Age | Commit message (Collapse) | Author | Files | Lines |
|
Reduces the total number of lines and will allow for easier testing of
the redfish responses.
A main purpose of the node class was to set app.routeDynamic(). However
now app.routeDynamic can handle the complexity that was once in critical
to node. The macro app.routeDynamic() provides a shorter cleaner
interface to the unerlying app.routeDyanic call. The old pattern set
permissions for 6 interfaces (get, head, patch, put, delete_, and post)
even if only one interface is created. That pattern creates unneeded
code that can be safely removed with no effect.
Unit test for the responses would have to mock the node the class in
order to fully test responses.
see https://github.com/openbmc/bmcweb/issues/181
The following files still need node to be extracted.
virtual_media.hpp
account_service.hpp
redfish_sessions.hpp
ethernet.hpp
The files above use a pattern that is not trivial to address. Often their
responses call an async lambda capturing the inherited class. ie
(https://github.com/openbmc/bmcweb/blob/ffed87b5ad1797ca966d030e7f979770
28d258fa/redfish-core/lib/account_service.hpp#L1393)
At a later point I plan to remove node from the files above.
Tested:
I ran the docker unit test with the following command.
WORKSPACE=$(pwd) UNIT_TEST_PKG=bmcweb
./openbmc-build-scripts/run-unit-test-docker.sh
I ran the validator and this change did not create any issues.
python3 RedfishServiceValidator.py -c config.ini
Signed-off-by: John Edward Broadbent <jebr@google.com>
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: I147a0289c52cb4198345b1ad9bfe6fdddf57f3df
|
|
Get the core using AsyncResp everywhere, and not have each individual handler
creating its own object.We can call app.handle() without fear of the response
getting ended after the first tree is done populating.
Don't use res.end() anymore.
Tested:
1. Validator passed.
Signed-off-by: zhanghaicheng <zhanghch05@inspur.com>
Change-Id: I867367ce4a0caf8c4b3f4e07e06c11feed0782e8
|
|
When the session is created using /login, the ClientOriginIPAddress
is mapped to the clientId parameter which displayed the clientIP
instead of the of clientId.
The similar problem is observed with auth methods other than sessions
created using the SessionService resource
This commit swaps the clientId and clientIp parameters passed to
generateUserSession API, so that the optional clientId is
passed as the last parameter
Tested by :
1. Create session using Redfish command
POST https://${bmc}/login -d '{"username": <>,"password": <>}'
POST https://${bmc}/redfish/v1/SessionService/Sessions
-d '{"username": <>,"password": <>}'
2. Open the GUI session to check the clientId is not displaying the
ClientOriginIPAddress
Signed-off-by: Sunitha Harish <sunithaharish04@gmail.com>
Change-Id: I6cee3de963c489e690d2ad0bb09ba78dca39e4f9
|
|
This commit implements the ClientOriginIPAddress property on
the session resource. The IP address is persisted across the reboot
Tested by:
1. Create session
POST https://${bmc}/redfish/v1/SessionService/Sessions -d '{"UserName":<>, "Password":<>}'
2. Check the session gets updated with the ClientOriginIPAddress
GET https://${bmc}/redfish/v1/SessionService/Sessions/<id>
3. Redfish validator passed
4. Create session and reboot the BMC to ensure the IP address is persisted
5. Tested the basic auth populates the clientIp at req
Signed-off-by: Sunitha Harish <sunharis@in.ibm.com>
Change-Id: Iaa60d0657c991bde4bcf6c86819055c71c92e421
|
|
This reverts commit e436008377fbcf287be02c9e9e1b59c6627d7673.
Reason for revert:
This breaks several things.
1. Not all login endpoints are handled, which lead to returning blank ip addresses
2. IP addresses are not persisted.
3. This crashes occasionally on remote_endpoint, and ignores ec.
Change-Id: I58c875721cf48bf02db833c9c57a9eead5e249d5
|
|
This commit implements the ClientOriginIPAddress property on
the session resource
Tested by:
1. Create session
POST https://${bmc}/redfish/v1/SessionService/Sessions -d '{"UserName":<>, "Password":<>}'
2. Check the session gets updated with the ClientOriginIPAddress
GET https://${bmc}/redfish/v1/SessionService/Sessions/<id>
3. Redfish validator passed
Signed-off-by: Sunitha Harish <sunharis@in.ibm.com>
Change-Id: I4c5c6f651bb6faec0cb1b1b78d9da593ecb85ff0
|
|
- This commit would add the patch support for the session
timeout propery under the sessionservice.
