kakine 0.3.0 → 0.4.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 70641f4e229c0b370d35779df007a7df6da8652f
-  data.tar.gz: 2dde1b80581774ea0c74f8848e4f703e25faf22f
+  metadata.gz: 08d689b653e85c4346a1ef9dc194dab3e247e279
+  data.tar.gz: 235a610f938c16abff1e046340a8361f6cbd9e27
 SHA512:
-  metadata.gz: 4cead3fba0343c55d0af964843358cdcaaee3e6b0249a5e18195b8fc84cc266cab4930faa0c6cac8012ed111c32a36ac567fa3bc00a32f8fced787a74d6d92d1
-  data.tar.gz: 08660d1645a78545d7bf22aff0f0dd074de1d0b358045428a559a1b604350e2f165812eb8351c17d9a63742c0e33bd009e87fc251a8d0f217e3c47c7e32fc85a
+  metadata.gz: 6a688afc029c91f62930b1c393cbf514bf0cc7290d3c1e2b5628780b9603f02aba816b196f735d79ef7fcf9ee7cd5d16c7cd915efcb789b2e1e9657b53759b60
+  data.tar.gz: 6166fdac44b9ed3c370f30681caa18c287fd2736558f96abcfe97c7a1748ed0926802e710d0528624b57bdcfd51f64b771615b2d6595f1df225fe41c76b74d62

data/README.md

@@ -1,6 +1,6 @@
 # Kakine
 
-[![Build Status](https://secure.travis-ci.org/hsbt/kakine.png)](https://travis-ci.org/hsbt/kakine)
+[![Build Status](https://travis-ci.org/yaocloud/kakine.svg?branch=master)](https://travis-ci.org/yaocloud/kakine)
 
 Kakine(垣根) is configuration management tool of Security Group on OpenStack.
 
@@ -44,23 +44,22 @@ rails:
       remote_ip: 0.0.0.0/0
 ```
 
-You need to put fog configuration to home directory.
+You need to put a configuration file to home directory.
 
 ```sh
-% cat ~/.fog
-default:
-  openstack_auth_url: "http://your-openstack-endpoint/v2.0/tokens"
-  openstack_username: "admin"
-  openstack_tenant: "admin"
-  openstack_api_key: "admin-no-password"
+% cat ~/.kakine
+auth_url: "http://your-openstack-endpoint/v2.0"
+username: "admin"
+tenant: "admin"
+password: "admin"
 ```
 
 run following command.
 
 ```sh
 $ kakine show -t tenant_name # show Security Group of tenant_name
-$ kaname apply -t tenant_name --dryrun # You can see all of invoke commands(dryrun)
-$ kaname apply -t tenant_name # apply configuration into OpenStack
+$ kakine apply -t tenant_name --dryrun # You can see all of invoke commands(dryrun)
+$ kakine apply -t tenant_name # apply configuration into OpenStack
 ```
 
 You can create or change Security Group on targeting tenant.
@@ -68,7 +67,7 @@ You can create or change Security Group on targeting tenant.
 If you need to initialize your Security Gruop, you can get it via following command:
 
 ```sh
-$ kaname show -t tenant_name > tenant_name.yaml
+$ kakine show -t tenant_name > tenant_name.yaml
 ```
 
 ## Development

data/kakine.gemspec

@@ -19,9 +19,8 @@ Gem::Specification.new do |spec|
   spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
   spec.require_paths = ["lib"]
 
-  spec.add_dependency 'fog'
+  spec.add_dependency "yao", "~> 0.2.0"
   spec.add_dependency 'thor'
-  spec.add_dependency 'hashdiff'
 
   spec.add_development_dependency "bundler"
   spec.add_development_dependency "rake"

data/lib/kakine.rb

@@ -1,12 +1,27 @@
+require 'yaml'
+require 'thor'
+require 'json'
+require 'yao'
 require "kakine/version"
+require 'kakine/config'
 require 'kakine/cli'
-require 'kakine/operation'
+require 'kakine/builder'
+require 'kakine/option'
+require 'kakine/director'
 require 'kakine/adapter'
+require 'kakine/adapter/base'
+require 'kakine/adapter/real'
+require 'kakine/adapter/mock'
 require 'kakine/resource'
+require 'kakine/resource/openstack'
+require 'kakine/resource/yaml'
 require 'kakine/security_group'
 require 'kakine/security_rule'
-require 'kakine/validate'
 
 module Kakine
+  class Error < StandardError; end
+  class ConfigureError < Error; end
+  class SecurityRuleError < Error; end
 end
 
+Kakine::Config.setup unless ENV['RACK_ENV'] == 'test'

data/lib/kakine/adapter.rb

@@ -1,22 +1,16 @@
-require 'kakine/adapter/real'
-require 'kakine/adapter/mock'
-
+require 'singleton'
 module Kakine
   class Adapter
-    def self.set_option(dryrun)
-      @@dryrun = dryrun
-    end
-
-    def self.get_instance
-      @@adapter ||= if @@dryrun
-        Kakine::Adapter::Mock.new
-      else
-        Kakine::Adapter::Real.new
+    @@adapter = nil
+    include Singleton
+    class << self
+      def instance
+        @@adapter ||= if Kakine::Option.dryrun?
