cloud-mu 3.3.0 → 3.5.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/ansible/roles/mu-nat/tasks/main.yml +3 -0
- data/bin/mu-aws-setup +41 -7
- data/bin/mu-azure-setup +36 -2
- data/bin/mu-configure +214 -119
- data/bin/mu-gcp-setup +37 -2
- data/bin/mu-node-manage +3 -0
- data/bin/mu-refresh-ssl +67 -0
- data/bin/mu-run-tests +14 -4
- data/bin/mu-self-update +30 -10
- data/bin/mu-upload-chef-artifacts +30 -26
- data/cloud-mu.gemspec +9 -7
- data/cookbooks/mu-master/attributes/default.rb +5 -1
- data/cookbooks/mu-master/metadata.rb +2 -2
- data/cookbooks/mu-master/recipes/default.rb +81 -26
- data/cookbooks/mu-master/recipes/init.rb +197 -62
- data/cookbooks/mu-master/recipes/update_nagios_only.rb +1 -1
- data/cookbooks/mu-master/recipes/vault.rb +78 -77
- data/cookbooks/mu-master/templates/default/mods/rewrite.conf.erb +1 -0
- data/cookbooks/mu-master/templates/default/nagios.conf.erb +103 -0
- data/cookbooks/mu-master/templates/default/web_app.conf.erb +14 -30
- data/cookbooks/mu-tools/attributes/default.rb +12 -0
- data/cookbooks/mu-tools/files/centos-6/CentOS-Base.repo +47 -0
- data/cookbooks/mu-tools/libraries/helper.rb +98 -4
- data/cookbooks/mu-tools/libraries/monkey.rb +1 -1
- data/cookbooks/mu-tools/recipes/apply_security.rb +31 -9
- data/cookbooks/mu-tools/recipes/aws_api.rb +8 -2
- data/cookbooks/mu-tools/recipes/base_repositories.rb +1 -1
- data/cookbooks/mu-tools/recipes/gcloud.rb +2 -9
- data/cookbooks/mu-tools/recipes/google_api.rb +7 -0
- data/cookbooks/mu-tools/recipes/rsyslog.rb +8 -1
- data/cookbooks/mu-tools/resources/disk.rb +113 -42
- data/cookbooks/mu-tools/resources/mommacat_request.rb +1 -2
- data/cookbooks/mu-tools/templates/centos-8/sshd_config.erb +215 -0
- data/extras/Gemfile.lock.bootstrap +394 -0
- data/extras/bucketstubs/error.html +0 -0
- data/extras/bucketstubs/index.html +0 -0
- data/extras/clean-stock-amis +11 -3
- data/extras/generate-stock-images +6 -3
- data/extras/git_rpm/build.sh +20 -0
- data/extras/git_rpm/mugit.spec +53 -0
- data/extras/image-generators/AWS/centos7.yaml +19 -16
- data/extras/image-generators/AWS/{rhel7.yaml → rhel71.yaml} +0 -0
- data/extras/image-generators/AWS/{win2k12.yaml → win2k12r2.yaml} +0 -0
- data/extras/image-generators/VMWare/centos8.yaml +15 -0
- data/extras/openssl_rpm/build.sh +19 -0
- data/extras/openssl_rpm/mussl.spec +46 -0
- data/extras/python_rpm/muthon.spec +14 -4
- data/extras/ruby_rpm/muby.spec +9 -5
- data/extras/sqlite_rpm/build.sh +19 -0
- data/extras/sqlite_rpm/muqlite.spec +47 -0
- data/install/installer +7 -5
- data/modules/mommacat.ru +2 -2
- data/modules/mu.rb +12 -5
- data/modules/mu/cloud/machine_images.rb +1 -1
- data/modules/mu/cloud/providers.rb +6 -1
- data/modules/mu/cloud/resource_base.rb +7 -4
- data/modules/mu/cloud/ssh_sessions.rb +5 -1
- data/modules/mu/cloud/wrappers.rb +16 -7
- data/modules/mu/config.rb +28 -12
- data/modules/mu/config/database.rb +2 -2
- data/modules/mu/config/firewall_rule.rb +1 -1
- data/modules/mu/config/ref.rb +3 -3
- data/modules/mu/config/schema_helpers.rb +12 -3
- data/modules/mu/config/server.rb +10 -4
- data/modules/mu/config/server_pool.rb +2 -2
- data/modules/mu/config/vpc.rb +10 -10
- data/modules/mu/defaults/AWS.yaml +96 -96
- data/modules/mu/deploy.rb +27 -14
- data/modules/mu/groomers/chef.rb +2 -2
- data/modules/mu/master.rb +49 -3
- data/modules/mu/mommacat.rb +27 -9
- data/modules/mu/mommacat/naming.rb +2 -2
- data/modules/mu/mommacat/search.rb +16 -5
- data/modules/mu/mommacat/storage.rb +67 -32
- data/modules/mu/providers/aws.rb +185 -71
- data/modules/mu/providers/aws/alarm.rb +3 -3
- data/modules/mu/providers/aws/bucket.rb +19 -19
- data/modules/mu/providers/aws/cache_cluster.rb +22 -22
- data/modules/mu/providers/aws/cdn.rb +2 -2
- data/modules/mu/providers/aws/collection.rb +14 -14
- data/modules/mu/providers/aws/container_cluster.rb +27 -27
- data/modules/mu/providers/aws/database.rb +49 -45
- data/modules/mu/providers/aws/dnszone.rb +5 -5
