values: skip_reason: "These are fake reference values for YAML templating" # System scoped admin token admin_headers: &admin_headers X-Auth-Token: 'baremetal-admin-token' X-Roles: admin OpenStack-System-Scope: all # System scoped other member token. scoped_member_headers: &scoped_member_headers X-Auth-Token: 'baremetal-member-token' X-Roles: member,reader OpenStack-System-Scope: all # Project Scoped Reader Token reader_headers: &reader_headers X-Auth-Token: 'baremetal-reader-token' # TODO(TheJulia): reader shouldn't require member in the # future universe, seems counter to the intent unless reader # is auditor, and in this case it explicitly is not. X-Roles: reader OpenStack-System-Scope: all other_admin_headers: &other_admin_headers X-Auth-Token: 'other-admin-token' X-Project-ID: a1111111111111111111111111111111 X-Roles: admin X-Project-Name: 'other-project' owner_project_id: &owner_project_id '{owner_project_id}' other_project_id: &other_project_id '{other_project_id}' node_ident: &node_ident '{node_ident}' # Nodes - https://docs.openstack.org/api-ref/baremetal/?expanded=#nodes-nodes nodes_post_admin: path: '/v1/nodes' method: post headers: *admin_headers body: &node_post_body name: node driver: fake-driverz assert_status: 503 nodes_post_member: path: '/v1/nodes' method: post headers: *scoped_member_headers body: *node_post_body assert_status: 403 nodes_post_reader: path: '/v1/nodes' method: post headers: *reader_headers body: *node_post_body assert_status: 403 nodes_get_node_admin: path: '/v1/nodes/{node_ident}' method: get headers: *admin_headers assert_dict_contains: #uuid: '{node_ident}' driver: 'fake-driverz' assert_status: 200 nodes_get_node_member: path: '/v1/nodes/{node_ident}' method: get headers: *scoped_member_headers assert_status: 200 nodes_get_node_reader: path: '/v1/nodes/{node_ident}' method: get headers: *reader_headers assert_dict_contains: #uuid: '{node_ident}' driver: 'fake-driverz' assert_status: 200 nodes_get_node_other_admin: path: '/v1/nodes/{node_ident}' method: get headers: *other_admin_headers # TODO(TheJulia): So this is not great, but it is default. assert_status: 200 skip_reason: 'Not implemented yet' nodes_get_admin: path: '/v1/nodes' method: get headers: *admin_headers assert_list_length: nodes: 3 assert_status: 200 nodes_get_other_admin: path: '/v1/nodes' method: get skip_reason: 'Not implemented yet' headers: *other_admin_headers assert_list_length: nodes: 3 assert_status: 200 nodes_detail_get_admin: path: '/v1/nodes/detail' method: get headers: *admin_headers assert_status: 200 nodes_detail_get_member: path: '/v1/nodes/detail' method: get headers: *scoped_member_headers assert_status: 200 nodes_detail_get_reader: path: '/v1/nodes/detail' method: get headers: *reader_headers assert_status: 200 nodes_node_ident_get_admin: path: '/v1/nodes/{node_ident}' method: get headers: *admin_headers assert_status: 200 nodes_node_ident_get_member: path: '/v1/nodes/{node_ident}' method: get headers: *scoped_member_headers assert_status: 200 nodes_node_ident_get_reader: path: '/v1/nodes/{node_ident}' method: get headers: *reader_headers assert_status: 200 nodes_node_ident_patch_admin: path: '/v1/nodes/{node_ident}' method: patch headers: *admin_headers body: &extra_patch - op: replace path: /extra value: {'test': 'testing'} assert_status: 503 system_admin_can_patch_chassis: path: '/v1/nodes/{node_ident}' method: patch headers: *admin_headers body: - op: replace path: /chassis_uuid value: 'e74c40e0-d825-11e2-a28f-0800200c9a66' assert_status: 503 system_member_can_patch_conductor_group: path: '/v1/nodes/{node_ident}' method: patch headers: *scoped_member_headers body: - op: replace path: /conductor_group value: "DC04-ROW39" assert_status: 503 nodes_node_ident_patch_member: path: '/v1/nodes/{node_ident}' method: patch headers: *scoped_member_headers body: *extra_patch assert_status: 503 nodes_node_ident_patch_reader: path: '/v1/nodes/{node_ident}' method: patch headers: *reader_headers body: *extra_patch assert_status: 403 nodes_node_ident_delete_admin: path: '/v1/nodes/{node_ident}' method: delete headers: *admin_headers assert_status: 503 nodes_node_ident_delete_member: path: '/v1/nodes/{node_ident}' method: delete headers: *scoped_member_headers assert_status: 403 nodes_node_ident_delete_reader: path: '/v1/nodes/{node_ident}' method: delete headers: *reader_headers assert_status: 403 # Node Management - https://docs.openstack.org/api-ref/baremetal/?expanded=#node-management-nodes # NOTE(TheJulia): Most management methods call into the conductor as they # require a task, which means they generally return 503 when the conductor # is mocked. nodes_validate_get_admin: path: '/v1/nodes/{node_ident}/validate' method: get headers: *admin_headers assert_status: 503 nodes_validate_get_member: path: '/v1/nodes/{node_ident}/validate' method: get headers: *scoped_member_headers assert_status: 503 nodes_validate_get_reader: path: '/v1/nodes/{node_ident}/validate' method: get headers: *reader_headers assert_status: 403 nodes_maintenance_put_admin: path: '/v1/nodes/{node_ident}/maintenance' method: put headers: *admin_headers assert_status: 503 nodes_maintenance_put_member: path: '/v1/nodes/{node_ident}/maintenance' method: put headers: *scoped_member_headers assert_status: 503 nodes_maintenance_put_reader: path: '/v1/nodes/{node_ident}/maintenance' method: put headers: *reader_headers assert_status: 403 nodes_maintenance_delete_admin: path: '/v1/nodes/{node_ident}/maintenance' method: delete headers: *admin_headers assert_status: 503 nodes_maintenance_delete_member: path: '/v1/nodes/{node_ident}/maintenance' method: delete headers: *scoped_member_headers assert_status: 503 nodes_maintenance_delete_reader: path: '/v1/nodes/{node_ident}/maintenance' method: delete headers: *reader_headers assert_status: 403 nodes_management_boot_device_put_admin: path: '/v1/nodes/{node_ident}/management/boot_device' method: put headers: *admin_headers body: &boot_device_body boot_device: pxe assert_status: 503 nodes_management_boot_device_put_member: path: '/v1/nodes/{node_ident}/management/boot_device' method: put headers: *scoped_member_headers body: *boot_device_body assert_status: 503 nodes_management_boot_device_put_reader: path: '/v1/nodes/{node_ident}/management/boot_device' method: put headers: *reader_headers body: *boot_device_body assert_status: 403 nodes_management_boot_device_get_admin: path: '/v1/nodes/{node_ident}/management/boot_device' method: get headers: *admin_headers assert_status: 503 nodes_management_boot_device_get_member: path: '/v1/nodes/{node_ident}/management/boot_device' method: get headers: *scoped_member_headers assert_status: 503 nodes_management_boot_device_get_reader: path: '/v1/nodes/{node_ident}/management/boot_device' method: get headers: *reader_headers assert_status: 403 nodes_management_boot_device_supported_get_admin: path: '/v1/nodes/{node_ident}/management/boot_device/supported' method: get headers: *admin_headers assert_status: 503 nodes_management_boot_device_supported_get_member: path: '/v1/nodes/{node_ident}/management/boot_device/supported' method: get headers: *scoped_member_headers assert_status: 503 nodes_management_boot_device_supported_get_reader: path: '/v1/nodes/{node_ident}/management/boot_device/supported' method: get headers: *reader_headers assert_status: 403 nodes_management_inject_nmi_put_admin: path: '/v1/nodes/{node_ident}/management/inject_nmi' method: put headers: *admin_headers body: {} assert_status: 503 nodes_management_inject_nmi_put_member: path: '/v1/nodes/{node_ident}/management/inject_nmi' method: put headers: *scoped_member_headers body: {} assert_status: 503 nodes_management_inject_nmi_put_reader: path: '/v1/nodes/{node_ident}/management/inject_nmi' method: put headers: *reader_headers body: {} assert_status: 403 nodes_states_get_admin: path: '/v1/nodes/{node_ident}/states' method: get headers: *admin_headers assert_status: 200 nodes_states_get_member: path: '/v1/nodes/{node_ident}/states' method: get headers: *scoped_member_headers assert_status: 200 nodes_states_get_reader: path: '/v1/nodes/{node_ident}/states' method: get headers: *reader_headers assert_status: 200 nodes_states_power_put_admin: path: '/v1/nodes/{node_ident}/states/power' method: put headers: *admin_headers body: &power_body target: "power on" assert_status: 503 nodes_states_power_put_member: path: '/v1/nodes/{node_ident}/states/power' method: put headers: *scoped_member_headers body: *power_body assert_status: 503 nodes_states_power_put_reader: path: '/v1/nodes/{node_ident}/states/power' method: put headers: *reader_headers body: *power_body assert_status: 403 nodes_states_provision_put_admin: path: '/v1/nodes/{node_ident}/states/provision' method: put headers: *admin_headers body: &provision_body target: deploy assert_status: 503 nodes_states_provision_put_member: path: '/v1/nodes/{node_ident}/states/provision' method: put headers: *scoped_member_headers body: *provision_body assert_status: 503 nodes_states_provision_put_reader: path: '/v1/nodes/{node_ident}/states/provision' method: put headers: *reader_headers body: *provision_body assert_status: 403 nodes_states_raid_put_admin: path: '/v1/nodes/{node_ident}/states/raid' method: put headers: *admin_headers body: &raid_body target_raid_config: logical_disks: - size_gb: 500 is_root_volume: true raid_level: 1 assert_status: 503 nodes_states_raid_put_member: path: '/v1/nodes/{node_ident}/states/raid' method: put headers: *scoped_member_headers body: *raid_body assert_status: 503 nodes_states_raid_put_reader: path: '/v1/nodes/{node_ident}/states/raid' method: put headers: *reader_headers body: *raid_body assert_status: 403 nodes_states_console_get_admin: path: '/v1/nodes/{node_ident}/states/console' method: get headers: *admin_headers assert_status: 503 nodes_states_console_get_member: path: '/v1/nodes/{node_ident}/states/console' method: get headers: *scoped_member_headers assert_status: 503 nodes_states_console_get_admin: path: '/v1/nodes/{node_ident}/states/console' method: get headers: *reader_headers assert_status: 403 nodes_states_console_put_admin: path: '/v1/nodes/{node_ident}/states/console' method: put headers: *admin_headers body: &console_body_put enabled: true assert_status: 503 nodes_states_console_put_member: path: '/v1/nodes/{node_ident}/states/console' method: put headers: *scoped_member_headers body: *console_body_put assert_status: 503 nodes_states_console_put_reader: path: '/v1/nodes/{node_ident}/states/console' method: put headers: *reader_headers body: *console_body_put assert_status: 403 # Node Traits - https://docs.openstack.org/api-ref/baremetal/?expanded=#node-vendor-passthru-nodes # Calls conductor upon the get as a task is required. nodes_vendor_passthru_methods_get_admin: path: '/v1/nodes/{node_ident}/vendor_passthru/methods' method: get headers: *admin_headers assert_status: 503 nodes_vendor_passthru_methods_get_member: path: '/v1/nodes/{node_ident}/vendor_passthru/methods' method: get headers: *scoped_member_headers assert_status: 403 nodes_vendor_passthru_methods_get_reader: path: '/v1/nodes/{node_ident}/vendor_passthru/methods' method: get headers: *reader_headers assert_status: 403 nodes_vendor_passthru_get_admin: path: '/v1/nodes/{node_ident}/vendor_passthru?method=test' method: get headers: *admin_headers assert_status: 503 nodes_vendor_passthru_get_member: path: '/v1/nodes/{node_ident}/vendor_passthru?method=test' method: get headers: *scoped_member_headers assert_status: 403 nodes_vendor_passthru_get_reader: path: '/v1/nodes/{node_ident}/vendor_passthru?method=test' method: get headers: *reader_headers assert_status: 403 nodes_vendor_passthru_post_admin: path: '/v1/nodes/{node_ident}/vendor_passthru?method=test' method: post headers: *admin_headers assert_status: 503 