| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Most of these were found by breaking every redfish class handler into
its own compile unit:
When that's done, these missing headers become compile errors. We
should just fix them.
In addition, this allows us to enable automatic header checking in
clang-tidy using misc-header-cleaner. Because the compiler can now
"see" all the defines, it no longer tries to remove headers that it
thinks are unused.
[1] https://github.com/openbmc/bmcweb/commit/4fdee9e39e9f03122ee16a6fb251a380681f56ac
Tested: Code compiles.
Change-Id: Ifa27ac4a512362b7ded7cc3068648dc4aea6ad7b
Signed-off-by: Ed Tanous <ed@tanous.net>
|
|
This function in the next patch will be used for more than just TFTP, so
rename it to match intent, and refactor to use non-TFTP specific types.
Tested: Rename only. Need help on TFTP setups if we need it.
Change-Id: Ifc7485aa60ec53407c38b3d1bec530bdacf50075
Signed-off-by: Ed Tanous <ed@tanous.net>
|
|
If we use string_view with std::from_chars, we can use begin() and end()
directly (because they return pointers) and not have to do silly things
like dereference end(), which, while works in practice, is technically
undefined behavior, and some static analyzers complain about it.
Tested: Unit tests pass against both old parsePostCode and new.
Change-Id: Icfdec3b81f4a9c9bed3599571a8bc8779f9bfb98
Signed-off-by: Ed Tanous <ed@tanous.net>
|
|
In Redfish schema, just about all values can be a type (string,
EDM.Numeric, etc) or null. Most APIs don't allow explicitly setting
null, but there are a few cases where it is useful, namely in lists,
where an an empty object {} keeps the value the same, and null deletes
the value from the list.
Previously we handled this by unpacking as nlohmann::json, but this
allowed things like
[1.0, {}] to pass the check for an array of string values. We'd
ideally like to reject the 1.0 at the first stage, as well as reduce
the number of tiered readJson calls that we make.
This commit introducess support for unpacking std::variant types, that
allows unpacking a known type, or explicitly allowing null, by unpacking
std::nullptr_t.
Tested: Unit tests pass.
Change-Id: Ic7451877c824ac743faf1951cc2b5d9f8df8019c
Signed-off-by: Ed Tanous <edtanous@google.com>
|
|
Several places access the members of `req` indirectly like
`req.req.method()`. This can be simplified as `req.method()` .
This would also make the code clearer.
Tested:
- Compiles
- Redfish service validator passes
Change-Id: Ie129564ff907cdea7ac224b1e3d80cc0dedfbd7b
Signed-off-by: Myung Bae <myungbae@us.ibm.com>
|
|
There are currently 78 sdbusplus::asio::setProperty calls in
redfish-core. The error handler for nearly all of them looks something
like:
```
if (ec)
{
const sd_bus_error* dbusError = msg.get_error();
if ((dbusError != nullptr) &&
(dbusError->name ==
std::string_view(
"xyz.openbmc_project.Common.Error.InvalidArgument")))
{
BMCWEB_LOG_WARNING("DBUS response error: {}", ec);
messages::propertyValueIncorrect(asyncResp->res, "<PropertyName>", <PropertyValue>);
return;
}
messages::internalError(asyncResp->res);
return;
}
messages::success(asyncResp->res);
```
In some cases there are more errors handled that translate to more error
messages, but the vast majority only handle InvalidArgument. Many of
these, like the ones in account_service.hpp, do the error handling in a
lambda, which causes readability problems. This commit starts to make
things more consistent, and easier for trivial property sets.
This commit invents a setDbusProperty method in the redfish namespace
that tries to handle all DBus errors in a consistent manner. Looking
for input on whether this will work before changing over the other 73
calls. Overall this is less code, fewer inline lambdas, and defaults
that should work for MOST use cases of calling an OpenBMC daemon, and
fall back to more generic errors when calling a "normal" dbus daemon.
As part of this, I've ported over several examples. Some things that
might be up in the air:
1. Do we always return 204 no_content on property sets? Today there's a
mix of 200, with a Base::Success message, and 204, with an empty body.
2. Do all DBus response codes map to the same error? A majority are
covered by xyz.openbmc_project.Common.Error.InvalidArgument, but there
are likely differences. If we allow any daemon to return any return
code, does that cause compatibility problems later?
