Age | Commit message (Collapse) | Author | Files | Lines |
|
clang-format may potentially reformat the readJson calls if they may
have more keys or key names are longer. This makes formatting in a way
that's readable by forcing to break a line for each key using an
empty-comment (`//`) each line.
It also allows trivially alphabetizing the list such that new additions
are less likely to have merge conflicts.
Tested:
- Check whitespace only.
- Code compiles.
- Redfish Service Validator with the same results before this
Change-Id: I3824a8c4faa9fa7c820d5d2fab6b565404926e2c
Signed-off-by: Ed Tanous <etanous@nvidia.com>
Signed-off-by: Myung Bae <myungbae@us.ibm.com>
|
|
The sdbusplus headers provide shortened aliases for many types.
Switch to using them to provide better code clarity and shorter
lines. Possible replacements are for:
* bus_t
* exception_t
* manager_t
* match_t
* message_t
* object_t
* slot_t
Change-Id: I1c12dfb9df9e4a86e4c13ec16bbf8beeff6edb10
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
|
|
Changes added : Added error code for invalid certificate
Problem : When Invalid certificate was passed to replace certificate
It was throwing error Internal error
Below is the redfishtool log:
redfishtool: Transport: Response Error: status_code: 500 --
Internal Error
redfishtool: raw: Error sending POST to resource, aborting
Solution : Return proper error code that is 400 -- Bad Request
Tested : I tested with redfish tool and below is the log
with correct error code
redfishtool: Transport: Response Error: status_code: 400 --
Bad Request
redfishtool: raw: Error sending POST to resource, aborting
Change-Id: I71e7a72a4c156dc80321641f279c20aff4bd6df1
Signed-off-by: Chandramohan Harkude <chandramohan.harkude@gmail.com>
|
|
Declaring a function static in a header makes no sense, because a header
isn't a compile unit. Find all the issues and replace them with inline.
Change-Id: Icfc2b72d94b41a3a880da1ae6975beaa30a6792b
Signed-off-by: Ed Tanous <etanous@nvidia.com>
|
|
clang-format-18 isn't compatible with the clang-format-17 output, so we
need to reformat the code with the latest version. The way clang-18
handles lambda formatting also changed, so we have made changes to the
organization default style format to better handle lambda formatting.
See I5e08687e696dd240402a2780158664b7113def0e for updated style.
See Iea0776aaa7edd483fa395e23de25ebf5a6288f71 for clang-18 enablement.
Change-Id: Iceec1dc95b6c908ec6c21fb40093de9dd18bf11a
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
|
|
In the early days of bmcweb, we made two pretty critical assumptions;
First, is that a given platform would only have a single BMC instance
(represented as "bmc") and a single host instance (represented as
"system").
Second we assumed that, given that Redfish suggests against hardcoding
URIs in client implementation and leaves them freeform, clients would
code to the standard.
Our own webui-vue hardcodes Redfish URIs [1], and the documentation is
littered with examples of hardcoded curl examples of hardcoding these
URIs. That bug was filed in 2020, and the issue has only gotten worse
over time.
This patchset is an attempt to give a target that we can start solving
these issues, without trying to boil the ocean and fix all clients in
parallel.
This commit adds the meson options
redfish-manager-uri-name
and
redfish-system-uri-name
These are used to control the "name" that bmcweb places in the fixed
locations in the ManagerCollection and ComputerSystemCollection schemas.
Note, managers is added, but is not currently testable. It will be
iterated on over time.
Tested:
Changed the URL options to "edsbmc" and "edssystem" in meson options.
Redfish service validator passes.
URLs appear changed when walking the tree.
[1] https://github.com/openbmc/webui-vue/issues/43
Change-Id: I4b44685067051512bd065da8c2e3db68ae5ce23a
Signed-off-by: Ed Tanous <ed@tanous.net>
|
|
Several places that call *req.ioService were missing nullptr checks.
Add them, and fix the one case where it might not be filled in.
Tested: With HTTP2 enabled, the following command succeeds.
