cloud-mu 3.4.0 → 3.5.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/ansible/roles/mu-nat/tasks/main.yml +3 -0
- data/bin/mu-aws-setup +41 -7
- data/bin/mu-azure-setup +34 -0
- data/bin/mu-configure +214 -119
- data/bin/mu-gcp-setup +37 -2
- data/bin/mu-node-manage +3 -0
- data/bin/mu-refresh-ssl +67 -0
- data/bin/mu-run-tests +14 -4
- data/bin/mu-self-update +30 -10
- data/bin/mu-upload-chef-artifacts +30 -26
- data/cloud-mu.gemspec +8 -6
- data/cookbooks/mu-master/attributes/default.rb +5 -1
- data/cookbooks/mu-master/metadata.rb +2 -2
- data/cookbooks/mu-master/recipes/default.rb +81 -26
- data/cookbooks/mu-master/recipes/init.rb +197 -62
- data/cookbooks/mu-master/recipes/update_nagios_only.rb +1 -1
- data/cookbooks/mu-master/recipes/vault.rb +78 -77
- data/cookbooks/mu-master/templates/default/mods/rewrite.conf.erb +1 -0
- data/cookbooks/mu-master/templates/default/nagios.conf.erb +103 -0
- data/cookbooks/mu-master/templates/default/web_app.conf.erb +14 -30
- data/cookbooks/mu-tools/attributes/default.rb +5 -0
- data/cookbooks/mu-tools/files/centos-6/CentOS-Base.repo +47 -0
- data/cookbooks/mu-tools/libraries/helper.rb +12 -2
- data/cookbooks/mu-tools/libraries/monkey.rb +1 -1
- data/cookbooks/mu-tools/recipes/apply_security.rb +6 -0
- data/cookbooks/mu-tools/recipes/aws_api.rb +6 -4
- data/cookbooks/mu-tools/recipes/base_repositories.rb +1 -1
- data/cookbooks/mu-tools/recipes/gcloud.rb +2 -9
- data/cookbooks/mu-tools/recipes/google_api.rb +5 -2
- data/cookbooks/mu-tools/resources/disk.rb +108 -58
- data/extras/Gemfile.lock.bootstrap +394 -0
- data/extras/bucketstubs/error.html +0 -0
- data/extras/bucketstubs/index.html +0 -0
- data/extras/clean-stock-amis +9 -9
- data/extras/git_rpm/build.sh +20 -0
- data/extras/git_rpm/mugit.spec +53 -0
- data/extras/image-generators/VMWare/centos8.yaml +15 -0
- data/extras/openssl_rpm/build.sh +19 -0
- data/extras/openssl_rpm/mussl.spec +46 -0
- data/extras/python_rpm/muthon.spec +14 -4
- data/extras/ruby_rpm/muby.spec +9 -5
- data/extras/sqlite_rpm/build.sh +19 -0
- data/extras/sqlite_rpm/muqlite.spec +47 -0
- data/install/installer +7 -5
- data/modules/mu.rb +12 -5
- data/modules/mu/cloud/machine_images.rb +1 -1
- data/modules/mu/cloud/providers.rb +6 -1
- data/modules/mu/cloud/resource_base.rb +1 -1
- data/modules/mu/cloud/ssh_sessions.rb +4 -0
- data/modules/mu/config.rb +28 -12
- data/modules/mu/config/database.rb +2 -2
- data/modules/mu/config/firewall_rule.rb +1 -1
- data/modules/mu/config/ref.rb +2 -2
- data/modules/mu/config/schema_helpers.rb +12 -3
- data/modules/mu/config/server.rb +10 -4
- data/modules/mu/config/server_pool.rb +2 -2
- data/modules/mu/config/vpc.rb +10 -10
- data/modules/mu/defaults/AWS.yaml +32 -32
- data/modules/mu/deploy.rb +23 -10
- data/modules/mu/groomers/chef.rb +2 -2
- data/modules/mu/master.rb +49 -3
- data/modules/mu/mommacat.rb +8 -5
- data/modules/mu/mommacat/naming.rb +2 -2
- data/modules/mu/mommacat/storage.rb +22 -27
- data/modules/mu/providers/aws.rb +142 -48
- data/modules/mu/providers/aws/alarm.rb +3 -3
- data/modules/mu/providers/aws/bucket.rb +19 -19
- data/modules/mu/providers/aws/cache_cluster.rb +22 -22
- data/modules/mu/providers/aws/cdn.rb +2 -2
- data/modules/mu/providers/aws/collection.rb +14 -14
- data/modules/mu/providers/aws/container_cluster.rb +27 -27
- data/modules/mu/providers/aws/database.rb +40 -39
- data/modules/mu/providers/aws/dnszone.rb +5 -5
- data/modules/mu/providers/aws/endpoint.rb +35 -35
- data/modules/mu/providers/aws/firewall_rule.rb +26 -23
- data/modules/mu/providers/aws/function.rb +28 -28
- data/modules/mu/providers/aws/group.rb +7 -7
- data/modules/mu/providers/aws/habitat.rb +2 -2
- data/modules/mu/providers/aws/job.rb +6 -6
- data/modules/mu/providers/aws/loadbalancer.rb +34 -34
- data/modules/mu/providers/aws/log.rb +14 -14
- data/modules/mu/providers/aws/msg_queue.rb +10 -10
- data/modules/mu/providers/aws/nosqldb.rb +8 -8
- data/modules/mu/providers/aws/notifier.rb +7 -7
- data/modules/mu/providers/aws/role.rb +17 -15
- data/modules/mu/providers/aws/search_domain.rb +10 -10
- data/modules/mu/providers/aws/server.rb +176 -95
- data/modules/mu/providers/aws/server_pool.rb +65 -105
- data/modules/mu/providers/aws/storage_pool.rb +17 -9
- data/modules/mu/providers/aws/user.rb +1 -1
- data/modules/mu/providers/aws/vpc.rb +103 -51
- data/modules/mu/providers/aws/vpc_subnet.rb +43 -39
- data/modules/mu/providers/azure.rb +78 -12
- data/modules/mu/providers/azure/server.rb +18 -3
- data/modules/mu/providers/cloudformation/server.rb +1 -1
- data/modules/mu/providers/google.rb +19 -4
- data/modules/mu/providers/google/folder.rb +6 -2
- data/modules/mu/providers/google/function.rb +65 -30
- data/modules/mu/providers/google/role.rb +1 -1
- data/modules/mu/providers/google/vpc.rb +27 -2
- data/modules/tests/aws-servers-with-handrolled-iam.yaml +37 -0
- data/modules/tests/k8s.yaml +1 -1
- metadata +24 -8
|
@@ -25,7 +25,7 @@ module MU
|
|
|
25
25
|
super
|
|
26
26
|
@mu_name ||= @deploy.getResourceName(@config["name"])
|
|
27
27
|
|
|
28
|
-
MU.setVar("curRegion", @
|
|
28
|
+
MU.setVar("curRegion", @region) if !@region.nil?
