cloud-mu 3.3.2 → 3.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (33) hide show
  1. checksums.yaml +4 -4
  2. data/cloud-mu.gemspec +3 -3
  3. data/cookbooks/mu-tools/attributes/default.rb +7 -0
  4. data/cookbooks/mu-tools/libraries/helper.rb +86 -2
  5. data/cookbooks/mu-tools/recipes/apply_security.rb +25 -9
  6. data/cookbooks/mu-tools/recipes/aws_api.rb +4 -0
  7. data/cookbooks/mu-tools/recipes/google_api.rb +4 -0
  8. data/cookbooks/mu-tools/recipes/rsyslog.rb +8 -1
  9. data/cookbooks/mu-tools/resources/disk.rb +33 -12
  10. data/cookbooks/mu-tools/resources/mommacat_request.rb +1 -2
  11. data/cookbooks/mu-tools/templates/centos-8/sshd_config.erb +215 -0
  12. data/extras/clean-stock-amis +10 -2
  13. data/extras/generate-stock-images +6 -3
  14. data/extras/image-generators/AWS/centos7.yaml +19 -16
  15. data/extras/image-generators/AWS/{rhel7.yaml → rhel71.yaml} +0 -0
  16. data/extras/image-generators/AWS/{win2k12.yaml → win2k12r2.yaml} +0 -0
  17. data/modules/mommacat.ru +2 -2
  18. data/modules/mu/cloud/wrappers.rb +16 -7
  19. data/modules/mu/config/ref.rb +1 -1
  20. data/modules/mu/defaults/AWS.yaml +96 -96
  21. data/modules/mu/mommacat.rb +10 -2
  22. data/modules/mu/mommacat/search.rb +11 -2
  23. data/modules/mu/mommacat/storage.rb +30 -15
  24. data/modules/mu/providers/aws.rb +43 -23
  25. data/modules/mu/providers/aws/database.rb +9 -6
  26. data/modules/mu/providers/aws/function.rb +8 -5
  27. data/modules/mu/providers/aws/job.rb +29 -26
  28. data/modules/mu/providers/aws/role.rb +38 -32
  29. data/modules/mu/providers/aws/server.rb +58 -51
  30. data/modules/mu/providers/aws/vpc.rb +3 -0
  31. data/modules/mu/providers/google.rb +1 -1
  32. data/modules/mu/providers/google/role.rb +1 -0
  33. metadata +10 -9
@@ -550,7 +550,9 @@ end
550
550
  def self.credToAcct(name = nil)
551
551
  creds = credConfig(name)
552
552
 
553
- return creds['account_number'] if creds['account_number']
553
+ if creds['account_number'] and !creds['account_number'].empty?
554
+ return creds['account_number']
555
+ end
554
556
 
555
557
  acct_num = MU::Cloud::AWS.iam(credentials: name).list_users.users.first.arn.split(/:/)[4]
556
558
  acct_num.to_s
@@ -672,8 +674,8 @@ end
672
674
  next
673
675
  end
674
676
  acct_num = MU::Cloud::AWS.iam(credentials: acctname).list_users.users.first.arn.split(/:/)[4]
675
- if acct_num.to_s == name.to_s
676
- cfg['account_number'] = acct_num.to_s
677
+ cfg['account_number'] ||= acct_num.to_s
678
+ if acct_num.to_s == name.to_s
677
679
  @@acct_to_profile_map[name.to_s] = cfg
678
680
  return name_only ? name.to_s : cfg
679
681
  end
@@ -1516,6 +1518,7 @@ end
1516
1518
  def initialize(region: nil, api: "EC2", credentials: nil)
1517
1519
  @cred_obj = MU::Cloud::AWS.loadCredentials(credentials)
1518
1520
  @credentials = MU::Cloud::AWS.credConfig(credentials, name_only: true)
1521
+ @api_name = api
1519
1522
 
1520
1523
  if !@cred_obj
1521
1524
  raise MuError, "Unable to locate valid AWS credentials for #{api} API. #{credentials ? "Credentials requested were '#{credentials}'": ""}"
@@ -1533,6 +1536,8 @@ end
1533
1536
  params[:credentials] = @cred_obj
1534
1537
 
