Merge "Adds changes for security_dasboard clean_step"
This commit is contained in:
commit
2be2d0e18d
|
@ -227,3 +227,8 @@ class RedfishError(ProliantUtilsException):
|
||||||
class MissingAttributeError(RedfishError):
|
class MissingAttributeError(RedfishError):
|
||||||
message = ('The attribute %(attribute)s is missing from the '
|
message = ('The attribute %(attribute)s is missing from the '
|
||||||
'resource %(resource)s')
|
'resource %(resource)s')
|
||||||
|
|
||||||
|
|
||||||
|
class InvalidParameterValueError(RedfishError):
|
||||||
|
message = ('The parameter "%(parameter)s" value "%(value)s" is invalid. '
|
||||||
|
'Valid values are: %(valid_values)s')
|
||||||
|
|
|
@ -124,7 +124,15 @@ SUPPORTED_REDFISH_METHODS = [
|
||||||
'set_http_boot_url',
|
'set_http_boot_url',
|
||||||
'get_http_boot_url',
|
'get_http_boot_url',
|
||||||
'add_tls_certificate',
|
'add_tls_certificate',
|
||||||
'remove_tls_certificate'
|
'remove_tls_certificate',
|
||||||
|
'get_security_dashboard_values',
|
||||||
|
'update_password_complexity',
|
||||||
|
'update_require_login_for_ilo_rbsu',
|
||||||
|
'update_require_host_authentication',
|
||||||
|
'update_minimum_password_length',
|
||||||
|
'update_ipmi_over_lan',
|
||||||
|
'update_authentication_failure_logging',
|
||||||
|
'update_secure_boot'
|
||||||
]
|
]
|
||||||
|
|
||||||
LOG = log.get_logger(__name__)
|
LOG = log.get_logger(__name__)
|
||||||
|
@ -912,3 +920,112 @@ class IloClient(operations.IloOperations):
|
||||||
:raises: IloError, on an error from iLO.
|
:raises: IloError, on an error from iLO.
|
||||||
"""
|
"""
|
||||||
return self._call_method('remove_tls_certificate', cert_file_list)
|
return self._call_method('remove_tls_certificate', cert_file_list)
|
||||||
|
|
||||||
|
def get_security_dashboard_values(self):
|
||||||
|
"""Gets all the parameters related to security dashboard.
|
||||||
|
|
||||||
|
:return: a dictionary of the security dashboard values
|
||||||
|
with their security status and security parameters
|
||||||
|
with their complete details and security status.
|
||||||
|
:raises: IloError, if security dashboard or their params
|
||||||
|
not found or on an error from iLO.
|
||||||
|
"""
|
||||||
|
return self._call_method('get_security_dashboard_values')
|
||||||
|
|
||||||
|
def update_password_complexity(self, enable=True, ignore=False):
|
||||||
|
"""Update the Password_Complexity security param.
|
||||||
|
|
||||||
|
:param enable: A boolean param, True when Password_Complexity needs
|
||||||
|
to be enabled. If passed False, Password_Complexity security
|
||||||
|
param will be disabled. If nothing passed default will be True.
|
||||||
|
:param ignore : A boolean param, True when Password_Complexity needs
|
||||||
|
to be ignored. If passed False, Password_Complexity security
|
||||||
|
param will not be ignored. If nothing passed default will be
|
||||||
|
False.
|
||||||
|
:raises: IloError, on an error from iLO.
|
||||||
|
"""
|
||||||
|
return self._call_method('update_password_complexity', enable, ignore)
|
||||||
|
|
||||||
|
def update_require_login_for_ilo_rbsu(self, enable=True, ignore=False):
|
||||||
|
"""Update the RequiredLoginForiLORBSU security param.
|
||||||
|
|
||||||
|
:param enable: A boolean param, True when RequiredLoginForiLORBSU
|
||||||
|
needs to be enabled. If passed False, RequiredLoginForiLORBSU
|
||||||
|
security param will be disabled. If nothing passed default
|
||||||
|
will be True.
|
||||||
|
:param ignore : A boolean param, True when RequiredLoginForiLORBSU
|
||||||
|
needs to be ignored. If passed False, RequiredLoginForiLORBSU
|
||||||
|
security param will not be ignored. If nothing passed default
|
||||||
|
will be False.
|
||||||
|
:raises: IloError, on an error from iLO.
|
||||||
|
"""
|
||||||
|
return self._call_method('update_require_login_for_ilo_rbsu',
|
||||||
|
enable, ignore)
|
||||||
|
|
||||||
|
def update_require_host_authentication(self, enable=True, ignore=False):
|
||||||
|
"""Update the RequireHostAuthentication security param.
|
||||||
|
|
||||||
|
:param enable: A boolean param, True when RequireHostAuthentication
|
||||||
|
needs to be enabled. If passed False, RequireHostAuthentication
|
||||||
|
security param will be disabled. If nothing passed
|
||||||
|
default will be True.
|
||||||
|
:param ignore : A boolean param, True when RequireHostAuthentication
|
||||||
|
needs to be ignored. If passed False, RequireHostAuthentication
|
||||||
|
security param will not be ignored. If nothing passed
|
||||||
|
default will be False.
|
||||||
|
:raises: IloError, on an error from iLO.
|
||||||
|
"""
|
||||||
|
return self._call_method('update_require_host_authentication',
|
||||||
|
enable, ignore)
|
||||||
|
|
||||||
|
def update_minimum_password_length(self, passwd_length=None, ignore=False):
|
||||||
|
"""Update the MinPasswordLength security param.
|
||||||
|
|
||||||
|
:param passwd_length: Minimum length of password used. If nothing
|
||||||
|
passed default will be None.
|
||||||
|
:param ignore : A boolean param, True when MinPasswordLength needs to
|
||||||
|
be ignored. If passed False, MinPasswordLength security param
|
||||||
|
will not be ignored. If nothing passed default will be False.