- This commit also brings in support for persistent session
timeout property.
Tested By:
1. Redfish validator passed.
2. PATCH the session time out property using the below command
PATCH -d '{"SessionTimeout": 100}' https://<bmcip>/redfish/v1/SessionService
3. GET on sessionservice should return the value of time out which is
patched by using the above command & also GET on the session service fails
with Unauthorized error post the patched timeout value.
4. And also, the existing sessions that are open for the new timeout value are
also closed.
5. As per the schema , the range of values that are allowed for
session timeout are between 30 sec to 86400 sec, so any value which
is patched out of the range is failed with an appropriate error message.
6. PATCH the session timeout to new value using 2, and them restart the bmcweb
and the GET using 3 should return the new value.
Signed-off-by: Manojkiran Eda <manojkiran.eda@gmail.com>
Change-Id: Id50eacc5018b7a82371fd37a2ae1e7fb7596ed2b
|
|
Details on why this revert is needed are here.
https://lists.ozlabs.org/pipermail/openbmc/2020-August/022478.html
Appu and Ravi still have not commented.
It should be noted, this also causes a memory leak in http connection,
where connections refuse to be freed, because of a bad usage of
shared_from_this.
This code wasn't very well thought through, and needs rearchitected to
not break the unit testability of bmcweb, nor cause memory leaks.
https://github.com/openbmc/bmcweb/blob/218bd4746130aac22366968c8c9a34a929e45a3d/http/http_connection.h#L351
Is the memory leak in question.
Specifically, this reverts:
The /attachment download in LogServices. This needs reimplemented
properly, but is an OEM property, so it shouldn't be a big deal to
revert, and shouldn't break our redfish compliance.
The IpAddress property in SessionService. I have no idea why this was
injected, and it's functionally incorrect. IpAddresses are not related
to a session, and IP addresses can change over the course of a session,
so this property is already broken as written. I suspect the author
really wanted RedfishEvent type logging, but that was too complex, so
they half implemented this.
Redfish SSE properties. This needs to be reimplemented similar to the
patchset here:
https://gerrit.openbmc-project.xyz/c/openbmc/bmcweb/+/13948
Where the ownership of the HTTP connection does not leave the http
framework. As written, the SSE implementation causes ownership issues,
as there's no clear delineation of the ownership between HttpConnection
and the SSE framework.
Tested:
On current master, running this command:
wget -O- --no-http-keep-alive --no-check-certificate https://{bmc
hostname}:18080/redfish/v1
Which should download the service root, then immediately close and
destroy the connection, prints:
(2020-08-28 16:55:24) [DEBUG "routing.h":1258] Matched rule
'/redfish/v1/' 2 / 4
(2020-08-28 16:55:24) [DEBUG "http_response.h":130] calling completion
handler
(2020-08-28 16:55:24) [DEBUG "http_response.h":133] completion handler
was valid
(2020-08-28 16:55:24) [INFO "http_connection.h":429] Response: 0x1e1ee28
/redfish/v1 200 keepalive=0
(2020-08-28 16:55:24) [DEBUG "timer_queue.h":48] timer add inside:
0x1d3d1a8 7
(2020-08-28 16:55:24) [DEBUG "http_connection.h":751] 0x1e1ee28 timer
added: 0x1d3d1a8 7
(2020-08-28 16:55:24) [DEBUG "http_connection.h":655] 0x1e1ee28 doWrite
(2020-08-28 16:55:24) [DEBUG "http_connection.h":663] 0x1e1ee28
async_write 1555 bytes
(2020-08-28 16:55:24) [DEBUG "http_connection.h":697] 0x1e1ee28 timer
cancelled: 0x1d3d1a8 7
(2020-08-28 16:55:24) [DEBUG "http_connection.h":676] 0x1e1ee28 from
write(1)
Then stops. Note, that the connection was not destroyed, and has
leaked. Once this patchset is added, the connection closes and destroys
properly, and doesn't leak, so it prints the above, but also prints.
