diff options
| author | Ed Tanous <ed.tanous@intel.com> | 2019-07-18 01:51:55 +0300 |
|---|---|---|
| committer | Ed Tanous <ed.tanous@intel.com> | 2019-07-18 01:51:55 +0300 |
| commit | d4b5443f2c8bafc6e0ace4115a302734ec3b2c77 (patch) | |
| tree | 13b6985353a40d21c347c02433cdbd3c60181161 | |
| parent | 2a21b9db6fcfe477f9ef31453df93e3f6c442a44 (diff) | |
| download | bmcweb-d4b5443f2c8bafc6e0ace4115a302734ec3b2c77.tar.xz | |
Revert "Redfish: Add PATCH operation support for RemoteRoleMapping"
This reverts commit 2a21b9db6fcfe477f9ef31453df93e3f6c442a44.
Reason for revert:
Merged accidentally. Tested locally, and seems to work as designed. Needs fixed to match the comments below, then should be good to go.
Change-Id: I95c19e47a09ca5afa343fd7590bc39f750cd81e0
| -rw-r--r-- | redfish-core/lib/account_service.hpp | 256 |
1 files changed, 4 insertions, 252 deletions
diff --git a/redfish-core/lib/account_service.hpp b/redfish-core/lib/account_service.hpp index d4e1b38ea7..6cbbdce524 100644 --- a/redfish-core/lib/account_service.hpp +++ b/redfish-core/lib/account_service.hpp @@ -37,8 +37,6 @@ constexpr const char* ldapConfigInterface = constexpr const char* ldapCreateInterface = "xyz.openbmc_project.User.Ldap.Create"; constexpr const char* ldapEnableInterface = "xyz.openbmc_project.Object.Enable"; -constexpr const char* ldapPrivMapperInterface = - "xyz.openbmc_project.User.PrivilegeMapper"; constexpr const char* dbusObjManagerIntf = "org.freedesktop.DBus.ObjectManager"; constexpr const char* propertyInterface = "org.freedesktop.DBus.Properties"; constexpr const char* mapperBusName = "xyz.openbmc_project.ObjectMapper"; @@ -151,243 +149,6 @@ void parseLDAPConfigData(nlohmann::json& json_response, } /** - * @brief deletes given RoleMapping Object. - */ -static void deleteRoleMappingObject(const std::shared_ptr<AsyncResp>& asyncResp, - const std::string& objPath, - const std::string& serverType, - unsigned int index) -{ - - BMCWEB_LOG_DEBUG << "deleteRoleMappingObject objPath =" << objPath; - - crow::connections::systemBus->async_method_call( - [asyncResp, serverType, index](const boost::system::error_code ec) { - if (ec) - { - BMCWEB_LOG_ERROR << "DBUS response error: " << ec; - messages::internalError(asyncResp->res); - return; - } - asyncResp->res.jsonValue[serverType]["RemoteRoleMapping"][index] = - nullptr; - }, - ldapDbusService, objPath, "xyz.openbmc_project.Object.Delete", - "Delete"); -} - -/** - * @brief sets RoleMapping Object's property with given value. - */ -static void setRoleMappingProperty( - const std::shared_ptr<AsyncResp>& asyncResp, const std::string& objPath, - const std::string& redfishProperty, const std::string& dbusProperty, - const std::string& value, const std::string& serverType, unsigned int index) -{ - BMCWEB_LOG_DEBUG << "setRoleMappingProperty objPath: " << objPath - << "value: " << value; - - // need to get the dbus privilege from the given refish role - std::string dbusVal = value; - if (redfishProperty == "LocalRole") - { - dbusVal = getPrivilegeFromRoleId(value); - } - - crow::connections::systemBus->async_method_call( - [asyncResp, serverType, index, redfishProperty, - value](const boost::system::error_code ec) { - if (ec) - { - BMCWEB_LOG_ERROR << "DBUS response error: " << ec; - messages::internalError(asyncResp->res); - return; - } - asyncResp->res.jsonValue[serverType]["RemoteRoleMapping"][index] - [redfishProperty] = value; - }, - ldapDbusService, objPath, "org.freedesktop.DBus.Properties", "Set", - "xyz.openbmc_project.User.PrivilegeMapperEntry", - std::move(dbusProperty), std::variant<std::string>(std::move(dbusVal))); -} - -/** - * @brief validates given JSON input and then calls appropriate method to - * create, to delete or to set Rolemapping object based on the given input. - * - */ -static void handleRoleMapPatch( - const std::shared_ptr<AsyncResp>& asyncResp, - const std::vector<std::pair<std::string, LDAPRoleMapData>>& roleMapObjData, - const std::string& serverType, const nlohmann::json& input) -{ - if (!input.is_array()) - { - messages::propertyValueTypeError(asyncResp->res, input.dump(), - "RemoteRoleMapping"); - return; - } - - size_t index = 0; - for (const nlohmann::json& thisJson : input) - { - // Check that entry is not of some unexpected type - if (!thisJson.is_object() && !thisJson.is_null()) - { - messages::propertyValueTypeError(asyncResp->res, thisJson.dump(), - "RemoteGroup or LocalRole"); - index++; - continue; - } - BMCWEB_LOG_DEBUG << "JSON=" << thisJson << "\n"; - // delete the existing object - if (thisJson.is_null()) - { - if (input.size() <= roleMapObjData.size()) - { - deleteRoleMappingObject(asyncResp, - roleMapObjData.at(index).first, - serverType, index); - } - else - { - BMCWEB_LOG_ERROR << "Can't delete the object"; - messages::propertyValueTypeError( - asyncResp->res, thisJson.dump(), "RemoteRoleMapping"); - return; - } - - index++; - continue; - } - - if (thisJson.empty()) - { - if ((input.size() > roleMapObjData.size()) && - (index > roleMapObjData.size())) - { - BMCWEB_LOG_ERROR << "Empty object can't be inserted"; - messages::propertyValueTypeError( - asyncResp->res, thisJson.dump(), "RemoteRoleMapping"); - return; - } - - index++; - continue; - } - - const std::string* remoteGroup = nullptr; - nlohmann::json::const_iterator remoteGroupIt = - thisJson.find("RemoteGroup"); - - // extract "RemoteGroup" and "LocalRole" form JSON - if (remoteGroupIt != thisJson.end()) - { - remoteGroup = remoteGroupIt->get_ptr<const std::string*>(); - } - - const std::string* localRole = nullptr; - nlohmann::json::const_iterator localRoleIt = thisJson.find("LocalRole"); - if (localRoleIt != thisJson.end()) - { - localRole = localRoleIt->get_ptr<const std::string*>(); - } - - // Update existing RoleMapping Object - if (roleMapObjData.size() >= input.size()) - { - BMCWEB_LOG_DEBUG << "setRoleMappingProperties: Updating Object"; - // If "RemoteGroup" info is provided - if (remoteGroup != nullptr) - { - if (remoteGroup->empty()) - { - messages::propertyValueTypeError( - asyncResp->res, thisJson.dump(), "RemoteGroup"); - return; - } - // check if the given data is not equal to already existing one - else if (roleMapObjData.at(index).second.groupName.compare( - *remoteGroup) != 0) - { - setRoleMappingProperty(asyncResp, - roleMapObjData.at(index).first, - "RemoteGroup", "GroupName", - *remoteGroup, serverType, index); - } - } - - // If "LocalRole" info is provided - if (localRole != nullptr) - { - if (localRole->empty()) - { - messages::propertyValueTypeError( - asyncResp->res, thisJson.dump(), "LocalRole"); - return; - } - // check if the given data is not equal to already existing one - else if (roleMapObjData.at(index).second.privilege.compare( - *localRole) != 0) - { - setRoleMappingProperty( - asyncResp, roleMapObjData.at(index).first, "LocalRole", - "Privilege", *localRole, serverType, index); - } - } - index++; - } - // Create a new RoleMapping Object. - else - { - BMCWEB_LOG_DEBUG << "setRoleMappingProperties: Creating new Object"; - if (localRole == nullptr || remoteGroup == nullptr) - { - messages::propertyValueTypeError(asyncResp->res, - thisJson.dump(), - "RemoteGroup or LocalRole"); - return; - } - else if (remoteGroup->empty() || localRole->empty()) - { - messages::propertyValueTypeError( - asyncResp->res, thisJson.dump(), "RemoteGroup LocalRole"); - return; - } - - std::string dbusObjectPath; - if (serverType == "ActiveDirectory") - { - dbusObjectPath = ADConfigObject; - } - else if (serverType == "LDAP") - { - dbusObjectPath = ldapConfigObject; - } - - crow::connections::systemBus->async_method_call( - [asyncResp, serverType, index, localRole{std::move(*localRole)}, - remoteGroup{std::move(*remoteGroup)}]( - const boost::system::error_code ec) { - if (ec) - { - BMCWEB_LOG_ERROR << "DBUS response error: " << ec; - messages::internalError(asyncResp->res); - } - nlohmann::json& remoteRoleJson = - asyncResp->res - .jsonValue[serverType]["RemoteRoleMapping"][index]; - remoteRoleJson["LocalRole"] = localRole; - remoteRoleJson["RemoteGroup"] = remoteGroup; - }, - ldapDbusService, dbusObjectPath, ldapPrivMapperInterface, - "Create", *remoteGroup, getPrivilegeFromRoleId(*localRole)); - index++; - } - } -} - -/** * Function that retrieves all properties for LDAP config object * into JSON */ @@ -938,14 +699,12 @@ class AccountService : public Node std::optional<std::string> groupsAttribute; std::optional<std::string> userName; std::optional<std::string> password; - std::optional<nlohmann::json> remoteRoleMapData; if (!json_util::readJson(input, asyncResp->res, "Authentication", authentication, "LDAPService", ldapService, "ServiceAddresses", serviceAddressList, "AccountProviderType", accountProviderType, - "ServiceEnabled", serviceEnabled, - "RemoteRoleMapping", remoteRoleMapData)) + "ServiceEnabled", serviceEnabled)) { return; } @@ -986,8 +745,7 @@ class AccountService : public Node // nothing to update, then return if (!userName && !password && !serviceAddressList && !baseDNList && - !userNameAttribute && !groupsAttribute && !serviceEnabled && - !remoteRoleMapData) + !userNameAttribute && !groupsAttribute && !serviceEnabled) { return; } @@ -998,7 +756,7 @@ class AccountService : public Node baseDNList, userNameAttribute, groupsAttribute, accountProviderType, serviceAddressList, serviceEnabled, - dbusObjectPath, remoteRoleMapData]( + dbusObjectPath]( bool success, LDAPConfigData confData, const std::string& serverType) { if (!success) @@ -1065,15 +823,9 @@ class AccountService : public Node handleServiceEnablePatch(confData.serviceEnabled, asyncResp, serverType, dbusObjectPath); } - - if (remoteRoleMapData) - { - - handleRoleMapPatch(asyncResp, confData.groupRoleList, - serverType, *remoteRoleMapData); - } }); } + void doGet(crow::Response& res, const crow::Request& req, const std::vector<std::string>& params) override { |