Merge "Add security dashboard attributes"
This commit is contained in:
commit
9734712019
|
@ -654,6 +654,72 @@ class RedfishOperations(operations.IloOperations):
|
||||||
LOG.debug(msg)
|
LOG.debug(msg)
|
||||||
raise exception.IloError(msg)
|
raise exception.IloError(msg)
|
||||||
|
|
||||||
|
def _get_security_dashboard_values(self):
|
||||||
|
"""Gets all the parameters related to security dashboard.
|
||||||
|
|
||||||
|
:return: a dictionary of the security dashboard values
|
||||||
|
with their security status and security parameters
|
||||||
|
with their complete details and security status.
|
||||||
|
:raises: IloError, if security dashboard or their params
|
||||||
|
not found or on an error from iLO.
|
||||||
|
"""
|
||||||
|
sec_capabilities = {}
|
||||||
|
sushy_manager = self._get_sushy_manager(PROLIANT_MANAGER_ID)
|
||||||
|
try:
|
||||||
|
|
||||||
|
security_dashboard = (
|
||||||
|
sushy_manager.securityservice.securitydashboard)
|
||||||
|
security_params = (
|
||||||
|
sushy_manager.securityservice.securityparamscollectionuri)
|
||||||
|
sec_capabilities.update(
|
||||||
|
{'server_configuration_lock_status': (
|
||||||
|
security_dashboard.server_configuration_lock_status),
|
||||||
|
'overall_security_status': (
|
||||||
|
security_dashboard.overall_status)})
|
||||||
|
security_parameters = {}
|
||||||
|
param_members = security_params.get_members()
|
||||||
|
for param in param_members:
|
||||||
|
param_dict = {param.name: {'security_status': param.status,
|
||||||
|
'state': param.state,
|
||||||
|
'ignore': param.ignore}}
|
||||||
|
if param.description:
|
||||||
|
param_dict[param.name].update(
|
||||||
|
{'description': param.description})
|
||||||
|
if param.recommended_action:
|
||||||
|
param_dict[param.name].update(
|
||||||
|
{'recommended_action': param.recommended_action})
|
||||||
|
security_parameters.update(param_dict)
|
||||||
|
sec_capabilities.update(
|
||||||
|
{'security_parameters': security_parameters})
|
||||||
|
except sushy.exceptions.SushyError as e:
|
||||||
|
msg = (self._("The Redfish controller is unable to get "
|
||||||
|
"resource or its members. Error "
|
||||||
|
"%(error)s)") % {'error': str(e)})
|
||||||
|
LOG.debug(msg)
|
||||||
|
raise exception.IloError(msg)
|
||||||
|
|
||||||
|
return sec_capabilities
|
||||||
|
|
||||||
|
def _parse_security_dashboard_values_for_capabilities(self):
|
||||||
|
"""Parses the security dashboard parameters.
|
||||||
|
|
||||||
|
:returns: a dictionary of only those security parameters and their
|
||||||
|
security status which are applicable for ironic.
|
||||||
|
"""
|
||||||
|
values = self._get_security_dashboard_values()
|
||||||
|
ironic_sec_capabilities = {}
|
||||||
|
ironic_sec_capabilities.update(
|
||||||
|
{'overall_security_status': values.get('overall_security_status')})
|
||||||
|
param_values = values.get('security_parameters')
|
||||||
|
p_map = {'Last Firmware Scan Result': 'last_firmware_scan_result',
|
||||||
|
'Security Override Switch': 'security_override_switch'}
|
||||||
|
p_keys = p_map.keys()
|
||||||
|
for p_key, p_val in param_values.items():
|
||||||
|
if p_key in p_keys:
|
||||||
|
p_dict = {p_map.get(p_key): p_val.get('security_status')}
|
||||||
|
ironic_sec_capabilities.update(p_dict)
|
||||||
|
return ironic_sec_capabilities
|
||||||
|
|
||||||
def get_server_capabilities(self):
|
def get_server_capabilities(self):
|
||||||
"""Returns the server capabilities
|
"""Returns the server capabilities
|
||||||
|
|
||||||
|
@ -726,6 +792,9 @@ class RedfishOperations(operations.IloOperations):
|
||||||
'logical_nvdimm_n': (
|
'logical_nvdimm_n': (
|
||||||
json.dumps(memory_data.has_logical_nvdimm_n))})
|
json.dumps(memory_data.has_logical_nvdimm_n))})
|
||||||
|
|
||||||
|
capabilities.update(
|
||||||
|
self._parse_security_dashboard_values_for_capabilities())
|
||||||
|
|
||||||
except sushy.exceptions.SushyError as e:
|
except sushy.exceptions.SushyError as e:
|
||||||
msg = (self._("The Redfish controller is unable to get "
|
msg = (self._("The Redfish controller is unable to get "
|
||||||
"resource or its members. Error "
|
"resource or its members. Error "
|
||||||
|
|
|
@ -17,6 +17,7 @@ __author__ = 'HPE'
|
||||||
from sushy.resources.manager import manager
|
from sushy.resources.manager import manager
|
||||||
from sushy import utils as sushy_utils
|
from sushy import utils as sushy_utils
|
||||||
|
|
||||||
|
from proliantutils.redfish.resources.manager import security_service
|
||||||
from proliantutils.redfish.resources.manager import virtual_media