```
curl -k https://192.168.7.2/redfish/v1/UpdateService/update -F 'UpdateParameters={"Targets":["/redfish/v1/Managers/bmc"]} ;type=application/json' --user "root:0penBmc" -F UpdateFile=@/home/ed/bmcweb/16mb.txt -v -H "Expect:"
```
Change-Id: I81e7944c22f5922d461bf5d231086c7468a16e62
Signed-off-by: Ed Tanous <ed@tanous.net>
|
|
Use multiple level direct read to simplify code.
Tested: Visual only. Need help if anyone wants to test.
Change-Id: Ib7c34daefbe2bb835cbe420b40861f27442d05b1
Signed-off-by: Ed Tanous <ed@tanous.net>
|
|
Now that our custom body type does things more than files, it makes
sense to rename it. This commit renames the header itself, then all
instances of the class.
Tested: Basic GET requests succeed.
Change-Id: If4361ac8992fc7c268f48a336707f96e68d3576c
Signed-off-by: Ed Tanous <ed@tanous.net>
|
|
These were found with:
codespell -w $(git ls-files | grep "\.[hc]\(pp\)\?$")
At some point in the future, we might want to get this enabled in CI.
Change-Id: Iccb57b2adfd06a2e177e99db2923fe4e8e329118
Signed-off-by: Ed Tanous <ed@tanous.net>
|
|
clang-format-17 has some backwards incompatible changes that require
additional settings for best compatibility and re-running the formatter.
Copy the latest .clang-format from the docs repository and reformat the
repository.
Change-Id: I2f9540cf0d545a2da4d6289fc87b754f684bc9a7
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
|
|
In boost 1.83.0, the boost::url maintainers deprecated the header only
usage of the library without warning. A discussion with the
maintainers[1] made it clear that they removed the abiliy on purpose,
and they're not going to add it back or add a deprecation strategy (they
did say they would update the documentation to actually match the
intent), and that from here on in we should be using the cmake boost
project to pull in the non-header-only boost libraries we use (which at
this point is ONLY boost url).
This commit updates to remove the usage of boost::urls::result typedef,
which was deprecated in this release (which causes a compile error) and
moves it to boost::system::result.
In addition, it updates our meson files to pull in the boost project as
a cmake dependency.
[1] https://cpplang.slack.com/archives/C01JR6C9C4U/p1696441238739129
Tested: Not yet.
Change-Id: Ia7adfc0348588915440687c3ab83a1de3e6b845a
Signed-off-by: Ed Tanous <edtanous@google.com>
|
|
Post:
```
/redfish/v1/CertificateService/Actions/CertificateService.ReplaceCertificate
```
The "@odata.id" field in the response will appear garbled. This is
caused by boost::urls::url_view outlives its original char sequence.
Fix this issue.
Tested:
```
1.Get token
2.curl -k -H "X-Auth-Token: $token" -X POST https://${bmc}/redfish/v1/CertificateService/Actions/CertificateService.ReplaceCertificate -d '{"CertificateUri": {"@odata.id":"/redfish/v1/Managers/bmc/NetworkProtocol/HTTPS/Certificates/1"}, "CertificateString":"...", "CertificateType": "PEM"}'
{
"@odata.id": "/redfish/v1/Managers/bmc/NetworkProtocol/HTTPS/Certificates/1",
...
}
```
Change-Id: I6b16cbfaf22f835488a54097c83cee8a1b9e9f6a
Signed-off-by: Xinnan Xie <xiexinnan@bytedance.com>
|
|
Changing authority service references in code from 'ldap' to more
generic name, to comply with change in phosphor-certificate-manager.
Related change:
https://gerrit.openbmc.org/c/openbmc/phosphor-certificate-manager/+/65458
Tested:
Adding, reading and removal of CA Certificate works without any
noticeable regression.
Change-Id: Ia3e7a13bf7093bb7a9964769847d769475ed3e61
Signed-off-by: Michal Orzel <michalx.orzel@intel.com>
|
|
Change-Id: I9a851076eccee9d79ad7bb036e58b717e06ad5d1
Signed-off-by: Michael Shen <gpgpgp@google.com>
|
|
std::format is a much more modern logging solution, and gives us a lot
more flexibility, and better compile times when doing logging.