(2020-08-28 16:27:10) [DEBUG "http_connection.h":305] 0x1d15c90
Connection closed, total 1
Ran Redfish service validator. Saw one unrelated failure due to UUID,
all other things pass.
Signed-off-by: Ed Tanous <ed@tanous.net>
Change-Id: I18686037bf58f20389d31facc0d77020274d38a1
|
|
This commit enables the "unused variables" warning in clang. Throughout
this, it did point out several issues that would've been functional
bugs, so I think it was worthwhile. It also cleaned up several unused
variable from old constructs that no longer exist.
Tested:
Built with clang. Code no longer emits warnings.
Downloaded bmcweb to system and pulled up the webui, observed webui
loads and logs in properly.
Change-Id: I51505f4222cc147d6f2b87b14d7e2ac4a74cafa8
Signed-off-by: Ed Tanous <ed@tanous.net>
|
|
Middlewares, while kinda cool from an academic standpoint, make our
build times even worse than they already are. Given that we only really
use 1 real middleware today (token auth) and it needs to move into the
parser mode anyway (for security limiting buffer sizes), we might as well
use this as an opportunity to delete some code.
Some other things that happen:
1. Persistent data now moves out of the crow namespace
2. App is no longer a template
3. All request_routes implementations no longer become templates. This
should be a decent (unmeasured) win on compile times.
This commit was part of a commit previously called "various cleanups".
This separates ONLY the middleware deletion part of that.
Note, this also deletes about 400 lines of hard to understand code.
Change-Id: I4c19e25491a153a2aa2e4ef46fc797bcb5b3581a
Signed-off-by: Ed Tanous <ed@tanous.net>
|
|
- When the SSL is disabled, the socket that bmcweb uses would be
a basic_socket type , and that does not have a next_layer as that
itself is the basic socket, we can directly read the socket object/
or use the lowest_layer() of the socket to get the ip address from it.
- When SSL is enabled, the socket that bmcweb uses would be an ssl
stream over basic_socket, and here the next_layer would be basic_socket,
so the existing logic holds good.
- The idea behind this commit is to , have a conditional check for SSL
vs non-SSL configurations before reading the socket for ip address.
Tested By:
* cmake -DBMCWEB_INSECURE_DISABLE_SSL=1 -DCMAKE_BUILD_TYPE:type=Debug ../ ; make
- The above Compilation was successfull.
Signed-off-by: Manojkiran Eda <manojkiran.eda@gmail.com>
Change-Id: I2b9a127be30b11b056641342e0af06118c526528
|
|
This commit saves the IP Address of the client from where the session
was created.
- This is not a user supplied value. The BMC will internally pull the
IP address from the incoming create-session request.
- It should also be noted that ClientIP will not change if the same session
token is used from some other IP address for further management of the BMC.
Tested by:
1. Create session
2. Display the Session details with GET command to check the IP from where
the session is created/updated.
GET https://${bmc}/redfish/v1/SessionService/Sessions/<id>
{
"@odata.id": "/redfish/v1/SessionService/Sessions/<id>",
"@odata.type": "#Session.v1_0_2.Session",
"Description": "Manager User Session",
"Id": "<id>",
"Name": "User Session",
"Oem": {
"OpenBMC": {
"@odata.type": "#OemSession.v1_0_0.Session",
"ClientOriginIP": "<ip address>"
}
},
"UserName": "root"
}
3. Redfish validator is run successfully.
Signed-off-by: Sunitha Harish <sunithaharish04@gmail.com>
Change-Id: I0076f260f50a991600ec060c72f3e46fb9a9cbb8
|
|
This commit implements handling the OemSession ClientID parameter
for the IBM management console.
Each session gets a random generated unique Id (Resource Id); but this Id
is not a parameter that the client can set to a well known identifier.
This Oem parameter ClientID is the string which the client can supply to
uniquely identify itself among other sessions in the BMC. This is a read-only
property which shall be passed in only during the session creation.