+          Kakine::Adapter::Mock.new
+        else
+          Kakine::Adapter::Real.new
+        end
       end
     end
-
-    private
-    def initialize
-    end
   end
 end

data/lib/kakine/adapter/base.rb

@@ -0,0 +1,17 @@
+module Kakine
+  class Adapter
+    module Base
+      def tenants
+        Yao::Tenant.list
+      end
+
+      def security_groups
+        Yao::SecurityGroup.list
+      end
+
+      def get_security_group(remote_group_id)
+        Yao::SecurityGroup.get(remote_group_id)
+      end
+    end
+  end
+end

data/lib/kakine/adapter/mock.rb

@@ -1,6 +1,7 @@
 module Kakine
   class Adapter
     class Mock
+      include Kakine::Adapter::Base
       def create_rule(security_group_id, direction, security_rule)
         attributes = {}
         %w(protocol port_range_max port_range_min remote_ip ethertype).each do |k|
@@ -11,21 +12,32 @@ module Kakine
         end
 
         puts "Create Rule: #{security_group_id} - #{security_rule.direction}: #{attributes}"
+        "Create Rule: #{security_group_id}"
       end
 
       def delete_rule(security_group_rule_id)
         puts "Delete Rule: #{security_group_rule_id}"
+        "Delete Rule: #{security_group_rule_id}"
       end
 
       def create_security_group(attributes)
         data = {}
         attributes.each{|k,v| data[k.to_sym] = v}
         puts "Create Security Group: #{data}"
-        "[Mock] #{attributes[:name]} ID"
+        "Create Security Group: #{attributes[:name]}"
       end
 
       def delete_security_group(security_group_id)
         puts "Delete Security Group: #{security_group_id}"
+        "Delete Security Group: #{security_group_id}"
+      end
+
+      def security_group(tenant_name, sg_name)
+        self
+      end
+
+      def id(sg_name)
+        "#{sg_name}"
       end
     end
   end

data/lib/kakine/adapter/real.rb

@@ -1,52 +1,65 @@
-require 'json'
 module Kakine
   class Adapter
     class Real
+      include Kakine::Adapter::Base
       def create_rule(security_group_id, direction, security_rule)
-        attributes = {}
-        %w(protocol port_range_max port_range_min remote_ip ethertype).each do |k|
-          attributes[k] = eval("security_rule.#{k}")
-        end
-        if attributes["remote_ip"]
-          attributes["remote_ip_prefix"] = attributes.delete("remote_ip")
-        end
-
-        data = {}
-        attributes.each{|k,v| data[k.to_sym] = v}
         begin
-          Fog::Network[:openstack].create_security_group_rule(security_group_id, direction, data)
-        rescue Excon::Errors::Conflict => e
-          JSON.parse(e.response[:body]).each { |e,m| puts "#{e}:#{m["message"]}" }
-        rescue Excon::Errors::BadRequest => e
-          JSON.parse(e.response[:body]).each { |e,m| puts "#{e}:#{m["message"]}" }
+          security_rule = symbolized_rule(security_rule)
+          Yao::SecurityGroupRule.create(security_rule.merge({'security_group_id' => security_group_id, 'direction' => direction}))
+        rescue Excon::Errors::Conflict, Excon::Errors::BadRequest => e
+          error_message(e.response[:body])
+        rescue Kakine::SecurityRuleError => e
+          puts e
         end
       end
 
       def delete_rule(security_group_rule_id)
-        Fog::Network[:openstack].delete_security_group_rule(security_group_rule_id)
+        Yao::SecurityGroupRule.destroy(security_group_rule_id)
       end
 
       def create_security_group(attributes)
-        data = {}
-        attributes.each{|k,v| data[k.to_sym] = v}
         begin
-          response = Fog::Network[:openstack].create_security_group(data)
-          response.data[:body]["security_group"]["id"]
-        rescue Excon::Errors::Conflict => e
-          JSON.parse(e.response[:body]).each { |e,m| puts "#{e}:#{m["message"]}" }
-        rescue Excon::Errors::BadRequest => e
-          JSON.parse(e.response[:body]).each { |e,m| puts "#{e}:#{m["message"]}" }
+          security_group = Yao::SecurityGroup.create(symbolized_group(attributes))
+          {"id" => security_group.id}
+        rescue Excon::Errors::Conflict, Excon::Errors::BadRequest => e
+          error_message(e.response[:body])
         end
       end
 
       def delete_security_group(security_group_id)
         begin