|
|
29
29
|
end
|
|
30
30
|
|
|
31
31
|
# Called automatically by {MU::Deploy#createResources}
|
|
@@ -119,7 +119,7 @@ module MU
|
|
|
119
119
|
if @dependencies.has_key?('loadbalancer') and @dependencies['loadbalancer'].has_key?(dnsrec['target']) and !@dependencies['loadbalancer'][dnsrec['target']].cloudobj.nil? and dnsrec['deploy_id'].nil?
|
|
120
120
|
@dependencies['loadbalancer'][dnsrec['target']].cloudobj.notify['dns']
|
|
121
121
|
elsif dnsrec['deploy_id']
|
|
122
|
-
found = MU::MommaCat.findStray("AWS", "loadbalancer", deploy_id: dnsrec["deploy_id"], mu_name: dnsrec["target"], region: @
|
|
122
|
+
found = MU::MommaCat.findStray("AWS", "loadbalancer", deploy_id: dnsrec["deploy_id"], mu_name: dnsrec["target"], region: @region)
|
|
123
123
|
raise MuError, "Couldn't find #{dnsrec['mu_type']} #{dnsrec["target"]}" if found.nil? || found.empty?
|
|
124
124
|
found.first.deploydata['dns']
|
|
125
125
|
end
|
|
@@ -128,7 +128,7 @@ module MU
|
|
|
128
128
|
MU.log "dnsrec['target'] #{dnsrec['target']}"
|
|
129
129
|
deploydata = @dependencies['server'][dnsrec['target']].deploydata
|
|
130
130
|
elsif dnsrec['deploy_id']
|
|
131
|
-
found = MU::MommaCat.findStray("AWS", "server", deploy_id: dnsrec["deploy_id"], mu_name: dnsrec["target"], region: @
|
|
131
|
+
found = MU::MommaCat.findStray("AWS", "server", deploy_id: dnsrec["deploy_id"], mu_name: dnsrec["target"], region: @region)
|
|
132
132
|
raise MuError, "Couldn't find #{dnsrec['mu_type']} #{dnsrec["target"]}" if found.nil? || found.empty?
|
|
133
133
|
deploydata = found.first.deploydata
|
|
134
134
|
end
|
|
@@ -159,7 +159,7 @@ module MU
|
|
|
159
159
|
if @dependencies.has_key?(dnsrec['mu_type']) && dnsrec['deploy_id'].nil?
|
|
160
160
|
@dependencies[dnsrec['mu_type']][dnsrec['target']].deploydata['endpoint']
|
|
161
161
|
elsif dnsrec['deploy_id']
|
|
162
|
-
found = MU::MommaCat.findStray("AWS", "database", deploy_id: dnsrec["deploy_id"], mu_name: dnsrec["target"], region: @
|
|
162
|
+
found = MU::MommaCat.findStray("AWS", "database", deploy_id: dnsrec["deploy_id"], mu_name: dnsrec["target"], region: @region)
|
|
163
163
|
raise MuError, "Couldn't find #{dnsrec['mu_type']} #{dnsrec["target"]}" if found.nil? || found.empty?
