x
/
proliantutils
Code Issues Proposed changes

Merge "Adds changes for security_dasboard clean_step"

This commit is contained in:
Zuul 2021-03-05 10:48:00 +00:00 committed by Gerrit Code Review
parent 8729133641 03e0d7a3c4
commit 2be2d0e18d
11 changed files with 625 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
proliantutils/exception.py
View File

@ -227,3 +227,8 @@ class RedfishError(ProliantUtilsException):
class MissingAttributeError(RedfishError):
message = ('The attribute %(attribute)s is missing from the '
'resource %(resource)s')
class InvalidParameterValueError(RedfishError):
message = ('The parameter "%(parameter)s" value "%(value)s" is invalid. '
'Valid values are: %(valid_values)s')

119
proliantutils/ilo/client.py
View File

@ -124,7 +124,15 @@ SUPPORTED_REDFISH_METHODS = [
'set_http_boot_url',
'get_http_boot_url',
'add_tls_certificate',
'remove_tls_certificate'
'remove_tls_certificate',
'get_security_dashboard_values',
'update_password_complexity',
'update_require_login_for_ilo_rbsu',
'update_require_host_authentication',
'update_minimum_password_length',
'update_ipmi_over_lan',
'update_authentication_failure_logging',
'update_secure_boot'
]
LOG = log.get_logger(__name__)
@ -912,3 +920,112 @@ class IloClient(operations.IloOperations):
:raises: IloError, on an error from iLO.
"""
return self._call_method('remove_tls_certificate', cert_file_list)
def get_security_dashboard_values(self):
"""Gets all the parameters related to security dashboard.
:return: a dictionary of the security dashboard values
with their security status and security parameters
with their complete details and security status.
:raises: IloError, if security dashboard or their params
not found or on an error from iLO.
"""
return self._call_method('get_security_dashboard_values')
def update_password_complexity(self, enable=True, ignore=False):
"""Update the Password_Complexity security param.
:param enable: A boolean param, True when Password_Complexity needs
to be enabled. If passed False, Password_Complexity security
param will be disabled. If nothing passed default will be True.
:param ignore : A boolean param, True when Password_Complexity needs
to be ignored. If passed False, Password_Complexity security
param will not be ignored. If nothing passed default will be
False.
:raises: IloError, on an error from iLO.
"""
return self._call_method('update_password_complexity', enable, ignore)
def update_require_login_for_ilo_rbsu(self, enable=True, ignore=False):
"""Update the RequiredLoginForiLORBSU security param.
:param enable: A boolean param, True when RequiredLoginForiLORBSU
needs to be enabled. If passed False, RequiredLoginForiLORBSU
security param will be disabled. If nothing passed default
will be True.
:param ignore : A boolean param, True when RequiredLoginForiLORBSU
needs to be ignored. If passed False, RequiredLoginForiLORBSU
security param will not be ignored. If nothing passed default
will be False.
:raises: IloError, on an error from iLO.
"""
return self._call_method('update_require_login_for_ilo_rbsu',
enable, ignore)
def update_require_host_authentication(self, enable=True, ignore=False):
"""Update the RequireHostAuthentication security param.
:param enable: A boolean param, True when RequireHostAuthentication
needs to be enabled. If passed False, RequireHostAuthentication
security param will be disabled. If nothing passed
default will be True.
:param ignore : A boolean param, True when RequireHostAuthentication
needs to be ignored. If passed False, RequireHostAuthentication
security param will not be ignored. If nothing passed
default will be False.
:raises: IloError, on an error from iLO.
"""
return self._call_method('update_require_host_authentication',
enable, ignore)
def update_minimum_password_length(self, passwd_length=None, ignore=False):
"""Update the MinPasswordLength security param.
:param passwd_length: Minimum length of password used. If nothing
passed default will be None.
:param ignore : A boolean param, True when MinPasswordLength needs to
be ignored. If passed False, MinPasswordLength security param
will not be ignored. If nothing passed default will be False.
"""
return self._call_method('update_minimum_password_length',
passwd_length, ignore)
def update_ipmi_over_lan(self, enable=False, ignore=False):
"""Update the IPMI/DCMI_Over_LAN security param.
:param enable: A boolean param, True when IPMI/DCMI_Over_LAN needs to
be enabled. If passed False, IPMI/DCMI_Over_LAN security param
will be disabled. If nothing passed default will be False.
:param ignore : A boolean param, True when IPMI/DCMI_Over_LAN needs to
be ignored. If passed False, IPMI/DCMI_Over_LAN security param
will not be ignored. If nothing passed default will be False.
:raises: IloError, on an error from iLO.
"""
return self._call_method('update_ipmi_over_lan', enable, ignore)
def update_authentication_failure_logging(self, logging_threshold=None,
ignore=False):
"""Update the Authentication_failure_Logging security param.
:param logging_threshold: Value of authenication failure logging
threshold. If nothing passed default will be None.
:param ignore : A boolean param, True when
Authentication_failure_Logging needs to be ignored. If passed
False, Authentication_failure_Logging security param will not
be ignored. If nothing passed default will be False.
:raises: IloError, on an error from iLO.
"""
return self._call_method('update_authentication_failure_logging',
logging_threshold, ignore)
def update_secure_boot(self, enable=True, ignore=False):
"""Update Secure_Boot security param on the server.
:param enable: A boolean param, True when Secure_Boot needs to be
enabled. If passed False, Secure_Boot security param will
be disabled. If nothing passed default will be True.
:param ignore : A boolean param, True when Secure_boot needs to be
ignored. If passed False, Secure_boot security param will
not be ignored. If nothing passed default will be False.
"""
return self._call_method('update_secure_boot', enable, ignore)

