RubyGems - cloud-mu - Versions diffs - 3.6.14 → 3.6.15 - Mend

cloud-mu 3.6.14 → 3.6.15

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

checksums.yaml +4 -4
data/cloud-mu.gemspec +2 -2
data/cookbooks/mu-master/recipes/default.rb +1 -1
data/cookbooks/mu-master/recipes/init.rb +2 -2
data/modules/mu/providers/aws/vpc.rb +40 -20
metadata +2 -2

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 139c2a4c671720c20af33791916196e89711a9c32d3fe9434075991396859644
-  data.tar.gz: 6bc11c7c21a784ad236699fc612a4cb6aaaa258d423b5788fc53f44dc961f4e5
+  metadata.gz: 0b1489c8d2a0d9433580896b96352694c49dfce6c4c9791166ad80b1abb8492b
+  data.tar.gz: 35dab58343bdd2cb33b7d97bccc4dc20a92d03de8d4506c7638b15906540e5ff
 SHA512:
-  metadata.gz: d0494df226fb48f1e596b758a462e4b5ddc4aa186da1c2d8fe7a50f8aeb726b9b45a9321c32e2baf1c7d63d7ebd368aee6f39a705b0c4d7b32ae7d4118e0f794
-  data.tar.gz: 7d10151c049c7a8cceb5da58299c2e9b7b1b92624673fce7913b95aef28b37a058e1d6ce5bde1acc07110defcd0abcec4c8bcb4146cd91c9d988250986ee3eaf
+  metadata.gz: 41612c92416e80c343158a5ceee10fd6b45cdd234e6bb6679e81de5842a7203a9f079af274c5638c7b27b090a2731e23712f082b46562c47f77c49ed34aa1eb5
+  data.tar.gz: a82e7e8b014149763cf2e2f37c99ff1902a0fb3f9c7683136b3da08eb785b119cfad6de35c7dba28e3c0d5ec54fc3a2209241742d4231386c9c952ea7a0b78b7

data/cloud-mu.gemspec CHANGED Viewed

@@ -17,8 +17,8 @@ end
 Gem::Specification.new do |s|
   s.name        = 'cloud-mu'
-  s.version     = '3.6.14'
-  s.date        = '2025-04-27'
+  s.version     = '3.6.15'
+  s.date        = '2025-06-21'
   s.require_paths = ['modules']
   s.required_ruby_version = '>= 3'
   s.summary     = "The eGTLabs Mu toolkit for unified cloud deployments"

data/cookbooks/mu-master/recipes/default.rb CHANGED Viewed

@@ -56,9 +56,9 @@ if ::File.exist?("/etc/sudoers.d/waagent")
   }
 end
+include_recipe 'mu-master::firewall-holes'
 include_recipe 'mu-master::init'
 include_recipe 'mu-master::basepackages'
-include_recipe 'mu-master::firewall-holes'
 include_recipe 'mu-master::ssl-certs'
 include_recipe 'mu-master::vault'
 include_recipe 'mu-tools::gcloud'

data/cookbooks/mu-master/recipes/init.rb CHANGED Viewed

@@ -258,13 +258,13 @@ when 'amazon'
   when '2'
     basepackages.concat(['libX11', 'mariadb-devel', 'cryptsetup', 'ncurses-devel', 'ncurses-compat-libs', 'iptables-services'])
-    removepackages = ['nagios', 'firewalld']
+    removepackages = ['nagios']
     elversion = '7'
   when '2023'
     basepackages.concat(['libX11', 'mariadb105-devel', 'cryptsetup', 'ncurses-devel', 'ncurses-compat-libs', 'iptables-services', 'libxcrypt-compat', 'ruby', 'nspr-devel', 'nss-devel >= 3.34', 'openldap-clients', 'openldap-devel', 'lmdb-devel', 'cyrus-sasl-devel', 'icu', 'libicu-devel', 'pcre2-devel', 'cracklib-devel', 'json-c-devel', 'libatomic', 'clang', 'compiler-rt', 'lld', 'gcc', 'gcc-c++', 'libasan', 'libtsan', 'libubsan', 'libdb-devel', 'net-snmp-devel', 'bzip2-devel', 'openssl-devel', 'pam-devel', 'systemd-units', 'systemd-devel', 'pkgconfig', 'krb5-devel', 'autoconf', 'automake', 'libtool', 'doxygen', 'libcmocka-devel', 'python3', 'python3-devel', 'python3-setuptools', 'python3-ldap', 'python3-pyasn1', 'python3-pyasn1-modules', 'python3-dateutil', 'python3-argcomplete', 'python3-policycoreutils', 'python3-libselinux', 'python3-cryptography', 'rsync', 'python3-pip'])
     basepackages.delete('curl')
-    removepackages = ['nagios', 'firewalld']
+    removepackages = ['nagios']
     elversion = '7'
   else

