Support to clear certificates when no certificates
Adds support to clear certificates when no certificates are provided. In this case the certificates that currently exist on the ilo are removed. Change-Id: I351554a0c65d60b63fb7bf57ed1a6bae89f2d71c
This commit is contained in:
parent
9a29e32bb2
commit
43ad8ae6dd
|
@ -905,7 +905,7 @@ class IloClient(operations.IloOperations):
|
|||
"""
|
||||
return self._call_method('add_tls_certificate', cert_file_list)
|
||||
|
||||
def remove_tls_certificate(self, cert_file_list):
|
||||
def remove_tls_certificate(self, cert_file_list=[]):
|
||||
"""Removes the TLS certificate from the iLO
|
||||
|
||||
:param cert_file_list: List of TLS certificate files
|
||||
|
|
|
@ -558,7 +558,7 @@ class IloOperations(object):
|
|||
"""
|
||||
raise exception.IloCommandNotSupportedError(ERRMSG)
|
||||
|
||||
def remove_tls_certificate(self, cert_file_list):
|
||||
def remove_tls_certificate(self, cert_file_list=[]):
|
||||
"""Removes the TLS certificate from the iLO
|
||||
|
||||
:param cert_file_list: List of TLS certificate files
|
||||
|
|
|
@ -1470,7 +1470,7 @@ class RedfishOperations(operations.IloOperations):
|
|||
msg = 'TLS certificate cannot be upload in BIOS boot mode'
|
||||
raise exception.IloCommandNotSupportedInBiosError(msg)
|
||||
|
||||
def remove_tls_certificate(self, cert_file_list):
|
||||
def remove_tls_certificate(self, cert_file_list=[]):
|
||||
"""Removes the TLS certificate from the iLO.
|
||||
|
||||
:param cert_file_list: List of TLS certificate files
|
||||
|
@ -1481,9 +1481,24 @@ class RedfishOperations(operations.IloOperations):
|
|||
"""
|
||||
sushy_system = self._get_sushy_system(PROLIANT_SYSTEM_ID)
|
||||
|
||||
if(self._is_boot_mode_uefi()):
|
||||
cert_dict = {}
|
||||
del_cert_list = []
|
||||
if not self._is_boot_mode_uefi():
|
||||
msg = 'TLS certificates cannot be removed in BIOS boot mode'
|
||||
raise exception.IloCommandNotSupportedInBiosError(msg)
|
||||
|
||||
cert_dict = {}
|
||||
del_cert_list = []
|
||||
|
||||
if not cert_file_list:
|
||||
tls_certificates = (sushy_system.bios_settings.tls_config.
|
||||
tls_certificates)
|
||||
for cert in tls_certificates:
|
||||
fp = cert.get("FingerPrint")
|
||||
cert_fp = {
|
||||
"FingerPrint": fp
|
||||
}
|
||||
del_cert_list.append(cert_fp)
|
||||
|
||||
else:
|
||||
for cert_file in cert_file_list:
|
||||
with open(cert_file, 'r') as f:
|
||||
data = json.dumps(f.read())
|
||||
|
@ -1515,22 +1530,19 @@ class RedfishOperations(operations.IloOperations):
|
|||
}
|
||||
del_cert_list.append(cert_fp)
|
||||
|
||||
if len(del_cert_list) == 0:
|
||||
msg = (self._("No valid certificate in %(cert_file_list)s.") %
|
||||
{"cert_file_list": cert_file_list})
|
||||
raise exception.IloError(msg)
|
||||
if len(del_cert_list) == 0:
|
||||
msg = (self._("No valid certificate in %(cert_file_list)s.") %
|
||||
{"cert_file_list": cert_file_list})
|
||||
raise exception.IloError(msg)
|
||||
|
||||
cert_dict.update({"DeleteCertificates": del_cert_list})
|
||||
cert_dict.update({"DeleteCertificates": del_cert_list})
|
||||
|
||||
try:
|
||||
(sushy_system.bios_settings.tls_config.
|
||||
tls_config_settings.remove_tls_certificate(cert_dict))
|
||||
except sushy.exceptions.SushyError as e:
|
||||
msg = (self._("The Redfish controller has failed to remove "
|
||||
"TLS certificate. Error %(error)s") %
|
||||
{'error': str(e)})
|
||||
LOG.debug(msg)
|
||||
raise exception.IloError(msg)
|
||||
else:
|
||||
msg = 'TLS certificate cannot be removed in BIOS boot mode'
|
||||
raise exception.IloCommandNotSupportedInBiosError(msg)
|
||||
try:
|
||||
(sushy_system.bios_settings.tls_config.
|
||||
tls_config_settings.remove_tls_certificate(cert_dict))
|
||||
except sushy.exceptions.SushyError as e:
|
||||
msg = (self._("The Redfish controller has failed to remove "
|
||||
"TLS certificate. Error %(error)s") %
|
||||
{'error': str(e)})
|
||||
LOG.debug(msg)
|
||||
raise exception.IloError(msg)
|
||||
|
|
|
@ -25,6 +25,9 @@ class TLSConfig(base.ResourceBase):
|
|||
from sushy.