|
||||||
|
"""
|
||||||
|
return self._call_method('update_minimum_password_length',
|
||||||
|
passwd_length, ignore)
|
||||||
|
|
||||||
|
def update_ipmi_over_lan(self, enable=False, ignore=False):
|
||||||
|
"""Update the IPMI/DCMI_Over_LAN security param.
|
||||||
|
|
||||||
|
:param enable: A boolean param, True when IPMI/DCMI_Over_LAN needs to
|
||||||
|
be enabled. If passed False, IPMI/DCMI_Over_LAN security param
|
||||||
|
will be disabled. If nothing passed default will be False.
|
||||||
|
:param ignore : A boolean param, True when IPMI/DCMI_Over_LAN needs to
|
||||||
|
be ignored. If passed False, IPMI/DCMI_Over_LAN security param
|
||||||
|
will not be ignored. If nothing passed default will be False.
|
||||||
|
:raises: IloError, on an error from iLO.
|
||||||
|
"""
|
||||||
|
return self._call_method('update_ipmi_over_lan', enable, ignore)
|
||||||
|
|
||||||
|
def update_authentication_failure_logging(self, logging_threshold=None,
|
||||||
|
ignore=False):
|
||||||
|
"""Update the Authentication_failure_Logging security param.
|
||||||
|
|
||||||
|
:param logging_threshold: Value of authenication failure logging
|
||||||
|
threshold. If nothing passed default will be None.
|
||||||
|
:param ignore : A boolean param, True when
|
||||||
|
Authentication_failure_Logging needs to be ignored. If passed
|
||||||
|
False, Authentication_failure_Logging security param will not
|
||||||
|
be ignored. If nothing passed default will be False.
|
||||||
|
:raises: IloError, on an error from iLO.
|
||||||
|
"""
|
||||||
|
return self._call_method('update_authentication_failure_logging',
|
||||||
|
logging_threshold, ignore)
|
||||||
|
|
||||||
|
def update_secure_boot(self, enable=True, ignore=False):
|
||||||
|
"""Update Secure_Boot security param on the server.
|
||||||
|
|
||||||
|
:param enable: A boolean param, True when Secure_Boot needs to be
|
||||||
|
enabled. If passed False, Secure_Boot security param will
|
||||||
|
be disabled. If nothing passed default will be True.
|
||||||
|
:param ignore : A boolean param, True when Secure_boot needs to be
|
||||||
|
ignored. If passed False, Secure_boot security param will
|
||||||
|
not be ignored. If nothing passed default will be False.
|
||||||
|
"""
|
||||||
|
return self._call_method('update_secure_boot', enable, ignore)
|
||||||
|
|
|
@ -680,7 +680,204 @@ class RedfishOperations(operations.IloOperations):
|
||||||
LOG.debug(msg)
|
LOG.debug(msg)
|
||||||
raise exception.IloError(msg)
|
raise exception.IloError(msg)
|
||||||
|
|
||||||
def _get_security_dashboard_values(self):
|
def _update_security_parameter(self, sec_param, ignore=False):
|
||||||
|
"""Sets the ignore flag for the security parameter.
|
||||||
|
|
||||||
|
:param sec_param: Name of the security parameter.
|
||||||
|
:param ignore : True when security parameter needs to be ignored.
|
||||||
|
If passed False, security param will not be ignored.
|
||||||
|
If nothing passed default will be False.
|
||||||
|
"""
|
||||||
|
sushy_manager = self._get_sushy_manager(PROLIANT_MANAGER_ID)
|
||||||
|
try:
|
||||||
|
security_params = (
|
||||||
|
sushy_manager.securityservice.securityparamscollectionuri)
|
||||||
|
param_members = security_params.get_members()
|
||||||
|
for param in param_members:
|
||||||
|
if sec_param in param.name:
|
||||||
|
param.update_security_param_ignore_status(ignore)
|
||||||
|
break
|
||||||
|
else:
|
||||||
|
msg = (self._('Specified parameter "%(param)s" is not '
|
||||||
|
'a Security Dashboard Parameter.') %
|
||||||
|
{'param': sec_param})
|
||||||
|
raise exception.IloInvalidInputError(msg)
|
||||||
|
except sushy.exceptions.SushyError as e:
|
||||||
|
msg = (self._("The Redfish controller is unable to update "
|
||||||
|
"resource or its member. Error "
|
||||||
|
"%(error)s)") % {'error': str(e)})
|
||||||
|
LOG.debug(msg)
|
||||||
|
raise exception.IloError(msg)
|
||||||
|
|
||||||
|
def update_password_complexity(self, enable=True, ignore=False):
|
||||||
|
"""Update the Password_Complexity security param.
|
||||||
|
|
||||||
|
:param enable: A boolean param, True when Password_Complexity needs
|
||||||
|
to be enabled. If passed False, Password_Complexity security
|
||||||
|
param will be disabled. If nothing passed default will be True.
|
||||||
|
:param ignore : A boolean param, True when Password_Complexity needs
|
||||||
|
to be ignored. If passed False, Password_Complexity security
|
||||||
|
param will not be ignored. If nothing passed default will be
|
||||||
|
False.
|
||||||
|
:raises: IloError, on an error from iLO.
|
||||||
|
"""
|
||||||
|
acc_service = self._sushy.get_account_service()
|
||||||
|
try:
|
||||||
|
self._update_security_parameter(sec_param="Password Complexity",
|
||||||
|
ignore=ignore)
|
||||||
|
acc_service.update_enforce_passwd_complexity(enable)
|
||||||
|
except sushy.exceptions.SushyError as e:
|
||||||
|
msg = (self._('The Redfish controller failed to update the '
|
||||||
|
'security dashboard parameter '
|
||||||
|
'``Password_Complexity``. '
|
||||||
|
'Error %(error)s') % {'error': str(e)})
|
||||||
|
LOG.debug(msg)
|
||||||
|
raise exception.IloError(msg)
|
||||||
|
|
||||||
|
def update_require_login_for_ilo_rbsu(self, enable=True, ignore=False):
|
||||||
|
"""Update the RequiredLoginForiLORBSU security param.
