Merge "Adds changes for security_dasboard clean_step"
This commit is contained in:
commit
2be2d0e18d
|
@ -227,3 +227,8 @@ class RedfishError(ProliantUtilsException):
|
|||
class MissingAttributeError(RedfishError):
|
||||
message = ('The attribute %(attribute)s is missing from the '
|
||||
'resource %(resource)s')
|
||||
|
||||
|
||||
class InvalidParameterValueError(RedfishError):
|
||||
message = ('The parameter "%(parameter)s" value "%(value)s" is invalid. '
|
||||
'Valid values are: %(valid_values)s')
|
||||
|
|
|
@ -124,7 +124,15 @@ SUPPORTED_REDFISH_METHODS = [
|
|||
'set_http_boot_url',
|
||||
'get_http_boot_url',
|
||||
'add_tls_certificate',
|
||||
'remove_tls_certificate'
|
||||
'remove_tls_certificate',
|
||||
'get_security_dashboard_values',
|
||||
'update_password_complexity',
|
||||
'update_require_login_for_ilo_rbsu',
|
||||
'update_require_host_authentication',
|
||||
'update_minimum_password_length',
|
||||
'update_ipmi_over_lan',
|
||||
'update_authentication_failure_logging',
|
||||
'update_secure_boot'
|
||||
]
|
||||
|
||||
LOG = log.get_logger(__name__)
|
||||
|
@ -912,3 +920,112 @@ class IloClient(operations.IloOperations):
|
|||
:raises: IloError, on an error from iLO.
|
||||
"""
|
||||
return self._call_method('remove_tls_certificate', cert_file_list)
|
||||
|
||||
def get_security_dashboard_values(self):
|
||||
"""Gets all the parameters related to security dashboard.
|
||||
|
||||
:return: a dictionary of the security dashboard values
|
||||
with their security status and security parameters
|
||||
with their complete details and security status.
|
||||
:raises: IloError, if security dashboard or their params
|
||||
not found or on an error from iLO.
|
||||
"""
|
||||
return self._call_method('get_security_dashboard_values')
|
||||
|
||||
def update_password_complexity(self, enable=True, ignore=False):
|
||||
"""Update the Password_Complexity security param.
|
||||
|
||||
:param enable: A boolean param, True when Password_Complexity needs
|
||||
to be enabled. If passed False, Password_Complexity security
|
||||
param will be disabled. If nothing passed default will be True.
|
||||
:param ignore : A boolean param, True when Password_Complexity needs
|
||||
to be ignored. If passed False, Password_Complexity security
|
||||
param will not be ignored. If nothing passed default will be
|
||||
False.
|
||||
:raises: IloError, on an error from iLO.
|
||||
"""
|
||||
return self._call_method('update_password_complexity', enable, ignore)
|
||||
|
||||
def update_require_login_for_ilo_rbsu(self, enable=True, ignore=False):
|
||||
"""Update the RequiredLoginForiLORBSU security param.
|
||||
|
||||
:param enable: A boolean param, True when RequiredLoginForiLORBSU
|
||||
needs to be enabled. If passed False, RequiredLoginForiLORBSU
|
||||
security param will be disabled. If nothing passed default
|
||||
will be True.
|
||||
:param ignore : A boolean param, True when RequiredLoginForiLORBSU
|
||||
needs to be ignored. If passed False, RequiredLoginForiLORBSU
|
||||
security param will not be ignored. If nothing passed default
|
||||
will be False.
|
||||
:raises: IloError, on an error from iLO.
|
||||
"""
|
||||
return self._call_method('update_require_login_for_ilo_rbsu',
|
||||
enable, ignore)
|
||||
|
||||
def update_require_host_authentication(self, enable=True, ignore=False):
|
||||
"""Update the RequireHostAuthentication security param.
|
||||
|
||||
:param enable: A boolean param, True when RequireHostAuthentication
|
||||
needs to be enabled. If passed False, RequireHostAuthentication
|
||||
security param will be disabled. If nothing passed
|
||||
default will be True.
|
||||
:param ignore : A boolean param, True when RequireHostAuthentication
|
||||
needs to be ignored. If passed False, RequireHostAuthentication
|
||||
security param will not be ignored. If nothing passed
|
||||
default will be False.
|
||||
:raises: IloError, on an error from iLO.
|
||||
"""
|
||||
return self._call_method('update_require_host_authentication',
|
||||
enable, ignore)
|
||||
|
||||
def update_minimum_password_length(self, passwd_length=None, ignore=False):
|
||||
"""Update the MinPasswordLength security param.
|
||||
|
||||
:param passwd_length: Minimum length of password used. If nothing
|
||||
passed default will be None.
|
||||
:param ignore : A boolean param, True when MinPasswordLength needs to
|
||||
be ignored. If passed False, MinPasswordLength security param
|
||||
will not be ignored. If nothing passed default will be False.
