Add more methods to OpenStack Orchestration to pull more information from a stack

lib/fog/openstack/models/network/network.rb

@@ -12,14 +12,10 @@ class Network < Fog::Model
         attribute :status
         attribute :admin_state_up
         attribute :tenant_id
-        attribute :provider_network_type,       
-                  :aliases =>  'provider:network_type'
-        attribute :provider_physical_network,
-                  :aliases => 'provider:physical_network'
-        attribute :provider_segmentation_id,
-                  :aliases => 'provider:segmentation_id'
-        attribute :router_external,
-                  :aliases => 'router:external'
+        attribute :provider_network_type,     :aliases => 'provider:network_type'
+        attribute :provider_physical_network, :aliases => 'provider:physical_network'
+        attribute :provider_segmentation_id,  :aliases => 'provider:segmentation_id'
+        attribute :router_external,           :aliases => 'router:external'
 
         def initialize(attributes)
           # Old 'connection' is renamed as service and should be used instead
@@ -31,15 +27,18 @@ def save
           identity ? update : create
         end
 
+        def subnets
+          service.subnets.select {|s| s.network_id == self.id }
+        end
+
         def create
           merge_attributes(service.create_network(self.attributes).body['network'])
           self
         end
 
         def update
           requires :id
-          merge_attributes(service.update_network(self.id,
-                                                     self.attributes).body['network'])
+          merge_attributes(service.update_network(self.id, self.attributes).body['network'])
           self
         end
 
@@ -48,7 +47,6 @@ def destroy
           service.delete_network(self.id)
           true
         end
-
       end
     end
   end

lib/fog/openstack/models/network/security_group.rb

@@ -0,0 +1,32 @@
+require 'fog/core/model'
+
+module Fog
+  module Network
+    class OpenStack
+      class SecurityGroup < Fog::Model
+        identity :id
+
+        attribute :name
+        attribute :description
+        attribute :security_group_rules
+        attribute :tenant_id
+
+        def destroy
+          requires :id
+          service.delete_security_group(id)
+          true
+        end
+
+        def security_group_rules
+          Fog::Network::OpenStack::SecurityGroupRules.new(:service => service).load(attributes[:security_group_rules])
+        end
+
+        def save
+          raise Fog::Errors::Error.new('Resaving an existing object may create a duplicate') if persisted?
+          merge_attributes(service.create_security_group(attributes).body['security_group'])
+          true
+        end
+      end
+    end
+  end
+end

lib/fog/openstack/models/network/security_group_rule.rb

@@ -0,0 +1,33 @@
+require 'fog/core/model'
+
+module Fog
+  module Network
+    class OpenStack
+      class SecurityGroupRule < Fog::Model
+        identity :id
+
+        attribute :security_group_id
+        attribute :direction
+        attribute :protocol
+        attribute :port_range_min
+        attribute :port_range_max
+        attribute :remote_ip_prefix
+        attribute :ethertype
+        attribute :remote_group_id
+        attribute :tenant_id
+
+        def destroy
+          requires :id
+          service.delete_security_group_rule(id)
+          true
+        end
+
+        def save
+          raise Fog::Errors::Error.new('Resaving an existing object may create a duplicate') if persisted?
+          merge_attributes(service.create_security_group_rule(security_group_id, direction, attributes).body['security_group_rule'])
+          true
+        end
+      end
+    end
+  end
+end

lib/fog/openstack/models/network/security_group_rules.rb

@@ -0,0 +1,33 @@
+require 'fog/core/collection'
+require 'fog/openstack/models/network/security_group_rule'
+
+module Fog
+  module Network
+    class OpenStack
+      class SecurityGroupRules < Fog::Collection
+
+        attribute :filters
+
+        model Fog::Network::OpenStack::SecurityGroupRule
+
+        def initialize(attributes)
+          self.filters ||= {}
+          super
+        end
+
+        def all(filters = filters)
+          self.filters = filters
+          load(service.list_security_group_rules(filters).body['security_group_rules'])
+        end
+
+        def get(sec_group_rule_id)
+          if sec_group_rule = service.get_security_group_rule(sec_group_rule_id).body['security_group_rule']
+            new(sec_group_rule)
+          end
+        rescue Fog::Network::OpenStack::NotFound
+          nil
+        end
+      end
+    end
+  end
+end

lib/fog/openstack/models/network/security_groups.rb

@@ -0,0 +1,34 @@
+require 'fog/core/collection'
+require 'fog/openstack/models/network/security_group'
+
+module Fog
+  module Network
+    class OpenStack
+      class SecurityGroups < Fog::Collection
+
+        attribute :filters
+
+        model Fog::Network::OpenStack::SecurityGroup
+
+        def initialize(attributes)
+          self.filters ||= {}
+          super
+        end
+
+        def all(filters = filters)
+          self.filters = filters
+          load(service.list_security_groups(filters).body['security_groups'])
+        end
+
+        def get(security_group_id)
+          if security_group = service.get_security_group(security_group_id).body['security_group']
+            new(security_group)
+          end
+        rescue Fog::Network::OpenStack::NotFound
+          nil
+        end
+
+      end
+    end
+  end
+end

lib/fog/openstack/network.rb

@@ -32,6 +32,10 @@ class OpenStack < Fog::Service
       collection  :lb_health_monitors
       model       :lb_vip
       collection  :lb_vips
+      model       :security_group
+      collection  :security_groups
+      model       :security_group_rule
+      collection  :security_group_rules
 
