| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
For better or worse, the series ahead of this is making use of
setUpRedfishRoute to do the common "redfish specified" things that need
to be done for a connection, like header checking, filtering, and other
things. In the current model, where BMCWEB_ROUTE is a common function
for all HTTP routes, this means we need to propagate this injection call
into the whole tree ahead of the requests being handled.
In a perfect world, we would invent something like a REDFISH_ROUTE
macro, but because macros are discouraged, the routes take a variadic
template of parameters, and each call to the route has a .privileges()
call in the middle, there's no good way to effect this change in a less
costly manner. This was messaged both in the prior reviews, and on
discord sourcing improvements on this pattern, to which none arose.
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: Id29cc799e214edad41e48fc7ce6eed0521f90ecb
|
|
We don't have too many violations here, probably because we don't have
many optional parameters. Fix the existing instances, and enable the
check.
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: I4d512f0ec90b060fb60a42fe3cd6ba72fb6c6bcb
|
|
The privileges were converted to a string by mistake in the previous
commit (see below).
https://gerrit.openbmc-project.xyz/c/openbmc/bmcweb/+/44691
Change-Id: Iaf1d8ec9d4a041703d3f5796e5de8e582d7010d0
Signed-off-by: John Edward Broadbent <jebr@google.com>
|
|
This change will allow for unit testing of the free function.
There are no changes to logic in bios logic response.
Tested: no change to
curl --user root:0penBmc -k https://${bmc}/redfish/v1/Systems/system/Bios
Signed-off-by: John Edward Broadbent <jebr@google.com>
Change-Id: I1de7d2f250e381863a071b9e45e7bf8e8538af87
|
|
Post method:
1) /redfish/v1/Systems/system/Bios/Actions/Bios.ResetBios/
ConfigureManager -> ConfigureComponents
This change allows Admin and operator users to Reset bios.
Before this change, the only admin user has that privileges.
Tested: Ran curl Post requests with Admin and Operator privileged users
Get output as aspected.
Email sent to openbmc list:
https://lists.ozlabs.org/pipermail/openbmc/2021-August/027232.html
Signed-off-by: Abhishek Patel <Abhishek.Patel@ibm.com>
Change-Id: Ia8638c822f0f84d657ece1a8e1b1aa38019b24d7
|
|
This commit attempts to automate the creation of our privileges
structures from the redfish privilege registry. It accomplishes this by
updating parse_registries.py to also pull down the privilege registry
from DMTF.
The script then generates privilege_registry.hpp, which include const
defines for all the privilege registry entries in the same format that
the Privileges struct accepts. This allows new clients to simply
reference the variable to these privilege structures, instead of having
to manually (ie error pronely) put the privileges in themselves.
This commit updates all the routes.
For the moment, override and OEM schemas are not considered. Today we
don't have any OEM-specific Redfish routes, so the existing ones inherit
their parents schema. Overrides have other issues, and are already
incorrect as Redfish defines them.
Binary size remains unchanged after this patchset.
Tested:
Ran redfish service validator
Ran test case from f9a6708c4c6490257e2eb6a8c04458f500902476 to ensure
that the new privileges constructor didn't cause us to regress the brace
construction initializer.
Checked binary size with:
gzip -c
$BBPATH/tmp/work/s7106-openbmc-linux-gnueabi/obmc-phosphor-image/1.0-r0/rootfs/usr/bin/bmcweb
| wc -c
1244048
(tested on previous patchset)
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: Ideede3d5b39d50bffe7fe78a0848bdbc22ac387f
|
|
There are a number of endpoints that assume that a given routes
privileges are governed by a single set of privileges, instead of
multiple sets ORed together. To handle this, there were two overloads
of the privileges() method, one that took a vector of Privileges, and
one that took an initializer_list of const char*. Unfortunately, this
leads some code in AccountService to pick the wrong overload when it's
called like this
.privileges( {{"ConfigureUsers"}, {"ConfigureManager"},
{"ConfigureSelf"}})
This is supposed to be "User must have ConfigureUsers, or
ConfigureManager, or ConfigureSelf". Currently, because it selects the
wrong overload, it computes to "User must have ConfigureUsers AND
ConfigureManager AND ConfigureSelf.
The double braces are supposed to cause this to form a vector of
Privileges, but it appears that the initializer list gets consumed, and
the single invocation of initializer list is called. Interestingly,
trying to put in a privileges overload of
intializer_list<initializer_list<const char*>> causes the compilation to
fail with an ambiguous call error, which is what I would've expected to
see previously in this case, but alas, I'm only a novice when it comes
to how the C++ standard works in these edge cases. This is likely due
in part to the fact that they were templates of an unused template param
(seemingly copied from the previous method) and SFINAE rules around
templates.
