Merge "Add security dashboard attributes"

2020-08-27 08:20:20 +00:00 · 2020-08-27 08:20:20 +00:00 · 9734712019
commit 9734712019
parent 212c8ce709 699dfb0041
14 changed files with 559 additions and 4 deletions
--- a/proliantutils/redfish/redfish.py
+++ b/proliantutils/redfish/redfish.py
@ -654,6 +654,72 @@ class RedfishOperations(operations.IloOperations):
            LOG.debug(msg)
            raise exception.IloError(msg)

+    def _get_security_dashboard_values(self):
+        """Gets all the parameters related to security dashboard.
+
+        :return: a dictionary of the security dashboard values
+                 with their security status and security parameters
+                 with their complete details and security status.
+        :raises: IloError, if security dashboard or their params
+            not found or on an error from iLO.
+        """
+        sec_capabilities = {}
+        sushy_manager = self._get_sushy_manager(PROLIANT_MANAGER_ID)
+        try:
+
+            security_dashboard = (
+                sushy_manager.securityservice.securitydashboard)
+            security_params = (
+                sushy_manager.securityservice.securityparamscollectionuri)
+            sec_capabilities.update(
+                {'server_configuration_lock_status': (
+                 security_dashboard.server_configuration_lock_status),
+                 'overall_security_status': (
+                 security_dashboard.overall_status)})
+            security_parameters = {}
+            param_members = security_params.get_members()
+            for param in param_members:
+                param_dict = {param.name: {'security_status': param.status,
+                                           'state': param.state,
+                                           'ignore': param.ignore}}
+                if param.description:
+                    param_dict[param.name].update(
+                        {'description': param.description})
+                if param.recommended_action:
+                    param_dict[param.name].update(
+                        {'recommended_action': param.recommended_action})
+                security_parameters.update(param_dict)
+            sec_capabilities.update(
+                {'security_parameters': security_parameters})
+        except sushy.exceptions.SushyError as e:
+            msg = (self._("The Redfish controller is unable to get "
+                          "resource or its members. Error "
+                          "%(error)s)") % {'error': str(e)})
+            LOG.debug(msg)
+            raise exception.IloError(msg)
+
+        return sec_capabilities
+
+    def _parse_security_dashboard_values_for_capabilities(self):
+        """Parses the security dashboard parameters.
+
+        :returns: a dictionary of only those security parameters and their
+            security status which are applicable for ironic.
+        """
+        values = self._get_security_dashboard_values()
+        ironic_sec_capabilities = {}
+        ironic_sec_capabilities.update(
+            {'overall_security_status': values.get('overall_security_status')})
+        param_values = values.get('security_parameters')
+        p_map = {'Last Firmware Scan Result': 'last_firmware_scan_result',
+                 'Security Override Switch': 'security_override_switch'}
+        p_keys = p_map.keys()
+        for p_key, p_val in param_values.items():
+            if p_key in p_keys:
+                p_dict = {p_map.get(p_key): p_val.get('security_status')}
+                ironic_sec_capabilities.update(p_dict)
+        return ironic_sec_capabilities
+
    def get_server_capabilities(self):
        """Returns the server capabilities

@ -726,6 +792,9 @@ class RedfishOperations(operations.IloOperations):
                     'logical_nvdimm_n': (
                     json.dumps(memory_data.has_logical_nvdimm_n))})

+            capabilities.update(
+                self._parse_security_dashboard_values_for_capabilities())
+
        except sushy.exceptions.SushyError as e:
            msg = (self._("The Redfish controller is unable to get "
                          "resource or its members. Error "
--- a/proliantutils/redfish/resources/manager/manager.py
+++ b/proliantutils/redfish/resources/manager/manager.py
@ -17,6 +17,7 @@ __author__ = 'HPE'
 from sushy.resources.manager import manager
 from sushy import utils as sushy_utils

+from proliantutils.redfish.resources.manager import security_service
 from proliantutils.redfish.resources.manager import virtual_media
 from proliantutils.redfish import utils

@ -49,3 +50,11 @@ class HPEManager(manager.Manager):
        return virtual_media.VirtualMediaCollection(
            self._conn, utils.get_subresource_path_by(self, 'VirtualMedia'),
            redfish_version=self.redfish_version)
+
+    @property
+    @sushy_utils.cache_it
+    def securityservice(self):
+        return security_service.SecurityService(
+            self._conn, utils.get_subresource_path_by(
+                self, ['Oem', 'Hpe', 'Links', 'SecurityService']),
+            redfish_version=self.redfish_version)
--- a/proliantutils/redfish/resources/manager/security_dashboard.py
+++ b/proliantutils/redfish/resources/manager/security_dashboard.py
@ -0,0 +1,31 @@
+# Copyright 2017 Hewlett Packard Enterprise Development LP
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+__author__ = 'HPE'
+
+from sushy.resources import base
+
+
+class SecurityDashboard(base.ResourceBase):
+
+    identity = base.Field('Id', required=True)
+    """The identity for the instance."""