Unfortunately, given its level of compile time checks, it needs to be a
method, instead of the stream style logging we had before. This
requires a pretty substantial change. Fortunately, this change can be
largely automated, via the script included in this commit under
scripts/replace_logs.py. This is to aid people in moving their
patchsets over to the new form in the short period where old patches
will be based on the old logging. The intention is that this script
eventually goes away.
The old style logging (stream based) looked like.
BMCWEB_LOG_DEBUG << "Foo " << foo;
The new equivalent of the above would be:
BMCWEB_LOG_DEBUG("Foo {}", foo);
In the course of doing this, this also cleans up several ignored linter
errors, including macro usage, and array to pointer deconstruction.
Note, This patchset does remove the timestamp from the log message. In
practice, this was duplicated between journald and bmcweb, and there's
no need for both to exist.
One design decision of note is the addition of logPtr. Because the
compiler can't disambiguate between const char* and const MyThing*, it's
necessary to add an explicit cast to void*. This is identical to how
fmt handled it.
Tested: compiled with logging meson_option enabled, and launched bmcweb
Saw the usual logging, similar to what was present before:
```
[Error include/webassets.hpp:60] Unable to find or open /usr/share/www/ static file hosting disabled
[Debug include/persistent_data.hpp:133] Restored Session Timeout: 1800
[Debug redfish-core/include/event_service_manager.hpp:671] Old eventService config not exist
[Info src/webserver_main.cpp:59] Starting webserver on port 18080
[Error redfish-core/include/event_service_manager.hpp:1301] inotify_add_watch failed for redfish log file.
[Info src/webserver_main.cpp:137] Start Hostname Monitor Service...
```
Signed-off-by: Ed Tanous <ed@tanous.net>
Change-Id: I86a46aa2454be7fe80df608cb7e5573ca4029ec8
|
|
The error codes for this function accept a string_view, which has caused
a number of cases of users of this function to call dump() to_string()
and all manner of other conversions. Considering that dump() is
something that's difficult to call correctly, and overly wordy, it would
be ideal if the message code just handled that for us.
Therefore, this commit changes the prototype to include a nlohmann::json
object as an argument instead of string_view, then audits the codebase
for all uses, and moves them to a more normalized usage, which allows
the calling code to call "dump" for them.
Tested: PATCH /redfish/v1/SessionService {"SessionTimeout": 1}
Returns the PropertyValueNotInList error as it did before.
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: If62909072db1f067ad1f8aa590bb716c84181219
|
|
The new pre-defined usergroup named "hostconsole" is added to
differentiate access between host console and manager console.
The only users allowed to interact with host console are part of the
"hostconsole" group and they are in an administrator role.
Note: The changes are spread across multiple repositories listed under
"Related commits:"
The bmcweb changes to incorporate new group are as follows:
- The new user is added in the hostconsole group only if it has an
administrative role.
- The ssh usergroup is only translated to ManagerConsole redfish group
and hostconsole usergroup is translated to HostConsole redfish group.
- The following changes are made to check the privileges for host console
access
- The new OEM privilege "OpenBMCHostConsole" added for host console
access. This privilege is not shared externally hence it is not
documented.
- Updated obmc_console BMCWEB_ROUTE to use the new privilege.
- Router functions now save user role and user groups in the session
- getUserPrivileges() function now takes session reference instead
of user role. This function now also checks for the user group
"hostconsole" and add the new privilege if user is member of this
group.
- Updated all callers of the getUserPrivileges to pass session
reference.
- Added test to validate that new privilege is set correctly.
Tested:
Loaded code on the system and validated that;
- New user gets added in hostconsole group. NOTE: Prior to this commit
all groups are assigned to new user. This drop does not change that
behavior.
- Access from the web gui is only available for users in hostconsole
group. Used IBM internal simulator called simics to test this. This
simulator allows accessing openbmc from GUI.
- Checked the role collection and there is no change.