|
||||
"""
|
||||
return self._call_method('update_minimum_password_length',
|
||||
passwd_length, ignore)
|
||||
|
||||
def update_ipmi_over_lan(self, enable=False, ignore=False):
|
||||
"""Update the IPMI/DCMI_Over_LAN security param.
|
||||
|
||||
:param enable: A boolean param, True when IPMI/DCMI_Over_LAN needs to
|
||||
be enabled. If passed False, IPMI/DCMI_Over_LAN security param
|
||||
will be disabled. If nothing passed default will be False.
|
||||
:param ignore : A boolean param, True when IPMI/DCMI_Over_LAN needs to
|
||||
be ignored. If passed False, IPMI/DCMI_Over_LAN security param
|
||||
will not be ignored. If nothing passed default will be False.
|
||||
:raises: IloError, on an error from iLO.
|
||||
"""
|
||||
return self._call_method('update_ipmi_over_lan', enable, ignore)
|
||||
|
||||
def update_authentication_failure_logging(self, logging_threshold=None,
|
||||
ignore=False):
|
||||
"""Update the Authentication_failure_Logging security param.
|
||||
|
||||
:param logging_threshold: Value of authenication failure logging
|
||||
threshold. If nothing passed default will be None.
|
||||
:param ignore : A boolean param, True when
|
||||
Authentication_failure_Logging needs to be ignored. If passed
|
||||
False, Authentication_failure_Logging security param will not
|
||||
be ignored. If nothing passed default will be False.
|
||||
:raises: IloError, on an error from iLO.
|
||||
"""
|
||||
return self._call_method('update_authentication_failure_logging',
|
||||
logging_threshold, ignore)
|
||||
|
||||
def update_secure_boot(self, enable=True, ignore=False):
|
||||
"""Update Secure_Boot security param on the server.
|
||||
|
||||
:param enable: A boolean param, True when Secure_Boot needs to be
|
||||
enabled. If passed False, Secure_Boot security param will
|
||||
be disabled. If nothing passed default will be True.
|
||||
:param ignore : A boolean param, True when Secure_boot needs to be
|
||||
ignored. If passed False, Secure_boot security param will
|
||||
not be ignored. If nothing passed default will be False.
|
||||
"""
|
||||
return self._call_method('update_secure_boot', enable, ignore)
|
||||
|
|
|
@ -680,7 +680,204 @@ class RedfishOperations(operations.IloOperations):
|
|||
LOG.debug(msg)
|
||||
raise exception.IloError(msg)
|
||||
|
||||
def _get_security_dashboard_values(self):
|
||||
def _update_security_parameter(self, sec_param, ignore=False):
|
||||
"""Sets the ignore flag for the security parameter.
|
||||
|
||||
:param sec_param: Name of the security parameter.
|
||||
:param ignore : True when security parameter needs to be ignored.
|
||||
If passed False, security param will not be ignored.
|
||||
If nothing passed default will be False.
|
||||
"""
|
||||
sushy_manager = self._get_sushy_manager(PROLIANT_MANAGER_ID)
|
||||
try:
|
||||
security_params = (
|
||||
sushy_manager.securityservice.securityparamscollectionuri)
|
||||
param_members = security_params.get_members()
|
||||
for param in param_members:
|
||||
if sec_param in param.name:
|
||||
param.update_security_param_ignore_status(ignore)
|
||||
break
|
||||
else:
|
||||
msg = (self._('Specified parameter "%(param)s" is not '
|
||||
'a Security Dashboard Parameter.') %
|
||||
{'param': sec_param})
|
||||
raise exception.IloInvalidInputError(msg)
|
||||
except sushy.exceptions.SushyError as e:
|
||||
msg = (self._("The Redfish controller is unable to update "
|
||||
"resource or its member. Error "
|
||||
"%(error)s)") % {'error': str(e)})
|
||||
LOG.debug(msg)
|
||||
raise exception.IloError(msg)
|
||||
|
||||
def update_password_complexity(self, enable=True, ignore=False):
|
||||
"""Update the Password_Complexity security param.
|
||||
|
||||
:param enable: A boolean param, True when Password_Complexity needs
|
||||
to be enabled. If passed False, Password_Complexity security
|
||||
param will be disabled. If nothing passed default will be True.
|
||||
:param ignore : A boolean param, True when Password_Complexity needs
|
||||
to be ignored. If passed False, Password_Complexity security
|
||||
param will not be ignored. If nothing passed default will be
|
||||
False.
|
||||
:raises: IloError, on an error from iLO.
