| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Added PowerSupplyConfigurationErrorRecovered message entry in
openbmc_message_registry as it is required when PSU deassert event
occurred.
This is continuation of below patch.
https://gerrit.openbmc-project.xyz/#/c/openbmc/dbus-sensors/+/27701/
Tested:
1. Verified redfish validator passed
2. verified in Redfish, PowerSupplyConfigurationErrorRecovered message populated
properly
Get: https://<BMC IP>/redfish/v1/Systems/system/LogServices/
EventLog/Entries
{
"@odata.context": "/redfish/v1/$metadata#LogEntry.LogEntry",
"@odata.id": "/redfish/v1/Systems/system/LogServices/EventLog/Entries/42519",
"@odata.type": "#LogEntry.v1_4_0.LogEntry",
"Created": "1970-01-01T11:48:39+00:00",
"EntryType": "Event",
"Id": "42519",
"Message": "Power supply PSU2 configuration error recovered.",
"MessageArgs": [
"PSU2"
],
"MessageId": "OpenBMC.0.1.PowerSupplyConfigurationErrorRecovered",
"Name": "System Event Log Entry",
"Severity": "OK"
},
Signed-off-by: jayaprakash Mutyala <mutyalax.jayaprakash@intel.com>
Change-Id: Ifef9d323241f49124df7b85f85d42041e7ecdf83
|
|
Based on the spec, these PSU related logs should be warning.
Tested:
With two PSUs, remove one AC cable, and then remove the PSU,
Check the PSU related log in
https://$BMCIP/redfish/v1/Systems/system/LogServices/EventLog/Entries
Signed-off-by: Yong Li <yong.b.li@linux.intel.com>
Change-Id: Iebce710d7d003731cbb956738d8be212bf04ad0b
|
|
OpenBMC supports "System" or "bundled" images that contain two or more
firmware images, such as BMC and Host or PSU firmware, making the
resulting image file greater than the current limit of 30MB.
Make the http request body size configurable to allow bigger files to
be uploaded.
Tested:
- Upload a regular BMC image still works.
- Uploading a 50MB firmware image that contains the host fw fails:
$ curl -k -H "X-Auth-Token: $token" -H "Content-Type: application/octet-stream" -X POST -T obmc-phosphor-image-witherspoon-128.ubi.mtd.tar https://${bmc}/upload/image
curl: (52) Empty reply from server
- With the "-DBMCWEB_HTTP_REQ_BODY_LIMIT_MB=128" compile option works:
$ curl -k -H "X-Auth-Token: $token" -H "Content-Type: application/octet-stream" -X POST -T obmc-phosphor-image-witherspoon-128.ubi.mtd.tar https://${bmc}/upload/image
{
"data": "19e6fe13",
"message": "200 OK",
"status": "ok"
}
Change-Id: I0b0e1032c9daf00a01e42ac5ee1c0d979f857d5e
Signed-off-by: Adriana Kobylak <anoo@us.ibm.com>
|
|
This commit fixes issue around Connection class and websockets
- controlling connection lifetime by shared_ptr instead of manual new/delete
- fixed memory leak when upgrading connection to websockets
- removed dangling reference to conn.req in websockets
- fixed lack of reponse for invalid websockets URLs
- fixed not working connections deadline timer
There is no noticable performance impact after switching connection management
to shared pointers. Benchmark results using: wrk https://${bmc}
shared_ptr: 144.29 Requests/sec
new/delete: 144.41 Requests/sec
Tested manually:
performance: wrk https://${bmc}
memory leaks: top
websockets: webui- KVM and VirtualMedia
HTTP GET on random Redfish schemas: postman
Signed-off-by: Jan Sowinski <jan.sowinski@intel.com>
Change-Id: I63f7395ba081a68e7900eae2ed204acd50f58689
|
|
This commit sets the mutual TLS option to ON by default.
Core mTLS implementation was accepted under this commit:
https://gerrit.openbmc-project.xyz/c/openbmc/bmcweb/+/23588
where by default the mTLS was disabled.
Tested:
Manual tests were made to verify if this option turns the
mTLS ON.
Signed-off-by: Zbigniew Kurzynski <zbigniew.kurzynski@intel.com>
Change-Id: I3bc5f5453d4c4df1cd7ecb0b8868423285b6ab83
|
|
I now understand the router properly (as I did a while back). This call
is correct, as "/" and "" are considered the same by the router.
Tested: Comment change, no impact to code.
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
Change-Id: Ic6fc17f0e7137bbc3674c2290d10dcdba9b4ed18
|
|
Through one of the refactors, webserver_common.hpp picked up an include
to itself, presumably when code was moved. This doesn't cause any ill
effects, but is cruft that can be cleaned up.
Tested:
Code compiles. No functional change to verify.
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
Change-Id: Ie901baa3cfd88decdbecbad01c6b577d92d2441b
|
|
We currently use multiple regex calls to convert specific
fields to links. Rather than continuing to add new regex
calls for individual link types, we can use one regex to
convert all '/redfish/' paths to links.
Tested:
Checked that all provided redfish paths are converted to
links: odata.id, odata.context, nextLink, Uri, etc.
Change-Id: I2f06e2d5ee9b3d88141f1629f168b3667669d93f
Signed-off-by: Jason M. Bills <jason.m.bills@linux.intel.com>
|
|
Tested:
Can successfully load /redfish/v1/$metadata in Chrome.
Change-Id: Id591ae3c03ffe3889d7f61299454407a9e9f1c23
Signed-off-by: Jason M. Bills <jason.m.bills@linux.intel.com>
|
|
This commit contains bug fixes in readJson function call
1) Handled invalid double value which is leading to crash
bmcweb. If user give string for double value key, its
not handled in readJson which intern causes exception
and crash.
2) If any of input types of floating_point, signed or unsigned
int type values are provided with wrong type, it should
return error, instead its returning 200 success response.
Added code to return proper error response.
Tested:
- Tested invalid case by giving wrong type values in PATCH.
URI: /redfish/v1/Chassis/WC_Baseboard/Thermal
METHOD: Patch
REQUEST:
{
"Fans": [
{
"MemberId": "Fan_1a",
"Reading": "200"
}
]
}
RESPONSE:
{
"Reading@Message.ExtendedInfo": [
{
"@odata.type": "/redfish/v1/$metadata#Message.v1_0_0.Message",
"Message": "The value \"200\" for the property Reading is of a different type than the property can accept.",
"MessageArgs": [
"\"200\"",
"Reading"
],
"MessageId": "Base.1.4.0.PropertyValueTypeError",
"Resolution": "Correct the value for the property in the request body and resubmit the request if the operation failed.",
"Severity": "Warning"
}
]
}
- Also performed some positive and negative tests with other URI's.