-          Fog::Network[:openstack].delete_security_group(security_group_id)
-        rescue Excon::Errors::Conflict => e
-          JSON.parse(e.response[:body]).each { |e,m| puts "#{e}:#{m["message"]}" }
-        rescue Excon::Errors::BadRequest => e
-          JSON.parse(e.response[:body]).each { |e,m| puts "#{e}:#{m["message"]}" }
+          Yao::SecurityGroup.destroy(security_group_id)
+        rescue Excon::Errors::Conflict, Excon::Errors::BadRequest => e
+          error_message(e.response[:body])
+        end
+      end
+
+      private
+
+      def error_message(errors)
+        if errors.kind_of?(JSON)
+          JSON.parse(errors.response[:body]).each { |e,m| puts "#{e}:#{m["message"]}" }
+        else
+          puts errors
+        end
+      end
+
+      def symbolized_group(attributes)
+        attributes.inject({}){|data,(k,v)|data[k.to_sym] = v; data }
+      end
+
+      def symbolized_rule(security_rule)
+        attributes = {}
+        %w(protocol port_range_max port_range_min remote_ip ethertype).each do |k|
+          attributes[k.to_sym] = security_rule.send(k)
+        end
+
+        if security_rule.remote_group
+          attributes[:remote_group_id] = security_rule.remote_group_id
+        else
+          attributes[:remote_ip_prefix] = attributes.delete(:remote_ip) if attributes[:remote_ip]
         end
+        attributes
       end
     end
   end

data/lib/kakine/builder.rb

@@ -0,0 +1,96 @@
+module Kakine
+  class Builder 
+    class << self
+      def create_security_group(sg)
+        attributes = { name: sg.name, description: sg.description, tenant_id: sg.tenant_id }
+        security_group_id = Kakine::Adapter.instance.create_security_group(attributes)
+        delete_default_security_rule(sg.tenant_name, sg.name)
+        security_group_id
+      end
+
+      def delete_security_group(sg)
+        Kakine::Adapter.instance.delete_security_group(sg.id)
+      end
+
+      def first_create_security_group(new_sg)
+        create_security_group(new_sg)
+        new_sg.rules.map do |rule|
+          create_security_rule(new_sg.tenant_name, new_sg.name, rule)
+        end if new_sg.has_rules?
+      end
+
+      def clean_up_security_group(new_sgs, current_sgs)
+        current_sgs.map do |current_sg|
+          delete_security_group(current_sg) if new_sgs.none? { |new_sg| current_sg.name == new_sg.name }
+        end
+      end
+
+      def convergence_security_group(new_sg, current_sg)
+        if new_sg.description != current_sg.description
+          delete_security_group(current_sg)
+          first_create_security_group(new_sg)
+        else
+          clean_up_security_rule(new_sg, current_sg)
+          first_create_rule(new_sg, current_sg)
+        end
+      end
+      
+      def already_setup_security_group(new_sg, current_sgs)
+        current_sgs.find { |current_sg| current_sg.name == new_sg.name }
+      end
+      
+      def create_security_rule(tenant_name, sg_name, rule)
+        sg = Kakine::Resource.get(:openstack).security_group(tenant_name, sg_name)
+        security_group_id =  Kakine::Option.dryrun? && sg.nil? ? Kakine::Adapter.instance.id(sg_name) : sg.id
+        Kakine::Adapter.instance.create_rule(security_group_id, rule.direction, rule)
+      end
+
+      def delete_security_rule(tenant_name, sg_name, rule)
+        Kakine::Adapter.instance.delete_rule(rule.id)
+      end
+
+      def delete_default_security_rule(tenant_name, sg_name)
+        target_sg = Kakine::Resource.get(:openstack).load_security_group.find do |sg|
+          sg.name == sg_name
+        end
+
+        target_sg.rules.map do |rule|
+          delete_security_rule(tenant_name, sg_name, rule)
+        end if target_sg
+      end
+      
+      def first_create_rule(new_sg, current_sg)
+        new_sg.rules.map do |rule|
+          unless current_sg.find_by_rule(rule)
+            create_security_rule(new_sg.tenant_name, new_sg.name, rule)
+          end
+        end
+      end
+
+      def clean_up_security_rule(new_sg, current_sg)
+        current_sg.rules.map do |rule|
+          delete_security_rule(new_sg.tenant_name, new_sg.name, rule) unless new_sg.find_by_rule(rule)
+        end
+      end
+
+      def security_groups
+        sgs = Kakine::Resource.get(:openstack).security_groups_hash