nodes_vendor_passthru_post_member: path: '/v1/nodes/{node_ident}/vendor_passthru?method=test' method: post headers: *scoped_member_headers assert_status: 403 nodes_vendor_passthru_post_reader: path: '/v1/nodes/{node_ident}/vendor_passthru?method=test' method: post headers: *reader_headers assert_status: 403 nodes_vendor_passthru_put_admin: path: '/v1/nodes/{node_ident}/vendor_passthru?method=test' method: put headers: *admin_headers assert_status: 503 nodes_vendor_passthru_put_member: path: '/v1/nodes/{node_ident}/vendor_passthru?method=test' method: put headers: *scoped_member_headers assert_status: 403 nodes_vendor_passthru_put_reader: path: '/v1/nodes/{node_ident}/vendor_passthru?method=test' method: put headers: *reader_headers assert_status: 403 nodes_vendor_passthru_delete_admin: path: '/v1/nodes/{node_ident}/vendor_passthru?method=test' method: delete headers: *admin_headers assert_status: 503 nodes_vendor_passthru_delete_member: path: '/v1/nodes/{node_ident}/vendor_passthru?method=test' method: delete headers: *scoped_member_headers assert_status: 403 nodes_vendor_passthru_delete_reader: path: '/v1/nodes/{node_ident}/vendor_passthru?method=test' method: delete headers: *reader_headers assert_status: 403 # Node Traits - https://docs.openstack.org/api-ref/baremetal/#node-traits-nodes nodes_traits_get_admin: path: '/v1/nodes/{node_ident}/traits' method: get headers: *admin_headers assert_status: 200 nodes_traits_get_member: path: '/v1/nodes/{node_ident}/traits' method: get headers: *scoped_member_headers assert_status: 200 nodes_traits_get_reader: path: '/v1/nodes/{node_ident}/traits' method: get headers: *reader_headers assert_status: 200 nodes_traits_put_admin: path: '/v1/nodes/{node_ident}/traits' method: put headers: *admin_headers assert_status: 503 body: &traits_body traits: - CUSTOM_TRAIT1 - HW_CPU_X86_VMX nodes_traits_put_member: path: '/v1/nodes/{node_ident}/traits' method: put headers: *scoped_member_headers assert_status: 503 body: *traits_body nodes_traits_put_reader: path: '/v1/nodes/{node_ident}/traits' method: put headers: *reader_headers assert_status: 403 body: *traits_body nodes_traits_delete_admin: path: '/v1/nodes/{node_ident}/traits/{trait}' method: delete headers: *admin_headers assert_status: 503 nodes_traits_delete_member: path: '/v1/nodes/{node_ident}/traits/{trait}' method: delete headers: *scoped_member_headers assert_status: 503 nodes_traits_delete_reader: path: '/v1/nodes/{node_ident}/traits/{trait}' method: delete headers: *reader_headers assert_status: 403 nodes_traits_trait_put_admin: path: '/v1/nodes/{node_ident}/traits/CUSTOM_TRAIT2' method: put headers: *admin_headers assert_status: 503 nodes_traits_trait_put_member: path: '/v1/nodes/{node_ident}/traits/CUSTOM_TRAIT2' method: put headers: *scoped_member_headers assert_status: 503 nodes_traits_trait_put_reader: path: '/v1/nodes/{node_ident}/traits/CUSTOM_TRAIT2' method: put headers: *reader_headers assert_status: 403 nodes_traits_trait_delete_admin: path: '/v1/nodes/{node_ident}/traits/{trait}' method: delete headers: *admin_headers assert_status: 503 nodes_traits_trait_delete_member: path: '/v1/nodes/{node_ident}/traits/{trait}' method: delete headers: *scoped_member_headers assert_status: 503 nodes_traits_trait_delete_reader: path: '/v1/nodes/{node_ident}/traits/{trait}' method: delete headers: *reader_headers assert_status: 403 # VIFS - https://docs.openstack.org/api-ref/baremetal/#vifs-virtual-interfaces-of-nodes # TODO(TheJulia): VIFS will need fairly exhaustive testing given the use path. # i.e. ensure user has rights to a vif and all. # Apparently the get operation hits the conductor?!? # With mocked conductor 503 is returned. nodes_vifs_get_admin: path: '/v1/nodes/{node_ident}/vifs' method: get headers: *admin_headers assert_status: 503 nodes_vifs_get_member: path: '/v1/nodes/{node_ident}/vifs' method: get headers: *scoped_member_headers assert_status: 503 nodes_vifs_get_reader: path: '/v1/nodes/{node_ident}/vifs' method: get headers: *reader_headers assert_status: 503 nodes_vifs_post_admin: path: '/v1/nodes/{node_ident}/vifs' method: post headers: *admin_headers assert_status: 503 body: &vif_body id: ee21d58f-5de2-4956-85ff-33935ea1ca00 nodes_vifs_post_member: path: '/v1/nodes/{node_ident}/vifs' method: post headers: *scoped_member_headers assert_status: 503 body: *vif_body nodes_vifs_post_reader: path: '/v1/nodes/{node_ident}/vifs' method: post headers: *reader_headers assert_status: 403 body: *vif_body # This calls the conductor, hence not status 403. nodes_vifs_node_vif_ident_delete_admin: path: '/v1/nodes/{node_ident}/vifs/{vif_ident}' method: delete headers: *admin_headers assert_status: 503 nodes_vifs_node_vif_ident_delete_member: path: '/v1/nodes/{node_ident}/vifs/{vif_ident}' method: delete headers: *scoped_member_headers assert_status: 503 nodes_vifs_node_vif_ident_delete_reader: path: '/v1/nodes/{node_ident}/vifs/{vif_ident}' method: delete headers: *reader_headers assert_status: 403 # Indicators - https://docs.openstack.org/api-ref/baremetal/#indicators-management nodes_management_indicators_get_allow: path: '/v1/nodes/{node_ident}/management/indicators' method: get skip_reason: 'Not implemented yet' nodes_management_indicators_component_get_allow: path: '/v1/nodes/{node_ident}/management/indicators/{component}' method: get skip_reason: 'Not implemented yet' nodes_management_indicators_component_ind_ident_get_allow: path: '/v1/nodes/{node_ident}/management/indicators/{component}/{ind_ident}' method: get skip_reason: 'Not implemented yet' nodes_management_indicators_component_ind_ident_put_allow: path: '/v1/nodes/{node_ident}/management/indicators/{component}/{ind_ident}' method: put skip_reason: 'Not implemented yet' # Portgroups - https://docs.openstack.org/api-ref/baremetal/#portgroups-portgroups portgroups_get_admin: path: '/v1/portgroups' method: get headers: *admin_headers assert_status: 200 