1535
1538
  MU.log "Initializing #{api} object with credentials #{credentials}", MU::DEBUG, details: params
1539
+ require "aws-sdk-#{api.downcase}"
1540
+
1536
1541
  @api = Object.const_get("Aws::#{api}::Client").new(params)
1537
1542
  end
1538
1543
 
@@ -1541,27 +1546,31 @@ end
1541
1546
  # rescues for known silly endpoint behavior.
1542
1547
  def method_missing(method_sym, *arguments)
1543
1548
  # make sure error symbols are loaded for our exception handling later
1544
- require "aws-sdk-core"
1545
- require "aws-sdk-core/rds"
1546
- require "aws-sdk-core/ec2"
1547
- require "aws-sdk-core/route53"
1548
- require "aws-sdk-core/iam"
1549
- require "aws-sdk-core/efs"
1550
- require "aws-sdk-core/pricing"
1551
- require "aws-sdk-core/apigateway"
1552
- require "aws-sdk-core/ecs"
1553
- require "aws-sdk-core/eks"
1554
- require "aws-sdk-core/cloudwatchlogs"
1555
- require "aws-sdk-core/cloudwatchevents"
1556
- require "aws-sdk-core/elasticloadbalancing"
1557
- require "aws-sdk-core/elasticloadbalancingv2"
1558
- require "aws-sdk-core/autoscaling"
1559
- require "aws-sdk-core/client_waiters"
1560
- require "aws-sdk-core/waiters/errors"
1549
+ require "aws-sdk-lambda"
1550
+ require "aws-sdk-rds"
1551
+ require "aws-sdk-ec2"
1552
+ require "aws-sdk-route53"
1553
+ require "aws-sdk-iam"
1554
+ require "aws-sdk-efs"
1555
+ require "aws-sdk-pricing"
1556
+ require "aws-sdk-apigateway"
1557
+ require "aws-sdk-ecs"
1558
+ require "aws-sdk-eks"
1559
+ require "aws-sdk-cloudwatchlogs"
1560
+ require "aws-sdk-cloudwatchevents"
1561
+ require "aws-sdk-elasticloadbalancing"
1562
+ require "aws-sdk-elasticloadbalancingv2"
1563
+ require "aws-sdk-autoscaling"
1564
+
1565
+ known_concats = {
1566
+ "Pricing" => {
1567
+ :get_products => :price_list
1568
+ }
1569
+ }
1561
1570
 
1562
1571
  retries = 0
1563
1572
  begin
1564
- MU.log "Calling #{method_sym} in #{@region}", MU::DEBUG, details: arguments
1573
+ MU.log "Calling #{@api_name}.#{method_sym} in #{@region}", MU::DEBUG, details: arguments
1565
1574
 
1566
1575
  retval = if !arguments.nil? and arguments.size == 1
1567
1576
  @api.method(method_sym).call(arguments[0])
@@ -1590,11 +1599,22 @@ end
1590
1599
 
1591
1600
  if paginator and new_page and !new_page.empty?
1592
1601
  resp = retval.respond_to?(:__getobj__) ? retval.__getobj__ : retval
1593
- concat_to = resp.class.instance_methods(false).reject { |m|
1602
+ concat_to = MU.structToHash(resp).keys.reject { |m|
1594
1603
  m.to_s.match(/=$/) or m == paginator or resp.send(m).nil? or !resp.send(m).is_a?(Array)
1595
1604
  }
1605
+
1606
+ if concat_to.empty? and known_concats[@api_name] and
1607
+ known_concats[@api_name][method_sym]
1608
+ concat_to << known_concats[@api_name][method_sym]
1609
+ end
1610
+
1611
+ if concat_to.empty? and method_sym.to_s.match(/^(?:describe|list)_(.*)/)
1612
+ my_attr = Regexp.last_match[1].to_sym
1613
+ concat_to << my_attr if resp.respond_to?(my_attr)
1614
+ end
1615
+
1596
1616
  if concat_to.size != 1
1597
- MU.log "Tried to figure out where I might append paginated results for a #{resp.class.name}, but failed", MU::DEBUG, details: concat_to
1617
+ raise MuError.new "Tried to figure out where I might append paginated results for a #{@api_name}.#{method_sym}, but failed", details: MU.structToHash(resp).keys
1598
1618
  else
1599
1619
  concat_to = concat_to.first
1600
1620
  new_args = arguments ? arguments.dup : [{}]
@@ -797,14 +797,17 @@ dependencies
797
797
  # @return [void]
798
798
  def self.cleanup(noop: false, deploy_id: MU.deploy_id, ignoremaster: false, credentials: nil, region: MU.curRegion, flags: {})
799
799
 
