Add security dashboard clean steps to ilo drivers

This commit adds new clean steps security_parameters_update, update_minimum_password_length and update_auth_failure_logging_threshold to allow users to edit following security parameters which fetched during node inspection - ``Password_Complexity``, ``RequiredLoginForiLORBSU``, ``RequireHostAuthentication``, ``MinPasswordLength``, ``IPMI/DCMI_Over_LAN``, ``Authentication_failure_Logging``, and ``Secure_Boot``. Story: 2008024 Task: 40736 Change-Id: I0dd9a83ee23c6b846eda3ff171ab7b3138b22fa7
author: ankit <ankit.dhn31@gmail.com> 2021-03-23 07:50:00 +0000
committer: ankit <ankit.dhn31@gmail.com> 2021-04-05 17:53:28 +0000
commit: f5413a9bd5fe51c0d37ff7b7ed482f2ae6ed6b2a (patch)
tree: 9aad3e8952b9f321184e175ad68d6377ee10d78f /ironic/tests/unit/drivers/modules/ilo
parent: 961a85ada72532ba167f6b655571711c3c6df279 (diff)
download: ironic-f5413a9bd5fe51c0d37ff7b7ed482f2ae6ed6b2a.tar.gz
3 files changed, 72 insertions, 3 deletions
diff --git a/ironic/tests/unit/drivers/modules/ilo/test_common.py b/ironic/tests/unit/drivers/modules/ilo/test_common.py
index d8dfc71e0..f1d9cd241 100644
--- a/ironic/tests/unit/drivers/modules/ilo/test_common.py
+++ b/ironic/tests/unit/drivers/modules/ilo/test_common.py
@@ -904,6 +904,26 @@ class IloCommonMethodsTestCase(BaseIloTest):
                               task, False)
         ilo_mock_object.set_secure_boot_mode.assert_called_once_with(False)
 
+    def test_validate_security_parameter_values(self):
+        param_info = {'param': 'password_complexity'}
+        param, enabled, ignored = (
+            ilo_common.validate_security_parameter_values(param_info))
+        self.assertEqual('password_complexity', param)
+        self.assertEqual(False, ignored)
+        self.assertEqual(True, enabled)
+
+    def test_validate_security_parameter_values_no_param(self):
+        param_info = {'param': None}
+        self.assertRaises(exception.MissingParameterValue,
+                          ilo_common.validate_security_parameter_values,
+                          param_info)
+
+    def test_validate_security_parameter_values_invalid_param(self):
+        param_info = {'param': 'minimum_password_length'}
+        self.assertRaises(exception.InvalidParameterValue,
+                          ilo_common.validate_security_parameter_values,
+                          param_info)
+
     @mock.patch.object(os, 'chmod', spec_set=True,
                        autospec=True)
     @mock.patch.object(shutil, 'copyfile', spec_set=True,
diff --git a/ironic/tests/unit/drivers/modules/ilo/test_inspect.py b/ironic/tests/unit/drivers/modules/ilo/test_inspect.py
index ce81a2e47..376c0d601 100644
--- a/ironic/tests/unit/drivers/modules/ilo/test_inspect.py
+++ b/ironic/tests/unit/drivers/modules/ilo/test_inspect.py
@@ -172,6 +172,8 @@ class IloInspectTestCase(test_common.BaseIloTest):
 