- Redfish validator ran successfully without any issue(No impact though)
Change-Id: Ie98384e67a863ab96aa537f492a686b2c7ebb3a2
Signed-off-by: AppaRao Puli <apparao.puli@linux.intel.com>
|
|
Modified the code to make an asynchronous call to GetUserInfo to get
the user role for authorization.
For local users, DBus matches are used to store user role map hot in
memory. Hence, bmcweb has to know whether a user is a local user or
LDAP user to get the role. To avoid this, removed the existing DBus
matches and modified the code to call GetUserInfo to get the role of
local users as well as LDAP users.
Tested:
- Created a local user having admin privilege and verified that he is
able to restart the system
/redfish/v1/Systems/system/Actions/ComputerSystem.Reset
-d '{"ResetType": "GracefulRestart"}'
- Created a local user having user privilege and verified that he is
unauthorized to restart the system
/redfish/v1/Systems/system/Actions/ComputerSystem.Reset
-d '{"ResetType": "GracefulRestart"}'
- Created a remote user having admin privilege and verified that he is
able to restart the system
/redfish/v1/Systems/system/Actions/ComputerSystem.Reset
-d '{"ResetType": "GracefulRestart"}'
- Created a remote user having user privilege and verified that he is
unauthorized to restart the system
/redfish/v1/Systems/system/Actions/ComputerSystem.Reset
-d '{"ResetType": "GracefulRestart"}'
- Tested Redfish ConfigureSelf privilege
Signed-off-by: RAJESWARAN THILLAIGOVINDAN <rajeswgo@in.ibm.com>
Change-Id: Ic3e46a0c0aff2cf456c98048350e58e302011c57
|
|
redfish-logging-in-bmcweb.md is moving under architecture/ as part of
https://gerrit.openbmc-project.xyz/c/openbmc/docs/+/27960
27960 should merge before this is merged.
Change-Id: I761c6ad49d1838160371c46d8503b2e33d6bad4c
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>
|
|
This new value will be used by javascript in phosphor-webui
to perform login-less authentication.
Tested:
Manually tests were performed on Chrome browser.
Having enabled and configured mTLS user is able
to authenticate with proper certificates.
The login page is not displayed unless user logs out.
Appropriate phosphor-webui changes can be found here:
https://gerrit.openbmc-project.xyz/c/openbmc/phosphor-webui/+/27851
Signed-off-by: Zbigniew Kurzynski <zbigniew.kurzynski@intel.com>
Change-Id: Iac76459e1843a5c8bd2287c6e078319aebedfdcc
|
|
This commit is a fix for revert:
https://gerrit.openbmc-project.xyz/c/openbmc/bmcweb/+/27205
The mTLS will work only when:
* Compilation flag BMCWEB_ENABLE_MUTUAL_TLS_AUTHENTICATION is
enabled and,
* AccountService->Oem->OpenBMC->AuthMethods->TLS is set and,
* at least one certificate is uploaded to TrustStore.
To enforce a new mTLS settings after switching AuthMethods->TLS
all awaiting for acceptance connections are dropped.
In case of authorized mTLS requests a cookie with XSRF-TOKEN entry
and SESSION is added to response. It will force the X-XSRF-TOKEN
challenge in case of applications supporting cookies like web
browsers.
Also some minor log messages changes were made in this commit.
Tested:
validator_service run with status: 'Validation has succeeded'.
Tests were made with Chrome browser Version 78.0.3904.108.
The certificate popup appears only when mTLS is enabled in CMake,
the TLS option is set and at least one CA certificate is present.
In other cases mTLS is not active and there is no popup for certs.
Signed-off-by: Zbigniew Kurzynski <zbigniew.kurzynski@intel.com>
Change-Id: I778b848b767356b60386694f802a89b3c1f6cb14
|
|
Support health status of firmware inventory objects based on the mapping
relationship:
[dbus status] [redfish state] [redfish health]
Ready Disabled OK
Activating Updating OK
Active Enabled OK
NotReady Disabled Warning
Invalid Disabled Warning
Failed Disabled Warning
Tested:
[dbus status] --> [redfish state] --> [redfish health]
1. Ready --> Disabled --> OK
$ curl -k -H "X-Auth-Token: $token" https://$bmc/xyz/openbmc_project/software/enumerate
{
...
"/xyz/openbmc_project/software/9557fe67": {
"Activation": "xyz.openbmc_project.Software.Activation.Activations.Ready",
...
}
$curl -k -H "X-Auth-Token: $token" https://${bmc}/redfish/v1/UpdateService/FirmwareInventory/9557fe67
{
"@odata.context": "/redfish/v1/$metadata#SoftwareInventory.SoftwareInventory",
"@odata.id": "/redfish/v1/UpdateService/FirmwareInventory/9557fe67",
...
"Status": {
"Health": "OK",
"HealthRollup": "OK",
"State": "Disabled"
},
...
}
2. Activating --> Updating --> OK
$ curl -k -H "X-Auth-Token: $token" https://$bmc/xyz/openbmc_project/software/enumerate
{
...
"/xyz/openbmc_project/software/9557fe67": {
"Activation": "xyz.openbmc_project.Software.Activation.Activations.Activating",
...
}
$curl -k -H "X-Auth-Token: $token" https://${bmc}/redfish/v1/UpdateService/FirmwareInventory/9557fe67
{
"@odata.context": "/redfish/v1/$metadata#SoftwareInventory.SoftwareInventory",
"@odata.id": "/redfish/v1/UpdateService/FirmwareInventory/9557fe67",
...
"Status": {
"Health": "OK",
"HealthRollup": "OK",
"State": "Updating"
},
...
}
3. Active --> Enabled --> OK
$ curl -k -H "X-Auth-Token: $token" https://$bmc/xyz/openbmc_project/software/enumerate
{
"data": {
"/xyz/openbmc_project/software/9557fe67": {
"Activation": "xyz.openbmc_project.Software.Activation.Activations.Active",
...
}
$ curl -k -H "X-Auth-Token: $token" https://${bmc}/redfish/v1/UpdateService/FirmwareInventory/9557fe67
{
"@odata.context": "/redfish/v1/$metadata#SoftwareInventory.SoftwareInventory",
"@odata.id": "/redfish/v1/UpdateService/FirmwareInventory/9557fe67",
...
"Status": {
"Health": "OK",
"HealthRollup": "OK",
"State": "Enabled"
},
...
}
4. Invalid --> Disabled --> Warning
# busctl call xyz.openbmc_project.Software.BMC.Updater /xyz/openbmc_project/software/c0bbba12 \
org.freedesktop.DBus.Properties Set ssv xyz.openbmc_project.Software.Activation Activation s \
xyz.openbmc_project.Software.Activation.Activations.Invalid
$ curl -k -H "X-Auth-Token: $token" https://$bmc/xyz/openbmc_project/software/enumerate
{
...
