Merge "Add api endpoints for changing boot_mode and secure_boot state"

This commit is contained in:
Zuul 2021-08-24 09:49:56 +00:00 committed by Gerrit Code Review
commit 067b0a2716
22 changed files with 1248 additions and 11 deletions

@ -299,6 +299,75 @@ Response
.. literalinclude:: samples/node-get-state-response.json
Change Node Boot Mode
=====================
.. rest_method:: PUT /v1/nodes/{node_ident}/states/boot_mode
Request a change to the Node's boot mode.
.. versionadded:: 1.76
A change in node's boot mode can be requested.
Normal response code: 202 (Accepted)
Error codes:
- 409 (Conflict, NodeLocked, ClientError)
- 400 (Invalid, InvalidStateRequested, InvalidParameterValue)
- 404 (NotFound)
- 503 (NoFreeConductorWorkers)
Request
-------
.. rest_parameters:: parameters.yaml
- node_ident: node_ident
- target: req_target_boot_mode
**Example request for UEFI boot:**
.. literalinclude:: samples/node-set-boot-mode-uefi.json
**Example request for Legacy BIOS boot:**
.. literalinclude:: samples/node-set-boot-mode-bios.json
Change Node Secure Boot
=======================
.. rest_method:: PUT /v1/nodes/{node_ident}/states/secure_boot
Request a change to the Node's secure boot state.
.. versionadded:: 1.76
A change in node's secure boot state can be requested.
Normal response code: 202 (Accepted)
Error codes:
- 409 (Conflict, NodeLocked, ClientError)
- 400 (Invalid, InvalidStateRequested, InvalidParameterValue)
- 404 (NotFound)
- 503 (NoFreeConductorWorkers)
Request
-------
.. rest_parameters:: parameters.yaml
- node_ident: node_ident
- target: req_target_secure_boot
**Example request to turn off secure boot:**
.. literalinclude:: samples/node-set-secure-boot-off.json
**Example request to turn on secure boot:**
.. literalinclude:: samples/node-set-secure-boot-on.json
Change Node Power State
=======================

@ -1754,6 +1754,13 @@ req_storage_interface:
in: body
required: false
type: string
req_target_boot_mode:
description: |
If a boot mode change has been requested, this field represents the
requested (ie, "target") state, either "uefi" or "bios".
in: body
required: true
type: string
req_target_power_state:
description: |
If a power state transition has been requested, this field represents the
@ -1770,6 +1777,13 @@ req_target_raid_config:
in: body
required: true
type: JSON
req_target_secure_boot:
description: |
If a secure boot change has been requested, this field represents the
requested (ie, "target") state, either ``true`` or ``false``.
in: body
required: true
type: boolean
req_uuid:
description: |
The UUID for the resource.

@ -0,0 +1,3 @@
{
"target": "bios"
}

@ -0,0 +1,3 @@
{
"target": "uefi"
}

@ -0,0 +1,3 @@
{
"target": false
}

@ -0,0 +1,3 @@
{
"target": true
}

@ -2,9 +2,17 @@
REST API Version History
========================
1.76 (Xena, ?)
----------------------
Add endpoints for changing boot mode and secure boot state of node
asynchronously:
* ``PUT /v1/nodes/{node_ident}/states/boot_mode``
* ``PUT /v1/nodes/{node_ident}/states/secure_boot``
1.75 (Xena, 18.1)
----------------------
Add `boot_mode` and `secure_boot` to node object and expose their state at:
Add ``boot_mode`` and ``secure_boot`` to node object and expose their state at:
* ``/v1/nodes/{node_ident}/states``

@ -40,6 +40,7 @@ from ironic.api.controllers.v1 import versions
from ironic.api.controllers.v1 import volume
from ironic.api import method
from ironic.common import args
from ironic.common import boot_modes
from ironic.common import exception
from ironic.common.i18n import _
from ironic.common import policy
@ -120,6 +121,9 @@ ALLOWED_TARGET_POWER_STATES = (ir_states.POWER_ON,
ir_states.SOFT_REBOOT,
ir_states.SOFT_POWER_OFF)
ALLOWED_TARGET_BOOT_MODES = (boot_modes.LEGACY_BIOS,
boot_modes.UEFI)
_NODE_DESCRIPTION_MAX_LENGTH = 4096
_NETWORK_DATA_SCHEMA = None
@ -710,6 +714,8 @@ def node_states_convert(rpc_node):
class NodeStatesController(rest.RestController):
_custom_actions = {
'boot_mode': ['PUT'],
'secure_boot': ['PUT'],
'power': ['PUT'],
'provision': ['PUT'],
'raid': ['PUT'],
@ -822,6 +828,107 @@ class NodeStatesController(rest.RestController):
url_args = '/'.join([node_ident, 'states'])
api.response.location = link.build_url('nodes', url_args)
@METRICS.timer('NodeStatesController.boot_mode')
@method.expose(status_code=http_client.ACCEPTED)
@args.validate(node_ident=args.uuid_or_name, target=args.string)
def boot_mode(self, node_ident, target):
"""Asynchronous set the boot mode of the node.
:param node_ident: the UUID or logical name of a node.
:param target: The desired boot_mode for the node. (uefi/bios)
:raises: NotFound (HTTP 404) if requested version of the API
is less than 1.76.
:raises: InvalidParameterValue (HTTP 400) if the requested target
state is not valid.
:raises: Conflict (HTTP 409) if a node is in adopting state or
another transient state.
"""
rpc_node = api_utils.check_node_policy_and_retrieve(
'baremetal:node:set_boot_mode', node_ident)
topic = api.request.rpcapi.get_topic_for(rpc_node)
if (api.request.version.minor
< versions.MINOR_76_NODE_CHANGE_BOOT_MODE):
raise exception.NotFound(
(_("This endpoint is supported starting with the API version "
"1.%(min_version)s") %
{'min_version': versions.MINOR_76_NODE_CHANGE_BOOT_MODE}))
if target not in ALLOWED_TARGET_BOOT_MODES:
msg = (_("Invalid boot mode %(mode)s requested for node. "
"Allowed boot modes are: "
"%(modes)s") %
{'mode': target,
'modes': ', '.join(ALLOWED_TARGET_BOOT_MODES)})
raise exception.InvalidParameterValue(msg)
# NOTE(cenne): This currenly includes the ADOPTING state
if rpc_node.provision_state in ir_states.UNSTABLE_STATES:
msg = _("Node is in %(state)s state. Since node is transitioning, "
"the boot mode will not be set as this may interfere "
"with ongoing changes and result in erroneous modification"
". Try again later.")
raise exception.Conflict(msg,
action=target, node=node_ident,
state=rpc_node.provision_state
)
api.request.rpcapi.change_node_boot_mode(api.request.context,
rpc_node.uuid, target,
topic=topic)
# Set the HTTP Location Header
url_args = '/'.join([node_ident, 'states'])
api.response.location = link.build_url('nodes', url_args)
@METRICS.timer('NodeStatesController.secure_boot')
@method.expose(status_code=http_client.ACCEPTED)
@args.validate(node_ident=args.uuid_or_name, target=args.boolean)
def secure_boot(self, node_ident, target):
"""Asynchronous set the secure_boot state of the node.
:param node_ident: the UUID or logical name of a node.
:param target: The desired secure_boot for the node. (True/False)
:raises: NotFound (HTTP 404) if requested version of the API
is less than 1.76.
:raises: InvalidParameterValue (HTTP 400) if the requested target
state is not valid.
:raises: Conflict (HTTP 409) if a node is in adopting state.
"""
rpc_node = api_utils.check_node_policy_and_retrieve(
'baremetal:node:set_secure_boot', node_ident)
topic = api.request.rpcapi.get_topic_for(rpc_node)
if (api.request.version.minor
< versions.MINOR_76_NODE_CHANGE_BOOT_MODE):
raise exception.NotFound(
(_("This endpoint is supported starting with the API version "
"1.%(min_version)s") %
{'min_version': versions.MINOR_76_NODE_CHANGE_BOOT_MODE}))
# NOTE(cenne): This is to exclude target=None or other invalid values
if target not in (True, False):
msg = (_("Invalid secure_boot %(state)s requested for node. "
"Allowed secure_boot states are: True, False) ") %
{'state': target})
raise exception.InvalidParameterValue(msg)
# NOTE(cenne): This currenly includes the ADOPTING state
if rpc_node.provision_state in ir_states.UNSTABLE_STATES:
msg = _("Node is in %(state)s state. Since node is transitioning, "
"the boot mode will not be set as this may interfere "
"with ongoing changes and result in erroneous modification"
". Try again later.")
raise exception.Conflict(msg,
action=target, node=node_ident,
state=rpc_node.provision_state
)
api.request.rpcapi.change_node_secure_boot(api.request.context,
rpc_node.uuid, target,
topic=topic)
# Set the HTTP Location Header
url_args = '/'.join([node_ident, 'states'])
api.response.location = link.build_url('nodes', url_args)
def _do_provision_action(self, rpc_node, target, configdrive=None,
clean_steps=None, deploy_steps=None,
rescue_password=None, disable_ramdisk=None):