|
||||
"""
|
||||
acc_service = self._sushy.get_account_service()
|
||||
try:
|
||||
self._update_security_parameter(sec_param="Password Complexity",
|
||||
ignore=ignore)
|
||||
acc_service.update_enforce_passwd_complexity(enable)
|
||||
except sushy.exceptions.SushyError as e:
|
||||
msg = (self._('The Redfish controller failed to update the '
|
||||
'security dashboard parameter '
|
||||
'``Password_Complexity``. '
|
||||
'Error %(error)s') % {'error': str(e)})
|
||||
LOG.debug(msg)
|
||||
raise exception.IloError(msg)
|
||||
|
||||
def update_require_login_for_ilo_rbsu(self, enable=True, ignore=False):
|
||||
"""Update the RequiredLoginForiLORBSU security param.
|
||||
|
||||
:param enable: A boolean param, True when RequiredLoginForiLORBSU
|
||||
needs to be enabled. If passed False, RequiredLoginForiLORBSU
|
||||
security param will be disabled. If nothing passed default
|
||||
will be True.
|
||||
:param ignore : A boolean param, True when RequiredLoginForiLORBSU
|
||||
needs to be ignored. If passed False, RequiredLoginForiLORBSU
|
||||
security param will not be ignored. If nothing passed default
|
||||
will be False.
|
||||
:raises: IloError, on an error from iLO.
|
||||
"""
|
||||
sushy_manager = self._get_sushy_manager(PROLIANT_MANAGER_ID)
|
||||
try:
|
||||
self._update_security_parameter(sec_param="Require Login",
|
||||
ignore=ignore)
|
||||
sushy_manager.update_login_for_ilo_rbsu(enable)
|
||||
except sushy.exceptions.SushyError as e:
|
||||
msg = (self._('The Redfish controller failed to update the '
|
||||
'security dashboard parameter '
|
||||
'``RequiredLoginForiLORBSU``. '
|
||||
'Error %(error)s') % {'error': str(e)})
|
||||
LOG.debug(msg)
|
||||
raise exception.IloError(msg)
|
||||
|
||||
def update_require_host_authentication(self, enable=True, ignore=False):
|
||||
"""Update the RequireHostAuthentication security param.
|
||||
|
||||
:param enable: A boolean param, True when RequireHostAuthentication
|
||||
needs to be enabled. If passed False, RequireHostAuthentication
|
||||
security param will be disabled. If nothing passed
|
||||
default will be True.
|
||||
:param ignore : A boolean param, True when RequireHostAuthentication
|
||||
needs to be ignored. If passed False, RequireHostAuthentication
|
||||
security param will not be ignored. If nothing passed
|
||||
default will be False.
|
||||
:raises: IloError, on an error from iLO.
|
||||
"""
|
||||
sushy_manager = self._get_sushy_manager(PROLIANT_MANAGER_ID)
|
||||
try:
|
||||
self._update_security_parameter(sec_param="Host Authentication",
|
||||
ignore=ignore)
|
||||
sushy_manager.update_host_authentication(enable)
|
||||
except sushy.exceptions.SushyError as e:
|
||||
msg = (self._('The Redfish controller failed to update the '
|
||||
'security dashboard paramater '
|
||||
'``RequireHostAuthentication``. '
|
||||
'Error %(error)s') % {'error': str(e)})
|
||||
LOG.debug(msg)
|
||||
raise exception.IloError(msg)
|
||||
|
||||
def update_minimum_password_length(self, passwd_length=None, ignore=False):
|
||||
"""Update the MinPasswordLength security param.
|
||||
|
||||
:param passwd_length: Minimum lenght of password used. If nothing
|
||||
passed default will be None.
|
||||
:param ignore : A boolean param, True when MinPasswordLength needs to
|
||||
be ignored. If passed False, MinPasswordLength security param
|
||||
will not be ignored. If nothing passed default will be False.
|
||||
"""
|
||||
acc_service = self._sushy.get_account_service()
|
||||
try:
|
||||
self._update_security_parameter(sec_param="Minimum",
|
||||
ignore=ignore)
|
||||
acc_service.update_min_passwd_length(passwd_length)
|
||||
except sushy.exceptions.SushyError as e:
|
||||
msg = (self._('The Redfish controller failed to update the '
|
||||
'security dashboard paramater '
|
||||
'``MinPasswordLength``. '
|
||||
'Error %(error)s') % {'error': str(e)})
|
||||
LOG.debug(msg)
|
||||
raise exception.IloError(msg)
|
||||
|
||||
def update_ipmi_over_lan(self, enable=False, ignore=False):
|
||||
"""Update the IPMI/DCMI_Over_LAN security param.
|
||||
|
||||
:param enable: A boolean param, True when IPMI/DCMI_Over_LAN needs to
|
||||
be enabled. If passed False, IPMI/DCMI_Over_LAN security param
|
||||
will be disabled. If nothing passed default will be False.
|
||||
:param ignore : A boolean param, True when IPMI/DCMI_Over_LAN needs to
|
||||
be ignored. If passed False, IPMI/DCMI_Over_LAN security param
|
||||
will not be ignored. If nothing passed default will be False.