|
||||||
|
|
||||||
|
:param enable: A boolean param, True when RequiredLoginForiLORBSU
|
||||||
|
needs to be enabled. If passed False, RequiredLoginForiLORBSU
|
||||||
|
security param will be disabled. If nothing passed default
|
||||||
|
will be True.
|
||||||
|
:param ignore : A boolean param, True when RequiredLoginForiLORBSU
|
||||||
|
needs to be ignored. If passed False, RequiredLoginForiLORBSU
|
||||||
|
security param will not be ignored. If nothing passed default
|
||||||
|
will be False.
|
||||||
|
:raises: IloError, on an error from iLO.
|
||||||
|
"""
|
||||||
|
sushy_manager = self._get_sushy_manager(PROLIANT_MANAGER_ID)
|
||||||
|
try:
|
||||||
|
self._update_security_parameter(sec_param="Require Login",
|
||||||
|
ignore=ignore)
|
||||||
|
sushy_manager.update_login_for_ilo_rbsu(enable)
|
||||||
|
except sushy.exceptions.SushyError as e:
|
||||||
|
msg = (self._('The Redfish controller failed to update the '
|
||||||
|
'security dashboard parameter '
|
||||||
|
'``RequiredLoginForiLORBSU``. '
|
||||||
|
'Error %(error)s') % {'error': str(e)})
|
||||||
|
LOG.debug(msg)
|
||||||
|
raise exception.IloError(msg)
|
||||||
|
|
||||||
|
def update_require_host_authentication(self, enable=True, ignore=False):
|
||||||
|
"""Update the RequireHostAuthentication security param.
|
||||||
|
|
||||||
|
:param enable: A boolean param, True when RequireHostAuthentication
|
||||||
|
needs to be enabled. If passed False, RequireHostAuthentication
|
||||||
|
security param will be disabled. If nothing passed
|
||||||
|
default will be True.
|
||||||
|
:param ignore : A boolean param, True when RequireHostAuthentication
|
||||||
|
needs to be ignored. If passed False, RequireHostAuthentication
|
||||||
|
security param will not be ignored. If nothing passed
|
||||||
|
default will be False.
|
||||||
|
:raises: IloError, on an error from iLO.
|
||||||
|
"""
|
||||||
|
sushy_manager = self._get_sushy_manager(PROLIANT_MANAGER_ID)
|
||||||
|
try:
|
||||||
|
self._update_security_parameter(sec_param="Host Authentication",
|
||||||
|
ignore=ignore)
|
||||||
|
sushy_manager.update_host_authentication(enable)
|
||||||
|
except sushy.exceptions.SushyError as e:
|
||||||
|
msg = (self._('The Redfish controller failed to update the '
|
||||||
|
'security dashboard paramater '
|
||||||
|
'``RequireHostAuthentication``. '
|
||||||
|
'Error %(error)s') % {'error': str(e)})
|
||||||
|
LOG.debug(msg)
|
||||||
|
raise exception.IloError(msg)
|
||||||
|
|
||||||
|
def update_minimum_password_length(self, passwd_length=None, ignore=False):
|
||||||
|
"""Update the MinPasswordLength security param.
|
||||||
|
|
||||||
|
:param passwd_length: Minimum lenght of password used. If nothing
|
||||||
|
passed default will be None.
|
||||||
|
:param ignore : A boolean param, True when MinPasswordLength needs to
|
||||||
|
be ignored. If passed False, MinPasswordLength security param
|
||||||
|
will not be ignored. If nothing passed default will be False.
|
||||||
|
"""
|
||||||
|
acc_service = self._sushy.get_account_service()
|
||||||
|
try:
|
||||||
|
self._update_security_parameter(sec_param="Minimum",
|
||||||
|
ignore=ignore)
|
||||||
|
acc_service.update_min_passwd_length(passwd_length)
|
||||||
|
except sushy.exceptions.SushyError as e:
|
||||||
|
msg = (self._('The Redfish controller failed to update the '
|
||||||
|
'security dashboard paramater '
|
||||||
|
'``MinPasswordLength``. '
|
||||||
|
'Error %(error)s') % {'error': str(e)})
|
||||||
|
LOG.debug(msg)
|
||||||
|
raise exception.IloError(msg)
|
||||||
|
|
||||||
|
def update_ipmi_over_lan(self, enable=False, ignore=False):
|
||||||
|
"""Update the IPMI/DCMI_Over_LAN security param.
|
||||||
|
|
||||||
|
:param enable: A boolean param, True when IPMI/DCMI_Over_LAN needs to
|
||||||
|
be enabled. If passed False, IPMI/DCMI_Over_LAN security param
|
||||||
|
will be disabled. If nothing passed default will be False.
|
||||||
|
:param ignore : A boolean param, True when IPMI/DCMI_Over_LAN needs to
|
||||||
|
be ignored. If passed False, IPMI/DCMI_Over_LAN security param
|
||||||
|
will not be ignored. If nothing passed default will be False.
|
||||||
|
:raises: IloError, on an error from iLO.
|
||||||
|
"""
|
||||||
|
sushy_manager = self._get_sushy_manager(PROLIANT_MANAGER_ID)
|
||||||
|
try:
|
||||||
|
self._update_security_parameter(sec_param="IPMI", ignore=ignore)
|
||||||
|
sushy_manager.networkprotocol.update_ipmi_enabled(enable)
|
||||||
|
except sushy.exceptions.SushyError as e:
|
||||||
|
msg = (self._('The Redfish controller failed to update the '
|
||||||
|
'security dashboard paramater '
|
||||||
|
'``IPMI/DCMI_Over_LAN``. '
|
||||||
|
'Error %(error)s') % {'error': str(e)})
|
||||||
|
LOG.debug(msg)
|
||||||
|
raise exception.IloError(msg)
|
||||||
|
|
||||||
|
def update_authentication_failure_logging(self, logging_threshold=None,
|
||||||
|
ignore=False):
|
||||||
|
"""Update the Authentication_failure_Logging security param.