|
|
164
164
|
found.first.deploydata['endpoint']
|
|
165
165
|
end
|
|
@@ -642,7 +642,7 @@ module MU
|
|
|
642
642
|
# )
|
|
643
643
|
# deploydata.merge!(MU.structToHash(resp.hosted_zone))
|
|
644
644
|
# deploydata['vpcs'] = @config['vpcs'] if !@config['vpcs'].nil?
|
|
645
|
-
# deploydata["region"] = @
|
|
645
|
+
# deploydata["region"] = @region if !@region.nil?
|
|
646
646
|
# @deploy.notify(MU::Cloud::DNSZone.cfg_plural, mu_name, deploydata)
|
|
647
647
|
# return deploydata
|
|
648
648
|
|
|
@@ -13,7 +13,7 @@ module MU
|
|
|
13
13
|
|
|
14
14
|
# Called automatically by {MU::Deploy#createResources}
|
|
15
15
|
def create
|
|
16
|
-
resp = MU::Cloud::AWS.apig(region: @
|
|
16
|
+
resp = MU::Cloud::AWS.apig(region: @region, credentials: @credentials).create_rest_api(
|
|
17
17
|
name: @mu_name,
|
|
18
18
|
description: @deploy.deploy_id,
|
|
19
19
|
endpoint_configuration: {
|
|
@@ -27,7 +27,7 @@ module MU
|
|
|
27
27
|
|
|
28
28
|
# Create/update all of the methods declared for this endpoint
|
|
29
29
|
def generate_methods(integrations = true)
|
|
30
|
-
resp = MU::Cloud::AWS.apig(region: @
|
|
30
|
+
resp = MU::Cloud::AWS.apig(region: @region, credentials: @credentials).get_resources(
|
|
31
31
|
rest_api_id: @cloud_id,
|
|
32
32
|
)
|
|
33
33
|
root_resource = resp.items.first.id
|
|
@@ -36,11 +36,11 @@ module MU
|
|
|
36
36
|
@config['methods'].each { |m|
|
|
37
37
|
m["auth"] ||= m["iam_role"] ? "AWS_IAM" : "NONE"
|
|
38
38
|
|
|
39
|
-
method_arn = "arn:#{MU::Cloud::AWS.isGovCloud?(@
|
|
39
|
+
method_arn = "arn:#{MU::Cloud::AWS.isGovCloud?(@region) ? "aws-us-gov" : "aws"}:execute-api:#{@region}:#{MU::Cloud::AWS.credToAcct(@credentials)}:#{@cloud_id}/*/#{m['type']}/#{m['path']}"
|
|
40
40
|
path_part = ["", "/"].include?(m['path']) ? nil : m['path']
|
|
41
41
|
method_arn.sub!(/\/\/$/, '/')
|
|
42
42
|
|
|
43
|
-
resp = MU::Cloud::AWS.apig(region: @
|
|
43
|
+
resp = MU::Cloud::AWS.apig(region: @region, credentials: @credentials).get_resources(
|
|
44
44
|
rest_api_id: @cloud_id
|
|
45
45
|
)
|
|
46
46
|
ext_resource = nil
|
|
@@ -51,11 +51,11 @@ module MU
|
|
|
51
51
|
}
|
|
52
52
|
|
|
53
53
|
resp = if ext_resource
|
|
54
|
-
MU::Cloud::AWS.apig(region: @
|
|
54
|
+
MU::Cloud::AWS.apig(region: @region, credentials: @credentials).get_resource(
|
|
55
55
|
rest_api_id: @cloud_id,
|
|
56
56
|
resource_id: ext_resource,
|
|
57
57
|
)
|
|
58
|
-
# MU::Cloud::AWS.apig(region: @
|
|
58
|
+
# MU::Cloud::AWS.apig(region: @region, credentials: @credentials).update_resource(
|
|
59
59
|
# rest_api_id: @cloud_id,
|
|
60
60
|
# resource_id: ext_resource,
|
|
61
61
|
# patch_operations: [
|
|
@@ -67,7 +67,7 @@ MU::Cloud::AWS.apig(region: @config['region'], credentials: @credentials).get_re
|
|
|
67
67
|
# ]
|
|
68
68
|
# )
|
|
69
69
|
else
|
|
70
|
-
MU::Cloud::AWS.apig(region: @
|
|
70
|
+
MU::Cloud::AWS.apig(region: @region, credentials: @credentials).create_resource(
|
|
71
71
|
rest_api_id: @cloud_id,
|
|
72
72
|
parent_id: root_resource,
|
|
73
73
|
path_part: path_part
|
|
@@ -76,13 +76,13 @@ MU::Cloud::AWS.apig(region: @config['region'], credentials: @credentials).get_re
|
|
|
76
76
|
parent_id = resp.id
|
|
77
77
|
|
|
78
78
|
resp = begin
|
|
79
|
-
MU::Cloud::AWS.apig(region: @
|
|
79
|
+
MU::Cloud::AWS.apig(region: @region, credentials: @credentials).get_method(
|
|
80
80
|
rest_api_id: @cloud_id,
|
|
81
81
|
resource_id: parent_id,
|
|
82
82
|
http_method: m['type']
|
|
83
83
|
)
|
|
84
84
|
rescue Aws::APIGateway::Errors::NotFoundException
|
|
85
|
-
resp = MU::Cloud::AWS.apig(region: @
|
|
85
|
+
resp = MU::Cloud::AWS.apig(region: @region, credentials: @credentials).put_method(
|
|
86
86
|
rest_api_id: @cloud_id,
|
|
87
87
|
resource_id: parent_id,
|
|
88
88
|
authorization_type: m['auth'],
|
|
@@ -111,7 +111,7 @@ MU::Cloud::AWS.apig(region: @config['region'], credentials: @credentials).get_re
|
|
|
111
111
|
params[:response_models] = r['body'].map { |b| [b['content_type'], b['is_error'] ? "Error" : "Empty"] }.to_h
|
|
112
112
|
end
|
|
113
113
|
|
|
114
|
-
MU::Cloud::AWS.apig(region: @
|
|
114
|
+
MU::Cloud::AWS.apig(region: @region, credentials: @credentials).put_method_response(params)
|
|
115
115
|
}
|
|
116
116
|
rescue Aws::APIGateway::Errors::ConflictException
|
|
117
117
|
# fine to ignore
|
|
@@ -133,13 +133,13 @@ MU::Cloud::AWS.apig(region: @config['region'], credentials: @credentials).get_re
|
|
|
133
133
|
|
|
134
134
|
uri, type = if m['integrate_with']['type'] == "aws_generic"
|
|
135
135
|
svc, action = m['integrate_with']['aws_generic_action'].split(/:/)
|
|
136
|
-
["arn:aws:apigateway:"+@
|
|
136
|