800
+ threads = []
801
+
800
802
  ["instance", "cluster"].each { |type|
801
- threaded_resource_purge("describe_db_#{type}s".to_sym, "db_#{type}s".to_sym, "db_#{type}_identifier".to_sym, (type == "instance" ? "db" : "cluster"), region, credentials, ignoremaster, known: flags['known'], deploy_id: deploy_id) { |id|
803
+ threads.concat threaded_resource_purge("describe_db_#{type}s".to_sym, "db_#{type}s".to_sym, "db_#{type}_identifier".to_sym, (type == "instance" ? "db" : "cluster"), region, credentials, ignoremaster, known: flags['known'], deploy_id: deploy_id) { |id|
802
804
  terminate_rds_instance(nil, noop: noop, skipsnapshots: flags["skipsnapshots"], region: region, deploy_id: deploy_id, cloud_id: id, mu_name: id.upcase, credentials: credentials, cluster: (type == "cluster"), known: flags['known'])
803
805
 
804
- }.each { |t|
805
- t.join
806
806
  }
807
807
  }
808
+ threads.each { |t|
809
+ t.join
810
+ }
808
811
 
809
812
  threads = threaded_resource_purge(:describe_db_subnet_groups, :db_subnet_groups, :db_subnet_group_name, "subgrp", region, credentials, ignoremaster, known: flags['known'], deploy_id: deploy_id) { |id|
810
813
  MU.log "Deleting RDS subnet group #{id}"
@@ -1653,7 +1656,7 @@ dependencies
1653
1656
 
1654
1657
  raise MuError, "terminate_rds_instance requires a non-nil database descriptor (#{cloud_id})" if db.nil? or cloud_id.nil?
1655
1658
 
1656
- MU.retrier([], wait: 60, loop_if: Proc.new { %w{creating modifying backing-up}.include?(cluster ? db.status : db.db_instance_status) }) {
1659
+ MU.retrier([], wait: 60, loop_if: Proc.new { %w{creating modifying backing-up}.include?(cluster ? db.status : db.db_instance_status) }, loop_msg: "Waiting for RDS #{cluster ? "cluster" : "instance"} #{cloud_id} to be in a valid state for deletion") {
1657
1660
  db = MU::Cloud::AWS::Database.find(cloud_id: cloud_id, region: region, credentials: credentials, cluster: cluster).values.first
1658
1661
  return if db.nil?
1659
1662
  }
@@ -1673,7 +1676,7 @@ dependencies
1673
1676
  params[:skip_final_snapshot] = false
1674
1677
  params[:final_db_snapshot_identifier] = "#{cloud_id}-mufinal"
1675
1678
  end
1676
-
1679
+ sleep 30
1677
1680
  if !noop
1678
1681
  on_retry = Proc.new { |e|
1679
1682
  if [Aws::RDS::Errors::DBSnapshotAlreadyExists, Aws::RDS::Errors::DBClusterSnapshotAlreadyExistsFault, Aws::RDS::Errors::DBClusterQuotaExceeded].include?(e.class)
@@ -1688,7 +1691,7 @@ dependencies
1688
1691
  end
1689
1692
  }
1690
1693
  del_db = nil
1691
- MU.retrier([], wait: 10, ignoreme: [Aws::RDS::Errors::DBInstanceNotFound], loop_if: Proc.new { del_db and ((!cluster and del_db.db_instance_status != "deleted") or (cluster and del_db.status != "deleted")) }) {
1694
+ MU.retrier([], wait: 10, ignoreme: [Aws::RDS::Errors::DBInstanceNotFound], loop_if: Proc.new { del_db and ((!cluster and del_db.db_instance_status != "deleted") or (cluster and del_db.status != "deleted")) }, loop_msg: "Waiting for RDS #{cluster ? "cluster" : "instance"} #{cloud_id} to delete") {
1692
1695
  del_db = MU::Cloud::AWS::Database.find(cloud_id: cloud_id, region: region, cluster: cluster).values.first
1693
1696
  }
1694
1697
  end
@@ -58,16 +58,19 @@ module MU
58
58
  lambda_properties = get_properties
59
59
 