portgroups_get_member: path: '/v1/portgroups' method: get headers: *scoped_member_headers assert_status: 200 portgroups_get_reader: path: '/v1/portgroups' method: get headers: *reader_headers assert_status: 200 portgroups_post_admin: path: '/v1/portgroups' method: post headers: *admin_headers body: &portgroup_body node_uuid: 18a552fb-dcd2-43bf-9302-e4c93287be11 assert_status: 201 portgroups_post_member: path: '/v1/portgroups' method: post headers: *scoped_member_headers body: *portgroup_body assert_status: 403 portgroups_post_reader: path: '/v1/portgroups' method: post headers: *reader_headers body: *portgroup_body assert_status: 403 portgroups_detail_get_admin: path: '/v1/portgroups/detail' method: get headers: *admin_headers assert_status: 200 portgroups_detail_get_member: path: '/v1/portgroups/detail' method: get headers: *scoped_member_headers assert_status: 200 portgroups_detail_get_reader: path: '/v1/portgroups/detail' method: get headers: *reader_headers assert_status: 200 portgroups_portgroup_ident_get_admin: path: '/v1/portgroups/{portgroup_ident}' method: get headers: *admin_headers assert_status: 200 portgroups_portgroup_ident_get_member: path: '/v1/portgroups/{portgroup_ident}' method: get headers: *scoped_member_headers assert_status: 200 portgroups_portgroup_ident_get_reader: path: '/v1/portgroups/{portgroup_ident}' method: get headers: *reader_headers assert_status: 200 portgroups_portgroup_ident_patch_admin: path: '/v1/portgroups/{portgroup_ident}' method: patch headers: *admin_headers body: &portgroup_patch_body - op: replace path: /extra value: {'test': 'testing'} assert_status: 503 portgroups_portgroup_ident_patch_member: path: '/v1/portgroups/{portgroup_ident}' method: patch headers: *scoped_member_headers body: *portgroup_patch_body assert_status: 503 portgroups_portgroup_ident_patch_reader: path: '/v1/portgroups/{portgroup_ident}' method: patch headers: *reader_headers body: *portgroup_patch_body assert_status: 403 # NOTE(TheJulia): Calls the conductor, so not 403 to validate # successful access control check. portgroups_portgroup_ident_delete_admin: path: '/v1/portgroups/{portgroup_ident}' method: delete headers: *admin_headers assert_status: 503 portgroups_portgroup_ident_delete_member: path: '/v1/portgroups/{portgroup_ident}' method: delete headers: *scoped_member_headers assert_status: 403 portgroups_portgroup_ident_delete_reader: path: '/v1/portgroups/{portgroup_ident}' method: delete headers: *reader_headers assert_status: 403 # Portgroups by node - https://docs.openstack.org/api-ref/baremetal/#listing-portgroups-by-node-nodes-portgroups nodes_portgroups_get_admin: path: '/v1/nodes/{node_ident}/portgroups' method: get headers: *admin_headers assert_status: 200 nodes_portgroups_get_member: path: '/v1/nodes/{node_ident}/portgroups' method: get headers: *scoped_member_headers assert_status: 200 nodes_portgroups_get_reader: path: '/v1/nodes/{node_ident}/portgroups' method: get headers: *reader_headers assert_status: 200 nodes_portgroups_detail_get_admin: path: '/v1/nodes/{node_ident}/portgroups/detail' method: get headers: *admin_headers assert_status: 200 nodes_portgroups_detail_get_member: path: '/v1/nodes/{node_ident}/portgroups/detail' method: get headers: *scoped_member_headers assert_status: 200 nodes_portgroups_detail_get_reader: path: '/v1/nodes/{node_ident}/portgroups/detail' method: get headers: *reader_headers assert_status: 200 # Ports - https://docs.openstack.org/api-ref/baremetal/#ports-ports ports_get_admin: path: '/v1/ports' method: get headers: *admin_headers assert_status: 200 ports_get_member: path: '/v1/ports' method: get headers: *scoped_member_headers assert_status: 200 ports_get_reader: path: '/v1/ports' method: get headers: *reader_headers assert_status: 200 # NOTE(TheJulia): Returns 400 when the conductor calls are # mocked indicating node lookup failed, which means the access # check was successful. ports_post_admin: path: '/v1/ports' method: post headers: *admin_headers assert_status: 400 body: &port_body node_uuid: 68a552fb-dcd2-43bf-9302-e4c93287be16 address: 00:01:02:03:04:05 ports_post_member: path: '/v1/ports' method: post headers: *scoped_member_headers assert_status: 403 body: node_uuid: 22e26c0b-03f2-4d2e-ae87-c02d7f33c000 address: 03:04:05:06:07:08 ports_post_reader: path: '/v1/ports' method: post headers: *reader_headers assert_status: 403 body: *port_body ports_detail_get_admin: path: '/v1/ports/detail' method: get headers: *admin_headers assert_status: 200 ports_detail_get_member: path: '/v1/ports/detail' method: get headers: *scoped_member_headers assert_status: 200 ports_detail_get_reader: path: '/v1/ports/detail' method: get headers: *reader_headers assert_status: 200 ports_port_id_get_admin: path: '/v1/ports/{port_ident}' method: get headers: *admin_headers assert_status: 200 ports_port_id_get_member: path: '/v1/ports/{port_ident}' method: get headers: *scoped_member_headers assert_status: 200 ports_port_id_get_reader: path: '/v1/ports/{port_ident}' method: get headers: *reader_headers assert_status: 200 # NOTE(TheJulia): Returns 500 without the ability to update # the conductor. ports_port_id_patch_admin: path: '/v1/ports/{port_ident}' method: patch headers: *admin_headers assert_status: 503 body: &port_patch_body - op: replace path: /extra value: {'test': 'testing'} ports_port_id_patch_member: path: '/v1/ports/{port_ident}' method: patch headers: *scoped_member_headers assert_status: 503 body: *port_patch_body ports_port_id_patch_reader: path: '/v1/ports/{port_ident}' method: patch headers: *reader_headers assert_status: 403 body: *port_patch_body # NOTE(TheJulia): This call attempts to use the conductor which # is not possible and thus not status of 403. ports_port_id_delete_admin: path: '/v1/ports/{port_ident}' method: delete headers: *admin_headers assert_status: 503 ports_port_id_delete_member: path: '/v1/ports/{port_ident}' method: delete headers: *scoped_member_headers assert_status: 403 ports_port_id_delete_reader: path: '/v1/ports/{port_ident}' method: delete headers: *reader_headers assert_status: 403 # Ports by node - https://docs.openstack.org/api-ref/baremetal/#listing-ports-by-node-nodes-ports nodes_ports_get_admin: path: '/v1/nodes/{node_ident}/ports' method: get headers: *admin_headers assert_status: 200 nodes_ports_get_member: path: '/v1/nodes/{node_ident}/ports' method: get headers: *scoped_member_headers assert_status: 200 nodes_ports_get_reader: path: '/v1/nodes/{node_ident}/ports' method: get headers: *reader_headers assert_status: 200 nodes_ports_detail_get_admin: path: '/v1/nodes/{node_ident}/ports/detail' method: get headers: *admin_headers assert_status: 200 nodes_ports_detail_get_member: path: '/v1/nodes/{node_ident}/ports/detail' method: get headers: *scoped_member_headers assert_status: 200 nodes_ports_detail_get_reader: path: '/v1/nodes/{node_ident}/ports/detail' method: get headers: *reader_headers assert_status: 200 # Ports by portgroup - https://docs.openstack.org/api-ref/baremetal/#listing-ports-by-portgroup-portgroup-ports portgroups_ports_get_admin: path: '/v1/portgroups/{portgroup_ident}/ports' method: get headers: *admin_headers assert_status: 200 portgroups_ports_get_member: path: '/v1/portgroups/{portgroup_ident}/ports' method: get headers: *scoped_member_headers assert_status: 200 portgroups_ports_get_reader: path: '/v1/portgroups/{portgroup_ident}/ports' method: get headers: *reader_headers assert_status: 200 portgroups_ports_detail_get_admin: path: '/v1/portgroups/{portgroup_ident}/ports/detail' method: get headers: *admin_headers assert_status: 200 portgroups_ports_detail_get_member: path: '/v1/portgroups/{portgroup_ident}/ports/detail' method: get headers: *scoped_member_headers assert_status: 200 portgroups_ports_detail_get_reader: path: '/v1/portgroups/{portgroup_ident}/ports/detail' method: get headers: *reader_headers assert_status: 200 # Volume(s) - https://docs.openstack.org/api-ref/baremetal/#volume-volume # TODO(TheJulia): volumes will likely need some level of exhaustive testing. # i.e. ensure that the volume is permissible. However this may not be possible # here. volume_get_admin: path: '/v1/volume' method: get headers: *admin_headers assert_status: 200 volume_get_member: path: '/v1/volume' method: get headers: *scoped_member_headers assert_status: 200 volume_get_reader: path: '/v1/volume' method: get headers: *reader_headers assert_status: 200 # Volume connectors volume_connectors_get_admin: path: '/v1/volume/connectors' method: get headers: *admin_headers assert_status: 200 volume_connectors_get_member: path: '/v1/volume/connectors' method: get headers: *scoped_member_headers assert_status: 200 volume_connectors_get_reader: path: '/v1/volume/connectors' method: get headers: *reader_headers assert_status: 200 # NOTE(TheJulia): This ends up returning a 400 due to the # UUID not already being in ironic. volume_connectors_post_admin: path: '/v1/volume/connectors' method: post headers: *admin_headers assert_status: 201 body: &volume_connector_body node_uuid: 1be26c0b-03f2-4d2e-ae87-c02d7f33c123 type: ip connector_id: 192.168.1.100 # If nova-compute is to operate as member rights, it needs to be able # to add volumes. volume_connectors_post_member: path: '/v1/volume/connectors' method: post headers: *scoped_member_headers assert_status: 201 body: *volume_connector_body volume_connectors_post_reader: path: '/v1/volume/connectors' method: post headers: *reader_headers assert_status: 403 body: *volume_connector_body volume_volume_connector_id_get_admin: path: '/v1/volume/connectors/{volume_connector_ident}' method: get headers: *admin_headers assert_status: 200 volume_volume_connector_id_get_member: path: '/v1/volume/connectors/{volume_connector_ident}' method: get headers: *scoped_member_headers assert_status: 200 volume_volume_connector_id_get_reader: path: '/v1/volume/connectors/{volume_connector_ident}' method: get headers: *reader_headers assert_status: 200 volume_volume_connector_id_patch_admin: path: '/v1/volume/connectors/{volume_connector_ident}' method: patch headers: *admin_headers body: &connector_patch_body - op: replace path: /extra value: {'test': 'testing'} assert_status: 503 volume_volume_connector_id_patch_member: path: '/v1/volume/connectors/{volume_connector_ident}' method: patch headers: *scoped_member_headers body: *connector_patch_body assert_status: 503 volume_volume_connector_id_patch_reader: path: '/v1/volume/connectors/{volume_connector_ident}' method: patch headers: *reader_headers body: *connector_patch_body assert_status: 403 volume_volume_connector_id_delete_admin: path: '/v1/volume/connectors/{volume_connector_ident}' method: delete headers: *admin_headers assert_status: 503 volume_volume_connector_id_delete_member: path: '/v1/volume/connectors/{volume_connector_ident}' method: delete headers: *scoped_member_headers assert_status: 503 volume_volume_connector_id_delete_reader: path: '/v1/volume/connectors/{volume_connector_ident}' method: delete headers: *reader_headers assert_status: 403 # Volume targets volume_targets_get_admin: path: '/v1/volume/targets' method: get headers: *admin_headers assert_status: 200 volume_targets_get_member: path: '/v1/volume/targets' method: get headers: *scoped_member_headers assert_status: 200 volume_targets_get_reader: path: '/v1/volume/targets' method: get headers: *reader_headers assert_status: 200 # NOTE(TheJulia): Because we can't seem to get the uuid # to load from an existing uuid, since we're not subsituting # it, this will return with 400 due to the ID not matching. volume_targets_post_admin: path: '/v1/volume/targets' method: post headers: *admin_headers assert_status: 201 body: &volume_target_body node_uuid: 1be26c0b-03f2-4d2e-ae87-c02d7f33c123 volume_type: iscsi boot_index: 1 volume_id: 'test-id' volume_targets_post_member: path: '/v1/volume/targets' method: post headers: *scoped_member_headers assert_status: 201 body: node_uuid: 1be26c0b-03f2-4d2e-ae87-c02d7f33c123 volume_type: iscsi boot_index: 2 volume_id: 'test-id2' volume_targets_post_reader: path: '/v1/volume/targets' method: post headers: *reader_headers assert_status: 403 body: *volume_target_body volume_volume_target_id_get_admin: path: '/v1/volume/targets/{volume_target_ident}' method: get headers: *admin_headers assert_status: 200 volume_volume_target_id_get_member: path: '/v1/volume/targets/{volume_target_ident}' method: get headers: *scoped_member_headers assert_status: 200 volume_volume_target_id_get_reader: path: '/v1/volume/targets/{volume_target_ident}' method: get headers: *reader_headers assert_status: 200 # NOTE(TheJulia): This triggers a call to the conductor and # thus will fail, but does not return a 403 which means success. volume_volume_target_id_patch_admin: path: '/v1/volume/targets/{volume_target_ident}' method: patch body: &volume_target_patch - op: replace path: /extra value: {'test': 'testing'} headers: *admin_headers assert_status: 503 volume_volume_target_id_patch_admin: path: '/v1/volume/targets/{volume_target_ident}' method: patch body: *volume_target_patch headers: *scoped_member_headers assert_status: 503 volume_volume_target_id_patch_reader: path: '/v1/volume/targets/{volume_target_ident}' method: patch body: *volume_target_patch headers: *reader_headers assert_status: 403 volume_volume_target_id_delete_admin: path: '/v1/volume/targets/{volume_target_ident}' method: delete headers: *admin_headers assert_status: 503 volume_volume_target_id_delete_member: path: '/v1/volume/targets/{volume_target_ident}' method: delete headers: *scoped_member_headers assert_status: 503 volume_volume_target_id_delete_reader: path: '/v1/volume/targets/{volume_target_ident}' method: delete headers: *reader_headers assert_status: 403 # Get Volumes by Node - https://docs.openstack.org/api-ref/baremetal/#listing-volume-resources-by-node-nodes-volume nodes_volume_get_admin: path: '/v1/nodes/{node_ident}/volume' method: get headers: *admin_headers assert_status: 200 nodes_volume_get_member: path: '/v1/nodes/{node_ident}/volume' method: get headers: *scoped_member_headers assert_status: 200 nodes_volume_get_reader: path: '/v1/nodes/{node_ident}/volume' method: get headers: *reader_headers assert_status: 200 nodes_volume_connectors_get_admin: path: '/v1/nodes/{node_ident}/volume/connectors' method: get headers: *admin_headers assert_status: 200 nodes_volume_connectors_get_member: path: '/v1/nodes/{node_ident}/volume/connectors' method: get headers: *scoped_member_headers assert_status: 200 nodes_volume_connectors_get_reader: path: '/v1/nodes/{node_ident}/volume/connectors' method: get headers: *reader_headers assert_status: 200 nodes_volume_targets_get_admin: path: '/v1/nodes/{node_ident}/volume/targets' method: get headers: *admin_headers assert_status: 200 nodes_volume_targets_get_member: path: '/v1/nodes/{node_ident}/volume/targets' method: get headers: *scoped_member_headers assert_status: 200 nodes_volume_targets_get_reader: path: '/v1/nodes/{node_ident}/volume/targets' method: get headers: *reader_headers assert_status: 200 # Drivers - https://docs.openstack.org/api-ref/baremetal/#drivers-drivers drivers_get_admin: path: '/v1/drivers' method: get headers: *admin_headers assert_status: 200 drivers_get_member: path: '/v1/drivers' method: get headers: *scoped_member_headers assert_status: 200 drivers_get_reader: path: '/v1/drivers' method: get headers: *reader_headers assert_status: 200 drivers_driver_name_get_admin: path: '/v1/drivers/{driver_name}' method: get headers: *admin_headers assert_status: 404 drivers_driver_name_get_member: path: '/v1/drivers/{driver_name}' method: get headers: *scoped_member_headers assert_status: 404 drivers_driver_name_get_reader: path: '/v1/drivers/{driver_name}' method: get headers: *reader_headers assert_status: 404 drivers_properties_get_admin: path: '/v1/drivers/{driver_name}/properties' method: get headers: *admin_headers assert_status: 404 drivers_properties_get_member: path: '/v1/drivers/{driver_name}/properties' method: get headers: *scoped_member_headers assert_status: 404 drivers_properties_get_reader: path: '/v1/drivers/{driver_name}/properties' method: get headers: *reader_headers assert_status: 404 drivers_raid_logical_disk_properties_get_admin: path: '/v1/drivers/{driver_name}/raid/logical_disk_properties' method: get headers: *admin_headers assert_status: 404 drivers_raid_logical_disk_properties_get_member: path: '/v1/drivers/{driver_name}/raid/logical_disk_properties' method: get headers: *scoped_member_headers assert_status: 404 drivers_raid_logical_disk_properties_get_reader: path: '/v1/drivers/{driver_name}/raid/logical_disk_properties' method: get headers: *reader_headers assert_status: 404 # Driver vendor passthru - https://docs.openstack.org/api-ref/baremetal/#driver-vendor-passthru-drivers drivers_vendor_passthru_methods_get_admin: path: '/v1/drivers/{driver_name}/vendor_passthru/methods' method: get headers: *admin_headers assert_status: 404 drivers_vendor_passthru_methods_get_member: path: '/v1/drivers/{driver_name}/vendor_passthru/methods' method: get headers: *scoped_member_headers assert_status: 403 drivers_vendor_passthru_methods_get_reader: path: '/v1/drivers/{driver_name}/vendor_passthru/methods' method: get headers: *reader_headers assert_status: 403 drivers_vendor_passthru_get_admin: path: '/v1/drivers/{driver_name}/vendor_passthru?method=test' method: get headers: *admin_headers assert_status: 404 drivers_vendor_passthru_get_member: path: '/v1/drivers/{driver_name}/vendor_passthru?method=test' method: get headers: *scoped_member_headers assert_status: 403 drivers_vendor_passthru_get_reader: path: '/v1/drivers/{driver_name}/vendor_passthru?method=test' method: get headers: *reader_headers assert_status: 403 drivers_vendor_passthru_post_admin: path: '/v1/drivers/{driver_name}/vendor_passthru?method=test' method: post headers: *admin_headers assert_status: 404 drivers_vendor_passthru_post_member: path: '/v1/drivers/{driver_name}/vendor_passthru?method=test' method: post headers: *scoped_member_headers assert_status: 403 drivers_vendor_passthru_post_reader: path: '/v1/drivers/{driver_name}/vendor_passthru?method=test' method: post headers: *reader_headers assert_status: 403 drivers_vendor_passthru_put_admin: path: '/v1/drivers/{driver_name}/vendor_passthru?method=test' method: put headers: *admin_headers assert_status: 404 drivers_vendor_passthru_put_member: path: '/v1/drivers/{driver_name}/vendor_passthru?method=test' method: put headers: *scoped_member_headers assert_status: 403 drivers_vendor_passthru_put_reader: path: '/v1/drivers/{driver_name}/vendor_passthru?method=test' method: put headers: *reader_headers assert_status: 403 # NOTE(TheJulia): Returns an error due to the driver name # not matching, but this should be pass policy checking. # "No conductors registered." drivers_vendor_passthru_delete_admin: path: '/v1/drivers/{driver_name}/vendor_passthru?method=test' method: delete headers: *admin_headers assert_status: 404 drivers_vendor_passthru_delete_reader: path: '/v1/drivers/{driver_name}/vendor_passthru?method=test' method: delete headers: *scoped_member_headers assert_status: 403 drivers_vendor_passthru_delete_reader: path: '/v1/drivers/{driver_name}/vendor_passthru?method=test' method: delete headers: *reader_headers assert_status: 403 # Node Bios - https://docs.openstack.org/api-ref/baremetal/#node-bios-nodes nodes_bios_get_admin: path: '/v1/nodes/{node_ident}/bios' method: get headers: *admin_headers assert_status: 200 nodes_bios_get_member: path: '/v1/nodes/{node_ident}/bios' method: get headers: *scoped_member_headers assert_status: 200 nodes_bios_get_reader: path: '/v1/nodes/{node_ident}/bios' method: get headers: *reader_headers assert_status: 200 nodes_bios_bios_setting_get_admin: path: '/v1/nodes/{node_ident}/bios/{bios_setting}' method: get headers: *admin_headers assert_status: 200 nodes_bios_bios_setting_get_member: path: '/v1/nodes/{node_ident}/bios/{bios_setting}' method: get headers: *scoped_member_headers assert_status: 200 nodes_bios_bios_setting_get_reader: path: '/v1/nodes/{node_ident}/bios/{bios_setting}' method: get headers: *reader_headers assert_status: 200 # Conductors - https://docs.openstack.org/api-ref/baremetal/#allocations-allocations conductors_get_admin: path: '/v1/conductors' method: get headers: *admin_headers assert_status: 200 conductors_get_member: path: '/v1/conductors' method: get headers: *scoped_member_headers assert_status: 200 conductors_get_reader: path: '/v1/conductors' method: get headers: *reader_headers assert_status: 200 conductors_hostname_get_admin: path: '/v1/conductors/{conductor_ident}' method: get headers: *admin_headers assert_status: 200 conductors_hostname_get_member: path: '/v1/conductors/{conductor_ident}' method: get headers: *scoped_member_headers assert_status: 200 conductors_hostname_get_reader: path: '/v1/conductors/{conductor_ident}' method: get headers: *reader_headers assert_status: 200 # Allocations - https://docs.openstack.org/api-ref/baremetal/#allocations-allocations # NOTE(TheJulia): Currently returns an HTTP 503 # Resource temporarily unavailable, please retry. # But we are getting past the policy check, which is #success allocations_post_admin: path: '/v1/allocations' method: post headers: *admin_headers body: &allocation_body resource_class: CUSTOM_TEST assert_status: 503 allocations_post_member: path: '/v1/allocations' method: post headers: *scoped_member_headers body: *allocation_body assert_status: 503 allocations_post_reader: path: '/v1/allocations' method: post headers: *reader_headers body: *allocation_body assert_status: 403 allocations_get_admin: path: '/v1/allocations' method: get headers: *admin_headers assert_status: 200 allocations_get_member: path: '/v1/allocations' method: get headers: *scoped_member_headers assert_status: 200 allocations_get_reader: path: '/v1/allocations' method: get headers: *reader_headers assert_status: 200 allocations_allocation_id_get_admin: path: '/v1/allocations/{allocation_ident}' method: get headers: *admin_headers assert_status: 200 allocations_allocation_id_get_member: path: '/v1/allocations/{allocation_ident}' method: get headers: *scoped_member_headers assert_status: 200 allocations_allocation_id_get_reader: path: '/v1/allocations/{allocation_ident}' method: get headers: *reader_headers assert_status: 200 allocations_allocation_id_patch_admin: path: '/v1/allocations/{allocation_ident}' method: patch headers: *admin_headers body: &allocation_patch - op: replace path: /extra value: {'test': 'testing'} assert_status: 200 allocations_allocation_id_patch_member: path: '/v1/allocations/{allocation_ident}' method: patch headers: *scoped_member_headers body: *allocation_patch assert_status: 200 allocations_allocation_id_patch_reader: path: '/v1/allocations/{allocation_ident}' method: patch headers: *reader_headers body: *allocation_patch assert_status: 403 # NOTE(TheJulia): Currently returns an HTTP 503 # Resource temporarily unavailable, please retry. # But we are getting past the policy check, which is #success allocations_allocation_id_delete_admin: path: '/v1/allocations/{allocation_ident}' method: delete headers: *admin_headers assert_status: 503 allocations_allocation_id_delete_member: path: '/v1/allocations/{allocation_ident}' method: delete headers: *scoped_member_headers assert_status: 503 allocations_allocation_id_delete_reader: path: '/v1/allocations/{allocation_ident}' method: delete headers: *reader_headers assert_status: 403 # Allocations ( Node level) - https://docs.openstack.org/api-ref/baremetal/#node-allocation-allocations-nodes