- data/modules/mu/providers/aws/endpoint.rb +35 -35
- data/modules/mu/providers/aws/firewall_rule.rb +26 -23
- data/modules/mu/providers/aws/function.rb +35 -32
- data/modules/mu/providers/aws/group.rb +7 -7
- data/modules/mu/providers/aws/habitat.rb +2 -2
- data/modules/mu/providers/aws/job.rb +35 -32
- data/modules/mu/providers/aws/loadbalancer.rb +58 -37
- data/modules/mu/providers/aws/log.rb +14 -14
- data/modules/mu/providers/aws/msg_queue.rb +10 -10
- data/modules/mu/providers/aws/nosqldb.rb +8 -8
- data/modules/mu/providers/aws/notifier.rb +7 -7
- data/modules/mu/providers/aws/role.rb +69 -47
- data/modules/mu/providers/aws/search_domain.rb +10 -10
- data/modules/mu/providers/aws/server.rb +198 -110
- data/modules/mu/providers/aws/server_pool.rb +71 -119
- data/modules/mu/providers/aws/storage_pool.rb +17 -9
- data/modules/mu/providers/aws/user.rb +1 -1
- data/modules/mu/providers/aws/vpc.rb +106 -51
- data/modules/mu/providers/aws/vpc_subnet.rb +43 -39
- data/modules/mu/providers/azure.rb +82 -16
- data/modules/mu/providers/azure/server.rb +18 -3
- data/modules/mu/providers/cloudformation/server.rb +1 -1
- data/modules/mu/providers/google.rb +20 -5
- data/modules/mu/providers/google/folder.rb +6 -2
- data/modules/mu/providers/google/function.rb +65 -30
- data/modules/mu/providers/google/role.rb +2 -1
- data/modules/mu/providers/google/vpc.rb +27 -2
- data/modules/tests/aws-servers-with-handrolled-iam.yaml +37 -0
- data/modules/tests/k8s.yaml +1 -1
- metadata +32 -15
|
@@ -25,7 +25,7 @@ module MU
|
|
|
25
25
|
super
|
|
26
26
|
@mu_name ||= @deploy.getResourceName(@config["name"])
|
|
27
27
|
|
|
28
|
-
MU.setVar("curRegion", @
|
|
28
|
+
MU.setVar("curRegion", @region) if !@region.nil?
|
|
29
29
|
end
|
|
30
30
|
|
|
31
31
|
# Called automatically by {MU::Deploy#createResources}
|
|
@@ -119,7 +119,7 @@ module MU
|
|
|
119
119
|
if @dependencies.has_key?('loadbalancer') and @dependencies['loadbalancer'].has_key?(dnsrec['target']) and !@dependencies['loadbalancer'][dnsrec['target']].cloudobj.nil? and dnsrec['deploy_id'].nil?
|
|
120
120
|
@dependencies['loadbalancer'][dnsrec['target']].cloudobj.notify['dns']
|
|
121
121
|
elsif dnsrec['deploy_id']
|
|
122
|
-
found = MU::MommaCat.findStray("AWS", "loadbalancer", deploy_id: dnsrec["deploy_id"], mu_name: dnsrec["target"], region: @
|
|
122
|
+
found = MU::MommaCat.findStray("AWS", "loadbalancer", deploy_id: dnsrec["deploy_id"], mu_name: dnsrec["target"], region: @region)
|
|
123
123
|
raise MuError, "Couldn't find #{dnsrec['mu_type']} #{dnsrec["target"]}" if found.nil? || found.empty?
|
|
124
124
|
found.first.deploydata['dns']
|
|
125
125
|
end
|
|
@@ -128,7 +128,7 @@ module MU
|
|
|
128
128
|
MU.log "dnsrec['target'] #{dnsrec['target']}"
|
|
129
129
|
deploydata = @dependencies['server'][dnsrec['target']].deploydata
|
|
130
130
|
elsif dnsrec['deploy_id']
|
|
131
|
-
found = MU::MommaCat.findStray("AWS", "server", deploy_id: dnsrec["deploy_id"], mu_name: dnsrec["target"], region: @
|
|
131
|
+
found = MU::MommaCat.findStray("AWS", "server", deploy_id: dnsrec["deploy_id"], mu_name: dnsrec["target"], region: @region)
|
|
132
132
|
raise MuError, "Couldn't find #{dnsrec['mu_type']} #{dnsrec["target"]}" if found.nil? || found.empty?
|
|
133
133
|
deploydata = found.first.deploydata
|
|
134
134
|
end
|
|
@@ -159,7 +159,7 @@ module MU
|
|
|
159
159
|
if @dependencies.has_key?(dnsrec['mu_type']) && dnsrec['deploy_id'].nil?
|
|
160
160
|
@dependencies[dnsrec['mu_type']][dnsrec['target']].deploydata['endpoint']
|
|
161
161
|
elsif dnsrec['deploy_id']
|
|
162
|
-
found = MU::MommaCat.findStray("AWS", "database", deploy_id: dnsrec["deploy_id"], mu_name: dnsrec["target"], region: @
|
|
162
|
+
found = MU::MommaCat.findStray("AWS", "database", deploy_id: dnsrec["deploy_id"], mu_name: dnsrec["target"], region: @region)
|
|
163
163
|
raise MuError, "Couldn't find #{dnsrec['mu_type']} #{dnsrec["target"]}" if found.nil? || found.empty?