|
from proliantutils.redfish.resources.manager import virtual_media
|
||||||
from proliantutils.redfish import utils
|
from proliantutils.redfish import utils
|
||||||
|
|
||||||
|
@ -49,3 +50,11 @@ class HPEManager(manager.Manager):
|
||||||
return virtual_media.VirtualMediaCollection(
|
return virtual_media.VirtualMediaCollection(
|
||||||
self._conn, utils.get_subresource_path_by(self, 'VirtualMedia'),
|
self._conn, utils.get_subresource_path_by(self, 'VirtualMedia'),
|
||||||
redfish_version=self.redfish_version)
|
redfish_version=self.redfish_version)
|
||||||
|
|
||||||
|
@property
|
||||||
|
@sushy_utils.cache_it
|
||||||
|
def securityservice(self):
|
||||||
|
return security_service.SecurityService(
|
||||||
|
self._conn, utils.get_subresource_path_by(
|
||||||
|
self, ['Oem', 'Hpe', 'Links', 'SecurityService']),
|
||||||
|
redfish_version=self.redfish_version)
|
||||||
|
|
|
@ -0,0 +1,31 @@
|
||||||
|
# Copyright 2017 Hewlett Packard Enterprise Development LP
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||||
|
# not use this file except in compliance with the License. You may obtain
|
||||||
|
# a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||||
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||||
|
# License for the specific language governing permissions and limitations
|
||||||
|
# under the License.
|
||||||
|
|
||||||
|
__author__ = 'HPE'
|
||||||
|
|
||||||
|
from sushy.resources import base
|
||||||
|
|
||||||
|
|
||||||
|
class SecurityDashboard(base.ResourceBase):
|
||||||
|
|
||||||
|
identity = base.Field('Id', required=True)
|
||||||
|
"""The identity for the instance."""
|
||||||
|
|
||||||
|
overall_status = base.Field('OverallSecurityStatus', required=True)
|
||||||
|
"""Overall security status of the server"""
|
||||||
|
|
||||||
|
server_configuration_lock_status = (
|
||||||
|
base.Field('ServerConfigurationLockStatus', required=True))
|
||||||
|
|
||||||
|
security_param_uri = base.Field(["SecurityParameters", "@odata.id"])
|
|
@ -0,0 +1,43 @@
|
||||||
|
# Copyright 2017 Hewlett Packard Enterprise Development LP
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||||
|
# not use this file except in compliance with the License. You may obtain
|
||||||
|
# a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||||
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||||
|
# License for the specific language governing permissions and limitations
|
||||||
|
# under the License.
|
||||||
|
|
||||||
|
__author__ = 'HPE'
|
||||||
|
|
||||||
|
from sushy.resources import base
|
||||||
|
|
||||||
|
from proliantutils import log
|
||||||
|
|
||||||
|
LOG = log.get_logger(__name__)
|
||||||
|
|
||||||
|
|
||||||
|
class SecurityParams(base.ResourceBase):
|
||||||
|
|
||||||
|
identity = base.Field('Id', required=True)
|
||||||
|
"""The identity for the instance."""
|
||||||
|
|
||||||
|
status = base.Field('SecurityStatus', required=True)
|
||||||
|
"""Security status of the server"""
|
||||||
|
|
||||||
|
name = base.Field('Name', required=True)
|
||||||
|
state = base.Field('State', required=True)
|
||||||
|
ignore = base.Field('Ignore', required=True)
|
||||||
|
description = base.Field('Description')
|
||||||
|
recommended_action = base.Field('RecommendedAction')
|
||||||
|
|
||||||
|
|
||||||
|
class SecurityParamsCollection(base.ResourceCollectionBase):
|
||||||
|
|
||||||
|
@property
|
||||||
|
def _resource_type(self):
|
||||||
|
return SecurityParams
|
|
@ -0,0 +1,60 @@
|
||||||
|
# Copyright 2017 Hewlett Packard Enterprise Development LP
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||||
|
# not use this file except in compliance with the License. You may obtain
|
||||||
|
# a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||||
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||||
|
# License for the specific language governing permissions and limitations
|
||||||
|
# under the License.
|
||||||
|
|
||||||
|
__author__ = 'HPE'
|
||||||
|
|
||||||
|
from sushy.resources import base
|
||||||
|
from sushy import utils as sushy_utils
|
||||||
|
|
||||||
|
from proliantutils import log
|
||||||
|
from proliantutils.redfish.resources.manager import security_dashboard
|
||||||
|
from proliantutils.redfish.resources.manager import security_params
|
||||||
|
|
||||||
|
|
||||||
|
LOG = log.get_logger(__name__)
|
||||||
|
|
||||||
|
|
||||||
|
class SecurityService(base.ResourceBase):
|
||||||
|
|
||||||
|
identity = base.Field('Id', required=True)
|
||||||
|
"""The identity for the instance."""