@ -113,6 +113,7 @@ BASE_VERSION = 1
# v1.73: Add support for deploy and undeploy verbs
# v1.74: Add bios registry to /v1/nodes/{node}/bios/{setting}
# v1.75: Add boot_mode, secure_boot fields to node object.
# v1.76: Add support for changing boot_mode and secure_boot state
MINOR_0_JUNO = 0
MINOR_1_INITIAL_VERSION = 1
@ -190,6 +191,7 @@ MINOR_72_HEARTBEAT_STATUS = 72
MINOR_73_DEPLOY_UNDEPLOY_VERBS = 73
MINOR_74_BIOS_REGISTRY = 74
MINOR_75_NODE_BOOT_MODE = 75
MINOR_76_NODE_CHANGE_BOOT_MODE = 76
# When adding another version, update:
# - MINOR_MAX_VERSION
@ -197,7 +199,7 @@ MINOR_75_NODE_BOOT_MODE = 75
# explanation of what changed in the new version
# - common/release_mappings.py, RELEASE_MAPPING['master']['api']
MINOR_MAX_VERSION = MINOR_75_NODE_BOOT_MODE
MINOR_MAX_VERSION = MINOR_76_NODE_CHANGE_BOOT_MODE
# String representations of the minor and maximum versions
_MIN_VERSION_STRING = '{}.{}'.format(BASE_VERSION, MINOR_1_INITIAL_VERSION)

@ -770,6 +770,26 @@ node_policies = [
],
deprecated_rule=deprecated_node_set_power_state
),
policy.DocumentedRuleDefault(
name='baremetal:node:set_boot_mode',
check_str=SYSTEM_OR_PROJECT_MEMBER,
scope_types=['system', 'project'],
description='Change Node boot mode',
operations=[
{'path': '/nodes/{node_ident}/states/boot_mode', 'method': 'PUT'}
],
deprecated_rule=deprecated_node_set_power_state
),
policy.DocumentedRuleDefault(
name='baremetal:node:set_secure_boot',
check_str=SYSTEM_OR_PROJECT_MEMBER,
scope_types=['system', 'project'],
description='Change Node secure boot state',
operations=[
{'path': '/nodes/{node_ident}/states/secure_boot', 'method': 'PUT'}
],
deprecated_rule=deprecated_node_set_power_state
),
policy.DocumentedRuleDefault(
name='baremetal:node:set_provision_state',
check_str=SYSTEM_OR_OWNER_MEMBER_AND_LESSEE_ADMIN,

@ -371,8 +371,8 @@ RELEASE_MAPPING = {
}
},
'master': {
'api': '1.75',
'rpc': '1.54',
'api': '1.76',
'rpc': '1.55',
'objects': {
'Allocation': ['1.1'],
'BIOSSetting': ['1.1'],