Tested:
```
curl -k --user "root:0penBmc" -H "Content-Type: application/json" -X PATCH -d '{"HostName":"openbmc@#"}' https://192.168.7.2/redfish/v1/Managers/bmc/EthernetInterfaces/eth0
```
Returns the appropriate error in the response
Base.1.16.0.PropertyValueIncorrect
Change-Id: If033a1112ba516792c9386c997d090c8f9094f3a
Signed-off-by: Ed Tanous <ed@tanous.net>
|
|
And fix the includes that are wrong.
Note, there is a very large ignore list included in the .clang-tidy
configcfile. These are things that clang-tidy doesn't yet handle
well, like knowing about a details include.
Change-Id: Ie3744f2c8cba68a8700b406449d6c2018a736952
Signed-off-by: Ed Tanous <ed@tanous.net>
|
|
clang-tidy-18 makes this feature stable enough for us to use in general.
Enable the check, and fix the couple of regressions that have snuck in
since we last ran the check.
Tidy seems to not be able to understand that ASSERT will not continue,
so if we ASSERT a std::optional, it's not a bug. Add explicit checks to
keep tidy happy.
Tested: clang-tidy passes.
Change-Id: I0986453851da5471056a7b47b8ad57a9801df259
Signed-off-by: Ed Tanous <ed@tanous.net>
|
|
These variables aren't used, and clang-tidy-18 flags it. Remove
Tested: Code compiles.
Change-Id: I414c4614a5f789aecab7700a4ec805e98c09cade
Signed-off-by: Ed Tanous <ed@tanous.net>
|
|
Redfish supports several type systems for json. This makes parsing into
proper types a challenge. Nlohmann supports 3 core data types,
nlohmann::json, which supports all json types (float, int, array,
object). Nlohmann::json::object_t, which is a specific typedef of
std::map, and nlohmann::json::array_t, which is a specific typedef of
std::map.
Redfish allows reading our arrays of complex objects, similar to
NtpServers: [null, {}, "string"]
Which makes it a challenge to support. This commit allows parsing out
objects as a nlohmann::object_t, which gives the ability to later use it
in a type safe manner, without having to call
get_ptr<nlohmann::json::object_t later>.
Tested:
Unit tests pass.
Change-Id: I4134338951ce27c2f56841a45b56bc64ad1753db
Signed-off-by: Ed Tanous <ed@tanous.net>
|
|
Commit [1] introduced a new optional dbus property that OpenBMC
developers can populate to define which
redfish/v1/Systems/system/ResetActionInfo AllowableValues are.
Look for that new property on dbus. If not found, hard code the
previous values otherwise utilize the property to fill in the return
value.
Tested:
- Put new property on dbus and confirmed Redfish API returned expected
values:
```
curl -k -H "X-Auth-Token: $token" -X GET https://${bmc}/redfish/v1/Systems/system/ResetActionInfo
{
"@odata.id": "/redfish/v1/Systems/system/ResetActionInfo",
"@odata.type": "#ActionInfo.v1_1_2.ActionInfo",
"Id": "ResetActionInfo",
"Name": "Reset Action Info",
"Parameters": [
{
"AllowableValues": [
"ForceOff",
"PowerCycle",
"Nmi",
"On",
"ForceOn",
"ForceRestart",
"GracefulRestart",
"GracefulShutdown"
],
"DataType": "String",
"Name": "ResetType",
"Required": true
}
]
}
```
- Did not run redfish validator as response was same as previous
[1]: https://gerrit.openbmc.org/c/openbmc/phosphor-dbus-interfaces/+/68933
Change-Id: Iecece14e7ff55db98d96df71b106ecc9e3f0ac33
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>
|
|
Add support to fetch MemoryStatistics, FreeStorageSpaceKiB and
ProcessorStatistics for Manager Diagnostic Data.
https://redfish.dmtf.org/schemas/v1/ManagerDiagnosticData.v1_2_1.json
This change is in relation to following design and D-Bus interface -
https://gerrit.openbmc.org/c/openbmc/docs/+/64917
https://gerrit.openbmc.org/c/openbmc/phosphor-dbus-interfaces/+/64914
Test:
Redfish query output -
{
"@odata.id": "/redfish/v1/Managers/bmc/ManagerDiagnosticData",
"@odata.type": "#ManagerDiagnosticData.v1_2_0.ManagerDiagnosticData",
"FreeStorageSpaceKiB": 3772,
"Id": "ManagerDiagnosticData",
"MemoryStatistics": {
"AvailableBytes": 354224066,
"BuffersAndCacheBytes": 78984633,
"SharedBytes": 11876066,
"TotalBytes": 425516000
},
"Name": "Manager Diagnostic Data",
"ProcessorStatistics": {
"KernelPercent": 13.0234,
"UserPercent": 5.7374
},
"ServiceRootUptimeSeconds": 2255.117
}
Redfish service validator passing -
Elapsed time: 0:03:12
metadataNamespaces: 3726
pass: 5133
passAction: 9
passGet: 205
passRedfishUri: 197
skipNoSchema: 3
skipOptional: 3492
warnDeprecated: 4
warningPresent: 7
Validation has succeeded.