|
||||||
|
|
||||||
|
security_params_collection_uri = (
|
||||||
|
base.Field(["Links", "SecurityParams", "@odata.id"],
|
||||||
|
required=True))
|
||||||
|
security_dashboard_uri = (
|
||||||
|
base.Field(["Links", "SecurityDashboard", "@odata.id"],
|
||||||
|
required=True))
|
||||||
|
|
||||||
|
@property
|
||||||
|
@sushy_utils.cache_it
|
||||||
|
def securitydashboard(self):
|
||||||
|
"""This property gets the instance for security dashboard
|
||||||
|
|
||||||
|
:returns: an instance of security dashboard
|
||||||
|
"""
|
||||||
|
return security_dashboard.SecurityDashboard(
|
||||||
|
self._conn, self.security_dashboard_uri,
|
||||||
|
redfish_version=self.redfish_version)
|
||||||
|
|
||||||
|
@property
|
||||||
|
@sushy_utils.cache_it
|
||||||
|
def securityparamscollectionuri(self):
|
||||||
|
"""Gets the list of instances for security params
|
||||||
|
|
||||||
|
:returns: the list of instances of security params.
|
||||||
|
"""
|
||||||
|
return security_params.SecurityParamsCollection(
|
||||||
|
self._conn, self.security_params_collection_uri,
|
||||||
|
redfish_version=self.redfish_version)
|
|
@ -0,0 +1,12 @@
|
||||||
|
{
|
||||||
|
"@odata.context": "/redfish/v1/$metadata#HpeiLOSecurityDashboard.HpeiLOSecurityDashboard",
|
||||||
|
"@odata.etag": "W/\"543055B3\"",
|
||||||
|
"@odata.id": "/redfish/v1/Managers/1/SecurityService/SecurityDashboard",
|
||||||
|
"@odata.type": "#HpeiLOSecurityDashboard.v1_0_0.HpeiLOSecurityDashboard",
|
||||||
|
"Id": "SecurityDashboard",
|
||||||
|
"OverallSecurityStatus": "Risk",
|
||||||
|
"SecurityParameters": {
|
||||||
|
"@odata.id": "/redfish/v1/Managers/1/SecurityService/SecurityDashboard/SecurityParams"
|
||||||
|
},
|
||||||
|
"ServerConfigurationLockStatus": "Disabled"
|
||||||
|
}
|
|
@ -0,0 +1,11 @@
|
||||||
|
{
|
||||||
|
"@odata.context": "/redfish/v1/$metadata#HpeiLOSecurityParam.HpeiLOSecurityParam",
|
||||||
|
"@odata.etag": "W/\"A3A6BF43\"",
|
||||||
|
"@odata.id": "/redfish/v1/Managers/1/SecurityService/SecurityDashboard/SecurityParams/0",
|
||||||
|
"@odata.type": "#HpeiLOSecurityParam.v1_0_0.HpeiLOSecurityParam",
|
||||||
|
"Id": "0",
|
||||||
|
"Ignore": false,
|
||||||
|
"Name": "Security Override Switch",
|
||||||
|
"SecurityStatus": "Ok",
|
||||||
|
"State": "Off"
|
||||||
|
}
|
|
@ -0,0 +1,11 @@
|
||||||
|
{
|
||||||
|
"@odata.context": "/redfish/v1/$metadata#HpeiLOSecurityParam.HpeiLOSecurityParam",
|
||||||
|
"@odata.etag": "W/\"A3A6BF43\"",
|
||||||
|
"@odata.id": "/redfish/v1/Managers/1/SecurityService/SecurityDashboard/SecurityParams/1",
|
||||||
|
"@odata.type": "#HpeiLOSecurityParam.v1_0_0.HpeiLOSecurityParam",
|
||||||
|
"Id": "1",
|
||||||
|
"Ignore": false,
|
||||||
|
"Name": "IPMI/DCMI Over LAN",
|
||||||
|
"SecurityStatus": "Ok",
|
||||||
|
"State": "Disabled"
|
||||||
|
}
|
|
@ -0,0 +1,14 @@
|
||||||
|
{
|
||||||
|
"@odata.context": "/redfish/v1/$metadata#HpeiLOSecurityParamCollection.HpeiLOSecurityParamCollection",
|
||||||
|
"@odata.etag": "W/\"1E796226\"",
|
||||||
|
"@odata.id": "/redfish/v1/Managers/1/SecurityService/SecurityDashboard/SecurityParams",
|
||||||
|
"@odata.type": "#HpeiLOSecurityParamCollection.HpeiLOSecurityParamCollection",
|
||||||
|
"Description": "iLO Security Parameter Collection",
|
||||||
|
"Name": "Security Parameter Collection",
|
||||||
|
"Members": [{
|
||||||
|
"@odata.id": "/redfish/v1/Managers/1/SecurityService/SecurityDashboard/SecurityParams/0"
|
||||||
|
}, {
|
||||||
|
"@odata.id": "/redfish/v1/Managers/1/SecurityService/SecurityDashboard/SecurityParams/1"
|
||||||