+
+    overall_status = base.Field('OverallSecurityStatus', required=True)
+    """Overall security status of the server"""
+
+    server_configuration_lock_status = (
+        base.Field('ServerConfigurationLockStatus', required=True))
+
+    security_param_uri = base.Field(["SecurityParameters", "@odata.id"])
--- a/proliantutils/redfish/resources/manager/security_params.py
+++ b/proliantutils/redfish/resources/manager/security_params.py
@ -0,0 +1,43 @@
+# Copyright 2017 Hewlett Packard Enterprise Development LP
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+__author__ = 'HPE'
+
+from sushy.resources import base
+
+from proliantutils import log
+
+LOG = log.get_logger(__name__)
+
+
+class SecurityParams(base.ResourceBase):
+
+    identity = base.Field('Id', required=True)
+    """The identity for the instance."""
+
+    status = base.Field('SecurityStatus', required=True)
+    """Security status of the server"""
+
+    name = base.Field('Name', required=True)
+    state = base.Field('State', required=True)
+    ignore = base.Field('Ignore', required=True)
+    description = base.Field('Description')
+    recommended_action = base.Field('RecommendedAction')
+
+
+class SecurityParamsCollection(base.ResourceCollectionBase):
+
+    @property
+    def _resource_type(self):
+        return SecurityParams
--- a/proliantutils/redfish/resources/manager/security_service.py
+++ b/proliantutils/redfish/resources/manager/security_service.py
@ -0,0 +1,60 @@
+# Copyright 2017 Hewlett Packard Enterprise Development LP
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+__author__ = 'HPE'
+
+from sushy.resources import base
+from sushy import utils as sushy_utils
+
+from proliantutils import log
+from proliantutils.redfish.resources.manager import security_dashboard
+from proliantutils.redfish.resources.manager import security_params
+
+
+LOG = log.get_logger(__name__)
+
+
+class SecurityService(base.ResourceBase):
+
+    identity = base.Field('Id', required=True)
+    """The identity for the instance."""
+
+    security_params_collection_uri = (
+        base.Field(["Links", "SecurityParams", "@odata.id"],
+                   required=True))
+    security_dashboard_uri = (
+        base.Field(["Links", "SecurityDashboard", "@odata.id"],
+                   required=True))
+
+    @property
+    @sushy_utils.cache_it
+    def securitydashboard(self):
+        """This property gets the instance for security dashboard
+
+        :returns: an instance of security dashboard
+        """
+        return security_dashboard.SecurityDashboard(
+            self._conn, self.security_dashboard_uri,
+            redfish_version=self.redfish_version)
+
+    @property
+    @sushy_utils.cache_it
+    def securityparamscollectionuri(self):
+        """Gets the list of instances for security params
+
+        :returns: the list of instances of security params.