$ curl -k -H "X-Auth-Token: $TOKEN" -X GET \
https://${bmc}/redfish/v1/AccountService/Roles
$ curl -k -H "X-Auth-Token: $TOKEN" -X GET \
https://${bmc}/redfish/v1/AccountService/Roles/Administrator
$ curl -k -H "X-Auth-Token: $TOKEN" -X GET \
https://${bmc}/redfish/v1/AccountService/Roles/ReadOnly
$ curl -k -H "X-Auth-Token: $TOKEN" -X GET \
https://${bmc}/redfish/v1/AccountService/Roles/Operator
- HostConsole is in AccountType when hostconsole group is present in
UserGroups D-Bus property
$ id user99
uid=1006(user99) gid=100(users) groups=1000(priv-admin),1005(web),\
1006(redfish),1013(hostconsole),100(users)
$ curl -k https://${bmc}/redfish/v1/AccountService/Accounts/user99
{
"@odata.id": "/redfish/v1/AccountService/Accounts/user99",
"@odata.type": "#ManagerAccount.v1_4_0.ManagerAccount",
"AccountTypes": [
"HostConsole",
"Redfish",
"WebUI",
"ManagerConsole"
],
"Description": "User Account",
"Enabled": true,
"Id": "user99",
"Links": {
"Role": {
"@odata.id": "/redfish/v1/AccountService/Roles/Administrator"
}
},
"Locked": false,
"Locked@Redfish.AllowableValues": [
"false"
],
"Name": "User Account",
"Password": null,
"PasswordChangeRequired": false,
"RoleId": "Administrator",
"UserName": "user99"
- The hostconsole group is not present for readonly or operator users
and also made sure that console access is not provided. This testing
is done one the system and console access was tried by modifying the
https://github.com/openbmc/bmcweb/blob/master/scripts/websocket_test.py
+ curl -k https://${bmc}/redfish/v1/AccountService/Accounts/user99
{
"@odata.id": "/redfish/v1/AccountService/Accounts/user99",
"@odata.type": "#ManagerAccount.v1_4_0.ManagerAccount",
"AccountTypes": [
"IPMI",
"Redfish",
"WebUI",
"ManagerConsole"
],
"Description": "User Account",
"Enabled": true,
"Id": "user99",
"Links": {
"Role": {
"@odata.id": "/redfish/v1/AccountService/Roles/ReadOnly"
}
},
"Locked": false,
"Locked@Redfish.AllowableValues": [
"false"
],
"Name": "User Account",
"Password": null,
"PasswordChangeRequired": false,
"RoleId": "ReadOnly",
"UserName": "user99"
[INFO "http_connection.hpp":209] Request: 0x150ac38 HTTP/1.1 GET /console0 ::ffff:x.x.xx.xxx
[DEBUG "routing.hpp":1265] Matched rule (upgrade) '/console0' 1 / 2
[DEBUG "routing.hpp":1084] userName = user99 userRole = priv-user
[DEBUG "routing.hpp":1123] IsUserPrivileged: group=ipmi
[DEBUG "routing.hpp":1123] IsUserPrivileged: group=redfish
[DEBUG "routing.hpp":1123] IsUserPrivileged: group=ssh
[DEBUG "routing.hpp":1123] IsUserPrivileged: group=web
[DEBUG "routing.hpp":93] checkPrivileges: BASE USER: Login
[DEBUG "routing.hpp":93] checkPrivileges: BASE USER: ConfigureSelf
[DEBUG "routing.hpp":113] checkPrivileges: OEM REQUIRED: OpenBMCHostConsole
[ERROR "routing.hpp":1192] Insufficient Privilege
+ curl -k https://${bmc}/redfish/v1/AccountService/Accounts/user99
{
"@odata.id": "/redfish/v1/AccountService/Accounts/user99",
"@odata.type": "#ManagerAccount.v1_4_0.ManagerAccount",
"AccountTypes": [
"IPMI",
"Redfish",
"WebUI",
"ManagerConsole"
],
"Description": "User Account",
"Enabled": true,
"Id": "user99",
"Links": {
"Role": {
"@odata.id": "/redfish/v1/AccountService/Roles/Operator"
}
},
"Locked": false,
"Locked@Redfish.AllowableValues": [
"false"
],
"Name": "User Account",
"Password": null,
"PasswordChangeRequired": false,
"RoleId": "Operator",
"UserName": "user99"
[INFO "http_connection.hpp":209] Request: 0x21c7c38 HTTP/1.1 GET /console0 ::ffff:x.x.xx.xxx
