rackerlabs
diff --git a/‎.pre-commit-config.yaml‎
Lines changed: 3 additions & 1 deletion b/‎.pre-commit-config.yaml‎
Lines changed: 3 additions & 1 deletion
diff --git a/‎components/argo-events/kustomization.yaml‎
Lines changed: 3 additions & 0 deletions b/‎components/argo-events/kustomization.yaml‎
Lines changed: 3 additions & 0 deletions
diff --git a/‎components/argo-events/secret-netapp.yaml‎
Lines changed: 17 additions & 0 deletions b/‎components/argo-events/secret-netapp.yaml‎
Lines changed: 17 additions & 0 deletions
diff --git a/‎components/openstack/templates/secretstore-openstack.yaml.tpl‎
Lines changed: 1 addition & 0 deletions b/‎components/openstack/templates/secretstore-openstack.yaml.tpl‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎python/understack-workflows/pyproject.toml‎
Lines changed: 3 additions & 0 deletions b/‎python/understack-workflows/pyproject.toml‎
Lines changed: 3 additions & 0 deletions
diff --git a/‎python/understack-workflows/tests/conftest.py‎
Lines changed: 4 additions & 4 deletions b/‎python/understack-workflows/tests/conftest.py‎
Lines changed: 4 additions & 4 deletions
diff --git a/‎python/understack-workflows/tests/json_samples/keystone-project-created.json‎
Lines changed: 4 additions & 0 deletions b/‎python/understack-workflows/tests/json_samples/keystone-project-created.json‎
Lines changed: 4 additions & 0 deletions
diff --git a/‎python/understack-workflows/tests/json_samples/keystone-project-deleted.json‎
Lines changed: 4 additions & 0 deletions b/‎python/understack-workflows/tests/json_samples/keystone-project-deleted.json‎
Lines changed: 4 additions & 0 deletions
diff --git a/‎python/understack-workflows/tests/test_keystone_project.py‎
Lines changed: 258 additions & 0 deletions b/‎python/understack-workflows/tests/test_keystone_project.py‎
Lines changed: 258 additions & 0 deletions
@@ -90,7 +90,7 @@ repos:
     hooks:
     - id: pyright
       files: '^python/understack-workflows/'
-      args: ["--threads"]
+      args: ["--threads", "python/understack-workflows"]
       additional_dependencies:
         # python-pyright stupidly does not allow local paths
         # https://github.com/pre-commit/pre-commit/issues/1752#issuecomment-754252663
@@ -105,6 +105,8 @@ repos:
         - "requests"
         - "sushy"
         - "types-requests"
+        - "netapp_ontap"
+
   - repo: local
     hooks:
       - id: trufflehog
 
@@ -20,3 +20,6 @@ resources:
 
   ## allow neutron's service account to submit workflows
   - svc-neutron.yaml
+
+  ## copy openstack/cinder-netapp-config to argo-events/netapp-config
+  - secret-netapp.yaml
@@ -0,0 +1,17 @@
+---
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: netapp-config
+spec:
+  refreshInterval: 1h
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: openstack
+  target:
+    name: netapp-config
+    creationPolicy: Owner
+    deletionPolicy: Delete
+  dataFrom:
+    - extract:
+        key: cinder-netapp-config
@@ -27,6 +27,7 @@ rules:
   resourceNames:
   - svc-acct-argoworkflow
   - svc-acct-netapp
+  - cinder-netapp-config
 - apiGroups:
   - authorization.k8s.io
   resources:
 
@@ -26,6 +26,7 @@ dependencies = [
     "sushy>=5.3.0,<6",
     "kubernetes==33.1.0",
     "understack-flavor-matcher",
+    "netapp-ontap>=9.17.1.0",
 ]
 
 [project.scripts]
@@ -38,6 +39,7 @@ bmc-password = "understack_workflows.main.print_bmc_password:main"
 bmc-kube-password = "understack_workflows.main.bmc_display_password:main"
 sync-network-segment-range = "understack_workflows.main.sync_ucvni_group_range:main"
 openstack-oslo-event = "understack_workflows.main.openstack_oslo_event:main"
+netapp-create-svm = "understack_workflows.main.netapp_create_svm:main"
 
 [dependency-groups]
 test = [
@@ -87,6 +89,7 @@ target-version = "py310"
 "tests/**/*.py" = [
     "S101",     # allow 'assert' for pytest
     "S105",     # allow hardcoded passwords for testing
+    "S106",     # allow hardcoded passwords for testing
 ]
 "understack_workflows/main/bmc_display_password.py" = [
     "S607",     # allow the kubectl call
 