Change-Id: I43758a993eb7f342cb9ac5f5574498b37261c2cc
Signed-off-by: Jagpal Singh Gill <paligill@gmail.com>
|
|
Similar to transforms we've done elsewhere, we shouldn't be parsing
urls using std::string::find, regex, or anything else, as they don't
handle URL % encoding properly.
Change-Id: I48bb30c0c737c4df2ae73f40fc49c63bac5b658f
Signed-off-by: Ed Tanous <edtanous@google.com>
|
|
These were found with:
codespell -w $(git ls-files | grep "\.[hc]\(pp\)\?$")
At some point in the future, we might want to get this enabled in CI.
Change-Id: Iccb57b2adfd06a2e177e99db2923fe4e8e329118
Signed-off-by: Ed Tanous <ed@tanous.net>
|
|
/redfish/v1/Managers/bmc/LogServices/Journal/Entries gives the system
journal entries whose ID is based on the realtime timestmap. However,
the system realtime may go backward if the system time is changed either
manually or via NTP.
If that happens, those entries may not found via redfish GET as
`sd_journal_seek_realtime_usec()`[1] may not always work on the entries
which are not sorted in time-order.
This may cause the inconsistency between the content of
`/redfish/v1/Managers/bmc/LogServices/Journal/Entries/`
and /redfish/v1/Managers/bmc/LogServices/Journal/Entries/<bmc_journal_id>`.
For example,
```
sudo journalctl --vacuum-time=1s
<wait for a while to clear up journal>
date -s "<backward-time>"
date -s "<forward-time>"
```
Run redfish journal entries and get each entry id from the output
```
curl -k -X GET https://${bmc}/redfish/v1/Managers/bmc/LogServices/Journal/Entries > rj.out
```
Take some logEntry Id that its time going backward like
```
grep "@odata.id" rj.out
```
Run redfish query for each id, and some of them can't be successful.
```
% curl -k -X GET https://${bmc}/redfish/v1/Managers/bmc/LogServices/Journal/Entries/1701604800002075
{
"error": {
"@Message.ExtendedInfo": [
{
"@odata.type": "#Message.v1_1_1.Message",
"Message": "The requested resource of type LogEntry named '1701604800002075' was not found.",
"MessageArgs": [
"LogEntry",
"1701604800002075"
],
"MessageId": "Base.1.13.0.ResourceNotFound",
"MessageSeverity": "Critical",
"Resolution": "Provide a valid resource identifier and resubmit the request."
}
],
"code": "Base.1.13.0.ResourceNotFound",
"message": "The requested resource of type LogEntry named '1701604800002075' was not found."
}
}%
```
This can also be verified by checking the failure of Redfish Validator run
```
python3 RedfishServiceValidator.py --auth Session -i https://${bmc} -u admin -p 0penBmc0 --payload Tree /redfish/v1/Managers/bmc/LogServices/Journal/Entries
```
For example,
```
ERROR - Members: GET of resource at URI /redfish/v1/Managers/bmc/LogServices/Journal/Entries/1701604800002075 returned HTTP error. Check URI.
ERROR - Members: GET of resource at URI /redfish/v1/Managers/bmc/LogServices/Journal/Entries/1701604800065949 returned HTTP error. Check URI.
ERROR - Members: GET of resource at URI /redfish/v1/Managers/bmc/LogServices/Journal/Entries/1701607680003048 returned HTTP error. Check URI.
```
```
--Time goes backwrd
{
"@odata.id": "/redfish/v1/Managers/bmc/LogServices/Journal/Entries/1701604800002075",
"@odata.type": "#LogEntry.v1_9_0.LogEntry",
"Created": "2023-12-03T12:00:00+00:00",
"EntryType": "Oem",
"Id": "1701604800002075",
"Message": "systemd-resolved: Clock change detected. Flushing caches.",
"Name": "BMC Journal Entry",
"OemRecordFormat": "BMC Journal Entry",
"Severity": "OK"
},
...