|
}],
|
||||||
|
"Members@odata.count": 2
|
||||||
|
}
|
|
@ -0,0 +1,34 @@
|
||||||
|
{
|
||||||
|
"@odata.context": "/redfish/v1/$metadata#HpeSecurityService.HpeSecurityService",
|
||||||
|
"@odata.etag": "W/\"B61FA0F1\"",
|
||||||
|
"@odata.id": "/redfish/v1/Managers/1/SecurityService",
|
||||||
|
"@odata.type": "#HpeSecurityService.v2_2_0.HpeSecurityService",
|
||||||
|
"Id": "SecurityService",
|
||||||
|
"CurrentCipher": "ECDHE-RSA-AES256-GCM-SHA384",
|
||||||
|
"Links": {
|
||||||
|
"ESKM": {
|
||||||
|
"@odata.id": "/redfish/v1/Managers/1/SecurityService/ESKM"
|
||||||
|
},
|
||||||
|
"HttpsCert": {
|
||||||
|
"@odata.id": "/redfish/v1/Managers/1/SecurityService/HttpsCert"
|
||||||
|
},
|
||||||
|
"SSO": {
|
||||||
|
"@odata.id": "/redfish/v1/Managers/1/SecurityService/SSO"
|
||||||
|
},
|
||||||
|
"SecurityDashboard": {
|
||||||
|
"@odata.id": "/redfish/v1/Managers/1/SecurityService/SecurityDashboard"
|
||||||
|
},
|
||||||
|
"SecurityParams": {
|
||||||
|
"@odata.id": "/redfish/v1/Managers/1/SecurityService/SecurityDashboard/SecurityParams"
|
||||||
|
},
|
||||||
|
"CertAuth": {
|
||||||
|
"@odata.id": "/redfish/v1/Managers/1/SecurityService/CertificateAuthentication"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"LoginSecurityBanner": {
|
||||||
|
"IsEnabled": false
|
||||||
|
},
|
||||||
|
"SSHHostKey": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDQEv+Fv4xLYjuKRS30nhqHVasE/PXiEKN12mdZQA97K4yJY+9lHqFJOt82mUelHLnO4fvWuqdML4LeiXo6LI2EJBR83hE4jjsPmKS7ZBa3I6PI3KF8CiBN4mFaSdcTEA/ZYZFKwVcQgOox3Hu1TYu2b41bAofKl1f5ZBBmZ/ZGnoeGsq4PNFqj/xtVAOdj+rqYnuK8yNzetl+WXiMF7/lmFKuuKLoM0GfY7nQjSSlu+XwZhUflQYiKHHfq0gl+I3u8KbNaNbHjHMjQVPYSzaRRkR9F2M8N2bqR47EzAC3qOt3SMBCt4ka+87dIS54ji6dC3uk+xRqJv2kuREyELqlV",
|
||||||
|
"SecurityState": "Production",
|
||||||
|
"SecurityState@Redfish.AllowableValues": ["Production", "HighSecurity", "FIPS"]
|
||||||
|
}
|
|
@ -0,0 +1,44 @@
|
||||||
|
# Copyright 2020 Hewlett Packard Enterprise Development LP.
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||||
|
# not use this file except in compliance with the License. You may obtain
|
||||||
|
# a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||||
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||||
|
# License for the specific language governing permissions and limitations
|
||||||
|
# under the License.
|
||||||
|
"""Test Class for SecurityDashboard."""
|
||||||
|
|
||||||
|
import json
|
||||||
|
|
||||||
|
import mock
|
||||||
|
import testtools
|
||||||
|
|
||||||
|
from proliantutils.redfish.resources.manager import security_dashboard
|
||||||
|
|
||||||
|
|
||||||
|
class SecurityDashboardTestCase(testtools.TestCase):
|
||||||
|
|
||||||
|
def setUp(self):
|
||||||
|
super(SecurityDashboardTestCase, self).setUp()
|
||||||
|
self.conn = mock.Mock()
|
||||||
|
security_param_file = ('proliantutils/tests/redfish/json_samples/'
|
||||||
|
'security_dashboard.json')
|
||||||
|
with open(security_param_file) as f:
|
||||||
|
self.json_doc = json.load(f)
|
||||||
|
self.conn.get.return_value.json.return_value = (
|
||||||
|
self.json_doc)
|
||||||
|
|
||||||
|
path = ("/redfish/v1/Mangers/1/SecurityService/"
|
||||||
|
"SecurityDashboard")
|
||||||
|
self.sec_dash = security_dashboard.SecurityDashboard(
|
||||||
|
self.conn, path, '1.0.2', None)
|
||||||
|
|
||||||
|
def test__parse_attributes(self):
|
||||||
|
self.sec_dash._parse_attributes(self.json_doc)
|
||||||
|
self.assertEqual('1.0.2', self.sec_dash.redfish_version)
|
||||||
|
self.assertEqual("Risk", self.sec_dash.overall_status)
