cloud-mu 3.4.0 → 3.5.0

data/modules/mu/providers/google/role.rb

@@ -581,7 +581,7 @@ module MU
               }
             end
             if args[:cloud_id]
-              found.reject! { |k, _v| k != role.name }
+              found.reject! { |k, _v| k != args[:cloud_id] }
             end
 
             # Now go get everything that's bound here

data/modules/mu/providers/google/vpc.rb

@@ -364,6 +364,12 @@ end
             }
           end
 
+
+          # The API is filled with lies
+          @subnets.reject! { |s|
+            !MU::Cloud::Google.listRegions(credentials: @credentials).include?(s.az)
+          }
+
           return @subnets
         end
 
@@ -442,14 +448,19 @@ end
 
         # Check for a subnet in this VPC matching one or more of the specified
         # criteria, and return it if found.
-        def getSubnet(cloud_id: nil, name: nil, tag_key: nil, tag_value: nil, ip_block: nil, region: nil)
+        def getSubnet(cloud_id: nil, name: nil, tag_key: nil, tag_value: nil, ip_block: nil, region: nil, subnet_mu_name: nil)
           if !cloud_id.nil? and cloud_id.match(/^https:\/\//)
             cloud_id.match(/\/regions\/([^\/]+)\/subnetworks\/([^\/]+)$/)
             region = Regexp.last_match[1]
             cloud_id = Regexp.last_match[2]
             cloud_id.gsub!(/.*?\//, "")
           end
-          MU.log "getSubnet(cloud_id: #{cloud_id}, name: #{name}, tag_key: #{tag_key}, tag_value: #{tag_value}, ip_block: #{ip_block}, region: #{region})", MU::DEBUG, details: caller[0]
+          
+          if name
+            subnet_mu_name ||= @config['scrub_mu_isms'] ? @cloud_id+name.downcase : MU::Cloud::Google.nameStr(@deploy.getResourceName(name, max_length: 61))
+          end
+
+          MU.log "getSubnet(cloud_id: #{cloud_id}, name: #{name}, tag_key: #{tag_key}, tag_value: #{tag_value}, ip_block: #{ip_block}, region: #{region}, subnet_mu_name: #{subnet_mu_name})", MU::DEBUG, details: caller[0]
           subnets.each { |subnet|
             next if region and subnet.az != region
             if !cloud_id.nil? and !subnet.cloud_id.nil? and subnet.cloud_id.to_s == cloud_id.to_s
@@ -457,6 +468,9 @@ end
             elsif !name.nil? and !subnet.name.nil? and
                   subnet.name.downcase.to_s == name.downcase.to_s
               return subnet
+            elsif !subnet_mu_name.nil? and !subnet.name.nil? and
+                  subnet.name.downcase.to_s == subnet_mu_name.downcase.to_s
+              return subnet
             end
           }
           return nil
@@ -931,6 +945,14 @@ MU.log "ROUTES TO #{target_instance.name}", MU::WARN, details: resp
                 else
                   route['nat_host_name'] = nat['name']
                   route['priority'] = 100
+                  MU::Config.addDependency(vpc, nat['name'], "server", their_phase: "groom", my_phase: "groom")
+                  vpc["bastion"] = MU::Config::Ref.get(
+                    name: nat['name'],
+                    cloud: vpc['cloud'],
+                    credentials: vpc['credentials'],
+                    type: "servers"
+                  )
+
                 end
               end
             }
@@ -1172,6 +1194,9 @@ MU.log "ROUTES TO #{target_instance.name}", MU::WARN, details: resp
               if e.message.match(/notFound: /)
                 MU.log "Failed to fetch cloud description for Google subnet #{@cloud_id}", MU::WARN, details: { "project" => @parent.habitat_id, "region" => @az, "name" => @cloud_id }
                 return nil
+              elsif e.message.match(/Unknown region\. /)
+                MU.log "Google subnet #{@cloud_id} seems like it should live in #{@az}, but that's not a valid region", MU::WARN, details: { "project" => @parent.habitat_id, "region" => @az, "name" => @cloud_id }
+                return nil
               else
                 raise e
               end

data/modules/tests/aws-servers-with-handrolled-iam.yaml

@@ -0,0 +1,37 @@
+# clouds: AWS
+# groomers: Chef
+---
+appname: smoketest
+vpcs:
+- name: svrtest
+roles:
+- name: handrolled
+  scrub_mu_isms: true
+  can_assume:
+  - entity_id: ec2.amazonaws.com
+    entity_type: service
+  import:
+  - arn:aws:iam::aws:policy/AmazonRDSFullAccess
+servers:
+- name: iamtest1
+  size: t3.medium
+  iam_role: handrolled
+  platform: centos6
+  generate_iam_role: false
+  vpc:
+    name: svrtest
+server_pools:
+- name: iamtest2
+  scrub_mu_isms: true
+  min_size: 1
+  max_size: 1
+  wait_for_nodes: 1
+  platform: centos6
+  vpc:
+    name: svrtest
+  basis:
+    launch-config:
+      name: iamtest2
+      size: t3.medium
+      iam_role: handrolled
+      generate_iam_role: false

data/modules/tests/k8s.yaml

@@ -27,7 +27,7 @@ container_clusters:
     comment: meep
   vpc:
     vpc_name: k8s
-    subnet_pref: all_private
+    subnet_pref: all_public
   kubernetes_resources:
   - apiVersion: v1
     kind: Service

