From 01417943505705b72ed67ecc64fb5e0ac484dc90 Mon Sep 17 00:00:00 2001
From: Jan Klare <j.klare@cloudbau.de>
Date: Fri, 26 Aug 2016 11:48:21 +0200
Subject: [PATCH] Enable fwaas recipe again after refactoring

Change-Id: Id2b6035ca330c1bf1e89bdda237d84b785f6a212
---
 .rubocop_todo.yml     |  6 +++--
 attributes/default.rb | 16 +++++++----
 recipes/fwaas.rb      | 62 +++++++++++++++++++++++++++----------------
 recipes/l3_agent.rb   |  5 +++-
 recipes/lbaas.rb      |  2 +-
 recipes/vpnaas.rb     |  3 ++-
 spec/l3_agent_spec.rb |  1 +
 spec/vpnaas_spec.rb   |  4 +++
 8 files changed, 66 insertions(+), 33 deletions(-)

diff --git a/.rubocop_todo.yml b/.rubocop_todo.yml
index 3280ac4c..8ca19870 100644
--- a/.rubocop_todo.yml
+++ b/.rubocop_todo.yml
@@ -1,18 +1,20 @@
 # This configuration was generated by
 # `rubocop --auto-gen-config`
-# on 2016-02-19 12:46:00 +0100 using RuboCop version 0.34.2.
+# on 2016-08-26 13:02:36 +0200 using RuboCop version 0.39.0.
 # The point is for the user to remove these configuration records
 # one by one as the offenses are removed from the code base.
 # Note that changes in the inspected code, or installation of new
 # versions of RuboCop, may require this file to be generated again.
 
-# Offense count: 9
+# Offense count: 10
 # Configuration parameters: EnforcedStyle, SupportedStyles.
+# SupportedStyles: nested, compact
 Style/ClassAndModuleChildren:
   Exclude:
     - 'recipes/_bridge_config_example.rb'
     - 'recipes/client.rb'
     - 'recipes/default.rb'
+    - 'recipes/fwaas.rb'
     - 'recipes/identity_registration.rb'
     - 'recipes/l3_agent.rb'
     - 'recipes/lbaas.rb'
diff --git a/attributes/default.rb b/attributes/default.rb
index 649e83c4..23998db5 100644
--- a/attributes/default.rb
+++ b/attributes/default.rb
@@ -141,6 +141,8 @@ end
 # ============================= VPN Agent Configuration ====================
 # vpn_device_driver_packages in platform-specific settings is used to get driver dependencies installed, default is strongswan
 # vpn_device_driver_services in platform-specific settings is used to enable services required by vpn drivers, default is strongswan
+# To enable 'vpnaas' as service_plugin, you need to add it to neutron.conf
+# ['Default']['service_plugins']
 # Set to true to enable vpnaas
 default['openstack']['network_vpnaas']['enabled'] = false
 # Custom the vpnaas config file path
@@ -163,6 +165,8 @@ default['openstack']['network_vpnaas']['conf'].tap do |conf|
 end
 
 # ============================= LBaaS Agent Configuration ==================
+# To enable 'lbaas' as service_plugin, you need to add it to neutron.conf
+# ['Default']['service_plugins']
 # Set to true to enable lbaas
 default['openstack']['network_lbaas']['enabled'] = false
 # Custom the lbaas config file path
@@ -181,15 +185,17 @@ default['openstack']['network_lbaas']['conf'].tap do |conf|
 end
 
