Age | Commit message (Collapse) | Author | Files | Lines |
|
Reduces the total number of lines and will allow for easier testing of
the redfish responses.
A main purpose of the node class was to set app.routeDynamic(). However
now app.routeDynamic can handle the complexity that was once in critical
to node. The macro app.routeDynamic() provides a shorter cleaner
interface to the unerlying app.routeDyanic call. The old pattern set
permissions for 6 interfaces (get, head, patch, put, delete_, and post)
even if only one interface is created. That pattern creates unneeded
code that can be safely removed with no effect.
Unit test for the responses would have to mock the node the class in
order to fully test responses.
see https://github.com/openbmc/bmcweb/issues/181
The following files still need node to be extracted.
virtual_media.hpp
account_service.hpp
redfish_sessions.hpp
ethernet.hpp
The files above use a pattern that is not trivial to address. Often their
responses call an async lambda capturing the inherited class. ie
(https://github.com/openbmc/bmcweb/blob/ffed87b5ad1797ca966d030e7f979770
28d258fa/redfish-core/lib/account_service.hpp#L1393)
At a later point I plan to remove node from the files above.
Tested:
I ran the docker unit test with the following command.
WORKSPACE=$(pwd) UNIT_TEST_PKG=bmcweb
./openbmc-build-scripts/run-unit-test-docker.sh
I ran the validator and this change did not create any issues.
python3 RedfishServiceValidator.py -c config.ini
Signed-off-by: John Edward Broadbent <jebr@google.com>
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: I147a0289c52cb4198345b1ad9bfe6fdddf57f3df
|
|
Get the core using AsyncResp everywhere, and not have each individual handler
creating its own object.We can call app.handle() without fear of the response
getting ended after the first tree is done populating.
Don't use res.end() anymore.
Tested:
1. Validator passed.
Signed-off-by: zhanghaicheng <zhanghch05@inspur.com>
Change-Id: I867367ce4a0caf8c4b3f4e07e06c11feed0782e8
|
|
Now that CI can handle clang-tidy, and a lot of the individual fixes
have landed for the various static analysis checks, lets see how close
we are.
This includes bringing a bunch of the code up to par with the checks
that require. Most of them fall into the category of extraneous else
statements, const correctness problems, or extra copies.
Tested:
CI only. Unit tests pass.
Signed-off-by: Ed Tanous <ed@tanous.net>
Change-Id: I9fbd346560a75fdd3901fa40c57932486275e912
|
|
This commit enables the "unused variables" warning in clang. Throughout
this, it did point out several issues that would've been functional
bugs, so I think it was worthwhile. It also cleaned up several unused
variable from old constructs that no longer exist.
Tested:
Built with clang. Code no longer emits warnings.
Downloaded bmcweb to system and pulled up the webui, observed webui
loads and logs in properly.
Change-Id: I51505f4222cc147d6f2b87b14d7e2ac4a74cafa8
Signed-off-by: Ed Tanous <ed@tanous.net>
|
|
Middlewares, while kinda cool from an academic standpoint, make our
build times even worse than they already are. Given that we only really
use 1 real middleware today (token auth) and it needs to move into the
parser mode anyway (for security limiting buffer sizes), we might as well
use this as an opportunity to delete some code.
Some other things that happen:
1. Persistent data now moves out of the crow namespace
2. App is no longer a template
3. All request_routes implementations no longer become templates. This
should be a decent (unmeasured) win on compile times.
This commit was part of a commit previously called "various cleanups".
This separates ONLY the middleware deletion part of that.
Note, this also deletes about 400 lines of hard to understand code.
Change-Id: I4c19e25491a153a2aa2e4ef46fc797bcb5b3581a
Signed-off-by: Ed Tanous <ed@tanous.net>
|
|
Redfish made odata.context optional (1.6.0 of DSP0266, Sept 2018).
Redfish has removed odata.context from example payloads in the
specification (1.7.0 of DSP0266), removed it from the mockups,
and Redfish recommended not using.
Change-Id: Ic267d8c9f1fbbec6087e61edf16e6bffe11c927e
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>
|
|
Added NoAccess role to the Redfish, to properly show
users created using IPMI with NoAccess privilege.