@@ -52,7 +52,7 @@ def project_data(domain_id: uuid.UUID, project_id: uuid.UUID):
 
 
 @pytest.fixture
-def os_conn(project_data: dict) -> openstack.connection.Connection:
+def os_conn(project_data: dict) -> openstack.connection.Connection:  # pyright: ignore[reportAttributeAccessIssue]
     def _get_project(project_id):
         if project_id == project_data["id"].hex:
             data = {
@@ -67,10 +67,10 @@ def _get_project(project_id):
                 "domain_id": "default",
             }
         else:
-            raise openstack.exceptions.NotFoundException
-        return openstack.identity.v3.project.Project(**data)
+            raise openstack.exceptions.NotFoundException  # pyright: ignore[reportAttributeAccessIssue]
+        return openstack.identity.v3.project.Project(**data)  # pyright: ignore[reportAttributeAccessIssue]
 
-    conn = MagicMock(spec_set=openstack.connection.Connection)
+    conn = MagicMock(spec_set=openstack.connection.Connection)  # pyright: ignore[reportAttributeAccessIssue]
     conn.identity.get_project.side_effect = _get_project
     return conn
 
 
@@ -0,0 +1,4 @@
+{
+  "oslo.version": "2.0",
+  "oslo.message": "{\"message_id\": \"17007b45-83b9-45ae-9f0d-58ba04c256af\", \"publisher_id\": \"identity.keystone-api-795dc7d644-nmm8j\", \"event_type\": \"identity.project.created\", \"priority\": \"INFO\", \"payload\": {\"typeURI\": \"http://schemas.dmtf.org/cloud/audit/1.0/event\", \"eventType\": \"activity\", \"id\": \"7da95c47-8b60-57e7-9c61-3a248a8a7c98\", \"eventTime\": \"2025-08-18T10:38:07.168294+0000\", \"action\": \"created.project\", \"outcome\": \"success\", \"observer\": {\"id\": \"ad1c83a7f5f746d2a04fcc8dda226368\", \"typeURI\": \"service/security\"}, \"initiator\": {\"id\": \"99b5533ea19f4009a2b4a047e7b05533\", \"typeURI\": \"service/security/account/user\", \"host\": {\"address\": \"10.2.148.161\", \"agent\": \"python-keystoneclient\"}, \"user_id\": \"99b5533ea19f4009a2b4a047e7b05533\", \"project_id\": \"fe57b90d20084270a21a9e15ecf397bb\", \"request_id\": \"req-afd9642e-bc57-4feb-95c2-fbd7370d9f70\", \"username\": \"admin\"}, \"target\": {\"id\": \"148f2f86b96440a1ba0934f837b2c77b\", \"typeURI\": \"data/security/project\"}, \"resource_info\": \"148f2f86b96440a1ba0934f837b2c77b\"}, \"timestamp\": \"2025-08-18 10:38:07.168945\", \"_unique_id\": \"f91b7719b9084d81802a95f62f3c18cb\"}"
+}
@@ -0,0 +1,4 @@
+{
+  "oslo.version": "2.0",
+  "oslo.message": "{\"message_id\": \"ce5e8e18-3705-4514-8985-52c765f581e9\", \"publisher_id\": \"identity.keystone-api-795dc7d644-k26d4\", \"event_type\": \"identity.project.deleted\", \"priority\": \"INFO\", \"payload\": {\"typeURI\": \"http://schemas.dmtf.org/cloud/audit/1.0/event\", \"eventType\": \"activity\", \"id\": \"93cff481-dd11-5017-8048-fa2cda5f53b6\", \"eventTime\": \"2025-08-18T10:38:25.282120+0000\", \"action\": \"deleted.project\", \"outcome\": \"success\", \"observer\": {\"id\": \"ad1c83a7f5f746d2a04fcc8dda226368\", \"typeURI\": \"service/security\"}, \"initiator\": {\"id\": \"99b5533ea19f4009a2b4a047e7b05533\", \"typeURI\": \"service/security/account/user\", \"host\": {\"address\": \"10.2.148.161\", \"agent\": \"python-keystoneclient\"}, \"user_id\": \"99b5533ea19f4009a2b4a047e7b05533\", \"project_id\": \"fe57b90d20084270a21a9e15ecf397bb\", \"request_id\": \"req-980d35c5-5c9e-4308-89fd-5770480ce19e\", \"username\": \"admin\"}, \"target\": {\"id\": \"148f2f86b96440a1ba0934f837b2c77b\", \"typeURI\": \"data/security/project\"}, \"resource_info\": \"148f2f86b96440a1ba0934f837b2c77b\"}, \"timestamp\": \"2025-08-18 10:38:25.282831\", \"_unique_id\": \"a60e846a839f42fa9779dd09e79375af\"}"
+}
@@ -0,0 +1,258 @@
+from unittest.mock import MagicMock
+from unittest.mock import patch
+
+import pytest
+
+from understack_workflows.oslo_event.keystone_project import AGGREGATE_NAME
+from understack_workflows.oslo_event.keystone_project import SVM_PROJECT_TAG
+from understack_workflows.oslo_event.keystone_project import VOLUME_SIZE
+from understack_workflows.oslo_event.keystone_project import KeystoneProjectEvent