This commit functionally removes one of the privileges overloads, and
adds a second set of braces to every privileges call that previously had
a single set of braces. Previous code will not compile now, which is
IMO a good thing.
This likely popped up in the Node class removal, because the Node class
explicitly constructs a vector of Privilege objects, ensuing it can hit
the right overload
Tested:
Ran Redfish service validator
Tested the specific use case outlined on discord with:
Creating a new user with operator privilege:
```
redfishtool -S Always -u root -p 0penBmc -vvvvvvvvv -r 192.168.7.2
AccountService adduser foo mysuperPass1 Operator
```
Then attempting to list accounts:
```
curl -vvvv --insecure --user foo:mysuperPass1
https://192.168.7.2/redfish/v1/AccountService/Accounts/foo
```
Which succeeded and returned the account in question.
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: I83e62b70e97f56dc57d43b9081f333a02fe85495
|
|
Reduces the total number of lines and will allow for easier testing of
the redfish responses.
A main purpose of the node class was to set app.routeDynamic(). However
now app.routeDynamic can handle the complexity that was once in critical
to node. The macro app.routeDynamic() provides a shorter cleaner
interface to the unerlying app.routeDyanic call. The old pattern set
permissions for 6 interfaces (get, head, patch, put, delete_, and post)
even if only one interface is created. That pattern creates unneeded
code that can be safely removed with no effect.
Unit test for the responses would have to mock the node the class in
order to fully test responses.
see https://github.com/openbmc/bmcweb/issues/181
The following files still need node to be extracted.
virtual_media.hpp
account_service.hpp
redfish_sessions.hpp
ethernet.hpp
The files above use a pattern that is not trivial to address. Often their
responses call an async lambda capturing the inherited class. ie
(https://github.com/openbmc/bmcweb/blob/ffed87b5ad1797ca966d030e7f979770
28d258fa/redfish-core/lib/account_service.hpp#L1393)
At a later point I plan to remove node from the files above.
Tested:
I ran the docker unit test with the following command.
WORKSPACE=$(pwd) UNIT_TEST_PKG=bmcweb
./openbmc-build-scripts/run-unit-test-docker.sh
I ran the validator and this change did not create any issues.
python3 RedfishServiceValidator.py -c config.ini
Signed-off-by: John Edward Broadbent <jebr@google.com>
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: I147a0289c52cb4198345b1ad9bfe6fdddf57f3df
|
|
Get the core using AsyncResp everywhere, and not have each individual handler
creating its own object.We can call app.handle() without fear of the response
getting ended after the first tree is done populating.
Don't use res.end() anymore.
Tested:
1. Validator passed.
Signed-off-by: zhanghaicheng <zhanghch05@inspur.com>
Change-Id: I867367ce4a0caf8c4b3f4e07e06c11feed0782e8
|
|
SoftwareImages was added in Manager in 1_6_0 and Bios in 1_1_0.
Use the existing getActiveFwVersion function but rename to
populateFirmwareInformation. Changed the mapper call from a GetObject to a
GetSubTree. Added some debug to the function.
Tested: Validator passes.
curl -k https://$bmc/redfish/v1/Managers/bmc
....
"Links": {
"ActiveSoftwareImage": {
"@odata.id": "/redfish/v1/UpdateService/FirmwareInventory/e4e1c69d"
},
"ManagerForChassis": [
....
"@odata.id": "/redfish/v1/Chassis/chassis"
},
"SoftwareImages": [
{
"@odata.id": "/redfish/v1/UpdateService/FirmwareInventory/730944ed"
},
{
"@odata.id": "/redfish/v1/UpdateService/FirmwareInventory/e4e1c69d"
}
],
"SoftwareImages@odata.count": 2
},
...
Change-Id: I20798852a2f62575854820bff36175dda38c7dbc
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>
|
|
This commit enables the "unused variables" warning in clang. Throughout
this, it did point out several issues that would've been functional
bugs, so I think it was worthwhile. It also cleaned up several unused
variable from old constructs that no longer exist.
Tested:
Built with clang. Code no longer emits warnings.
Downloaded bmcweb to system and pulled up the webui, observed webui
loads and logs in properly.