+        delete_id_column(sgs).to_yaml
+      end
+
+      def delete_id_column(sgs)
+        case sgs
+        when Array
+          sgs.map { |sg| delete_id_column(sg) } 
+        when Hash
+          sgs.inject({}) do |hash, (k, v)|
+            hash[k] = delete_id_column(v) if k != "id" 
+            hash
+          end 
+        else
+          sgs
+        end
+      end
+    end
+  end
+end

data/lib/kakine/cli.rb

@@ -1,14 +1,13 @@
-require 'thor'
-require 'fog'
-require 'yaml'
-require 'hashdiff'
+require 'kakine'
+
 module Kakine
   class CLI < Thor
 
     option :tenant, type: :string, aliases: '-t'
     desc 'show', 'show Security Groups specified tenant'
     def show
-      puts Kakine::Resource.security_groups_hash(options[:tenant]).to_yaml
+      Kakine::Option.set_options(options)
+      Kakine::Director.show_current_security_group
     end
 
     option :tenant, type: :string, aliases: "-t"
@@ -16,24 +15,8 @@ module Kakine
     option :filename, type: :string, aliases: "-f"
     desc 'apply', "apply local configuration into OpenStack"
     def apply
-      filename = options[:filename] ? options[:filename] : "#{options[:tenant]}.yaml"
-      Kakine::Adapter.set_option(options[:dryrun])
-
-      current_security_groups  = Kakine::Resource.get_current(options[:tenant])
-      new_security_groups = Kakine::Resource.load_security_group_by_yaml(filename, options[:tenant])
-
-      return unless new_security_groups
-      new_security_groups.each do |new_sg|
-        registered_sg  = current_security_groups.find { |cur_sg| cur_sg.name == new_sg.name }
-        if registered_sg
-          new_sg.convergence!(registered_sg) if new_sg != registered_sg
-        else
-          new_sg.register!
-        end
-      end
-      current_security_groups.each do |current_sg|
-        current_sg.unregister! if new_security_groups.none? { |new_sg| current_sg.name == new_sg.name }
-      end
+      Kakine::Option.set_options(options)
+      Kakine::Director.apply
     end
   end
 end

data/lib/kakine/config.rb

@@ -0,0 +1,39 @@
+require 'yao'
+require 'yaml'
+
+module Kakine
+  class Config
+    def self.setup
+      load_config
+      setup_yao
+    end
+
+    private
+
+    def self.load_config
+      config_file = File.join(Dir.home, '.kakine')
+      raise '~/.kakine is missing' unless File.exists?(config_file)
+
+      config = YAML.load_file(config_file)
+
+      %w[auth_url tenant username password].each do |conf_item|
+        raise "Configuration '#{conf_item}' is missing. Check your ~/.kakine" unless config[conf_item]
+      end
+
+      @@auth_url       = config['auth_url']
+      @@tenant         = config['tenant']
+      @@username       = config['username']
+      @@password       = config['password']
+      true
+    end
+
+    def self.setup_yao
+      Yao.configure do
+        auth_url    @@auth_url
+        tenant_name @@tenant
+        username    @@username
+        password    @@password
+      end
+    end
+  end
+end

data/lib/kakine/director.rb

@@ -0,0 +1,26 @@
+module Kakine
+  class Director
+    class << self
+      def show_current_security_group
+        puts Kakine::Builder.security_groups
+      end
+
+      def apply
+        current_sgs = Kakine::Resource.get(:openstack).load_security_group
+        new_sgs     = Kakine::Resource.get(:yaml).load_security_group
+        new_sgs.each do |new_sg|
+          if already_sg = Kakine::Builder.already_setup_security_group(new_sg, current_sgs)
+            Kakine::Builder.convergence_security_group(new_sg, already_sg) if new_sg != already_sg
+          else
+            Kakine::Builder.first_create_security_group(new_sg)
+          end
+        end
+
+        Kakine::Builder.clean_up_security_group(new_sgs, current_sgs)
+
+        rescue Kakine::Error => e
+          puts "[error] #{e}"
+      end
+    end
+  end
+end

data/lib/kakine/option.rb

@@ -0,0 +1,23 @@
+require 'singleton'
+module Kakine
+  class Option
+    include Singleton
+    class << self
+      def set_options(options)
+        @@options = options
+      end
+
+      def yaml_name
+        @@options[:filename] ? @@options[:filename] : "#{@@options[:tenant]}.yaml"
+      end
+
+      def tenant_name
+        @@options["tenant"]
+      end
+
+      def dryrun?