+from understack_workflows.oslo_event.keystone_project import _keystone_project_tags
+from understack_workflows.oslo_event.keystone_project import handle_project_created
+
+
+class TestKeystoneProjectEvent:
+    """Test cases for KeystoneProjectEvent class."""
+
+    def test_from_event_dict_success(self):
+        """Test successful event parsing."""
+        event_data = {"payload": {"target": {"id": "test-project-123"}}}
+
+        event = KeystoneProjectEvent.from_event_dict(event_data)
+        assert event.project_id == "test-project-123"
+
+    def test_from_event_dict_no_payload(self):
+        """Test event parsing with missing payload."""
+        event_data = {}
+
+        with pytest.raises(Exception, match="Invalid event. No 'payload'"):
+            KeystoneProjectEvent.from_event_dict(event_data)
+
+    def test_from_event_dict_no_target(self):
+        """Test event parsing with missing target."""
+        event_data = {"payload": {}}
+
+        with pytest.raises(Exception, match="no target information in payload"):
+            KeystoneProjectEvent.from_event_dict(event_data)
+
+    def test_from_event_dict_no_project_id(self):
+        """Test event parsing with missing project ID."""
+        event_data = {"payload": {"target": {}}}
+
+        with pytest.raises(Exception, match="no project_id found in payload"):
+            KeystoneProjectEvent.from_event_dict(event_data)
+
+    def test_dataclass_initialization(self):
+        """Test direct dataclass initialization."""
+        event = KeystoneProjectEvent("test-project-456")
+        assert event.project_id == "test-project-456"
+
+
+class TestKeystoneProjectTags:
+    """Test cases for _keystone_project_tags function."""
+
+    def test_project_tags_with_tags(self):
+        """Test getting project tags when project has tags."""
+        mock_project = MagicMock()
+        mock_project.tags = ["tag1", "tag2", SVM_PROJECT_TAG]
+
+        mock_conn = MagicMock()
+        mock_conn.identity.get_project.return_value = mock_project
+
+        tags = _keystone_project_tags(mock_conn, "test-project-id")
+
+        assert tags == ["tag1", "tag2", SVM_PROJECT_TAG]
+        mock_conn.identity.get_project.assert_called_once_with("test-project-id")
+
+    def test_project_tags_no_tags_attribute(self):
+        """Test getting project tags when project has no tags attribute."""
+        mock_project = MagicMock()
+        del mock_project.tags  # Remove tags attribute
+
+        mock_conn = MagicMock()
+        mock_conn.identity.get_project.return_value = mock_project
+
+        tags = _keystone_project_tags(mock_conn, "test-project-id")
+
+        assert tags == []
+        mock_conn.identity.get_project.assert_called_once_with("test-project-id")
+
+    def test_project_tags_empty_tags(self):
+        """Test getting project tags when project has empty tags."""
+        mock_project = MagicMock()
+        mock_project.tags = []
+
+        mock_conn = MagicMock()
+        mock_conn.identity.get_project.return_value = mock_project
+
+        tags = _keystone_project_tags(mock_conn, "test-project-id")
+
+        assert tags == []
+        mock_conn.identity.get_project.assert_called_once_with("test-project-id")
+
+
+class TestHandleProjectCreated:
+    """Test cases for handle_project_created function."""
+
+    @pytest.fixture
+    def mock_conn(self):
+        """Create a mock OpenStack connection."""
+        return MagicMock()
+
+    @pytest.fixture
+    def mock_nautobot(self):
+        """Create a mock Nautobot instance."""
+        return MagicMock()
+
+    @pytest.fixture
+    def valid_event_data(self):
+        """Create valid event data for testing."""
+        return {
+            "event_type": "identity.project.created",
+            "payload": {"target": {"id": "test-project-123"}},
+        }
+
+    def test_handle_project_created_wrong_event_type(self, mock_conn, mock_nautobot):
+        """Test handling event with wrong event type."""
+        event_data = {
