Skip to content

feat: admin tools gating and full API coverage (119 tools)#13

Merged
notque merged 3 commits intomainfrom
feat/admin-tools-full-coverage
May 7, 2026
Merged

feat: admin tools gating and full API coverage (119 tools)#13
notque merged 3 commits intomainfrom
feat/admin-tools-full-coverage

Conversation

@notque
Copy link
Copy Markdown
Owner

@notque notque commented May 7, 2026

Summary

  • Adds three-tier tool visibility: MCP_READ_ONLY (default read-only) → writes → MCP_ADMIN_TOOLS (admin)
  • Adds 33 new tools bringing total from 86 to 119 across 18 services
  • Admin tools require explicit MCP_ADMIN_TOOLS=true and are prefixed with [Admin] in descriptions
  • Adds sapcc/gophercloud-sapcc/v2 dependency for BGP VPN interconnections

New tools by category

Regular read (19 new): instance_actions, server_groups, volume_attachments, trunks, network_ip_availabilities, bgpvpn_interconnections, backups, transfers, l7rules, zone_transfer_requests, zone_transfer_accepts, image_members, containers, get_container, orders, snapshots, security_services, share_types, portgroups

Write (2 new): create_floating_ip, delete_floating_ip

Admin read (11 new): hypervisors, get_hypervisor, services (nova), aggregates, agents, services (cinder), amphorae, tasks, chassis, role_assignments, groups

Admin write (1 new): node_power_state (requires both admin AND write mode)

Security

  • Zone transfer keys excluded from responses (credential isolation)
  • Hypervisor HostIP excluded from responses
  • Ironic DriverInfo/BMC credentials excluded
  • Manila security service passwords excluded
  • All UUID params validated, path segments validated for non-UUID IDs
  • Admin tools invisible when MCP_ADMIN_TOOLS is not set

Test plan

  • go build ./... passes
  • go test ./... passes (including new admin registration test)
  • go vet ./... clean
  • gopls diagnostics clean
  • Security review: no credential exposure
  • Three-reviewer PR review with fixes applied

notque added 3 commits May 7, 2026 11:22
@notque
feat: add admin tools gating and 33 new tools (119 total)
1c80ddd 
Three-tier tool visibility model:
- MCP_READ_ONLY=true (default): 91 read-only tools
- MCP_READ_ONLY=false: + 16 write tools (107 total)
- MCP_ADMIN_TOOLS=true: + 12 admin tools (119 total)

New regular read tools:
- Nova: list_instance_actions, list_server_groups, list_volume_attachments
- Neutron: list_trunks, list_network_ip_availabilities, list_bgpvpn_interconnections
- Cinder: list_backups, list_transfers
- Octavia: list_l7rules
- Designate: list_zone_transfer_requests, list_zone_transfer_accepts
- Glance: list_image_members
- Barbican: list_containers, get_container, list_orders
- Manila: list_snapshots, list_security_services, list_share_types
- Ironic: list_portgroups

New write tools:
- Neutron: create_floating_ip, delete_floating_ip

New admin tools (gated by MCP_ADMIN_TOOLS=true):
- Nova: list_hypervisors, get_hypervisor, list_services, list_aggregates
- Neutron: list_agents
- Cinder: list_services
- Octavia: list_amphorae
- Glance: list_tasks
- Ironic: list_chassis, node_power_state (admin + write)
- Keystone: list_role_assignments, list_groups

Admin tool descriptions prefixed with [Admin] for LLM awareness.
Adds sapcc/gophercloud-sapcc/v2 dependency for BGP VPN interconnections.
@notque
fix: address review findings (security, consistency, test coverage)
d518eb6 
Security:
- Remove zone transfer request key from response (credential isolation)
- Add ValidatePathSegment to hypervisor_id parameter
- Use SafeQueryParams for ironic portgroups URL construction

Consistency:
- Standardize on make([]map[string]any, 0) for empty JSON arrays
- Hoist client-side filters above EachPage callbacks
- Fix Register comments (barbican/manila admin param is unused)
- Use _ for unused admin param in designate Register