@ -91,7 +91,7 @@ class ConductorManager(base_manager.BaseConductorManager):
# NOTE(rloo): This must be in sync with rpcapi.ConductorAPI's.
# NOTE(pas-ha): This also must be in sync with
# ironic.common.release_mappings.RELEASE_MAPPING['master']
RPC_API_VERSION = '1.54'
RPC_API_VERSION = '1.55'
target = messaging.Target(version=RPC_API_VERSION)
@ -346,6 +346,64 @@ class ConductorManager(base_manager.BaseConductorManager):
task.spawn_after(self._spawn_worker, utils.node_power_action,
task, new_state, timeout=power_timeout)
@METRICS.timer('ConductorManager.change_node_boot_mode')
@messaging.expected_exceptions(exception.InvalidParameterValue,
exception.NoFreeConductorWorker,
exception.NodeLocked)
def change_node_boot_mode(self, context, node_id, new_state):
"""RPC method to encapsulate changes to a node's boot_mode.
:param context: an admin context.
:param node_id: the id or uuid of a node.
:param new_state: the desired boot mode for the node.
:raises: NoFreeConductorWorker when there is no free worker to start
async task.
:raises: InvalidParameterValue
"""
LOG.debug("RPC change_node_boot_mode called for node %(node)s. "
"The desired new state is %(state)s.",
{'node': node_id, 'state': new_state})
with task_manager.acquire(context, node_id, shared=False,
purpose='changing node boot mode') as task:
task.driver.management.validate(task)
# Starting new operation, so clear the previous error.
# We'll be putting an error here soon if we fail task.
task.node.last_error = None
task.node.save()
task.set_spawn_error_hook(utils._spawn_error_handler,
task.node, "changing node boot mode")
task.spawn_after(self._spawn_worker,
utils.node_change_boot_mode, task, new_state)
@METRICS.timer('ConductorManager.change_node_secure_boot')
@messaging.expected_exceptions(exception.InvalidParameterValue,
exception.NoFreeConductorWorker,
exception.NodeLocked)
def change_node_secure_boot(self, context, node_id, new_state):
"""RPC method to encapsulate changes to a node's secure_boot state.
:param context: an admin context.
:param node_id: the id or uuid of a node.
:param new_state: the desired secure_boot state for the node.
:raises: NoFreeConductorWorker when there is no free worker to start
async task.
:raises: InvalidParameterValue
"""
LOG.debug("RPC change_node_secure_boot called for node %(node)s. "
"The desired new state is %(state)s.",
{'node': node_id, 'state': new_state})
with task_manager.acquire(context, node_id, shared=False,
purpose='changing node secure') as task:
task.driver.management.validate(task)
# Starting new operation, so clear the previous error.
# We'll be putting an error here soon if we fail task.
task.node.last_error = None
task.node.save()
task.set_spawn_error_hook(utils._spawn_error_handler,
task.node, "changing node secure boot")
task.spawn_after(self._spawn_worker,
utils.node_change_secure_boot, task, new_state)
@METRICS.timer('ConductorManager.vendor_passthru')
@messaging.expected_exceptions(exception.NoFreeConductorWorker,
exception.NodeLocked,

@ -108,12 +108,13 @@ class ConductorAPI(object):
| 1.53 - Added disable_ramdisk to do_node_clean.
| 1.54 - Added optional agent_status and agent_status_message to
heartbeat
| 1.55 - Added change_node_boot_mode
"""
# NOTE(rloo): This must be in sync with manager.ConductorManager's.
# NOTE(pas-ha): This also must be in sync with
# ironic.common.release_mappings.RELEASE_MAPPING['master']
RPC_API_VERSION = '1.54'
RPC_API_VERSION = '1.55'
def __init__(self, topic=None):
super(ConductorAPI, self).__init__()
@ -281,6 +282,46 @@ class ConductorAPI(object):
return cctxt.call(context, 'change_node_power_state', node_id=node_id,
new_state=new_state, timeout=timeout)
def change_node_boot_mode(self, context, node_id, new_state,
topic=None):
"""Change a node's boot mode.
Synchronously, acquire lock and start the conductor background task
to change boot mode of a node.
:param context: request context.
:param node_id: node id or uuid.
:param new_state: one of ironic.common.boot_modes values
('bios' / 'uefi')
:param topic: RPC topic. Defaults to self.topic.
:raises: NoFreeConductorWorker when there is no free worker to start
async task.
"""
cctxt = self.client.prepare(topic=topic or self.topic, version='1.55')
return cctxt.call(context, 'change_node_boot_mode', node_id=node_id,
new_state=new_state)
def change_node_secure_boot(self, context, node_id, new_state,
topic=None):
"""Change a node's secure_boot state.
Synchronously, acquire lock and start the conductor background task
to change secure_boot state of a node.
:param context: request context.
:param node_id: node id or uuid.
:param new_state: Target secure boot state
(True => 'on' / False => 'off')
:param topic: RPC topic. Defaults to self.topic.
:raises: NoFreeConductorWorker when there is no free worker to start
async task.
"""
cctxt = self.client.prepare(topic=topic or self.topic, version='1.55')
return cctxt.call(context, 'change_node_secure_boot', node_id=node_id,
new_state=new_state)
def vendor_passthru(self, context, node_id, driver_method, http_method,
info, topic=None):
"""Receive requests for vendor-specific actions.

@ -133,14 +133,22 @@ def node_set_boot_mode(task, mode):
return
task.driver.management.validate(task)
try:
supported_boot_modes = (
task.driver.management.get_supported_boot_modes(task)
)
except exception.UnsupportedDriverExtension:
LOG.debug(
"Cannot determine supported boot modes of driver "
"%(driver)s. Will make an attempt to set boot mode %(mode)s",
{'driver': task.node.driver, 'mode': mode})
supported_boot_modes = ()
boot_modes = task.driver.management.get_supported_boot_modes(task)
if mode not in boot_modes:
if supported_boot_modes and mode not in supported_boot_modes:
msg = _("Unsupported boot mode %(mode)s specified for "
"node %(node_id)s. Supported boot modes are: "
"%(modes)s") % {'mode': mode,
'modes': ', '.join(boot_modes),
'modes': ', '.join(supported_boot_modes),
'node_id': task.node.uuid}
raise exception.InvalidParameterValue(msg)
@ -1473,3 +1481,95 @@ def node_cache_boot_mode(task):
"for node %(node)s",
{'boot_mode': boot_mode, 'secure_boot': secure_boot,
'node': task.node.uuid})
def node_change_boot_mode(task, target_boot_mode):
"""Change boot mode to requested state for node
:param task: a TaskManager instance containing the node to act on.
:param target_boot_mode: Any boot mode in :mod:`ironic.common.boot_modes`.
"""
try:
current_boot_mode = task.driver.management.get_boot_mode(task)
except Exception as exc:
current_boot_mode = None
LOG.warning('Unexpected exception when trying to detect boot_mode '
'while changing boot mode for node '
'%(node)s. %(class)s: %(exc)s',
{'node': task.node.uuid,
'class': type(exc).__name__, 'exc': exc},
exc_info=not isinstance(exc, exception.IronicException))
if (current_boot_mode is not None
and target_boot_mode == current_boot_mode):
LOG.info("Target boot mode '%(target)s', and current boot mode "
"'%(current)s' are identical. No change being made "
"for node %(node)s",
{'target': target_boot_mode, 'current': current_boot_mode,
'node': task.node.uuid})
return
try:
task.driver.management.set_boot_mode(task, mode=target_boot_mode)
except Exception as exc:
LOG.error('Unexpected exception when trying to change boot_mode '
'to %(target)s for node %(node)s. %(class)s: %(exc)s',
{'node': task.node.uuid, 'target': target_boot_mode,
'class': type(exc).__name__, 'exc': exc},
exc_info=not isinstance(exc, exception.IronicException))
task.node.last_error = (
"Failed to change boot mode to '%(target)s'. "
"Error: %(err)s" % {'target': target_boot_mode, 'err': exc})
task.node.save()
else:
LOG.info("Changed boot_mode to %(mode)s for node %(node)s",
{'mode': target_boot_mode, 'node': task.node.uuid})
task.node.boot_mode = target_boot_mode
task.node.save()
def node_change_secure_boot(task, secure_boot_target):
"""Change secure_boot state to requested state for node
:param task: a TaskManager instance containing the node to act on.
:param secure_boot_target: Target secure_boot state
OneOf(True => on, False => off)
:type secure_boot_target: boolean
"""
try:
secure_boot_current = task.driver.management.get_secure_boot_state(
task)
except Exception as exc:
secure_boot_current = None
LOG.warning('Unexpected exception when trying to detect secure_boot '
'state while changing secure_boot for node '
'%(node)s. %(class)s: %(exc)s',
{'node': task.node.uuid,
'class': type(exc).__name__, 'exc': exc},
exc_info=not isinstance(exc, exception.IronicException))
if (secure_boot_current is not None
and secure_boot_target == secure_boot_current):
LOG.info("Target secure_boot state '%(target)s', and current "
"secure_boot state '%(current)s' are identical. "
"No change being made for node %(node)s",
{'target': secure_boot_target,
'current': secure_boot_current,
'node': task.node.uuid})
return
try:
task.driver.management.set_secure_boot_state(task, secure_boot_target)
except Exception as exc:
LOG.error('Unexpected exception when trying to change secure_boot '
'to %(target)s for node %(node)s. %(class)s: %(exc)s',
{'node': task.node.uuid, 'target': secure_boot_target,
'class': type(exc).__name__, 'exc': exc},
exc_info=not isinstance(exc, exception.IronicException))
task.node.last_error = (
"Failed to change secure_boot state to '%(target)s'. "
"Error: %(err)s" % {'target': secure_boot_target, 'err': exc})
task.node.save()
else:
LOG.info("Changed secure_boot state to %(state)s for node %(node)s",
{'state': secure_boot_target, 'node': task.node.uuid})
task.node.secure_boot = secure_boot_target
task.node.save()