{
"@odata.id": "/redfish/v1/Managers/bmc/LogServices/Journal/Entries/1701607680003048",
"@odata.type": "#LogEntry.v1_9_0.LogEntry",
"Created": "2023-12-03T12:48:00+00:00",
"EntryType": "Oem",
"Id": "1701607680003048",
"Message": "systemd-resolved: Clock change detected. Flushing caches.",
"Name": "BMC Journal Entry",
"OemRecordFormat": "BMC Journal Entry",
"Severity": "OK"
},
-- Time comes back to the previous moment
```
The solution is proposed to use <bootid> + <monototic timestamp> as the
redfish journal entry id instead of realtime timestamp.
Unlike realtime timestamp which may go backward, <monotonic timestamp>
is monotonically increasing.
Tested:
- Redfish Validator passes
- GET Journal Entry ID will be found even if its time goes backward.
[1] https://github.com/openbmc/bmcweb/blob/7164bc62dd26ec92b01985aaae97ecc48276dea5/redfish-core/lib/log_services.hpp#L2690
Change-Id: I83bfb1ed88c9cf036f594757aa4a00d2709dd196
Signed-off-by: Myung Bae <myungbae@us.ibm.com>
|
|
As is, it reads the whole file into memory before sending it. While
fairly fast for the user, this wastes ram, and makes bmcweb less useful
on less capable systems.
This patch enables using the boost::beast::http::file_body type, which
has more efficient serialization semantics than using a std::string. To
do this, it adds a openFile() handler to http::Response, which can be
used to properly open a file. Once the file is opened, the existing
string body is ignored, and the file payload is sent instead.
openFile() also returns success or failure, to allow users to properly
handle 404s and other errors.
To prove that it works, I moved over every instance of direct use of the
body() method over to using this, including the webasset handler. The
webasset handler specifically should help with system load when doing an
initial page load of the webui.
Tested:
Redfish service validator passes.
Change-Id: Ic7ea9ffefdbc81eb985de7edc0fac114822994ad
Signed-off-by: Ed Tanous <ed@tanous.net>
|
|
This code as it stands pulls in the full datetime library from boost,
including io, and a bunch of timezone code. The bmc doesn't make use of
any of this, so we can rely on a much simplified version.
Unfortunately for us, gcc still doesn't implement the c++20
std::chrono::parse[1]. There is a reference library available from [2]
that backports the parse function to compilers that don't yet support
it, and is the basis for the libc++ version. This commit opts to copy
in the header as-written, under the assumption that we will never need
to pull in new versions of this library, and will move to the std
ersion as soon as it's available in the next gcc version.
This commit simplifies things down to improve compile times and binary
size. It saves ~22KB of compressed binary size, or about 3%.
Tested: Unit tests pass. Pretty good coverage.
[1] https://en.cppreference.com/w/cpp/chrono/parse
[2] https://github.com/HowardHinnant/date/blob/master/include/date/date.h
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: I706b91cc3d9df3f32068125bc47ff0c374eb8d87
|
|
Clang-tidy has the aforementioned check, which shows a few places in the
core where we ignored the required optional checks. Fix all uses.
Note, we cannot enable the check that this time because of some weird
code in health.hpp that crashes tidy[1]. That will need to be a future
improvement.
There are tests that call something like
ASSERT(optional)
EXPECT(optional->foo())
While this isn't an actual violation, clang-tidy doesn't seem to be
smart enough to deal with it, so add some explicit checks.
[1] https://github.com/llvm/llvm-project/issues/55530
Tested: Redfish service validator passes.
Change-Id: Ied579cd0b957efc81aff5d5d1091a740a7a2d7e3
Signed-off-by: Ed Tanous <edtanous@google.com>
|
|
Add a utility function which estimates the size of the JSON tree.
It is used in the children change to limit the reponse size of expand
query.
Tested:
1. unit test passed;
2. tested on hardware, the following are real sizes and estimation
```
Real payload size, Estimation, query
15.69 KB, 10.21 KB, redfish/v1?$expand=.($levels=1)
95.76 KB, 62.11 KB, redfish/v1?$expand=.($levels=2)
117.14 KB, 72.71 KB, redfish/v1?$expand=.($levels=3)
127.65 KB, 77.64 KB, redfish/v1?$expand=.($levels=4)
```
Signed-off-by: Nan Zhou <nanzhoumails@gmail.com>
Change-Id: Iae26d6732a6ec63ecc59eacf657b4bf33c07c046
|
|
With delegate expand, the default expand level is -=
`queryCapabilities.canDelegateExpandLevel`. This creates an overlap of
expand process between delegate expand vs. default expand.