nodes_allocation_get_admin: path: '/v1/nodes/{allocated_node_ident}/allocation' method: get headers: *admin_headers assert_status: 200 nodes_allocation_get_member: path: '/v1/nodes/{allocated_node_ident}/allocation' method: get headers: *scoped_member_headers assert_status: 200 nodes_allocation_get_reader: path: '/v1/nodes/{allocated_node_ident}/allocation' method: get headers: *reader_headers assert_status: 200 # NOTE(TheJulia): Currently returns an HTTP 503 # Resource temporarily unavailable, please retry. # But we are getting past the policy check, which is #success nodes_allocation_delete_admin: path: '/v1/nodes/{allocated_node_ident}/allocation' method: delete headers: *admin_headers assert_status: 503 nodes_allocation_delete_member: path: '/v1/nodes/{allocated_node_ident}/allocation' method: delete headers: *scoped_member_headers assert_status: 503 nodes_allocation_delete_reader: path: '/v1/nodes/{allocated_node_ident}/allocation' method: delete headers: *reader_headers assert_status: 403 # Deploy Templates - https://docs.openstack.org/api-ref/baremetal/#deploy-templates-deploy-templates deploy_templates_post_admin: path: '/v1/deploy_templates' method: post body: &deploy_template_body name: 'CUSTOM_TEST_TEMPLATE' steps: - interface: 'deploy' step: 'noop' args: {} priority: 0 headers: *admin_headers assert_status: 201 deploy_templates_post_member: path: '/v1/deploy_templates' method: post body: *deploy_template_body headers: *scoped_member_headers assert_status: 403 deploy_templates_post_reader: path: '/v1/deploy_templates' method: post body: *deploy_template_body headers: *reader_headers assert_status: 403 deploy_templates_get_admin: path: '/v1/deploy_templates' method: get headers: *admin_headers assert_status: 200 deploy_templates_get_member: path: '/v1/deploy_templates' method: get headers: *scoped_member_headers assert_status: 200 deploy_templates_get_reader: path: '/v1/deploy_templates' method: get headers: *reader_headers assert_status: 200 deploy_templates_deploy_template_id_get_admin: path: '/v1/deploy_templates/{deploy_template_ident}' method: get headers: *admin_headers assert_status: 200 deploy_templates_deploy_template_id_get_member: path: '/v1/deploy_templates/{deploy_template_ident}' method: get headers: *scoped_member_headers assert_status: 200 deploy_templates_deploy_template_id_get_reader: path: '/v1/deploy_templates/{deploy_template_ident}' method: get headers: *reader_headers assert_status: 200 deploy_templates_deploy_template_id_patch_admin: path: '/v1/deploy_templates/{deploy_template_ident}' method: patch body: &template_patch - op: replace path: /name value: 'CUSTOM_MAGIC' headers: *admin_headers assert_status: 200 deploy_templates_deploy_template_id_patch_member: path: '/v1/deploy_templates/{deploy_template_ident}' method: patch body: *template_patch headers: *scoped_member_headers assert_status: 403 deploy_templates_deploy_template_id_patch_reader: path: '/v1/deploy_templates/{deploy_template_ident}' method: patch body: *template_patch headers: *reader_headers assert_status: 403 deploy_templates_deploy_template_id_delete_admin: path: '/v1/deploy_templates/{deploy_template_ident}' method: delete headers: *admin_headers assert_status: 204 deploy_templates_deploy_template_id_delete_member: path: '/v1/deploy_templates/{deploy_template_ident}' method: delete headers: *scoped_member_headers assert_status: 403 deploy_templates_deploy_template_id_delete_reader: path: '/v1/deploy_templates/{deploy_template_ident}' method: delete headers: *reader_headers assert_status: 403 # Chassis endpoints - https://docs.openstack.org/api-ref/baremetal/#chassis-chassis chassis_post_admin: path: '/v1/chassis' method: post headers: *admin_headers body: &chassis_body description: 'test-chassis' assert_status: 201 chassis_post_member: path: '/v1/chassis' method: post headers: *scoped_member_headers body: *chassis_body assert_status: 403 chassis_post_reader: path: '/v1/chassis' method: post headers: *reader_headers body: *chassis_body assert_status: 403 chassis_get_admin: path: '/v1/chassis' method: get headers: *admin_headers assert_status: 200 chassis_get_member: path: '/v1/chassis' method: get headers: *scoped_member_headers assert_status: 200 chassis_get_reader: path: '/v1/chassis' method: get headers: *reader_headers assert_status: 200 chassis_detail_get_admin: path: '/v1/chassis/detail' method: get headers: *admin_headers assert_status: 200 chassis_detail_get_member: path: '/v1/chassis/detail' method: get headers: *scoped_member_headers assert_status: 200 chassis_detail_get_reader: path: '/v1/chassis/detail' method: get headers: *reader_headers assert_status: 200 chassis_chassis_id_get_admin: path: '/v1/chassis/{chassis_ident}' method: get headers: *admin_headers assert_status: 200 chassis_chassis_id_get_member: path: '/v1/chassis/{chassis_ident}' method: get headers: *scoped_member_headers assert_status: 200 chassis_chassis_id_get_reader: path: '/v1/chassis/{chassis_ident}' method: get headers: *reader_headers assert_status: 200 chassis_chassis_id_patch_admin: path: '/v1/chassis/{chassis_ident}' method: patch body: &chassis_patch - op: replace path: /description value: meow headers: *admin_headers assert_status: 200 chassis_chassis_id_patch_member: path: '/v1/chassis/{chassis_ident}' method: patch body: *chassis_patch headers: *scoped_member_headers assert_status: 200 chassis_chassis_id_patch_reader: path: '/v1/chassis/{chassis_ident}' method: patch body: *chassis_patch headers: *reader_headers assert_status: 403 chassis_chassis_id_delete_admin: path: '/v1/chassis/{chassis_ident}' method: delete headers: *admin_headers assert_status: 204 chassis_chassis_id_delete_member: path: '/v1/chassis/{chassis_ident}' method: delete headers: *scoped_member_headers assert_status: 403 chassis_chassis_id_delete_reader: path: '/v1/chassis/{chassis_ident}' method: delete headers: *reader_headers assert_status: 403