+
["arn:aws:apigateway:"+@region+":#{svc}:action/#{action}", aws_int_type]
|
|
137
137
|
elsif m['integrate_with']['type'] == "functions"
|
|
138
138
|
function_obj = nil
|
|
139
139
|
MU.retrier([], max: 5, wait: 9, loop_if: Proc.new { function_obj.nil? }) {
|
|
140
140
|
function_obj = @deploy.findLitterMate(name: m['integrate_with']['name'], type: "functions")
|
|
141
141
|
}
|
|
142
|
-
["arn:aws:apigateway:"+@
|
|
142
|
+
["arn:aws:apigateway:"+@region+":lambda:path/2015-03-31/functions/"+function_obj.cloudobj.arn+"/invocations", aws_int_type]
|
|
143
143
|
elsif m['integrate_with']['type'] == "mock"
|
|
144
144
|
[nil, "MOCK"]
|
|
145
145
|
end
|
|
@@ -176,7 +176,7 @@ MU::Cloud::AWS.apig(region: @config['region'], credentials: @credentials).get_re
|
|
|
176
176
|
}]
|
|
177
177
|
end
|
|
178
178
|
|
|
179
|
-
resp = MU::Cloud::AWS.apig(region: @
|
|
179
|
+
resp = MU::Cloud::AWS.apig(region: @region, credentials: @credentials).put_integration(params)
|
|
180
180
|
|
|
181
181
|
if m['integrate_with']['type'] =~ /^functions?$/
|
|
182
182
|
function_obj.addTrigger(method_arn, "apigateway", @config['name'])
|
|
@@ -196,7 +196,7 @@ MU::Cloud::AWS.apig(region: @config['region'], credentials: @credentials).get_re
|
|
|
196
196
|
}.to_h
|
|
197
197
|
end
|
|
198
198
|
|
|
199
|
-
MU::Cloud::AWS.apig(region: @
|
|
199
|
+
MU::Cloud::AWS.apig(region: @region, credentials: @credentials).put_integration_response(params)
|
|
200
200
|
|
|
201
201
|
}
|
|
202
202
|
|
|
@@ -209,13 +209,13 @@ MU::Cloud::AWS.apig(region: @config['region'], credentials: @credentials).get_re
|
|
|
209
209
|
def groom
|
|
210
210
|
generate_methods
|
|
211
211
|
|
|
212
|
-
deployment = MU::Cloud::AWS.apig(region: @
|
|
212
|
+
deployment = MU::Cloud::AWS.apig(region: @region, credentials: @credentials).get_deployments(
|
|
213
213
|
rest_api_id: @cloud_id
|
|
214
214
|
).items.sort { |a, b| a.created_date <=> b.created_date }.last
|
|
215
215
|
|
|
216
216
|
if !deployment
|
|
217
217
|
MU.log "Deploying API Gateway #{@config['name']} to #{@config['deploy_to']}"
|
|
218
|
-
deployment = MU::Cloud::AWS.apig(region: @
|
|
218
|
+
deployment = MU::Cloud::AWS.apig(region: @region, credentials: @credentials).create_deployment(
|
|
219
219
|
rest_api_id: @cloud_id,
|
|
220
220
|
stage_name: @config['deploy_to']
|
|
221
221
|
# cache_cluster_enabled: false,
|
|
@@ -225,7 +225,7 @@ MU::Cloud::AWS.apig(region: @config['region'], credentials: @credentials).get_re
|
|
|
225
225
|
# this automatically creates a stage with the same name, so we don't
|
|
226
226
|
# have to deal with that
|
|
227
227
|
|
|
228
|
-
my_hostname = @cloud_id+".execute-api."+@
|
|
228
|
+
my_hostname = @cloud_id+".execute-api."+@region+".amazonaws.com"
|
|
229
229
|
my_url = "https://"+my_hostname+"/"+@config['deploy_to']
|
|
230
230
|
MU.log "API Endpoint #{@config['name']}: "+my_url, MU::SUMMARY
|
|
231
231
|
|
|
@@ -262,7 +262,7 @@ MU::Cloud::AWS.apig(region: @config['region'], credentials: @credentials).get_re
|
|
|
262
262
|
end
|
|
263
263
|
|
|
264
264
|
dom_desc = begin
|
|
265
|
-
MU::Cloud::AWS.apig(region: @
|
|
265
|
+
MU::Cloud::AWS.apig(region: @region, credentials: @credentials).get_domain_name(domain_name: dnsname)
|
|
266
266
|
rescue ::Aws::APIGateway::Errors::NotFoundException
|
|
267
267
|
|
|
268
268
|
params = {
|
|
@@ -278,10 +278,10 @@ MU::Cloud::AWS.apig(region: @config['region'], credentials: @credentials).get_re
|
|
|
278
278
|
end
|
|
279
279
|
|
|
280
280
|
MU.log "Creating API Gateway Domain Name #{dnsname}", MU::NOTICE, details: params
|
|
281
|
-
MU::Cloud::AWS.apig(region: @
|
|
281
|
+
MU::Cloud::AWS.apig(region: @region, credentials: @credentials).create_domain_name(params)
|
|
282
282
|
end
|
|
283
283
|
|
|
284
|
-
mappings = MU::Cloud::AWS.apig(region: @
|
|
284
|
+
mappings = MU::Cloud::AWS.apig(region: @region, credentials: @credentials).get_base_path_mappings(domain_name: dnsname, limit: 500).items
|
|
285
285
|
found = false
|
|
286
286
|
if mappings
|
|
287
287
|
mappings.each { |m|
|
|
@@ -293,7 +293,7 @@ MU::Cloud::AWS.apig(region: @config['region'], credentials: @credentials).get_re
|
|
|
293
293
|
end
|
|
294
294
|
if !found
|
|
295
295
|
MU.log "Mapping #{dnsname} to API Gateway #{@mu_name}"
|
|
296
|
-
MU::Cloud::AWS.apig(region: @
|
|
296
|
+
MU::Cloud::AWS.apig(region: @region, credentials: @credentials).create_base_path_mapping(
|
|
297
297
|
domain_name: dnsname,
|
|
298
298
|
rest_api_id: @cloud_id,
|
|
299
299
|
stage: @config['deploy_to']
|
|
@@ -308,7 +308,7 @@ MU::Cloud::AWS.apig(region: @config['region'], credentials: @credentials).get_re