60
60
  MU.retrier([Aws::Lambda::Errors::InvalidParameterValueException], max: 5, wait: 10) {
61
- resp = MU::Cloud::AWS.lambda(region: @config['region'], credentials: @config['credentials']).create_function(lambda_properties)
61
+ resp = MU::Cloud::AWS.lambda(region: @config['region'], credentials: @credentials).create_function(lambda_properties)
62
62
  @cloud_id = resp.function_name
63
63
  }
64
64
 
65
65
  # the console does this and docs expect it to be there, so mimic the
66
66
  # behavior
67
- MU::Cloud::AWS.cloudwatchlogs(region: @config["region"], credentials: @credentials).create_log_group(
68
- log_group_name: "/aws/lambda/#{@cloud_id}",
69
- tags: @tags
70
- )
67
+ begin
68
+ MU::Cloud::AWS.cloudwatchlogs(region: @config["region"], credentials: @credentials).create_log_group(
69
+ log_group_name: "/aws/lambda/#{@cloud_id}",
70
+ tags: @tags
71
+ )
72
+ rescue Aws::CloudWatchLogs::Errors::ResourceAlreadyExistsException
73
+ end
71
74
  end
72
75
 
73
76
  # Called automatically by {MU::Deploy#createResources}
@@ -57,33 +57,36 @@ module MU
57
57
  target_params = []
58
58
  @config['targets'].each { |t|
59
59
  MU.retrier([MuNonFatal], max:5, wait: 9) {
60
- target_ref = MU::Config::Ref.get(t)
61
- target_obj = target_ref.kitten(cloud: "AWS")
62
- this_target = if target_ref.is_mu_type? and target_obj and
63
- !target_obj.arn.nil?
64
- {
65
- id: target_obj.cloud_id,
66
- arn: target_obj.arn
67
- }
68
- elsif target_ref.id and target_ref.id.match(/^arn:/)
69
- {
70
- id: target_ref.id || target_ref.name,
71
- arn: target_ref.id
72
- }
73
- else
74
- raise MuNonFatal.new "Failed to retrieve ARN from CLoudWatch Event target descriptor", details: target_ref.to_h
75
- end
76
- if t['role']
77
- role_obj = MU::Config::Ref.get(t['role']).kitten(@deploy, cloud: "AWS")
78
- raise MuError.new "Failed to fetch object from role reference", details: t['role'].to_h if !role_obj
79
- params[:role_arn] = role_obj.arn
80
- end
81
- [:input, :input_path, :input_transformer, :kinesis_parameters, :run_command_parameters, :batch_parameters, :sqs_parameters, :ecs_parameters].each { |attr|
82
- if t[attr.to_s]
83
- this_target[attr] = MU.structToHash(t[attr.to_s])
60
+ target_ref = MU::Config::Ref.get(t)
61
+ target_obj = target_ref.kitten(@deploy, cloud: "AWS")
62
+ this_target = if target_ref.is_mu_type? and target_obj and
63
+ !target_obj.arn.nil?
64
+ if target_ref.type == "functions"
65
+ target_obj.addTrigger(arn, "events", @mu_name)
66
+ end
67
+ {
68
+ id: target_obj.cloud_id,
69
+ arn: target_obj.arn
70
+ }
71
+ elsif target_ref.id and target_ref.id.match(/^arn:/)
72
+ {
73
+ id: target_ref.id || target_ref.name,
74
+ arn: target_ref.id
75
+ }
76
+ else
77
+ raise MuNonFatal.new "Failed to retrieve ARN from CLoudWatch Event target descriptor", details: target_ref.to_h
84
78
  end
85
- }
86
- target_params << this_target
79
+ if t['role']
80
+ role_obj = MU::Config::Ref.get(t['role']).kitten(@deploy, cloud: "AWS")
81
+ raise MuError.new "Failed to fetch object from role reference", details: t['role'].to_h if !role_obj
82
+ params[:role_arn] = role_obj.arn
83
+ end
84
+ [:input, :input_path, :input_transformer, :kinesis_parameters, :run_command_parameters, :batch_parameters, :sqs_parameters, :ecs_parameters].each { |attr|
85
+ if t[attr.to_s]
86
+ this_target[attr] = MU.structToHash(t[attr.to_s])
87
+ end
88
+ }
89
+ target_params << this_target
87
90
  }
88
91
  }
89
92
  MU::Cloud::AWS.cloudwatchevents(region: @config['region'], credentials: @credentials).put_targets(
@@ -43,7 +43,7 @@ module MU
43
43
 