202
proliantutils/redfish/redfish.py
View File

@ -680,7 +680,204 @@ class RedfishOperations(operations.IloOperations):
LOG.debug(msg)
raise exception.IloError(msg)
def _get_security_dashboard_values(self):
def _update_security_parameter(self, sec_param, ignore=False):
"""Sets the ignore flag for the security parameter.
:param sec_param: Name of the security parameter.
:param ignore : True when security parameter needs to be ignored.
If passed False, security param will not be ignored.
If nothing passed default will be False.
"""
sushy_manager = self._get_sushy_manager(PROLIANT_MANAGER_ID)
try:
security_params = (
sushy_manager.securityservice.securityparamscollectionuri)
param_members = security_params.get_members()
for param in param_members:
if sec_param in param.name:
param.update_security_param_ignore_status(ignore)
break
else:
msg = (self._('Specified parameter "%(param)s" is not '
'a Security Dashboard Parameter.') %
{'param': sec_param})
raise exception.IloInvalidInputError(msg)
except sushy.exceptions.SushyError as e:
msg = (self._("The Redfish controller is unable to update "
"resource or its member. Error "
"%(error)s)") % {'error': str(e)})
LOG.debug(msg)
raise exception.IloError(msg)
def update_password_complexity(self, enable=True, ignore=False):
"""Update the Password_Complexity security param.
:param enable: A boolean param, True when Password_Complexity needs
to be enabled. If passed False, Password_Complexity security
param will be disabled. If nothing passed default will be True.
:param ignore : A boolean param, True when Password_Complexity needs
to be ignored. If passed False, Password_Complexity security
param will not be ignored. If nothing passed default will be
False.
:raises: IloError, on an error from iLO.
"""
acc_service = self._sushy.get_account_service()
try:
self._update_security_parameter(sec_param="Password Complexity",
ignore=ignore)
acc_service.update_enforce_passwd_complexity(enable)
except sushy.exceptions.SushyError as e:
msg = (self._('The Redfish controller failed to update the '
'security dashboard parameter '
'``Password_Complexity``. '
'Error %(error)s') % {'error': str(e)})
LOG.debug(msg)
raise exception.IloError(msg)
def update_require_login_for_ilo_rbsu(self, enable=True, ignore=False):
"""Update the RequiredLoginForiLORBSU security param.
:param enable: A boolean param, True when RequiredLoginForiLORBSU
needs to be enabled. If passed False, RequiredLoginForiLORBSU
security param will be disabled. If nothing passed default
will be True.
:param ignore : A boolean param, True when RequiredLoginForiLORBSU
needs to be ignored. If passed False, RequiredLoginForiLORBSU
security param will not be ignored. If nothing passed default
will be False.
:raises: IloError, on an error from iLO.
"""
sushy_manager = self._get_sushy_manager(PROLIANT_MANAGER_ID)
try:
self._update_security_parameter(sec_param="Require Login",
ignore=ignore)
sushy_manager.update_login_for_ilo_rbsu(enable)
except sushy.exceptions.SushyError as e:
msg = (self._('The Redfish controller failed to update the '
'security dashboard parameter '
'``RequiredLoginForiLORBSU``. '
'Error %(error)s') % {'error': str(e)})
LOG.debug(msg)
raise exception.IloError(msg)
def update_require_host_authentication(self, enable=True, ignore=False):
"""Update the RequireHostAuthentication security param.
:param enable: A boolean param, True when RequireHostAuthentication
needs to be enabled. If passed False, RequireHostAuthentication
security param will be disabled. If nothing passed
default will be True.
:param ignore : A boolean param, True when RequireHostAuthentication
needs to be ignored. If passed False, RequireHostAuthentication
security param will not be ignored. If nothing passed
default will be False.
:raises: IloError, on an error from iLO.
"""
sushy_manager = self._get_sushy_manager(PROLIANT_MANAGER_ID)
try:
self._update_security_parameter(sec_param="Host Authentication",
ignore=ignore)
sushy_manager.update_host_authentication(enable)
except sushy.exceptions.SushyError as e:
msg = (self._('The Redfish controller failed to update the '
'security dashboard paramater '
'``RequireHostAuthentication``. '
'Error %(error)s') % {'error': str(e)})
LOG.debug(msg)
raise exception.IloError(msg)
def update_minimum_password_length(self, passwd_length=None, ignore=False):