|
||||||
|
|
||||||
|
:param logging_threshold: Value of authenication failure logging
|
||||||
|
threshold. If nothing passed default will be None.
|
||||||
|
:param ignore : A boolean param, True when
|
||||||
|
Authentication_failure_Logging needs to be ignored. If passed
|
||||||
|
False, Authentication_failure_Logging security param will not
|
||||||
|
be ignored. If nothing passed default will be False.
|
||||||
|
:raises: IloError, on an error from iLO.
|
||||||
|
"""
|
||||||
|
acc_service = self._sushy.get_account_service()
|
||||||
|
try:
|
||||||
|
self._update_security_parameter(sec_param="Failure Logging",
|
||||||
|
ignore=ignore)
|
||||||
|
acc_service.update_auth_failure_logging(logging_threshold)
|
||||||
|
except sushy.exceptions.SushyError as e:
|
||||||
|
msg = (self._('The Redfish controller failed to update the '
|
||||||
|
'security dashboard paramater '
|
||||||
|
'``Authentication_failure_Logging``. '
|
||||||
|
'Error %(error)s') % {'error': str(e)})
|
||||||
|
LOG.debug(msg)
|
||||||
|
raise exception.IloError(msg)
|
||||||
|
|
||||||
|
def update_secure_boot(self, enable=True, ignore=False):
|
||||||
|
"""Update Secure_Boot security param on the server.
|
||||||
|
|
||||||
|
:param enable: A boolean param, True when Secure_Boot needs to be
|
||||||
|
enabled. If passed False, Secure_Boot security param will
|
||||||
|
be disabled. If nothing passed default will be True.
|
||||||
|
:param ignore : A boolean param, True when Secure_boot needs to be
|
||||||
|
ignored. If passed False, Secure_boot security param will
|
||||||
|
not be ignored. If nothing passed default will be False.
|
||||||
|
"""
|
||||||
|
try:
|
||||||
|
self._update_security_parameter(sec_param="Secure Boot",
|
||||||
|
ignore=ignore)
|
||||||
|
self.set_secure_boot_mode(enable)
|
||||||
|
except sushy.exceptions.SushyError as e:
|
||||||
|
msg = (self._('The Redfish controller failed to update the '
|
||||||
|
'security dashboard paramater ``Secure_boot``. '
|
||||||
|
'Error %(error)s') % {'error': str(e)})
|
||||||
|
LOG.debug(msg)
|
||||||
|
raise exception.IloError(msg)
|
||||||
|
|
||||||
|
def get_security_dashboard_values(self):
|
||||||
"""Gets all the parameters related to security dashboard.
|
"""Gets all the parameters related to security dashboard.
|
||||||
|
|
||||||
:return: a dictionary of the security dashboard values
|
:return: a dictionary of the security dashboard values
|
||||||
|
@ -692,7 +889,6 @@ class RedfishOperations(operations.IloOperations):
|
||||||
sec_capabilities = {}
|
sec_capabilities = {}
|
||||||
sushy_manager = self._get_sushy_manager(PROLIANT_MANAGER_ID)
|
sushy_manager = self._get_sushy_manager(PROLIANT_MANAGER_ID)
|
||||||
try:
|
try:
|
||||||
|
|
||||||
security_dashboard = (
|
security_dashboard = (
|
||||||
sushy_manager.securityservice.securitydashboard)
|
sushy_manager.securityservice.securitydashboard)
|
||||||
security_params = (
|
security_params = (
|
||||||
|
@ -732,7 +928,7 @@ class RedfishOperations(operations.IloOperations):
|
||||||
:returns: a dictionary of only those security parameters and their
|
:returns: a dictionary of only those security parameters and their
|
||||||
security status which are applicable for ironic.
|
security status which are applicable for ironic.
|
||||||
"""
|
"""
|
||||||
values = self._get_security_dashboard_values()
|
values = self.get_security_dashboard_values()
|
||||||
ironic_sec_capabilities = {}
|
ironic_sec_capabilities = {}
|
||||||
ironic_sec_capabilities.update(
|
ironic_sec_capabilities.update(
|
||||||
{'overall_security_status': values.get('overall_security_status')})
|
{'overall_security_status': values.get('overall_security_status')})
|
||||||
|
|
|
@ -15,9 +15,13 @@
|
||||||
from sushy.resources import base
|
from sushy.resources import base
|
||||||
from sushy import utils as sushy_utils
|
from sushy import utils as sushy_utils
|
||||||
|
|
||||||
|
from proliantutils import exception
|
||||||
from proliantutils.redfish.resources.account_service import account
|
from proliantutils.redfish.resources.account_service import account
|
||||||
from proliantutils.redfish import utils
|
from proliantutils.redfish import utils
|
||||||
|
|
||||||
|
DEFAULT_PASSWORD_LENGTH = 8
|
||||||
|
DEFAULT_AUTH_FAIL_LOGGING = 1
|
||||||
|
|
||||||
|
|
||||||
class HPEAccountService(base.ResourceBase):
|
class HPEAccountService(base.ResourceBase):
|
||||||
"""Class that extends the functionality of AccountService resource class
|
"""Class that extends the functionality of AccountService resource class
|
||||||
|
@ -25,6 +29,9 @@ class HPEAccountService(base.ResourceBase):
|
||||||
This class extends the functionality of Account resource class
|
This class extends the functionality of Account resource class
|
||||||
from sushy
|
from sushy
|
||||||
"""
|
"""
|
||||||
|
min_passwd_length = base.Field(["Oem", "Hpe", "MinPasswordLength"])
|
||||||
|
enforce_passwd_complexity = base.Field(
|
||||||
|
["Oem", "Hpe", "EnforcePasswordComplexity"])
|
||||||
|
|
||||||
@property
|
@property
|
||||||
@sushy_utils.cache_it
|