44
44
  policy_name = @mu_name+"-"+policy.keys.first.upcase
45
45
  MU.log "Creating IAM policy #{policy_name}"
46
- MU::Cloud::AWS.iam(credentials: @config['credentials']).create_policy(
46
+ MU::Cloud::AWS.iam(credentials: @credentials).create_policy(
47
47
  policy_name: policy_name,
48
48
  path: "/"+@deploy.deploy_id+"/",
49
49
  policy_document: JSON.generate(policy.values.first),
@@ -53,16 +53,18 @@ module MU
53
53
  end
54
54
 
55
55
  if !@config['bare_policies']
56
- MU.log "Creating IAM role #{@mu_name}"
57
56
  @cloud_id = @mu_name
58
57
  path = @config['strip_path'] ? nil : "/"+@deploy.deploy_id+"/"
59
- MU::Cloud::AWS.iam(credentials: @config['credentials']).create_role(
60
- path: path,
61
- role_name: @mu_name,
62
- description: "Generated by Mu",
63
- assume_role_policy_document: gen_assume_role_policy_doc,
64
- tags: get_tag_params
65
- )
58
+ params = {
59
+ :path => path,
60
+ :role_name => @mu_name,
61
+ :description => "Generated by Mu",
62
+ :assume_role_policy_document => gen_assume_role_policy_doc,
63
+ :tags => get_tag_params
64
+ }
65
+
66
+ MU.log "Creating IAM role #{@mu_name} (#{@credentials})", details: params
67
+ MU::Cloud::AWS.iam(credentials: @credentials).create_role(params)
66
68
  end
67
69
  end
68
70
 
@@ -75,7 +77,7 @@ module MU
75
77
  end
76
78
 
77
79
  if !@config['bare_policies']
78
- resp = MU::Cloud::AWS.iam(credentials: @config['credentials']).get_role(
80
+ resp = MU::Cloud::AWS.iam(credentials: @credentials).get_role(
79
81
  role_name: @mu_name
80
82
  ).role
81
83
  ext_tags = resp.tags.map { |t| t.to_h }
@@ -84,7 +86,7 @@ module MU
84
86
 
85
87
  if tag_param.size > 0
86
88
  MU.log "Updating tags on IAM role #{@mu_name}", MU::NOTICE, details: tag_param
87
- MU::Cloud::AWS.iam(credentials: @config['credentials']).tag_role(role_name: @mu_name, tags: tag_param)
89
+ MU::Cloud::AWS.iam(credentials: @credentials).tag_role(role_name: @mu_name, tags: tag_param)
88
90
  end
89
91
  end
90
92
 
@@ -114,13 +116,13 @@ module MU
114
116
 
115
117
  # Purge anything that doesn't belong
116
118
  if !@config['bare_policies']
117
- attached_policies = MU::Cloud::AWS.iam(credentials: @config['credentials']).list_attached_role_policies(
119
+ attached_policies = MU::Cloud::AWS.iam(credentials: @credentials).list_attached_role_policies(
118
120
  role_name: @mu_name
119
121
  ).attached_policies
120
122
  attached_policies.each { |a|
121
123
  if !configured_policies.include?(a.policy_name)
122
124
  MU.log "Removing IAM policy #{a.policy_name} from role #{@mu_name}", MU::NOTICE, details: configured_policies
123
- MU::Cloud::AWS::Role.purgePolicy(a.policy_arn, @config['credentials'])
125
+ MU::Cloud::AWS::Role.purgePolicy(a.policy_arn, @credentials)
124
126
  end
125
127
  }
126
128
  end
@@ -155,7 +157,6 @@ module MU
155
157
  }
156
158
 