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: cloud-mu
 version: !ruby/object:Gem::Version
-  version: 3.4.0
+  version: 3.5.0
 platform: ruby
 authors:
 - John Stange
@@ -11,7 +11,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-10-22 00:00:00.000000000 Z
+date: 2021-01-18 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: addressable
@@ -47,28 +47,28 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.52'
+        version: '0.65'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.52'
+        version: '0.65'
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.17'
+        version: 2.1.4
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.17'
+        version: 2.1.4
 - !ruby/object:Gem::Dependency
   name: chronic_duration
   requirement: !ruby/object:Gem::Requirement
@@ -131,14 +131,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.36.4
+        version: 0.50.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.36.4
+        version: 0.50.0
 - !ruby/object:Gem::Dependency
   name: googleauth
   requirement: !ruby/object:Gem::Requirement
@@ -448,6 +448,7 @@ executables:
 - mu-gen-docs
 - mu-tunnel-nagios
 - mu-ssh
+- mu-refresh-ssl
 - mu-gen-env
 - mu-configure
 - mu-momma-cat
@@ -524,6 +525,7 @@ files:
 - bin/mu-load-config.rb
 - bin/mu-momma-cat
 - bin/mu-node-manage
+- bin/mu-refresh-ssl
 - bin/mu-run-tests
 - bin/mu-self-update
 - bin/mu-ssh
@@ -663,8 +665,10 @@ files:
 - cookbooks/mu-master/templates/default/389-directory-setup.inf.erb
 - cookbooks/mu-master/templates/default/chef-server.rb.erb
 - cookbooks/mu-master/templates/default/dhclient-eth0.conf.erb
+- cookbooks/mu-master/templates/default/mods/rewrite.conf.erb
 - cookbooks/mu-master/templates/default/mu-momma-cat.erb
 - cookbooks/mu-master/templates/default/mu.rc.erb
+- cookbooks/mu-master/templates/default/nagios.conf.erb
 - cookbooks/mu-master/templates/default/openssl.cnf.erb
 - cookbooks/mu-master/templates/default/sssd.conf.erb
 - cookbooks/mu-master/templates/default/web_app.conf.erb
@@ -736,6 +740,7 @@ files:
 - cookbooks/mu-tools/attributes/default.rb
 - cookbooks/mu-tools/attributes/ebs_rolling_snapshots.rb
 - cookbooks/mu-tools/files/amazon/etc/freshclam.conf
+- cookbooks/mu-tools/files/centos-6/CentOS-Base.repo
 - cookbooks/mu-tools/files/centos-6/README_MU
 - cookbooks/mu-tools/files/centos-6/etc/audit/stig.rules
 - cookbooks/mu-tools/files/centos-6/etc/bashrc
@@ -908,15 +913,20 @@ files:
 - environments/dev.json
 - environments/development.json
 - environments/prod.json
+- extras/Gemfile.lock.bootstrap
 - extras/README.md
 - extras/admin-role-binding.yaml
 - extras/admin-user.yaml
 - extras/alpha.png
 - extras/aws-auth-cm.yaml.erb
 - extras/beta.png
+- extras/bucketstubs/error.html
+- extras/bucketstubs/index.html
 - extras/clean-stock-amis
 - extras/generate-stock-images
 - extras/git-fix-permissions-hook
+- extras/git_rpm/build.sh
+- extras/git_rpm/mugit.spec
 - extras/gitlab-eks-helper.sh.erb
 - extras/image-generators/AWS/centos6.yaml
 - extras/image-generators/AWS/centos7-govcloud.yaml
@@ -928,14 +938,19 @@ files:
 - extras/image-generators/Google/centos6.yaml
 - extras/image-generators/Google/centos7.yaml
 - extras/image-generators/README.md
+- extras/image-generators/VMWare/centos8.yaml
 - extras/lambda_waf_domain_blacklist.py
 - extras/list-stock-amis
+- extras/openssl_rpm/build.sh
+- extras/openssl_rpm/mussl.spec
 - extras/platform_berksfile_base
 - extras/python_rpm/build.sh
 - extras/python_rpm/muthon.spec
 - extras/release.png
 - extras/ruby_rpm/build.sh
 - extras/ruby_rpm/muby.spec
+- extras/sqlite_rpm/build.sh
+- extras/sqlite_rpm/muqlite.spec
 - extras/vault_tools/README.md
 - extras/vault_tools/export_vaults.sh
 - extras/vault_tools/recreate_vaults.sh
@@ -1115,6 +1130,7 @@ files:
 - modules/tests/auto_scaling.inc
 - modules/tests/aws-iam.yaml
 - modules/tests/aws-jobs-functions.yaml
+- modules/tests/aws-servers-with-handrolled-iam.yaml
 - modules/tests/aws-sgs.yaml
 - modules/tests/bucket.yml
 - modules/tests/centos6.yaml