With
query.expandLevel = 2 ->
query.expandLevel = 1 and delegated.expandLevel = 1.
Both delegated and default expand will try to only expand of level one
instead of level 2 for the default.
The code in
https://github.com/openbmc/bmcweb/blob/479e899d5f57a67647f83b7f615d2c8565290bcf/redfish-core/include/utils/query_param.hpp#L583-L597
stated that the level with "@odata.id" + other property is treated as a
seperate level. So with `query.expandLevel = 1` it just loop through the
id that was already expanded and is noop.
Tested:
Before:
/redfish/v1/Chassis/BMC/Sensors?$expand=.($levels=2) returns
the same result as level=1. Needs level=3 to expand to the next level.
The RelatedItem in here doesn't get expanded with level=2.
```
wget -qO- 'http://localhost:80/redfish/v1/Chassis/BMC/Sensors?$expand=.($levels=1)'
...
{
"@odata.id": "/redfish/v1/Chassis/BMC/Sensors/temperature_DIMMXX",
"@odata.type": "#Sensor.v1_2_0.Sensor",
"Id": "temperature_DIMMXX",
"Name": "DIMMXX",
"Reading": 30.0,
"ReadingRangeMax": 127.0,
"ReadingRangeMin": -128.0,
"ReadingType": "Temperature",
"ReadingUnits": "Cel",
"RelatedItem": [
{
"@odata.id": "/redfish/v1/Systems/system/Memory/dimmXX"
}
],
"Status": {
"Health": "OK",
"State": "Enabled"
},
"Thresholds": {
"LowerCaution": {
"Reading": null
},
"LowerCritical": {
"Reading": null
},
"UpperCaution": {
"Reading": 93.0
},
"UpperCritical": {
"Reading": 95.0
}
}
}
],
"Members@odata.count": 242,
"Name": "Sensors"
}
```
After:
level=2 was able to expand to the next level.
Change-Id: I542177a94a33f8df7afbb68837f3a53b86140c86
Signed-off-by: Willy Tu <wltu@google.com>
|
|
This is one that I couldn't figure out for a while. Turns out that
fields has both a set() and an insert() method. Whereas set() replaces,
insert() appends, which is what we want in this case.
This allows us to call the actual methods several times, instead of
essentially string injecting our own code, which should make it clearer.
At the same time, there was one unit test that was structured such that
it was using addHeader to clear a header, so this commit adds an
explicit "clearHeader()" method, so we can be explicit.
Tested:
Logging into the webui in chrome (which uses POST /login) shows:
401 with no cookie header if the incorrect password is used
200 with 2 Set-Cookie headers set:
Set-Cookie:
SESSION=<session tag>; SameSite=Strict; Secure; HttpOnly
Set-Cookie:
XSRF-TOKEN=<token tag>; SameSite=Strict; Secure
Change-Id: I9b87a48ea6ba892fc08e66940563dea86edb9a65
Signed-off-by: Ed Tanous <edtanous@google.com>
|
|
Convert all types to uint8_t to not hit the conversion warning.
Change-Id: Ia535ca0a2f4045cbde06a2f8f8eaad9570a0f4a5
Signed-off-by: Willy Tu <wltu@google.com>
Signed-off-by: Ed Tanous <edtanous@google.com>
|
|
This commit adds a utility function |sortJsonArrayByKey|. It can sort an
json array by value of a given key of each element.
Use cases includes:
1. sort the MemberCollection by @odata.id
Tested:
1. unit test passed;
Signed-off-by: Nan Zhou <nanzhoumails@gmail.com>
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: Idc175fab3af5c6102a5a3439b712b659ecb76468
|
|
System includes should be included with <>, in-tree includes should be
included with "". This was found manually, with the help of the
following grep statement[1].
git grep -o -h "#include .*" | sort | uniq
Tested:
Code compiles
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: I1a6b2a5ba35ccbbb61c67b7c4b036a2d7b3a36a3
|
|
The new pre-defined usergroup named "hostconsole" is added to
differentiate access between host console and manager console.
The only users allowed to interact with host console are part of the
"hostconsole" group and they are in an administrator role.
Note: The changes are spread across multiple repositories listed under
"Related commits:"
The bmcweb changes to incorporate new group are as follows:
- The new user is added in the hostconsole group only if it has an
administrative role.