+            "event_type": "identity.project.updated",
+            "payload": {"target": {"id": "test-project-123"}},
+        }
+
+        result = handle_project_created(mock_conn, mock_nautobot, event_data)
+        assert result == 1
+
+    @patch("understack_workflows.oslo_event.keystone_project._keystone_project_tags")
+    def test_handle_project_created_no_svm_tag(
+        self, mock_tags, mock_conn, mock_nautobot, valid_event_data
+    ):
+        """Test handling project creation without SVM tag."""
+        mock_tags.return_value = ["tag1", "tag2"]
+
+        with pytest.raises(SystemExit) as exc_info:
+            handle_project_created(mock_conn, mock_nautobot, valid_event_data)
+
+        assert exc_info.value.code == 0
+        mock_tags.assert_called_once_with(mock_conn, "test-project-123")
+
+    @patch("understack_workflows.oslo_event.keystone_project.NetAppManager")
+    @patch("understack_workflows.oslo_event.keystone_project._keystone_project_tags")
+    def test_handle_project_created_with_svm_tag(
+        self, mock_tags, mock_netapp_class, mock_conn, mock_nautobot, valid_event_data
+    ):
+        """Test successful project creation handling with SVM tag."""
+        mock_tags.return_value = ["tag1", SVM_PROJECT_TAG, "tag2"]
+        mock_netapp_manager = MagicMock()
+        mock_netapp_class.return_value = mock_netapp_manager
+
+        result = handle_project_created(mock_conn, mock_nautobot, valid_event_data)
+
+        assert result == 0
+        mock_tags.assert_called_once_with(mock_conn, "test-project-123")
+        mock_netapp_class.assert_called_once()
+        mock_netapp_manager.create_svm.assert_called_once_with(
+            project_id="test-project-123", aggregate_name=AGGREGATE_NAME
+        )
+        mock_netapp_manager.create_volume.assert_called_once_with(
+            project_id="test-project-123",
+            volume_size=VOLUME_SIZE,
+            aggregate_name=AGGREGATE_NAME,
+        )
+
+    @patch("understack_workflows.oslo_event.keystone_project.NetAppManager")
+    @patch("understack_workflows.oslo_event.keystone_project._keystone_project_tags")
+    def test_handle_project_created_netapp_manager_failure(
+        self, mock_tags, mock_netapp_class, mock_conn, mock_nautobot, valid_event_data
+    ):
+        """Test handling when NetAppManager creation fails."""
+        mock_tags.return_value = [SVM_PROJECT_TAG]
+        mock_netapp_class.side_effect = Exception("NetApp connection failed")
+
+        with pytest.raises(Exception, match="NetApp connection failed"):
+            handle_project_created(mock_conn, mock_nautobot, valid_event_data)
+
+        mock_tags.assert_called_once_with(mock_conn, "test-project-123")
+        mock_netapp_class.assert_called_once()
+
+    @patch("understack_workflows.oslo_event.keystone_project.NetAppManager")
+    @patch("understack_workflows.oslo_event.keystone_project._keystone_project_tags")
+    def test_handle_project_created_svm_creation_failure(
+        self, mock_tags, mock_netapp_class, mock_conn, mock_nautobot, valid_event_data
+    ):
+        """Test handling when SVM creation fails."""
+        mock_tags.return_value = [SVM_PROJECT_TAG]
+        mock_netapp_manager = MagicMock()
+        mock_netapp_manager.create_svm.side_effect = Exception("SVM creation failed")
+        mock_netapp_class.return_value = mock_netapp_manager
+
+        with pytest.raises(Exception, match="SVM creation failed"):
+            handle_project_created(mock_conn, mock_nautobot, valid_event_data)
+
+        mock_tags.assert_called_once_with(mock_conn, "test-project-123")
+        mock_netapp_class.assert_called_once()
+        mock_netapp_manager.create_svm.assert_called_once_with(
+            project_id="test-project-123", aggregate_name=AGGREGATE_NAME
+        )
+
+    @patch("understack_workflows.oslo_event.keystone_project.NetAppManager")
+    @patch("understack_workflows.oslo_event.keystone_project._keystone_project_tags")
+    def test_handle_project_created_volume_creation_failure(