|
|
164
164
|
found.first.deploydata['endpoint']
|
|
165
165
|
end
|
|
@@ -642,7 +642,7 @@ module MU
|
|
|
642
642
|
# )
|
|
643
643
|
# deploydata.merge!(MU.structToHash(resp.hosted_zone))
|
|
644
644
|
# deploydata['vpcs'] = @config['vpcs'] if !@config['vpcs'].nil?
|
|
645
|
-
# deploydata["region"] = @
|
|
645
|
+
# deploydata["region"] = @region if !@region.nil?
|
|
646
646
|
# @deploy.notify(MU::Cloud::DNSZone.cfg_plural, mu_name, deploydata)
|
|
647
647
|
# return deploydata
|
|
648
648
|
|
|
@@ -13,7 +13,7 @@ module MU
|
|
|
13
13
|
|
|
14
14
|
# Called automatically by {MU::Deploy#createResources}
|
|
15
15
|
def create
|
|
16
|
-
resp = MU::Cloud::AWS.apig(region: @
|
|
16
|
+
resp = MU::Cloud::AWS.apig(region: @region, credentials: @credentials).create_rest_api(
|
|
17
17
|
name: @mu_name,
|
|
18
18
|
description: @deploy.deploy_id,
|
|
19
19
|
endpoint_configuration: {
|
|
@@ -27,7 +27,7 @@ module MU
|
|
|
27
27
|
|
|
28
28
|
# Create/update all of the methods declared for this endpoint
|
|
29
29
|
def generate_methods(integrations = true)
|
|
30
|
-
resp = MU::Cloud::AWS.apig(region: @
|
|
30
|
+
resp = MU::Cloud::AWS.apig(region: @region, credentials: @credentials).get_resources(
|
|
31
31
|
rest_api_id: @cloud_id,
|
|
32
32
|
)
|
|
33
33
|
root_resource = resp.items.first.id
|
|
@@ -36,11 +36,11 @@ module MU
|
|
|
36
36
|
@config['methods'].each { |m|
|
|
37
37
|
m["auth"] ||= m["iam_role"] ? "AWS_IAM" : "NONE"
|
|
38
38
|
|
|
39
|
-
method_arn = "arn:#{MU::Cloud::AWS.isGovCloud?(@
|
|
39
|
+
method_arn = "arn:#{MU::Cloud::AWS.isGovCloud?(@region) ? "aws-us-gov" : "aws"}:execute-api:#{@region}:#{MU::Cloud::AWS.credToAcct(@credentials)}:#{@cloud_id}/*/#{m['type']}/#{m['path']}"
|
|
40
40
|
path_part = ["", "/"].include?(m['path']) ? nil : m['path']
|
|
41
41
|
method_arn.sub!(/\/\/$/, '/')
|
|
42
42
|
|
|
43
|
-
resp = MU::Cloud::AWS.apig(region: @
|
|
43
|
+
resp = MU::Cloud::AWS.apig(region: @region, credentials: @credentials).get_resources(
|
|
44
44
|
rest_api_id: @cloud_id
|
|
45
45
|
)
|
|
46
46
|
ext_resource = nil
|
|
@@ -51,11 +51,11 @@ module MU
|
|
|
51
51
|
}
|
|
52
52
|
|
|
53
53
|
resp = if ext_resource
|
|
54
|
-
MU::Cloud::AWS.apig(region: @
|
|
54
|
+
MU::Cloud::AWS.apig(region: @region, credentials: @credentials).get_resource(
|
|
55
55
|
rest_api_id: @cloud_id,
|
|
56
56
|
resource_id: ext_resource,
|
|
57
57
|
)
|
|
58
|
-
# MU::Cloud::AWS.apig(region: @
|
|
58
|
+
# MU::Cloud::AWS.apig(region: @region, credentials: @credentials).update_resource(
|
|
59
59
|
# rest_api_id: @cloud_id,
|
|
60
60
|
# resource_id: ext_resource,
|
|
61
61
|
# patch_operations: [
|
|
@@ -67,7 +67,7 @@ MU::Cloud::AWS.apig(region: @config['region'], credentials: @credentials).get_re
|
|
|
67
67
|
# ]
|
|
68
68
|
# )
|
|
69
69
|
else
|
|
70
|
-
MU::Cloud::AWS.apig(region: @
|
|
70
|
+
MU::Cloud::AWS.apig(region: @region, credentials: @credentials).create_resource(
|
|
71
71
|
rest_api_id: @cloud_id,
|
|
72
72
|
parent_id: root_resource,
|
|
73
73
|
path_part: path_part
|
|
@@ -76,13 +76,13 @@ MU::Cloud::AWS.apig(region: @config['region'], credentials: @credentials).get_re
|
|
|
76
76
|
parent_id = resp.id
|
|
77
77
|
|
|
78
78
|
resp = begin
|
|
79
|
-
MU::Cloud::AWS.apig(region: @
|
|
79
|
+
MU::Cloud::AWS.apig(region: @region, credentials: @credentials).get_method(
|
|
80
80
|
rest_api_id: @cloud_id,
|
|
81
81
|
resource_id: parent_id,
|
|
82
82
|
http_method: m['type']
|
|
83
83
|
)
|
|
84
84
|
rescue Aws::APIGateway::Errors::NotFoundException
|
|
85
|
-
resp = MU::Cloud::AWS.apig(region: @
|
|
85
|
+
resp = MU::Cloud::AWS.apig(region: @region, credentials: @credentials).put_method(
|
|
86
86
|
rest_api_id: @cloud_id,
|
|
87
87
|
resource_id: parent_id,
|
|
88
88
|
authorization_type: m['auth'],
|
|
@@ -111,7 +111,7 @@ MU::Cloud::AWS.apig(region: @config['region'], credentials: @credentials).get_re
|
|
|
111
111
|
params[:response_models] = r['body'].map { |b| [b['content_type'], b['is_error'] ? "Error" : "Empty"] }.to_h
