vpc["optional_tags"].nil?
|
|
960
970
|
configurator.insertKitten(roledesc, "roles")
|
|
961
|
-
vpc['
|
|
962
|
-
vpc['dependencies'] << {
|
|
963
|
-
"type" => "role",
|
|
964
|
-
"name" => vpc['name']+"logrole"
|
|
965
|
-
}
|
|
971
|
+
MU::Config.addDependency(vpc, vpc['name']+"logrole", "role")
|
|
966
972
|
end
|
|
967
973
|
|
|
968
974
|
subnet_routes = Hash.new
|
|
@@ -1013,10 +1019,7 @@ module MU
|
|
|
1013
1019
|
subnet_routes[table['name']].each { |subnet|
|
|
1014
1020
|
nat_routes[subnet] = route['nat_host_name']
|
|
1015
1021
|
}
|
|
1016
|
-
vpc['
|
|
1017
|
-
"type" => "server",
|
|
1018
|
-
"name" => route['nat_host_name']
|
|
1019
|
-
}
|
|
1022
|
+
MU::Config.addDependency(vpc, route['nat_host_name'], "server", no_create_wait: true)
|
|
1020
1023
|
elsif route['gateway'] == '#NAT'
|
|
1021
1024
|
vpc['create_nat_gateway'] = true
|
|
1022
1025
|
private_rtbs << table['name']
|
|
@@ -1225,7 +1228,7 @@ module MU
|
|
|
1225
1228
|
# suits me just fine
|
|
1226
1229
|
rescue Aws::EC2::Errors::AuthFailure => e
|
|
1227
1230
|
if !tried_lbs and iface.attachment.instance_owner_id == "amazon-elb"
|
|
1228
|
-
MU::Cloud
|
|
1231
|
+
MU::Cloud.resourceClass("AWS", "LoadBalancer").cleanup(
|
|
1229
1232
|
noop: noop,
|
|
1230
1233
|
region: region,
|
|
1231
1234
|
credentials: credentials,
|
|
@@ -1265,6 +1268,63 @@ module MU
|
|
|
1265
1268
|
nil
|
|
1266
1269
|
end
|
|
1267
1270
|
|
|
1271
|
+
# Try to locate the default VPC for a region, and return a BoK-style
|
|
1272
|
+
# config fragment for something that might want to live in it.
|
|
1273
|
+
def self.defaultVpc(region, credentials)
|
|
1274
|
+
cfg_fragment = nil
|
|
1275
|
+
MU::Cloud::AWS.ec2(region: region, credentials: credentials).describe_vpcs.vpcs.each { |vpc|
|
|
1276
|
+
if vpc.is_default
|
|
1277
|
+
cfg_fragment = {
|
|
1278
|
+
"id" => vpc.vpc_id,
|
|
1279
|
+
"cloud" => "AWS",
|
|
1280
|
+
"region" => region,
|
|
1281
|
+
"credentials" => credentials
|
|
1282
|
+
}
|
|
1283
|
+
cfg_fragment['subnets'] = MU::Cloud::AWS.ec2(region: region, credentials: credentials).describe_subnets(
|
|
1284
|
+
filters: [
|
|
1285
|
+
{
|
|
1286
|
+
name: "vpc-id",
|
|
1287
|
+
values: [vpc.vpc_id]
|
|
1288
|
+
}
|
|
1289
|
+
]
|
|
1290
|
+
).subnets.map { |s| { "subnet_id" => s.subnet_id } }
|
|
1291
|
+
break
|
|
1292
|
+
end
|
|
1293
|
+
}
|
|
1294
|
+
|
|
1295
|
+
cfg_fragment
|
|
1296
|
+
end
|
|
1297
|
+
|
|
1298
|
+
# Return a {MU::Config::Ref} that indicates this VPC.
|
|
1299
|
+
# @param subnet_ids [Array<String>]: Optional list of subnet ids with which to infer a +subnet_pref+ parameter.
|
|
1300
|
+
# @return [MU::Config::Ref]
|
|
1301
|
+
def getReference(subnet_ids = [])
|
|
1302
|
+
have_private = have_public = false
|
|
1303
|
+
subnets.each { |s|
|
|
1304
|
+
next if subnet_ids and !subnet_ids.empty? and !subnet_ids.include?(s.cloud_id)
|
|
1305
|
+
if s.private?