|
||||
:raises: IloError, on an error from iLO.
|
||||
"""
|
||||
sushy_manager = self._get_sushy_manager(PROLIANT_MANAGER_ID)
|
||||
try:
|
||||
self._update_security_parameter(sec_param="IPMI", ignore=ignore)
|
||||
sushy_manager.networkprotocol.update_ipmi_enabled(enable)
|
||||
except sushy.exceptions.SushyError as e:
|
||||
msg = (self._('The Redfish controller failed to update the '
|
||||
'security dashboard paramater '
|
||||
'``IPMI/DCMI_Over_LAN``. '
|
||||
'Error %(error)s') % {'error': str(e)})
|
||||
LOG.debug(msg)
|
||||
raise exception.IloError(msg)
|
||||
|
||||
def update_authentication_failure_logging(self, logging_threshold=None,
|
||||
ignore=False):
|
||||
"""Update the Authentication_failure_Logging security param.
|
||||
|
||||
:param logging_threshold: Value of authenication failure logging
|
||||
threshold. If nothing passed default will be None.
|
||||
:param ignore : A boolean param, True when
|
||||
Authentication_failure_Logging needs to be ignored. If passed
|
||||
False, Authentication_failure_Logging security param will not
|
||||
be ignored. If nothing passed default will be False.
|
||||
:raises: IloError, on an error from iLO.
|
||||
"""
|
||||
acc_service = self._sushy.get_account_service()
|
||||
try:
|
||||
self._update_security_parameter(sec_param="Failure Logging",
|
||||
ignore=ignore)
|
||||
acc_service.update_auth_failure_logging(logging_threshold)
|
||||
except sushy.exceptions.SushyError as e:
|
||||
msg = (self._('The Redfish controller failed to update the '
|
||||
'security dashboard paramater '
|
||||
'``Authentication_failure_Logging``. '
|
||||
'Error %(error)s') % {'error': str(e)})
|
||||
LOG.debug(msg)
|
||||
raise exception.IloError(msg)
|
||||
|
||||
def update_secure_boot(self, enable=True, ignore=False):
|
||||
"""Update Secure_Boot security param on the server.
|
||||
|
||||
:param enable: A boolean param, True when Secure_Boot needs to be
|
||||
enabled. If passed False, Secure_Boot security param will
|
||||
be disabled. If nothing passed default will be True.
|
||||
:param ignore : A boolean param, True when Secure_boot needs to be
|
||||
ignored. If passed False, Secure_boot security param will
|
||||
not be ignored. If nothing passed default will be False.
|
||||
"""
|
||||
try:
|
||||
self._update_security_parameter(sec_param="Secure Boot",
|
||||
ignore=ignore)
|
||||
self.set_secure_boot_mode(enable)
|
||||
except sushy.exceptions.SushyError as e:
|
||||
msg = (self._('The Redfish controller failed to update the '
|
||||
'security dashboard paramater ``Secure_boot``. '
|
||||
'Error %(error)s') % {'error': str(e)})
|
||||
LOG.debug(msg)
|
||||
raise exception.IloError(msg)
|
||||
|
||||
def get_security_dashboard_values(self):
|
||||
"""Gets all the parameters related to security dashboard.
|
||||
|
||||
:return: a dictionary of the security dashboard values
|
||||
|
@ -692,7 +889,6 @@ class RedfishOperations(operations.IloOperations):
|
|||
sec_capabilities = {}
|
||||
sushy_manager = self._get_sushy_manager(PROLIANT_MANAGER_ID)
|
||||
try:
|
||||
|
||||
security_dashboard = (
|
||||
sushy_manager.securityservice.securitydashboard)
|
||||
security_params = (
|
||||
|
@ -732,7 +928,7 @@ class RedfishOperations(operations.IloOperations):
|
|||
:returns: a dictionary of only those security parameters and their
|
||||
security status which are applicable for ironic.