@sushy_utils.cache_it
|
||||||
|
@ -33,3 +40,36 @@ class HPEAccountService(base.ResourceBase):
|
||||||
return account.HPEAccountCollection(
|
return account.HPEAccountCollection(
|
||||||
self._conn, utils.get_subresource_path_by(self, 'Accounts'),
|
self._conn, utils.get_subresource_path_by(self, 'Accounts'),
|
||||||
redfish_version=self.redfish_version)
|
redfish_version=self.redfish_version)
|
||||||
|
|
||||||
|
def update_min_passwd_length(self, passwd_length):
|
||||||
|
if passwd_length is None:
|
||||||
|
passwd_length = DEFAULT_PASSWORD_LENGTH
|
||||||
|
valid_lengths = list(range(40))
|
||||||
|
if (passwd_length not in valid_lengths):
|
||||||
|
raise exception.InvalidParameterValueError(
|
||||||
|
parameter='MinPasswordLength', value=passwd_length,
|
||||||
|
valid_values='0 to 39')
|
||||||
|
p_data = {"Oem": {"Hpe": {"MinPasswordLength": passwd_length}}}
|
||||||
|
self._conn.patch(self.path, data=p_data)
|
||||||
|
|
||||||
|
def update_enforce_passwd_complexity(self, enable):
|
||||||
|
if not isinstance(enable, bool):
|
||||||
|
msg = ('The parameter "%(parameter)s" value "%(value)s" is '
|
||||||
|
'invalid. Valid values are: True/False.' %
|
||||||
|
{'parameter': 'enable', 'value': enable})
|
||||||
|
raise exception.InvalidInputError(msg)
|
||||||
|
|
||||||
|
data = {"Oem": {"Hpe": {"EnforcePasswordComplexity": enable}}}
|
||||||
|
self._conn.patch(self.path, data=data)
|
||||||
|
|
||||||
|
def update_auth_failure_logging(self, logging_threshold):
|
||||||
|
if logging_threshold is None:
|
||||||
|
logging_threshold = DEFAULT_AUTH_FAIL_LOGGING
|
||||||
|
valid_values = [0, 1, 2, 3, 5]
|
||||||
|
if (logging_threshold not in valid_values):
|
||||||
|
raise exception.InvalidParameterValueError(
|
||||||
|
parameter='AuthFailureLoggingThreshold',
|
||||||
|
value=logging_threshold, valid_values=valid_values)
|
||||||
|
p_data = {"Oem": {"Hpe": {
|
||||||
|
"AuthFailureLoggingThreshold": logging_threshold}}}
|
||||||
|
self._conn.patch(self.path, data=p_data)
|
||||||
|
|
|
@ -14,9 +14,12 @@
|
||||||
|
|
||||||
__author__ = 'HPE'
|
__author__ = 'HPE'
|
||||||
|
|
||||||
|
from sushy.resources import base
|
||||||
from sushy.resources.manager import manager
|
from sushy.resources.manager import manager
|
||||||
from sushy import utils as sushy_utils
|
from sushy import utils as sushy_utils
|
||||||
|
|
||||||
|
from proliantutils import exception
|
||||||
|
from proliantutils.redfish.resources.manager import network_protocol
|
||||||
from proliantutils.redfish.resources.manager import security_service
|
from proliantutils.redfish.resources.manager import security_service
|
||||||
from proliantutils.redfish.resources.manager import virtual_media
|
from proliantutils.redfish.resources.manager import virtual_media
|
||||||
from proliantutils.redfish import utils
|
from proliantutils.redfish import utils
|
||||||
|
@ -28,6 +31,10 @@ class HPEManager(manager.Manager):
|
||||||
This class extends the functionality of Manager resource class
|
This class extends the functionality of Manager resource class
|
||||||
from sushy
|
from sushy
|
||||||
"""
|
"""
|
||||||
|
required_login_foriLORBSU = base.Field(
|
||||||
|
["Oem", "Hpe", "RequiredLoginForiLORBSU"])
|
||||||
|
require_host_authentication = base.Field(
|
||||||
|
["Oem", "Hpe", "RequireHostAuthentication"])
|
||||||
|
|
||||||
def set_license(self, key):
|
def set_license(self, key):
|
||||||
"""Set the license on a redfish system
|
"""Set the license on a redfish system
|
||||||
|
@ -58,3 +65,30 @@ class HPEManager(manager.Manager):
|
||||||
self._conn, utils.get_subresource_path_by(
|
self._conn, utils.get_subresource_path_by(
|
||||||
self, ['Oem', 'Hpe', 'Links', 'SecurityService']),
|
self, ['Oem', 'Hpe', 'Links', 'SecurityService']),
|
||||||
redfish_version=self.redfish_version)
|
redfish_version=self.redfish_version)
|
||||||
|
|
||||||
|
@property
|
||||||
|
@sushy_utils.cache_it
|
||||||
|
def networkprotocol(self):
|
||||||
|
return network_protocol.NetworkProtocol(
|
||||||
|
self._conn, utils.get_subresource_path_by(self, 'NetworkProtocol'),
|
||||||
|
redfish_version=self.redfish_version)
|
||||||
|
|
||||||
|
def update_login_for_ilo_rbsu(self, enable):
|
||||||
|
if not isinstance(enable, bool):
|
||||||
|
msg = ('The parameter "%(parameter)s" value "%(value)s" is '
|
||||||
|
'invalid. Valid values are: True/False.' %
|
||||||
|
{'parameter': 'enable', 'value': enable})
|
||||||
|
raise exception.InvalidInputError(msg)
|
||||||
|
|
||||||
|
data = {"Oem": {"Hpe": {"RequiredLoginForiLORBSU": enable}}}
|
||||||
|
self._conn.patch(self.path, data=data)
|
||||||
|
|
||||||
|
def update_host_authentication(self, enable):
|
||||||
|
if not isinstance(enable, bool):
|
||||||
|
msg = ('The parameter "%(parameter)s" value "%(value)s" is '
|
||||||
|
'invalid. Valid values are: True/False.' %
|
||||||
|
{'parameter': 'enable', 'value': enable})
|
||||||
|
raise exception.InvalidInputError(msg)
|
||||||
|
|
||||||
|
data = {"Oem": {"Hpe": {"RequireHostAuthentication": enable}}}
|
||||||
|
self._conn.patch(self.path, data=data)