This patch will add NoAccess role & will use the same
when the user privilege is empty.
Note: This code was reverted due to redfish validator failure
and the same has been fixed in this patch, by creating
proper json array empty object.
Tested:
1. Verified redfish validator passed and the earlier issue of
failNullCollection for the NoAccess role is resolved.
2. Verified NoAccess role is listed properly
Get: https://<BMC IP>/redfish/v1/AccountService/Roles/NoAccess
{
"@odata.context": "/redfish/v1/$metadata#Role.Role",
"@odata.id": "/redfish/v1/AccountService/Roles/NoAccess",
"@odata.type": "#Role.v1_2_2.Role",
"AssignedPrivileges": [],
"Description": "NoAccess User Role",
"Id": "NoAccess",
"IsPredefined": true,
"Name": "User Role",
"OemPrivileges": [],
"RoleId": "NoAccess"
}
3. Verified user with No Privilege is listed without any error.
Get: https://<BMC IP>/redfish/v1/AccountService/Accounts/user6
{
"@odata.context": "/redfish/v1/$metadata#ManagerAccount.
ManagerAccount",
"@odata.id": "/redfish/v1/AccountService/Accounts/user6",
"@odata.type": "#ManagerAccount.v1_0_3.ManagerAccount",
"Description": "User Account",
"Enabled": false,
"Id": "user6",
"Links": {
"Role": {
"@odata.id": "/redfish/v1/AccountService/Roles/NoAccess"
}
},
"Locked": false,
"Locked@Redfish.AllowableValues": [
"false"
],
"Name": "User Account",
"Password": null,
"RoleId": "NoAccess",
"UserName": "user6"
}
Change-Id: If9577598e0a6215cf76f5db031ad5f8bcf2387a7
Signed-off-by: jayaprakash Mutyala <mutyalax.jayaprakash@intel.com>
Signed-off-by: Richard Marian Thomaiyar <richard.marian.thomaiyar@linux.intel.com>
|
|
priv-callback is valid only for IPMI modem callback, which
was never used, and it's decided to deprecate the same
https://gerrit.openbmc-project.xyz/#/c/openbmc/docs/+/26839/
Removing the support in redfish now.
Tested:
1. Verified callback role was not in list in Get of
https://<BMC IP>/redfish/v1/AccountService/Roles/
2. Redfish validator passed for this change.
Change-Id: Ia16fb584a07bbdf29197cd5dd54e7a9682627c19
Signed-off-by: Richard Marian Thomaiyar <richard.marian.thomaiyar@linux.intel.com>
|
|
This reverts commit 27c10d2ee746b85e9463efb0fc6773c209b2f5ba.
Reason for revert: <Makes the validator fail>
Change-Id: I379d9eda57416476ff1cc17e594c55dedd0bc4eb
Signed-off-by: James Feist <james.feist@linux.intel.com>
|
|
Issue: With IPMI command- If New user created, by defualt created with
"NO ACCESS" Channel priv Limit. But same role is not populating from
Redfish.
This test can be done only with below patch being merged.
https://gerrit.openbmc-project.xyz/#/c/openbmc/phosphor-user-manager/
+/24784/
Tested:
Added "NoAccess" Role to Redfish(if Channel privilege Limit is empty in
userlist).
Below is Snapshot from Redfish:
Get: https://<BMC IP>/redfish/v1/AccountService/Roles/NoAccess
{
"@odata.context": "/redfish/v1/$metadata#Role.Role",
"@odata.id": "/redfish/v1/AccountService/Roles/NoAccess",
"@odata.type": "#Role.v1_2_2.Role",
"AssignedPrivileges": null,
"Description": "NoAccess User Role",
"Id": "NoAccess",
"IsPredefined": true,
"Name": "User Role",
"OemPrivileges": [],
"RoleId": "NoAccess"
}
Get: https://<BMC IP>/redfish/v1/AccountService/Accounts/user6
{
"@odata.context": "/redfish/v1/$metadata#ManagerAccount.
