Adds few of the security dashboard parameters to capabilities

This patch adds few of the security dashboard parameters
to iLO capabilities. It adds :
 - overall_security_status
 - last_firmware_scan_result
 - security_override_switch

Story: 2008024
Task: 40678

Change-Id: I7ef2ce1a20fbc1b258fce0f8ebd53661b24e66ff

doc/source/admin/drivers/ilo.rst

@@ -923,6 +923,27 @@ Inspection can also discover the following extra capabilities for iLO driver:
   of the raid levels among 0, 1, 2, 5, 6, 10, 50 and 60 are configured on
   the system.
 
+* ``overall_security_status``: ``Ok`` or ``Risk`` or ``Ignored`` as returned by iLO
+  security dashboard.  iLO computes the overall security status by evaluating
+  the security status for each of the security parameters. Admin needs to fix
+  the actual parameters and then re-inspect so that iLO can recompute the
+  overall security status. If the all security params, whose ``security_status`` is
+  ``Risk``, have the ``Ignore`` field set to ``True``, then iLO sets
+  the overall security status value as ``Ignored``. All the security params must have
+  the ``security_status`` as ``Ok`` for the ``overall_security_status``
+  to have the value as ``Ok``.
+
+* ``last_firmware_scan_status``: ``Ok`` or ``Risk`` as returned by iLO security dashboard.
+  This denotes security status of the last firmware scan done on the system. If it is
+  ``Risk``, the recommendation is to run clean_step ``update_firmware_sum`` without any
+  specific firmware components so that firmware is updated for all the components using
+  latest SPP (Service Provider Pack) ISO and then re-inspect to get the security status
+  again.
+
+* ``security_override_switch``: ``Ok`` or ``Risk`` as returned by iLO security dashboard.
+  This is disable/enable login to the iLO using credentials. This can be toggled only
+  by physical visit to the bare metal.
+
   .. note::
 
      * The capability ``nic_capacity`` can only be discovered if ipmitool
@@ -941,6 +962,10 @@ Inspection can also discover the following extra capabilities for iLO driver:
        (active and otherwise) NICs for Gen8 and Gen9 servers and ironic ports
        are created for all of them. Inspection logs a warning if the node under
        inspection is Gen8 or Gen9.
+     * The security dashboard capabilities are applicable only for Gen10 ProLiant HPE
+       servers and above. To fix the security dashboard parameters value from
+       ``Risk`` to ``Ok``, user need to fix the parameters separately and re-inspect
+       to see the security status of the parameters.
 
 The operator can specify these capabilities in nova flavor for node to be selected
 for scheduling::

ironic/drivers/modules/ilo/inspect.py

@@ -45,7 +45,9 @@ CAPABILITIES_KEYS = {'secure_boot', 'rom_firmware_version',
                      'logical_raid_level_5', 'logical_raid_level_6',
                      'logical_raid_level_50', 'logical_raid_level_60',
                      'cpu_vt', 'hardware_supports_raid', 'has_nvme_ssd',
-                     'nvdimm_n', 'logical_nvdimm_n', 'persistent_memory'}
+                     'nvdimm_n', 'logical_nvdimm_n', 'persistent_memory',
+                     'overall_security_status', 'security_override_switch',
+                     'last_firmware_scan_result'}
 
 
 def _get_essential_properties(node, ilo_object):

releasenotes/notes/add_security_capabilities_to_ilo-1ff11b01e5930cc7.yaml

@@ -0,0 +1,9 @@
+---
+feature: >
+    Adds security dashboard related capabilities and their security status
+    to ``ilo`` and ``ilo5`` driver capabilities. Following capabilities
+    are added:-
+    - ``overall_security_status``
+    - ``last_firmware_scan_result``
+    - ``security_override_switch``.
+    Refer `story 2008024 <https://storyboard.openstack.org/#!/story/2008024>`_