       ## REQUESTS
       #
@@ -106,6 +110,18 @@ class OpenStack < Fog::Service
       request :get_lb_vip
       request :update_lb_vip
 
+      # Security Group
+      request :create_security_group
+      request :delete_security_group
+      request :get_security_group
+      request :list_security_groups
+
+      # Security Group Rules
+      request :create_security_group_rule
+      request :delete_security_group_rule
+      request :get_security_group_rule
+      request :list_security_group_rules
+
       # Tenant
       request :set_tenant
 
@@ -175,6 +191,8 @@ def self.data
                   "port" => 30
                 }
               ],
+              :security_groups      => {},
+              :security_group_rules => {},
             }
           end
         end

lib/fog/openstack/orchestration.rb

@@ -20,6 +20,9 @@ class OpenStack < Fog::Service
       request :update_stack
       request :delete_stack
       request :list_stacks
+      request :describe_stack
+      request :get_template
+      request :list_stack_resources
 
       class Mock
         attr_reader :auth_token
@@ -30,7 +33,10 @@ class Mock
         def self.data
           @data ||= Hash.new do |hash, key|
             hash[key] = {
-              :stacks => {}
+              :stacks => {},
+              :stack_details => {},
+              :resources => {},
+              :templates => {}
             }
           end
         end

lib/fog/openstack/requests/network/create_security_group.rb

@@ -0,0 +1,94 @@
+module Fog
+  module Network
+    class OpenStack
+      class Real
+        # Create a new security group
+        #
+        # ==== Parameters
+        # * options<~Hash>:
+        #   * 'name'<~String> - Name of the security group
+        #   * 'description'<~String> - Description of the security group
+        #   * 'tenant_id'<~String> - TenantId different than the current user, that should own the security group. Only allowed if user has 'admin' role.
+        #
+        # ==== Returns
+        # * response<~Excon::Response>:
+        #   * body<~Hash>:
+        #   * 'security_groups'<~Array>:
+        #     * 'id'<~String> - UUID of the security group
+        #     * 'name'<~String> - Name of the security group
+        #     * 'description'<~String> - Description of the security group
+        #     * 'tenant_id'<~String> - Tenant id that owns the security group
+        #     * 'security_group_rules'<~Array>: - Array of security group rules
+        #       * 'id'<~String> - UUID of the security group rule
+        #       * 'direction'<~String> - Direction of traffic, must be in ['ingress', 'egress']
+        #       * 'port_range_min'<~Integer> - Start port for rule i.e. 22 (or -1 for ICMP wildcard)
+        #       * 'port_range_max'<~Integer> - End port for rule i.e. 22 (or -1 for ICMP wildcard)
+        #       * 'protocol'<~String> - IP protocol for rule, must be in ['tcp', 'udp', 'icmp']
+        #       * 'ethertype'<~String> - Type of ethernet support, must be in ['IPv4', 'IPv6']
+        #       * 'security_group_id'<~String> - UUID of the parent security group
+        #       * 'remote_group_id'<~String> - UUID of the remote security group
+        #       * 'remote_ip_prefix'<~String> - IP cidr range address i.e. '0.0.0.0/0'
+        #       * 'tenant_id'<~String> - Tenant id that owns the security group rule
+        def create_security_group(options = {})
+          data              = {"security_group" => {}}
+          desired_options   = [:name, :description, :tenant_id]
+          selected_options  = desired_options.select{|o| options[o]}
+          selected_options.each { |key| data["security_group"][key] = options[key] }
+
+          request(
+            :body     => Fog::JSON.encode(data),
+            :expects  => 201,
+            :method   => "POST",
+            :path     => "security-groups"
+          )
+        end
+      end
+
+      class Mock
+        def create_security_group(options = {})
+          # Spaces are NOT removed from name and description, as in case of compute sec groups
+          tenant_id     = Fog::Mock.random_numbers(14).to_s
+          sec_group_id  = Fog::UUID.uuid
+
+          response = Excon::Response.new
+          response.status = 201
+          # by default every security group will come setup with an egress rule to "allow all out"
+          data = {
+            "security_group_rules"  => [
+                { "remote_group_id"   => nil,
+                  "direction"         => "egress",
+                  "remote_ip_prefix"  => nil,
+                  "protocol"          => nil,
+                  "ethertype"         => "IPv4",
+                  "tenant_id"         => tenant_id,
+                  "port_range_max"    => nil,
+                  "port_range_min"    => nil,
+                  "id"                => Fog::UUID.uuid,
+                  "security_group_id" => sec_group_id
+                },
+                { "remote_group_id"   => nil,
+                  "direction"         => "egress",
+                  "remote_ip_prefix"  => nil,
+                  "protocol"          => nil,
+                  "ethertype"         => "IPv6",
+                  "tenant_id"         => tenant_id,
+                  "port_range_max"    => nil,
+                  "port_range_min"    => nil,
+                  "id"                => Fog::UUID.uuid,
+                  "security_group_id" => sec_group_id
+                }
+              ],
+            "id"           => sec_group_id,
+            "tenant_id"    => tenant_id,
+            "name"         => options[:name] || "",
+            "description"  => options[:description] || ""
+          }
+
+          self.data[:security_groups][data["id"]] = data
+          response.body = {"security_group" => data}
+          response
+        end
+      end
+    end
+  end
+end