|
|
@ -0,0 +1,99 @@
|
||||||
|
# Copyright 2020 Hewlett Packard Enterprise Development LP
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||||
|
# not use this file except in compliance with the License. You may obtain
|
||||||
|
# a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||||
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||||
|
# License for the specific language governing permissions and limitations
|
||||||
|
# under the License.
|
||||||
|
"""Test Class for SecurityParamsTestCase"""
|
||||||
|
|
||||||
|
import json
|
||||||
|
|
||||||
|
import mock
|
||||||
|
import testtools
|
||||||
|
|
||||||
|
from proliantutils.redfish.resources.manager import security_params
|
||||||
|
|
||||||
|
|
||||||
|
class SecurityParamsTestCase(testtools.TestCase):
|
||||||
|
|
||||||
|
def setUp(self):
|
||||||
|
super(SecurityParamsTestCase, self).setUp()
|
||||||
|
self.conn = mock.Mock()
|
||||||
|
security_param_file = ('proliantutils/tests/redfish/json_samples/'
|
||||||
|
'security_param.json')
|
||||||
|
with open(security_param_file) as f:
|
||||||
|
self.json_doc = json.load(f)
|
||||||
|
self.conn.get.return_value.json.return_value = (
|
||||||
|
self.json_doc)
|
||||||
|
|
||||||
|
path = ("/redfish/v1/Mangers/1/SecurityService/"
|
||||||
|
"SecurityDashboard/SecurityParams")
|
||||||
|
self.sec_param = security_params.SecurityParams(
|
||||||
|
self.conn, path, '1.0.2', None)
|
||||||
|
|
||||||
|
def test__parse_attributes(self):
|
||||||
|
self.sec_param._parse_attributes(self.json_doc)
|
||||||
|
self.assertEqual('1.0.2', self.sec_param.redfish_version)
|
||||||
|
self.assertEqual("Security Override Switch", self.sec_param.name)
|
||||||
|
self.assertEqual("Ok", self.sec_param.status)
|
||||||
|
self.assertEqual("Off", self.sec_param.state)
|
||||||
|
|
||||||
|
|
||||||
|
class SecurityParamsCollectionTestCase(testtools.TestCase):
|
||||||
|
|
||||||
|
def setUp(self):
|
||||||
|
super(SecurityParamsCollectionTestCase, self).setUp()
|
||||||
|
self.conn = mock.Mock()
|
||||||
|
with open('proliantutils/tests/redfish/json_samples/'
|
||||||
|
'security_params_collection.json', 'r') as f:
|
||||||
|
self.json_doc = json.load(f)
|
||||||
|
self.conn.get.return_value.json.return_value = self.json_doc
|
||||||
|
self.sec_params_col = security_params.SecurityParamsCollection(
|
||||||
|
self.conn,
|
||||||
|
('/redfish/v1/Managers/1/SecurityService/'
|
||||||
|
'SecurityDashboard/SecurityParams'),
|
||||||
|
redfish_version='1.0.2')
|
||||||
|
|
||||||
|
def test__parse_attributes(self):
|
||||||
|
self.sec_params_col._parse_attributes(self.json_doc)
|
||||||
|
self.assertEqual('1.0.2', self.sec_params_col.redfish_version)
|
||||||
|
self.assertEqual('Security Parameter Collection',
|
||||||
|
self.sec_params_col.name)
|
||||||
|
path = ('/redfish/v1/Managers/1/SecurityService/'
|
||||||
|
'SecurityDashboard/SecurityParams/0',
|
||||||
|
'/redfish/v1/Managers/1/SecurityService/'
|
||||||
|
'SecurityDashboard/SecurityParams/1')
|
||||||
|
self.assertEqual(path, self.sec_params_col.members_identities)
|
||||||
|
|
||||||
|
@mock.patch.object(security_params, 'SecurityParams', autospec=True)
|
||||||
|
def test_get_member(self, mock_eth):
|
||||||
|
self.sec_params_col.get_member(
|
||||||
|
'/redfish/v1/Managers/1/SecurityService/SecurityDashboard/'
|
||||||
|
'SecurityParams/1')
|
||||||
|
mock_eth.assert_called_once_with(
|
||||||
|
self.sec_params_col._conn,
|
||||||
|
('/redfish/v1/Managers/1/SecurityService/SecurityDashboard/'
|
||||||
|
'SecurityParams/1'),
|
||||||
|
self.sec_params_col.redfish_version, None)
|
||||||
|
|
||||||
|
@mock.patch.object(security_params, 'SecurityParams', autospec=True)
|
||||||
|
def test_get_members(self, mock_eth):
|
||||||
|
members = self.sec_params_col.get_members()
|
||||||
|
path = ('/redfish/v1/Managers/1/SecurityService/SecurityDashboard/'
|
||||||
|
'SecurityParams/0')
|
||||||
|
path2 = ('/redfish/v1/Managers/1/SecurityService/SecurityDashboard/'
|
||||||
|
'SecurityParams/1')
|
||||||
|
calls = [mock.call(self.sec_params_col._conn, path,
|
||||||
|
self.sec_params_col.redfish_version, None),
|
||||||
|
mock.call(self.sec_params_col._conn, path2,
|
||||||
|
self.sec_params_col.redfish_version, None)]
|
||||||
|
mock_eth.assert_has_calls(calls)
|
||||||
|
self.assertIsInstance(members, list)
|
||||||
|
self.assertEqual(2, len(members))