|
||||
"""
|
||||
values = self._get_security_dashboard_values()
|
||||
values = self.get_security_dashboard_values()
|
||||
ironic_sec_capabilities = {}
|
||||
ironic_sec_capabilities.update(
|
||||
{'overall_security_status': values.get('overall_security_status')})
|
||||
|
|
|
@ -15,9 +15,13 @@
|
|||
from sushy.resources import base
|
||||
from sushy import utils as sushy_utils
|
||||
|
||||
from proliantutils import exception
|
||||
from proliantutils.redfish.resources.account_service import account
|
||||
from proliantutils.redfish import utils
|
||||
|
||||
DEFAULT_PASSWORD_LENGTH = 8
|
||||
DEFAULT_AUTH_FAIL_LOGGING = 1
|
||||
|
||||
|
||||
class HPEAccountService(base.ResourceBase):
|
||||
"""Class that extends the functionality of AccountService resource class
|
||||
|
@ -25,6 +29,9 @@ class HPEAccountService(base.ResourceBase):
|
|||
This class extends the functionality of Account resource class
|
||||
from sushy
|
||||
"""
|
||||
min_passwd_length = base.Field(["Oem", "Hpe", "MinPasswordLength"])
|
||||
enforce_passwd_complexity = base.Field(
|
||||
["Oem", "Hpe", "EnforcePasswordComplexity"])
|
||||
|
||||
@property
|
||||
@sushy_utils.cache_it
|
||||
|
@ -33,3 +40,36 @@ class HPEAccountService(base.ResourceBase):
|
|||
return account.HPEAccountCollection(
|
||||
self._conn, utils.get_subresource_path_by(self, 'Accounts'),
|
||||
redfish_version=self.redfish_version)
|
||||
|
||||
def update_min_passwd_length(self, passwd_length):
|
||||
if passwd_length is None:
|
||||
passwd_length = DEFAULT_PASSWORD_LENGTH
|
||||
valid_lengths = list(range(40))
|
||||
if (passwd_length not in valid_lengths):
|
||||
raise exception.InvalidParameterValueError(
|
||||
parameter='MinPasswordLength', value=passwd_length,
|
||||
valid_values='0 to 39')
|
||||
p_data = {"Oem": {"Hpe": {"MinPasswordLength": passwd_length}}}
|
||||
self._conn.patch(self.path, data=p_data)
|
||||
|
||||
def update_enforce_passwd_complexity(self, enable):
|
||||
if not isinstance(enable, bool):
|
||||
msg = ('The parameter "%(parameter)s" value "%(value)s" is '
|
||||
'invalid. Valid values are: True/False.' %
|
||||
{'parameter': 'enable', 'value': enable})
|
||||
raise exception.InvalidInputError(msg)
|
||||
|
||||
data = {"Oem": {"Hpe": {"EnforcePasswordComplexity": enable}}}
|
||||
self._conn.patch(self.path, data=data)
|
||||
|
||||
def update_auth_failure_logging(self, logging_threshold):
|
||||
if logging_threshold is None:
|
||||
logging_threshold = DEFAULT_AUTH_FAIL_LOGGING
|
||||
valid_values = [0, 1, 2, 3, 5]
|
||||
if (logging_threshold not in valid_values):
|
||||
raise exception.InvalidParameterValueError(
|
||||
parameter='AuthFailureLoggingThreshold',
|
||||
value=logging_threshold, valid_values=valid_values)
|
||||
p_data = {"Oem": {"Hpe": {
|
||||
"AuthFailureLoggingThreshold": logging_threshold}}}
|
||||
self._conn.patch(self.path, data=p_data)
|
||||
|
|
|
@ -14,9 +14,12 @@
|
|||
|
||||
__author__ = 'HPE'
|
||||
|
||||
from sushy.resources import base
|
||||
from sushy.resources.manager import manager
|
||||
from sushy import utils as sushy_utils
|
||||
|
||||
from proliantutils import exception
|
||||
from proliantutils.redfish.resources.manager import network_protocol
|
||||
from proliantutils.redfish.resources.manager import security_service
|
||||
from proliantutils.redfish.resources.manager import virtual_media
|
||||
from proliantutils.redfish import utils
|
||||
|
@ -28,6 +31,10 @@ class HPEManager(manager.Manager):
|
|||
This class extends the functionality of Manager resource class
|
||||
from sushy
|
||||
"""
|
||||
required_login_foriLORBSU = base.Field(
|
||||
["Oem", "Hpe", "RequiredLoginForiLORBSU"])
|
||||
require_host_authentication = base.Field(
|
||||
["Oem", "Hpe", "RequireHostAuthentication"])
|
||||
|
||||
def set_license(self, key):
|
||||
"""Set the license on a redfish system
|
||||
|
@ -58,3 +65,30 @@ class HPEManager(manager.Manager):
|
|||
self._conn, utils.get_subresource_path_by(
|
||||
self, ['Oem', 'Hpe', 'Links', 'SecurityService']),
|
||||
redfish_version=self.redfish_version)
|
||||
|
||||
@property
|
||||
@sushy_utils.cache_it
|
||||
def networkprotocol(self):
|
||||
return network_protocol.NetworkProtocol(
|
||||
self._conn, utils.get_subresource_path_by(self, 'NetworkProtocol'),
|
||||
redfish_version=self.redfish_version)
|
||||
|
||||
def update_login_for_ilo_rbsu(self, enable):
|
||||
if not isinstance(enable, bool):
|
||||
msg = ('The parameter "%(parameter)s" value "%(value)s" is '
|
||||
'invalid. Valid values are: True/False.' %
|
||||
{'parameter': 'enable', 'value': enable})
|
||||
raise exception.InvalidInputError(msg)
|
||||
|
||||
data = {"Oem": {"Hpe": {"RequiredLoginForiLORBSU": enable}}}
|
||||
self._conn.patch(self.path, data=data)
|
||||
|
||||
def update_host_authentication(self, enable):
|
||||
if not isinstance(enable, bool):
|
||||
msg = ('The parameter "%(parameter)s" value "%(value)s" is '
|
||||
'invalid. Valid values are: True/False.' %
|
||||
{'parameter': 'enable', 'value': enable})
|
||||
raise exception.InvalidInputError(msg)
|
||||
|
||||
data = {"Oem": {"Hpe": {"RequireHostAuthentication": enable}}}
|
||||
self._conn.patch(self.path, data=data)
|
||||
|
|
|
@ -0,0 +1,45 @@
|
|||
# Copyright 2021 Hewlett Packard Enterprise Development LP
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
__author__ = 'HPE'
|
||||
|
||||
from sushy.resources import base
|
||||
|
||||
from proliantutils import exception
|
||||
from proliantutils import log
|
||||
|
||||
|
||||
LOG = log.get_logger(__name__)
|
||||
|
||||
|
||||
class NetworkProtocol(base.ResourceBase):
|
||||
|
||||
identity = base.Field('Id', required=True)
|
||||
"""The identity for the instance."""