Change-Id: I51505f4222cc147d6f2b87b14d7e2ac4a74cafa8
Signed-off-by: Ed Tanous <ed@tanous.net>
|
|
Middlewares, while kinda cool from an academic standpoint, make our
build times even worse than they already are. Given that we only really
use 1 real middleware today (token auth) and it needs to move into the
parser mode anyway (for security limiting buffer sizes), we might as well
use this as an opportunity to delete some code.
Some other things that happen:
1. Persistent data now moves out of the crow namespace
2. App is no longer a template
3. All request_routes implementations no longer become templates. This
should be a decent (unmeasured) win on compile times.
This commit was part of a commit previously called "various cleanups".
This separates ONLY the middleware deletion part of that.
Note, this also deletes about 400 lines of hard to understand code.
Change-Id: I4c19e25491a153a2aa2e4ef46fc797bcb5b3581a
Signed-off-by: Ed Tanous <ed@tanous.net>
|
|
ActiveSoftwareImage was added to Bios in v1_1_0 and Manager in v1_6_0.
What Redfish calls active is the functional or running image in
OpenBMC.
Reused getActiveFwVersion which means less D-Bus calls when
calling from Manager.
From https://redfish.dmtf.org/schemas/v1/Manager.v1_9_0.json
"ActiveSoftwareImage": {
...
"description": "The link to the software inventory resource that
represents the active firmware image for this manager.",
"longDescription": "This property shall contain a link to a resource
of type SoftwareInventory that represents the active firmware image for
this manager.",
"readonly": false,
"versionAdded": "v1_6_0"
PATCH support will come later.
Tested: Validator passes
Manager:
...
"FirmwareVersion": "2.9.0-dev-515-g92efac612-dirty",
...
"Links": {
"ActiveSoftwareImage": {
"@odata.id": "/redfish/v1/UpdateService/FirmwareInventory/82d3ec86"
},
"ManagerForChassis": [
{
"@odata.id": "/redfish/v1/Chassis/chassis"
}
],
...
System:
"BiosVersion": "IBM-witherspoon-OP9-v2.3-rc2-3.28",
Bios:
"ActiveSoftwareImage": {
"@odata.id": "/redfish/v1/UpdateService/FirmwareInventory/9f75c5ad"
}
},
Change-Id: Ia3583b4cb513bf36942a9dcbc4588615275bb2ad
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>
|
|
This is from openbmc/docs/style/cpp/.clang-format
Other OpenBMC repos are doing the same.
Tested: Built and validator passed.
Change-Id: Ief26c755c9ce012823e16a506342b0547a53517a
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>
|
|
This action resets the BIOS attributes to default.
Tested:
GET test:
1. $ curl -k -H "X-Auth-Token: $token" https://${bmc}/redfish/v1/Systems/system
{
...
"Bios": {
"@odata.id": "/redfish/v1/Systems/system/Bios"
},
...
}
2. $ curl -k -H "X-Auth-Token: $token" https://${bmc}/redfish/v1/Systems/system/Bios
{
"@odata.id": "/redfish/v1/Systems/system/Bios",
"@odata.type": "#Bios.v1_1_0.Bios",
"Actions": {
"#Bios.ResetBios": {
"target": "/redfish/v1/Systems/system/Bios/Actions/Bios.ResetBios"
}
},
"Description": "BIOS Configuration Service",
"Id": "BIOS",
"Name": "BIOS Configuration"
}
POST test:
1. Change gard list:
# ./gard list
No GARD entries to display
# ./gard create /Sys0/Node0/Proc1/EQ1/EX1/Core0
# ./gard list
ID | Error | Type | Path
-----------------------------------------------------------------------
00000001 | 00000000 | Manual | /Sys0/Node0/Proc1/EQ1/EX1/Core0
=======================================================================
2. Reset bios:
# curl -k -H "X-Auth-Token: $token" -X POST https://${bmc}/redfish/v1/Systems/system/Bios/Actions/Bios.ResetBios
3. Check gard list again:
# ./gard list
No GARD entries to display
Validator tool test:
Counter({'pass': 3001, 'skipOptional': 2475, 'metadataNamespaces': 1605,
'passGet': 191, 'serviceNamespaces': 72, 'invalidPropertyValue': 10,
'passAction': 7, 'optionalAction': 6, 'warningPresent': 6, 'warnDeprecated':
2, 'unverifiedComplexAdditional': 1})
Validation has succeeded.
Signed-off-by: Carol Wang <wangkair@cn.ibm.com>
Change-Id: I0cba966bfde04566001b6df07ad15217f627c327
|
