puppet-nova/lib/puppet/provider/nova_security_group/openstack.rb

require File.join(File.dirname(__FILE__), '..','..','..', 'puppet/provider/nova')

Puppet::Type.type(:nova_security_group).provide(
  :openstack,
  :parent => Puppet::Provider::Nova
) do
  desc <<-EOT
      Manage nova security groups
  EOT

  @credentials = Puppet::Provider::Openstack::CredentialsV3.new

  def initialize(value={})
    super(value)
    @property_flush = {}
  end

  def create
    opts = [@resource[:name]]
    (opts << '--description' << @resource[:description]) if @resource[:description]
    @property_hash = self.class.nova_request('security group', 'create', nil, opts)
    @property_hash[:ensure] = :present
  end

  def exists?
    @property_hash[:ensure] == :present
  end

  def destroy
    self.class.request('security group', 'delete', @resource[:name])
  end

  mk_resource_methods

  def id=(value)
    fail('id is read only')
  end

  def name=(value)
    fail('name is read only')
  end

  def description=(value)
    @property_flush[:description] = value
  end

  def self.instances
    # NOTE(mnaser): The OpenStack client makes a request to the Neutron endpoint
    #               to get security groups and if it has an admin role, it will
    #               retrieve all security groups.  The following helps filter it.
    project_id = self.nova_request('token', 'issue', nil, ['-c', 'project_id', '-f', 'value']).strip

    self.nova_request('security group', 'list', nil).select do |attrs|
      attrs[:project] == project_id
    end.collect do |attrs|
      new(
        :ensure      => :present,
        :id          => attrs[:id],
        :name        => attrs[:name],
        :description => attrs[:description]
      )
    end
  end

  def self.prefetch(resources)
    security_groups = instances
    resources.keys.each do |name|
      if provider = security_groups.find { |security_group| security_group.name == name }
        resources[name].provider = provider
      end
    end
  end

  def flush
    unless @property_flush.empty?
      opts = [@resource[:name]]
      (opts << '--description' << @resource[:description]) if @resource[:description]
      self.class.request('security group', 'set', opts)
      @property_flush.clear
    end
  end
end