|
|
@ -0,0 +1,41 @@
|
||||||
|
# Copyright 2017 Hewlett Packard Enterprise Development LP
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||||
|
# not use this file except in compliance with the License. You may obtain
|
||||||
|
# a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||||
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||||
|
# License for the specific language governing permissions and limitations
|
||||||
|
# under the License.
|
||||||
|
|
||||||
|
import json
|
||||||
|
|
||||||
|
import mock
|
||||||
|
import testtools
|
||||||
|
|
||||||
|
from proliantutils.redfish.resources.manager import security_service
|
||||||
|
|
||||||
|
|
||||||
|
class SecurityServiceTestCase(testtools.TestCase):
|
||||||
|
|
||||||
|
def setUp(self):
|
||||||
|
super(SecurityServiceTestCase, self).setUp()
|
||||||
|
self.conn = mock.Mock()
|
||||||
|
security_file = ('proliantutils/tests/redfish/json_samples/'
|
||||||
|
'security_service.json')
|
||||||
|
with open(security_file) as f:
|
||||||
|
self.json_doc = json.load(f)
|
||||||
|
self.conn.get.return_value.json.return_value = (
|
||||||
|
self.json_doc)
|
||||||
|
|
||||||
|
path = ("/redfish/v1/Mangers/1/SecurityService/")
|
||||||
|
self.sec_serv = security_service.SecurityService(
|
||||||
|
self.conn, path, '1.0.2', None)
|
||||||
|
|
||||||
|
def test__parse_attributes(self):
|
||||||
|
self.sec_serv._parse_attributes(self.json_doc)
|
||||||
|
self.assertEqual('1.0.2', self.sec_serv.redfish_version)
|
|
@ -688,6 +688,8 @@ class RedfishOperationsTestCase(testtools.TestCase):
|
||||||
'The Redfish controller failed to get the supported boot modes.',
|
'The Redfish controller failed to get the supported boot modes.',
|
||||||
self.rf_client.get_supported_boot_mode)
|
self.rf_client.get_supported_boot_mode)
|
||||||
|
|
||||||
|
@mock.patch.object(redfish.RedfishOperations,
|
||||||
|
'_parse_security_dashboard_values_for_capabilities')
|
||||||
@mock.patch.object(common_storage, 'get_drive_rotational_speed_rpm')
|
@mock.patch.object(common_storage, 'get_drive_rotational_speed_rpm')
|
||||||
@mock.patch.object(common_storage, 'has_nvme_ssd')
|
@mock.patch.object(common_storage, 'has_nvme_ssd')
|
||||||
@mock.patch.object(common_storage, 'has_rotational')
|
@mock.patch.object(common_storage, 'has_rotational')
|
||||||
|
@ -696,7 +698,7 @@ class RedfishOperationsTestCase(testtools.TestCase):
|
||||||
@mock.patch.object(redfish.RedfishOperations, '_get_sushy_manager')
|
@mock.patch.object(redfish.RedfishOperations, '_get_sushy_manager')
|
||||||
def test_get_server_capabilities(self, get_manager_mock, get_system_mock,
|
def test_get_server_capabilities(self, get_manager_mock, get_system_mock,
|
||||||
ssd_mock, rotational_mock,
|
ssd_mock, rotational_mock,
|
||||||
nvme_mock, speed_mock):
|
nvme_mock, speed_mock, sec_mock):
|
||||||
type(get_system_mock.return_value.pci_devices).gpu_devices = (
|
type(get_system_mock.return_value.pci_devices).gpu_devices = (
|
||||||
[mock.MagicMock(spec=pci_device.PCIDevice)])
|
[mock.MagicMock(spec=pci_device.PCIDevice)])
|
||||||
type(get_system_mock.return_value.bios_settings).sriov = (
|
type(get_system_mock.return_value.bios_settings).sriov = (
|
||||||
|
@ -740,6 +742,9 @@ class RedfishOperationsTestCase(testtools.TestCase):
|
||||||
type(get_system_mock.return_value.
|
type(get_system_mock.return_value.