"""Update the MinPasswordLength security param.
:param passwd_length: Minimum lenght of password used. If nothing
passed default will be None.
:param ignore : A boolean param, True when MinPasswordLength needs to
be ignored. If passed False, MinPasswordLength security param
will not be ignored. If nothing passed default will be False.
"""
acc_service = self._sushy.get_account_service()
try:
self._update_security_parameter(sec_param="Minimum",
ignore=ignore)
acc_service.update_min_passwd_length(passwd_length)
except sushy.exceptions.SushyError as e:
msg = (self._('The Redfish controller failed to update the '
'security dashboard paramater '
'``MinPasswordLength``. '
'Error %(error)s') % {'error': str(e)})
LOG.debug(msg)
raise exception.IloError(msg)
def update_ipmi_over_lan(self, enable=False, ignore=False):
"""Update the IPMI/DCMI_Over_LAN security param.
:param enable: A boolean param, True when IPMI/DCMI_Over_LAN needs to
be enabled. If passed False, IPMI/DCMI_Over_LAN security param
will be disabled. If nothing passed default will be False.
:param ignore : A boolean param, True when IPMI/DCMI_Over_LAN needs to
be ignored. If passed False, IPMI/DCMI_Over_LAN security param
will not be ignored. If nothing passed default will be False.
:raises: IloError, on an error from iLO.
"""
sushy_manager = self._get_sushy_manager(PROLIANT_MANAGER_ID)
try:
self._update_security_parameter(sec_param="IPMI", ignore=ignore)
sushy_manager.networkprotocol.update_ipmi_enabled(enable)
except sushy.exceptions.SushyError as e:
msg = (self._('The Redfish controller failed to update the '
'security dashboard paramater '
'``IPMI/DCMI_Over_LAN``. '
'Error %(error)s') % {'error': str(e)})
LOG.debug(msg)
raise exception.IloError(msg)
def update_authentication_failure_logging(self, logging_threshold=None,
ignore=False):
"""Update the Authentication_failure_Logging security param.
:param logging_threshold: Value of authenication failure logging
threshold. If nothing passed default will be None.
:param ignore : A boolean param, True when
Authentication_failure_Logging needs to be ignored. If passed
False, Authentication_failure_Logging security param will not
be ignored. If nothing passed default will be False.
:raises: IloError, on an error from iLO.
"""
acc_service = self._sushy.get_account_service()
try:
self._update_security_parameter(sec_param="Failure Logging",
ignore=ignore)
acc_service.update_auth_failure_logging(logging_threshold)
except sushy.exceptions.SushyError as e:
msg = (self._('The Redfish controller failed to update the '
'security dashboard paramater '
'``Authentication_failure_Logging``. '
'Error %(error)s') % {'error': str(e)})
LOG.debug(msg)
raise exception.IloError(msg)
def update_secure_boot(self, enable=True, ignore=False):
"""Update Secure_Boot security param on the server.
:param enable: A boolean param, True when Secure_Boot needs to be
enabled. If passed False, Secure_Boot security param will
be disabled. If nothing passed default will be True.
:param ignore : A boolean param, True when Secure_boot needs to be
ignored. If passed False, Secure_boot security param will
not be ignored. If nothing passed default will be False.
"""
try:
self._update_security_parameter(sec_param="Secure Boot",
ignore=ignore)
self.set_secure_boot_mode(enable)
except sushy.exceptions.SushyError as e:
msg = (self._('The Redfish controller failed to update the '
'security dashboard paramater ``Secure_boot``. '
'Error %(error)s') % {'error': str(e)})
LOG.debug(msg)
raise exception.IloError(msg)
def get_security_dashboard_values(self):
"""Gets all the parameters related to security dashboard.
:return: a dictionary of the security dashboard values
@ -692,7 +889,6 @@ class RedfishOperations(operations.IloOperations):
sec_capabilities = {}
sushy_manager = self._get_sushy_manager(PROLIANT_MANAGER_ID)
try:
security_dashboard = (
sushy_manager.securityservice.securitydashboard)
security_params = (
@ -732,7 +928,7 @@ class RedfishOperations(operations.IloOperations):
:returns: a dictionary of only those security parameters and their
security status which are applicable for ironic.
"""
values = self._get_security_dashboard_values()
values = self.get_security_dashboard_values()
ironic_sec_capabilities = {}
ironic_sec_capabilities.update(
{'overall_security_status': values.get('overall_security_status')})

