x/proliantutils
Code Issues Proposed changes

Support to clear certificates when no certificates

Browse Source 
Adds support to clear certificates when no certificates are provided. In
this case the certificates that currently exist on the ilo are removed.

Change-Id: I351554a0c65d60b63fb7bf57ed1a6bae89f2d71c
This commit is contained in:
vmud213
2020-11-10 06:40:05 +00:00
parent 9a29e32bb2
commit 43ad8ae6dd
6 changed files with 91 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
proliantutils/tests/redfish/json_samples/tls_config.json
View File

@@ -21,6 +21,22 @@
"@odata.type": "#HpeTlsConfig.v1_0_0.HpeTlsConfig",
"Certificates":
[
{
"FingerPrint": "1C:E7:B2:FD:9F:CB:14:EB:74:3F:EF:39:CC:81:DB:36:28:EF:D3:83:CD:B7:B3:63:7A:DB:C1:82:9A:84:A8:20",
"Issuer": "C=AU, ST=Some-State, O=Internet Widgits Pty Ltd",
"SerialNumber": "BD96C593395EA98",
"Subject": "C=AU, ST=Some-State, O=Internet Widgits Pty Ltd",
"ValidNotAfter": "02/23/2019 04:34",
"ValidNotBefore": "02/23/2018 04:34"
},
{
"FingerPrint": "FA:3A:68:C7:7E:ED:90:21:D2:FA:3E:54:6B:0C:14:D3:2F:8D:43:50:F7:05:A7:0F:1C:68:35:DB:5C:D2:53:28",
"Issuer": "C=IN, ST=Karnataka, L=Bengaluru, O=HPE, OU=BCOS, CN=Vinay Muddu, emailAddress=vinay.m.kumar@hpe.com",
"SerialNumber": "92DF813625F950E5",
"Subject": "C=IN, ST=Karnataka, L=Bengaluru, O=HPE, OU=BCOS, CN=Vinay Muddu, emailAddress=vinay.m.kumar@hpe.com",
"ValidNotAfter": "06/08/2021 06:40",
"ValidNotBefore": "06/08/2020 06:40"
}
],
"Ciphers": "AES128-SHA:AES256-SHA:AES128-SHA256:AES256-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384",
"DeleteCertificates":

38
proliantutils/tests/redfish/test_redfish.py
View File

@@ -42,6 +42,7 @@ from proliantutils.redfish.resources.system.storage import array_controller
from proliantutils.redfish.resources.system.storage \
import common as common_storage
from proliantutils.redfish.resources.system import system as pro_sys
from proliantutils.redfish.resources.system import tls_config
@ddt.ddt
@@ -2303,9 +2304,44 @@ class RedfishOperationsTestCase(testtools.TestCase):
self.assertRaisesRegex(
exception.IloCommandNotSupportedInBiosError,
'TLS certificate cannot be removed in BIOS boot mode',
'TLS certificates cannot be removed in BIOS boot mode',
self.rf_client.remove_tls_certificate, fp)
@mock.patch.object(redfish, 'load_certificate')
@mock.patch.object(redfish, 'b64decode')
@mock.patch.object(redfish.RedfishOperations, '_is_boot_mode_uefi')
@mock.patch.object(redfish.RedfishOperations, '_get_sushy_system')
def test_remove_tls_certificate_default(self, get_sushy_system_mock,
_uefi_boot_mode_mock, decode_mock,
load_cert_mock):
_uefi_boot_mode_mock.return_value = True
with open('proliantutils/tests/redfish/'
'json_samples/tls_config.json', 'r') as f:
jsonval = json.loads(f.read())
tlsconfig_mock = mock.MagicMock(spec=tls_config.TLSConfig)
tls_mock = mock.PropertyMock(return_value=tlsconfig_mock)
type(get_sushy_system_mock.return_value.bios_settings).tls_config = (
tls_mock)
certificates = jsonval.get('Certificates')
certs_mock = mock.PropertyMock(return_value=certificates)
type(tlsconfig_mock).tls_certificates = certs_mock
del_cert_list = []
for cert in certificates:
fp = cert.get("FingerPrint")
cert_fp = {
"FingerPrint": fp
}
del_cert_list.append(cert_fp)
self.rf_client.remove_tls_certificate()
(get_sushy_system_mock.return_value.
bios_settings.tls_config.tls_config_settings.
remove_tls_certificate.assert_called_once_with(
{'DeleteCertificates': del_cert_list}))
decode_mock.assert_not_called()
load_cert_mock.assert_not_called()
@mock.patch.object(redfish.RedfishOperations,
'_get_security_dashboard_values')
def test__parse_security_dashboard_values_for_capabilities(self, sec_mock):