+        @@options["dryrun"]
+      end
+    end
+  end
+end

data/lib/kakine/resource.rb

@@ -1,89 +1,12 @@
 module Kakine
   class Resource
     class << self
-      def load_security_group_by_yaml(filename, tenant_name)
-        load_yaml = yaml(filename)
-        return false unless Kakine::Validate.validate_file_input(load_yaml)
-        load_yaml.map { |sg| Kakine::SecurityGroup.new(tenant_name, sg) }
-      end
-
-      def get_current(tenant_name)
-        Kakine::Resource.security_groups_hash(tenant_name).map do |sg|
-          Kakine::SecurityGroup.new(tenant_name, sg)
-        end
-      end
-
-      def yaml(filename)
-        YAML.load_file(filename).to_hash
-      end
-
-      def tenant(tenant_name)
-        @tenant ||= Fog::Identity[:openstack].tenants.detect{|t| t.name == tenant_name}
-      end
-
-      def security_group(tenant_name, security_group_name)
-        security_groups_on_tenant(tenant_name).detect{|sg| sg.name == security_group_name}
-      end
-
-      def security_group_rule(security_group, attributes)
-        security_group.security_group_rules.detect do |sg|
-
-          sg.direction == attributes.direction &&
-          sg.protocol == attributes.protocol &&
-          sg.port_range_max == attributes.port_range_max &&
-          sg.port_range_min == attributes.port_range_min &&
-          sg.ethertype == attributes.ethertype &&
-          (
-            (
-              attributes.remote_group_id.nil? &&
-              sg.remote_ip_prefix == attributes.remote_ip
-            ) ||
-            (
-              attributes.remote_ip.nil? &&
-              sg.remote_group_id == attributes.remote_group_id
-            )
-          )
-        end
-      end
-
-      def security_groups_on_tenant(tenant_name)
-        Fog::Network[:openstack].security_groups.select{|sg| sg.tenant_id == tenant(tenant_name).id}
-      end
-
-      def security_groups_hash(tenant_name)
-        sg_hash = Hash.new { |h,k| h[k] = {} }
-
-        security_groups_on_tenant(tenant_name).each do |sg|
-          sg_hash[sg.name]["rules"]       = format_security_group(sg)
-          sg_hash[sg.name]["description"] = sg.description
-        end
-        sg_hash
-      end
-
-      def format_security_group(security_group)
-        security_group.security_group_rules.map do |rule|
-          rule_hash = {}
-          rule_hash["direction"] = rule.direction
-          rule_hash["protocol"]  = rule.protocol
-          rule_hash["ethertype"] = rule.ethertype
-
-          if rule.protocol == "icmp"
-            rule_hash["type"] = rule.port_range_min
-            rule_hash["code"] = rule.port_range_max
-          elsif rule.port_range_max == rule.port_range_min
-            rule_hash["port"] = rule.port_range_max
-          else
-            rule_hash["port_range_min"] = rule.port_range_min
-            rule_hash["port_range_max"] = rule.port_range_max
-          end
-
-          if rule.remote_group_id
-            response = Fog::Network[:openstack].get_security_group(rule.remote_group_id)
-            rule_hash["remote_group"] = response.data[:body]["security_group"]["name"]
-          else
-            rule_hash["remote_ip"] = rule.remote_ip_prefix
-          end
-          rule_hash
+      def get(type)
+        case
+        when type == :yaml
+          Kakine::Resource::Yaml
+        when type == :openstack
+          Kakine::Resource::OpenStack
         end
       end
     end

data/lib/kakine/resource/openstack.rb

@@ -0,0 +1,69 @@
+module Kakine
+  class Resource
+    class OpenStack
+      class << self
+        def load_security_group
+          security_groups_hash.map do |sg|
+            Kakine::SecurityGroup.new(Kakine::Option.tenant_name, sg)
+          end
+        end
+
+        def tenant(tenant_name)
+          @@tenant ||= Kakine::Adapter.instance.tenants.detect{|t| t.name == tenant_name}
+        end
+
+        def security_group(tenant_name, security_group_name)
+          security_groups_on_tenant(tenant_name).detect{|sg| sg.name == security_group_name}
+        end
+
+        def security_groups_on_tenant(tenant_name)
+          Kakine::Adapter.instance.security_groups.select { |sg| sg.tenant_id == tenant(tenant_name).id }
+        end
+
+        def security_groups_hash
+          sg_hash = Hash.new { |h,k| h[k] = {} }
+
+          security_groups_on_tenant(Kakine::Option.tenant_name).each do |sg|
+            sg_hash[sg.name]["rules"]       = format_security_group_rules(sg)
+            sg_hash[sg.name]["id"]          = sg.id
+            sg_hash[sg.name]["description"] = sg.description
+          end
+          sg_hash
+        end
+
+        def format_security_group_rules(security_group)
+          security_group.rules.map do |rule|
+            rule_hash = {}
+            rule_hash["id"]        = rule['id']
+            rule_hash["direction"] = rule['direction']
+            rule_hash["protocol"]  = rule['protocol']
+            rule_hash["ethertype"] = rule['ethertype']
+            rule_hash.merge!(port_hash(rule))
+            rule_hash.merge!(remote_hash(rule))
+          end
+        end
+
+        def port_hash(rule)
+          case
+          when rule['protocol'] == "icmp"
+            { "type" => rule['port_range_min'], "code" => rule['port_range_max'] }
+          when rule['port_range_max'] == rule['port_range_min']
+            { "port" => rule['port_range_max'] }
+          else
+            { "port_range_min" => rule['port_range_min'], "port_range_max" => rule['port_range_max'] }
+          end
+        end
+
+        def remote_hash(rule)
+          case
+          when rule['remote_group_id']
+            response = Kakine::Adapter.instance.get_security_group(rule['remote_group_id'])
+            { "remote_group" => response.name }
+          else
+            { "remote_ip" => rule['remote_ip_prefix'] }
+          end
+        end
+      end
+    end
+  end
+end

data/lib/kakine/resource/yaml.rb

@@ -0,0 +1,77 @@
+module Kakine
+  class Resource
+    class Yaml
+      class << self
+        def load_security_group
+          load_yaml = yaml(Kakine::Option.yaml_name)
+          validate_file_input(load_yaml)
+          load_yaml.map { |sg| Kakine::SecurityGroup.new(Kakine::Option.tenant_name, sg) }
+        end
+
+        def yaml(filename)
+          YAML.load_file(filename).to_hash
+        end
+
+        def validate_file_input(load_sg)
+          load_sg.each do |sg|
+            validate_attributes(sg)
+            validate_rules(sg)
+          end
+          true
+        end
+
+        def validate_attributes(sg)
+          sg_name = sg[0]
+          case
+          when sg[1].nil?