1. Create session by supplying the ClientID Oem parameter
2. Display the ClientID associated with the session
3. Persist the ClientID across BMC reboot
Tested by:
============
1. POST https://${bmc}/redfish/v1/SessionService/Sessions -d
'{"UserName":"root", "Password":<>, "Oem":{"OpenBMC" : {"ClientID":"<client unique id>"}}}'
2. GET https://${bmc}/redfish/v1/SessionService/Sessions/<id>
{
"@odata.id": "/redfish/v1/SessionService/Sessions/<id>",
"@odata.type": "#Session.v1_0_2.Session",
"Description": "Manager User Session",
"Id": "<id>",
"Name": "User Session",
"Oem": {
"OpenBMC": {
"@odata.type": "#OemSession.v1_0_0.Session",
"ClientID": "<client unique id>"
}
},
"UserName": "root"
}
3. Verified the session creation works fine without the Oem parameters.
4. Redfish validator
Signed-off-by: Sunitha Harish <sunithaharish04@gmail.com>
Change-Id: Ia740a610e3974dc3781bcee702c74ded9903944a
|
|
This implements the Redfish PasswordChangeRequired handling. See
section 13.3.7.1 "Password change required handling" in the 1.9.1 spec:
https://www.dmtf.org/sites/default/files/standards/documents/DSP0266_1.9.1.pdf
These portions of the spec are implemented:
- Authenticatation with a correct but expired password creates a
session:
- The session is restricted to the ConfigureSelf privilege which
allows a user to change their own password (via GET and PATCH
Password for their own account). Support for the ConfigureSelf
privilege is already in BMCWeb.
- The session object has the PasswordChangeRequired message.
- All other operations respond with http status code 403 Forbidden
and include the PasswordChangeRequired message.
- The ManagerAccount (URI /redfish/v1/AccountService/Accounts/USER)
PasswordChangeRequired property is implemented for local accounts
but not present for remote accounts.
This has the following additional behavior:
The PasswordChangeRequired property is updated at the start of each new
REST operation, even within an existing session. This behavior
implements a "dynamic" PasswordChangeRequired handling that responds to
changes to the underlying "password expired" status. Specifically:
- Sessions restricted by the PasswordChangeRequired handling lose that
restriction when the underlying account password is changed.
- Sessions become subject to the PasswordChangeRequired handling
restrictions whenever the underlying account password expires.
- The mechanism is to check if the password is expired at the start of
every new REST API operation, effectively updating the ManagerAccount
PasswordChangeRequired property each time. This makes BMCWeb
responsive to changes in the underlying account due to other activity
on the BMC.
Notes:
1. Note that when an account password status is changed (for example,
the password becomes expired or is changed) and that account has
active sessions, those sessions remain. They are not deleted. Any
current operations are allowed to complete. Subsequent operations
with that session pick up the new password status.
2. This does not implement OWASP recommendations which call for sessions
to be dropped when there is a significant change to the underlying
account. For example, when the password is changed, the password
becomes expired, or when the account's Role changes. OWASP's
recommendation is due to the session fixation vulnerability. See the
OWASP Session Management Cheat Sheet section "Renew the Session ID
After Any Privilege Level Change":
https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#renew-the-session-id-after-any-privilege-level-change
BMCWeb protects against session fixation vulnerabilities because it
always regenerates new session IDs when successful authentication
creates a new session.
3. Users authenticating via mTLS are not subject to the
PasswordChangeRequired behavior because mTLS takes precedence over
password-based authentication.
Tested:
0. Setup:
- The `passwd --expire USERNAME` command was used to expire
passwords. The `chage USER` command was also used.
- The following were used to change the password: Redfish API,
passwd command, and the SSH password change dialog.
- Tested the following via Basic Auth, /login, and Redfish login
(except where Basic Auth does not create a persistent session).
- Only local user account were tested.
- Did not test authentication via mTLS or with LDAP users.
1. When the password is not expired, authentication behaves as usual
for both correct and incorrect passwords.
2. When the password is incorrect and expired, authentication fails as
usual.
3. When the password is correct but expired:
A. A session is created and has the PasswordChangeRequired message.
B. That session cannot access resources that require Login privilege
and the 403 message contains the PasswordChangeRequired message.