40
proliantutils/redfish/resources/account_service/account_service.py
View File

@ -15,9 +15,13 @@
from sushy.resources import base
from sushy import utils as sushy_utils
from proliantutils import exception
from proliantutils.redfish.resources.account_service import account
from proliantutils.redfish import utils
DEFAULT_PASSWORD_LENGTH = 8
DEFAULT_AUTH_FAIL_LOGGING = 1
class HPEAccountService(base.ResourceBase):
"""Class that extends the functionality of AccountService resource class
@ -25,6 +29,9 @@ class HPEAccountService(base.ResourceBase):
This class extends the functionality of Account resource class
from sushy
"""
min_passwd_length = base.Field(["Oem", "Hpe", "MinPasswordLength"])
enforce_passwd_complexity = base.Field(
["Oem", "Hpe", "EnforcePasswordComplexity"])
@property
@sushy_utils.cache_it
@ -33,3 +40,36 @@ class HPEAccountService(base.ResourceBase):
return account.HPEAccountCollection(
self._conn, utils.get_subresource_path_by(self, 'Accounts'),
redfish_version=self.redfish_version)
def update_min_passwd_length(self, passwd_length):
if passwd_length is None:
passwd_length = DEFAULT_PASSWORD_LENGTH
valid_lengths = list(range(40))
if (passwd_length not in valid_lengths):
raise exception.InvalidParameterValueError(
parameter='MinPasswordLength', value=passwd_length,
valid_values='0 to 39')
p_data = {"Oem": {"Hpe": {"MinPasswordLength": passwd_length}}}
self._conn.patch(self.path, data=p_data)
def update_enforce_passwd_complexity(self, enable):
if not isinstance(enable, bool):
msg = ('The parameter "%(parameter)s" value "%(value)s" is '
'invalid. Valid values are: True/False.' %
{'parameter': 'enable', 'value': enable})
raise exception.InvalidInputError(msg)
data = {"Oem": {"Hpe": {"EnforcePasswordComplexity": enable}}}
self._conn.patch(self.path, data=data)
def update_auth_failure_logging(self, logging_threshold):
if logging_threshold is None:
logging_threshold = DEFAULT_AUTH_FAIL_LOGGING
valid_values = [0, 1, 2, 3, 5]
if (logging_threshold not in valid_values):
raise exception.InvalidParameterValueError(
parameter='AuthFailureLoggingThreshold',
value=logging_threshold, valid_values=valid_values)
p_data = {"Oem": {"Hpe": {
"AuthFailureLoggingThreshold": logging_threshold}}}
self._conn.patch(self.path, data=p_data)