+            raise(Kakine::ConfigureError, "#{sg_name}:rules and description is required")
+          when !sg[1].key?("rules")
+            raise(Kakine::ConfigureError, "#{sg_name}:rules is required")
+          when !sg[1].key?("description")
+            raise(Kakine::ConfigureError, "#{sg_name}:description is required")
+          end
+        end
+
+        def validate_rules(sg)
+          sg_name = sg[0]
+          sg[1]["rules"].each do |rule|
+            case
+            when !has_port?(rule)
+              raise(Kakine::ConfigureError,  "#{sg_name}:rules port(icmp code) is required")
+            when !has_remote?(rule)
+              raise(Kakine::ConfigureError, "#{sg_name}:rules remote_ip or remote_group required")
+            when !has_direction?(rule)
+              raise(Kakine::ConfigureError, "#{sg_name}:rules direction is required")
+            when !has_protocol?(rule)
+              raise(Kakine::ConfigureError, "#{sg_name}:rules protocol is required")
+            when !has_ethertype?(rule)
+              raise(Kakine::ConfigureError, "#{sg_name}:rules ethertype is required")
+            end
+          end unless sg[1]["rules"].nil?
+        end
+
+        def has_port?(rule)
+          rule.key?("port") ||
+          ( rule.key?("port_range_max") && rule.key?("port_range_min") ) ||
+          ( rule.key?("type") && rule.key?("code") )
+        end
+
+        def has_remote?(rule)
+          rule.key?("remote_ip") || rule.key?("remote_group")
+        end
+
+        def has_direction?(rule)
+          rule.key?("direction")
+        end
+
+        def has_protocol?(rule)
+          rule.key?("protocol")
+        end
+
+        def has_ethertype?(rule)
+          rule.key?("ethertype")
+        end
+      end
+    end
+  end
+end

data/lib/kakine/security_group.rb

@@ -1,80 +1,52 @@
 require 'json'
 module Kakine
   class SecurityGroup
-    attr_reader :name, :tenant_id, :tenant_name, :description, :rules
+    attr_reader :id, :name, :tenant_name, :description, :rules
 
-    def initialize(tenant_name, parameter)
-      @name = parameter[0]
+    def initialize(tenant_name, params)
+      @name        = params[0]
       @tenant_name = tenant_name
-      @tenant_id = Kakine::Resource.tenant(tenant_name).id
-      @description = parameter[1]["description"] || ""
-      @rules = parameter[1]["rules"].map do |rule|
-        SecurityRule.new(rule, @tenant_name, @name)
-      end unless parameter[1]["rules"].nil?
-      @rules ||= []
+      @id          = params[1]["id"] || ""
+      @description = params[1]["description"] || ""
+      @rules       = get_rule_instances(params) || []
     end
 
-    def initialize_copy(obj)
-      @rules = Marshal.load(Marshal.dump(obj.rules))
+    def tenant_id
+      Kakine::Resource.get(:openstack).tenant(@tenant_name).id
     end
 
     def ==(target_sg)
-      instance_variables.reject{ |k| k == :@rules }.each do |val|
-        return false unless self.instance_variable_get(val) == target_sg.instance_variable_get(val)
-      end
-      @rules.each do |rule|
-        return false unless target_sg.find_by_rule(rule)
-      end
-      target_sg.rules.each do |rule|
-        return false unless find_by_rule(rule)
-      end
-      true
+      same_group?(target_sg) && same_rule?(self, target_sg) && same_rule?(target_sg, self)
     end
 
     def !=(target_sg)
       !(self == target_sg)
     end
 
-    def find_by_rule(target_rule)
-      @rules.find { |rule| rule == target_rule }
+    def same_group?(target_sg)
+      %i(@name @tenant_name @description).all? do |val|
+        instance_variable_get(val) == target_sg.instance_variable_get(val)
+      end
     end
 
-    def register!