|
|
|
308
308
|
|
|
309
309
|
# The creation of our deployment should have created a matching stage,
|
|
310
310
|
# which we're now going to mess with.
|
|
311
|
-
stage = MU::Cloud::AWS.apig(region: @
|
|
311
|
+
stage = MU::Cloud::AWS.apig(region: @region, credentials: @credentials).get_stage(
|
|
312
312
|
rest_api_id: @cloud_id,
|
|
313
313
|
stage_name: @config['deploy_to']
|
|
314
314
|
)
|
|
@@ -316,7 +316,7 @@ MU::Cloud::AWS.apig(region: @config['region'], credentials: @credentials).get_re
|
|
|
316
316
|
if @config['access_logs'] and !stage.access_log_settings
|
|
317
317
|
log_ref = MU::Config::Ref.get(@config['access_logs'])
|
|
318
318
|
MU.log "Enabling API Gateway access logs to CloudWatch Log Group #{log_ref.cloud_id}"
|
|
319
|
-
stage = MU::Cloud::AWS.apig(region: @
|
|
319
|
+
stage = MU::Cloud::AWS.apig(region: @region, credentials: @credentials).update_stage(
|
|
320
320
|
rest_api_id: @cloud_id,
|
|
321
321
|
stage_name: @config['deploy_to'],
|
|
322
322
|
patch_operations: [
|
|
@@ -350,11 +350,11 @@ MU::Cloud::AWS.apig(region: @config['region'], credentials: @credentials).get_re
|
|
|
350
350
|
end
|
|
351
351
|
|
|
352
352
|
|
|
353
|
-
# resp = MU::Cloud::AWS.apig(region: @
|
|
353
|
+
# resp = MU::Cloud::AWS.apig(region: @region, credentials: @credentials).create_authorizer(
|
|
354
354
|
# rest_api_id: @cloud_id,
|
|
355
355
|
# )
|
|
356
356
|
|
|
357
|
-
# resp = MU::Cloud::AWS.apig(region: @
|
|
357
|
+
# resp = MU::Cloud::AWS.apig(region: @region, credentials: @credentials).create_vpc_link(
|
|
358
358
|
# )
|
|
359
359
|
|
|
360
360
|
end
|
|
@@ -364,7 +364,7 @@ MU::Cloud::AWS.apig(region: @config['region'], credentials: @credentials).get_re
|
|
|
364
364
|
def cloud_desc(use_cache: true)
|
|
365
365
|
return @cloud_desc_cache if @cloud_desc_cache and use_cache
|
|
366
366
|
return nil if !@cloud_id
|
|
367
|
-
@cloud_desc_cache = MU::Cloud::AWS.apig(region: @
|
|
367
|
+
@cloud_desc_cache = MU::Cloud::AWS.apig(region: @region, credentials: @credentials).get_rest_api(
|
|
368
368
|
rest_api_id: @cloud_id
|
|
369
369
|
)
|
|
370
370
|
@cloud_desc_cache
|
|
@@ -375,7 +375,7 @@ MU::Cloud::AWS.apig(region: @config['region'], credentials: @credentials).get_re
|
|
|
375
375
|
def notify
|
|
376
376
|
return nil if !@cloud_id or !cloud_desc(use_cache: false)
|
|
377
377
|
deploy_struct = MU.structToHash(cloud_desc, stringify_keys: true)
|
|
378
|
-
deploy_struct['url'] = "https://"+@cloud_id+".execute-api."+@
|
|
378
|
+
deploy_struct['url'] = "https://"+@cloud_id+".execute-api."+@region+".amazonaws.com"
|
|
379
379
|
deploy_struct['url'] += "/"+@config['deploy_to'] if @config['deploy_to']
|
|
380
380
|
# XXX stages and whatnot
|
|
381
381
|
return deploy_struct
|
|
@@ -466,7 +466,7 @@ MU::Cloud::AWS.apig(region: @config['region'], credentials: @credentials).get_re
|
|
|
466
466
|
"cloud" => "AWS",
|
|
467
467
|
"credentials" => @credentials,
|
|
468
468
|
"cloud_id" => @cloud_id,
|
|
469
|
-
"region" => @
|
|
469
|
+
"region" => @region
|
|
470
470
|
}
|
|
471
471
|
|
|
472
472
|
if !cloud_desc
|
|
@@ -476,7 +476,7 @@ MU::Cloud::AWS.apig(region: @config['region'], credentials: @credentials).get_re
|
|
|
476
476
|
|
|
477
477
|
bok['name'] = cloud_desc.name
|
|
478
478
|
|
|
479
|
-
resources = MU::Cloud::AWS.apig(region: @
|
|
479
|
+