34
proliantutils/redfish/resources/manager/manager.py
View File

@ -14,9 +14,12 @@
__author__ = 'HPE'
from sushy.resources import base
from sushy.resources.manager import manager
from sushy import utils as sushy_utils
from proliantutils import exception
from proliantutils.redfish.resources.manager import network_protocol
from proliantutils.redfish.resources.manager import security_service
from proliantutils.redfish.resources.manager import virtual_media
from proliantutils.redfish import utils
@ -28,6 +31,10 @@ class HPEManager(manager.Manager):
This class extends the functionality of Manager resource class
from sushy
"""
required_login_foriLORBSU = base.Field(
["Oem", "Hpe", "RequiredLoginForiLORBSU"])
require_host_authentication = base.Field(
["Oem", "Hpe", "RequireHostAuthentication"])
def set_license(self, key):
"""Set the license on a redfish system
@ -58,3 +65,30 @@ class HPEManager(manager.Manager):
self._conn, utils.get_subresource_path_by(
self, ['Oem', 'Hpe', 'Links', 'SecurityService']),
redfish_version=self.redfish_version)
@property
@sushy_utils.cache_it
def networkprotocol(self):
return network_protocol.NetworkProtocol(
self._conn, utils.get_subresource_path_by(self, 'NetworkProtocol'),
redfish_version=self.redfish_version)
def update_login_for_ilo_rbsu(self, enable):
if not isinstance(enable, bool):
msg = ('The parameter "%(parameter)s" value "%(value)s" is '
'invalid. Valid values are: True/False.' %
{'parameter': 'enable', 'value': enable})
raise exception.InvalidInputError(msg)
data = {"Oem": {"Hpe": {"RequiredLoginForiLORBSU": enable}}}
self._conn.patch(self.path, data=data)
def update_host_authentication(self, enable):
if not isinstance(enable, bool):
msg = ('The parameter "%(parameter)s" value "%(value)s" is '
'invalid. Valid values are: True/False.' %
{'parameter': 'enable', 'value': enable})
raise exception.InvalidInputError(msg)
data = {"Oem": {"Hpe": {"RequireHostAuthentication": enable}}}
self._conn.patch(self.path, data=data)

45
proliantutils/redfish/resources/manager/network_protocol.py Normal file
View File

@ -0,0 +1,45 @@
# Copyright 2021 Hewlett Packard Enterprise Development LP
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
__author__ = 'HPE'
from sushy.resources import base
from proliantutils import exception
from proliantutils import log
LOG = log.get_logger(__name__)
class NetworkProtocol(base.ResourceBase):
identity = base.Field('Id', required=True)
"""The identity for the instance."""
name = base.Field("Name")
"""Name of the service"""
ipmi_enabled = base.Field(["IPMI", "ProtocolEnabled"])
"""True if IPMI network protocol is enabled else False"""
def update_ipmi_enabled(self, enable):
if not isinstance(enable, bool):
msg = ('The parameter "%(parameter)s" value "%(value)s" is '
'invalid. Valid values are: True/False.' %
{'parameter': 'enable', 'value': enable})
raise exception.InvalidInputError(msg)
ipmi_data = {"IPMI": {"ProtocolEnabled": enable}}
self._conn.patch(self.path, data=ipmi_data)

10
proliantutils/redfish/resources/manager/security_params.py
View File

@ -16,6 +16,7 @@ __author__ = 'HPE'
from sushy.resources import base
from proliantutils import exception
from proliantutils import log
LOG = log.get_logger(__name__)
@ -35,6 +36,15 @@ class SecurityParams(base.ResourceBase):
description = base.Field('Description')
recommended_action = base.Field('RecommendedAction')
def update_security_param_ignore_status(self, ignore):
if not isinstance(ignore, bool):
msg = ('The parameter "%(parameter)s" value "%(value)s" is '
'invalid. Valid values are: True/False.' %
{'parameter': 'ignore', 'value': ignore})
raise exception.InvalidInputError(msg)
data = {"Ignore": ignore}
self._conn.patch(self.path, data=data)
class SecurityParamsCollection(base.ResourceCollectionBase):

18
proliantutils/tests/redfish/resources/account_service/test_account_service.py
View File