|
|
112
112
|
end
|
|
113
113
|
|
|
114
|
-
MU::Cloud::AWS.apig(region: @
|
|
114
|
+
MU::Cloud::AWS.apig(region: @region, credentials: @credentials).put_method_response(params)
|
|
115
115
|
}
|
|
116
116
|
rescue Aws::APIGateway::Errors::ConflictException
|
|
117
117
|
# fine to ignore
|
|
@@ -133,13 +133,13 @@ MU::Cloud::AWS.apig(region: @config['region'], credentials: @credentials).get_re
|
|
|
133
133
|
|
|
134
134
|
uri, type = if m['integrate_with']['type'] == "aws_generic"
|
|
135
135
|
svc, action = m['integrate_with']['aws_generic_action'].split(/:/)
|
|
136
|
-
["arn:aws:apigateway:"+@
|
|
136
|
+
["arn:aws:apigateway:"+@region+":#{svc}:action/#{action}", aws_int_type]
|
|
137
137
|
elsif m['integrate_with']['type'] == "functions"
|
|
138
138
|
function_obj = nil
|
|
139
139
|
MU.retrier([], max: 5, wait: 9, loop_if: Proc.new { function_obj.nil? }) {
|
|
140
140
|
function_obj = @deploy.findLitterMate(name: m['integrate_with']['name'], type: "functions")
|
|
141
141
|
}
|
|
142
|
-
["arn:aws:apigateway:"+@
|
|
142
|
+
["arn:aws:apigateway:"+@region+":lambda:path/2015-03-31/functions/"+function_obj.cloudobj.arn+"/invocations", aws_int_type]
|
|
143
143
|
elsif m['integrate_with']['type'] == "mock"
|
|
144
144
|
[nil, "MOCK"]
|
|
145
145
|
end
|
|
@@ -176,7 +176,7 @@ MU::Cloud::AWS.apig(region: @config['region'], credentials: @credentials).get_re
|
|
|
176
176
|
}]
|
|
177
177
|
end
|
|
178
178
|
|
|
179
|
-
resp = MU::Cloud::AWS.apig(region: @
|
|
179
|
+
resp = MU::Cloud::AWS.apig(region: @region, credentials: @credentials).put_integration(params)
|
|
180
180
|
|
|
181
181
|
if m['integrate_with']['type'] =~ /^functions?$/
|
|
182
182
|
function_obj.addTrigger(method_arn, "apigateway", @config['name'])
|
|
@@ -196,7 +196,7 @@ MU::Cloud::AWS.apig(region: @config['region'], credentials: @credentials).get_re
|
|
|
196
196
|
}.to_h
|
|
197
197
|
end
|
|
198
198
|
|
|
199
|
-
MU::Cloud::AWS.apig(region: @
|
|
199
|
+
MU::Cloud::AWS.apig(region: @region, credentials: @credentials).put_integration_response(params)
|
|
200
200
|
|
|
201
201
|
}
|
|
202
202
|
|
|
@@ -209,13 +209,13 @@ MU::Cloud::AWS.apig(region: @config['region'], credentials: @credentials).get_re
|
|
|
209
209
|
def groom
|
|
210
210
|
generate_methods
|
|
211
211
|
|
|
212
|
-
deployment = MU::Cloud::AWS.apig(region: @
|
|
212
|
+
deployment = MU::Cloud::AWS.apig(region: @region, credentials: @credentials).get_deployments(
|
|
213
213
|
rest_api_id: @cloud_id
|
|
214
214
|
).items.sort { |a, b| a.created_date <=> b.created_date }.last
|
|
215
215
|
|
|
216
216
|
if !deployment
|
|
217
217
|
MU.log "Deploying API Gateway #{@config['name']} to #{@config['deploy_to']}"
|
|
218
|
-
deployment = MU::Cloud::AWS.apig(region: @
|
|
218
|
+
deployment = MU::Cloud::AWS.apig(region: @region, credentials: @credentials).create_deployment(
|
|
219
219
|
rest_api_id: @cloud_id,
|
|
220
220
|
stage_name: @config['deploy_to']
|
|
221
221
|
# cache_cluster_enabled: false,
|
|
@@ -225,7 +225,7 @@ MU::Cloud::AWS.apig(region: @config['region'], credentials: @credentials).get_re
|
|
|
225
225
|
# this automatically creates a stage with the same name, so we don't
|
|
226
226
|
# have to deal with that
|
|
227
227
|
|
|
228
|
-
my_hostname = @cloud_id+".execute-api."+@
|
|
228
|
+
my_hostname = @cloud_id+".execute-api."+@region+".amazonaws.com"
|
|
229
229
|
my_url = "https://"+my_hostname+"/"+@config['deploy_to']
|
|
230
230
|
MU.log "API Endpoint #{@config['name']}: "+my_url, MU::SUMMARY
|
|
231
231
|
|
|
@@ -262,7 +262,7 @@ MU::Cloud::AWS.apig(region: @config['region'], credentials: @credentials).get_re
|
|
|
262
262
|
end
|
|
263
263
|
|
|
264
264
|
dom_desc = begin
|
|
265
|
-
MU::Cloud::AWS.apig(region: @
|
|
265
|
+
MU::Cloud::AWS.apig(region: @region, credentials: @credentials).get_domain_name(domain_name: dnsname)
|
|
266
266
|
rescue ::Aws::APIGateway::Errors::NotFoundException
|
|
267
267
|
|
|
268
268
|
params = {
|
|