|
||||||
smart_storage).logical_raid_levels = (raid_mock)
|
smart_storage).logical_raid_levels = (raid_mock)
|
||||||
speed_mock.return_value = set(['10000', '15000'])
|
speed_mock.return_value = set(['10000', '15000'])
|
||||||
|
sec_mock.return_value = {'overall_security_status': 'Risk',
|
||||||
|
'security_override_switch': 'Ok',
|
||||||
|
'last_firmware_scan_result': 'Ok'}
|
||||||
actual = self.rf_client.get_server_capabilities()
|
actual = self.rf_client.get_server_capabilities()
|
||||||
expected = {'pci_gpu_devices': 1, 'sriov_enabled': 'true',
|
expected = {'pci_gpu_devices': 1, 'sriov_enabled': 'true',
|
||||||
'secure_boot': 'true', 'cpu_vt': 'true',
|
'secure_boot': 'true', 'cpu_vt': 'true',
|
||||||
|
@ -760,9 +765,14 @@ class RedfishOperationsTestCase(testtools.TestCase):
|
||||||
'logical_raid_level_0': 'true',
|
'logical_raid_level_0': 'true',
|
||||||
'logical_raid_level_1': 'true',
|
'logical_raid_level_1': 'true',
|
||||||
'drive_rotational_10000_rpm': 'true',
|
'drive_rotational_10000_rpm': 'true',
|
||||||
'drive_rotational_15000_rpm': 'true'}
|
'drive_rotational_15000_rpm': 'true',
|
||||||
|
'overall_security_status': 'Risk',
|
||||||
|
'security_override_switch': 'Ok',
|
||||||
|
'last_firmware_scan_result': 'Ok'}
|
||||||
self.assertEqual(expected, actual)
|
self.assertEqual(expected, actual)
|
||||||
|
|
||||||
|
@mock.patch.object(redfish.RedfishOperations,
|
||||||
|
'_parse_security_dashboard_values_for_capabilities')
|
||||||
@mock.patch.object(common_storage, 'get_drive_rotational_speed_rpm')
|
@mock.patch.object(common_storage, 'get_drive_rotational_speed_rpm')
|
||||||
@mock.patch.object(common_storage, 'has_nvme_ssd')
|
@mock.patch.object(common_storage, 'has_nvme_ssd')
|
||||||
@mock.patch.object(common_storage, 'has_rotational')
|
@mock.patch.object(common_storage, 'has_rotational')
|
||||||
|
@ -771,7 +781,7 @@ class RedfishOperationsTestCase(testtools.TestCase):
|
||||||
@mock.patch.object(redfish.RedfishOperations, '_get_sushy_manager')
|
@mock.patch.object(redfish.RedfishOperations, '_get_sushy_manager')
|
||||||
def test_get_server_capabilities_optional_capabilities_absent(
|
def test_get_server_capabilities_optional_capabilities_absent(
|
||||||
self, get_manager_mock, get_system_mock, ssd_mock,
|
self, get_manager_mock, get_system_mock, ssd_mock,
|
||||||
rotational_mock, nvme_mock, speed_mock):
|
rotational_mock, nvme_mock, speed_mock, sec_mock):
|
||||||
type(get_system_mock.return_value.pci_devices).gpu_devices = (
|
type(get_system_mock.return_value.pci_devices).gpu_devices = (
|
||||||
[mock.MagicMock(spec=pci_device.PCIDevice)])
|
[mock.MagicMock(spec=pci_device.PCIDevice)])
|
||||||
type(get_system_mock.return_value.bios_settings).sriov = (
|
type(get_system_mock.return_value.bios_settings).sriov = (
|
||||||
|
@ -816,13 +826,19 @@ class RedfishOperationsTestCase(testtools.TestCase):
|
||||||
type(get_system_mock.return_value.
|
type(get_system_mock.return_value.