|
||||
|
||||
name = base.Field("Name")
|
||||
"""Name of the service"""
|
||||
|
||||
ipmi_enabled = base.Field(["IPMI", "ProtocolEnabled"])
|
||||
"""True if IPMI network protocol is enabled else False"""
|
||||
|
||||
def update_ipmi_enabled(self, enable):
|
||||
if not isinstance(enable, bool):
|
||||
msg = ('The parameter "%(parameter)s" value "%(value)s" is '
|
||||
'invalid. Valid values are: True/False.' %
|
||||
{'parameter': 'enable', 'value': enable})
|
||||
raise exception.InvalidInputError(msg)
|
||||
|
||||
ipmi_data = {"IPMI": {"ProtocolEnabled": enable}}
|
||||
self._conn.patch(self.path, data=ipmi_data)
|
|
@ -16,6 +16,7 @@ __author__ = 'HPE'
|
|||
|
||||
from sushy.resources import base
|
||||
|
||||
from proliantutils import exception
|
||||
from proliantutils import log
|
||||
|
||||
LOG = log.get_logger(__name__)
|
||||
|
@ -35,6 +36,15 @@ class SecurityParams(base.ResourceBase):
|
|||
description = base.Field('Description')
|
||||
recommended_action = base.Field('RecommendedAction')
|
||||
|
||||
def update_security_param_ignore_status(self, ignore):
|
||||
if not isinstance(ignore, bool):
|
||||
msg = ('The parameter "%(parameter)s" value "%(value)s" is '
|
||||
'invalid. Valid values are: True/False.' %
|
||||
{'parameter': 'ignore', 'value': ignore})
|
||||
raise exception.InvalidInputError(msg)
|
||||
data = {"Ignore": ignore}
|
||||
self._conn.patch(self.path, data=data)
|
||||
|
||||
|
||||
class SecurityParamsCollection(base.ResourceCollectionBase):
|
||||
|
||||
|
|
|
@ -67,3 +67,21 @@ class HPEAccountServiceTestCase(testtools.TestCase):
|
|||
self.assertIsInstance(self.acc_inst.accounts,
|
||||
account.HPEAccountCollection)
|
||||
self.assertFalse(accounts._is_stale)
|
||||
|
||||
def test_update_min_passwd_length(self):
|
||||
self.acc_inst.update_min_passwd_length(passwd_length=10)
|
||||
data = {"Oem": {"Hpe": {"MinPasswordLength": 10}}}
|
||||
self.acc_inst._conn.patch.assert_called_once_with(
|
||||
'/redfish/v1/AccountService', data=data)
|
||||
|
||||
def test_update_enforce_passwd_complexity(self):
|
||||
self.acc_inst.update_enforce_passwd_complexity(enable=True)
|
||||
data = {"Oem": {"Hpe": {"EnforcePasswordComplexity": True}}}
|
||||
self.acc_inst._conn.patch.assert_called_once_with(
|
||||
'/redfish/v1/AccountService', data=data)
|
||||
|
||||
def test_update_auth_failure_logging(self):
|
||||
self.acc_inst.update_auth_failure_logging(logging_threshold=2)
|
||||
data = {"Oem": {"Hpe": {"AuthFailureLoggingThreshold": 2}}}
|
||||
self.acc_inst._conn.patch.assert_called_once_with(
|
||||
'/redfish/v1/AccountService', data=data)
|
||||
|
|
|
@ -85,3 +85,15 @@ class HPEManagerTestCase(testtools.TestCase):
|
|||
self.assertIsInstance(self.mgr_inst.virtual_media,
|
||||
virtual_media.VirtualMediaCollection)
|
||||
self.assertFalse(actual_vmedia._is_stale)
|
||||
|
||||
def test_update_login_for_ilo_rbsu(self):
|
||||
self.mgr_inst.update_login_for_ilo_rbsu(enable=True)
|
||||
data = {"Oem": {"Hpe": {"RequiredLoginForiLORBSU": True}}}
|
||||
self.mgr_inst._conn.patch.assert_called_once_with(
|
||||
'/redfish/v1/Managers/1', data=data)
|
||||
|
||||
def test_update_host_authentication(self):
|
||||
self.mgr_inst.update_host_authentication(enable=True)
|
||||
data = {"Oem": {"Hpe": {"RequireHostAuthentication": True}}}
|
||||
self.mgr_inst._conn.patch.assert_called_once_with(
