add-schema-validations

Signed-off-by: Rafa Porres Molina <rporresm@redhat.com>

Author: rporres

schemas/variables.yaml

@@ -114,6 +114,15 @@ properties:
     "$ref": "#/definitions/ipv4Address"
   sshPubPath:
     "$ref": "#/definitions/nonEmptyString"
+  ironicHTTPSCACertificate:
+    type: string
+    description: PEM-encoded CA certificate for Ironic vmedia HTTPS (for BMC trust)
+  ironicHTTPSCertificate:
+    type: string
+    description: PEM-encoded TLS certificate for Ironic vmedia HTTPS server
+  ironicHTTPSKey:
+    type: string
+    description: PEM-encoded private key for Ironic vmedia HTTPS certificate
   sslAPICertificateFullChain:
     type: string
     description: PEM-encoded full certificate chain for API server
@@ -189,3 +198,17 @@ allOf:
         sslIngressCertificateKey:
           type: string
           minLength: 1
+  - if:
+      properties:
+        ironicHTTPSCertificate:
+          type: string
+          minLength: 1
+      required:
+        - ironicHTTPSCertificate
+    then:
+      required:
+        - ironicHTTPSKey
+      properties:
+        ironicHTTPSKey:
+          type: string
+          minLength: 1

test-fixtures/schemas/invalid/ironic-https-empty-key.yaml

@@ -0,0 +1,49 @@
+---
+# Invalid fixture: ironicHTTPSCertificate present but ironicHTTPSKey is empty
+# Expected failure: variables schema requires ironicHTTPSKey to be non-empty
+# when ironicHTTPSCertificate is provided.
+workingDir: /home/enclave
+baseDomain: enclave-test.nodns.in
+clusterName: mgmt
+machineNetwork: 192.168.2.0/24
+apiVIP: 192.168.2.201
+ingressVIP: 192.168.2.202
+defaultDNS: 9.30.31.32
+defaultGateway: 192.168.2.10
+defaultPrefix: 24
+rendezvousIP: 192.168.2.24
+lzBmcIP: 100.64.1.10
+quayUser: admin
+quayPassword: password
+quayBackend: LocalStorage
+blockStorageBackend: lvms
+pullSecret: {"auths":{}}
+sshPubPath: /home/enclave/.ssh/id_rsa.pub
+ironicHTTPSCertificate: |
+  -----BEGIN CERTIFICATE-----
+  DUMMY_IRONIC_CERT
+  -----END CERTIFICATE-----
+ironicHTTPSKey: ""
+agent_hosts:
+  - name: mgmt-ctl01
+    macAddress: 0c:c4:7a:62:fe:ec
+    ipAddress: 192.168.2.24
+    redfish: 192.168.1.101
+    rootDisk: /dev/disk/by-path/pci-0000:00:11.4-ata-1.0
+    redfishUser: admin
+    redfishPassword: password
+  - name: mgmt-ctl02
+    macAddress: 0c:c4:7a:62:fe:ed
+    ipAddress: 192.168.2.25
+    redfish: 192.168.1.102
+    rootDisk: /dev/disk/by-path/pci-0000:00:11.4-ata-1.0
+    redfishUser: admin
+    redfishPassword: password
+  - name: mgmt-ctl03
+    macAddress: 0c:c4:7a:62:fe:ee
+    ipAddress: 192.168.2.26
+    redfish: 192.168.1.103
+    rootDisk: /dev/disk/by-path/pci-0000:00:11.4-ata-1.0
+    redfishUser: admin
+    redfishPassword: password
+