"/xyz/openbmc_project/software/c0bbba12": {
"Activation": "xyz.openbmc_project.Software.Activation.Activations.Invalid",
...
}
$ curl -k -H "X-Auth-Token: $token" https://${bmc}/redfish/v1/UpdateService/FirmwareInventory/c0bbba12
{
"@odata.context": "/redfish/v1/$metadata#SoftwareInventory.SoftwareInventory",
"@odata.id": "/redfish/v1/UpdateService/FirmwareInventory/c0bbba12",
...
"Status": {
"Health": "Warning",
"HealthRollup": "OK",
"State": "Disabled"
},
...
}
5. NotReady --> Disabled --> Warning
# busctl call xyz.openbmc_project.Software.BMC.Updater /xyz/openbmc_project/software/c0bbba12 \
org.freedesktop.DBus.Properties Set ssv xyz.openbmc_project.Software.Activation Activation s \
xyz.openbmc_project.Software.Activation.Activations.NotReady
$ curl -k -H "X-Auth-Token: $token" https://$bmc/xyz/openbmc_project/software/enumerate
{
...
"/xyz/openbmc_project/software/c0bbba12": {
"Activation": "xyz.openbmc_project.Software.Activation.Activations.NotReady",
...
}
$ curl -k -H "X-Auth-Token: $token" https://${bmc}/redfish/v1/UpdateService/FirmwareInventory/c0bbba12
{
"@odata.context": "/redfish/v1/$metadata#SoftwareInventory.SoftwareInventory",
"@odata.id": "/redfish/v1/UpdateService/FirmwareInventory/c0bbba12",
...
"Status": {
"Health": "Warning",
"HealthRollup": "OK",
"State": "Disabled"
},
...
}
6. Failed --> Disabled --> Warning
# busctl call xyz.openbmc_project.Software.BMC.Updater /xyz/openbmc_project/software/c0bbba12 \
org.freedesktop.DBus.Properties Set ssv xyz.openbmc_project.Software.Activation Activation s \
xyz.openbmc_project.Software.Activation.Activations.Failed
$ curl -k -H "X-Auth-Token: $token" https://$bmc/xyz/openbmc_project/software/enumerate
{
...
"/xyz/openbmc_project/software/c0bbba12": {
"Activation": "xyz.openbmc_project.Software.Activation.Activations.Failed",
...
}
$ curl -k -H "X-Auth-Token: $token" https://${bmc}/redfish/v1/UpdateService/FirmwareInventory/c0bbba12
{
"@odata.context": "/redfish/v1/$metadata#SoftwareInventory.SoftwareInventory",
"@odata.id": "/redfish/v1/UpdateService/FirmwareInventory/c0bbba12",
...
"Status": {
"Health": "Warning",
"HealthRollup": "OK",
"State": "Disabled"
},
...
}
Validator tool result:
Counter({'pass': 2992, 'skipOptional': 2470, 'metadataNamespaces': 1605,
'passGet': 189, 'serviceNamespaces': 71, 'invalidPropertyValue': 10,
'warningPresent': 6, 'passAction': 6, 'optionalAction': 5, 'warnDeprecated':
2, 'unverifiedComplexAdditional': 1})
Validation has succeeded.
Change-Id: Ic475f56d19c0be01ca7aebf67a3f6814d35bcacd
Signed-off-by: Carol Wang <wangkair@cn.ibm.com>
|
|
BMCWeb was using the "passwd" command PAM configuration settings when changing
the password. This changes it to use PAM service_name="webserver", the same
name it already uses for PAM authentication and account management functions.
Doing so allows the BMC system administrator to provide separate PAM config
files for the "passwd" command and BMCWeb's password changing function, and
for these activities to be correctly identified in the system logs.
Here is a sample incorrect log message (truncated & wrapped):
bmcweb[353]: pam_warn(passwd:chauthtok): function=[pam_sm_chauthtok]
flags=0xc000 service=[passwd] terminal=[<unknown>] user=[testuser]
ruser=[<unknown>] rhost=[<unknown>]
The "service" should be "webserver".
Tested: yes, password change successful
Change-Id: I593f42c8f0494df967fb498fb4dd66fa4168596b
Signed-off-by: Joseph Reynolds <joseph-reynolds@charter.net>
|
|
This reverts commit 5e931ae994307babe6c3520cbaca6a7139acc81d.
Reason for revert: Causing build failures
/bmcweb/redfish-core/include/node.hpp: In member function ‘bool redfish::Node::isAllowedWithoutConfigureSelf(const crow::Request&)’:
/bmcweb/redfish-core/include/node.hpp:182:36: error: ‘crow::persistent_data::UserRoleMap’ has not been declared
crow::persistent_data::UserRoleMap::getInstance().getUserRole(
When 900f949773795141266271107219ea019f2839cd was merged first
this patch was not successfully rebased.
Change-Id: I947d96362c7dadea5572888468a11fac5ee361d4
Signed-off-by: James Feist <james.feist@linux.intel.com>
|
|
Message entry for
1. At-Scale Debug session established and closed.
2. Whenever At-Scale Debug user is enabled or disabled
3. At-scalde Debug feature is enabled or disabled in platform
4. At-sclde Debug service is enabled or disabled
Tested:
1. Ran Redfish validator - passed for this new addition.
Log will be shown as below:
{
"@odata.context": "/redfish/v1/$metadata#LogEntry.LogEntry",
"@odata.id": "/redfish/v1/Systems/system/LogServices/EventLog/Entries/254",
"@odata.type": "#LogEntry.v1_4_0.LogEntry",
"Created": "1970-01-01T00:04:14+00:00",
"EntryType": "Event",
"Id": "254",
"Message": "At-Scale Debug Feature is enabled in hardware.",
"MessageArgs": [],
"MessageId": "OpenBMC.0.1.AtScaleDebugFeatureEnabledAtHardware",
"Name": "System Event Log Entry",
"Severity": "Critical"
},
{
"@odata.context": "/redfish/v1/$metadata#LogEntry.LogEntry",
"@odata.id": "/redfish/v1/Systems/system/LogServices/EventLog/Entries/254_1",
"@odata.type": "#LogEntry.v1_4_0.LogEntry",
"Created": "1970-01-01T00:04:14+00:00",
"EntryType": "Event",
"Id": "254_1",
"Message": "At-Scale Debug service is started.",
"MessageArgs": [],
"MessageId": "OpenBMC.0.1.AtScaleDebugFeatureEnabled",
"Name": "System Event Log Entry",
"Severity": "Critical"
},
{
"@odata.context": "/redfish/v1/$metadata#LogEntry.LogEntry",
"@odata.id": "/redfish/v1/Systems/system/LogServices/EventLog/Entries/30630_2",
"@odata.type": "#LogEntry.v1_4_0.LogEntry",
"Created": "1970-01-01T08:30:30+00:00",
"EntryType": "Event",
"Id": "30630_2",
"Message": "At-scale-debug service is now connected 198.164.11.12",
"MessageArgs": [
"198.164.11.12"
],
"MessageId": "OpenBMC.0.1.AtScaleDebugConnected",
"Name": "System Event Log Entry",
"Severity": "Critical"
},
{
"@odata.context": "/redfish/v1/$metadata#LogEntry.LogEntry",
"@odata.id": "/redfish/v1/Systems/system/LogServices/EventLog/Entries/30630_3",
"@odata.type": "#LogEntry.v1_4_0.LogEntry",
"Created": "1970-01-01T08:30:30+00:00",
"EntryType": "Event",
"Id": "30630_3",
"Message": "At-scale-debug connection aborted/failed",
"MessageArgs": [],
"MessageId": "OpenBMC.0.1.AtScaleDebugConnectionFailed",
"Name": "System Event Log Entry",
"Severity": "Critical"
},
{
"@odata.context": "/redfish/v1/$metadata#LogEntry.LogEntry",
"@odata.id": "/redfish/v1/Systems/system/LogServices/EventLog/Entries/30629_2",
"@odata.type": "#LogEntry.v1_4_0.LogEntry",
"Created": "1970-01-01T08:30:29+00:00",
"EntryType": "Event",
"Id": "30629_2",
"Message": "At-scale-debug service is now disconnected",
"MessageArgs": [],
"MessageId": "OpenBMC.0.1.AtScaleDebugDisconnected",
"Name": "System Event Log Entry",
"Severity": "OK"
},
{
"@odata.context": "/redfish/v1/$metadata#LogEntry.LogEntry",
"@odata.id": "/redfish/v1/Systems/system/LogServices/EventLog/Entries/262",
"@odata.type": "#LogEntry.v1_4_0.LogEntry",
"Created": "1970-01-01T00:04:22+00:00",
"EntryType": "Event",
"Id": "262",
"Message": "At-Scale Debug special user is disabled",
"MessageArgs": [],
"MessageId": "OpenBMC.0.1.AtScaleDebugSpecialUserDisabled",
"Name": "System Event Log Entry",
"Severity": "OK"
},
{
"@odata.context": "/redfish/v1/$metadata#LogEntry.LogEntry",
"@odata.id": "/redfish/v1/Systems/system/LogServices/EventLog/Entries/154",
"@odata.type": "#LogEntry.v1_4_0.LogEntry",
"Created": "1970-01-01T00:02:34+00:00",
"EntryType": "Event",
"Id": "154",
"Message": "At-Scale Debug special user is enabled",
"MessageArgs": [],
"MessageId": "OpenBMC.0.1.AtScaleDebugSpecialUserEnabled",
"Name": "System Event Log Entry",
"Severity": "Critical"
},
Signed-off-by: Suryakanth Sekar <suryakanth.sekar@linux.intel.com>
Change-Id: Id5369c36547c4a5d7ae6f1f1dbd4dae8317a26d7
|
|
Exceptions are compiled out, and json.get throws, change
it to get_ptr.
Tested: no functional change
Change-Id: Ie2db7285b89b45b1fd61d8526561b772c85151b3
Signed-off-by: James Feist <james.feist@linux.intel.com>
|
|
Added a Redfish section about engaging the DMTF's Redfish working group
before adding a Redfish OEM schema or property.
See https://lists.ozlabs.org/pipermail/openbmc/2019-November/019571.html
Tested: https://jbt.github.io/markdown-editor/ and grammarly.com
Change-Id: I946483a90e34f63930a2cba047d14226d2da7583
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>
|
|
Modified the code to make an asynchronous call to GetUserInfo to get
the user role for authorization.
For local users, DBus matches are used to store user role map hot in
memory. Hence, bmcweb has to know whether a user is a local user or
LDAP user to get the role. To avoid this, removed the existing DBus
matches and modified the code to call GetUserInfo to get the role of
local users as well as LDAP users.
Tested:
- Created a local user having admin privilege and verified that he is
able to restart the system
/redfish/v1/Systems/system/Actions/ComputerSystem.Reset
-d '{"ResetType": "GracefulRestart"}'
- Created a local user having user privilege and verified that he is
unauthorized to restart the system
/redfish/v1/Systems/system/Actions/ComputerSystem.Reset
-d '{"ResetType": "GracefulRestart"}'
- Created a remote user having admin privilege and verified that he is
able to restart the system
/redfish/v1/Systems/system/Actions/ComputerSystem.Reset
-d '{"ResetType": "GracefulRestart"}'
- Created a remote user having user privilege and verified that he is
unauthorized to restart the system
/redfish/v1/Systems/system/Actions/ComputerSystem.Reset
-d '{"ResetType": "GracefulRestart"}'
Signed-off-by: RAJESWARAN THILLAIGOVINDAN <rajeswgo@in.ibm.com>
Change-Id: Ifd813e1af4dfcb7aeaba18e04b6c9767d2a5e95a
|
|
Added new state 'StandBySpare' for firmware inventory
objects. With this change firmware inventory ["Status"]["State"]
will be set to "StandBySpare" if the inventory item is
BackUp/Recovery image.
Tested:
- Did the GET on "/redfish/v1/UpdateService/FirmwareInventory/<backup image>"
Response:
....
"Status": {
"Health": "OK",
"HealthRollup": "OK",
"State": "StandbySpare"
}
.....
- Verifed GET on other inventory and works fine
- Successfully ran the Redfish validator.
Change-Id: I7094bb3a60a7fb8dc6564ee1d7a67480249423ac
Signed-off-by: Vikram Bodireddy <vikram.bodireddy@linux.intel.com>
|
|
Enhances BMCWeb to correctly handle the Redfish ConfigureSelf privilege.
Redfish document DSP2046 defines the ConfigureSelf privilege as
"Can change the password for the current user account and log out of
their own sessions." This notion is formalized in the Redfish DSP8011
PrivilegeRegistry where ConfigureSelf appears in three operations:
- ManagerAccount (/redfish/v1/AccountService/Accounts/{account}) GET operation.
- ManagerAccount (/redfish/v1/AccountService/Accounts/{account}) PATCH
Password property override.
- Session (/redfish/v1/SessionService/Sessions/{sessionid}) DELETE operation.
Tested: Yes, tested the above operations using users with various Roles to
determine which operations are allowed.
ReadOnly users (privileges: Login, ConfigureSelf):
- Can GET their own account.
- Can change their password.
- Can log out.
- Cannot change any other properties of their own account.
- Cannot change anyone else's password.
- Cannot GET someone else's account.