+        """
+        return security_params.SecurityParamsCollection(
+            self._conn, self.security_params_collection_uri,
+            redfish_version=self.redfish_version)
--- a/proliantutils/tests/redfish/json_samples/security_dashboard.json
+++ b/proliantutils/tests/redfish/json_samples/security_dashboard.json
@ -0,0 +1,12 @@
+{
+  "@odata.context": "/redfish/v1/$metadata#HpeiLOSecurityDashboard.HpeiLOSecurityDashboard",
+  "@odata.etag": "W/\"543055B3\"",
+  "@odata.id": "/redfish/v1/Managers/1/SecurityService/SecurityDashboard",
+  "@odata.type": "#HpeiLOSecurityDashboard.v1_0_0.HpeiLOSecurityDashboard",
+  "Id": "SecurityDashboard",
+  "OverallSecurityStatus": "Risk",
+  "SecurityParameters": {
+    "@odata.id": "/redfish/v1/Managers/1/SecurityService/SecurityDashboard/SecurityParams"
+  },
+  "ServerConfigurationLockStatus": "Disabled"
+}
--- a/proliantutils/tests/redfish/json_samples/security_param.json
+++ b/proliantutils/tests/redfish/json_samples/security_param.json
@ -0,0 +1,11 @@
+{
+  "@odata.context": "/redfish/v1/$metadata#HpeiLOSecurityParam.HpeiLOSecurityParam",
+  "@odata.etag": "W/\"A3A6BF43\"",
+  "@odata.id": "/redfish/v1/Managers/1/SecurityService/SecurityDashboard/SecurityParams/0",
+  "@odata.type": "#HpeiLOSecurityParam.v1_0_0.HpeiLOSecurityParam",
+  "Id": "0",
+  "Ignore": false,
+  "Name": "Security Override Switch",
+  "SecurityStatus": "Ok",
+  "State": "Off"
+}
--- a/proliantutils/tests/redfish/json_samples/security_param1.json
+++ b/proliantutils/tests/redfish/json_samples/security_param1.json
@ -0,0 +1,11 @@
+{
+  "@odata.context": "/redfish/v1/$metadata#HpeiLOSecurityParam.HpeiLOSecurityParam",
+  "@odata.etag": "W/\"A3A6BF43\"",
+  "@odata.id": "/redfish/v1/Managers/1/SecurityService/SecurityDashboard/SecurityParams/1",
+  "@odata.type": "#HpeiLOSecurityParam.v1_0_0.HpeiLOSecurityParam",
+  "Id": "1",
+  "Ignore": false,
+  "Name": "IPMI/DCMI Over LAN",
+  "SecurityStatus": "Ok",
+  "State": "Disabled"
+}
--- a/proliantutils/tests/redfish/json_samples/security_params_collection.json
+++ b/proliantutils/tests/redfish/json_samples/security_params_collection.json
@ -0,0 +1,14 @@
+{
+  "@odata.context": "/redfish/v1/$metadata#HpeiLOSecurityParamCollection.HpeiLOSecurityParamCollection",
+  "@odata.etag": "W/\"1E796226\"",
+  "@odata.id": "/redfish/v1/Managers/1/SecurityService/SecurityDashboard/SecurityParams",
+  "@odata.type": "#HpeiLOSecurityParamCollection.HpeiLOSecurityParamCollection",
+  "Description": "iLO Security Parameter Collection",
+  "Name": "Security Parameter Collection",
+  "Members": [{
+    "@odata.id": "/redfish/v1/Managers/1/SecurityService/SecurityDashboard/SecurityParams/0"
+  }, {
+    "@odata.id": "/redfish/v1/Managers/1/SecurityService/SecurityDashboard/SecurityParams/1"
+  }],
+  "Members@odata.count": 2
+}
--- a/proliantutils/tests/redfish/json_samples/security_service.json
+++ b/proliantutils/tests/redfish/json_samples/security_service.json
@ -0,0 +1,34 @@
+{
+  "@odata.context": "/redfish/v1/$metadata#HpeSecurityService.HpeSecurityService",
+  "@odata.etag": "W/\"B61FA0F1\"",
+  "@odata.id": "/redfish/v1/Managers/1/SecurityService",
+  "@odata.type": "#HpeSecurityService.v2_2_0.HpeSecurityService",
+  "Id": "SecurityService",
+  "CurrentCipher": "ECDHE-RSA-AES256-GCM-SHA384",
+  "Links": {
+    "ESKM": {
+      "@odata.id": "/redfish/v1/Managers/1/SecurityService/ESKM"
+    },
+    "HttpsCert": {
+      "@odata.id": "/redfish/v1/Managers/1/SecurityService/HttpsCert"
+    },
+    "SSO": {
