[iRMC] Fix parse_driver_info bug enforcing SNMP v3 under FIPS mode
This patch fixes a condition where iRMC driver interfaces would have the FIPS enforcement logic check applied if the SNMP version was not set to SNMP v3, even if the interfaces did not use SNMP. With this patch, if FIPS enabled, iRMC driver enforces SNMP version to be version 3 only when any xxx_interface of iRMC driver actually uses SNMP. Story: 2010713 Task: 47879 Change-Id: I774c459a5e11b7cd01f7a65754d5a2c7cc573476
This commit is contained in:
parent
7083545731
commit
3f09bdcf95
@ -51,6 +51,12 @@ IPMI_ENABLED_BY_DEFAULT_RANGES = {
|
|||||||
|
|
||||||
ELCM_STATUS_PATH = '/rest/v1/Oem/eLCM/eLCMStatus'
|
ELCM_STATUS_PATH = '/rest/v1/Oem/eLCM/eLCMStatus'
|
||||||
|
|
||||||
|
# List of xxx_interface & implementation pair which uses SNMP internally
|
||||||
|
# and iRMC driver supports
|
||||||
|
INTERFACE_IMPL_LIST_WITH_SNMP = {
|
||||||
|
'inspect_interface': {'irmc', },
|
||||||
|
'power_interface': {'irmc', }}
|
||||||
|
|
||||||
REQUIRED_PROPERTIES = {
|
REQUIRED_PROPERTIES = {
|
||||||
'irmc_address': _("IP address or hostname of the iRMC. Required."),
|
'irmc_address': _("IP address or hostname of the iRMC. Required."),
|
||||||
'irmc_username': _("Username for the iRMC with administrator privileges. "
|
'irmc_username': _("Username for the iRMC with administrator privileges. "
|
||||||
@ -234,6 +240,12 @@ def _parse_snmp_driver_info(node, info):
|
|||||||
"v2c": snmp.SNMP_V2C,
|
"v2c": snmp.SNMP_V2C,
|
||||||
"v3": snmp.SNMP_V3}
|
"v3": snmp.SNMP_V3}
|
||||||
|
|
||||||
|
for int_name, impl_list in INTERFACE_IMPL_LIST_WITH_SNMP.items():
|
||||||
|
if getattr(node, int_name) in impl_list:
|
||||||
|
break
|
||||||
|
else:
|
||||||
|
return snmp_info
|
||||||
|
|
||||||
if snmp_info['irmc_snmp_version'].lower() not in valid_versions:
|
if snmp_info['irmc_snmp_version'].lower() not in valid_versions:
|
||||||
raise exception.InvalidParameterValue(_(
|
raise exception.InvalidParameterValue(_(
|
||||||
"Value '%s' is not supported for 'irmc_snmp_version'.") %
|
"Value '%s' is not supported for 'irmc_snmp_version'.") %
|
||||||
|
@ -37,6 +37,8 @@ from ironic.tests.unit.objects import utils as obj_utils
|
|||||||
class BaseIRMCTest(db_base.DbTestCase):
|
class BaseIRMCTest(db_base.DbTestCase):
|
||||||
|
|
||||||
boot_interface = 'irmc-pxe'
|
boot_interface = 'irmc-pxe'
|
||||||
|
inspect_interface = 'irmc'
|
||||||
|
power_interface = 'irmc'
|
||||||
|
|
||||||
def setUp(self):
|
def setUp(self):
|
||||||
super(BaseIRMCTest, self).setUp()
|
super(BaseIRMCTest, self).setUp()
|
||||||
@ -51,6 +53,8 @@ class BaseIRMCTest(db_base.DbTestCase):
|
|||||||
self.context,
|
self.context,
|
||||||
driver='irmc',
|
driver='irmc',
|
||||||
boot_interface=self.boot_interface,
|
boot_interface=self.boot_interface,
|
||||||
|
inspect_interface=self.inspect_interface,
|
||||||
|
power_interface=self.power_interface,
|
||||||
driver_info=self.info,
|
driver_info=self.info,
|
||||||
uuid=uuidutils.generate_uuid())
|
uuid=uuidutils.generate_uuid())
|
||||||
|
|
||||||
@ -74,6 +78,44 @@ class IRMCValidateParametersTestCase(BaseIRMCTest):
|
|||||||
self.assertEqual('public', info['irmc_snmp_community'])
|
self.assertEqual('public', info['irmc_snmp_community'])
|
||||||
self.assertTrue(info['irmc_verify_ca'])
|
self.assertTrue(info['irmc_verify_ca'])
|
||||||
|
|
||||||
|
@mock.patch.object(utils, 'is_fips_enabled',
|
||||||
|
return_value=False, autospec=True)
|
||||||
|
def test_parse_snmp_driver_info_with_snmp(self, mock_check_fips):
|
||||||
|
test_list = [{'interfaces': [{'interface': 'inspect_interface',
|
||||||
|
'impl': 'irmc'},
|
||||||
|
{'interface': 'power_interface',
|
||||||
|
'impl': 'irmc'}],
|
||||||
|
'snmp': True},
|
||||||
|
{'interfaces': [{'interface': 'inspect_interface',
|
||||||
|
'impl': 'inspector'},
|
||||||
|
{'interface': 'power_interface',
|
||||||
|
'impl': 'irmc'}],
|
||||||
|
'snmp': True},
|
||||||
|
{'interfaces': [{'interface': 'inspect_interface',
|
||||||
|
'impl': 'irmc'},
|
||||||
|
{'interface': 'power_interface',
|
||||||
|
'impl': 'ipmitool'}],
|
||||||
|
'snmp': True},
|
||||||
|
{'interfaces': [{'interface': 'inspect_interface',
|
||||||
|
'impl': 'inspector'},
|
||||||
|
{'interface': 'power_interface',
|
||||||
|
'impl': 'ipmitool'}],
|
||||||
|
'snmp': False}
|
||||||
|
]
|
||||||
|
|
||||||
|
for t_conf in test_list:
|
||||||
|
with self.subTest(t_conf=t_conf):
|
||||||
|
for int_conf in t_conf['interfaces']:
|
||||||
|
setattr(self.node, int_conf['interface'], int_conf['impl'])
|
||||||
|
irmc_common.parse_driver_info(self.node)
|
||||||
|
|
||||||
|
if t_conf['snmp']:
|
||||||
|
mock_check_fips.assert_called()
|
||||||
|
else:
|
||||||
|
mock_check_fips.assert_not_called()
|
||||||
|
|
||||||
|
mock_check_fips.reset_mock()
|
||||||
|
|
||||||
def test_parse_driver_info_snmpv3(self):
|
def test_parse_driver_info_snmpv3(self):
|
||||||
self.node.driver_info['irmc_snmp_version'] = 'v3'
|
self.node.driver_info['irmc_snmp_version'] = 'v3'
|
||||||
self.node.driver_info['irmc_snmp_user'] = 'admin0'
|
self.node.driver_info['irmc_snmp_user'] = 'admin0'
|
||||||
|
@ -0,0 +1,6 @@
|
|||||||
|
---
|
||||||
|
fixes:
|
||||||
|
- |
|
||||||
|
Fixes bug of iRMC driver in parse_driver_info where, if FIPS is enabled,
|
||||||
|
SNMP version is always required to be version 3 even though iRMC driver's
|
||||||
|
xxx_interface doesn't use SNMP actually.
|
Loading…
Reference in New Issue
Block a user