+        self, mock_tags, mock_netapp_class, mock_conn, mock_nautobot, valid_event_data
+    ):
+        """Test handling when volume creation fails."""
+        mock_tags.return_value = [SVM_PROJECT_TAG]
+        mock_netapp_manager = MagicMock()
+        mock_netapp_manager.create_volume.side_effect = Exception(
+            "Volume creation failed"
+        )
+        mock_netapp_class.return_value = mock_netapp_manager
+
+        with pytest.raises(Exception, match="Volume creation failed"):
+            handle_project_created(mock_conn, mock_nautobot, valid_event_data)
+
+        mock_tags.assert_called_once_with(mock_conn, "test-project-123")
+        mock_netapp_class.assert_called_once()
+        mock_netapp_manager.create_svm.assert_called_once_with(
+            project_id="test-project-123", aggregate_name=AGGREGATE_NAME
+        )
+        mock_netapp_manager.create_volume.assert_called_once_with(
+            project_id="test-project-123",
+            volume_size=VOLUME_SIZE,
+            aggregate_name=AGGREGATE_NAME,
+        )
+
+    def test_handle_project_created_invalid_event_data(self, mock_conn, mock_nautobot):
+        """Test handling with invalid event data."""
+        invalid_event_data = {
+            "event_type": "identity.project.created",
+            "payload": {},  # Missing target
+        }
+
+        with pytest.raises(Exception, match="no target information in payload"):
+            handle_project_created(mock_conn, mock_nautobot, invalid_event_data)
+
+    @patch("understack_workflows.oslo_event.keystone_project._keystone_project_tags")
+    def test_handle_project_created_constants_used(
+        self, mock_tags, mock_conn, mock_nautobot, valid_event_data
+    ):
+        """Test constants used for aggregate name and volume size."""
+        mock_tags.return_value = [SVM_PROJECT_TAG]
+
+        with patch(
+            "understack_workflows.oslo_event.keystone_project.NetAppManager"
+        ) as mock_netapp_class:
+            mock_netapp_manager = MagicMock()
+            mock_netapp_class.return_value = mock_netapp_manager
+
+            handle_project_created(mock_conn, mock_nautobot, valid_event_data)
+
+            # Verify the constants are used correctly
+            mock_netapp_manager.create_svm.assert_called_once_with(
+                project_id="test-project-123",
+                aggregate_name="aggr02_n02_NVME",  # AGGREGATE_NAME constant
+            )
+            mock_netapp_manager.create_volume.assert_called_once_with(
+                project_id="test-project-123",
+                volume_size="1GB",  # VOLUME_SIZE constant
+                aggregate_name="aggr02_n02_NVME",  # AGGREGATE_NAME constant
+            )
-Original file line number
+Diff line change
@@ @@ -0,0 +1,4 @@ @@
 +{
 +  "oslo.version": "2.0",
 +  "oslo.message": "{\"message_id\": \"17007b45-83b9-45ae-9f0d-58ba04c256af\", \"publisher_id\": \"identity.keystone-api-795dc7d644-nmm8j\", \"event_type\": \"identity.project.created\", \"priority\": \"INFO\", \"payload\": {\"typeURI\": \"http://schemas.dmtf.org/cloud/audit/1.0/event\", \"eventType\": \"activity\", \"id\": \"7da95c47-8b60-57e7-9c61-3a248a8a7c98\", \"eventTime\": \"2025-08-18T10:38:07.168294+0000\", \"action\": \"created.project\", \"outcome\": \"success\", \"observer\": {\"id\": \"ad1c83a7f5f746d2a04fcc8dda226368\", \"typeURI\": \"service/security\"}, \"initiator\": {\"id\": \"99b5533ea19f4009a2b4a047e7b05533\", \"typeURI\": \"service/security/account/user\", \"host\": {\"address\": \"10.2.148.161\", \"agent\": \"python-keystoneclient\"}, \"user_id\": \"99b5533ea19f4009a2b4a047e7b05533\", \"project_id\": \"fe57b90d20084270a21a9e15ecf397bb\", \"request_id\": \"req-afd9642e-bc57-4feb-95c2-fbd7370d9f70\", \"username\": \"admin\"}, \"target\": {\"id\": \"148f2f86b96440a1ba0934f837b2c77b\", \"typeURI\": \"data/security/project\"}, \"resource_info\": \"148f2f86b96440a1ba0934f837b2c77b\"}, \"timestamp\": \"2025-08-18 10:38:07.168945\", \"_unique_id\": \"f91b7719b9084d81802a95f62f3c18cb\"}"
 +}