157
159
  policy_name = basename+"-"+policy.keys.first.upcase
158
-
159
160
  arn = "arn:"+(MU::Cloud::AWS.isGovCloud? ? "aws-us-gov" : "aws")+":iam::"+MU::Cloud::AWS.credToAcct(credentials)+":policy#{path}/#{policy_name}"
160
161
  resp = begin
161
162
  desc = MU::Cloud::AWS.iam(credentials: credentials).get_policy(policy_arn: arn)
@@ -185,12 +186,17 @@ module MU
185
186
 
186
187
  rescue Aws::IAM::Errors::NoSuchEntity
187
188
  MU.log "Creating IAM policy #{policy_name}", details: policy.values.first
188
- MU::Cloud::AWS.iam(credentials: credentials).create_policy(
189
+ desc = MU::Cloud::AWS.iam(credentials: credentials).create_policy(
189
190
  policy_name: policy_name,
190
191
  path: path+"/",
191
192
  policy_document: JSON.generate(policy.values.first),
192
193
  description: "Raw policy from #{basename}"
193
194
  )
195
+ MU.retrier([Aws::IAM::Errors::NoSuchEntity], loop_if: Proc.new { desc.nil? }) {
196
+ desc = MU::Cloud::AWS.iam(credentials: credentials).get_policy(policy_arn: arn)
197
+ pp desc
198
+ }
199
+ desc
194
200
  end
195
201
  arns << resp.policy.arn
196
202
  }
@@ -317,7 +323,7 @@ end
317
323
  my_policies.each { |p|
318
324
  if p.policy_name == policy
319
325
  seen_policy = true
320
- old = MU::Cloud::AWS.iam(credentials: @config['credentials']).get_policy_version(
326
+ old = MU::Cloud::AWS.iam(credentials: @credentials).get_policy_version(
321
327
  policy_arn: p.arn,
322
328
  version_id: p.default_version_id
323
329
  ).policy_version
@@ -576,7 +582,7 @@ end
576
582
  def toKitten(**_args)
577
583
  bok = {
578
584
  "cloud" => "AWS",
579
- "credentials" => @config['credentials'],
585
+ "credentials" => @credentials,
580
586
  "cloud_id" => @cloud_id
581
587
  }
582
588
 
@@ -769,12 +775,12 @@ end
769
775
  def bindTo(entitytype, entityname)
770
776
  if entitytype == "instance_profile"
771
777
  begin
772
- resp = MU::Cloud::AWS.iam(credentials: @config['credentials']).get_instance_profile(
778
+ resp = MU::Cloud::AWS.iam(credentials: @credentials).get_instance_profile(
773
779
  instance_profile_name: entityname
774
780
  ).instance_profile
775
781
 
776
782
  if !resp.roles.map { |r| r.role_name}.include?(@mu_name)
777
- MU::Cloud::AWS.iam(credentials: @config['credentials']).add_role_to_instance_profile(
783
+ MU::Cloud::AWS.iam(credentials: @credentials).add_role_to_instance_profile(
778
784
  instance_profile_name: entityname,
779
785
  role_name: @mu_name
780
786
  )
@@ -784,7 +790,7 @@ end
784
790
  raise e
785
791
  end
786
792
  elsif ["user", "group", "role"].include?(entitytype)
787
- mypolicies = MU::Cloud::AWS.iam(credentials: @config['credentials']).list_policies(
793
+ mypolicies = MU::Cloud::AWS.iam(credentials: @credentials).list_policies(
788
794
  path_prefix: "/"+@deploy.deploy_id+"/"
789
795
  ).policies
790
796
  mypolicies.reject! { |p|
@@ -802,7 +808,7 @@ end
802
808
 
803
809
  subpaths = ["service-role", "aws-service-role", "job-function"]
804
810
  begin
805
- mypolicies << MU::Cloud::AWS.iam(credentials: @config['credentials']).get_policy(
811
+ mypolicies << MU::Cloud::AWS.iam(credentials: @credentials).get_policy(
806
812
  policy_arn: p_arn
807
813
  ).policy
808
814
  rescue Aws::IAM::Errors::NoSuchEntity => e
@@ -822,7 +828,7 @@ end
822
828
  credentials: @credentials
823
829
  )
824
830
  raw_arns.each { |p_arn|
825
- mypolicies << MU::Cloud::AWS.iam(credentials: @config['credentials']).get_policy(
831
+ mypolicies << MU::Cloud::AWS.iam(credentials: @credentials).get_policy(
826
832
  policy_arn: p_arn
827
833
  ).policy
828
834
  }
@@ -830,37 +836,37 @@ end
830
836
 
