diff options
author | Abhishek Patel <Abhishek.Patel@ibm.com> | 2021-08-01 00:44:51 +0300 |
---|---|---|
committer | Ed Tanous <edtanous@google.com> | 2022-04-27 18:55:44 +0300 |
commit | 3d768a165183dd8cf7e485ac67ab7270845d5f87 (patch) | |
tree | 679df4a12a20ff2189e8d51e4792f8fd5fffa34b /redfish-core/lib/ethernet.hpp | |
parent | 5344ab8e5bdb4fdced9041565fd745333a9a350e (diff) | |
download | bmcweb-3d768a165183dd8cf7e485ac67ab7270845d5f87.tar.xz |
Fix Ethernet privileges
Post method:
1) /redfish/v1/Managers/bmc/EthernetInterfaces/<str>/VLANs/
ConfigureComponents -> ConfigureManager
Patch method:
1) /redfish/v1/Managers/bmc/EthernetInterfaces/<str>/VLANs/<str>/
ConfigureComponents -> ConfigureManager
2) /redfish/v1/Managers/bmc/EthernetInterfaces/<str>/
ConfigureComponents -> ConfigureManager (SubordinateOverrides)
Delete method:
1) /redfish/v1/Managers/bmc/EthernetInterfaces/<str>/VLANs/<str>/
ConfigureComponents -> ConfigureManager
This change allows only Admin user to post, patch, and delete on VLAN
Network Interface Collection and restrict Operator user.
Same for the EthernetInterfaces patch method.
Tested: Ran curl test with admin and operator privileged user for
all methods (post, patch, and delete). one test failing.
Error: curl -k -H "X-Auth-Token: $bmc_token" -X PATCH -d
'{"VLANId" :30 , "VLANEnable" : true}'
https://${BMC_IP}/redfish/v1/Managers/bmc/EthernetInterfaces/
eth0/VLANs/eth0_50
This command is unable to update the VLANId value. instead, it
deletes VLAN
Email sent to openbmc list:
https://lists.ozlabs.org/pipermail/openbmc/2021-August/027232.html
Signed-off-by: Abhishek Patel <Abhishek.Patel@ibm.com>
Change-Id: I4101c429db6fa788909982b66445b191ccacaec7
Diffstat (limited to 'redfish-core/lib/ethernet.hpp')
-rw-r--r-- | redfish-core/lib/ethernet.hpp | 12 |
1 files changed, 3 insertions, 9 deletions
diff --git a/redfish-core/lib/ethernet.hpp b/redfish-core/lib/ethernet.hpp index 237dfcd63e..33ff656722 100644 --- a/redfish-core/lib/ethernet.hpp +++ b/redfish-core/lib/ethernet.hpp @@ -2123,9 +2123,7 @@ inline void requestEthernetInterfacesRoutes(App& app) BMCWEB_ROUTE( app, "/redfish/v1/Managers/bmc/EthernetInterfaces/<str>/VLANs/<str>/") - // This privilege is incorrect, it should be ConfigureManager - //.privileges(redfish::privileges::patchVLanNetworkInterface) - .privileges({{"ConfigureComponents"}}) + .privileges(redfish::privileges::patchVLanNetworkInterface) .methods(boost::beast::http::verb::patch)( [&app](const crow::Request& req, const std::shared_ptr<bmcweb::AsyncResp>& asyncResp, @@ -2210,9 +2208,7 @@ inline void requestEthernetInterfacesRoutes(App& app) BMCWEB_ROUTE( app, "/redfish/v1/Managers/bmc/EthernetInterfaces/<str>/VLANs/<str>/") - // This privilege is incorrect, it should be ConfigureManager - //.privileges(redfish::privileges::deleteVLanNetworkInterface) - .privileges({{"ConfigureComponents"}}) + .privileges(redfish::privileges::deleteVLanNetworkInterface) .methods(boost::beast::http::verb::delete_)( [&app](const crow::Request& req, const std::shared_ptr<bmcweb::AsyncResp>& asyncResp, @@ -2332,9 +2328,7 @@ inline void requestEthernetInterfacesRoutes(App& app) BMCWEB_ROUTE(app, "/redfish/v1/Managers/bmc/EthernetInterfaces/<str>/VLANs/") - // This privilege is wrong, it should be ConfigureManager - //.privileges(redfish::privileges::postVLanNetworkInterfaceCollection) - .privileges({{"ConfigureComponents"}}) + .privileges(redfish::privileges::postVLanNetworkInterfaceCollection) .methods(boost::beast::http::verb::post)( [&app](const crow::Request& req, const std::shared_ptr<bmcweb::AsyncResp>& asyncResp, |