diff options
| author | Johnathan Mantey <johnathanx.mantey@intel.com> | 2020-11-20 19:51:11 +0300 |
|---|---|---|
| committer | Ed Tanous <ed@tanous.net> | 2021-03-16 23:27:33 +0300 |
| commit | 2db77d34ca673f32411621b7e34b039dec948bd3 (patch) | |
| tree | 71fbb4110f9db5f73af186ffbe879dd753920d6c | |
| parent | 75710de2c0708a40a0caf6d513dba9ace033aad7 (diff) | |
| download | bmcweb-2db77d34ca673f32411621b7e34b039dec948bd3.tar.xz | |
Force HostName property to be read-only per the schema
The ManagerNetworkProtocol schema defines the HostName entry to be
read-only. Change the doPatch code to prevent updating the hostname
attribute.
The DMTF redfish/v1/Managers/bmc/NetworkProtocol is a read-only
location.
The DMTF approved location for changing the HostName is:
redfish/v1/Managers/bmc/EthernetInterfaces/<str>
This change does not impact phosphor-webui, as it uses D-Bus to
perform all of its work.
This change does not impact webui-vue, as it is using the DMTF
approved API.
This commit deprecates allowing Read/Write access to the Hostname in
the ManagersNetworkProtocol URI. To reduce the impact to Redfish
clients that rely upon Read/Write access a Meson compile time flag has
been added to allow Read/Write access to be restored. The Meson build
flag, redfish-allow-deprecated-hostname-patch, can be enabled to
restore Read/Write access. The Meson build flag is slated to be
removed in Q4 2021 enforcing the read-only state.
Tested:
Explicitly PATCH'd HostName to confirm it cannot be modified.
Enabled the HostName feature, and confirmed the HostName accepted a
PATCH command.
Ran Redfish_Service_Validator (deprecated, and re-enabled).
Change-Id: If7f2148d8bbb8a7b420c4abde086272c4320977a
Signed-off-by: Johnathan Mantey <johnathanx.mantey@intel.com>
| -rw-r--r-- | meson.build | 10 | ||||
| -rw-r--r-- | meson_options.txt | 1 | ||||
| -rw-r--r-- | redfish-core/lib/network_protocol.hpp | 8 |
3 files changed, 18 insertions, 1 deletions
diff --git a/meson.build b/meson.build index 1bb76361f2..66a066b4f0 100644 --- a/meson.build +++ b/meson.build @@ -206,6 +206,16 @@ if (cxx.get_id() == 'gcc' and cxx.version().version_compare('>8.0')) },section : 'Enabled Features') endif + if( get_option('redfish-allow-deprecated-hostname-patch').enabled()) + add_project_arguments([ + '-DBMCWEB_ALLOW_DEPRECATED_HOSTNAME_PATCH' + ], + language : 'cpp') + + summary({'hostname-patch' :'-DBMCWEB_ALLOW_DEPRECATED_HOSTNAME_PATCH' + },section : 'Enabled Features') + endif + endif endif diff --git a/meson_options.txt b/meson_options.txt index 5e5f7b503d..9611631e85 100644 --- a/meson_options.txt +++ b/meson_options.txt @@ -29,6 +29,7 @@ option('cookie-auth', type : 'feature', value : 'enabled', description : '''Enab option('mutual-tls-auth', type : 'feature', value : 'enabled', description : '''Enables authenticating users through TLS client certificates. The insecure-disable-ssl must be disabled for this option to take effect.''') option('ibm-management-console', type : 'feature', value : 'disabled', description : 'Enable the IBM management console specific functionality. Paths are under \'/ibm/v1/\'') option('http-body-limit', type: 'integer', min : 0, max : 512, value : 30, description : 'Specifies the http request body length limit') +option('redfish-allow-deprecated-hostname-patch', type : 'feature', value : 'disabled', description : 'Enable/disable Managers/bmc/NetworkProtocol HostName PATCH commands. The default condition is to prevent HostName changes from this URI, following the Redfish schema. Enabling this switch permits the HostName to be PATCHed at this URI. In Q4 2021 this feature will be removed, and the Redfish schema enforced, making the HostName read-only.') # Insecure options. Every option that starts with a `insecure` flag should # not be enabled by default for any platform, unless the author fully comprehends diff --git a/redfish-core/lib/network_protocol.hpp b/redfish-core/lib/network_protocol.hpp index 65b90f7571..c8f63d1a8b 100644 --- a/redfish-core/lib/network_protocol.hpp +++ b/redfish-core/lib/network_protocol.hpp @@ -354,6 +354,7 @@ class NetworkProtocol : public Node "org.freedesktop.systemd1.Manager", "ListUnits"); } +#ifdef BMCWEB_ALLOW_DEPRECATED_HOSTNAME_PATCH void handleHostnamePatch(const std::string& hostName, const std::shared_ptr<AsyncResp>& asyncResp) { @@ -371,6 +372,7 @@ class NetworkProtocol : public Node "xyz.openbmc_project.Network.SystemConfiguration", "HostName", std::variant<std::string>(hostName)); } +#endif void handleNTPProtocolEnabled(const bool& ntpEnabled, const std::shared_ptr<AsyncResp>& asyncResp) @@ -484,7 +486,7 @@ class NetworkProtocol : public Node std::optional<nlohmann::json> ntp; std::optional<nlohmann::json> ipmi; - if (!json_util::readJson(req, res, "HostName", newHostName, "NTP", ntp, + if (!json_util::readJson(req, res, "NTP", ntp, "HostName", newHostName, "IPMI", ipmi)) { return; @@ -493,7 +495,11 @@ class NetworkProtocol : public Node res.result(boost::beast::http::status::no_content); if (newHostName) { +#ifdef BMCWEB_ALLOW_DEPRECATED_HOSTNAME_PATCH handleHostnamePatch(*newHostName, asyncResp); +#else + messages::propertyNotWritable(asyncResp->res, "HostName"); +#endif } if (ntp) |