C. That session can be used to GET the user's account, PATCH the
Password, and DELETE the session object.
D. The account PasswordChangeRequired reports true.
4. While a session is established, try expiring and changing
(unexpiring) the password using various mechanisms. Ensure both the
session object and the ManagerAccount PasswordChangeRequired property
report the correct condition, and ensure PasswordChangeRequired
handling (restricting operations to ConfigureSelf when
PasswordChangeRequired is true) is applied correctly.
Signed-off-by: Joseph Reynolds <joseph-reynolds@charter.net>
Change-Id: Iedc61dea8f949e4b182e14dc189de02d1f74d3e8
|
|
Redfish made odata.context optional (1.6.0 of DSP0266, Sept 2018).
Redfish has removed odata.context from example payloads in the
specification (1.7.0 of DSP0266), removed it from the mockups,
and Redfish recommended not using.
Change-Id: Iffc75a7cb68f22d67548e5632d7ebfbdd67d6598
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>
|
|
This enhances the return value from the pamAuthenticateUser function so
callers can articulate PAM error codes like PAM_NEW_AUTHTOK_REQD which
means the credentials are correct, but the password must be changed.
Tested: Yes, scenarios via both Redfish login and Basic Auth:
- correct username and password, password is not expired
- correct username and password, password is expired
- correct username and incorrect password, password is not expired
- correct username and incorrect password, password is expired
- non-existent user (passsword is not relevant)
Signed-off-by: Joseph Reynolds <joseph-reynolds@charter.net>
Change-Id: I1114d6c9cc591fb0a1853cb4edea32ad22f7b015
|
|
Enhances BMCWeb to correctly handle the Redfish ConfigureSelf privilege.
Redfish document DSP2046 defines the ConfigureSelf privilege as
"Can change the password for the current user account and log out of
their own sessions." This notion is formalized in the Redfish DSP8011
PrivilegeRegistry where ConfigureSelf appears in three operations:
- ManagerAccount (/redfish/v1/AccountService/Accounts/{account}) GET operation.
- ManagerAccount (/redfish/v1/AccountService/Accounts/{account}) PATCH
Password property override.
- Session (/redfish/v1/SessionService/Sessions/{sessionid}) DELETE operation.
Tested: Yes, tested the above operations using users with various Roles to
determine which operations are allowed.
ReadOnly users (privileges: Login, ConfigureSelf):
- Can GET their own account.
- Can change their password.
- Can log out.
- Cannot change any other properties of their own account.
- Cannot change anyone else's password.
- Cannot GET someone else's account.
- Cannot log out anyone else.
Operator users (privileges: Login, ConfigureComponents, ConfigureSelf):
- Same access as a ReadOnly user.
Administrator users (all privileges):
- Can do everything Operator can do.
- Can change one or more properties of their account
- Can GET and change properties of someone else's account.
- Can logoff any session.
Signed-off-by: Joseph Reynolds <joseph-reynolds@charter.net>
Change-Id: If8efd71cb9743a59b7c5fe1565804d21e788ea29
|
|
This patchset is the beginings of the infrastructure to allow
separate registrations, and map privileges to the actual node in the
url table rather than having each registration manage privileges
manually.
Tested by:
Running redfish compliance tool. All things still pass.
Change-Id: I72d278cc19c60ba5b6e563fbd705b0551faf9a6a
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
|
|
Two errors were identified in the Redfish sessions implementation.
1. All user "roles" return a description containing Adminstrator,
instead of containing the name of the role.
2. The SessionService implementation was missing the link to sessions
collection.
These are resolved in this commit.
Tested By:
Ran service validator, no errors.
Change-Id: Ib48ab1756d78724b4bab124c8cf135c8a61d94a6
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
|
|
A botched merge conflict caused issues with the session service, and
accidentally hardcoded the session info response to a size zero
structure. This resolves it.
Tested By:
Ran sessionService and observed sessions present
Change-Id: I1186f0416c099df5f39a9f894ccfcc20691ceb03
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
|
|
In the original incarnation of bmcweb, route registration was done
automatically. This has proved to be a terrible idea, wraught with
corner cases and issues.