|
||||
'/redfish/v1/Managers/1', data=data)
|
||||
|
|
|
@ -45,6 +45,14 @@ class SecurityParamsTestCase(testtools.TestCase):
|
|||
self.assertEqual("Ok", self.sec_param.status)
|
||||
self.assertEqual("Off", self.sec_param.state)
|
||||
|
||||
def test_update_security_param_ignore_status(self):
|
||||
self.sec_param.update_security_param_ignore_status(ignore=False)
|
||||
data = {"Ignore": False}
|
||||
target_uri = ('/redfish/v1/Mangers/1/SecurityService/'
|
||||
'SecurityDashboard/SecurityParams')
|
||||
self.sec_param._conn.patch.assert_called_once_with(
|
||||
target_uri, data=data)
|
||||
|
||||
|
||||
class SecurityParamsCollectionTestCase(testtools.TestCase):
|
||||
|
||||
|
|
|
@ -2368,7 +2368,142 @@ class RedfishOperationsTestCase(testtools.TestCase):
|
|||
load_cert_mock.assert_not_called()
|
||||
|
||||
@mock.patch.object(redfish.RedfishOperations,
|
||||
'_get_security_dashboard_values')
|
||||
'_update_security_parameter')
|
||||
@mock.patch.object(main.HPESushy, 'get_account_service')
|
||||
def test_update_password_complexity(self, account_mock, secure_mock):
|
||||
self.rf_client.update_password_complexity()
|
||||
(self.sushy.get_account_service.return_value.
|
||||
update_enforce_passwd_complexity.assert_called_once_with(True))
|
||||
|
||||
@mock.patch.object(redfish.RedfishOperations,
|
||||
'_update_security_parameter')
|
||||
@mock.patch.object(main.HPESushy, 'get_account_service')
|
||||
def test_update_password_complexity_fail(self, account_mock,
|
||||
secure_mock):
|
||||
(self.sushy.get_account_service.return_value.
|
||||
update_enforce_passwd_complexity.
|
||||
side_effect) = sushy.exceptions.SushyError
|
||||
|
||||
self.assertRaisesRegex(
|
||||
exception.IloError,
|
||||
'The Redfish controller failed to update the security dashboard '
|
||||
'parameter ``Password_Complexity``.',
|
||||
self.rf_client.update_password_complexity)
|
||||
|
||||
@mock.patch.object(redfish.RedfishOperations,
|
||||
'_update_security_parameter')
|
||||
@mock.patch.object(redfish.RedfishOperations, '_get_sushy_manager')
|
||||
def test_update_require_login_for_ilo_rbsu(self, manager_mock,
|
||||
secure_mock):
|
||||
self.rf_client.update_require_login_for_ilo_rbsu()
|
||||
(manager_mock.return_value.update_login_for_ilo_rbsu.
|
||||
assert_called_once_with(True))
|
||||
|
||||
@mock.patch.object(redfish.RedfishOperations,
|
||||
'_update_security_parameter')
|
||||
@mock.patch.object(redfish.RedfishOperations, '_get_sushy_manager')
|
||||
def test_update_require_login_for_ilo_rbsu_fail(self, manager_mock,
|
||||
secure_mock):
|
||||
(manager_mock.return_value.update_login_for_ilo_rbsu.
|
||||
side_effect) = sushy.exceptions.SushyError
|
||||
|
||||
msg = ("The Redfish controller failed to update the security dashboard"
|
||||
" parameter ``RequiredLoginForiLORBSU``.")
|
||||
self.assertRaisesRegex(
|
||||
exception.IloError, msg,
|
||||
self.rf_client.update_require_login_for_ilo_rbsu)
|
||||
|
||||
@mock.patch.object(redfish.RedfishOperations,
|
||||
'_update_security_parameter')
|
||||
@mock.patch.object(redfish.RedfishOperations, '_get_sushy_manager')
|
||||
def test_update_require_host_authentication(self, manager_mock,
|
||||
secure_mock):
|
||||
self.rf_client.update_require_host_authentication()
|
||||
(manager_mock.return_value.update_host_authentication.