+      "@odata.id": "/redfish/v1/Managers/1/SecurityService/SSO"
+    },
+    "SecurityDashboard": {
+      "@odata.id": "/redfish/v1/Managers/1/SecurityService/SecurityDashboard"
+    },
+    "SecurityParams": {
+      "@odata.id": "/redfish/v1/Managers/1/SecurityService/SecurityDashboard/SecurityParams"
+    },
+    "CertAuth": {
+      "@odata.id": "/redfish/v1/Managers/1/SecurityService/CertificateAuthentication"
+    }
+  },
+  "LoginSecurityBanner": {
+    "IsEnabled": false
+  },
+  "SSHHostKey": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDQEv+Fv4xLYjuKRS30nhqHVasE/PXiEKN12mdZQA97K4yJY+9lHqFJOt82mUelHLnO4fvWuqdML4LeiXo6LI2EJBR83hE4jjsPmKS7ZBa3I6PI3KF8CiBN4mFaSdcTEA/ZYZFKwVcQgOox3Hu1TYu2b41bAofKl1f5ZBBmZ/ZGnoeGsq4PNFqj/xtVAOdj+rqYnuK8yNzetl+WXiMF7/lmFKuuKLoM0GfY7nQjSSlu+XwZhUflQYiKHHfq0gl+I3u8KbNaNbHjHMjQVPYSzaRRkR9F2M8N2bqR47EzAC3qOt3SMBCt4ka+87dIS54ji6dC3uk+xRqJv2kuREyELqlV",
+  "SecurityState": "Production",
+  "SecurityState@Redfish.AllowableValues": ["Production", "HighSecurity", "FIPS"]
+}
--- a/proliantutils/tests/redfish/resources/manager/test_security_dashboard.py
+++ b/proliantutils/tests/redfish/resources/manager/test_security_dashboard.py
@ -0,0 +1,44 @@
+# Copyright 2020 Hewlett Packard Enterprise Development LP.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+"""Test Class for SecurityDashboard."""
+
+import json
+
+import mock
+import testtools
+
+from proliantutils.redfish.resources.manager import security_dashboard
+
+
+class SecurityDashboardTestCase(testtools.TestCase):
+
+    def setUp(self):
+        super(SecurityDashboardTestCase, self).setUp()
+        self.conn = mock.Mock()
+        security_param_file = ('proliantutils/tests/redfish/json_samples/'
+                               'security_dashboard.json')
+        with open(security_param_file) as f:
+            self.json_doc = json.load(f)
+            self.conn.get.return_value.json.return_value = (
+                self.json_doc)
+
+        path = ("/redfish/v1/Mangers/1/SecurityService/"
+                "SecurityDashboard")
+        self.sec_dash = security_dashboard.SecurityDashboard(
+            self.conn, path, '1.0.2', None)
+
+    def test__parse_attributes(self):
+        self.sec_dash._parse_attributes(self.json_doc)
+        self.assertEqual('1.0.2', self.sec_dash.redfish_version)
+        self.assertEqual("Risk", self.sec_dash.overall_status)
--- a/proliantutils/tests/redfish/resources/manager/test_security_params.py
+++ b/proliantutils/tests/redfish/resources/manager/test_security_params.py
@ -0,0 +1,99 @@
+# Copyright 2020 Hewlett Packard Enterprise Development LP
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+"""Test Class for SecurityParamsTestCase"""
+
+import json
+
+import mock
+import testtools
+
+from proliantutils.redfish.resources.manager import security_params
+
+
+class SecurityParamsTestCase(testtools.TestCase):
+
+    def setUp(self):
+        super(SecurityParamsTestCase, self).setUp()
+        self.conn = mock.Mock()
+        security_param_file = ('proliantutils/tests/redfish/json_samples/'
+                               'security_param.json')
+        with open(security_param_file) as f:
+            self.json_doc = json.load(f)
+            self.conn.get.return_value.json.return_value = (
+                self.json_doc)
+
+        path = ("/redfish/v1/Mangers/1/SecurityService/"
+                "SecurityDashboard/SecurityParams")
+        self.sec_param = security_params.SecurityParams(
+            self.conn, path, '1.0.2', None)