-      Kakine::Operation.create_security_group(self)
-      @rules.each { |rule| rule.register! } if has_rules?
+    def same_rule?(a, b)
+      a.rules.all? do |rule|
+        b.find_by_rule(rule)
+      end
     end
 
-    def unregister!
-      Kakine::Operation.delete_security_group(self)
+    def get_rule_instances(params)
+      params[1]["rules"].map do |rule|
+        SecurityRule.new(rule, @tenant_name, @name)
+      end unless params[1]["rules"].nil?
     end
 
-    def convergence!(target_sg)
-      if @description != target_sg.description
-        target_sg.unregister!
-        register!
-      else
-        target_sg.rules.each do |rule|
-          rule.unregister! unless find_by_rule(rule)
-        end
-        @rules.each do |rule|
-          rule.register! unless target_sg.find_by_rule(rule)
-        end
-      end
+    def find_by_rule(target_rule)
+      @rules.find { |rule| rule == target_rule }
     end
 
     def has_rules?
       @rules.detect {|v| !v.nil?}
     end
-
-    def get_default_rule_instance
-      default_sg = self.clone
-      default_sg.set_default_rule
-      default_sg
-    end
-
-    def set_default_rule
-      @rules = %w(IPv4 IPv6).map { |v| {"direction"=>"egress", "protocol" => nil, "port"=>nil, "remote_ip"=>nil, "ethertype"=>v } }.
-        map{ |rule| SecurityRule.new(rule, @tenant_name, @name) }
-    end
   end
 end

data/lib/kakine/security_rule.rb

@@ -1,6 +1,6 @@
 module Kakine
   class SecurityRule
-    attr_reader :direction, :protocol, :port_range_max, :port_range_min, :remote_ip, :remote_group, :remote_group_id, :ethertype
+    attr_reader :id, :direction, :protocol, :port_range_max, :port_range_min, :remote_ip, :remote_group, :ethertype
 
     def initialize(rule, tenant_name, sg_name)
       @tenant_name = tenant_name
@@ -11,47 +11,43 @@ module Kakine
       end
 
       @port_range_min, @port_range_max = *convert_port_format(rule)
-      set_remote_security_group_id
+    end
 
+    def ==(target_sg)
+      %i(@direction @protocol @port_range_max @port_range_min @remote_ip @remote_group @ethertype).all? do |val|
+        self.instance_variable_get(val) == target_sg.instance_variable_get(val)
+      end
     end
 
-    def register!
-      Kakine::Operation.create_security_rule(@tenant_name, @sg_name, self)
+    def convert_port_format(rule)
+      unless format = port?(rule) || icmp?(rule) || range?(rule)
+        raise(Kakine::SecurityRuleError, "no match port format")
+      end
+      format
     end
 
-    def unregister!
-      Kakine::Operation.delete_security_rule(@tenant_name, @sg_name, self)
+    def port?(rule)
+      [rule['port'] ,rule['port']] if rule.has_key?('port')
     end
 
-    def ==(target_sg)
-      instance_variables.each do |val|
-        unless self.instance_variable_get(val) == target_sg.instance_variable_get(val)
-          return false
-        end
+    def icmp?(rule)
+      if rule.has_key?('type') && rule.has_key?('code')
+        [rule['type'] ,rule['code']]
       end
-      true
     end
 
-    private
-
-    def convert_port_format(rule)
-      case
-      when rule.has_key?('port')
-        [rule['port'] ,rule['port']]
-      when rule.has_key?('type'), rule.has_key?('code')
-        [rule['type'] ,rule['code']]
-      when rule.has_key?('port_range_max'), rule.has_key?('port_range_min')
+    def range?(rule)
+      if rule.has_key?('port_range_max') && rule.has_key?('port_range_min')
         [rule['port_range_min'] ,rule['port_range_max']]
-      else
-        raise "no match port format"
       end
     end
 
-    def set_remote_security_group_id
-      unless @remote_group.nil?