The route registration is currently the only user of the
redfish::Node::json element. Unfortunately, as written, this structure
consumes a lot of memory that's duplicated and not very useful. From a
performance perspective, there is almost no difference between
rebuilding the structure for each GET request, and having the "cache"
that needs to be copied into the response and modified before it can be
useful.
In the programming tradeoffs for bmc, lower memory usage is more important
than latency, especially at these levels.
Change-Id: I785e8352123e5e886acf05cd59cb23648f93839d
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
|
|
The error message code used a json_pointer object which must
begin with a '/' character and had to be sent as an extra
parameter. This change simplifies the interface by using a
string so there doesn't have to be a '/'. This allowed the
same property argument passed for the message to be used
for the property field path.
Tested: Sent an error with a property and verified that it is
correctly displayed.
Change-Id: I0571e2eee627cedf29d751588a4f1bceee66f084
Signed-off-by: Jason M. Bills <jason.m.bills@linux.intel.com>
|
|
Makes the Redfish error reporting interface automatically handle
setting the http status and JSON content in the response object.
When using an AsyncResp object, this allows for simply calling
the Redfish error and returning.
Change-Id: Icfdce2de763225f070e8dd61e591f296703f46bb
Signed-off-by: Jason M. Bills <jason.m.bills@linux.intel.com>
|
|
The existing way of decoding json structures, while fast has some disadvantages.
1. it's very verbose to write.
2. It requires in depth knowlege of redfish error messages to get
correct.
3. It _can_ lead to undesired behavior, like half of a patch being
applied, if only some of the values have bad types.
This commit implements a new interface for decoding redfish json
named.... readJson. It is a templated function, that lets you decode
json values based on type easily, while still handling all the correct
error codes that were handled previously. Use is done similar to the
example below:
std::string required;
boost::optional<std::string> optional;
if (!json_util::readJson(req, res, "OptionalParam", optional,
"RequiredParam", required))
{
return;
}
if (optional){
// optional param was given, take action.
}
As part of this patchset, the systems schema is moved to the new
interface, which deletes some of the code involved and shows the
improvement in clarity.
Change-Id: I041a97c84d294df8cd4de4c2702e5ee22c0bc120
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
|
|
Previously, SessionService would return a json decode error for all
errors, even if certain keys were incorrect. This updates the POST
handler to use a better method, and should reduce the binary size a
little, given that we're removing the possibly throwing get<> code.
This needs a very good review. This endpoint is available pre-auth, and
needs to be secure regardless of input.
Tested By:
curl --noproxy "*" -k -X POST -d '{"UserName": "root", "Password":
"0penBmc"}' https://10.243.48.30/redfish/v1/SessionService/Sessions/
Returns correct response.
Tested several variations, including extra parameters, missing username,
missing password, ect. Got correct error code in all cases.
Change-Id: Ic8e6edd9f7badc0d22aa8dafa9c0c260386712ac
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
|
|
This commit moves the codebase to the lastest clang-format file from
upstream, as well as clang-format-6.0.
Change-Id: Ice8313468097c0c42317fbb9e10ddf036e8cff4c
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
|
|
From the redfish specification 1.5.0, page 98:
"""
The response to the POST request to create a session shall include the
following:
...
A Location header that contains a hyperlink to the newly created session
resource
"""
This implements the location header properly, per specification.
Tested by:
Attempting POST on the Sessions resource, and observing a "Location"
header be set.
Change-Id: Ia62c385bedf67e6267d573771b04a211ba332f21
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
|
|
This patchset moves bmcweb over to the upstream style naming
conventions for variables, classes, and functions, as well as imposes
the latest clang-format file.
This changeset was mostly built automatically by the included
.clang-tidy file, which has the ability to autoformat and auto rename
variables. At some point in the future I would like to see this in
greater use, but for now, we will impose it on bmcweb, and see how it
goes.
Tested: Code still compiles, and appears to run, although other issues
are possible and likely.