+
+    def test__parse_attributes(self):
+        self.sec_param._parse_attributes(self.json_doc)
+        self.assertEqual('1.0.2', self.sec_param.redfish_version)
+        self.assertEqual("Security Override Switch", self.sec_param.name)
+        self.assertEqual("Ok", self.sec_param.status)
+        self.assertEqual("Off", self.sec_param.state)
+
+
+class SecurityParamsCollectionTestCase(testtools.TestCase):
+
+    def setUp(self):
+        super(SecurityParamsCollectionTestCase, self).setUp()
+        self.conn = mock.Mock()
+        with open('proliantutils/tests/redfish/json_samples/'
+                  'security_params_collection.json', 'r') as f:
+            self.json_doc = json.load(f)
+            self.conn.get.return_value.json.return_value = self.json_doc
+        self.sec_params_col = security_params.SecurityParamsCollection(
+            self.conn,
+            ('/redfish/v1/Managers/1/SecurityService/'
+             'SecurityDashboard/SecurityParams'),
+            redfish_version='1.0.2')
+
+    def test__parse_attributes(self):
+        self.sec_params_col._parse_attributes(self.json_doc)
+        self.assertEqual('1.0.2', self.sec_params_col.redfish_version)
+        self.assertEqual('Security Parameter Collection',
+                         self.sec_params_col.name)
+        path = ('/redfish/v1/Managers/1/SecurityService/'
+                'SecurityDashboard/SecurityParams/0',
+                '/redfish/v1/Managers/1/SecurityService/'
+                'SecurityDashboard/SecurityParams/1')
+        self.assertEqual(path, self.sec_params_col.members_identities)
+
+    @mock.patch.object(security_params, 'SecurityParams', autospec=True)
+    def test_get_member(self, mock_eth):
+        self.sec_params_col.get_member(
+            '/redfish/v1/Managers/1/SecurityService/SecurityDashboard/'
+            'SecurityParams/1')
+        mock_eth.assert_called_once_with(
+            self.sec_params_col._conn,
+            ('/redfish/v1/Managers/1/SecurityService/SecurityDashboard/'
+             'SecurityParams/1'),
+            self.sec_params_col.redfish_version, None)
+
+    @mock.patch.object(security_params, 'SecurityParams', autospec=True)
+    def test_get_members(self, mock_eth):
+        members = self.sec_params_col.get_members()
+        path = ('/redfish/v1/Managers/1/SecurityService/SecurityDashboard/'
+                'SecurityParams/0')
+        path2 = ('/redfish/v1/Managers/1/SecurityService/SecurityDashboard/'
+                 'SecurityParams/1')
+        calls = [mock.call(self.sec_params_col._conn, path,
+                           self.sec_params_col.redfish_version, None),
+                 mock.call(self.sec_params_col._conn, path2,
+                           self.sec_params_col.redfish_version, None)]
+        mock_eth.assert_has_calls(calls)
+        self.assertIsInstance(members, list)
+        self.assertEqual(2, len(members))
--- a/proliantutils/tests/redfish/resources/manager/test_security_service.py
+++ b/proliantutils/tests/redfish/resources/manager/test_security_service.py
@ -0,0 +1,41 @@
+# Copyright 2017 Hewlett Packard Enterprise Development LP
+#
+#    Licensed under the Apache License, Version 2.0 (the "License"); you may
+#    not use this file except in compliance with the License. You may obtain
+#    a copy of the License at
+#
+#         http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#    License for the specific language governing permissions and limitations
+#    under the License.