@ -67,3 +67,21 @@ class HPEAccountServiceTestCase(testtools.TestCase):
self.assertIsInstance(self.acc_inst.accounts,
account.HPEAccountCollection)
self.assertFalse(accounts._is_stale)
def test_update_min_passwd_length(self):
self.acc_inst.update_min_passwd_length(passwd_length=10)
data = {"Oem": {"Hpe": {"MinPasswordLength": 10}}}
self.acc_inst._conn.patch.assert_called_once_with(
'/redfish/v1/AccountService', data=data)
def test_update_enforce_passwd_complexity(self):
self.acc_inst.update_enforce_passwd_complexity(enable=True)
data = {"Oem": {"Hpe": {"EnforcePasswordComplexity": True}}}
self.acc_inst._conn.patch.assert_called_once_with(
'/redfish/v1/AccountService', data=data)
def test_update_auth_failure_logging(self):
self.acc_inst.update_auth_failure_logging(logging_threshold=2)
data = {"Oem": {"Hpe": {"AuthFailureLoggingThreshold": 2}}}
self.acc_inst._conn.patch.assert_called_once_with(
'/redfish/v1/AccountService', data=data)

12
proliantutils/tests/redfish/resources/manager/test_manager.py
View File

@ -85,3 +85,15 @@ class HPEManagerTestCase(testtools.TestCase):
self.assertIsInstance(self.mgr_inst.virtual_media,
virtual_media.VirtualMediaCollection)
self.assertFalse(actual_vmedia._is_stale)
def test_update_login_for_ilo_rbsu(self):
self.mgr_inst.update_login_for_ilo_rbsu(enable=True)
data = {"Oem": {"Hpe": {"RequiredLoginForiLORBSU": True}}}
self.mgr_inst._conn.patch.assert_called_once_with(
'/redfish/v1/Managers/1', data=data)
def test_update_host_authentication(self):
self.mgr_inst.update_host_authentication(enable=True)
data = {"Oem": {"Hpe": {"RequireHostAuthentication": True}}}
self.mgr_inst._conn.patch.assert_called_once_with(
'/redfish/v1/Managers/1', data=data)

8
proliantutils/tests/redfish/resources/manager/test_security_params.py
View File

@ -45,6 +45,14 @@ class SecurityParamsTestCase(testtools.TestCase):
self.assertEqual("Ok", self.sec_param.status)
self.assertEqual("Off", self.sec_param.state)
def test_update_security_param_ignore_status(self):
self.sec_param.update_security_param_ignore_status(ignore=False)
data = {"Ignore": False}
target_uri = ('/redfish/v1/Mangers/1/SecurityService/'
'SecurityDashboard/SecurityParams')
self.sec_param._conn.patch.assert_called_once_with(
target_uri, data=data)
class SecurityParamsCollectionTestCase(testtools.TestCase):