@ -35,6 +35,7 @@ from ironic.api.controllers.v1 import notification_utils
from ironic.api.controllers.v1 import utils as api_utils
from ironic.api.controllers.v1 import versions
from ironic.common import boot_devices
from ironic.common import boot_modes
from ironic.common import components
from ironic.common import driver_factory
from ironic.common import exception
@ -5136,6 +5137,14 @@ class TestPut(test_api_base.BaseApiTest):
autospec=True)
self.mock_cnps = p.start()
self.addCleanup(p.stop)
p = mock.patch.object(rpcapi.ConductorAPI, 'change_node_boot_mode',
autospec=True)
self.mock_cnbm = p.start()
self.addCleanup(p.stop)
p = mock.patch.object(rpcapi.ConductorAPI, 'change_node_secure_boot',
autospec=True)
self.mock_cnsb = p.start()
self.addCleanup(p.stop)
p = mock.patch.object(rpcapi.ConductorAPI, 'do_node_deploy',
autospec=True)
self.mock_dnd = p.start()
@ -5301,6 +5310,147 @@ class TestPut(test_api_base.BaseApiTest):
{'target': 'not-supported'}, expect_errors=True)
self.assertEqual(http_client.BAD_REQUEST, ret.status_code)
def _test_boot_mode_success(self, target_state, api_version):
body = {'target': target_state}
if api_version is None:
response = self.put_json(
'/nodes/%s/states/boot_mode' % self.node.uuid, body)
else:
response = self.put_json(
'/nodes/%s/states/boot_mode' % self.node.uuid, body,
headers={api_base.Version.string: api_version})
self.assertEqual(http_client.ACCEPTED, response.status_code)
self.assertEqual(b'', response.body)
self.mock_cnbm.assert_called_once_with(mock.ANY,
mock.ANY,
self.node.uuid,
target_state,
topic='test-topic')
# Check location header
self.assertIsNotNone(response.location)
expected_location = '/v1/nodes/%s/states' % self.node.uuid
self.assertEqual(urlparse.urlparse(response.location).path,
expected_location)
def _test_boot_mode_failure(self, target_state, http_status_code,
api_version):
body = {'target': target_state}
if api_version is None:
response = self.put_json(
'/nodes/%s/states/boot_mode' % self.node.uuid, body,
expect_errors=True)
else:
response = self.put_json(
'/nodes/%s/states/boot_mode' % self.node.uuid, body,
headers={api_base.Version.string: api_version},
expect_errors=True)
self.assertEqual(http_status_code, response.status_code)
self.assertEqual('application/json', response.content_type)
self.assertTrue(response.json['error_message'])
def test_boot_mode_uefi_valid_soft_ver(self):
self._test_boot_mode_success(boot_modes.UEFI, "1.76")
def test_boot_mode_uefi_older_soft_ver(self):
self._test_boot_mode_failure(
boot_modes.UEFI, http_client.NOT_FOUND, "1.75")
def test_boot_mode_bios_valid_soft_ver(self):
self._test_boot_mode_success(boot_modes.LEGACY_BIOS, "1.76")
def test_boot_mode_bios_older_soft_ver(self):
self._test_boot_mode_failure(
boot_modes.LEGACY_BIOS, http_client.NOT_FOUND, "1.75")
def test_boot_mode_invalid_request(self):
self._test_boot_mode_failure(
'unsupported-efi', http_client.BAD_REQUEST, "1.76")
def _test_secure_boot_success(self, target_state, api_version):
body = {'target': target_state}
if api_version is None:
response = self.put_json(
'/nodes/%s/states/secure_boot' % self.node.uuid, body)
else:
response = self.put_json(
'/nodes/%s/states/secure_boot' % self.node.uuid, body,
headers={api_base.Version.string: api_version})
self.assertEqual(http_client.ACCEPTED, response.status_code)
self.assertEqual(b'', response.body)
self.mock_cnsb.assert_called_once_with(mock.ANY,
mock.ANY,
self.node.uuid,
target_state,
topic='test-topic')
# Check location header
self.assertIsNotNone(response.location)
expected_location = '/v1/nodes/%s/states' % self.node.uuid
self.assertEqual(urlparse.urlparse(response.location).path,
expected_location)
def _test_secure_boot_failure(self, target_state, http_status_code,
api_version):
body = {'target': target_state}
if api_version is None:
response = self.put_json(
'/nodes/%s/states/secure_boot' % self.node.uuid, body,
expect_errors=True)
else:
response = self.put_json(
'/nodes/%s/states/secure_boot' % self.node.uuid, body,
headers={api_base.Version.string: api_version},
expect_errors=True)
self.assertEqual(http_status_code, response.status_code)
self.assertEqual('application/json', response.content_type)
self.assertTrue(response.json['error_message'])
def test_secure_boot_on_valid_soft_ver(self):
self._test_secure_boot_success(True, "1.76")
def test_secure_boot_on_older_soft_ver(self):
self._test_secure_boot_failure(
True, http_client.NOT_FOUND, "1.75")
def test_secure_boot_off_valid_soft_ver(self):
self._test_secure_boot_success(False, "1.76")
def test_secure_boot_off_older_soft_ver(self):
self._test_secure_boot_failure(
False, http_client.NOT_FOUND, "1.75")
def test_secure_boot_off_valid_undocumented_request_zero(self):
self._test_secure_boot_success(0, "1.76")
def test_secure_boot_on_valid_undocumented_request_one(self):
self._test_secure_boot_success(1, "1.76")
def test_secure_boot_on_invalid_request_two(self):
self._test_secure_boot_failure(2, http_client.BAD_REQUEST, "1.76")
def test_secure_boot_invalid_request_nullstr(self):
self._test_secure_boot_failure(
'', http_client.BAD_REQUEST, "1.76")
def test_secure_boot_invalid_request_boo(self):
self._test_secure_boot_failure(
'boo!', http_client.BAD_REQUEST, "1.76")
def test_secure_boot_invalid_request_None(self):
self._test_secure_boot_failure(
None, http_client.BAD_REQUEST, "1.76")
def test_power_change_when_being_cleaned(self):
for state in (states.CLEANING, states.CLEANWAIT):
self.node.provision_state = state