- Cannot log out anyone else.
Operator users (privileges: Login, ConfigureComponents, ConfigureSelf):
- Same access as a ReadOnly user.
Administrator users (all privileges):
- Can do everything Operator can do.
- Can change one or more properties of their account
- Can GET and change properties of someone else's account.
- Can logoff any session.
Signed-off-by: Joseph Reynolds <joseph-reynolds@charter.net>
Change-Id: If8efd71cb9743a59b7c5fe1565804d21e788ea29
|
|
Issue: NoAccess user able to get the Systems/system in Redfish
Fix: Added privilege check for NoAccess
Tested:
1. Verified redfish validator passed
2. Verified NoAccess privilege user on Redfish for /Systems/system url
GET: https://<BMC IP>/redfish/v1/Systems/system
Result: Status is 403 Forbidden
Body log: Forbidden
Signed-off-by: jayaprakash Mutyala <mutyalax.jayaprakash@intel.com>
Change-Id: Ib0ccb3382a9c33608ef354f1e545c328aec40179
|
|
Tested by:
Request: Creating session with wrong credential.
curl --insecure -X POST -D headers.txt https://${BMC_IP}/redfish/v1/SessionService/Sessions
-d '{"UserName":"root", "Password":"penBmc"}'
Resonse Error code: HTTP/1.1 401 Unauthorized
Signed-off-by: Sunitha Harish <sunithaharish04@gmail.com>
Change-Id: I9c7b0af644f1e3d987b4f76e4206bbb276aba035
|
|
This action resets the BIOS attributes to default.
Tested:
GET test:
1. $ curl -k -H "X-Auth-Token: $token" https://${bmc}/redfish/v1/Systems/system
{
...
"Bios": {
"@odata.id": "/redfish/v1/Systems/system/Bios"
},
...
}
2. $ curl -k -H "X-Auth-Token: $token" https://${bmc}/redfish/v1/Systems/system/Bios
{
"@odata.id": "/redfish/v1/Systems/system/Bios",
"@odata.type": "#Bios.v1_1_0.Bios",
"Actions": {
"#Bios.ResetBios": {
"target": "/redfish/v1/Systems/system/Bios/Actions/Bios.ResetBios"
}
},
"Description": "BIOS Configuration Service",
"Id": "BIOS",
"Name": "BIOS Configuration"
}
POST test:
1. Change gard list:
# ./gard list
No GARD entries to display
# ./gard create /Sys0/Node0/Proc1/EQ1/EX1/Core0
# ./gard list
ID | Error | Type | Path
-----------------------------------------------------------------------
00000001 | 00000000 | Manual | /Sys0/Node0/Proc1/EQ1/EX1/Core0
=======================================================================
2. Reset bios:
# curl -k -H "X-Auth-Token: $token" -X POST https://${bmc}/redfish/v1/Systems/system/Bios/Actions/Bios.ResetBios
3. Check gard list again:
# ./gard list
No GARD entries to display
Validator tool test:
Counter({'pass': 3001, 'skipOptional': 2475, 'metadataNamespaces': 1605,
'passGet': 191, 'serviceNamespaces': 72, 'invalidPropertyValue': 10,
'passAction': 7, 'optionalAction': 6, 'warningPresent': 6, 'warnDeprecated':
2, 'unverifiedComplexAdditional': 1})
Validation has succeeded.
Signed-off-by: Carol Wang <wangkair@cn.ibm.com>
Change-Id: I0cba966bfde04566001b6df07ad15217f627c327
|
|
This change is to GET and PATCH the ApplyTime property using the
UpdateServce redfish schema. GET request can be used to check the value
before initiating the BMC image upload and activation. PATCH request
can be used to update the ApplyTime value.
If the ApplyTime value is Immediate, force-reboot.service gets called
which reboots the BMC. If the ApplyTime value is OnReset, no force reboot
will be triggered and the new BMC image will be functional till the user
decideds to reboot the BMC manually.
Tested:
Changes passed the Redfish-Service-Validator test.
Success Scenarios:
1. If the value of ApplyTime is Immediate (GET request)
GET https://$bmc/redfish/v1/UpdateService
{
"@odata.context": "/redfish/v1/$metadata#UpdateService.UpdateService",
"@odata.id": "/redfish/v1/UpdateService",
"@odata.type": "#UpdateService.v1_2_0.UpdateService",
"ApplyTime": "Immediate",
"Description": "Service for Software Update",
"FirmwareInventory": {
"@odata.id": "/redfish/v1/UpdateService/FirmwareInventory"
},
"HttpPushUri": "/redfish/v1/UpdateService",
"Id": "UpdateService",
"Name": "Update Service",
"ServiceEnabled": true
}
2. PATCH request to change value to OnReset:
PATCH -d '{ "HttpPushUriOptions": { "HttpPushUriApplyTime":
{ "ApplyTime""OnReset"}}}' https://${bmc}/redfish/v1/UpdateService
{
"@Message.ExtendedInfo": [
{
"@odata.type": "/redfish/v1/$metadata#Message.v1_0_0.Message",
"Message": "Successfully Completed Request",
"MessageArgs": [],
"MessageId": "Base.1.4.0.Success",
"Resolution": "None",
"Severity": "OK"
}
]
}
Error Scenarios:
1. Test by giving wrong HttpPushUriOptions name
[Given as "HttpPushUriOptions1"]
PATCH -d '{ "HttpPushUriOptions1": { "HttpPushUriApplyTime":
{ "ApplyTime":"Immediate"}}}' https://${bmc}/redfish/v1/UpdateService
{
"HttpPushUriOptions1@Message.ExtendedInfo": [
{
"@odata.type": "/redfish/v1/$metadata#Message.v1_0_0.Message",
"Message": "The property HttpPushUriOptions1 is not in the list of valid properties for the resource.",
"MessageArgs": [
"HttpPushUriOptions1"
],
"MessageId": "Base.1.4.0.PropertyUnknown",
"Resolution": "Remove the unknown property from the request body and resubmit the request if the operation failed.",
"Severity": "Warning"
}
]
}
2. Test by giving wrong HttpPushUriApplyTime name
[Given as "HttpPushUriApplyTime1"]
PATCH -d '{ "HttpPushUriOptions": { "HttpPushUriApplyTime1":
{ "ApplyTime:"Immediate"}}}' https://${bmc}/redfish/v1/UpdateService
{
"HttpPushUriApplyTime1@Message.ExtendedInfo": [
{
"@odata.type": "/redfish/v1/$metadata#Message.v1_0_0.Message",
"Message": "The property HttpPushUriApplyTime1 is not in the list of valid properties for the resource.",
"MessageArgs": [
"HttpPushUriApplyTime1"
],
"MessageId": "Base.1.4.0.PropertyUnknown",