Test coverage:
- Add TestAllModulesRegisterWithAdmin for admin=true path

Documentation:
- Add comments explaining raw HTTP usage for ironic portgroups/chassis
- Add comment explaining client-side type filtering in barbican
@notque
style: fix golangci-lint issues (paramTypeCombine, gofmt, perfsprint)
e592592 
- Combine consecutive bool params: (readOnly bool, admin bool) → (readOnly, admin bool)
- Fix trailing whitespace in designate.go (gofmt)
- Replace fmt.Sprintf with string concatenation for simple case (perfsprint)
@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 7, 2026

Merging this branch changes the coverage (3 decrease, 7 increase)

Impacted Packages Coverage Δ 🤖
github.com/notque/openstack-mcp-server/internal/config 0.00% (ø)
github.com/notque/openstack-mcp-server/internal/server 0.00% (ø)
github.com/notque/openstack-mcp-server/internal/tools/barbican 10.20% (-0.32%) 👎
github.com/notque/openstack-mcp-server/internal/tools/cinder 9.88% (+0.38%) 👍
github.com/notque/openstack-mcp-server/internal/tools/designate 8.57% (+0.11%) 👍
github.com/notque/openstack-mcp-server/internal/tools/glance 9.57% (+0.69%) 👍
github.com/notque/openstack-mcp-server/internal/tools/ironic 10.06% (+1.46%) 👍
github.com/notque/openstack-mcp-server/internal/tools/keystone 8.46% (-0.39%) 👎
github.com/notque/openstack-mcp-server/internal/tools/manila 9.27% (-0.25%) 👎
github.com/notque/openstack-mcp-server/internal/tools/neutron 8.24% (+0.11%) 👍
github.com/notque/openstack-mcp-server/internal/tools/nova 9.30% (+0.84%) 👍
github.com/notque/openstack-mcp-server/internal/tools/octavia 8.14% (+0.35%) 👍
github.com/notque/openstack-mcp-server/internal/tools/swift 9.17% (ø)
Coverage by file

Changed files (no unit tests)

Changed File Coverage Δ Total Covered Missed 🤖
github.com/notque/openstack-mcp-server/internal/config/config.go 0.00% (ø) 39 (+2) 0 39 (+2)
github.com/notque/openstack-mcp-server/internal/server/server.go 0.00% (ø) 60 (+2) 0 60 (+2)
github.com/notque/openstack-mcp-server/internal/tools/barbican/barbican.go 10.20% (-0.32%) 98 (+60) 10 (+6) 88 (+54) 👎
github.com/notque/openstack-mcp-server/internal/tools/cinder/cinder.go 9.88% (+0.38%) 243 (+64) 24 (+7) 219 (+57) 👍
github.com/notque/openstack-mcp-server/internal/tools/designate/designate.go 8.57% (+0.11%) 175 (+45) 15 (+4) 160 (+41) 👍
github.com/notque/openstack-mcp-server/internal/tools/glance/glance.go 9.57% (+0.69%) 94 (+49) 9 (+5) 85 (+44) 👍
github.com/notque/openstack-mcp-server/internal/tools/ironic/ironic.go 10.06% (+1.46%) 159 (+66) 16 (+8) 143 (+58) 👍
github.com/notque/openstack-mcp-server/internal/tools/keystone/keystone.go 8.46% (-0.39%) 260 (+68) 22 (+5) 238 (+63) 👎
github.com/notque/openstack-mcp-server/internal/tools/manila/manila.go 9.27% (-0.25%) 151 (+67) 14 (+6) 137 (+61) 👎
github.com/notque/openstack-mcp-server/internal/tools/neutron/neutron.go 8.24% (+0.11%) 364 (+155) 30 (+13) 334 (+142) 👍
github.com/notque/openstack-mcp-server/internal/tools/nova/nova.go 9.30% (+0.84%) 344 (+143) 32 (+15) 312 (+128) 👍
github.com/notque/openstack-mcp-server/internal/tools/octavia/octavia.go 8.14% (+0.35%) 295 (+51) 24 (+5) 271 (+46) 👍
github.com/notque/openstack-mcp-server/internal/tools/swift/swift.go 9.17% (ø) 120 11 109

Please note that the "Total", "Covered", and "Missed" counts above refer to code statements instead of lines of code. The value in brackets refers to the test coverage of that file in the old version of the code.

Changed unit test files

  • github.com/notque/openstack-mcp-server/internal/server/server_test.go

@notque notque merged commit cf81706 into main May 7, 2026
4 checks passed
@notque notque deleted the feat/admin-tools-full-coverage branch May 7, 2026 18:38
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@notque