resources = MU::Cloud::AWS.apig(region: @region, credentials: @credentials).get_resources(
|
|
480
480
|
rest_api_id: @cloud_id,
|
|
481
481
|
).items
|
|
482
482
|
|
|
@@ -485,7 +485,7 @@ MU::Cloud::AWS.apig(region: @config['region'], credentials: @credentials).get_re
|
|
|
485
485
|
r.resource_methods.each_pair { |http_type, m|
|
|
486
486
|
bok['methods'] ||= []
|
|
487
487
|
method = {}
|
|
488
|
-
m_desc = MU::Cloud::AWS.apig(region: @
|
|
488
|
+
m_desc = MU::Cloud::AWS.apig(region: @region, credentials: @credentials).get_method(
|
|
489
489
|
rest_api_id: @cloud_id,
|
|
490
490
|
resource_id: r.id,
|
|
491
491
|
http_method: http_type
|
|
@@ -535,7 +535,7 @@ MU::Cloud::AWS.apig(region: @config['region'], credentials: @credentials).get_re
|
|
|
535
535
|
cloud: "AWS",
|
|
536
536
|
integration_http_method: m_desc.method_integration.http_method
|
|
537
537
|
)
|
|
538
|
-
elsif m_desc.method_integration.uri.match(/#{@
|
|
538
|
+
elsif m_desc.method_integration.uri.match(/#{@region}:([^:]+):action\/(.*)/)
|
|
539
539
|
method['integrate_with'] = {
|
|
540
540
|
"type" => "aws_generic",
|
|
541
541
|
"integration_http_method" => m_desc.method_integration.http_method,
|
|
@@ -594,10 +594,10 @@ MU::Cloud::AWS.apig(region: @config['region'], credentials: @credentials).get_re
|
|
|
594
594
|
}
|
|
595
595
|
}
|
|
596
596
|
|
|
597
|
-
deployment = MU::Cloud::AWS.apig(region: @
|
|
597
|
+
deployment = MU::Cloud::AWS.apig(region: @region, credentials: @credentials).get_deployments(
|
|
598
598
|
rest_api_id: @cloud_id
|
|
599
599
|
).items.sort { |a, b| a.created_date <=> b.created_date }.last
|
|
600
|
-
stages = MU::Cloud::AWS.apig(region: @
|
|
600
|
+
stages = MU::Cloud::AWS.apig(region: @region, credentials: @credentials).get_stages(
|
|
601
601
|
rest_api_id: @cloud_id,
|
|
602
602
|
deployment_id: deployment.id
|
|
603
603
|
)
|
|
@@ -612,7 +612,7 @@ MU::Cloud::AWS.apig(region: @config['region'], credentials: @credentials).get_re
|
|
|
612
612
|
bok['access_logs'] = MU::Config::Ref.get(
|
|
613
613
|
id: stage.access_log_settings.destination_arn.sub(/.*?:([^:]+)$/, '\1'),
|
|
614
614
|
credentials: @credentials,
|
|
615
|
-
region: @
|
|
615
|
+
region: @region,
|
|
616
616
|
type: "logs",
|
|
617
617
|
cloud: "AWS"
|
|
618
618
|
)
|
|
@@ -860,7 +860,7 @@ MU::Cloud::AWS.apig(region: @config['region'], credentials: @credentials).get_re
|
|
|
860
860
|
# Canonical Amazon Resource Number for this resource
|
|
861
861
|
# @return [String]
|
|
862
862
|
def arn
|
|
863
|
-
"arn:#{MU::Cloud::AWS.isGovCloud?(@
|
|
863
|
+
"arn:#{MU::Cloud::AWS.isGovCloud?(@region) ? "aws-us-gov" : "aws"}:execute-api:#{@region}:#{MU::Cloud::AWS.credToAcct(@credentials)}:#{@cloud_id}"
|
|
864
864
|
end
|
|
865
865
|
|
|
866
866
|
|
|
@@ -52,14 +52,14 @@ module MU
|
|
|
52
52
|
begin
|
|
53
53
|
MU.log "Creating EC2 Security Group #{groupname}", details: sg_struct
|
|
54
54
|
|
|
55
|
-
secgroup = MU::Cloud::AWS.ec2(region: @
|
|
55
|
+
secgroup = MU::Cloud::AWS.ec2(region: @region, credentials: @credentials).create_security_group(sg_struct)
|
|
56
56
|
@cloud_id = secgroup.group_id
|
|
57
57
|
rescue Aws::EC2::Errors::InvalidGroupDuplicate
|
|
58
58
|
MU.log "EC2 Security Group #{groupname} already exists, using it", MU::NOTICE
|
|
59
59
|
filters = [{name: "group-name", values: [groupname]}]
|
|
60
60
|
filters << {name: "vpc-id", values: [vpc_id]} if !vpc_id.nil?