test-fixtures/schemas/invalid/ironic-https-missing-key.yaml

@@ -0,0 +1,48 @@
+---
+# Invalid fixture: ironicHTTPSCertificate present but ironicHTTPSKey omitted
+# Expected failure: variables schema requires ironicHTTPSKey when
+# ironicHTTPSCertificate is present and non-empty.
+workingDir: /home/enclave
+baseDomain: enclave-test.nodns.in
+clusterName: mgmt
+machineNetwork: 192.168.2.0/24
+apiVIP: 192.168.2.201
+ingressVIP: 192.168.2.202
+defaultDNS: 9.30.31.32
+defaultGateway: 192.168.2.10
+defaultPrefix: 24
+rendezvousIP: 192.168.2.24
+lzBmcIP: 100.64.1.10
+quayUser: admin
+quayPassword: password
+quayBackend: LocalStorage
+blockStorageBackend: lvms
+pullSecret: {"auths":{}}
+sshPubPath: /home/enclave/.ssh/id_rsa.pub
+ironicHTTPSCertificate: |
+  -----BEGIN CERTIFICATE-----
+  DUMMY_IRONIC_CERT
+  -----END CERTIFICATE-----
+agent_hosts:
+  - name: mgmt-ctl01
+    macAddress: 0c:c4:7a:62:fe:ec
+    ipAddress: 192.168.2.24
+    redfish: 192.168.1.101
+    rootDisk: /dev/disk/by-path/pci-0000:00:11.4-ata-1.0
+    redfishUser: admin
+    redfishPassword: password
+  - name: mgmt-ctl02
+    macAddress: 0c:c4:7a:62:fe:ed
+    ipAddress: 192.168.2.25
+    redfish: 192.168.1.102
+    rootDisk: /dev/disk/by-path/pci-0000:00:11.4-ata-1.0
+    redfishUser: admin
+    redfishPassword: password
+  - name: mgmt-ctl03
+    macAddress: 0c:c4:7a:62:fe:ee
+    ipAddress: 192.168.2.26
+    redfish: 192.168.1.103
+    rootDisk: /dev/disk/by-path/pci-0000:00:11.4-ata-1.0
+    redfishUser: admin
+    redfishPassword: password
+

test-fixtures/schemas/valid/local-lvms-with-ironic-https.yaml

@@ -0,0 +1,53 @@
+---
+# Fixture: LocalStorage + lvms with Ironic vmedia HTTPS variables
+# Validates that the ironicHTTPSCertificate conditional passes when both
+# ironicHTTPSCertificate and ironicHTTPSKey are present.
+# ironicHTTPSCACertificate is omitted (always optional).
+workingDir: /home/enclave
+baseDomain: enclave-test.nodns.in
+clusterName: mgmt
+machineNetwork: 192.168.2.0/24
+apiVIP: 192.168.2.201
+ingressVIP: 192.168.2.202
+defaultDNS: 9.30.31.32
+defaultGateway: 192.168.2.10
+defaultPrefix: 24
+rendezvousIP: 192.168.2.24
+lzBmcIP: 100.64.1.10
+quayUser: admin
+quayPassword: password
+quayBackend: LocalStorage
+blockStorageBackend: lvms
+pullSecret: {"auths":{}}
+sshPubPath: /home/enclave/.ssh/id_rsa.pub
+ironicHTTPSCertificate: |
+  -----BEGIN CERTIFICATE-----
+  DUMMY_IRONIC_CERT
+  -----END CERTIFICATE-----
+ironicHTTPSKey: |
+  -----BEGIN DUMMY KEY-----
+  DUMMY_IRONIC_KEY
+  -----END DUMMY KEY-----
+agent_hosts:
+  - name: mgmt-ctl01
+    macAddress: 0c:c4:7a:62:fe:ec
+    ipAddress: 192.168.2.24
+    redfish: 192.168.1.101
+    rootDisk: /dev/disk/by-path/pci-0000:00:11.4-ata-1.0
+    redfishUser: admin
+    redfishPassword: password
+  - name: mgmt-ctl02
+    macAddress: 0c:c4:7a:62:fe:ed
+    ipAddress: 192.168.2.25
+    redfish: 192.168.1.102
+    rootDisk: /dev/disk/by-path/pci-0000:00:11.4-ata-1.0
+    redfishUser: admin
+    redfishPassword: password
+  - name: mgmt-ctl03
+    macAddress: 0c:c4:7a:62:fe:ee
+    ipAddress: 192.168.2.26
+    redfish: 192.168.1.103
+    rootDisk: /dev/disk/by-path/pci-0000:00:11.4-ata-1.0
+    redfishUser: admin
+    redfishPassword: password
+

test-fixtures/schemas/valid/radosgw-lvms-all-optionals.yaml

@@ -63,6 +63,18 @@ sslIngressCertificateKey: |
   -----BEGIN DUMMY KEY-----
   DUMMY_INGRESS_KEY
   -----END DUMMY KEY-----
+ironicHTTPSCertificate: |
+  -----BEGIN CERTIFICATE-----
+  DUMMY_IRONIC_CERT
+  -----END CERTIFICATE-----
+ironicHTTPSKey: |
+  -----BEGIN DUMMY KEY-----
+  DUMMY_IRONIC_KEY
+  -----END DUMMY KEY-----
+ironicHTTPSCACertificate: |
+  -----BEGIN CERTIFICATE-----
+  DUMMY_IRONIC_CA
+  -----END CERTIFICATE-----
 discovery_hosts:
   - name: discovery-host-01
     macAddress: 0c:c4:7a:62:ff:01