|
||||||
|
|
|
@ -0,0 +1,45 @@
|
||||||
|
# Copyright 2021 Hewlett Packard Enterprise Development LP
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||||
|
# not use this file except in compliance with the License. You may obtain
|
||||||
|
# a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||||
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||||
|
# License for the specific language governing permissions and limitations
|
||||||
|
# under the License.
|
||||||
|
|
||||||
|
__author__ = 'HPE'
|
||||||
|
|
||||||
|
from sushy.resources import base
|
||||||
|
|
||||||
|
from proliantutils import exception
|
||||||
|
from proliantutils import log
|
||||||
|
|
||||||
|
|
||||||
|
LOG = log.get_logger(__name__)
|
||||||
|
|
||||||
|
|
||||||
|
class NetworkProtocol(base.ResourceBase):
|
||||||
|
|
||||||
|
identity = base.Field('Id', required=True)
|
||||||
|
"""The identity for the instance."""
|
||||||
|
|
||||||
|
name = base.Field("Name")
|
||||||
|
"""Name of the service"""
|
||||||
|
|
||||||
|
ipmi_enabled = base.Field(["IPMI", "ProtocolEnabled"])
|
||||||
|
"""True if IPMI network protocol is enabled else False"""
|
||||||
|
|
||||||
|
def update_ipmi_enabled(self, enable):
|
||||||
|
if not isinstance(enable, bool):
|
||||||
|
msg = ('The parameter "%(parameter)s" value "%(value)s" is '
|
||||||
|
'invalid. Valid values are: True/False.' %
|
||||||
|
{'parameter': 'enable', 'value': enable})
|
||||||
|
raise exception.InvalidInputError(msg)
|
||||||
|
|
||||||
|
ipmi_data = {"IPMI": {"ProtocolEnabled": enable}}
|
||||||
|
self._conn.patch(self.path, data=ipmi_data)
|
|
@ -16,6 +16,7 @@ __author__ = 'HPE'
|
||||||
|
|
||||||
from sushy.resources import base
|
from sushy.resources import base
|
||||||
|
|
||||||
|
from proliantutils import exception
|
||||||
from proliantutils import log
|
from proliantutils import log
|
||||||
|
|
||||||
LOG = log.get_logger(__name__)
|
LOG = log.get_logger(__name__)
|
||||||
|
@ -35,6 +36,15 @@ class SecurityParams(base.ResourceBase):
|
||||||
description = base.Field('Description')
|
description = base.Field('Description')
|
||||||
recommended_action = base.Field('RecommendedAction')
|
recommended_action = base.Field('RecommendedAction')
|
||||||
|
|
||||||
|
def update_security_param_ignore_status(self, ignore):
|
||||||
|
if not isinstance(ignore, bool):
|
||||||
|
msg = ('The parameter "%(parameter)s" value "%(value)s" is '
|
||||||
|
'invalid. Valid values are: True/False.' %
|
||||||
|
{'parameter': 'ignore', 'value': ignore})
|
||||||
|
raise exception.InvalidInputError(msg)
|
||||||
|
data = {"Ignore": ignore}
|
||||||
|
self._conn.patch(self.path, data=data)
|
||||||
|
|
||||||
|
|
||||||
class SecurityParamsCollection(base.ResourceCollectionBase):
|
class SecurityParamsCollection(base.ResourceCollectionBase):
|
||||||
|
|
||||||
|
|
|
@ -67,3 +67,21 @@ class HPEAccountServiceTestCase(testtools.TestCase):
|
||||||
self.assertIsInstance(self.acc_inst.accounts,
|
self.assertIsInstance(self.acc_inst.accounts,
|
||||||
account.HPEAccountCollection)
|
account.HPEAccountCollection)
|
||||||
self.assertFalse(accounts._is_stale)
|
self.assertFalse(accounts._is_stale)
|
||||||
|
|
||||||
|
def test_update_min_passwd_length(self):
|
||||||
|
self.acc_inst.update_min_passwd_length(passwd_length=10)
|
||||||
|
data = {"Oem": {"Hpe": {"MinPasswordLength": 10}}}
|
||||||
|
self.acc_inst._conn.patch.assert_called_once_with(
|
||||||
|
'/redfish/v1/AccountService', data=data)
|
||||||
|
|
||||||
|
def test_update_enforce_passwd_complexity(self):
|
||||||
|
self.acc_inst.update_enforce_passwd_complexity(enable=True)
|
||||||
|
data = {"Oem": {"Hpe": {"EnforcePasswordComplexity": True}}}
|
||||||
|
self.acc_inst._conn.patch.assert_called_once_with(
|
||||||
|
'/redfish/v1/AccountService', data=data)
|
||||||
|
|
||||||
|
def test_update_auth_failure_logging(self):
|
||||||
|
self.acc_inst.update_auth_failure_logging(logging_threshold=2)
|
||||||
|
data = {"Oem": {"Hpe": {"AuthFailureLoggingThreshold": 2}}}
|
||||||
|
self.acc_inst._conn.patch.assert_called_once_with(
|
||||||
|
'/redfish/v1/AccountService', data=data)
|
||||||
|
|
|
@ -85,3 +85,15 @@ class HPEManagerTestCase(testtools.TestCase):
|
||||||
self.assertIsInstance(self.mgr_inst.virtual_media,
|
self.assertIsInstance(self.mgr_inst.virtual_media,
|
||||||
virtual_media.VirtualMediaCollection)
|
virtual_media.VirtualMediaCollection)
|
||||||
self.assertFalse(actual_vmedia._is_stale)