+
+import json
+
+import mock
+import testtools
+
+from proliantutils.redfish.resources.manager import security_service
+
+
+class SecurityServiceTestCase(testtools.TestCase):
+
+    def setUp(self):
+        super(SecurityServiceTestCase, self).setUp()
+        self.conn = mock.Mock()
+        security_file = ('proliantutils/tests/redfish/json_samples/'
+                         'security_service.json')
+        with open(security_file) as f:
+            self.json_doc = json.load(f)
+            self.conn.get.return_value.json.return_value = (
+                self.json_doc)
+
+        path = ("/redfish/v1/Mangers/1/SecurityService/")
+        self.sec_serv = security_service.SecurityService(
+            self.conn, path, '1.0.2', None)
+
+    def test__parse_attributes(self):
+        self.sec_serv._parse_attributes(self.json_doc)
+        self.assertEqual('1.0.2', self.sec_serv.redfish_version)
--- a/proliantutils/tests/redfish/test_redfish.py
+++ b/proliantutils/tests/redfish/test_redfish.py
@ -688,6 +688,8 @@ class RedfishOperationsTestCase(testtools.TestCase):
            'The Redfish controller failed to get the supported boot modes.',
            self.rf_client.get_supported_boot_mode)

+    @mock.patch.object(redfish.RedfishOperations,
+                       '_parse_security_dashboard_values_for_capabilities')
    @mock.patch.object(common_storage, 'get_drive_rotational_speed_rpm')
    @mock.patch.object(common_storage, 'has_nvme_ssd')
    @mock.patch.object(common_storage, 'has_rotational')
@ -696,7 +698,7 @@ class RedfishOperationsTestCase(testtools.TestCase):
    @mock.patch.object(redfish.RedfishOperations, '_get_sushy_manager')
    def test_get_server_capabilities(self, get_manager_mock, get_system_mock,
                                     ssd_mock, rotational_mock,
-                                     nvme_mock, speed_mock):
+                                     nvme_mock, speed_mock, sec_mock):
        type(get_system_mock.return_value.pci_devices).gpu_devices = (
            [mock.MagicMock(spec=pci_device.PCIDevice)])
        type(get_system_mock.return_value.bios_settings).sriov = (
@ -740,6 +742,9 @@ class RedfishOperationsTestCase(testtools.TestCase):
        type(get_system_mock.return_value.
             smart_storage).logical_raid_levels = (raid_mock)
        speed_mock.return_value = set(['10000', '15000'])
+        sec_mock.return_value = {'overall_security_status': 'Risk',
+                                 'security_override_switch': 'Ok',
+                                 'last_firmware_scan_result': 'Ok'}
        actual = self.rf_client.get_server_capabilities()
        expected = {'pci_gpu_devices': 1, 'sriov_enabled': 'true',
                    'secure_boot': 'true', 'cpu_vt': 'true',
@ -760,9 +765,14 @@ class RedfishOperationsTestCase(testtools.TestCase):
                    'logical_raid_level_0': 'true',
                    'logical_raid_level_1': 'true',
                    'drive_rotational_10000_rpm': 'true',
-                    'drive_rotational_15000_rpm': 'true'}
+                    'drive_rotational_15000_rpm': 'true',
+                    'overall_security_status': 'Risk',
+                    'security_override_switch': 'Ok',
+                    'last_firmware_scan_result': 'Ok'}
        self.assertEqual(expected, actual)

+    @mock.patch.object(redfish.RedfishOperations,
+                       '_parse_security_dashboard_values_for_capabilities')
    @mock.patch.object(common_storage, 'get_drive_rotational_speed_rpm')
    @mock.patch.object(common_storage, 'has_nvme_ssd')
    @mock.patch.object(common_storage, 'has_rotational')
@ -771,7 +781,7 @@ class RedfishOperationsTestCase(testtools.TestCase):
    @mock.patch.object(redfish.RedfishOperations, '_get_sushy_manager')
    def test_get_server_capabilities_optional_capabilities_absent(
            self, get_manager_mock, get_system_mock, ssd_mock,
-            rotational_mock, nvme_mock, speed_mock):
+            rotational_mock, nvme_mock, speed_mock, sec_mock):
        type(get_system_mock.return_value.pci_devices).gpu_devices = (
            [mock.MagicMock(spec=pci_device.PCIDevice)])
        type(get_system_mock.return_value.bios_settings).sriov = (
@ -816,13 +826,19 @@ class RedfishOperationsTestCase(testtools.TestCase):
        type(get_system_mock.return_value.