@ -412,6 +412,56 @@ nodes_states_power_put_observer:
assert_status: 403
deprecated: true
nodes_states_boot_mode_put_admin:
path: '/v1/nodes/{node_ident}/states/boot_mode'
method: put
headers: *admin_headers
body: &boot_mode_body
target: "uefi"
assert_status: 503
deprecated: true
nodes_states_boot_mode_put_member:
path: '/v1/nodes/{node_ident}/states/boot_mode'
method: put
headers: *member_headers
body: *boot_mode_body
assert_status: 404
deprecated: true
nodes_states_boot_mode_put_observer:
path: '/v1/nodes/{node_ident}/states/boot_mode'
method: put
headers: *observer_headers
body: *boot_mode_body
assert_status: 403
deprecated: true
nodes_states_secure_boot_put_admin:
path: '/v1/nodes/{node_ident}/states/secure_boot'
method: put
headers: *admin_headers
body: &secure_boot_body
target: "true"
assert_status: 503
deprecated: true
nodes_states_secure_boot_put_member:
path: '/v1/nodes/{node_ident}/states/secure_boot'
method: put
headers: *member_headers
body: *secure_boot_body
assert_status: 404
deprecated: true
nodes_states_secure_boot_put_observer:
path: '/v1/nodes/{node_ident}/states/secure_boot'
method: put
headers: *observer_headers
body: *secure_boot_body
assert_status: 403
deprecated: true
nodes_states_provision_put_admin:
path: '/v1/nodes/{node_ident}/states/provision'
method: put

@ -863,6 +863,110 @@ third_party_admin_cannot_put_power_state_change:
body: *power_body
assert_status: 404
# Boot mode state
owner_admin_can_put_boot_mode_state_change:
path: '/v1/nodes/{owner_node_ident}/states/boot_mode'
method: put
headers: *owner_admin_headers
body: &boot_mode_body
target: "uefi"
assert_status: 503
lessee_admin_can_put_boot_mode_state_change:
path: '/v1/nodes/{lessee_node_ident}/states/boot_mode'
method: put
headers: *lessee_admin_headers
body: *boot_mode_body
assert_status: 503
owner_member_can_put_boot_mode_state_change:
path: '/v1/nodes/{owner_node_ident}/states/boot_mode'
method: put
headers: *owner_member_headers
body: *boot_mode_body
assert_status: 503
lessee_member_can_put_boot_mode_state_change:
path: '/v1/nodes/{lessee_node_ident}/states/boot_mode'
method: put
headers: *lessee_member_headers
body: *boot_mode_body
assert_status: 503
owner_reader_cannot_put_boot_mode_state_change:
path: '/v1/nodes/{owner_node_ident}/states/boot_mode'
method: put
headers: *owner_reader_headers
body: *boot_mode_body
assert_status: 403
lessee_reader_cannot_put_boot_mode_state_change:
path: '/v1/nodes/{lessee_node_ident}/states/boot_mode'
method: put
headers: *lessee_reader_headers
body: *boot_mode_body
assert_status: 403
third_party_admin_cannot_put_boot_mode_state_change:
path: '/v1/nodes/{node_ident}/states/boot_mode'
method: put
headers: *third_party_admin_headers
body: *boot_mode_body
assert_status: 404
# Secure Boot state
owner_admin_can_put_secure_boot_state_change:
path: '/v1/nodes/{owner_node_ident}/states/secure_boot'
method: put
headers: *owner_admin_headers
body: &secure_boot_body
target: "true"
assert_status: 503
lessee_admin_can_put_secure_boot_state_change:
path: '/v1/nodes/{lessee_node_ident}/states/secure_boot'
method: put
headers: *lessee_admin_headers
body: *secure_boot_body
assert_status: 503
owner_member_can_put_secure_boot_state_change:
path: '/v1/nodes/{owner_node_ident}/states/secure_boot'
method: put
headers: *owner_member_headers
body: *secure_boot_body
assert_status: 503
lessee_member_can_put_secure_boot_state_change:
path: '/v1/nodes/{lessee_node_ident}/states/secure_boot'
method: put
headers: *lessee_member_headers
body: *secure_boot_body
assert_status: 503
owner_reader_cannot_put_secure_boot_state_change:
path: '/v1/nodes/{owner_node_ident}/states/secure_boot'
method: put
headers: *owner_reader_headers
body: *secure_boot_body
assert_status: 403
lessee_reader_cannot_put_secure_boot_state_change:
path: '/v1/nodes/{lessee_node_ident}/states/secure_boot'
method: put
headers: *lessee_reader_headers
body: *secure_boot_body
assert_status: 403
third_party_admin_cannot_put_secure_boot_state_change:
path: '/v1/nodes/{node_ident}/states/secure_boot'
method: put
headers: *third_party_admin_headers
body: *secure_boot_body
assert_status: 404
# Provision states
owner_admin_can_change_provision_state:

@ -378,6 +378,54 @@ nodes_states_power_put_reader:
body: *power_body
assert_status: 403
# Boot mode state
nodes_states_boot_mode_put_admin:
path: '/v1/nodes/{node_ident}/states/boot_mode'
method: put
headers: *admin_headers
body: &boot_mode_body
target: "uefi"
assert_status: 503
nodes_states_boot_mode_put_member:
path: '/v1/nodes/{node_ident}/states/boot_mode'
method: put
headers: *scoped_member_headers
body: *boot_mode_body
assert_status: 503
nodes_states_boot_mode_put_reader:
path: '/v1/nodes/{node_ident}/states/boot_mode'
method: put
headers: *reader_headers
body: *boot_mode_body
assert_status: 403
# Secure Boot state
nodes_states_secure_boot_put_admin:
path: '/v1/nodes/{node_ident}/states/secure_boot'
method: put
headers: *admin_headers
body: &secure_boot_body
target: "true"
assert_status: 503
nodes_states_secure_boot_put_member:
path: '/v1/nodes/{node_ident}/states/secure_boot'
method: put
headers: *scoped_member_headers
body: *secure_boot_body
assert_status: 503
nodes_states_secure_boot_put_reader:
path: '/v1/nodes/{node_ident}/states/secure_boot'
method: put
headers: *reader_headers
body: *secure_boot_body
assert_status: 403
nodes_states_provision_put_admin:
path: '/v1/nodes/{node_ident}/states/provision'
method: put

