diff options
author | ankit <ankit.dhn31@gmail.com> | 2021-03-23 07:50:00 +0000 |
---|---|---|
committer | ankit <ankit.dhn31@gmail.com> | 2021-04-05 17:53:28 +0000 |
commit | f5413a9bd5fe51c0d37ff7b7ed482f2ae6ed6b2a (patch) | |
tree | 9aad3e8952b9f321184e175ad68d6377ee10d78f /ironic/tests/unit/drivers/modules/ilo | |
parent | 961a85ada72532ba167f6b655571711c3c6df279 (diff) | |
download | ironic-f5413a9bd5fe51c0d37ff7b7ed482f2ae6ed6b2a.tar.gz |
Add security dashboard clean steps to ilo drivers
This commit adds new clean steps security_parameters_update,
update_minimum_password_length and update_auth_failure_logging_threshold
to allow users to edit following security parameters which fetched
during node inspection -
``Password_Complexity``, ``RequiredLoginForiLORBSU``,
``RequireHostAuthentication``, ``MinPasswordLength``,
``IPMI/DCMI_Over_LAN``, ``Authentication_failure_Logging``,
and ``Secure_Boot``.
Story: 2008024
Task: 40736
Change-Id: I0dd9a83ee23c6b846eda3ff171ab7b3138b22fa7
Diffstat (limited to 'ironic/tests/unit/drivers/modules/ilo')
-rw-r--r-- | ironic/tests/unit/drivers/modules/ilo/test_common.py | 20 | ||||
-rw-r--r-- | ironic/tests/unit/drivers/modules/ilo/test_inspect.py | 13 | ||||
-rw-r--r-- | ironic/tests/unit/drivers/modules/ilo/test_management.py | 42 |
3 files changed, 72 insertions, 3 deletions
diff --git a/ironic/tests/unit/drivers/modules/ilo/test_common.py b/ironic/tests/unit/drivers/modules/ilo/test_common.py index d8dfc71e0..f1d9cd241 100644 --- a/ironic/tests/unit/drivers/modules/ilo/test_common.py +++ b/ironic/tests/unit/drivers/modules/ilo/test_common.py @@ -904,6 +904,26 @@ class IloCommonMethodsTestCase(BaseIloTest): task, False) ilo_mock_object.set_secure_boot_mode.assert_called_once_with(False) + def test_validate_security_parameter_values(self): + param_info = {'param': 'password_complexity'} + param, enabled, ignored = ( + ilo_common.validate_security_parameter_values(param_info)) + self.assertEqual('password_complexity', param) + self.assertEqual(False, ignored) + self.assertEqual(True, enabled) + + def test_validate_security_parameter_values_no_param(self): + param_info = {'param': None} + self.assertRaises(exception.MissingParameterValue, + ilo_common.validate_security_parameter_values, + param_info) + + def test_validate_security_parameter_values_invalid_param(self): + param_info = {'param': 'minimum_password_length'} + self.assertRaises(exception.InvalidParameterValue, + ilo_common.validate_security_parameter_values, + param_info) + @mock.patch.object(os, 'chmod', spec_set=True, autospec=True) @mock.patch.object(shutil, 'copyfile', spec_set=True, diff --git a/ironic/tests/unit/drivers/modules/ilo/test_inspect.py b/ironic/tests/unit/drivers/modules/ilo/test_inspect.py index ce81a2e47..376c0d601 100644 --- a/ironic/tests/unit/drivers/modules/ilo/test_inspect.py +++ b/ironic/tests/unit/drivers/modules/ilo/test_inspect.py @@ -172,6 +172,8 @@ class IloInspectTestCase(test_common.BaseIloTest): @mock.patch.object(ilo_inspect.LOG, 'warning', spec_set=True, autospec=True) + @mock.patch.object(ilo_inspect, '_get_security_parameters', + spec_set=True, autospec=True) @mock.patch.object(ilo_inspect, '_get_capabilities', spec_set=True, autospec=True) @mock.patch.object(inspect_utils, 'create_ports_if_not_exist', @@ -187,21 +189,26 @@ class