"Resolution": "Remove the unknown property from the request body and resubmit the request if the operation failed.",
"Severity": "Warning"
}
]
}
3. Test by giving wrong ApplyTime name [Given as "ApplyTime1"]
PATCH -d '{ "HttpPushUriOptions": { "HttpPushUriApplyTime":
{ "ApplyTime1":"Immediate"}}}' https://${bmc}/redfish/v1/UpdateService
{
"ApplyTime1@Message.ExtendedInfo": [
{
"@odata.type": "/redfish/v1/$metadata#Message.v1_0_0.Message",
"Message": "The property ApplyTime1 is not in the list of valid properties for the resource.",
"MessageArgs": [
"ApplyTime1"
],
"MessageId": "Base.1.4.0.PropertyUnknown",
"Resolution": "Remove the unknown property from the request body and resubmit the request if the operation failed.",
"Severity": "Warning"
}
]
}
4. Giving wrong ApplyTime value ["Immediat" instead of "Immediate"]
PATCH -d '{ "HttpPushUriOptions": { "HttpPushUriApplyTime":
{ "ApplyTime":"Immediat"}}}' https://${bmc}/redfish/v1/UpdateService
{
"ApplyTime@Message.ExtendedInfo": [
{
"@odata.type": "/redfish/v1/$metadata#Message.v1_0_0.Message",
"Message": "The value Immediat for the property ApplyTime is not in the list of acceptable values.",
"MessageArgs": [
"Immediat",
"ApplyTime"
],
"MessageId": "Base.1.4.0.PropertyValueNotInList",
"Resolution": "Choose a value from the enumeration list that the implementation can support and resubmit the request if the operation failed.",
"Severity": "Warning"
}
]
}
5. NULL value given for "HttpPushUriOptions"
PATCH -d '{ "HttpPushUriOptions": ""}' https://${bmc}/redfish/v1/UpdateSrvice
{
"HttpPushUriOptions@Message.ExtendedInfo": [
{
"@odata.type": "/redfish/v1/$metadata#Message.v1_0_0.Message",
"Message": "The value \"\" for the property HttpPushUriOptions is of a different type than the property can accept.",
"MessageArgs": [
"\"\"",
"HttpPushUriOptions"
],
"MessageId": "Base.1.4.0.PropertyValueTypeError",
"Resolution": "Correct the value for the property in the request body and resubmit the request if the operation failed.",
"Severity": "Warning"
}
]
}
6. NULL value given for "HttpPushUriApplyTime"
PATCH -d '{ "HttpPushUriOptions": { "HttpPushUriApplyTime":""}}' https:/${bmc}/redfish/v1/UpdateService
{
"HttpPushUriApplyTime@Message.ExtendedInfo": [
{
"@odata.type": "/redfish/v1/$metadata#Message.v1_0_0.Message",
"Message": "The value \"\" for the property HttpPushUriApplyTime is of a different type than the property can accept.",
"MessageArgs": [
"\"\"",
"HttpPushUriApplyTime"
],
"MessageId": "Base.1.4.0.PropertyValueTypeError",
"Resolution": "Correct the value for the property in the request body and resubmit the request if the operation failed.",
"Severity": "Warning"
}
]
}
7. NULL value given for "HttpPushUriApplyTime"
PATCH -d '{ "HttpPushUriOptions": { "HttpPushUriApplyTime":{ "ApplyTime":""}}}' https://${bmc}/redfish/v1/UpdateService
{
"ApplyTime@Message.ExtendedInfo": [
{
"@odata.type": "/redfish/v1/$metadata#Message.v1_0_0.Message",
"Message": "The value for the property ApplyTime is not in the list of acceptable values.",
"MessageArgs": [
"",
"ApplyTime"
],
"MessageId": "Base.1.4.0.PropertyValueNotInList",
"Resolution": "Choose a value from the enumeration list that the implementation can support and resubmit the request if the operation failed.",
"Severity": "Warning"
}
]
}
Signed-off-by: Jayashankar Padath <jayashankar.padath@in.ibm.com>
Change-Id: Icd01bb6c102c0a24285c79ccf4d41fd5fe53f0ed
|
|
Total Memory in redfish is always 0, fix the problem.
Tested:
After DC cycle the system. TotalSystemMemoryGiB in Redfish system page should
not be zero.
"MemorySummary": {
"Status": {
"State": "Enabled"
},
"TotalSystemMemoryGiB": 16
},
Signed-off-by: Cheng C Yang <cheng.c.yang@linux.intel.com>
Change-Id: I89ad8ed1cf5f9ca9589db444740167645dab9a6e
|
|
Since an OnDemand crashdump could take some time it may cause
the request to time out before the response can be sent.
The correct fix for this is to implement the Redfish Task Monitor
service to handle all asynchronous tasks. Until then, this
change will return 204 (no content) and add the OnDemand log to
the Entries list.
When Task Monitor is implemented it can return 202 (accepted) with
the location of the Task to poll.
Tested:
Used Postman to trigger the OnDemand action and immediately got a
204 response. Polled the Entries list and saw the OnDemand entry
after it was ready.
Change-Id: I3e2692ec5d377823072e0d610fa3ca17a9259a37
Signed-off-by: Jason M. Bills <jason.m.bills@linux.intel.com>
|
|
Tested:
Used Postman to send the OnDemand action twice and got a 503 with
a retry message on the second attempt.
Change-Id: I319a6318ee57e504a54b3fdb6894a5aeb43af203
Signed-off-by: Jason M. Bills <jason.m.bills@linux.intel.com>
|
|
Tested:
Used a browser to request an invalid Crashdump URI and got a
404 with a resource not found error.
Change-Id: Idcac7868bb1f3b4c0248926b46be2cf4fce05328
Signed-off-by: Jason M. Bills <jason.m.bills@linux.intel.com>
|
|
Whenever the Redfish response is that a service is temporarily
unavailable, the "Retry-After" header is added with the same
value, so just set the header automatically with the response.
Tested:
Confirmed that the "Retry-After" header is set correctly with
the Redfish temporarily unavailable message.
Change-Id: I9c940be94d9d284b9633c5caa2ce71ade76d22d5
Signed-off-by: Jason M. Bills <jason.m.bills@linux.intel.com>
|
|
This interface doesn't have to exist
Change-Id: If0ea4e3c201c80c25e825f64ba3601685ef9ed95
Signed-off-by: James Feist <james.feist@linux.intel.com>
|
|
This adds support for Storage Controllers.