[DEBUG "routing.hpp":1265] Matched rule (upgrade) '/console0' 1 / 2
[DEBUG "routing.hpp":1084] userName = user99 userRole = priv-operator
[DEBUG "routing.hpp":1123] IsUserPrivileged: group=ipmi
[DEBUG "routing.hpp":1123] IsUserPrivileged: group=redfish
[DEBUG "routing.hpp":1123] IsUserPrivileged: group=ssh
[DEBUG "routing.hpp":1123] IsUserPrivileged: group=web
[DEBUG "routing.hpp":93] checkPrivileges: BASE USER: Login
[DEBUG "routing.hpp":93] checkPrivileges: BASE USER: ConfigureComponents
[DEBUG "routing.hpp":93] checkPrivileges: BASE USER: ConfigureSelf
[DEBUG "routing.hpp":113] checkPrivileges: OEM REQUIRED: OpenBMCHostConsole
[ERROR "routing.hpp":1192] Insufficient Privilege
Related commits:
NOTE: docs, openbmc, obmc-console changes are already merged. bmcweb
and phosphor-user-manager will be merged together.
docs: https://gerrit.openbmc.org/c/openbmc/docs/+/60968
phosphor-user-manager: https://gerrit.openbmc.org/c/openbmc/phosphor-user-manager/+/61583
openbmc: https://gerrit.openbmc.org/c/openbmc/openbmc/+/61582
obmc-console: https://gerrit.openbmc.org/c/openbmc/obmc-console/+/61581
bmcweb: https://gerrit.openbmc.org/c/openbmc/bmcweb/+/61580
Change-Id: Ia5a33dafc9a76444e6a8e74e752f0f90cb0a31c8
Signed-off-by: Ninad Palsule <ninadpalsule@us.ibm.com>
|
|
Boost 1.82 dropped a lovely new toy, boost::urls::format, which is a lot
like our urlFromPieces method, but better in that it makes the resulting
uris more readable, and allows doing things like fragments in a single
line instead of multiple. We should prefer it in some cases.
Tested:
Redfish service validator passes.
Spot checks of URLs work as expected.
Unit tests pass.
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: Ia7b38f0a95771c862507e7d5b4aa68aa1c98403c
|
|
We get 500 Internal Server Error when we try to replace certificate
without providing certificate but expected response is 400 Bad Request.
So fixed the issue by removal of overriding the error code.
Tested:
Response for attempt to replace certificate without certificate or
without required json key
Before changes:
500 Internal Server Error
After changes:
400 Bad Request
Change-Id: I7f672d40f73f8cd1491625ba6714bd3ad2594faf
Signed-off-by: vijayabharathi shetty <vijayabharathix.shetty@intel.com>
|
|
It seems like clang-tidy doesn't catch every place that an emplace could
be used instead of a push. Use a few grep/sed pairs to find and fix up
some common patterns.
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Change-Id: I93eaec26b8e3be240599e92b66cf54947073dc4c
|
|
The clang-tidy warning 'modernize-use-emplace' correctly flags a
few places where emplace should be used over push.
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Change-Id: I6ca79285a87d6927e718345dc8dce0387e6b1eda
|
|
```
../redfish-core/lib/certificate_service.hpp:154:32: error: 'i' is an unsafe pointer used for buffer access [-Werror,-Wunsafe-buffer-usage]
std::string_view::iterator i = value.begin();
```
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Change-Id: I6b6fb17d58bb7a3bd861aaf020540586490693da
|
|
clang-format-16 has some backwards incompatible changes that require
additional settings for best compatibility and re-running the formatter.
Copy the latest .clang-format from the docs repository and reformat the
repository.
Change-Id: I75f89d2959b0f1338c20d72ad669fbdc1d720835
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
|
|
Per cpp core guidelines, these should be methods.
Tested: on last patchset of the series.