 # ============================= FWaaS Configuration ==================
-# TODO(jklare) : check why the package is installed and if the configuration
-# works at all (if so, this needs refactoring parallel to the lbaas and vpnaas
-# recipes and attributes)
+# To enable 'firewall' as service_plugin, you need to add it to neutron.conf
+# ['Default']['service_plugins']
 # Set to True to enable firewall service
 default['openstack']['network_fwaas']['enabled'] = false
 # Firewall service driver with linux iptables
-# default['openstack']['network']['fwaas']['driver'] = 'neutron_fwaas.services.firewall.drivers.linux.iptables_fwaas.IptablesFwaasDriver'
+default['openstack']['network_fwaas']['conf'].tap do |conf|
+  conf['fwaas']['driver'] =
+    'neutron_fwaas.services.firewall.drivers.linux.iptables_fwaas.IptablesFwaasDriver'
+end
 # Custom the fwaas config file path
-# default['openstack']['network']['fwaas']['config_file'] = '/etc/neutron/fwaas_driver.ini'
+default['openstack']['network_fwaas']['config_file'] = '/etc/neutron/fwaas_driver.ini'
 # ============================= platform-specific settings ===========
 default['openstack']['network']['platform'].tap do |platform|
   platform['user'] = 'neutron'
diff --git a/recipes/fwaas.rb b/recipes/fwaas.rb
index 5a96308a..7d9a6b2c 100644
--- a/recipes/fwaas.rb
+++ b/recipes/fwaas.rb
@@ -1,24 +1,40 @@
-# TODO(jklare) : check why the package is installed and if the configuration
-# works at all (if so, this needs refactoring parallel to the lbaas and vpnaas
-# recipes and attributes)
-# ---- moved from templates/default/services/neutron-fwaas/fwaas_driver.ini.erb----
-# <%= node["openstack"]["network"]["custom_template_banner"] %>
-# [fwaas]
-# driver = <%= node['openstack']['network']['fwaas']['driver'] %>
-# enabled = <%= node['openstack']['network']['fwaas']['enabled'] %>
-# ---- moved from templates/default/services/neutron-fwaas/fwaas_driver.ini.erb----
-# ---- moved from recipes/l3_agent----
+# Encoding: utf-8
+#
+# Cookbook Name:: openstack-network
+# Recipe:: fwaas
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+include_recipe 'openstack-network'
+
+# Make Openstack object available in Chef::Recipe
+class ::Chef::Recipe
+  include ::Openstack
+end
+
+node.default['openstack']['network_fwaas']['conf'].tap do |conf|
+  conf['fwaas']['enabled'] = true
+end
+
 # As the fwaas package will be installed anyway, configure its config-file attributes following environment.
-# template node['openstack']['network']['fwaas']['config_file'] do
-#  source 'services/neutron-fwaas/fwaas_driver.ini.erb'
-#  user node['openstack']['network']['platform']['user']
-#  group node['openstack']['network']['platform']['group']
-#  mode 00640
-#  # Only restart vpn agent to avoid synchronization problem, when vpn agent is enabled.
-#  if node['openstack']['network']['enable_vpn']
-#    notifies :restart, 'service[neutron-vpn-agent]', :delayed
-#  else
-#    notifies :restart, 'service[neutron-l3-agent]', :immediately
-#  end
-# end
-# ---- moved from recipes/l3_agent----
+service_conf = merge_config_options 'network_fwaas'
+template node['openstack']['network_fwaas']['config_file'] do
+  source 'openstack-service.conf.erb'
+  cookbook 'openstack-common'
+  owner node['openstack']['network']['platform']['user']
+  group node['openstack']['network']['platform']['group']
+  mode 00640
+  variables(
+    service_config: service_conf
+  )
+end
diff --git a/recipes/l3_agent.rb b/recipes/l3_agent.rb
index 1acf07b0..5554471f 100644
--- a/recipes/l3_agent.rb
+++ b/recipes/l3_agent.rb
@@ -62,6 +62,9 @@ service 'neutron-l3-agent' do
     action [:stop, :disable]
   else
     action [:enable, :start]
-    subscribes :restart, 'template[/etc/neutron/neutron.conf]'
+    subscribes :restart, [
+      'template[/etc/neutron/neutron.conf]',
+      "template[#{node['openstack']['network_fwaas']['config_file']}]"
+    ]
   end
 end
diff --git a/recipes/lbaas.rb b/recipes/lbaas.rb
index 57a95242..23889618 100644
--- a/recipes/lbaas.rb
+++ b/recipes/lbaas.rb
@@ -1,7 +1,7 @@
 # Encoding: utf-8
 #
 # Cookbook Name:: openstack-network
-# Recipe:: balancer
+# Recipe:: lbaas
 #
 # Copyright 2013, Mirantis IT
 #
diff --git a/recipes/vpnaas.rb b/recipes/vpnaas.rb
index 52a94d5f..0791dbb2 100644
--- a/recipes/vpnaas.rb
+++ b/recipes/vpnaas.rb
@@ -68,6 +68,7 @@ service 'neutron-vpn-agent' do
   action [:enable, :start]
   subscribes :restart, [
     'template[/etc/neutron/neutron.conf]',
-    "template[#{node['openstack']['network_vpnaas']['config_file']}]"
+    "template[#{node['openstack']['network_vpnaas']['config_file']}]",
+    "template[#{node['openstack']['network_fwaas']['config_file']}]"
   ]
 end
diff --git a/spec/l3_agent_spec.rb b/spec/l3_agent_spec.rb
index 7901c499..35ff2c0b 100644
--- a/spec/l3_agent_spec.rb
+++ b/spec/l3_agent_spec.rb
@@ -19,6 +19,7 @@ describe 'openstack-network::l3_agent' do
       it 'subscribes the l3 agent service to neutron.conf' do
         expect(chef_run.service('neutron-l3-agent')).to subscribe_to('template[/etc/neutron/neutron.conf]').delayed
       end
+
       %w(neutron-l3-agent radvd keepalived).each do |pkg|
         it "upgrades #{pkg} package" do
           expect(chef_run).to upgrade_package(pkg)
diff --git a/spec/vpnaas_spec.rb b/spec/vpnaas_spec.rb
index 5fd15974..3a4fb986 100644
--- a/spec/vpnaas_spec.rb
+++ b/spec/vpnaas_spec.rb
@@ -36,6 +36,10 @@ describe 'openstack-network::vpnaas' do
       expect(chef_run.service('neutron-vpn-agent')).to subscribe_to('template[/etc/neutron/neutron.conf]').delayed
     end
 
+    it 'subscribes the vpn agent service to vpn_agent.ini' do
+      expect(chef_run.service('neutron-vpn-agent')).to subscribe_to('template[/etc/neutron/vpn_agent.ini]').delayed
+    end
+
     describe 'vpn_agent.ini' do
       let(:file) { chef_run.template('/etc/neutron/vpn_agent.ini') }