@@ -278,10 +278,10 @@ MU::Cloud::AWS.apig(region: @config['region'], credentials: @credentials).get_re
|
|
|
278
278
|
end
|
|
279
279
|
|
|
280
280
|
MU.log "Creating API Gateway Domain Name #{dnsname}", MU::NOTICE, details: params
|
|
281
|
-
MU::Cloud::AWS.apig(region: @
|
|
281
|
+
MU::Cloud::AWS.apig(region: @region, credentials: @credentials).create_domain_name(params)
|
|
282
282
|
end
|
|
283
283
|
|
|
284
|
-
mappings = MU::Cloud::AWS.apig(region: @
|
|
284
|
+
mappings = MU::Cloud::AWS.apig(region: @region, credentials: @credentials).get_base_path_mappings(domain_name: dnsname, limit: 500).items
|
|
285
285
|
found = false
|
|
286
286
|
if mappings
|
|
287
287
|
mappings.each { |m|
|
|
@@ -293,7 +293,7 @@ MU::Cloud::AWS.apig(region: @config['region'], credentials: @credentials).get_re
|
|
|
293
293
|
end
|
|
294
294
|
if !found
|
|
295
295
|
MU.log "Mapping #{dnsname} to API Gateway #{@mu_name}"
|
|
296
|
-
MU::Cloud::AWS.apig(region: @
|
|
296
|
+
MU::Cloud::AWS.apig(region: @region, credentials: @credentials).create_base_path_mapping(
|
|
297
297
|
domain_name: dnsname,
|
|
298
298
|
rest_api_id: @cloud_id,
|
|
299
299
|
stage: @config['deploy_to']
|
|
@@ -308,7 +308,7 @@ MU::Cloud::AWS.apig(region: @config['region'], credentials: @credentials).get_re
|
|
|
308
308
|
|
|
309
309
|
# The creation of our deployment should have created a matching stage,
|
|
310
310
|
# which we're now going to mess with.
|
|
311
|
-
stage = MU::Cloud::AWS.apig(region: @
|
|
311
|
+
stage = MU::Cloud::AWS.apig(region: @region, credentials: @credentials).get_stage(
|
|
312
312
|
rest_api_id: @cloud_id,
|
|
313
313
|
stage_name: @config['deploy_to']
|
|
314
314
|
)
|
|
@@ -316,7 +316,7 @@ MU::Cloud::AWS.apig(region: @config['region'], credentials: @credentials).get_re
|
|
|
316
316
|
if @config['access_logs'] and !stage.access_log_settings
|
|
317
317
|
log_ref = MU::Config::Ref.get(@config['access_logs'])
|
|
318
318
|
MU.log "Enabling API Gateway access logs to CloudWatch Log Group #{log_ref.cloud_id}"
|
|
319
|
-
stage = MU::Cloud::AWS.apig(region: @
|
|
319
|
+
stage = MU::Cloud::AWS.apig(region: @region, credentials: @credentials).update_stage(
|
|
320
320
|
rest_api_id: @cloud_id,
|
|
321
321
|
stage_name: @config['deploy_to'],
|
|
322
322
|
patch_operations: [
|
|
@@ -350,11 +350,11 @@ MU::Cloud::AWS.apig(region: @config['region'], credentials: @credentials).get_re
|
|
|
350
350
|
end
|
|
351
351
|
|
|
352
352
|
|
|
353
|
-
# resp = MU::Cloud::AWS.apig(region: @
|
|
353
|
+
# resp = MU::Cloud::AWS.apig(region: @region, credentials: @credentials).create_authorizer(
|
|
354
354
|
# rest_api_id: @cloud_id,
|
|
355
355
|
# )
|
|
356
356
|
|
|
357
|
-
# resp = MU::Cloud::AWS.apig(region: @
|
|
357
|
+
# resp = MU::Cloud::AWS.apig(region: @region, credentials: @credentials).create_vpc_link(
|
|
358
358
|
# )
|
|
359
359
|
|
|
360
360
|
end
|
|
@@ -364,7 +364,7 @@ MU::Cloud::AWS.apig(region: @config['region'], credentials: @credentials).get_re
|
|
|
364
364
|
def cloud_desc(use_cache: true)
|
|
365
365
|
return @cloud_desc_cache if @cloud_desc_cache and use_cache
|
|
366
366
|
return nil if !@cloud_id
|
|
367
|
-
@cloud_desc_cache = MU::Cloud::AWS.apig(region: @
|
|
367
|
+
@cloud_desc_cache = MU::Cloud::AWS.apig(region: @region, credentials: @credentials).get_rest_api(
|
|
368
368
|
rest_api_id: @cloud_id
|
|
369
369
|
)
|
|
370
370
|
@cloud_desc_cache
|
|
@@ -375,7 +375,7 @@ MU::Cloud::AWS.apig(region: @config['region'], credentials: @credentials).get_re
|
|
|
375
375
|
def notify
|
|
376
376
|
return nil if !@cloud_id or !cloud_desc(use_cache: false)
|
|
377
377
|
deploy_struct = MU.structToHash(cloud_desc, stringify_keys: true)
|
|
378
|
-
deploy_struct['url'] = "https://"+@cloud_id+".execute-api."+@
|
|
378
|
+
deploy_struct['url'] = "https://"+@cloud_id+".execute-api."+@region+".amazonaws.com"
|
|
379
379
|
deploy_struct['url'] += "/"+@config['deploy_to'] if @config['deploy_to']
|
|
380
380
|
# XXX stages and whatnot
|
|
381
381
|
return deploy_struct