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: Ib16479db9d2b68da68e7ad6e825c7e205c64f1de
|
|
By convention, we should be following boost here, and passing error_code
by reference, not by value. This makes our code consistent, and removes
the need for a copy in some cases.
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: Id42ea4a90b6685a84818b87d1506c11256b3b9ae
|
|
string_view should always be passed by value; This commit is a sed
replace of the code to make all string_views pass by value, per general
coding guidelines[1].
[1] https://quuxplusone.github.io/blog/2021/11/09/pass-string-view-by-value/
Tested: Code compiles.
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: I55b342a29a0fbfce0a4ed9ea63db6014d03b134c
|
|
For systems implementing to the OWASP security guidelines[1] (of which all
should ideally) we should be checking the content-type header all times
that we parse a request as JSON.
This commit adds an option for parsing content-type, and sets a default
of "must get content-type". Ideally this would not be a breaking
change, but given the number of guides and scripts that omit the content
type, it seems worthwhile to add a trapdoor, such that people can opt
into their own model on how they would like to see this checking work.
Tested:
```
curl --insecure -H "Content-Type: application/json" -X POST -D headers.txt https://${bmc}/redfish/v1/SessionService/Sessions -d '{"UserName":"root", "Password":"0penBmc"}'
```
Succeeds.
Removing Content-Type argument causes bmc to return
Base.1.13.0.UnrecognizedRequestBody.
[1] cheatsheetseries.owasp.org/cheatsheets/REST_Security_Cheat_Sheet.html
Change-Id: Iaa47dd563b40036ff2fc2cacb70d941fd8853038
Signed-off-by: Ed Tanous <edtanous@google.com>
|
|
Most of these missing includes were found by running clang-tidy on all
files, including headers. The existing scripts just run clang-tidy on
source files, which doesn't catch most of these.
Tested: Code compiles
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: Ic741fbb2cc9e5e92955fd5a1b778a482830e80e8
|
|
We don't follow this cpp core guidelines rule well. This is something
that we should aspire to cleaning up in the future, but for the moment,
lets turn the rule on in clang-tidy to stop the bleeding, add ignores
for the things that we know need some better abstractions, and work on
these over time.
Most of this commit is just adding NOLINTNEXTLINE exceptions for all of
our globals. There was one case in the sensor code where clang
correctly noted that those globals weren't actually const, which got
missed because of the use of auto.
Tested: CI should be good enough for this. Passes clang-tidy.
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: Ieda08fee69a3b209d4b3e9771809a6c41524f066
|
|
Since the GetSubTreePaths method has been implemented in dbus_utility
and this commit is to integrate all the places where the
GetSubTreePaths method is called, and use the method in dbus_utility
uniformly.
Requires https://gerrit.openbmc.org/c/openbmc/sdbusplus/+/60020 to
build.
Tested: Redfish Validator Passed
Signed-off-by: George Liu <liuxiwei@inspur.com>
Change-Id: Ie4140d4484a7e4f4b943013f4371ffd2d44a22e9
|
|
This TODO was implemented long ago by DMTF. Remove the comment.
Tested: Comment only.
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: I4b0fc7c6fefa316d1cf824711d542f17a6f1a682
|
|
Users should be able to delete LDAP client certificate, and phosphor-
certificate-manager already supports this. This patch adds the Redfish
API endpoint for it.
Tested:
DELETE /redfish/v1/AccountService/LDAP/Certificates/1 removes the LDAP
client certificate installed on system.
Change-Id: If1c082c78c404b5877e74ba50de3a970cd823a90
Signed-off-by: Jiaqing Zhao <jiaqing.zhao@intel.com>
|
|
This patch adds deleteCertificate function to delete an installed cert,
which is used in current DELETE TrustStore cert handler and incoming
DELETE LDAP client store cert handler. Compared to having two lambdas,
it reduces code redundancy and has slightly smaller compressed binary
size (~700B).
Tested:
Code move only, DELETE /redfish/v1/Managers/bmc/Truststore/Certificates
/<id> works exactly the same as before.
