Switch nova_security_group to openstack provider

The current nova provider for nova_security_group is broken at the moment. Due to the fact that the commands are getting deprecated, the warnings are confusing the text parsing and result in repeated creation of security groups. This patch resolves this issue by switching it to the new openstack provider. It also adds the instances and prefetch methods which will allow `puppet resource` CLI usage. Change-Id: Ibdd930d9b89a1e9ac6d47a5cbf2d7903b145971e
2017-07-25 19:38:31 -04:00
parent dad40312eb
commit 0f8c04df8e
4 changed files with 130 additions and 128 deletions
--- a/lib/puppet/provider/nova_security_group/nova.rb
+++ b/lib/puppet/provider/nova_security_group/nova.rb
@@ -1,37 +0,0 @@
-require File.join(File.dirname(__FILE__), '..','..','..',
-                  'puppet/provider/nova')
-
-Puppet::Type.type(:nova_security_group).provide(
-  :nova,
-  :parent => Puppet::Provider::Nova
-) do
-
-  desc "Manage nova security groups"
-
-  commands :nova => 'nova'
-
-  mk_resource_methods
-
-  def exists?
-    sec_groups = self.class.cliout2list(auth_nova('secgroup-list'))
-    return sec_groups.detect do |n|
-        n['Name'] == resource['name']
-    end
-  end
-
-  def destroy
-    auth_nova("secgroup-delete", name)
-    @property_hash[:ensure] = :absent
-  end
-
-  def create
-    result = self.class.cliout2list(auth_nova("secgroup-create", resource[:name], resource[:description]))
-
-    @property_hash = {
-      :ensure => :present,
-      :name => resource[:name],
-      :id => result[0]['Id'],
-      :description => resource[:description]
-    }
-  end
-end
--- a/lib/puppet/provider/nova_security_group/openstack.rb
+++ b/lib/puppet/provider/nova_security_group/openstack.rb
@@ -0,0 +1,82 @@
+require File.join(File.dirname(__FILE__), '..','..','..', 'puppet/provider/nova')
+
+Puppet::Type.type(:nova_security_group).provide(
+  :openstack,
+  :parent => Puppet::Provider::Nova
+) do
+  desc <<-EOT
+      Manage nova security groups
+  EOT
+
+  @credentials = Puppet::Provider::Openstack::CredentialsV3.new
+
+  def initialize(value={})
+    super(value)
+    @property_flush = {}
+  end
+
+  def create
+    opts = [@resource[:name]]
+    (opts << '--description' << @resource[:description]) if @resource[:description]
+    @property_hash = self.class.nova_request('security group', 'create', nil, opts)
+    @property_hash[:ensure] = :present
+  end
+
+  def exists?
+    @property_hash[:ensure] == :present
+  end
+
+  def destroy
+    self.class.request('security group', 'delete', @resource[:name])
+  end
+
+  mk_resource_methods
+
+  def id=(value)
+    fail('id is read only')
+  end
+
+  def name=(value)
+    fail('name is read only')
+  end
+
+  def description=(value)
+    @property_flush[:description] = value
+  end
+
+  def self.instances
+    # NOTE(mnaser): The OpenStack client makes a request to the Neutron endpoint
+    #               to get security groups and if it has an admin role, it will
+    #               retrieve all security groups.  The following helps filter it.
+    project_id = self.nova_request('token', 'issue', nil, ['-c', 'project_id', '-f', 'value']).strip
+
+    self.nova_request('security group', 'list', nil).select do |attrs|
+      attrs[:project] == project_id
+    end.collect do |attrs|
+      new(
+        :ensure      => :present,
+        :id          => attrs[:id],
+        :name        => attrs[:name],
+        :description => attrs[:description]
+      )
+    end
+  end
+
+  def self.prefetch(resources)
+    security_groups = instances
+    resources.keys.each do |name|
+      if provider = security_groups.find { |security_group| security_group.name == name }
+        resources[name].provider = provider
+      end
+    end
+  end
+
+  def flush
+    unless @property_flush.empty?