Change-Id: If422a2e36df924e897736b3feffa89f411d9dac1
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
|
|
- SessionStore class now has a proper singleton structure
- session_storage_singleton.hpp is removed
- from_json(..) function for SessionStore is changed to a specialized
template
- minor cosmetic fixes added
- Move the template class usages of Crow App over to a non-template
parameter
Change-Id: Ic9effd5b7bac089a84c80a0caa97bd46d4984416
Signed-off-by: Borawski.Lukasz <lukasz.borawski@intel.com>
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
|
|
This commit is the beginings of attempting to transition away from
crow, and toward boost::beast. Unit tests are passing, and
implementation appears to be slightly faster than crow.
Change-Id: Ic8d946dc7a04f514c67b1098f181eee1ced69171
|
|
Added a python script that should be use to generate error_messages.cpp na .hpp
files. These files as are not subject to change in a dynamic manner, should be
regenerated only when MessageRegistry changes.
Tested on x86 Ubuntu VM and Wolfpass platform:
a) No regression in BMCWeb interface
- Went through WebUI observed no changes in functionality
b) No regression in Redfish functionality
- Went through nodes and observed no changes in functionality
- Sessions now return error messages in addition to HTTP codes
Change-Id: I4aba9ee247b6cd2c46a9c158d14bdc7546e9b11b
Signed-off-by: Kowalski, Kamil <kamil.kowalski@intel.com>
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
|
|
1. Role members needs to be an array, not an object
2. Fix accounts schema to use the new user manager
3. Remove "status" field hardcodes
4. Hardcode chassisType to rackmount for now
5. Work around bug in get sub routes
6. Add ID to SessionService Schema
Change-Id: Ibb13d6ace747ac028e840638868c3a01d65dedfa
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
|
|
1. Create char* overloads for the things that need it.
2. Fix up a couple errant moves
3. Use the gtest APIs for testing container membership, rather than sort
4. Move the index management to vector rather than map to avoid a lookup
5. Remove errant use of .at()
6. Move privilege comparison into the privilege class, in order to keep
the bitset implementation private. This removes the requirment on the
forward declaration of PrivilegeProvider, and the use of friend class
7. Remove unimplemented override strcutures. Feel free to add them
back once implemented
8. Make setSignlePrivilege return a code if the set failed
9. Remove the need for an extra construction of a blank privileges
object for things that require no privileges.
Tested by: updating unit tests with the appropriate APIs. Relevant
unit tests pass
Change-Id: Ie9cde003b6c865979b4cac086379d0a3473896ce
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
|
|
- added node version of the SessionService implementation
- added a default timeout member and a get timeout method
to the SessionStore class
Change-Id: I532080789b3d687208510f8b748402735ed888d8
Signed-off-by: Borawski.Lukasz <lukasz.borawski@intel.com>
|
|
- getSubroutes() is now a method of the Node class
- getSubroutes() is called only once per node at construction time,
not at each GET request
- template parameter removed from the Node class
Change-Id: Ie4eb8766717aae566c13c295458fe0dba8ab84c0
Signed-off-by: Borawski.Lukasz <lukasz.borawski@intel.com>
|
|
- privilege_registry.json has been removed
- PrivilegeProvider class has been removed
- default privileges for nodes are now hard-coded
- privilege overriding feature is not yet implemented
Change-Id: Ic9fdfa1c692c1abd26e339e2a8c702fc4aebd19f
Signed-off-by: Borawski.Lukasz <lukasz.borawski@intel.com>
|
|
Redfish privilege authorization subsystem controlled by the
privilege_registy.json configuration file.
PropertyOverrides, SubordinateOverrides and ResourceURIOverrides
are not yet implemented.
Change-Id: I4d5670d557f4da172460ada3512e015830dab667
Signed-off-by: Borawski.Lukasz <lukasz.borawski@intel.com>
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
|
|
New Redfish-Core nodes added (removed from redfish_v1.hpp) - Session
and SessionCollection. Tested manually on x86 VM and Wolfpass Platform.
Behavior almost identical to what was before - differences:
- SessionCollection - now only returns TIMEOUT presistence sessions, not SINGLE
- Aquiring sessions from session storage now applies timeouts
Change-Id: I68bf4fa7fa1c8371216a7d4daa30bbfb653cfa72
Signed-off-by: Kowalski, Kamil <kamil.kowalski@intel.com>
|