Change-Id: I93c07845e4be3c0304b3c3e8ff4249885c9ab908
Signed-off-by: Jiaqing Zhao <jiaqing.zhao@intel.com>
|
|
For API endpoints, it is suggested to break out the entire handlers
into a function, and not rely on a lambda at all. This brings more
readability as it reduces indents.
Tested:
Code compiles, and Redfish Service Validator passed.
Change-Id: I5132149c00b6f553931dae562b83bc7aee678105
Signed-off-by: Jiaqing Zhao <jiaqing.zhao@intel.com>
|
|
There's a few last places (outside of tests) where we still use
nlohmann brace initialization. Per the transforms we've been doing,
move these to constructing the objects explicitly, using operator[],
nlohmann::object_t and nlohmann::array_t. Theses were found by manual
inspection grepping for all uses of nlohmann::json.
This is done to reduce binary size and reduce the number of intermediate
objects being constructed. This commit saves a trivial amount of size
(~4KB, Half a percent of total) and in addition but makes our
construction consistent.
Tested:
Redfish service validator passes.
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: I7478479a9fdc41b254eef325002d413c1fb411a0
|
|
According to Redfish Base Message Registry definition [1], the first
argument of ResourceNotFound and ResourceAlreadyExists is the schema
name of the resource. This patch changes the first argument to non-
versioned schema name treewide.
Tested:
Verified the error message matches the definition, and Redfish Service
Validator passed.
[1] https://redfish.dmtf.org/registries/Base.1.13.0.json
Change-Id: Ib5cd853578ef0bffda1184d10827241e94faaf68
Signed-off-by: Jiaqing Zhao <jiaqing.zhao@intel.com>
|
|
used sdbusplus::unpackPropertiesNoThrow in certificate_service.hpp, also
replaced all usages of "GetAll" with sdbusplus::asio::getAllProperties
bmcweb size: 2668888 -> 2664776 (-4112)
compressed size: 1127280 -> 1125100 (-2180)
Tested:
Performed get on:
- /redfish/v1/Managers/bmc/NetworkProtocol/HTTPS/Certificates/1
Get result before and after the change was in same format, values for:
ValidNotAfter, ValidNotBefore and CertificateString were different
(but it is expected behaiour)
Change-Id: If94adea317dea18cb984788dc1515778ce4097c6
Signed-off-by: Krzysztof Grobelny <krzysztof.grobelny@intel.com>
|
|
We've accumulated several time utility functions in the http classes.
Time isn't a core HTTP primitive, so http is not where those functions
below.
This commit moves all the time functions from the crow::utility
namespace into the redfish::time_utils namespace, as well as moves the
unit tests.
No code changes where made to the individual functions, with the
exception of changing the namespace on the unit tests.
Tested: Unit tests pass.
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: I8493375f60aea31899c84ae703e0f71a17dbdb73
|
|
There are two overloads of addHeader, one that takes a string, and one
that takes a boost enum. For most common headers, boost contains a
string table with all of those entries anyway, so there's no point in
duplicating the strings, and ensures that we don't make trivial
mistakes, like capitalization or - versus underscore that aren't caught
at compile time.
Tested:
This saves a trivial amount (572 bytes) of compressed binary size.
curl --insecure -vvv --user root:0penBmc https://192.168.7.2/redfish/v1
returns < Content-Type: application/json
curl --insecure -vvv -H "Accept: text/html" --user root:0penBmc https://192.168.7.2/redfish/v1
Returns
< Content-Type: text/html;charset=UTF-8
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: I34c198b4f9e219247fcfe719f9b3616d35aea3dc
|
|
urlFromPieces is a better way for generating URLs as it automatically
escapes special characters. Use it.
Tested:
Verified reading and uploading certificates are responded with correct
URL to the certificate, and Redfish Service Validator passed.
Change-Id: I7a4fb76d0a0baa2dacff192973aa61b478e91158
Signed-off-by: Jiaqing Zhao <jiaqing.zhao@intel.com>
|
|
readUrlSegments both validates and reads segments from URL, using it is
way better than comparing the URL with boost::start_with now (which
violates common error #12). It also removes the last part that relies
on the incorrect assumption that the certificate id is always a number.