|
self.assertFalse(actual_vmedia._is_stale)
|
||||||
|
|
||||||
|
def test_update_login_for_ilo_rbsu(self):
|
||||||
|
self.mgr_inst.update_login_for_ilo_rbsu(enable=True)
|
||||||
|
data = {"Oem": {"Hpe": {"RequiredLoginForiLORBSU": True}}}
|
||||||
|
self.mgr_inst._conn.patch.assert_called_once_with(
|
||||||
|
'/redfish/v1/Managers/1', data=data)
|
||||||
|
|
||||||
|
def test_update_host_authentication(self):
|
||||||
|
self.mgr_inst.update_host_authentication(enable=True)
|
||||||
|
data = {"Oem": {"Hpe": {"RequireHostAuthentication": True}}}
|
||||||
|
self.mgr_inst._conn.patch.assert_called_once_with(
|
||||||
|
'/redfish/v1/Managers/1', data=data)
|
||||||
|
|
|
@ -45,6 +45,14 @@ class SecurityParamsTestCase(testtools.TestCase):
|
||||||
self.assertEqual("Ok", self.sec_param.status)
|
self.assertEqual("Ok", self.sec_param.status)
|
||||||
self.assertEqual("Off", self.sec_param.state)
|
self.assertEqual("Off", self.sec_param.state)
|
||||||
|
|
||||||
|
def test_update_security_param_ignore_status(self):
|
||||||
|
self.sec_param.update_security_param_ignore_status(ignore=False)
|
||||||
|
data = {"Ignore": False}
|
||||||
|
target_uri = ('/redfish/v1/Mangers/1/SecurityService/'
|
||||||
|
'SecurityDashboard/SecurityParams')
|
||||||
|
self.sec_param._conn.patch.assert_called_once_with(
|
||||||
|
target_uri, data=data)
|
||||||
|
|
||||||
|
|
||||||
class SecurityParamsCollectionTestCase(testtools.TestCase):
|
class SecurityParamsCollectionTestCase(testtools.TestCase):
|
||||||
|
|
||||||
|
|
|
@ -2368,7 +2368,142 @@ class RedfishOperationsTestCase(testtools.TestCase):
|
||||||
load_cert_mock.assert_not_called()
|
load_cert_mock.assert_not_called()
|
||||||
|
|
||||||
@mock.patch.object(redfish.RedfishOperations,
|
@mock.patch.object(redfish.RedfishOperations,
|
||||||
'_get_security_dashboard_values')
|
'_update_security_parameter')
|
||||||
|
@mock.patch.object(main.HPESushy, 'get_account_service')
|
||||||
|
def test_update_password_complexity(self, account_mock, secure_mock):
|
||||||
|
self.rf_client.update_password_complexity()
|
||||||
|
(self.sushy.get_account_service.return_value.
|
||||||
|
update_enforce_passwd_complexity.assert_called_once_with(True))
|
||||||
|
|
||||||
|
@mock.patch.object(redfish.RedfishOperations,
|
||||||
|
'_update_security_parameter')
|
||||||
|
@mock.patch.object(main.HPESushy, 'get_account_service')
|
||||||
|
def test_update_password_complexity_fail(self, account_mock,
|
||||||
|
secure_mock):
|
||||||
|
(self.sushy.get_account_service.return_value.
|
||||||
|
update_enforce_passwd_complexity.
|
||||||
|
side_effect) = sushy.exceptions.SushyError
|
||||||
|
|
||||||
|
self.assertRaisesRegex(
|
||||||
|
exception.IloError,
|
||||||
|
'The Redfish controller failed to update the security dashboard '
|
||||||
|
'parameter ``Password_Complexity``.',
|
||||||
|
self.rf_client.update_password_complexity)
|
||||||
|
|
||||||
|
@mock.patch.object(redfish.RedfishOperations,
|
||||||
|
'_update_security_parameter')
|
||||||
|
@mock.patch.object(redfish.RedfishOperations, '_get_sushy_manager')
|
||||||
|
def test_update_require_login_for_ilo_rbsu(self, manager_mock,
|
||||||
|
secure_mock):
|
||||||
|
self.rf_client.update_require_login_for_ilo_rbsu()
|
||||||
|
(manager_mock.return_value.update_login_for_ilo_rbsu.
|
||||||
|
assert_called_once_with(True))
|
||||||
|
|
||||||
|
@mock.patch.object(redfish.RedfishOperations,
|
||||||
|
'_update_security_parameter')
|
||||||
|
@mock.patch.object(redfish.RedfishOperations, '_get_sushy_manager')
|
||||||
|
def test_update_require_login_for_ilo_rbsu_fail(self, manager_mock,
|
||||||
|
secure_mock):
|
||||||
|
(manager_mock.return_value.update_login_for_ilo_rbsu.
|
||||||
|
side_effect) = sushy.exceptions.SushyError
|
||||||
|
|
||||||
|
msg = ("The Redfish controller failed to update the security dashboard"
|
||||||
|
" parameter ``RequiredLoginForiLORBSU``.")
|
||||||
|
self.assertRaisesRegex(
|
||||||
|
exception.IloError, msg,
|
||||||
|
self.rf_client.update_require_login_for_ilo_rbsu)
|
||||||
|
|
||||||
|
@mock.patch.object(redfish.RedfishOperations,
|
||||||
|
'_update_security_parameter')
|
||||||
|
@mock.patch.object(redfish.RedfishOperations, '_get_sushy_manager')
|
||||||
|
def test_update_require_host_authentication(self, manager_mock,
|
||||||
|
secure_mock):
|
||||||
|
self.rf_client.update_require_host_authentication()
|
||||||
|
(manager_mock.return_value.update_host_authentication.