@ -34,6 +34,7 @@ from oslo_versionedobjects import fields
import tenacity
from ironic.common import boot_devices
from ironic.common import boot_modes
from ironic.common import components
from ironic.common import driver_factory
from ironic.common import exception
@ -447,6 +448,431 @@ class ChangeNodePowerStateTestCase(mgr_utils.ServiceSetUpMixin,
self.assertIsNone(node.last_error)
@mgr_utils.mock_record_keepalive
class ChangeNodeBootModeTestCase(mgr_utils.ServiceSetUpMixin,
db_base.DbTestCase):
@mock.patch.object(fake.FakeManagement, 'set_boot_mode', autospec=True)
@mock.patch.object(fake.FakeManagement, 'get_boot_mode', autospec=True)
def test_change_node_boot_mode_valid(self, get_boot_mock, set_boot_mock):
# Test change_node_boot_mode including integration with
# conductor.utils.node_change_boot_mode
get_boot_mock.side_effect = [boot_modes.LEGACY_BIOS, # before setting
boot_modes.UEFI] # after setting
node = obj_utils.create_test_node(self.context,
driver='fake-hardware',
boot_mode=boot_modes.LEGACY_BIOS)
self._start_service()
self.service.change_node_boot_mode(self.context,
node.uuid,
boot_modes.UEFI)
self._stop_service()
set_boot_mock.assert_called_once_with(mock.ANY, mock.ANY,
mode=boot_modes.UEFI)
self.assertEqual(get_boot_mock.call_count, 1)
# Call once before setting to see if it's required
node.refresh()
self.assertEqual(boot_modes.UEFI, node.boot_mode)
self.assertIsNone(node.last_error)
# Verify the reservation has been cleared by
# background task's link callback.
self.assertIsNone(node.reservation)
@mock.patch.object(fake.FakeManagement, 'set_boot_mode', autospec=True)
@mock.patch.object(fake.FakeManagement, 'get_boot_mode', autospec=True)
def test_change_node_boot_mode_existing(self, get_boot_mock,
set_boot_mock):
# Test change_node_boot_mode including integration with
# conductor.utils.node_change_boot_mode when target==current
get_boot_mock.return_value = boot_modes.LEGACY_BIOS
node = obj_utils.create_test_node(self.context,
driver='fake-hardware',
boot_mode=boot_modes.LEGACY_BIOS)
self._start_service()
self.service.change_node_boot_mode(self.context,
node.uuid,
boot_modes.LEGACY_BIOS)
self._stop_service()
set_boot_mock.assert_not_called()
self.assertEqual(get_boot_mock.call_count, 1)
# Called once before setting to see if it's even required
node.refresh()
self.assertEqual(boot_modes.LEGACY_BIOS, node.boot_mode)
self.assertIsNone(node.last_error)
# Verify the reservation has been cleared by
# background task's link callback.
self.assertIsNone(node.reservation)
@mock.patch.object(conductor_utils, 'node_change_boot_mode',
autospec=True)
def test_change_node_boot_mode_node_already_locked(self, ncbm_mock):
# Test change_node_boot_mode with mocked
# conductor.utils.node_change_boot_mode.
fake_reservation = 'fake-reserv'
node = obj_utils.create_test_node(self.context,
driver='fake-hardware',
boot_mode=boot_modes.LEGACY_BIOS,
reservation=fake_reservation)
self._start_service()
exc = self.assertRaises(messaging.rpc.ExpectedException,
self.service.change_node_boot_mode,
self.context,
node.uuid,
boot_modes.LEGACY_BIOS)
# Compare true exception hidden by @messaging.expected_exceptions
self.assertEqual(exception.NodeLocked, exc.exc_info[0])
# In this test worker should not be spawned, but waiting to make sure
# the below perform_mock assertion is valid.
self._stop_service()
self.assertFalse(ncbm_mock.called, 'node_change_boot_mode has been '
'unexpectedly called.')
# Verify existing reservation wasn't broken.
node.refresh()
self.assertEqual(fake_reservation, node.reservation)
def test_change_node_boot_mode_worker_pool_full(self):
# Test change_node_boot_mode including integration with
# conductor.utils.change_node_boot_mode.
initial_state = boot_modes.LEGACY_BIOS
node = obj_utils.create_test_node(self.context, driver='fake-hardware',
boot_mode=initial_state)
self._start_service()
with mock.patch.object(self.service,
'_spawn_worker', autospec=True) as spawn_mock:
spawn_mock.side_effect = exception.NoFreeConductorWorker()
exc = self.assertRaises(messaging.rpc.ExpectedException,
self.service.change_node_boot_mode,
self.context,
node.uuid,
boot_modes.UEFI)
# Compare true exception hidden by @messaging.expected_exceptions
self.assertEqual(exception.NoFreeConductorWorker, exc.exc_info[0])
spawn_mock.assert_called_once_with(mock.ANY, mock.ANY,
mock.ANY)
node.refresh()
self.assertEqual(initial_state, node.boot_mode)
self.assertIsNotNone(node.last_error)
# Verify the picked reservation has been cleared due to full pool.
self.assertIsNone(node.reservation)
@mock.patch.object(fake.FakeManagement, 'set_boot_mode', autospec=True)
@mock.patch.object(fake.FakeManagement, 'get_boot_mode', autospec=True)
def test_change_node_boot_mode_exception_in_background_task(
self, get_boot_mock, set_boot_mock):
# Test change_node_boot_mode including integration with
# conductor.utils.node_change_boot_mode.
initial_state = boot_modes.LEGACY_BIOS
node = obj_utils.create_test_node(self.context, driver='fake-hardware',
boot_mode=initial_state)
self._start_service()
get_boot_mock.return_value = boot_modes.LEGACY_BIOS
new_state = boot_modes.UEFI
set_boot_mock.side_effect = exception.UnsupportedDriverExtension(
driver=fake, extension='set_boot_mode')
self.service.change_node_boot_mode(self.context,
node.uuid,
new_state)
self._stop_service()
# Call once before setting to see if it was required
self.assertEqual(get_boot_mock.call_count, 1)
set_boot_mock.assert_called_once_with(mock.ANY, mock.ANY,
new_state)
node.refresh()
self.assertEqual(initial_state, node.boot_mode)
self.assertIsNotNone(node.last_error)
# Verify the reservation has been cleared by background task's
# link callback despite exception in background task.
self.assertIsNone(node.reservation)
@mock.patch.object(fake.FakeManagement, 'validate', autospec=True)
def test_change_node_boot_mode_validate_fail(self, validate_mock):
# Test change_node_power_state where task.driver.management.validate
# fails
initial_state = boot_modes.UEFI
node = obj_utils.create_test_node(self.context,
driver='fake-hardware',
boot_mode=initial_state)
self._start_service()
validate_mock.side_effect = exception.InvalidParameterValue(
'wrong management driver info')
new_state = boot_modes.LEGACY_BIOS
exc = self.assertRaises(messaging.rpc.ExpectedException,
self.service.change_node_boot_mode,
self.context,
node.uuid,
new_state)
self.assertEqual(exception.InvalidParameterValue, exc.exc_info[0])
node.refresh()
validate_mock.assert_called_once_with(mock.ANY, mock.ANY)
self.assertEqual(initial_state, node.boot_mode)
self.assertIsNone(node.last_error)
@mock.patch.object(fake.FakeManagement, 'set_boot_mode', autospec=True)
@mock.patch.object(fake.FakeManagement, 'get_boot_mode', autospec=True)
def test_change_node_boot_mode_exception_getting_current(self,
get_boot_mock,
set_boot_mock):
# Test change_node_boot_mode smooth opertion when get_boot_mode mode
# raises an exception
initial_state = boot_modes.LEGACY_BIOS
node = obj_utils.create_test_node(self.context, driver='fake-hardware',
boot_mode=initial_state)
self._start_service()
get_boot_mock.side_effect = exception.UnsupportedDriverExtension(
driver=fake, extension='get_boot_mode')
new_state = boot_modes.UEFI
self.service.change_node_boot_mode(self.context,
node.uuid,
new_state)
self._stop_service()
# Call once before setting to see if it is required
self.assertEqual(get_boot_mock.call_count, 1)
set_boot_mock.assert_called_once_with(mock.ANY, mock.ANY,
new_state)
node.refresh()
self.assertEqual(new_state, node.boot_mode)
self.assertIsNone(node.last_error)
# Verify the reservation has been cleared by
# background task's link callback.
self.assertIsNone(node.reservation)
@mgr_utils.mock_record_keepalive
class ChangeNodeSecureBootTestCase(mgr_utils.ServiceSetUpMixin,
db_base.DbTestCase):
@mock.patch.object(fake.FakeManagement, 'set_secure_boot_state',
autospec=True)
@mock.patch.object(fake.FakeManagement, 'get_secure_boot_state',
autospec=True)
def test_change_node_secure_boot_valid(self, get_boot_mock, set_boot_mock):
# Test change_node_secure_boot including integration with
# conductor.utils.node_change_secure_boot
get_boot_mock.side_effect = [False, # before setting
True] # after setting
initial_state = False
node = obj_utils.create_test_node(self.context,
driver='fake-hardware',
secure_boot=initial_state)
self._start_service()
target_state = True
self.service.change_node_secure_boot(self.context,
node.uuid,
target_state)
self._stop_service()
set_boot_mock.assert_called_once_with(mock.ANY, mock.ANY,
target_state)
self.assertEqual(get_boot_mock.call_count, 1)
# Call once before setting to see if it's required
node.refresh()
self.assertEqual(target_state, node.secure_boot)
self.assertIsNone(node.last_error)
# Verify the reservation has been cleared by
# background task's link callback.
self.assertIsNone(node.reservation)
@mock.patch.object(fake.FakeManagement, 'set_secure_boot_state',
autospec=True)
@mock.patch.object(fake.FakeManagement, 'get_secure_boot_state',
autospec=True)
def test_change_node_secure_boot_existing(self, get_boot_mock,
set_boot_mock):
# Test change_node_secure_boot including integration with
# conductor.utils.node_change_secure_boot when target==current
get_boot_mock.return_value = False
node = obj_utils.create_test_node(self.context,
driver='fake-hardware',
secure_boot=False)
self._start_service()
self.service.change_node_secure_boot(self.context,
node.uuid,
False)
self._stop_service()
set_boot_mock.assert_not_called()
self.assertEqual(get_boot_mock.call_count, 1)
# Called once before setting to see if it's even required
node.refresh()
self.assertEqual(False, node.secure_boot)
self.assertIsNone(node.last_error)
# Verify the reservation has been cleared by
# background task's link callback.
self.assertIsNone(node.reservation)
@mock.patch.object(conductor_utils, 'node_change_secure_boot',
autospec=True)
def test_change_node_secure_boot_node_already_locked(self, ncbm_mock):
# Test change_node_secure_boot with mocked
# conductor.utils.node_change_secure_boot.
fake_reservation = 'fake-reserv'
node = obj_utils.create_test_node(self.context,
driver='fake-hardware',
secure_boot=False,
reservation=fake_reservation)
self._start_service()
exc = self.assertRaises(messaging.rpc.ExpectedException,
self.service.change_node_secure_boot,
self.context,
node.uuid,
False)
# Compare true exception hidden by @messaging.expected_exceptions
self.assertEqual(exception.NodeLocked, exc.exc_info[0])
# In this test worker should not be spawned, but waiting to make sure
# the below perform_mock assertion is valid.
self._stop_service()
self.assertFalse(ncbm_mock.called, 'node_change_secure_boot has been '
'unexpectedly called.')
# Verify existing reservation wasn't broken.
node.refresh()
self.assertEqual(fake_reservation, node.reservation)
def test_change_node_secure_boot_worker_pool_full(self):
# Test change_node_secure_boot including integration with
# conductor.utils.change_node_secure_boot.
initial_state = False
node = obj_utils.create_test_node(self.context, driver='fake-hardware',
secure_boot=initial_state)
self._start_service()
with mock.patch.object(self.service,
'_spawn_worker', autospec=True) as spawn_mock:
spawn_mock.side_effect = exception.NoFreeConductorWorker()
exc = self.assertRaises(messaging.rpc.ExpectedException,
self.service.change_node_secure_boot,
self.context,
node.uuid,
True)
# Compare true exception hidden by @messaging.expected_exceptions
self.assertEqual(exception.NoFreeConductorWorker, exc.exc_info[0])
spawn_mock.assert_called_once_with(mock.ANY, mock.ANY,
mock.ANY)
node.refresh()
self.assertEqual(initial_state, node.secure_boot)
self.assertIsNotNone(node.last_error)
# Verify the picked reservation has been cleared due to full pool.
self.assertIsNone(node.reservation)
@mock.patch.object(fake.FakeManagement, 'set_secure_boot_state',
autospec=True)
@mock.patch.object(fake.FakeManagement, 'get_secure_boot_state',
autospec=True)
def test_change_node_secure_boot_exception_in_background_task(
self, get_boot_mock, set_boot_mock):
# Test change_node_secure_boot including integration with
# conductor.utils.node_change_secure_boot.
initial_state = False
node = obj_utils.create_test_node(self.context, driver='fake-hardware',
secure_boot=initial_state)
self._start_service()
get_boot_mock.return_value = False
new_state = True
set_boot_mock.side_effect = exception.UnsupportedDriverExtension(
driver=fake, extension='set_secure_boot_state')
self.service.change_node_secure_boot(self.context,
node.uuid,
new_state)
self._stop_service()
# Call once before setting to see if it was required
self.assertEqual(get_boot_mock.call_count, 1)
set_boot_mock.assert_called_once_with(mock.ANY, mock.ANY,
new_state)
node.refresh()
self.assertEqual(initial_state, node.secure_boot)
self.assertIsNotNone(node.last_error)
# Verify the reservation has been cleared by background task's
# link callback despite exception in background task.
self.assertIsNone(node.reservation)
@mock.patch.object(fake.FakeManagement, 'validate', autospec=True)
def test_change_node_secure_boot_validate_fail(self, validate_mock):
# Test change_node_power_state where task.driver.management.validate
# fails
initial_state = True
node = obj_utils.create_test_node(self.context,
driver='fake-hardware',
secure_boot=initial_state)
self._start_service()
validate_mock.side_effect = exception.InvalidParameterValue(
'wrong management driver info')
new_state = False
exc = self.assertRaises(messaging.rpc.ExpectedException,
self.service.change_node_secure_boot,
self.context,
node.uuid,
new_state)
self.assertEqual(exception.InvalidParameterValue, exc.exc_info[0])
node.refresh()
validate_mock.assert_called_once_with(mock.ANY, mock.ANY)
self.assertEqual(initial_state, node.secure_boot)
self.assertIsNone(node.last_error)
@mock.patch.object(fake.FakeManagement, 'set_secure_boot_state',
autospec=True)
@mock.patch.object(fake.FakeManagement, 'get_secure_boot_state',
autospec=True)
def test_change_node_secure_boot_exception_getting_current(self,
get_boot_mock,
set_boot_mock):
# Test change_node_secure_boot smooth opertion when
# get_secure_boot_state raises an exception
initial_state = False
node = obj_utils.create_test_node(self.context, driver='fake-hardware',
secure_boot=initial_state)
self._start_service()
get_boot_mock.side_effect = exception.UnsupportedDriverExtension(
driver=fake, extension='get_secure_boot_state')
new_state = True
self.service.change_node_secure_boot(self.context,
node.uuid,
new_state)
self._stop_service()
# Call once before setting to see if it is required
self.assertEqual(get_boot_mock.call_count, 1)
set_boot_mock.assert_called_once_with(mock.ANY, mock.ANY,
new_state)
node.refresh()
self.assertEqual(new_state, node.secure_boot)
self.assertIsNone(node.last_error)
# Verify the reservation has been cleared by
# background task's link callback.
self.assertIsNone(node.reservation)
@mgr_utils.mock_record_keepalive
class CreateNodeTestCase(mgr_utils.ServiceSetUpMixin, db_base.DbTestCase):
def test_create_node(self):