-        remote_security_group = Kakine::Resource.security_group(@tenant_name, @remote_group)
-        raise "not exists #{@remote_group}" unless remote_security_group
-        @remote_group_id = remote_security_group.id
+    def remote_group_id
+      if !!@remote_group
+        unless remote_security_group = Kakine::Resource.get(:openstack).security_group(@tenant_name, @remote_group)
+          raise(Kakine::SecurityRuleError, "not exists #{@remote_group}")
+        end
+        remote_security_group.id
       end
     end
   end

data/lib/kakine/version.rb

@@ -1,3 +1,3 @@
 module Kakine
-  VERSION = "0.3.0"
+  VERSION = "0.4.0"
 end

metadata

@@ -1,29 +1,29 @@
 --- !ruby/object:Gem::Specification
 name: kakine
 version: !ruby/object:Gem::Version
-  version: 0.3.0
+  version: 0.4.0
 platform: ruby
 authors:
 - SHIBATA Hiroshi
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2015-05-26 00:00:00.000000000 Z
+date: 2015-12-11 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
-  name: fog
+  name: yao
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 0.2.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 0.2.0
 - !ruby/object:Gem::Dependency
   name: thor
   requirement: !ruby/object:Gem::Requirement
@@ -38,20 +38,6 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
-- !ruby/object:Gem::Dependency
-  name: hashdiff
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
@@ -128,14 +114,19 @@ files:
 - kakine.gemspec
 - lib/kakine.rb
 - lib/kakine/adapter.rb
+- lib/kakine/adapter/base.rb
 - lib/kakine/adapter/mock.rb
 - lib/kakine/adapter/real.rb
+- lib/kakine/builder.rb
 - lib/kakine/cli.rb
-- lib/kakine/operation.rb
+- lib/kakine/config.rb
+- lib/kakine/director.rb
+- lib/kakine/option.rb
 - lib/kakine/resource.rb
+- lib/kakine/resource/openstack.rb
+- lib/kakine/resource/yaml.rb
 - lib/kakine/security_group.rb
 - lib/kakine/security_rule.rb
-- lib/kakine/validate.rb
 - lib/kakine/version.rb
 homepage: https://github.com/hsbt/kakine
 licenses:
@@ -157,7 +148,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.4.7
+rubygems_version: 2.5.0
 signing_key: 
 specification_version: 4
 summary: Security Group configuration tool for OpenStack.

data/lib/kakine/operation.rb

@@ -1,38 +0,0 @@
-module Kakine
-  class Operation
-    class << self
-      def adapter
-        @@adapter ||= Kakine::Adapter.get_instance
-      end
-
-      def create_security_group(sg)
-        attributes = {name: sg.name, description: sg.description, tenant_id: sg.tenant_id}
-        security_group_id = adapter.create_security_group(attributes)
-
-        #delete default rule
-        sg.get_default_rule_instance.rules.each { |rule| rule.unregister! } unless adapter.instance_of?(Kakine::Adapter::Mock)
-        security_group_id
-      end
-
-      def delete_security_group(sg)
-        security_group = Kakine::Resource.security_group(sg.tenant_name, sg.name)
-        adapter.delete_security_group(security_group.id)
-      end
-
-      def create_security_rule(tenant_name, sg_name, rule)
-        security_group_id = if adapter.instance_of?(Kakine::Adapter::Mock)
-          "[Mock] #{sg_name} ID"
-        else
-          Kakine::Resource.security_group(tenant_name, sg_name).id
-        end
-        adapter.create_rule(security_group_id, rule.direction, rule)
-      end
-
-      def delete_security_rule(tenant_name, sg_name, rule)
-        security_group = Kakine::Resource.security_group(tenant_name, sg_name)
-        security_group_rule = Kakine::Resource.security_group_rule(security_group, rule)
-        adapter.delete_rule(security_group_rule.id)
-      end
-    end
-  end
-end

data/lib/kakine/validate.rb

@@ -1,42 +0,0 @@
-module Kakine
-  class Validate
-    class << self
-      def validate_file_input(load_sg)
-        err = []
-        load_sg.each do |sg|
-          err << validate_attributes(sg)
-          err << validate_rules(sg)
-        end
-        return true unless err.detect {|e| !e.nil? }
-        err.map { |m| puts m unless m.nil? }
-        false
-      end
-
-      def validate_attributes(sg)
-        case
-        when sg[1].nil?
-          "[error] #{sg[0]}:rules and description is required"
-        when !sg[1].key?("rules")
-          "[error] #{sg[0]}:rules is required"
-        when !sg[1].key?("description")
-          "[error] #{sg[0]}:description is required"
-        end
-      end
-
-      def validate_rules(sg)
-        sg[1]["rules"].each do |rule|
-          if !rule.key?("port") &&
-            (!rule.key?("port_range_max") || !rule.key?("port_range_min")) &&
-            (!rule.key?("type") || !rule.key?("code"))
-            return "[error] #{sg[0]}:rules port(icmp code) is required"
-          elsif !rule.key?("remote_ip") && !rule.key?("remote_group")
-            return "[error] #{sg[0]}:rules remote_ip or remote_group required"
-          elsif col = %w(direction protocol ethertype).find { |k| !rule.key?(k) }
-            return "[error] #{sg[0]}:rules #{col} is required"
-          end
-        end unless sg[1]["rules"].nil?
-        nil
-      end
-    end
-  end
-end