ManagerAccount",
"@odata.id": "/redfish/v1/AccountService/Accounts/user6",
"@odata.type": "#ManagerAccount.v1_0_3.ManagerAccount",
"Description": "User Account",
"Enabled": false,
"Id": "user6",
"Links": {
"Role": {
"@odata.id": "/redfish/v1/AccountService/Roles/NoAccess"
}
},
"Locked": false,
"Locked@Redfish.AllowableValues": [
"false"
],
"Name": "User Account",
"Password": null,
"RoleId": "NoAccess",
"UserName": "user6"
}
Redfish validator test results:
Counter({'skipOptional': 31791, 'pass': 22397, 'passGet': 2293,
'metadataNamespaces': 1047, 'warningPresent': 70,
'serviceNamespaces': 68, 'invalidPropertyValue': 67,
'err.LogEntry.v1_0_0.EventSeverity': 64, 'failProp': 64,
'repeat': 14, 'reflink': 9, 'passAction': 7, 'optionalAction': 6,
'failErrorPresent': 1, 'unverifiedComplexAdditional': 1,
'warnTrailingSlashLink': 1})
Validation has failed: 65 problems found
Signed-off-by: jayaprakash Mutyala <mutyalax.jayaprakash@intel.com>
Change-Id: Ibc74e2fe4519ec6160dd516893d5e542feeabb0d
|
|
As per redfish specification (DSP0266), there are
set of predefined privilege roles. In OpenBMC code
has "User" as role name instead of "ReadOnly".
So corrected the same. Updated Redfish.md accordingly.
Spec says:
Role Name = "ReadOnly"
▪ AssignedPrivileges = Login, ConfigureSelf
Tested:
- Role collection shows new role.
- GET on /redfish/v1/AccountService/Roles/ReadOnly
URI shows correct AssignedPrivileges.
- Ran negative test with /redfish/v1/AccountService/Roles/User
and observed error(404 - Not Found).
- Ran Redfish validator and no new issues observed.
Signed-off-by: AppaRao Puli <apparao.puli@linux.intel.com>
Change-Id: I7b0132c628fb4950b6ec095269cd1a12e92aea9a
|
|
-werror on the newest version of GCC finds even more stuff than was
found before. Fix all of them.
Tested: No functional change. In theory these cases can't occur unless
a dbus interface is broken.
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
Change-Id: Id11e29e4851075b511e69cbc006aa8d7e1e229f0
|
|
This reverts commit 8e69d148249f6a45cea10e988ec03430a5932784.
Reason for revert: This causes service validator failures.
I missed the fact that despite being asked a couple times, the service validator wasn't run. Please run it, resolve your bug, and resubmit as a new review.
Change-Id: I0bb61ab1a618a96b2ed2c600825ec72b8d020ec0
|
|
Callback privilege user must not be allowed to login,similar to IPMI.
This user is used for callback purpose from IPMI point of it, and
must be maintained in bmcweb to be consistent with IPMI, Hence
removing the access to login for callback user
Tested:
1.Create a user with username 'test1' and privilege -
"Callback" via Redfish.
2.Using that Callback level credentials, try to do
"Get" at this URI https://<ip-addr>/redfish/v1/Systems/system
3.output: Forbidden
4.use same URL to login from webUI with callback privilege
https://<ip-addr>/redfish/v1/Systems/system
5.output: Forbidden
Signed-off-by: anil kumar appana <anil.kumarx.appana@intel.com>
Change-Id: I86dac565fc874e5d0fe033640ffc3de576a1f693
|
|
RedfishServiceValiddator passed with success on this service.
Signed-off-by: Zbigniew Kurzynski <zbigniew.kurzynski@intel.com>
Change-Id: I9161984c51037ebb7f34fdb36bee34026d28be03
Signed-off-by: Zbigniew Kurzynski <zbigniew.kurzynski@intel.com>
|
|
Two errors were identified in the Redfish sessions implementation.
1. All user "roles" return a description containing Adminstrator,
instead of containing the name of the role.
2. The SessionService implementation was missing the link to sessions
collection.
These are resolved in this commit.
Tested By:
Ran service validator, no errors.
Change-Id: Ib48ab1756d78724b4bab124c8cf135c8a61d94a6
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
|
|
Change-Id: I9d7069668f91f2ac72d2f4a440f63e0e85dd5269
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
|
|
Added RoleCollection by retriving information
from dbus user object and Role properties support.