|
|
61
61
|
|
|
62
|
-
secgroup = MU::Cloud::AWS.ec2(region: @
|
|
62
|
+
secgroup = MU::Cloud::AWS.ec2(region: @region, credentials: @credentials).describe_security_groups(filters: filters).security_groups.first
|
|
63
63
|
if secgroup.nil?
|
|
64
64
|
raise MuError, "Failed to locate security group named #{groupname}, even though EC2 says it already exists", caller
|
|
65
65
|
end
|
|
@@ -67,25 +67,25 @@ module MU
|
|
|
67
67
|
end
|
|
68
68
|
|
|
69
69
|
begin
|
|
70
|
-
MU::Cloud::AWS.ec2(region: @
|
|
70
|
+
MU::Cloud::AWS.ec2(region: @region, credentials: @credentials).describe_security_groups(group_ids: [secgroup.group_id])
|
|
71
71
|
rescue Aws::EC2::Errors::InvalidGroupNotFound
|
|
72
72
|
MU.log "#{secgroup.group_id} not yet ready, waiting...", MU::NOTICE
|
|
73
73
|
sleep 10
|
|
74
74
|
retry
|
|
75
75
|
end
|
|
76
76
|
|
|
77
|
-
MU::Cloud::AWS.createStandardTags(secgroup.group_id, region: @
|
|
78
|
-
MU::Cloud::AWS.createTag(secgroup.group_id, "Name", groupname, region: @
|
|
77
|
+
MU::Cloud::AWS.createStandardTags(secgroup.group_id, region: @region, credentials: @credentials)
|
|
78
|
+
MU::Cloud::AWS.createTag(secgroup.group_id, "Name", groupname, region: @region, credentials: @credentials)
|
|
79
79
|
|
|
80
80
|
if @config['optional_tags']
|
|
81
81
|
MU::MommaCat.listOptionalTags.each { |key, value|
|
|
82
|
-
MU::Cloud::AWS.createTag(secgroup.group_id, key, value, region: @
|
|
82
|
+
MU::Cloud::AWS.createTag(secgroup.group_id, key, value, region: @region, credentials: @credentials)
|
|
83
83
|
}
|
|
84
84
|
end
|
|
85
85
|
|
|
86
86
|
if @config['tags']
|
|
87
87
|
@config['tags'].each { |tag|
|
|
88
|
-
MU::Cloud::AWS.createTag(secgroup.group_id, tag['key'], tag['value'], region: @
|
|
88
|
+
MU::Cloud::AWS.createTag(secgroup.group_id, tag['key'], tag['value'], region: @region, credentials: @credentials)
|
|
89
89
|
}
|
|
90
90
|
end
|
|
91
91
|
|
|
@@ -123,7 +123,7 @@ module MU
|
|
|
123
123
|
# Log metadata about this ruleset to the currently running deployment
|
|
124
124
|
def notify
|
|
125
125
|
sg_data = MU.structToHash(
|
|
126
|
-
MU::Cloud::FirewallRule.find(cloud_id: @cloud_id, region: @
|
|
126
|
+
MU::Cloud::FirewallRule.find(cloud_id: @cloud_id, region: @region)
|
|
127
127
|
)
|
|
128
128
|
sg_data["group_id"] = @cloud_id
|
|
129
129
|
sg_data["cloud_id"] = @cloud_id
|
|
@@ -151,8 +151,11 @@ module MU
|
|
|
151
151
|
rule["firewall_rules"].concat(sgs.map { |s|
|
|
152
152
|
MU::Config::Ref.get(
|
|
153
153
|
id: s,
|
|
154
|
+
region: @region,
|
|
155
|
+
credentials: @credentials,
|
|
154
156
|
cloud: "AWS",
|
|
155
|
-
type: "firewall_rule"
|
|
157
|
+
type: "firewall_rule",
|
|
158
|
+
dummy_ok: true
|
|
156
159
|
)
|
|
157
160
|
})
|
|
158
161
|
end
|
|
@@ -169,12 +172,12 @@ module MU
|
|
|
169
172
|
|
|
170
173
|
begin
|
|
171
174
|
if egress
|
|
172
|
-
MU::Cloud::AWS.ec2(region: @
|
|
175
|
+
MU::Cloud::AWS.ec2(region: @region, credentials: @credentials).authorize_security_group_egress(
|
|
173
176
|
group_id: @cloud_id,
|
|
174
177
|
ip_permissions: ec2_rule
|
|
175
178
|
)
|
|
176
179
|
else
|
|
177
|
-
MU::Cloud::AWS.ec2(region: @
|
|
180
|
+
MU::Cloud::AWS.ec2(region: @region, credentials: @credentials).authorize_security_group_ingress(
|
|
178
181
|
group_id: @cloud_id,
|
|
179
182
|
ip_permissions: ec2_rule
|
|
180
183
|
)
|
|
@@ -185,12 +188,12 @@ module MU
|
|
|
185
188
|
# existing rules
|
|
186
189
|
if comment
|
|
187
190
|
if egress
|
|
188
|
-
MU::Cloud::AWS.ec2(region: @
|
|
191
|
+
MU::Cloud::AWS.ec2(region: @region, credentials: @credentials).update_security_group_rule_descriptions_egress(
|
|
189
192
|
group_id: @cloud_id,
|
|
190
193
|
ip_permissions: ec2_rule
|
|
191
194
|
)
|
|
192
195
|
else
|
|
193
|
-
MU::Cloud::AWS.ec2(region: @
|
|
196
|
+
MU::Cloud::AWS.ec2(region: @region, credentials: @credentials).update_security_group_rule_descriptions_ingress(
|
|
194
197
|
group_id: @cloud_id,
|
|
195
198
|
ip_permissions: ec2_rule
|
|
196
199
|
)
|
|
@@ -202,7 +205,7 @@ module MU
|
|
|
202
205
|
# Canonical Amazon Resource Number for this resource
|
|
203
206
|
# @return [String]
|
|
204
207
|
def arn
|
|
205
|
-
"arn:"+(MU::Cloud::AWS.isGovCloud?(@
|
|
208
|
+
"arn:"+(MU::Cloud::AWS.isGovCloud?(@region) ? "aws-us-gov" : "aws")+":ec2:"+@region+":"+MU::Cloud::AWS.credToAcct(@credentials)+":security-group/"+@cloud_id
|
|
206
209
|
end
|
|
207
210
|
|
|
208
211
|
# Locate an existing security group or groups and return an array containing matching AWS resource descriptors for those that match.