|
|
@@ -466,7 +466,7 @@ MU::Cloud::AWS.apig(region: @config['region'], credentials: @credentials).get_re
|
|
|
466
466
|
"cloud" => "AWS",
|
|
467
467
|
"credentials" => @credentials,
|
|
468
468
|
"cloud_id" => @cloud_id,
|
|
469
|
-
"region" => @
|
|
469
|
+
"region" => @region
|
|
470
470
|
}
|
|
471
471
|
|
|
472
472
|
if !cloud_desc
|
|
@@ -476,7 +476,7 @@ MU::Cloud::AWS.apig(region: @config['region'], credentials: @credentials).get_re
|
|
|
476
476
|
|
|
477
477
|
bok['name'] = cloud_desc.name
|
|
478
478
|
|
|
479
|
-
resources = MU::Cloud::AWS.apig(region: @
|
|
479
|
+
resources = MU::Cloud::AWS.apig(region: @region, credentials: @credentials).get_resources(
|
|
480
480
|
rest_api_id: @cloud_id,
|
|
481
481
|
).items
|
|
482
482
|
|
|
@@ -485,7 +485,7 @@ MU::Cloud::AWS.apig(region: @config['region'], credentials: @credentials).get_re
|
|
|
485
485
|
r.resource_methods.each_pair { |http_type, m|
|
|
486
486
|
bok['methods'] ||= []
|
|
487
487
|
method = {}
|
|
488
|
-
m_desc = MU::Cloud::AWS.apig(region: @
|
|
488
|
+
m_desc = MU::Cloud::AWS.apig(region: @region, credentials: @credentials).get_method(
|
|
489
489
|
rest_api_id: @cloud_id,
|
|
490
490
|
resource_id: r.id,
|
|
491
491
|
http_method: http_type
|
|
@@ -535,7 +535,7 @@ MU::Cloud::AWS.apig(region: @config['region'], credentials: @credentials).get_re
|
|
|
535
535
|
cloud: "AWS",
|
|
536
536
|
integration_http_method: m_desc.method_integration.http_method
|
|
537
537
|
)
|
|
538
|
-
elsif m_desc.method_integration.uri.match(/#{@
|
|
538
|
+
elsif m_desc.method_integration.uri.match(/#{@region}:([^:]+):action\/(.*)/)
|
|
539
539
|
method['integrate_with'] = {
|
|
540
540
|
"type" => "aws_generic",
|
|
541
541
|
"integration_http_method" => m_desc.method_integration.http_method,
|
|
@@ -594,10 +594,10 @@ MU::Cloud::AWS.apig(region: @config['region'], credentials: @credentials).get_re
|
|
|
594
594
|
}
|
|
595
595
|
}
|
|
596
596
|
|
|
597
|
-
deployment = MU::Cloud::AWS.apig(region: @
|
|
597
|
+
deployment = MU::Cloud::AWS.apig(region: @region, credentials: @credentials).get_deployments(
|
|
598
598
|
rest_api_id: @cloud_id
|
|
599
599
|
).items.sort { |a, b| a.created_date <=> b.created_date }.last
|
|
600
|
-
stages = MU::Cloud::AWS.apig(region: @
|
|
600
|
+
stages = MU::Cloud::AWS.apig(region: @region, credentials: @credentials).get_stages(
|
|
601
601
|
rest_api_id: @cloud_id,
|
|
602
602
|
deployment_id: deployment.id
|
|
603
603
|
)
|
|
@@ -612,7 +612,7 @@ MU::Cloud::AWS.apig(region: @config['region'], credentials: @credentials).get_re
|
|
|
612
612
|
bok['access_logs'] = MU::Config::Ref.get(
|
|
613
613
|
id: stage.access_log_settings.destination_arn.sub(/.*?:([^:]+)$/, '\1'),
|
|
614
614
|
credentials: @credentials,
|
|
615
|
-
region: @
|
|
615
|
+
region: @region,
|
|
616
616
|
type: "logs",
|
|
617
617
|
cloud: "AWS"
|
|
618
618
|
)
|
|
@@ -860,7 +860,7 @@ MU::Cloud::AWS.apig(region: @config['region'], credentials: @credentials).get_re
|
|
|
860
860
|
# Canonical Amazon Resource Number for this resource
|
|
861
861
|
# @return [String]
|
|
862
862
|
def arn
|
|
863
|
-
"arn:#{MU::Cloud::AWS.isGovCloud?(@
|
|
863
|
+
"arn:#{MU::Cloud::AWS.isGovCloud?(@region) ? "aws-us-gov" : "aws"}:execute-api:#{@region}:#{MU::Cloud::AWS.credToAcct(@credentials)}:#{@cloud_id}"
|
|
864
864
|
end
|
|
865
865
|
|
|
866
866
|
|
|
@@ -52,14 +52,14 @@ module MU
|
|
|
52
52
|
begin
|
|
53
53
|
MU.log "Creating EC2 Security Group #{groupname}", details: sg_struct
|
|
54
54
|
|
|
55
|
-
secgroup = MU::Cloud::AWS.ec2(region: @
|
|
55
|
+
secgroup = MU::Cloud::AWS.ec2(region: @region, credentials: @credentials).create_security_group(sg_struct)
|
|
56
56
|
@cloud_id = secgroup.group_id
|
|
57
57
|
rescue Aws::EC2::Errors::InvalidGroupDuplicate
|
|
58
58
|
MU.log "EC2 Security Group #{groupname} already exists, using it", MU::NOTICE
|
|
59
59
|
filters = [{name: "group-name", values: [groupname]}]
|
|
60
60
|
filters << {name: "vpc-id", values: [vpc_id]} if !vpc_id.nil?