|
||||
assert_called_once_with(True))
|
||||
|
||||
@mock.patch.object(redfish.RedfishOperations,
|
||||
'_update_security_parameter')
|
||||
@mock.patch.object(redfish.RedfishOperations, '_get_sushy_manager')
|
||||
def test_update_require_host_authentication_fail(self, manager_mock,
|
||||
secure_mock):
|
||||
(manager_mock.return_value.update_host_authentication.
|
||||
side_effect) = sushy.exceptions.SushyError
|
||||
|
||||
msg = ("The Redfish controller failed to update the "
|
||||
"security dashboard paramater ``RequireHostAuthentication``.")
|
||||
self.assertRaisesRegex(
|
||||
exception.IloError, msg,
|
||||
self.rf_client.update_require_host_authentication)
|
||||
|
||||
@mock.patch.object(redfish.RedfishOperations,
|
||||
'_update_security_parameter')
|
||||
@mock.patch.object(main.HPESushy, 'get_account_service')
|
||||
def test_update_minimum_password_length(self, account_mock, secure_mock):
|
||||
self.rf_client.update_minimum_password_length(passwd_length=10)
|
||||
(self.sushy.get_account_service.return_value.
|
||||
update_min_passwd_length.assert_called_once_with(10))
|
||||
|
||||
@mock.patch.object(redfish.RedfishOperations,
|
||||
'_update_security_parameter')
|
||||
@mock.patch.object(main.HPESushy, 'get_account_service')
|
||||
def test_update_minimum_password_length_fail(self, account_mock,
|
||||
secure_mock):
|
||||
(self.sushy.get_account_service.return_value.
|
||||
update_min_passwd_length.side_effect) = sushy.exceptions.SushyError
|
||||
|
||||
msg = ("The Redfish controller failed to update the "
|
||||
"security dashboard paramater ``MinPasswordLength``.")
|
||||
self.assertRaisesRegex(
|
||||
exception.IloError, msg,
|
||||
self.rf_client.update_minimum_password_length)
|
||||
|
||||
@mock.patch.object(redfish.RedfishOperations,
|
||||
'_update_security_parameter')
|
||||
@mock.patch.object(redfish.RedfishOperations, '_get_sushy_manager')
|
||||
def test_update_ipmi_over_lan(self, manager_mock, secure_mock):
|
||||
self.rf_client.update_ipmi_over_lan()
|
||||
(manager_mock.return_value.networkprotocol.return_value.
|
||||
update_ipmi_enabled(False))
|
||||
|
||||
@mock.patch.object(redfish.RedfishOperations,
|
||||
'_update_security_parameter')
|
||||
@mock.patch.object(redfish.RedfishOperations, '_get_sushy_manager')
|
||||
def test_update_ipmi_over_lan_fail(self, manager_mock, secure_mock):
|
||||
(manager_mock.return_value.networkprotocol.
|
||||
update_ipmi_enabled.side_effect) = sushy.exceptions.SushyError
|
||||
|
||||
msg = ("The Redfish controller failed to update the "
|
||||
"security dashboard paramater ``IPMI/DCMI_Over_LAN``.")
|
||||
self.assertRaisesRegex(
|
||||
exception.IloError, msg, self.rf_client.update_ipmi_over_lan)
|
||||
|
||||
@mock.patch.object(redfish.RedfishOperations,
|
||||
'_update_security_parameter')
|
||||
@mock.patch.object(main.HPESushy, 'get_account_service')
|
||||
def test_update_authentication_failure_logging(self, account_mock,
|
||||
secure_mock):
|
||||
self.rf_client.update_authentication_failure_logging()
|
||||
(self.sushy.get_account_service.return_value.
|
||||
update_auth_failure_logging.assert_called_once_with(None))
|
||||
|
||||
@mock.patch.object(redfish.RedfishOperations,
|
||||
'_update_security_parameter')
|
||||
@mock.patch.object(main.HPESushy, 'get_account_service')
|
||||
def test_update_authentication_failure_logging_fail(self, account_mock,
|
||||
secure_mock):
|
||||
(self.sushy.get_account_service.return_value.
|
||||
update_auth_failure_logging.
|
||||
side_effect) = sushy.exceptions.SushyError
|
||||
|
||||
msg = ("The Redfish controller failed to update the security "
|
||||
"dashboard paramater ``Authentication_failure_Logging``.")
|
||||
self.assertRaisesRegex(
|
||||
exception.IloError, msg,
|
||||
self.rf_client.update_authentication_failure_logging)
|
||||
|
||||
@mock.patch.object(redfish.RedfishOperations,
|
||||
'get_security_dashboard_values')
|
||||
def test__parse_security_dashboard_values_for_capabilities(self, sec_mock):
|
||||
desc1 = ('The Require Login for iLO RBSU setting is disabled. '
|
||||
'This configuration allows unauthenticated iLO access '
|
||||
|
|
Loading…
Reference in New Issue