Make the region param and ENV var interchangable

This allows for creating and deleteing resources from puppet resource by
passing the environment variable (which is already used for scoping).

Prior to this change you would have to pass the information twice. If
you do pass both we maintain the same approach as previous, giving the
param a higher presendence.

This also allows for not specifying the region in the DSL, and instead
using the AWS_REGION variable. This matches the standard behaviour of
other AWS tools, and means in the case of not providing anything the
correct error bubbles through.

lib/puppet/provider/ec2_securitygroup/v2.rb

@@ -24,7 +24,7 @@ def self.instances
   def self.prefetch(resources)
     instances.each do |prov|
       if resource = resources[prov.name] # rubocop:disable Lint/AssignmentInCondition
-        resource.provider = prov if resource[:region] == prov.region
+        resource.provider = prov if (resource[:region] || ENV['AWS_REGION']) == prov.region
       end
     end
   end
@@ -96,14 +96,13 @@ def self.security_group_to_hash(region, group)
   end
 
   def exists?
-    dest_region = resource[:region] if resource
-    Puppet.info("Checking if security group #{name} exists in region #{dest_region || region}")
+    Puppet.info("Checking if security group #{name} exists in region #{target_region}")
     @property_hash[:ensure] == :present
   end
 
   def create
-    Puppet.info("Creating security group #{name} in region #{resource[:region]}")
-    ec2 = ec2_client(resource[:region])
+    Puppet.info("Creating security group #{name} in region #{target_region}")
+    ec2 = ec2_client(target_region)
     config = {
       group_name: name,
       description: resource[:description]
@@ -207,8 +206,8 @@ def ingress=(value)
   end
 
   def destroy
-    Puppet.info("Deleting security group #{name} in region #{resource[:region]}")
-    ec2_client(resource[:region]).delete_security_group(
+    Puppet.info("Deleting security group #{name} in region #{target_region}")
+    ec2_client(target_region).delete_security_group(
       group_id: @property_hash[:id]
     )
     @property_hash[:ensure] = :absent

lib/puppet/type/ec2_securitygroup.rb

@@ -1,4 +1,5 @@
 require_relative '../../puppet_x/puppetlabs/property/tag.rb'
+require_relative '../../puppet_x/puppetlabs/property/region'
 require_relative '../../puppet_x/puppetlabs/aws_ingress_rules_parser'
 
 Puppet::Type.newtype(:ec2_securitygroup) do
@@ -13,11 +14,8 @@
     end
   end
 
-  newproperty(:region) do
+  newproperty(:region, :parent => PuppetX::Property::AwsRegion) do
     desc 'the region in which to launch the security group'
-    validate do |value|
-      fail 'region should not contains spaces' if value =~ /\s/
-    end
   end
 
   newproperty(:ingress, :array_matching => :all) do

lib/puppet_x/puppetlabs/aws.rb

@@ -96,6 +96,12 @@ def self.tags_for(item)
         tags
       end
 
+      def target_region
+        target = resource ? resource[:region] || region : region
+        target = nil if target == :absent
+        target || ENV['AWS_REGION']
+      end
+
       def tags=(value)
         Puppet.info("Updating tags for #{name} in region #{region}")
         ec2 = ec2_client(resource[:region])

lib/puppet_x/puppetlabs/property/region.rb

@@ -0,0 +1,13 @@
+module PuppetX
+  module Property
+    class AwsRegion < Puppet::Property
+      validate do |value|
+        name = resource[:name]
+        fail "region for #{name} should not contains spaces" if value =~ /\s/
+        if !ENV['AWS_REGION'].nil? && ENV['AWS_REGION'] != value
+          fail "if using AWS_REGION environment variable it must match the specified region value for #{name}"
+        end
+      end
+    end
+  end
+end