|
|
61
61
|
|
|
62
|
-
secgroup = MU::Cloud::AWS.ec2(region: @
|
|
62
|
+
secgroup = MU::Cloud::AWS.ec2(region: @region, credentials: @credentials).describe_security_groups(filters: filters).security_groups.first
|
|
63
63
|
if secgroup.nil?
|
|
64
64
|
raise MuError, "Failed to locate security group named #{groupname}, even though EC2 says it already exists", caller
|
|
65
65
|
end
|
|
@@ -67,25 +67,25 @@ module MU
|
|
|
67
67
|
end
|
|
68
68
|
|
|
69
69
|
begin
|
|
70
|
-
MU::Cloud::AWS.ec2(region: @
|
|
70
|
+
MU::Cloud::AWS.ec2(region: @region, credentials: @credentials).describe_security_groups(group_ids: [secgroup.group_id])
|
|
71
71
|
rescue Aws::EC2::Errors::InvalidGroupNotFound
|
|
72
72
|
MU.log "#{secgroup.group_id} not yet ready, waiting...", MU::NOTICE
|
|
73
73
|
sleep 10
|
|
74
74
|
retry
|
|
75
75
|
end
|
|
76
76
|
|
|
77
|
-
MU::Cloud::AWS.createStandardTags(secgroup.group_id, region: @
|
|
78
|
-
MU::Cloud::AWS.createTag(secgroup.group_id, "Name", groupname, region: @
|
|
77
|
+
MU::Cloud::AWS.createStandardTags(secgroup.group_id, region: @region, credentials: @credentials)
|
|
78
|
+
MU::Cloud::AWS.createTag(secgroup.group_id, "Name", groupname, region: @region, credentials: @credentials)
|
|
79
79
|
|
|
80
80
|
if @config['optional_tags']
|
|
81
81
|
MU::MommaCat.listOptionalTags.each { |key, value|
|
|
82
|
-
MU::Cloud::AWS.createTag(secgroup.group_id, key, value, region: @
|
|
82
|
+
MU::Cloud::AWS.createTag(secgroup.group_id, key, value, region: @region, credentials: @credentials)
|
|
83
83
|
}
|
|
84
84
|
end
|
|
85
85
|
|
|
86
86
|
if @config['tags']
|
|
87
87
|
@config['tags'].each { |tag|
|
|
88
|
-
MU::Cloud::AWS.createTag(secgroup.group_id, tag['key'], tag['value'], region: @
|
|
88
|
+
MU::Cloud::AWS.createTag(secgroup.group_id, tag['key'], tag['value'], region: @region, credentials: @credentials)
|
|
89
89
|
}
|
|
90
90
|
end
|
|
91
91
|
|
|
@@ -123,7 +123,7 @@ module MU
|
|
|
123
123
|
# Log metadata about this ruleset to the currently running deployment
|
|
124
124
|
def notify
|
|
125
125
|
sg_data = MU.structToHash(
|
|
126
|
-
MU::Cloud::FirewallRule.find(cloud_id: @cloud_id, region: @
|
|
126
|
+
MU::Cloud::FirewallRule.find(cloud_id: @cloud_id, region: @region)
|
|
127
127
|
)
|
|
128
128
|
sg_data["group_id"] = @cloud_id
|
|
129
129
|
sg_data["cloud_id"] = @cloud_id
|
|
@@ -151,8 +151,11 @@ module MU
|
|
|
151
151
|
rule["firewall_rules"].concat(sgs.map { |s|
|
|
152
152
|
MU::Config::Ref.get(
|
|
153
153
|
id: s,
|
|
154
|
+
region: @region,
|
|
155
|
+
credentials: @credentials,
|
|
154
156
|
cloud: "AWS",
|
|
155
|
-
type: "firewall_rule"
|
|
157
|
+
type: "firewall_rule",
|
|
158
|
+
dummy_ok: true
|
|
156
159
|
)
|
|
157
160
|
})
|
|
158
161
|
end
|
|
@@ -169,12 +172,12 @@ module MU
|
|
|
169
172
|
|
|
170
173
|
begin
|
|
171
174
|
if egress
|
|
172
|
-
MU::Cloud::AWS.ec2(region: @
|
|
175
|
+
MU::Cloud::AWS.ec2(region: @region, credentials: @credentials).authorize_security_group_egress(
|
|
173
176
|
group_id: @cloud_id,
|
|
174
177
|
ip_permissions: ec2_rule
|
|
175
178
|
)
|
|
176
179
|
else
|
|
177
|
-
MU::Cloud::AWS.ec2(region: @
|
|
180
|
+
MU::Cloud::AWS.ec2(region: @region, credentials: @credentials).authorize_security_group_ingress(
|
|
178
181
|
group_id: @cloud_id,
|
|
179
182
|
ip_permissions: ec2_rule
|
|
180
183
|
)
|
|
@@ -185,12 +188,12 @@ module MU
|
|
|
185
188
|
# existing rules
|
|
186
189
|
if comment
|
|
187
190
|
if egress
|
|
188
|
-
MU::Cloud::AWS.ec2(region: @
|
|
191
|
+
MU::Cloud::AWS.ec2(region: @region, credentials: @credentials).update_security_group_rule_descriptions_egress(
|
|
189
192
|
group_id: @cloud_id,
|
|
190
193
|
ip_permissions: ec2_rule
|
|
191
194
|
)
|
|
192
195
|
else
|
|
193
|
-
MU::Cloud::AWS.ec2(region: @
|
|
196
|
+
MU::Cloud::AWS.ec2(region: @region, credentials: @credentials).update_security_group_rule_descriptions_ingress(
|
|
194
197
|
group_id: @cloud_id,
|
|
195
198
|
ip_permissions: ec2_rule
|
|
196
199
|
)
|
|
@@ -202,7 +205,7 @@ module MU
|
|
|
202
205
|
# Canonical Amazon Resource Number for this resource
|
|
203
206
|
# @return [String]
|
|
204
207
|
def arn
|
|
205
|
-
"arn:"+(MU::Cloud::AWS.isGovCloud?(@
|
|
208
|
+
"arn:"+(MU::Cloud::AWS.isGovCloud?(@region) ? "aws-us-gov" : "aws")+":ec2:"+@region+":"+MU::Cloud::AWS.credToAcct(@credentials)+":security-group/"+@cloud_id
|
|
206
209
|
end
|
|
207
210
|
|
|
208
211
|
# Locate an existing security group or groups and return an array containing matching AWS resource descriptors for those that match.
