diff options
| author | Dmitry Tantsur <dtantsur@protonmail.com> | 2021-01-14 15:02:38 +0100 |
|---|---|---|
| committer | Dmitry Tantsur <dtantsur@protonmail.com> | 2021-01-26 17:15:46 +0100 |
| commit | 33d51f221f65960b063fc185a65f2449c071d093 (patch) | |
| tree | 78d6914545dc61dd1c8021d676feae0b39353814 /ironic/tests/unit/drivers/modules/redfish/test_management.py | |
| parent | 04400eea472f6e24af4558beb87a45a6b5b7f5a3 (diff) | |
| download | ironic-33d51f221f65960b063fc185a65f2449c071d093.tar.gz | |
Redfish secure boot management
Story: #2008270
Task: #41137
Change-Id: Ied53f8dc5b93522ac9ffc25ec93ad2347a7d1c7c
Diffstat (limited to 'ironic/tests/unit/drivers/modules/redfish/test_management.py')
| -rw-r--r-- | ironic/tests/unit/drivers/modules/redfish/test_management.py | 142 |
1 files changed, 142 insertions, 0 deletions
diff --git a/ironic/tests/unit/drivers/modules/redfish/test_management.py b/ironic/tests/unit/drivers/modules/redfish/test_management.py index a1fb4e8d0..efd6c35be 100644 --- a/ironic/tests/unit/drivers/modules/redfish/test_management.py +++ b/ironic/tests/unit/drivers/modules/redfish/test_management.py @@ -1258,3 +1258,145 @@ class RedfishManagementTestCase(db_base.DbTestCase): task.node.driver_internal_info['firmware_updates']) task.node.save.assert_called_once_with() mock_node_power_action.assert_called_once_with(task, states.REBOOT) + + @mock.patch.object(redfish_utils, 'get_system', autospec=True) + def test_get_secure_boot_state(self, mock_get_system): + fake_system = mock_get_system.return_value + fake_system.secure_boot.enabled = False + with task_manager.acquire(self.context, self.node.uuid, + shared=True) as task: + response = task.driver.management.get_secure_boot_state(task) + self.assertIs(False, response) + + @mock.patch.object(redfish_utils, 'get_system', autospec=True) + def test_get_secure_boot_state_not_implemented(self, mock_get_system): + # Yes, seriously, that's the only way to do it. + class NoSecureBoot(mock.Mock): + @property + def secure_boot(self): + raise sushy.exceptions.MissingAttributeError("boom") + + mock_get_system.return_value = NoSecureBoot() + with task_manager.acquire(self.context, self.node.uuid, + shared=True) as task: + self.assertRaises(exception.UnsupportedDriverExtension, + task.driver.management.get_secure_boot_state, + task) + + @mock.patch.object(redfish_utils, 'get_system', autospec=True) + def test_set_secure_boot_state(self, mock_get_system): + fake_system = mock_get_system.return_value + fake_system.secure_boot.enabled = False + fake_system.boot = {'mode': sushy.BOOT_SOURCE_MODE_UEFI} + with task_manager.acquire(self.context, self.node.uuid, + shared=True) as task: + task.driver.management.set_secure_boot_state(task, True) + fake_system.secure_boot.set_enabled.assert_called_once_with(True) + + @mock.patch.object(redfish_utils, 'get_system', autospec=True) + def test_set_secure_boot_state_boot_mode_unknown(self, mock_get_system): + fake_system = mock_get_system.return_value + fake_system.secure_boot.enabled = False + fake_system.boot = {} + with task_manager.acquire(self.context, self.node.uuid, + shared=True) as task: + task.driver.management.set_secure_boot_state(task, True) + fake_system.secure_boot.set_enabled.assert_called_once_with(True) + + @mock.patch.object(redfish_utils, 'get_system', autospec=True) + def test_set_secure_boot_state_boot_mode_no_change(self, mock_get_system): + fake_system = mock_get_system.return_value + fake_system.secure_boot.enabled = False + fake_system.boot = {'mode': sushy.BOOT_SOURCE_MODE_BIOS} + with task_manager.acquire(self.context, self.node.uuid, + shared=True) as task: + task.driver.management.set_secure_boot_state(task, False) + self.assertFalse(fake_system.secure_boot.set_enabled.called) + + @mock.patch.object(redfish_utils, 'get_system', autospec=True) + def test_set_secure_boot_state_boot_mode_incorrect(self, mock_get_system): + fake_system = mock_get_system.return_value + fake_system.secure_boot.enabled = False + fake_system.boot = {'mode': sushy.BOOT_SOURCE_MODE_BIOS} + with task_manager.acquire(self.context, self.node.uuid, + shared=True) as task: + self.assertRaisesRegex( + exception.RedfishError, 'requires UEFI', + task.driver.management.set_secure_boot_state, task, True) + self.assertFalse(fake_system.secure_boot.set_enabled.called) + + @mock.patch.object(redfish_utils, 'get_system', autospec=True) + def test_set_secure_boot_state_boot_mode_fails(self, mock_get_system): + fake_system = mock_get_system.return_value + fake_system.secure_boot.enabled = False + fake_system.secure_boot.set_enabled.side_effect = \ + sushy.exceptions.SushyError + fake_system.boot = {'mode': sushy.BOOT_SOURCE_MODE_UEFI} + with task_manager.acquire(self.context, self.node.uuid, + shared=True) as task: + self.assertRaisesRegex( + exception.RedfishError, 'Failed to set secure boot', + task.driver.management.set_secure_boot_state, task, True) + fake_system.secure_boot.set_enabled.assert_called_once_with(True) + + @mock.patch.object(redfish_utils, 'get_system', autospec=True) + def test_set_secure_boot_state_not_implemented(self, mock_get_system): + # Yes, seriously, that's the only way to do it. + class NoSecureBoot(mock.Mock): + @property + def secure_boot(self): + raise sushy.exceptions.MissingAttributeError("boom") + + mock_get_system.return_value = NoSecureBoot() + with task_manager.acquire(self.context, self.node.uuid, + shared=True) as task: + self.assertRaises(exception.UnsupportedDriverExtension, + task.driver.management.set_secure_boot_state, + task, True) + + @mock.patch.object(redfish_utils, 'get_system', autospec=True) + def test_reset_secure_boot_to_default(self, mock_get_system): + with task_manager.acquire(self.context, self.node.uuid, + shared=True) as task: + task.driver.management.reset_secure_boot_keys_to_default(task) + sb = mock_get_system.return_value.secure_boot + sb.reset_keys.assert_called_once_with( + sushy.SECURE_BOOT_RESET_KEYS_TO_DEFAULT) + + @mock.patch.object(redfish_utils, 'get_system', autospec=True) + def test_reset_secure_boot_to_default_not_implemented(self, + mock_get_system): + class NoSecureBoot(mock.Mock): + @property + def secure_boot(self): + raise sushy.exceptions.MissingAttributeError("boom") + + mock_get_system.return_value = NoSecureBoot() + with task_manager.acquire(self.context, self.node.uuid, + shared=True) as task: + self.assertRaises( + exception.UnsupportedDriverExtension, + task.driver.management.reset_secure_boot_keys_to_default, task) + + @mock.patch.object(redfish_utils, 'get_system', autospec=True) + def test_clear_secure_boot(self, mock_get_system): + with task_manager.acquire(self.context, self.node.uuid, + shared=True) as task: + task.driver.management.clear_secure_boot_keys(task) + sb = mock_get_system.return_value.secure_boot + sb.reset_keys.assert_called_once_with( + sushy.SECURE_BOOT_RESET_KEYS_DELETE_ALL) + + @mock.patch.object(redfish_utils, 'get_system', autospec=True) + def test_clear_secure_boot_not_implemented(self, mock_get_system): + class NoSecureBoot(mock.Mock): + @property + def secure_boot(self): + raise sushy.exceptions.MissingAttributeError("boom") + + mock_get_system.return_value = NoSecureBoot() + with task_manager.acquire(self.context, self.node.uuid, + shared=True) as task: + self.assertRaises( + exception.UnsupportedDriverExtension, + task.driver.management.clear_secure_boot_keys, task) |