831
837
  mypolicies.each { |p|
832
838
  if entitytype == "user"
833
- resp = MU::Cloud::AWS.iam(credentials: @config['credentials']).list_attached_user_policies(
839
+ resp = MU::Cloud::AWS.iam(credentials: @credentials).list_attached_user_policies(
834
840
  path_prefix: "/"+@deploy.deploy_id+"/",
835
841
  user_name: entityname
836
842
  )
837
843
  if !resp or !resp.attached_policies.map { |a_p| a_p.policy_name }.include?(p.policy_name)
838
844
  MU.log "Attaching IAM policy #{p.policy_name} to user #{entityname}", MU::NOTICE
839
- MU::Cloud::AWS.iam(credentials: @config['credentials']).attach_user_policy(
845
+ MU::Cloud::AWS.iam(credentials: @credentials).attach_user_policy(
840
846
  policy_arn: p.arn,
841
847
  user_name: entityname
842
848
  )
843
849
  end
844
850
  elsif entitytype == "group"
845
- resp = MU::Cloud::AWS.iam(credentials: @config['credentials']).list_attached_group_policies(
851
+ resp = MU::Cloud::AWS.iam(credentials: @credentials).list_attached_group_policies(
846
852
  path_prefix: "/"+@deploy.deploy_id+"/",
847
853
  group_name: entityname
848
854
  )
849
855
  if !resp or !resp.attached_policies.map { |a_p| a_p.policy_name }.include?(p.policy_name)
850
856
  MU.log "Attaching policy #{p.policy_name} to group #{entityname}", MU::NOTICE
851
- MU::Cloud::AWS.iam(credentials: @config['credentials']).attach_group_policy(
857
+ MU::Cloud::AWS.iam(credentials: @credentials).attach_group_policy(
852
858
  policy_arn: p.arn,
853
859
  group_name: entityname
854
860
  )
855
861
  end
856
862
  elsif entitytype == "role"
857
- resp = MU::Cloud::AWS.iam(credentials: @config['credentials']).list_attached_role_policies(
863
+ resp = MU::Cloud::AWS.iam(credentials: @credentials).list_attached_role_policies(
858
864
  role_name: entityname
859
865
  )
860
866
 
861
867
  if !resp or !resp.attached_policies.map { |a_p| a_p.policy_name }.include?(p.policy_name)
862
868
  MU.log "Attaching policy #{p.policy_name} to role #{entityname}", MU::NOTICE
863
- MU::Cloud::AWS.iam(credentials: @config['credentials']).attach_role_policy(
869
+ MU::Cloud::AWS.iam(credentials: @credentials).attach_role_policy(
864
870
  policy_arn: p.arn,
865
871
  role_name: entityname
866
872
  )
@@ -881,19 +887,19 @@ end
881
887
  end
882
888
 
883
889
  resp = begin
884
- MU.log "Creating instance profile #{@mu_name} #{@config['credentials']}"
885
- MU::Cloud::AWS.iam(credentials: @config['credentials']).create_instance_profile(
890
+ MU.log "Creating instance profile #{@mu_name} #{@credentials}"
891
+ MU::Cloud::AWS.iam(credentials: @credentials).create_instance_profile(
886
892
  instance_profile_name: @mu_name
887
893
  )
888
894
  rescue Aws::IAM::Errors::EntityAlreadyExists
889
- MU::Cloud::AWS.iam(credentials: @config['credentials']).get_instance_profile(
895
+ MU::Cloud::AWS.iam(credentials: @credentials).get_instance_profile(
890
896
  instance_profile_name: @mu_name
891
897
  )
892
898
  end
893
899
 
894
900
  # make sure it's really there before moving on
895
901
  begin
896
- MU::Cloud::AWS.iam(credentials: @config['credentials']).get_instance_profile(instance_profile_name: @mu_name)
902
+ MU::Cloud::AWS.iam(credentials: @credentials).get_instance_profile(instance_profile_name: @mu_name)
897
903
  rescue Aws::IAM::Errors::NoSuchEntity => e
898
904
  MU.log e.inspect, MU::WARN
899
905
  sleep 10