|
||||
"""
|
||||
|
||||
tls_certificates = base.Field('Certificates')
|
||||
"""The certificates currently configured"""
|
||||
|
||||
@property
|
||||
@sushy_utils.cache_it
|
||||
def tls_config_settings(self):
|
||||
|
|
|
@ -21,6 +21,22 @@
|
|||
"@odata.type": "#HpeTlsConfig.v1_0_0.HpeTlsConfig",
|
||||
"Certificates":
|
||||
[
|
||||
{
|
||||
"FingerPrint": "1C:E7:B2:FD:9F:CB:14:EB:74:3F:EF:39:CC:81:DB:36:28:EF:D3:83:CD:B7:B3:63:7A:DB:C1:82:9A:84:A8:20",
|
||||
"Issuer": "C=AU, ST=Some-State, O=Internet Widgits Pty Ltd",
|
||||
"SerialNumber": "BD96C593395EA98",
|
||||
"Subject": "C=AU, ST=Some-State, O=Internet Widgits Pty Ltd",
|
||||
"ValidNotAfter": "02/23/2019 04:34",
|
||||
"ValidNotBefore": "02/23/2018 04:34"
|
||||
},
|
||||
{
|
||||
"FingerPrint": "FA:3A:68:C7:7E:ED:90:21:D2:FA:3E:54:6B:0C:14:D3:2F:8D:43:50:F7:05:A7:0F:1C:68:35:DB:5C:D2:53:28",
|
||||
"Issuer": "C=IN, ST=Karnataka, L=Bengaluru, O=HPE, OU=BCOS, CN=Vinay Muddu, emailAddress=vinay.m.kumar@hpe.com",
|
||||
"SerialNumber": "92DF813625F950E5",
|
||||
"Subject": "C=IN, ST=Karnataka, L=Bengaluru, O=HPE, OU=BCOS, CN=Vinay Muddu, emailAddress=vinay.m.kumar@hpe.com",
|
||||
"ValidNotAfter": "06/08/2021 06:40",
|
||||
"ValidNotBefore": "06/08/2020 06:40"
|
||||
}
|
||||
],
|
||||
"Ciphers": "AES128-SHA:AES256-SHA:AES128-SHA256:AES256-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384",
|
||||
"DeleteCertificates":
|
||||
|
|
|
@ -42,6 +42,7 @@ from proliantutils.redfish.resources.system.storage import array_controller
|
|||
from proliantutils.redfish.resources.system.storage \
|
||||
import common as common_storage
|
||||
from proliantutils.redfish.resources.system import system as pro_sys
|
||||
from proliantutils.redfish.resources.system import tls_config
|
||||
|
||||
|
||||
@ddt.ddt
|
||||
|
@ -2303,9 +2304,44 @@ class RedfishOperationsTestCase(testtools.TestCase):
|
|||
|
||||
self.assertRaisesRegex(
|
||||
exception.IloCommandNotSupportedInBiosError,
|
||||
'TLS certificate cannot be removed in BIOS boot mode',
|
||||
'TLS certificates cannot be removed in BIOS boot mode',
|
||||
self.rf_client.remove_tls_certificate, fp)
|
||||
|
||||
@mock.patch.object(redfish, 'load_certificate')
|
||||
@mock.patch.object(redfish, 'b64decode')
|
||||
@mock.patch.object(redfish.RedfishOperations, '_is_boot_mode_uefi')
|
||||
@mock.patch.object(redfish.RedfishOperations, '_get_sushy_system')
|
||||
def test_remove_tls_certificate_default(self, get_sushy_system_mock,
|
||||
_uefi_boot_mode_mock, decode_mock,
|
||||
load_cert_mock):
|
||||
_uefi_boot_mode_mock.return_value = True
|
||||
with open('proliantutils/tests/redfish/'
|
||||
'json_samples/tls_config.json', 'r') as f:
|
||||
jsonval = json.loads(f.read())
|
||||
tlsconfig_mock = mock.MagicMock(spec=tls_config.TLSConfig)
|
||||
|
||||
tls_mock = mock.PropertyMock(return_value=tlsconfig_mock)
|
||||
|
||||
type(get_sushy_system_mock.return_value.bios_settings).tls_config = (
|
||||
tls_mock)
|
||||
certificates = jsonval.get('Certificates')
|
||||
certs_mock = mock.PropertyMock(return_value=certificates)
|
||||
type(tlsconfig_mock).tls_certificates = certs_mock
|
||||
del_cert_list = []
|
||||
for cert in certificates:
|
||||
fp = cert.get("FingerPrint")
|
||||
cert_fp = {
|
||||
"FingerPrint": fp
|
||||
}
|
||||
del_cert_list.append(cert_fp)
|
||||
self.rf_client.remove_tls_certificate()
|
||||
(get_sushy_system_mock.return_value.
|
||||
bios_settings.tls_config.tls_config_settings.
|
||||
remove_tls_certificate.assert_called_once_with(
|
||||
{'DeleteCertificates': del_cert_list}))
|
||||
decode_mock.assert_not_called()
|
||||
load_cert_mock.assert_not_called()
|
||||
|
||||
@mock.patch.object(redfish.RedfishOperations,
|
||||
'_get_security_dashboard_values')
|
||||
def test__parse_security_dashboard_values_for_capabilities(self, sec_mock):
|
||||
|
|
Loading…
Reference in New Issue