Tested: Validator passed
{
"@odata.context": "/redfish/v1/$metadata#Storage.Storage",
"@odata.id": "/redfish/v1/Systems/system/Storage/1",
"@odata.type": "#Storage.v1_7_1.Storage",
"Drives": [
{
"@odata.id": "/redfish/v1/Systems/system/Storage/1/Drives/Drive_1"
},
{
"@odata.id": "/redfish/v1/Systems/system/Storage/1/Drives/Drive_2"
},
{
"@odata.id": "/redfish/v1/Systems/system/Storage/1/Drives/Drive_3"
},
{
"@odata.id": "/redfish/v1/Systems/system/Storage/1/Drives/Drive_4"
},
{
"@odata.id": "/redfish/v1/Systems/system/Storage/1/Drives/Drive_5"
},
{
"@odata.id": "/redfish/v1/Systems/system/Storage/1/Drives/Drive_6"
},
{
"@odata.id": "/redfish/v1/Systems/system/Storage/1/Drives/Drive_7"
},
{
"@odata.id": "/redfish/v1/Systems/system/Storage/1/Drives/Drive_8"
}
],
"Drives@odata.count": 8,
"Id": "1",
"Name": "Storage Controller",
"Status": {
"Health": "OK",
"HealthRollup": "OK",
"State": "Enabled"
},
"StorageControllers": [
{
"@odata.context": "/redfish/v1/$metadata#Storage.StorageController",
"@odata.id": "/redfish/v1/Systems/system/Storage/1#/StorageControllers/0",
"@odata.type": "#Storage.v1_7_0.StorageController",
"Manufacturer": "$BOARD_MANUFACTURER",
"MemberId": "HSBP_1",
"Model": "$BOARD_PRODUCT_NAME",
"Name": "HSBP_1",
"PartNumber": "$BOARD_PART_NUMBER",
"SerialNumber": "$BOARD_SERIAL_NUMBER",
"Status": {
"Health": "OK",
"HealthRollup": "OK",
"State": "Enabled"
}
}
]
}
Change-Id: I9d956343daa74ddfa912e3cbe0d38b0e42a4859f
Signed-off-by: James Feist <james.feist@linux.intel.com>
|
|
In the Redfish.md, we state "The redfish implementation shall pass
the Redfish Service Validator with no warnings or errors".
Added testing the Redfish Service Validator as part of the
"Developing and Testing" in DEVELOPING.md.
Change-Id: I1688d6a33066d74ca9d6a79d6241e8cc9fe9deb8
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>
|
|
Populate does a mapper call and a get managed objects
and should only be called once. Enforce it.
Tested: No actual change, it is currently never called
twice, this is just for future protection with multiple
async calls.
Change-Id: I8fb9d8d19b2aa2a1c957a0ac8b609adf5e6ba6d0
Signed-off-by: James Feist <james.feist@linux.intel.com>
|
|
Some log messages were not following logging format used in this
file, after this change logs from the http_connection.h file
should be coherent.
Also changing log level of one of messages in ‘doRead’ function.
Tested: Manually, the bmcweb was build with logging enabled and
tested by journalctl log verification.
Signed-off-by: Zbigniew Kurzynski <zbigniew.kurzynski@intel.com>
Change-Id: I6c96124cbc3b5ef96bfdca57f04c834728f52fe6
|
|
Comment was incorrect, and probably leftover from a clang-format run.
Tested: No tests needed. Only a comment
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
Change-Id: I3f4cb86bc624b02d0bda536bcc66ce7c99882329
|
|
Nbd-proxy is responsible for exposing websocket endpoint in bmcweb.
It matches WS endpoints with unix socket paths using configuration
exposed on D-Bus by Virtual-Media.
Virtual-Media is then notified about unix socket availability through
mount/unmount D-Bus methods.
Currently, this feature is disabled by default.
Tested: Integrated with initial version of Virtual-Media.
Change-Id: I9c572e9841b16785727e5676fea1bb63b0311c63
Signed-off-by: Iwona Klimaszewska <iwona.klimaszewska@intel.com>
Signed-off-by: Przemyslaw Czarnowski <przemyslaw.hawrylewicz.czarnowski@intel.com>
|
|
std::strtol() expects null-terminated string. This means that passing
string_view.data() to it may cause undefined behaviour.
Let's fix it by using boost::convert instead.
Tested: Manually by sending valid requests and looking for empty
responses.
Change-Id: I319277551b5e85586783afdc8c86e4a7d8db876e
Signed-off-by: Iwona Klimaszewska <iwona.klimaszewska@intel.com>
|
|
Considering that wild card captures are now known to be difficult to
maintain, remove a couple instances of them from app. They are no
longer used as a capture, so can be safely removed with no effect. It's
likely the compiler is doing this already.
Tested:
No functional change. Code compiles.
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
Change-Id: I252344a4608f7e107bcb273d725b5a484eb7a17d
|
|
Set the PowerCap with redfish patch.
Tested:
Case 1: PowerCapEnable is false
$ curl -k -H "X-Auth-Token: $token" -X PUT -d '{"data":false}' https://$bmc/xyz/openbmc_project/control/host0/power_cap/attr/PowerCapEnable
$ curl -k -H "X-Auth-Token: $token"https://${bmc}/redfish/v1/Chassis/chassis/Power
{
"@odata.context": "/redfish/v1/$metadata#Power.Power",
"@odata.id": "/redfish/v1/Chassis/chassis/Power",
"@odata.type": "#Power.v1_5_2.Power",
"Id": "Power",
"Name": "Power",
"PowerControl": [
{
"@odata.id": "/redfish/v1/Chassis/chassis/Power#/PowerControl/0",
"@odata.type": "#Power.v1_0_0.PowerControl",
"MemberId": "0",
"Name": "Chassis Power Control",
"PowerLimit": {
"LimitInWatts": null
}
}
],
...
}
$curl -k -H "X-Auth-Token: $token" https://${bmc}/redfish/v1/Chassis/chassis/Power -X PATCH -d '{"PowerControl":[{"PowerLimit":{"LimitInWatts":2004}}]}'
{
"error": {
"@Message.ExtendedInfo": [
{
"@odata.type": "/redfish/v1/$metadata#Message.v1_0_0.Message",
"Message": "PowerCapEnable is false, can't set the PowerCap.",
"MessageArgs": [],
"MessageId": "Base.1.4.0.UnableToSetPowerCap",
"Resolution": "Set PowerCapEnable to be true before setting PowerCap.",
"Severity": "Warning"
}
],
"code": "Base.1.4.0.UnableToSetPowerCap",
"message": "PowerCapEnable is false, can't set the PowerCap."