Also removes the boost::convert dependency as it is not longer needed.
Tested:
* Verified calling ReplaceCertificate with malformed CertificateUri
gives ActionParameterNotSupported error.
* Replacing certificate at a valid but non-existing returns 404 Not
found
* Replacing an existing certificate operates successfully.
Change-Id: I96ffe7060b3350ea9240ef64624246af0fdd3da0
Signed-off-by: Jiaqing Zhao <jiaqing.zhao@intel.com>
|
|
In phosphor-certificate-manager, only the certificate object paths
implement xyz.openbmc_project.Certs.Certificate and Delete interface.
When reading with GetAll and deleting, these interfaces ensures that
the object path represents a certificate. And checking if the id in
object path is a number is based on a incorrect assumption that cert
id is always a number. This patch removes such unnecessary checks and
uses the standard filename() method to extract id from object paths.
Tested:
* Verified getting and deleting certificates only works on the URL
mapped to certificate DBus object paths, other URL will give 404
Not found error.
* Verified uploading certificates responds with correct URL.
* Redfish Service Validator passed.
Change-Id: I7484fa5602afcbe9e0fc76b17483e76e12930dee
Signed-off-by: Jiaqing Zhao <jiaqing.zhao@intel.com>
|
|
Current implementation assumes only the DBus paths with numbers are the
paths for certificates, so here certId is of type long int. This patch
changes the type to std::string for removing such incorrect assumption
in future commits as dbus paths are not limited to numbers.
Tested:
* Verified both GET Certificate and POST CertificateCollection works.
* Redfish Service Validator passed.
Change-Id: I747adf4bf955194f82650a11f9dc11a85e00d6e4
Signed-off-by: Jiaqing Zhao <jiaqing.zhao@intel.com>
|
|
The sdbusplus headers provide shortened aliases for many types.
Switch to using them to provide better code clarity and shorter
lines. Possible replacements are for:
* bus_t
* exception_t
* manager_t
* match_t
* message_t
* object_t
* slot_t
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Change-Id: I46a5eec210002af84239af74a93c830b1d4a13f1
|
|
Per the coding standard, now that C++ supports std::string::starts_with
and std::string::ends_with, we should be using them over the boost
alternatives. This commit goes through and updates all usages.
Arguably some of these are incorrect, and instances of common error 13,
but because this is mostly a mechanical it intentionally doesn't try to
handle it.
Tested: Unit tests pass.
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: Ic4c6e5d0da90f7442693199dc691a47d2240fa4f
|
|
cppcheck correctly notes that a lot of variables in the new code can be
const. Make most of them const.
Tested: WIP
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: I8f37b6353fd707923f533e1d61c5b5419282bf23
|
|
We essentially follow this rule already, not relying on implicit
operators, although there are a number of cases where in theory we
could've implicitly constructed an object.
This commit enables the clang-tidy check.
Tested: Code compiles, passes clang-tidy.
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: Ia428463313b075c69614fdb326e8c5c094e7adde
|
|
This patch adds getCertificateList (based on getCertificateLocations)
to handle all the GET CertificateCollection requests in a unified way.
Tested:
* Certificates are listed in all 3 CertificateCollection correctly
* CertificateLocations is able to list all the installed certificates
* Redfish validator passed
Change-Id: I52ec6f5e77b1f48725cecdfb8d24ecb72479a887
Signed-off-by: Jiaqing Zhao <jiaqing.zhao@intel.com>
|
|
Currently getCertificateLocations loops through the object paths of a
certificate service and adds those paths with numeric id to the list.
To get all three kinds of certificates, three calls are needed. This
patch changes to use object mapper to get all paths that implements
"xyz.openbmc_project.Certs.Certificate" interface to get all certs in
a single DBus call.
Tested:
Verified all certificates installed on BMC are listed under /redfish
/v1/CertificateService/CertificateLocations, and Redfish validator
passed.
Change-Id: I0489dc9e305f67ed7d0ef07fabda5f90fd2fdac4
Signed-off-by: Jiaqing Zhao <jiaqing.zhao@intel.com>
|