|
|
1306
|
+
have_private = true
|
|
1307
|
+
else
|
|
1308
|
+
have_public = true
|
|
1309
|
+
end
|
|
1310
|
+
}
|
|
1311
|
+
subnet_pref = if have_private == have_public
|
|
1312
|
+
"any"
|
|
1313
|
+
elsif have_private
|
|
1314
|
+
"all_private"
|
|
1315
|
+
elsif have_public
|
|
1316
|
+
"all_public"
|
|
1317
|
+
end
|
|
1318
|
+
MU::Config::Ref.get(
|
|
1319
|
+
id: @cloud_id,
|
|
1320
|
+
cloud: "AWS",
|
|
1321
|
+
credentials: @credentials,
|
|
1322
|
+
region: @config['region'],
|
|
1323
|
+
type: "vpcs",
|
|
1324
|
+
subnet_pref: subnet_pref
|
|
1325
|
+
)
|
|
1326
|
+
end
|
|
1327
|
+
|
|
1268
1328
|
private
|
|
1269
1329
|
|
|
1270
1330
|
def peerWith(peer)
|
|
@@ -1683,6 +1743,61 @@ module MU
|
|
|
1683
1743
|
end
|
|
1684
1744
|
private_class_method :purge_dhcpopts
|
|
1685
1745
|
|
|
1746
|
+
def self.purge_peering_connections(noop, vpc_id, region: MU.curRegion, credentials: nil)
|
|
1747
|
+
my_peer_conns = MU::Cloud::AWS.ec2(credentials: credentials, region: region).describe_vpc_peering_connections(
|
|
1748
|
+
filters: [
|
|
1749
|
+
{
|
|
1750
|
+
name: "requester-vpc-info.vpc-id",
|
|
1751
|
+
values: [vpc_id]
|
|
1752
|
+
}
|
|
1753
|
+
]
|
|
1754
|
+
).vpc_peering_connections
|
|
1755
|
+
my_peer_conns.concat(MU::Cloud::AWS.ec2(credentials: credentials, region: region).describe_vpc_peering_connections(
|
|
1756
|
+
filters: [
|
|
1757
|
+
{
|
|
1758
|
+
name: "accepter-vpc-info.vpc-id",
|
|
1759
|
+
values: [vpc_id]
|
|
1760
|
+
}
|
|
1761
|
+
]
|
|
1762
|
+
).vpc_peering_connections)
|
|
1763
|
+
|
|
1764
|
+
my_peer_conns.each { |cnxn|
|
|
1765
|
+
[cnxn.accepter_vpc_info.vpc_id, cnxn.requester_vpc_info.vpc_id].each { |peer_vpc|
|
|
1766
|
+
MU::Cloud::AWS::VPC.listAllSubnetRouteTables(peer_vpc, region: region, credentials: credentials).each { |rtb_id|
|
|
1767
|
+
begin
|
|
1768
|
+
resp = MU::Cloud::AWS.ec2(credentials: credentials, region: region).describe_route_tables(
|
|
1769
|
+
route_table_ids: [rtb_id]
|
|
1770
|
+
)
|
|
1771
|
+
rescue Aws::EC2::Errors::InvalidRouteTableIDNotFound
|
|
1772
|
+
next
|
|
1773
|
+
end
|
|
1774
|
+
resp.route_tables.each { |rtb|
|
|
1775
|
+
rtb.routes.each { |route|
|
|
1776
|
+
if route.vpc_peering_connection_id == cnxn.vpc_peering_connection_id
|
|
1777
|
+
MU.log "Removing route #{route.destination_cidr_block} from route table #{rtb_id} in VPC #{peer_vpc}"
|
|
1778
|
+
MU::Cloud::AWS.ec2(credentials: credentials, region: region).delete_route(
|
|
1779
|
+
route_table_id: rtb_id,
|
|
1780
|
+
destination_cidr_block: route.destination_cidr_block
|
|
1781
|
+
) if !noop
|
|