data/modules/mu/providers/aws/vpc.rb CHANGED Viewed

@@ -262,30 +262,46 @@ module MU
                  { name: "resource-id", values: [@cloud_id] }
                ]
             )
-            # XXX a smarter guard would filter with more specificity
-            if !ext or ext.flow_logs.empty?
-              loggroup = if @config['log_group_name']
-                @config['log_group_name']
+            logrole = @deploy.findLitterMate(name: @config['name']+"logrole", type: "roles")
+            log_cfg = {
+              resource_ids: [@cloud_id],
+              resource_type: "VPC",
+              traffic_type: "ALL",
+              tag_specifications: [
+                {
+                  resource_type: "vpc-flow-log",
+                  tags: @tags.each_key.map { |k| { :key => k, :value => @tags[k] } }
+                }
+              ]
+            }
+            if @config['log_bucket_arn']
+              log_cfg[:log_destination] = @config['log_bucket_arn']
+              log_cfg[:log_destination_type] = "s3"
+            else
+              log_cfg[:log_destination_type] = "cloud-watch-logs"
+              log_cfg[:deliver_logs_permission_arn] = logrole.cloudobj.arn,
+              if @config['log_group_name']
+                log_cfg[:log_group_name] = @config['log_group_name']
               else
-                @deploy.findLitterMate(name: @config['name']+"loggroup", type: "logs").mu_name
+                log_cfg[:log_group_name] = @deploy.findLitterMate(name: @config['name']+"loggroup", type: "logs").mu_name
               end
-              logrole = @deploy.findLitterMate(name: @config['name']+"logrole", type: "roles")
+            end
+            have_match = false
+            if ext and ext.flow_logs
+              ext.flow_logs.each { |fl|
+                next if fl.log_destination_type != log_cfg[:log_destination_type]
+                next if fl.log_destination_type == "s3" and fl.log_destination != log_cfg[:log_destination]
+                next if fl.log_destination_type == "cloud-watch-logs" and fl.log_group_name != log_cfg[:log_group_name]
+                have_match = true
+              }
+            end
-              MU.log "Enabling traffic logging on VPC #{@mu_name} to log group #{loggroup}"
-              MU::Cloud::AWS.ec2(region: @region, credentials: @credentials).create_flow_logs(
-                resource_ids: [@cloud_id],
-                resource_type: "VPC",
-                traffic_type: "ALL",
-                log_group_name: loggroup,
-                deliver_logs_permission_arn: logrole.cloudobj.arn,
-                tag_specifications: [
-                  {
-                    resource_type: "vpc-flow-log",
-                    tags: @tags.each_key.map { |k| { :key => k, :value => @tags[k] } }
-                  }
-                ]
-              )
+            if !have_match
+              MU.log "Enabling traffic logging on VPC #{@mu_name} to #{log_cfg[:log_destination] || log_cfg[:log_group_name]}"
+              MU::Cloud::AWS.ec2(region: @region, credentials: @credentials).create_flow_logs(log_cfg)
             end
           end
@@ -935,6 +951,10 @@ module MU
               "type" => "string",
               "description" => "An existing CloudWachLogs log group the traffic will be logged to. If not provided, a new one will be created"
             },
+            "log_bucket_arn" => {
+              "type" => "string",
+              "description" => "An S3 bucket into which to deposit flow logs"
+            },
             "enable_traffic_logging" => {
               "type" => "boolean",
               "description" => "If traffic logging is enabled or disabled. Will be enabled on all subnets and network interfaces if set to true on a VPC",

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: cloud-mu
 version: !ruby/object:Gem::Version
-  version: 3.6.14
+  version: 3.6.15
 platform: ruby
 authors:
 - John Stange
@@ -11,7 +11,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2025-04-27 00:00:00.000000000 Z
+date: 2025-06-21 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: addressable