             smart_storage).logical_raid_levels = (raid_mock)
        speed_mock.return_value = set()
+        sec_mock.return_value = {'overall_security_status': 'Risk',
+                                 'security_override_switch': 'Ok',
+                                 'last_firmware_scan_result': 'Ok'}
        actual = self.rf_client.get_server_capabilities()
        expected = {'pci_gpu_devices': 1,
                    'rom_firmware_version': 'U31 v1.00 (03/11/2017)',
                    'ilo_firmware_version': 'iLO 5 v1.15',
                    'nic_capacity': '1Gb',
                    'server_model': 'ProLiant DL180 Gen10',
-                    'boot_mode_bios': 'false', 'boot_mode_uefi': 'true'}
+                    'boot_mode_bios': 'false', 'boot_mode_uefi': 'true',
+                    'overall_security_status': 'Risk',
+                    'security_override_switch': 'Ok',
+                    'last_firmware_scan_result': 'Ok'}
        self.assertEqual(expected, actual)

    @mock.patch.object(redfish.RedfishOperations, '_get_sushy_system')
@ -2110,3 +2126,64 @@ class RedfishOperationsTestCase(testtools.TestCase):
            exception.IloCommandNotSupportedInBiosError,
            'TLS certificate cannot be removed in BIOS boot mode',
            self.rf_client.remove_tls_certificate, fp)
+
+    @mock.patch.object(redfish.RedfishOperations,
+                       '_get_security_dashboard_values')
+    def test__parse_security_dashboard_values_for_capabilities(self, sec_mock):
+        desc1 = ('The Require Login for iLO RBSU setting is disabled. '
+                 'This configuration allows unauthenticated iLO access '
+                 'through the UEFI System Utilities.')
+        act1 = ('Enable the Require Login for iLO RBSU setting.')
+        desc2 = ('The Password Complexity setting is disabled. This '
+                 'configuration increases system vulnerability to attack.')
+        act2 = ('Enable the "Password Complexity" setting.')
+        desc3 = ('The UEFI Secure Boot setting is disabled. In this '
+                 'configuration, the UEFI system firmware does not '
+                 'validate the boot loader, Option ROM firmware, and '
+                 'other system software executables for trusted signatures. '
+                 'This configuration breaks the chain of trust established by '
+                 'iLO from power-on')
+        act3 = ('Enable the Secure Boot setting in the UEFI System Utilities.')
+        s = {'server_configuration_lock_status': 'Disabled',
+             'overall_security_status': 'Risk',
+             'security_parameters':
+             {'Require Host Authentication': {'ignore': False,
+                                              'security_status': 'Ok',
+                                              'state': 'Disabled'},
+              'Last Firmware Scan Result': {'ignore': False,
+                                            'security_status': 'Ok',
+                                            'state': 'Ok'},
+              'Require Login for iLO RBSU': {'ignore': False,
+                                             'security_status': 'Risk',
+                                             'description': desc1,
+                                             'state': 'Disabled',
+                                             'recommended_action': act1},
+              'Authentication Failure Logging': {'ignore': False,
+                                                 'security_status': 'Ok',
+                                                 'state': 'Enabled'},
+              'Password Complexity': {'ignore': False,
+                                      'security_status': 'Risk',
+                                      'description': desc2,
+                                      'state': 'Disabled',
+                                      'recommended_action': act2},
+              'IPMI/DCMI Over LAN': {'ignore': False,
+                                     'security_status': 'Ok',
+                                     'state': 'Disabled'},
+              'Security Override Switch': {'ignore': False,
+                                           'security_status': 'Ok',
+                                           'state': 'Off'},
+              'Minimum Password Length': {'ignore': False,
+                                          'security_status': 'Ok',
+                                          'state': 'Ok'},
+              'Secure Boot': {'ignore': False,
+                              'security_status': 'Risk',
+                              'description': desc3,
+                              'state': 'Disabled',
+                              'recommended_action': act3}}}
+        sec_mock.return_value = s
+        expected = {'last_firmware_scan_result': 'Ok',
+                    'overall_security_status': 'Risk',
+                    'security_override_switch': 'Ok'}
+        actual = (
+            self.rf_client._parse_security_dashboard_values_for_capabilities())
+        self.assertEqual(expected, actual)