|
||||||
|
assert_called_once_with(True))
|
||||||
|
|
||||||
|
@mock.patch.object(redfish.RedfishOperations,
|
||||||
|
'_update_security_parameter')
|
||||||
|
@mock.patch.object(redfish.RedfishOperations, '_get_sushy_manager')
|
||||||
|
def test_update_require_host_authentication_fail(self, manager_mock,
|
||||||
|
secure_mock):
|
||||||
|
(manager_mock.return_value.update_host_authentication.
|
||||||
|
side_effect) = sushy.exceptions.SushyError
|
||||||
|
|
||||||
|
msg = ("The Redfish controller failed to update the "
|
||||||
|
"security dashboard paramater ``RequireHostAuthentication``.")
|
||||||
|
self.assertRaisesRegex(
|
||||||
|
exception.IloError, msg,
|
||||||
|
self.rf_client.update_require_host_authentication)
|
||||||
|
|
||||||
|
@mock.patch.object(redfish.RedfishOperations,
|
||||||
|
'_update_security_parameter')
|
||||||
|
@mock.patch.object(main.HPESushy, 'get_account_service')
|
||||||
|
def test_update_minimum_password_length(self, account_mock, secure_mock):
|
||||||
|
self.rf_client.update_minimum_password_length(passwd_length=10)
|
||||||
|
(self.sushy.get_account_service.return_value.
|
||||||
|
update_min_passwd_length.assert_called_once_with(10))
|
||||||
|
|
||||||
|
@mock.patch.object(redfish.RedfishOperations,
|
||||||
|
'_update_security_parameter')
|
||||||
|
@mock.patch.object(main.HPESushy, 'get_account_service')
|
||||||
|
def test_update_minimum_password_length_fail(self, account_mock,
|
||||||
|
secure_mock):
|
||||||
|
(self.sushy.get_account_service.return_value.
|
||||||
|
update_min_passwd_length.side_effect) = sushy.exceptions.SushyError
|
||||||
|
|
||||||
|
msg = ("The Redfish controller failed to update the "
|
||||||
|
"security dashboard paramater ``MinPasswordLength``.")
|
||||||
|
self.assertRaisesRegex(
|
||||||
|
exception.IloError, msg,
|
||||||
|
self.rf_client.update_minimum_password_length)
|
||||||
|
|
||||||
|
@mock.patch.object(redfish.RedfishOperations,
|
||||||
|
'_update_security_parameter')
|
||||||
|
@mock.patch.object(redfish.RedfishOperations, '_get_sushy_manager')
|
||||||
|
def test_update_ipmi_over_lan(self, manager_mock, secure_mock):
|
||||||
|
self.rf_client.update_ipmi_over_lan()
|
||||||
|
(manager_mock.return_value.networkprotocol.return_value.
|
||||||
|
update_ipmi_enabled(False))
|
||||||
|
|
||||||
|
@mock.patch.object(redfish.RedfishOperations,
|
||||||
|
'_update_security_parameter')
|
||||||
|
@mock.patch.object(redfish.RedfishOperations, '_get_sushy_manager')
|
||||||
|
def test_update_ipmi_over_lan_fail(self, manager_mock, secure_mock):
|
||||||
|
(manager_mock.return_value.networkprotocol.
|
||||||
|
update_ipmi_enabled.side_effect) = sushy.exceptions.SushyError
|
||||||
|
|
||||||
|
msg = ("The Redfish controller failed to update the "
|
||||||
|
"security dashboard paramater ``IPMI/DCMI_Over_LAN``.")
|
||||||
|
self.assertRaisesRegex(
|
||||||
|
exception.IloError, msg, self.rf_client.update_ipmi_over_lan)
|
||||||
|
|
||||||
|
@mock.patch.object(redfish.RedfishOperations,
|
||||||
|
'_update_security_parameter')
|
||||||
|
@mock.patch.object(main.HPESushy, 'get_account_service')
|
||||||
|
def test_update_authentication_failure_logging(self, account_mock,
|
||||||
|
secure_mock):
|
||||||
|
self.rf_client.update_authentication_failure_logging()
|
||||||
|
(self.sushy.get_account_service.return_value.
|
||||||
|
update_auth_failure_logging.assert_called_once_with(None))
|
||||||
|
|
||||||
|
@mock.patch.object(redfish.RedfishOperations,
|
||||||
|
'_update_security_parameter')
|
||||||
|
@mock.patch.object(main.HPESushy, 'get_account_service')
|
||||||
|
def test_update_authentication_failure_logging_fail(self, account_mock,
|
||||||
|
secure_mock):
|
||||||
|
(self.sushy.get_account_service.return_value.
|
||||||
|
update_auth_failure_logging.
|
||||||
|
side_effect) = sushy.exceptions.SushyError
|
||||||
|
|
||||||
|
msg = ("The Redfish controller failed to update the security "
|
||||||
|
"dashboard paramater ``Authentication_failure_Logging``.")
|
||||||
|
self.assertRaisesRegex(
|
||||||
|
exception.IloError, msg,
|
||||||
|
self.rf_client.update_authentication_failure_logging)
|
||||||
|
|
||||||
|
@mock.patch.object(redfish.RedfishOperations,
|
||||||
|
'get_security_dashboard_values')
|
||||||
def test__parse_security_dashboard_values_for_capabilities(self, sec_mock):
|
def test__parse_security_dashboard_values_for_capabilities(self, sec_mock):
|
||||||
desc1 = ('The Require Login for iLO RBSU setting is disabled. '
|
desc1 = ('The Require Login for iLO RBSU setting is disabled. '
|
||||||
'This configuration allows unauthenticated iLO access '
|
'This configuration allows unauthenticated iLO access '
|
||||||
|
|
Loading…
Reference in New Issue