1782
|
+
end
|
|
1783
|
+
}
|
|
1784
|
+
}
|
|
1785
|
+
}
|
|
1786
|
+
}
|
|
1787
|
+
MU.log "Deleting VPC peering connection #{cnxn.vpc_peering_connection_id}"
|
|
1788
|
+
begin
|
|
1789
|
+
MU::Cloud::AWS.ec2(credentials: credentials, region: region).delete_vpc_peering_connection(
|
|
1790
|
+
vpc_peering_connection_id: cnxn.vpc_peering_connection_id
|
|
1791
|
+
) if !noop
|
|
1792
|
+
rescue Aws::EC2::Errors::InvalidStateTransition
|
|
1793
|
+
MU.log "VPC peering connection #{cnxn.vpc_peering_connection_id} not in removable (state #{cnxn.status.code})", MU::WARN
|
|
1794
|
+
rescue Aws::EC2::Errors::OperationNotPermitted => e
|
|
1795
|
+
MU.log "VPC peering connection #{cnxn.vpc_peering_connection_id} refuses to delete: #{e.message}", MU::WARN
|
|
1796
|
+
end
|
|
1797
|
+
}
|
|
1798
|
+
end
|
|
1799
|
+
private_class_method :purge_peering_connections
|
|
1800
|
+
|
|
1686
1801
|
# Remove all VPCs associated with the currently loaded deployment.
|
|
1687
1802
|
# @param noop [Boolean]: If true, will only print what would be done
|
|
1688
1803
|
# @param tagfilters [Array<Hash>]: EC2 tags to filter against when search for resources to purge
|
|
@@ -1697,60 +1812,10 @@ module MU
|
|
|
1697
1812
|
return if vpcs.nil? or vpcs.size == 0
|
|
1698
1813
|
|
|
1699
1814
|
vpcs.each { |vpc|
|
|
1700
|
-
|
|
1701
|
-
filters: [
|
|
1702
|
-
{
|
|
1703
|
-
name: "requester-vpc-info.vpc-id",
|
|
1704
|
-
values: [vpc.vpc_id]
|
|
1705
|
-
}
|
|
1706
|
-
]
|
|
1707
|
-
).vpc_peering_connections
|
|
1708
|
-
my_peer_conns.concat(MU::Cloud::AWS.ec2(credentials: credentials, region: region).describe_vpc_peering_connections(
|
|
1709
|
-
filters: [
|
|
1710
|
-
{
|
|
1711
|
-
name: "accepter-vpc-info.vpc-id",
|
|
1712
|
-
values: [vpc.vpc_id]
|
|
1713
|
-
}
|
|
1714
|
-
]
|
|
1715
|
-
).vpc_peering_connections)
|
|
1716
|
-
my_peer_conns.each { |cnxn|
|
|
1717
|
-
|
|
1718
|
-
[cnxn.accepter_vpc_info.vpc_id, cnxn.requester_vpc_info.vpc_id].each { |peer_vpc|
|
|
1719
|
-
MU::Cloud::AWS::VPC.listAllSubnetRouteTables(peer_vpc, region: region, credentials: credentials).each { |rtb_id|
|
|
1720
|
-
begin
|
|
1721
|
-
resp = MU::Cloud::AWS.ec2(credentials: credentials, region: region).describe_route_tables(
|
|
1722
|
-
route_table_ids: [rtb_id]
|
|
1723
|
-
)
|
|
1724
|
-
rescue Aws::EC2::Errors::InvalidRouteTableIDNotFound
|
|
1725
|
-
next
|
|
1726
|
-
end
|
|
1727
|
-
resp.route_tables.each { |rtb|
|
|
1728
|
-
rtb.routes.each { |route|
|
|
1729
|
-
if route.vpc_peering_connection_id == cnxn.vpc_peering_connection_id
|
|
1730
|
-