|
|
@@ -248,9 +251,9 @@ module MU
|
|
|
248
251
|
def toKitten(**_args)
|
|
249
252
|
bok = {
|
|
250
253
|
"cloud" => "AWS",
|
|
251
|
-
"credentials" => @
|
|
254
|
+
"credentials" => @credentials,
|
|
252
255
|
"cloud_id" => @cloud_id,
|
|
253
|
-
"region" => @
|
|
256
|
+
"region" => @region
|
|
254
257
|
}
|
|
255
258
|
|
|
256
259
|
if !cloud_desc
|
|
@@ -649,7 +652,7 @@ module MU
|
|
|
649
652
|
if rule['firewall_rules']
|
|
650
653
|
rule['firewall_rules'].each { |sg|
|
|
651
654
|
if sg['name'] and !sg['deploy_id']
|
|
652
|
-
MU::Config.addDependency(acl, sg['name'], "firewall_rule",
|
|
655
|
+
MU::Config.addDependency(acl, sg['name'], "firewall_rule", my_phase: "groom")
|
|
653
656
|
end
|
|
654
657
|
}
|
|
655
658
|
end
|
|
@@ -657,7 +660,7 @@ module MU
|
|
|
657
660
|
if rule['loadbalancers']
|
|
658
661
|
rule['loadbalancers'].each { |lb|
|
|
659
662
|
if lb['name'] and !lb['deploy_id']
|
|
660
|
-
MU::Config.addDependency(acl, lb['name'], "loadbalancer",
|
|
663
|
+
MU::Config.addDependency(acl, lb['name'], "loadbalancer", their_phase: "groom")
|
|
661
664
|
end
|
|
662
665
|
}
|
|
663
666
|
end
|
|
@@ -731,7 +734,7 @@ module MU
|
|
|
731
734
|
end
|
|
732
735
|
}
|
|
733
736
|
MU.log "Removing unconfigured rule in #{@mu_name}", MU::WARN, details: ext_rule
|
|
734
|
-
MU::Cloud::AWS.ec2(region: @
|
|
737
|
+
MU::Cloud::AWS.ec2(region: @region, credentials: @credentials).revoke_security_group_ingress(
|
|
735
738
|
group_id: @cloud_id,
|
|
736
739
|
ip_permissions: [ext_rule]
|
|
737
740
|
)
|
|
@@ -797,7 +800,7 @@ module MU
|
|
|
797
800
|
if ingress
|
|
798
801
|
if haverule
|
|
799
802
|
begin
|
|
800
|
-
MU::Cloud::AWS.ec2(region: @
|
|
803
|
+
MU::Cloud::AWS.ec2(region: @region, credentials: @credentials).revoke_security_group_ingress(
|
|
801
804
|
group_id: @cloud_id,
|
|
802
805
|
ip_permissions: [haverule]
|
|
803
806
|
)
|
|
@@ -805,7 +808,7 @@ module MU
|
|
|
805
808
|
end
|
|
806
809
|
end
|
|
807
810
|
begin
|
|
808
|
-
MU::Cloud::AWS.ec2(region: @
|
|
811
|
+
MU::Cloud::AWS.ec2(region: @region, credentials: @credentials).authorize_security_group_ingress(
|
|
809
812
|
group_id: @cloud_id,
|
|
810
813
|
ip_permissions: [rule]
|
|
811
814
|
)
|
|
@@ -818,14 +821,14 @@ module MU
|
|
|
818
821
|
if egress
|
|
819
822
|
if haverule
|
|
820
823
|
begin
|
|
821
|
-
MU::Cloud::AWS.ec2(region: @
|
|
824
|
+
MU::Cloud::AWS.ec2(region: @region, credentials: @credentials).revoke_security_group_egress(
|
|
822
825
|
group_id: @cloud_id,
|
|
823
826
|
ip_permissions: [haverule]
|
|
824
827
|
)
|
|
825
828
|
rescue Aws::EC2::Errors::InvalidPermissionNotFound
|
|
826
829
|
end
|
|
827
830
|
end
|
|
828
|
-
MU::Cloud::AWS.ec2(region: @
|
|
831
|
+
MU::Cloud::AWS.ec2(region: @region, credentials: @credentials).authorize_security_group_egress(
|
|
829
832
|
group_id: @cloud_id,
|
|
830
833
|
ip_permissions: [rule]
|
|
831
834
|
)
|