|
||||||
smart_storage).logical_raid_levels = (raid_mock)
|
smart_storage).logical_raid_levels = (raid_mock)
|
||||||
speed_mock.return_value = set()
|
speed_mock.return_value = set()
|
||||||
|
sec_mock.return_value = {'overall_security_status': 'Risk',
|
||||||
|
'security_override_switch': 'Ok',
|
||||||
|
'last_firmware_scan_result': 'Ok'}
|
||||||
actual = self.rf_client.get_server_capabilities()
|
actual = self.rf_client.get_server_capabilities()
|
||||||
expected = {'pci_gpu_devices': 1,
|
expected = {'pci_gpu_devices': 1,
|
||||||
'rom_firmware_version': 'U31 v1.00 (03/11/2017)',
|
'rom_firmware_version': 'U31 v1.00 (03/11/2017)',
|
||||||
'ilo_firmware_version': 'iLO 5 v1.15',
|
'ilo_firmware_version': 'iLO 5 v1.15',
|
||||||
'nic_capacity': '1Gb',
|
'nic_capacity': '1Gb',
|
||||||
'server_model': 'ProLiant DL180 Gen10',
|
'server_model': 'ProLiant DL180 Gen10',
|
||||||
'boot_mode_bios': 'false', 'boot_mode_uefi': 'true'}
|
'boot_mode_bios': 'false', 'boot_mode_uefi': 'true',
|
||||||
|
'overall_security_status': 'Risk',
|
||||||
|
'security_override_switch': 'Ok',
|
||||||
|
'last_firmware_scan_result': 'Ok'}
|
||||||
self.assertEqual(expected, actual)
|
self.assertEqual(expected, actual)
|
||||||
|
|
||||||
@mock.patch.object(redfish.RedfishOperations, '_get_sushy_system')
|
@mock.patch.object(redfish.RedfishOperations, '_get_sushy_system')
|
||||||
|
@ -2110,3 +2126,64 @@ class RedfishOperationsTestCase(testtools.TestCase):
|
||||||
exception.IloCommandNotSupportedInBiosError,
|
exception.IloCommandNotSupportedInBiosError,
|
||||||
'TLS certificate cannot be removed in BIOS boot mode',
|
'TLS certificate cannot be removed in BIOS boot mode',
|
||||||
self.rf_client.remove_tls_certificate, fp)
|
self.rf_client.remove_tls_certificate, fp)
|
||||||
|
|
||||||
|
@mock.patch.object(redfish.RedfishOperations,
|
||||||
|
'_get_security_dashboard_values')
|
||||||
|
def test__parse_security_dashboard_values_for_capabilities(self, sec_mock):
|
||||||
|
desc1 = ('The Require Login for iLO RBSU setting is disabled. '
|
||||||
|
'This configuration allows unauthenticated iLO access '
|
||||||
|
'through the UEFI System Utilities.')
|
||||||
|
act1 = ('Enable the Require Login for iLO RBSU setting.')
|
||||||
|
desc2 = ('The Password Complexity setting is disabled. This '
|
||||||
|
'configuration increases system vulnerability to attack.')
|
||||||
|
act2 = ('Enable the "Password Complexity" setting.')
|
||||||
|
desc3 = ('The UEFI Secure Boot setting is disabled. In this '
|
||||||
|
'configuration, the UEFI system firmware does not '
|
||||||
|
'validate the boot loader, Option ROM firmware, and '
|
||||||
|
'other system software executables for trusted signatures. '
|
||||||
|
'This configuration breaks the chain of trust established by '
|
||||||
|
'iLO from power-on')
|
||||||
|
act3 = ('Enable the Secure Boot setting in the UEFI System Utilities.')
|
||||||
|
s = {'server_configuration_lock_status': 'Disabled',
|
||||||
|
'overall_security_status': 'Risk',
|
||||||
|
'security_parameters':
|
||||||
|
{'Require Host Authentication': {'ignore': False,
|
||||||
|
'security_status': 'Ok',
|
||||||
|
'state': 'Disabled'},
|
||||||
|
'Last Firmware Scan Result': {'ignore': False,
|
||||||
|
'security_status': 'Ok',
|
||||||
|
'state': 'Ok'},
|
||||||
|
'Require Login for iLO RBSU': {'ignore': False,
|
||||||
|
'security_status': 'Risk',
|
||||||
|
'description': desc1,
|
||||||
|
'state': 'Disabled',
|
||||||
|
'recommended_action': act1},
|
||||||
|
'Authentication Failure Logging': {'ignore': False,
|
||||||
|
'security_status': 'Ok',
|
||||||
|
'state': 'Enabled'},
|
||||||
|
'Password Complexity': {'ignore': False,
|
||||||
|
'security_status': 'Risk',
|
||||||
|
'description': desc2,
|
||||||
|
'state': 'Disabled',
|
||||||
|
'recommended_action': act2},
|
||||||
|
'IPMI/DCMI Over LAN': {'ignore': False,
|
||||||
|
'security_status': 'Ok',
|
||||||
|
'state': 'Disabled'},
|
||||||
|
'Security Override Switch': {'ignore': False,
|
||||||
|
'security_status': 'Ok',
|
||||||
|
'state': 'Off'},
|
||||||
|
'Minimum Password Length': {'ignore': False,
|
||||||
|
'security_status': 'Ok',
|
||||||
|
'state': 'Ok'},
|
||||||
|
'Secure Boot': {'ignore': False,
|
||||||
|
'security_status': 'Risk',
|
||||||
|
'description': desc3,
|
||||||
|
'state': 'Disabled',
|
||||||
|
'recommended_action': act3}}}
|
||||||
|
sec_mock.return_value = s
|
||||||
|
expected = {'last_firmware_scan_result': 'Ok',
|
||||||
|
'overall_security_status': 'Risk',
|
||||||
|
'security_override_switch': 'Ok'}
|
||||||
|
actual = (
|
||||||
|
self.rf_client._parse_security_dashboard_values_for_capabilities())
|
||||||
|
self.assertEqual(expected, actual)
|
||||||
|
|
Loading…
Reference in New Issue