@ -26,6 +26,7 @@ import oslo_messaging as messaging
from oslo_messaging import _utils as messaging_utils
from ironic.common import boot_devices
from ironic.common import boot_modes
from ironic.common import components
from ironic.common import exception
from ironic.common import indicator_states
@ -301,6 +302,20 @@ class RPCAPITestCase(db_base.DbTestCase):
node_id=self.fake_node['uuid'],
new_state=states.POWER_ON)
def test_change_node_boot_mode(self):
self._test_rpcapi('change_node_boot_mode',
'call',
version='1.55',
node_id=self.fake_node['uuid'],
new_state=boot_modes.LEGACY_BIOS)
def test_change_node_secure_boot(self):
self._test_rpcapi('change_node_secure_boot',
'call',
version='1.55',
node_id=self.fake_node['uuid'],
new_state=True)
def test_vendor_passthru(self):
self._test_rpcapi('vendor_passthru',
'call',

@ -7,4 +7,4 @@ features:
If underlying driver does not support detecting these, they shall be
populated with null values.
These fields are also available under a node's states endpoint:
* ``/v1/nodes/{node_ident}/states``
``/v1/nodes/{node_ident}/states``

@ -0,0 +1,13 @@
---
features:
- |
Adds endpoints to change boot mode and secure boot state of node.
* ``PUT /v1/nodes/{node_ident}/states/boot_mode``
* ``PUT /v1/nodes/{node_ident}/states/secure_boot``
The API will respond with 202 (Accepted) on validating the request
and accepting to process it. Changes occur asynchronously in a
background task. The user can then poll the states endpoint
``/v1/nodes/{node_ident}/states`` for observing current status of the
requested change.