|
|
@@ -248,9 +251,9 @@ module MU
|
|
|
248
251
|
def toKitten(**_args)
|
|
249
252
|
bok = {
|
|
250
253
|
"cloud" => "AWS",
|
|
251
|
-
"credentials" => @
|
|
254
|
+
"credentials" => @credentials,
|
|
252
255
|
"cloud_id" => @cloud_id,
|
|
253
|
-
"region" => @
|
|
256
|
+
"region" => @region
|
|
254
257
|
}
|
|
255
258
|
|
|
256
259
|
if !cloud_desc
|
|
@@ -649,7 +652,7 @@ module MU
|
|
|
649
652
|
if rule['firewall_rules']
|
|
650
653
|
rule['firewall_rules'].each { |sg|
|
|
651
654
|
if sg['name'] and !sg['deploy_id']
|
|
652
|
-
MU::Config.addDependency(acl, sg['name'], "firewall_rule",
|
|
655
|
+
MU::Config.addDependency(acl, sg['name'], "firewall_rule", my_phase: "groom")
|
|
653
656
|
end
|
|
654
657
|
}
|
|
655
658
|
end
|
|
@@ -657,7 +660,7 @@ module MU
|
|
|
657
660
|
if rule['loadbalancers']
|
|
658
661
|
rule['loadbalancers'].each { |lb|
|
|
659
662
|
if lb['name'] and !lb['deploy_id']
|
|
660
|
-
MU::Config.addDependency(acl, lb['name'], "loadbalancer",
|
|
663
|
+
MU::Config.addDependency(acl, lb['name'], "loadbalancer", their_phase: "groom")
|
|
661
664
|
end
|
|
662
665
|
}
|
|
663
666
|
end
|
|
@@ -731,7 +734,7 @@ module MU
|
|
|
731
734
|
end
|
|
732
735
|
}
|
|
733
736
|
MU.log "Removing unconfigured rule in #{@mu_name}", MU::WARN, details: ext_rule
|
|
734
|
-
MU::Cloud::AWS.ec2(region: @
|
|
737
|
+
MU::Cloud::AWS.ec2(region: @region, credentials: @credentials).revoke_security_group_ingress(
|
|
735
738
|
group_id: @cloud_id,
|
|
736
739
|
ip_permissions: [ext_rule]
|
|
737
740
|
)
|
|
@@ -797,7 +800,7 @@ module MU
|
|
|
797
800
|
if ingress
|
|
798
801
|
if haverule
|
|
799
802
|
begin
|
|
800
|
-
MU::Cloud::AWS.ec2(region: @
|
|
803
|
+
MU::Cloud::AWS.ec2(region: @region, credentials: @credentials).revoke_security_group_ingress(
|
|
801
804
|
group_id: @cloud_id,
|
|
802
805
|
ip_permissions: [haverule]
|
|
803
806
|
)
|
|
@@ -805,7 +808,7 @@ module MU
|
|
|
805
808
|
end
|
|
806
809
|
end
|
|
807
810
|
begin
|
|
808
|
-
MU::Cloud::AWS.ec2(region: @
|
|
811
|
+
MU::Cloud::AWS.ec2(region: @region, credentials: @credentials).authorize_security_group_ingress(
|
|
809
812
|
group_id: @cloud_id,
|
|
810
813
|
ip_permissions: [rule]
|
|
811
814
|
)
|
|
@@ -818,14 +821,14 @@ module MU
|
|
|
818
821
|
if egress
|
|
819
822
|
if haverule
|
|
820
823
|
begin
|
|
821
|
-
MU::Cloud::AWS.ec2(region: @
|
|
824
|
+
MU::Cloud::AWS.ec2(region: @region, credentials: @credentials).revoke_security_group_egress(
|
|
822
825
|
group_id: @cloud_id,
|
|
823
826
|
ip_permissions: [haverule]
|
|
824
827
|
)
|
|
825
828
|
rescue Aws::EC2::Errors::InvalidPermissionNotFound
|
|
826
829
|
end
|
|
827
830
|
end
|
|
828
|
-
MU::Cloud::AWS.ec2(region: @
|
|
831
|
+
MU::Cloud::AWS.ec2(region: @region, credentials: @credentials).authorize_security_group_egress(
|
|
829
832
|
group_id: @cloud_id,
|
|
830
833
|
ip_permissions: [rule]
|
|
831
834
|
)
|