Test:
Tested RoleCollection and Role redfish URI's by cross
validaing with dbus user object properties.
Change-Id: I519972f645c7a4d0486e64ae5a403a3009aa26f5
Signed-off-by: AppaRao Puli <apparao.puli@linux.intel.com>
|
|
In the original incarnation of bmcweb, route registration was done
automatically. This has proved to be a terrible idea, wraught with
corner cases and issues.
The route registration is currently the only user of the
redfish::Node::json element. Unfortunately, as written, this structure
consumes a lot of memory that's duplicated and not very useful. From a
performance perspective, there is almost no difference between
rebuilding the structure for each GET request, and having the "cache"
that needs to be copied into the response and modified before it can be
useful.
In the programming tradeoffs for bmc, lower memory usage is more important
than latency, especially at these levels.
Change-Id: I785e8352123e5e886acf05cd59cb23648f93839d
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
|
|
This commit moves the codebase to the lastest clang-format file from
upstream, as well as clang-format-6.0.
Change-Id: Ice8313468097c0c42317fbb9e10ddf036e8cff4c
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
|
|
This patchset moves bmcweb over to the upstream style naming
conventions for variables, classes, and functions, as well as imposes
the latest clang-format file.
This changeset was mostly built automatically by the included
.clang-tidy file, which has the ability to autoformat and auto rename
variables. At some point in the future I would like to see this in
greater use, but for now, we will impose it on bmcweb, and see how it
goes.
Tested: Code still compiles, and appears to run, although other issues
are possible and likely.
Change-Id: If422a2e36df924e897736b3feffa89f411d9dac1
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
|
|
This commit is the beginings of attempting to transition away from
crow, and toward boost::beast. Unit tests are passing, and
implementation appears to be slightly faster than crow.
Change-Id: Ic8d946dc7a04f514c67b1098f181eee1ced69171
|
|
1. Role members needs to be an array, not an object
2. Fix accounts schema to use the new user manager
3. Remove "status" field hardcodes
4. Hardcode chassisType to rackmount for now
5. Work around bug in get sub routes
6. Add ID to SessionService Schema
Change-Id: Ibb13d6ace747ac028e840638868c3a01d65dedfa
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
|
|
1. Create char* overloads for the things that need it.
2. Fix up a couple errant moves
3. Use the gtest APIs for testing container membership, rather than sort
4. Move the index management to vector rather than map to avoid a lookup
5. Remove errant use of .at()
6. Move privilege comparison into the privilege class, in order to keep
the bitset implementation private. This removes the requirment on the
forward declaration of PrivilegeProvider, and the use of friend class
7. Remove unimplemented override strcutures. Feel free to add them
back once implemented
8. Make setSignlePrivilege return a code if the set failed
9. Remove the need for an extra construction of a blank privileges
object for things that require no privileges.
Tested by: updating unit tests with the appropriate APIs. Relevant
unit tests pass
Change-Id: Ie9cde003b6c865979b4cac086379d0a3473896ce
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
|
|
- getSubroutes() is now a method of the Node class
- getSubroutes() is called only once per node at construction time,
not at each GET request
- template parameter removed from the Node class
Change-Id: Ie4eb8766717aae566c13c295458fe0dba8ab84c0
Signed-off-by: Borawski.Lukasz <lukasz.borawski@intel.com>
|
|
- privilege_registry.json has been removed
- PrivilegeProvider class has been removed
- default privileges for nodes are now hard-coded
- privilege overriding feature is not yet implemented
Change-Id: Ic9fdfa1c692c1abd26e339e2a8c702fc4aebd19f
Signed-off-by: Borawski.Lukasz <lukasz.borawski@intel.com>
|
|
Initial version moved to separate node.
Change-Id: I3fe4e2eb00bcb754ea81de0a0656f4de9eb9156c
Signed-off-by: Lewanczyk, Dawid <dawid.lewanczyk@intel.com>
|
|
Move roles and roles collection to new class based implementation
Change-Id: I70f39bf8289fb45483a1e7f2c4eb3dbc1c7a7090
Signed-off-by: Lewanczyk, Dawid <dawid.lewanczyk@intel.com>
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
|