}
}
Case 2: PowerCapEnable is true, PowerControl json only
$ curl -k -H "X-Auth-Token: $token" -X PUT -d '{"data":true}' https://$bmc/xyz/openbmc_project/control/host0/power_cap/attr/PowerCapEnable
$ curl -k -H "X-Auth-Token: $token"https://${bmc}/redfish/v1/Chassis/chassis/Power
{
"@odata.context": "/redfish/v1/$metadata#Power.Power",
"@odata.id": "/redfish/v1/Chassis/chassis/Power",
"@odata.type": "#Power.v1_5_2.Power",
"Id": "Power",
"Name": "Power",
"PowerControl": [
{
"@odata.id": "/redfish/v1/Chassis/chassis/Power#/PowerControl/0",
"@odata.type": "#Power.v1_0_0.PowerControl",
"MemberId": "0",
"Name": "Chassis Power Control",
"PowerLimit": {
"LimitInWatts": 2001.0
}
}
],
...
}
$ curl -k -H "X-Auth-Token: $token"https://${bmc}/redfish/v1/Chassis/chassis/Power -X PATCH -d '{"PowerControl":[{"PowerLimit":{"LimitInWatts":2004}}]}' -v
...
< HTTP/1.1 204 No Content
...
$ curl -k -H "X-Auth-Token: $token" https://${bmc}/redfish/v1/Chassis/chassis/Power
{
"@odata.context": "/redfish/v1/$metadata#Power.Power",
"@odata.id": "/redfish/v1/Chassis/chassis/Power",
"@odata.type": "#Power.v1_5_2.Power",
"Id": "Power",
"Name": "Power",
"PowerControl": [
{
"@odata.id": "/redfish/v1/Chassis/chassis/Power#/PowerControl/0",
"@odata.type": "#Power.v1_0_0.PowerControl",
"MemberId": "0",
"Name": "Chassis Power Control",
"PowerLimit": {
"LimitInWatts": 2004.0
}
}
],
...
}
Case 3: PowerCapEnable is true, PowerControl and Voltages json
$ curl -k -H "X-Auth-Token: $token" https://${bmc}/redfish/v1/Chassis/chassis/Power -X PATCH -d '{"PowerControl":[{"PowerLimit"{"LimitInWatts":2001}}], "Voltages": [{"MemberId" : "p0_vcs_voltage", "ReadingVolts":8}]}' -v
...
< HTTP/1.1 204 No Content
...
Case 4: Wrong chassis path
$ curl -k -H "X-Auth-Token: $token" https://${bmc}/redfish/v1/Chassis/chassi/Power -X PATCH -d '{"PowerControl":[{"PowerLimit":{"LimitInWatts":2001}}]}'
{
"error": {
"@Message.ExtendedInfo": [
{
"@odata.type": "/redfish/v1/$metadata#Message.v1_0_0.Message",
"Message": "The requested resource of type Chassis named chassi was not found.",
"MessageArgs": [
"Chassis",
"chassi"
],
"MessageId": "Base.1.4.0.ResourceNotFound",
"Resolution": "Provide a valid resource identifier and resubmit the request.",
"Severity": "Critical"
}
],
"code": "Base.1.4.0.ResourceNotFound",
"message": "The requested resource of type Chassis named chassi was not found."
}
}
Signed-off-by: Carol Wang <wangkair@cn.ibm.com>
Change-Id: Ifabdf053005b31cf3e3539009a1ec20ce4d46d5b
|
|
The sessions implementation previously used operator== for session
comparisons. While unlikely to be attackable in the current
implementation, due to the time smearing in a number of cases, modern
security practices recommend using constant time comparison.
Tested By:
Logged into the webui, and observed no change to login flows. Logged
into redfish using Token Auth, and observed no changes. Closed a
previous session, then reopened with the new session information to
verify user sessions are restored properly and still work.
Change-Id: Ie759e4da67ba004fd8c327f177951ac756ea6799
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
Signed-off-by: James Feist <james.feist@linux.intel.com>
|
|
Added support for the IndicatorLED property for physical leds
associated with Thermal and Power sensors.
Testing: Verified output on a witherspoon.
No new errors in redfish validation.
Change-Id: I4e49b3c1769742e49f57c6c1b77a82511cdc8b99
Signed-off-by: Anthony Wilson <wilsonan@us.ibm.com>
|
|
Currently some systems doesn't have enclosure_identity_blink
object for supporting blinking feature which are leading
to systems/system uri failing with 500 error.
Corrected the code to make enclosure_identity_blink object
get/set as optional.
Tested:
Tested IndicatorLED for all 3 cases and it works fine.
Simulated case to not have enclosure_identity_blink object
and teste all 3 InidicatorLED value set and get.
Ran the redfish validator with success results.
Change-Id: I310fb71269aae6d36ea025556ad3b1d87b0acb39
Signed-off-by: AppaRao Puli <apparao.puli@linux.intel.com>
Signed-off-by: James Feist <james.feist@linux.intel.com>
|
|
This patch is about fixing mTLS access to URL requiring Administrator
or Opeartor privileges (e.g. /redfish/v1/AccountService).
Tested manually with cURL:
- prepare and install CA certificate,
- call GET to the url=/redfish/v1/AccountService,
- verify whether got status=200 and proper body in the response.
Signed-off-by: Zbigniew Lukwinski <zbigniew.lukwinski@linux.intel.com>
Change-Id: I65109bffadf4f1d6d410cd303687b6da55fd1be0
|
|
Updated get and set of IndicatorLED state
to use the correct d-bus service. Added code to
support LED blinking state.
Tested:
- Using PATCH method on below URI, changed "IndicatorLed"
to multiple states like 'Lit', 'Off', 'Blinking' and
verified correct response using GET method.
URI: /redfish/v1/Systems/system
- Ran the Redfish validator and no new issues observed.
Change-Id: I40f103b1cb0190c48605f60bfca39ba1d20a28ec
Signed-off-by: AppaRao Puli <apparao.puli@linux.intel.com>
|
|
This makes some browswers fail to login without a
certificate, it needs to stay disabled.
Introduced here:
https://github.com/openbmc/bmcweb/commit/55e43f69#diff-f34027492b16c1b7a880248323fe4fd8R316
Tested: Cert was not required in Chrome on Windows
Change-Id: I27e60e73784d04e14b9b1495ebd1399ad4ab96ab
Signed-off-by: James Feist <james.feist@linux.intel.com>
|
|
This disables ssl renegotiaion based on the potential
DOS attack here: https://www.cvedetails.com/cve/CVE-2011-1473/
Tested: testssl shows it as disabled
https://github.com/drwetter/testssl.sh
validator passed
Fixes https://github.com/openbmc/openbmc/issues/3624
Change-Id: I4bfbd770d25ba5d1a7292421f1ccad2b2e73d3a6
Signed-off-by: James Feist <james.feist@linux.intel.com>
|
|
Because these structures are known at compile time, they can be
constexpr with no ill effect.
Tested: Code compiles, clang-tidy checks pass no functional change.
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
Signed-off-by: James Feist <james.feist@linux.intel.com>
Change-Id: Id78e3638b3dddd740f1a22e22d17fb0d6f8437d3
|