MU.log "Removing route #{route.destination_cidr_block} from route table #{rtb_id} in VPC #{peer_vpc}"
|
|
1731
|
-
MU::Cloud::AWS.ec2(credentials: credentials, region: region).delete_route(
|
|
1732
|
-
route_table_id: rtb_id,
|
|
1733
|
-
destination_cidr_block: route.destination_cidr_block
|
|
1734
|
-
) if !noop
|
|
1735
|
-
end
|
|
1736
|
-
}
|
|
1737
|
-
}
|
|
1738
|
-
}
|
|
1739
|
-
}
|
|
1740
|
-
MU.log "Deleting VPC peering connection #{cnxn.vpc_peering_connection_id}"
|
|
1741
|
-
begin
|
|
1742
|
-
MU::Cloud::AWS.ec2(credentials: credentials, region: region).delete_vpc_peering_connection(
|
|
1743
|
-
vpc_peering_connection_id: cnxn.vpc_peering_connection_id
|
|
1744
|
-
) if !noop
|
|
1745
|
-
rescue Aws::EC2::Errors::InvalidStateTransition
|
|
1746
|
-
MU.log "VPC peering connection #{cnxn.vpc_peering_connection_id} not in removable (state #{cnxn.status.code})", MU::WARN
|
|
1747
|
-
rescue Aws::EC2::Errors::OperationNotPermitted => e
|
|
1748
|
-
MU.log "VPC peering connection #{cnxn.vpc_peering_connection_id} refuses to delete: #{e.message}", MU::WARN
|
|
1749
|
-
end
|
|
1750
|
-
}
|
|
1815
|
+
purge_peering_connections(noop, vpc.vpc_id, region: region, credentials: credentials)
|
|
1751
1816
|
|
|
1752
1817
|
on_retry = Proc.new {
|
|
1753
|
-
MU::Cloud
|
|
1818
|
+
MU::Cloud.resourceClass("AWS", "FirewallRule").cleanup(
|
|
1754
1819
|
noop: noop,
|
|
1755
1820
|
region: region,
|
|
1756
1821
|
credentials: credentials,
|
|
@@ -1767,7 +1832,7 @@ module MU
|
|
|
1767
1832
|
if !MU::Cloud::AWS.isGovCloud?(region)
|
|
1768
1833
|
mu_zone = MU::Cloud::DNSZone.find(cloud_id: "platform-mu", region: region, credentials: credentials).values.first
|
|
1769
1834
|
if !mu_zone.nil?
|
|
1770
|
-
MU::Cloud
|
|
1835
|
+
MU::Cloud.resourceClass("AWS", "DNSZone").toggleVPCAccess(id: mu_zone.id, vpc_id: vpc.vpc_id, remove: true, credentials: credentials)
|
|
1771
1836
|
end
|
|
1772
1837
|
end
|
|
1773
1838
|
}
|
|
File without changes
|
|
@@ -48,7 +48,7 @@ module MU
|
|
|
48
48
|
end
|
|
49
49
|
|
|
50
50
|
# List all Azure subscriptions available to our credentials
|
|
51
|
-
def self.listHabitats(credentials = nil)
|
|
51
|
+
def self.listHabitats(credentials = nil, use_cache: true)
|
|
52
52
|
[]
|
|
53
53
|
end
|
|
54
54
|
|
|
@@ -284,6 +284,9 @@ module MU
|
|
|
284
284
|
end
|
|
285
285
|
raise e
|
|
286
286
|
end
|
|
287
|
+
if !sdk_response
|
|
288
|
+
raise MuError, "Nil response from Azure API attempting list_locations(#{subscription})"
|
|
289
|
+
end
|
|
287
290
|
|
|
288
291
|
sdk_response.value.each do | region |
|
|
289
292
|
@@regions.push(region.name)
|