From 109802be5fba8cf9dd25806df87d620e5b19dff7 Mon Sep 17 00:00:00 2001
From: Eduardo Olivares <eolivare@redhat.com>
Date: Fri, 14 Apr 2023 17:32:14 +0200
Subject: [PATCH] Create only one Sec Group per fixture

This patch includes some changes wrt StatelessSecurityGroupFixture:
- a task that cleans up the security groups generated with this fixture
  is added to the tobiko-cleanup role
- when TOBIKO_PREVENT_CREATE env variable is set, the security groups
  are not created (they should have been created before)
- the lockutils.synchronized decorator is used to avoid that two
  security groups with the same name are created concurrently
- neutron.get_security_group(self.name) did not work because that method
  does not work with the security group name; it is replaced by
  neutron.list_security_groups(name=self.name) instead

Change-Id: I3ab84e138049a27db017630b32d81d290aa5f6cd
---
 roles/tobiko-cleanup/tasks/main.yaml |  8 ++++++++
 tobiko/openstack/stacks/_neutron.py  | 22 +++++++++++++++++-----
 2 files changed, 25 insertions(+), 5 deletions(-)

diff --git a/roles/tobiko-cleanup/tasks/main.yaml b/roles/tobiko-cleanup/tasks/main.yaml
index e3a4c7265..f726b8c65 100644
--- a/roles/tobiko-cleanup/tasks/main.yaml
+++ b/roles/tobiko-cleanup/tasks/main.yaml
@@ -27,6 +27,14 @@
         xargs -r openstack subnet pool delete
   ignore_errors: yes
 
+- name: "cleanup Security Groups created by Tobiko tests"
+  shell: |
+    source {{ stackrc_file }}
+    openstack security group list -f value -c 'Name' | \
+        grep "^tobiko\." | \
+        xargs -r openstack security group delete
+  ignore_errors: yes
+
 - name: "cleanup Glance images created by Tobiko tests"
   shell: |
     source {{ stackrc_file }}
diff --git a/tobiko/openstack/stacks/_neutron.py b/tobiko/openstack/stacks/_neutron.py
index 9512d2bd7..76243cc31 100644
--- a/tobiko/openstack/stacks/_neutron.py
+++ b/tobiko/openstack/stacks/_neutron.py
@@ -637,17 +637,28 @@ class StatelessSecurityGroupFixture(tobiko.SharedFixture):
         super(StatelessSecurityGroupFixture, self).__init__()
 
     def setup_fixture(self):
+        if config.get_bool_env('TOBIKO_PREVENT_CREATE'):
+            LOG.debug("StatelessSecurityGroupFixture should have been already "
+                      "created: %r", self.security_group)
+        else:
+            self.try_create_security_group()
+
+        if self.security_group:
+            tobiko.addme_to_shared_resource(__name__, self.name)
+
+    @lockutils.synchronized(
+        'create_security_group', external=True, lock_path=LOCK_DIR)
+    def try_create_security_group(self):
         if not self.security_group:
             self._security_group = neutron.create_security_group(
                 name=self.name, description=self.description,
                 add_cleanup=False, stateful=False)
-        if self.security_group:
+            # add rules once the SG was created
             for rule in self.rules:
                 neutron.create_security_group_rule(
                     self._security_group['id'],
                     add_cleanup=False,
                     **rule)
-            tobiko.addme_to_shared_resource(__name__, self.name)
 
     def cleanup_fixture(self):
         n_tests_using_stack = len(tobiko.removeme_from_shared_resource(
@@ -676,11 +687,12 @@ class StatelessSecurityGroupFixture(tobiko.SharedFixture):
     @property
     def security_group(self):
         if not self._security_group:
-            try:
-                self._security_group = neutron.get_security_group(self.name)
-            except neutron.NotFound:
+            sgs = neutron.list_security_groups(name=self.name)
+            if len(sgs) == 0:
                 LOG.debug("Security group %r not found.", self.name)
                 self._security_group = None
+            else:
+                self._security_group = sgs.unique
         return self._security_group