+      opts = [@resource[:name]]
+      (opts << '--description' << @resource[:description]) if @resource[:description]
+      self.class.request('security group', 'set', opts)
+      @property_flush.clear
+    end
+  end
+end
--- a/spec/unit/provider/nova_security_group/nova_spec.rb
+++ b/spec/unit/provider/nova_security_group/nova_spec.rb
@@ -1,91 +0,0 @@
-require 'puppet'
-require 'puppet/provider/nova_security_group/nova'
-require 'tempfile'
-
-provider_class = Puppet::Type.type(:nova_security_group).provider(:nova)
-
-describe provider_class do
-
-  let :secgroup_attrs do
-    {
-      :name => "scg0",
-      :description => "Security Group",
-    }
-  end
-
-  let :resource do
-    Puppet::Type::Nova_security_group.new(secgroup_attrs)
-  end
-
-  let :provider do
-    provider_class.new(resource)
-  end
-
-  shared_examples "nova_security_group" do
-    describe "#exists?" do
-      it 'should check non-existing security group' do
-        output = <<-EOT
-+--------------------------------------+---------+------------------------+
-| Id                                   | Name    | Description            |
-+--------------------------------------+---------+------------------------+
-| f630dd92-3ff7-49bc-b012-b211451aa418 | default | Default security group |
-+--------------------------------------+---------+------------------------+
-EOT
-
-        provider.expects(:auth_nova).with('secgroup-list').returns(output)
-
-        expect(provider.exists?).to be_falsey
-      end 
-
-      it 'should check existing security group' do
-        output = <<-EOT
-+--------------------------------------+------+----------------+
-| Id                                   | Name | Description    |
-+--------------------------------------+------+----------------+
-| f630dd92-3ff7-49bc-b012-b211451aa419 | scg0 | Security Group |
-+--------------------------------------+------+----------------+
-EOT
-
-        provider.expects(:auth_nova).with('secgroup-list').returns(output)
-
-        expect(provider.exists?).to be_truthy
-      end
-    end
-
-    
-    describe "#create" do
-      it 'should create security group' do
-        output = <<-EOT
-+--------------------------------------+------+----------------+
-| Id                                   | Name | Description    |
-+--------------------------------------+------+----------------+
-| f630dd92-3ff7-49bc-b012-b211451aa419 | scg0 | Security Group |
-+--------------------------------------+------+----------------+
-EOT
-
-        provider.expects(:auth_nova).with('secgroup-create', 'scg0', 'Security Group').returns(output)
-
-        expect(provider.create).to be_truthy
-      end 
-    end
-
-
-    describe "#destroy" do
-      it 'should destroy security group' do
-        output = <<-EOT
-+--------------------------------------+------+----------------+
-| Id                                   | Name | Description    |
-+--------------------------------------+------+----------------+
-| f630dd92-3ff7-49bc-b012-b211451aa419 | scg0 | Security Group |
-+--------------------------------------+------+----------------+
-EOT
-
-        provider.expects(:auth_nova).with('secgroup-delete', 'scg0').returns(output)
-
-        expect(provider.destroy).to be_truthy
-      end 
-    end
-  end
-
-  it_behaves_like('nova_security_group')
-end
--- a/spec/unit/provider/nova_security_group/openstack_spec.rb
+++ b/spec/unit/provider/nova_security_group/openstack_spec.rb
@@ -0,0 +1,48 @@
+require 'puppet'
+require 'spec_helper'
+require 'puppet/provider/nova_flavor/openstack'
+
+provider_class = Puppet::Type.type(:nova_security_group).provider(:openstack)
+
+describe provider_class do
+
+  describe 'managing security groups' do
+    let(:secgroup_attrs) do
+      {
+        :name => "scg0",
+        :description => "Security Group",
+      }
+    end
+
+    let :resource do
+      Puppet::Type::Nova_security_group.new(secgroup_attrs)
+    end
+
+    let(:provider) do
+      provider_class.new(resource)
+    end
+
+    describe "#create" do
+      it 'should create security group' do
+        provider.class.stubs(:openstack)
+                      .with('security group', 'list', ['--all'])
+                      .returns('"ID", "Name", "Description", "Project"')
+        provider.class.stubs(:openstack)
+                      .with('security group', 'create', ['scg0', '--description', 'Security Group'])
+                      .returns('id="f630dd92-3ff7-49bc-b012-b211451aa419"
+name="scg0"
+description="Security Group"')
+      end
+    end
+
+    describe '#destroy' do
+      it 'removes flavor' do
+        provider_class.expects(:openstack)
+          .with('security group', 'delete', 'scg0')
+        provider.instance_variable_set(:@property_hash, secgroup_attrs)
+        provider.destroy
+        expect(provider.exists?).to be_falsey
+      end
+    end
+  end
+end