137
proliantutils/tests/redfish/test_redfish.py
View File

@ -2368,7 +2368,142 @@ class RedfishOperationsTestCase(testtools.TestCase):
load_cert_mock.assert_not_called()
@mock.patch.object(redfish.RedfishOperations,
'_get_security_dashboard_values')
'_update_security_parameter')
@mock.patch.object(main.HPESushy, 'get_account_service')
def test_update_password_complexity(self, account_mock, secure_mock):
self.rf_client.update_password_complexity()
(self.sushy.get_account_service.return_value.
update_enforce_passwd_complexity.assert_called_once_with(True))
@mock.patch.object(redfish.RedfishOperations,
'_update_security_parameter')
@mock.patch.object(main.HPESushy, 'get_account_service')
def test_update_password_complexity_fail(self, account_mock,
secure_mock):
(self.sushy.get_account_service.return_value.
update_enforce_passwd_complexity.
side_effect) = sushy.exceptions.SushyError
self.assertRaisesRegex(
exception.IloError,
'The Redfish controller failed to update the security dashboard '
'parameter ``Password_Complexity``.',
self.rf_client.update_password_complexity)
@mock.patch.object(redfish.RedfishOperations,
'_update_security_parameter')
@mock.patch.object(redfish.RedfishOperations, '_get_sushy_manager')
def test_update_require_login_for_ilo_rbsu(self, manager_mock,
secure_mock):
self.rf_client.update_require_login_for_ilo_rbsu()
(manager_mock.return_value.update_login_for_ilo_rbsu.
assert_called_once_with(True))
@mock.patch.object(redfish.RedfishOperations,
'_update_security_parameter')
@mock.patch.object(redfish.RedfishOperations, '_get_sushy_manager')
def test_update_require_login_for_ilo_rbsu_fail(self, manager_mock,
secure_mock):
(manager_mock.return_value.update_login_for_ilo_rbsu.
side_effect) = sushy.exceptions.SushyError
msg = ("The Redfish controller failed to update the security dashboard"
" parameter ``RequiredLoginForiLORBSU``.")
self.assertRaisesRegex(
exception.IloError, msg,
self.rf_client.update_require_login_for_ilo_rbsu)
@mock.patch.object(redfish.RedfishOperations,
'_update_security_parameter')
@mock.patch.object(redfish.RedfishOperations, '_get_sushy_manager')
def test_update_require_host_authentication(self, manager_mock,
secure_mock):
self.rf_client.update_require_host_authentication()
(manager_mock.return_value.update_host_authentication.
assert_called_once_with(True))
@mock.patch.object(redfish.RedfishOperations,
'_update_security_parameter')
@mock.patch.object(redfish.RedfishOperations, '_get_sushy_manager')
def test_update_require_host_authentication_fail(self, manager_mock,
secure_mock):
(manager_mock.return_value.update_host_authentication.
side_effect) = sushy.exceptions.SushyError
msg = ("The Redfish controller failed to update the "
"security dashboard paramater ``RequireHostAuthentication``.")
self.assertRaisesRegex(
exception.IloError, msg,
self.rf_client.update_require_host_authentication)
@mock.patch.object(redfish.RedfishOperations,
'_update_security_parameter')
@mock.patch.object(main.HPESushy, 'get_account_service')
def test_update_minimum_password_length(self, account_mock, secure_mock):
self.rf_client.update_minimum_password_length(passwd_length=10)
(self.sushy.get_account_service.return_value.
update_min_passwd_length.assert_called_once_with(10))
@mock.patch.object(redfish.RedfishOperations,
'_update_security_parameter')
@mock.patch.object(main.HPESushy, 'get_account_service')
def test_update_minimum_password_length_fail(self, account_mock,
secure_mock):
(self.sushy.get_account_service.return_value.
update_min_passwd_length.side_effect) = sushy.exceptions.SushyError
msg = ("The Redfish controller failed to update the "
"security dashboard paramater ``MinPasswordLength``.")
self.assertRaisesRegex(
exception.IloError, msg,
self.rf_client.update_minimum_password_length)
@mock.patch.object(redfish.RedfishOperations,
'_update_security_parameter')
@mock.patch.object(redfish.RedfishOperations, '_get_sushy_manager')
def test_update_ipmi_over_lan(self, manager_mock, secure_mock):
self.rf_client.update_ipmi_over_lan()
(manager_mock.return_value.networkprotocol.return_value.
update_ipmi_enabled(False))
@mock.patch.object(redfish.RedfishOperations,
'_update_security_parameter')
@mock.patch.object(redfish.RedfishOperations, '_get_sushy_manager')
def test_update_ipmi_over_lan_fail(self, manager_mock, secure_mock):
(manager_mock.return_value.networkprotocol.
update_ipmi_enabled.side_effect) = sushy.exceptions.SushyError
msg = ("The Redfish controller failed to update the "
"security dashboard paramater ``IPMI/DCMI_Over_LAN``.")
self.assertRaisesRegex(
exception.IloError, msg, self.rf_client.update_ipmi_over_lan)
@mock.patch.object(redfish.RedfishOperations,
'_update_security_parameter')
@mock.patch.object(main.HPESushy, 'get_account_service')
def test_update_authentication_failure_logging(self, account_mock,
secure_mock):
self.rf_client.update_authentication_failure_logging()
(self.sushy.get_account_service.return_value.
update_auth_failure_logging.assert_called_once_with(None))
@mock.patch.object(redfish.RedfishOperations,
'_update_security_parameter')
@mock.patch.object(main.HPESushy, 'get_account_service')
def test_update_authentication_failure_logging_fail(self, account_mock,
secure_mock):
(self.sushy.get_account_service.return_value.
update_auth_failure_logging.
side_effect) = sushy.exceptions.SushyError
msg = ("The Redfish controller failed to update the security "
"dashboard paramater ``Authentication_failure_Logging``.")
self.assertRaisesRegex(
exception.IloError, msg,
self.rf_client.update_authentication_failure_logging)
@mock.patch.object(redfish.RedfishOperations,
'get_security_dashboard_values')
def test__parse_security_dashboard_values_for_capabilities(self, sec_mock):
desc1 = ('The Require Login for iLO RBSU setting is disabled. '
'This configuration allows unauthenticated iLO access '