     @mock.patch.object(ilo_inspect.LOG, 'warning',
                        spec_set=True, autospec=True)
+    @mock.patch.object(ilo_inspect, '_get_security_parameters',
+                       spec_set=True, autospec=True)
     @mock.patch.object(ilo_inspect, '_get_capabilities', spec_set=True,
                        autospec=True)
     @mock.patch.object(inspect_utils, 'create_ports_if_not_exist',
@@ -187,21 +189,26 @@ class IloInspectTestCase(test_common.BaseIloTest):
                               get_essential_mock,
                               create_port_mock,
                               get_capabilities_mock,
+                              get_security_params_mock,
                               log_mock):
         ilo_object_mock = get_ilo_object_mock.return_value
         properties = {'memory_mb': '512', 'local_gb': 10,
                       'cpus': '1', 'cpu_arch': 'x86_64'}
         macs = {'NIC.LOM.1.1': 'aa:aa:aa:aa:aa:aa'}
         capabilities = {'server_model': 'Gen10'}
+        security_params = (
+            {'security_parameters': {'Password Complexity': 'ok'}})
         result = {'properties': properties, 'macs': macs}
         get_essential_mock.return_value = result
         get_capabilities_mock.return_value = capabilities
+        get_security_params_mock.return_value = security_params
         power_mock.return_value = states.POWER_ON
         with task_manager.acquire(self.context, self.node.uuid,
                                   shared=False) as task:
-            expected_properties = {'memory_mb': '512', 'local_gb': 10,
-                                   'cpus': '1', 'cpu_arch': 'x86_64',
-                                   'capabilities': 'server_model:Gen10'}
+            expected_properties = {
+                'memory_mb': '512', 'local_gb': 10, 'cpus': '1',
+                'cpu_arch': 'x86_64', 'capabilities': 'server_model:Gen10',
+                'security_parameters': {'Password Complexity': 'ok'}}
             task.driver.inspect.inspect_hardware(task)
             self.assertEqual(expected_properties, task.node.properties)
             power_mock.assert_called_once_with(mock.ANY, task)
diff --git a/ironic/tests/unit/drivers/modules/ilo/test_management.py b/ironic/tests/unit/drivers/modules/ilo/test_management.py
index 1616f8ca0..07bb9f98b 100644
--- a/ironic/tests/unit/drivers/modules/ilo/test_management.py
+++ b/ironic/tests/unit/drivers/modules/ilo/test_management.py
@@ -382,6 +382,48 @@ class IloManagementTestCase(test_common.BaseIloTest):
                                   **activate_license_args)
                 self.assertFalse(step_mock.called)
 
+    @mock.patch.object(ilo_management, '_execute_ilo_step',
+                       spec_set=True, autospec=True)
+    def test_security_parameters_update(self, step_mock):
+        security_parameters = [
+            {
+                "param": "password_complexity",
+                "enable": True,
+                "ignore": False
+            }
+        ]
+        security_parameters_args = {
+            'security_parameters': security_parameters}
+
+        with task_manager.acquire(self.context, self.node.uuid,
+                                  shared=False) as task:
+            task.driver.management.security_parameters_update(
+                task, **security_parameters_args)
+            step_mock.assert_called_once_with(
+                task.node, 'update_password_complexity', True, False)
+
+    @mock.patch.object(ilo_management, '_execute_ilo_step',
+                       spec_set=True, autospec=True)
+    def test_update_minimum_password_length(self, step_mock):
+        with task_manager.acquire(self.context, self.node.uuid,
+                                  shared=False) as task:
+            minimum_password_args = {'password_length': '8'}
+            task.driver.management.update_minimum_password_length(
+                task, **minimum_password_args)
+            step_mock.assert_called_once_with(
+                task.node, 'update_minimum_password_length', '8', False)
+
+    @mock.patch.object(ilo_management, '_execute_ilo_step',
+                       spec_set=True, autospec=True)
+    def test_update_auth_failure_logging_threshold(self, step_mock):
+        with task_manager.acquire(self.context, self.node.uuid,
+                                  shared=False) as task:
+            auth_failure_args = {'logging_threshold': '1'}
+            task.driver.management.update_auth_failure_logging_threshold(
+                task, **auth_failure_args)
+            step_mock.assert_called_once_with(
+                task.node, 'update_authentication_failure_logging', '1', False)
+
     @mock.patch.object(deploy_utils, 'build_agent_options',
                        spec_set=True, autospec=True)
     @mock.patch.object(ilo_boot.IloVirtualMediaBoot, 'clean_up_ramdisk',
author	ankit <ankit.dhn31@gmail.com>	2021-03-23 07:50:00 +0000
committer	ankit <ankit.dhn31@gmail.com>	2021-04-05 17:53:28 +0000
commit	f5413a9bd5fe51c0d37ff7b7ed482f2ae6ed6b2a (patch)
tree	9aad3e8952b9f321184e175ad68d6377ee10d78f /ironic/tests/unit/drivers/modules/ilo
parent	961a85ada72532ba167f6b655571711c3c6df279 (diff)
download	ironic-f5413a9bd5fe51c0d37ff7b7ed482f2ae6ed6b2a.tar.gz