IloInspectTestCase(test_common.BaseIloTest): get_essential_mock, create_port_mock, get_capabilities_mock, + get_security_params_mock, log_mock): ilo_object_mock = get_ilo_object_mock.return_value properties = {'memory_mb': '512', 'local_gb': 10, 'cpus': '1', 'cpu_arch': 'x86_64'} macs = {'NIC.LOM.1.1': 'aa:aa:aa:aa:aa:aa'} capabilities = {'server_model': 'Gen10'} + security_params = ( + {'security_parameters': {'Password Complexity': 'ok'}}) result = {'properties': properties, 'macs': macs} get_essential_mock.return_value = result get_capabilities_mock.return_value = capabilities + get_security_params_mock.return_value = security_params power_mock.return_value = states.POWER_ON with task_manager.acquire(self.context, self.node.uuid, shared=False) as task: - expected_properties = {'memory_mb': '512', 'local_gb': 10, - 'cpus': '1', 'cpu_arch': 'x86_64', - 'capabilities': 'server_model:Gen10'} + expected_properties = { + 'memory_mb': '512', 'local_gb': 10, 'cpus': '1', + 'cpu_arch': 'x86_64', 'capabilities': 'server_model:Gen10', + 'security_parameters': {'Password Complexity': 'ok'}} task.driver.inspect.inspect_hardware(task) self.assertEqual(expected_properties, task.node.properties) power_mock.assert_called_once_with(mock.ANY, task) diff --git a/ironic/tests/unit/drivers/modules/ilo/test_management.py b/ironic/tests/unit/drivers/modules/ilo/test_management.py index 1616f8ca0..07bb9f98b 100644 --- a/ironic/tests/unit/drivers/modules/ilo/test_management.py +++ b/ironic/tests/unit/drivers/modules/ilo/test_management.py @@ -382,6 +382,48 @@ class IloManagementTestCase(test_common.BaseIloTest): **activate_license_args) self.assertFalse(step_mock.called) + @mock.patch.object(ilo_management, '_execute_ilo_step', + spec_set=True, autospec=True) + def test_security_parameters_update(self, step_mock): + security_parameters = [ + { + "param": "password_complexity", + "enable": True, + "ignore": False + } + ] + security_parameters_args = { + 'security_parameters': security_parameters} + + with task_manager.acquire(self.context, self.node.uuid, + shared=False) as task: + task.driver.management.security_parameters_update( + task, **security_parameters_args) + step_mock.assert_called_once_with( + task.node, 'update_password_complexity', True, False) + + @mock.patch.object(ilo_management, '_execute_ilo_step', + spec_set=True, autospec=True) + def test_update_minimum_password_length(self, step_mock): + with task_manager.acquire(self.context, self.node.uuid, + shared=False) as task: + minimum_password_args = {'password_length': '8'} + task.driver.management.update_minimum_password_length( + task, **minimum_password_args) + step_mock.assert_called_once_with( + task.node, 'update_minimum_password_length', '8', False) + + @mock.patch.object(ilo_management, '_execute_ilo_step', + spec_set=True, autospec=True) + def test_update_auth_failure_logging_threshold(self, step_mock): + with task_manager.acquire(self.context, self.node.uuid, + shared=False) as task: + auth_failure_args = {'logging_threshold': '1'} + task.driver.management.update_auth_failure_logging_threshold( + task, **auth_failure_args) + step_mock.assert_called_once_with( + task.node, 'update_authentication_failure_logging', '1', False) + @mock.patch.object(deploy_utils, 'build_agent_options', spec_set=True, autospec=True) @mock.patch.object(ilo_boot.IloVirtualMediaBoot, 'clean_up_ramdisk', |