- The ssh usergroup is only translated to ManagerConsole redfish group
and hostconsole usergroup is translated to HostConsole redfish group.
- The following changes are made to check the privileges for host console
access
- The new OEM privilege "OpenBMCHostConsole" added for host console
access. This privilege is not shared externally hence it is not
documented.
- Updated obmc_console BMCWEB_ROUTE to use the new privilege.
- Router functions now save user role and user groups in the session
- getUserPrivileges() function now takes session reference instead
of user role. This function now also checks for the user group
"hostconsole" and add the new privilege if user is member of this
group.
- Updated all callers of the getUserPrivileges to pass session
reference.
- Added test to validate that new privilege is set correctly.
Tested:
Loaded code on the system and validated that;
- New user gets added in hostconsole group. NOTE: Prior to this commit
all groups are assigned to new user. This drop does not change that
behavior.
- Access from the web gui is only available for users in hostconsole
group. Used IBM internal simulator called simics to test this. This
simulator allows accessing openbmc from GUI.
- Checked the role collection and there is no change.
$ curl -k -H "X-Auth-Token: $TOKEN" -X GET \
https://${bmc}/redfish/v1/AccountService/Roles
$ curl -k -H "X-Auth-Token: $TOKEN" -X GET \
https://${bmc}/redfish/v1/AccountService/Roles/Administrator
$ curl -k -H "X-Auth-Token: $TOKEN" -X GET \
https://${bmc}/redfish/v1/AccountService/Roles/ReadOnly
$ curl -k -H "X-Auth-Token: $TOKEN" -X GET \
https://${bmc}/redfish/v1/AccountService/Roles/Operator
- HostConsole is in AccountType when hostconsole group is present in
UserGroups D-Bus property
$ id user99
uid=1006(user99) gid=100(users) groups=1000(priv-admin),1005(web),\
1006(redfish),1013(hostconsole),100(users)
$ curl -k https://${bmc}/redfish/v1/AccountService/Accounts/user99
{
"@odata.id": "/redfish/v1/AccountService/Accounts/user99",
"@odata.type": "#ManagerAccount.v1_4_0.ManagerAccount",
"AccountTypes": [
"HostConsole",
"Redfish",
"WebUI",
"ManagerConsole"
],
"Description": "User Account",
"Enabled": true,
"Id": "user99",
"Links": {
"Role": {
"@odata.id": "/redfish/v1/AccountService/Roles/Administrator"
}
},
"Locked": false,
"Locked@Redfish.AllowableValues": [
"false"
],
"Name": "User Account",
"Password": null,
"PasswordChangeRequired": false,
"RoleId": "Administrator",
"UserName": "user99"
- The hostconsole group is not present for readonly or operator users
and also made sure that console access is not provided. This testing
is done one the system and console access was tried by modifying the
https://github.com/openbmc/bmcweb/blob/master/scripts/websocket_test.py
+ curl -k https://${bmc}/redfish/v1/AccountService/Accounts/user99
{
"@odata.id": "/redfish/v1/AccountService/Accounts/user99",
"@odata.type": "#ManagerAccount.v1_4_0.ManagerAccount",
"AccountTypes": [
"IPMI",
"Redfish",
"WebUI",
"ManagerConsole"
],
"Description": "User Account",
"Enabled": true,
"Id": "user99",
"Links": {
"Role": {
"@odata.id": "/redfish/v1/AccountService/Roles/ReadOnly"
}
},
"Locked": false,
"Locked@Redfish.AllowableValues": [
"false"
],
"Name": "User Account",
"Password": null,
"PasswordChangeRequired": false,
"RoleId": "ReadOnly",
"UserName": "user99"
[INFO "http_connection.hpp":209] Request: 0x150ac38 HTTP/1.1 GET /console0 ::ffff:x.x.xx.xxx
[DEBUG "routing.hpp":1265] Matched rule (upgrade) '/console0' 1 / 2
[DEBUG "routing.hpp":1084] userName = user99 userRole = priv-user
[DEBUG "routing.hpp":1123] IsUserPrivileged: group=ipmi
[DEBUG "routing.hpp":1123] IsUserPrivileged: group=redfish
[DEBUG "routing.hpp":1123] IsUserPrivileged: group=ssh
[DEBUG "routing.hpp":1123] IsUserPrivileged: group=web
[DEBUG "routing.hpp":93] checkPrivileges: BASE USER: Login
[DEBUG "routing.hpp":93] checkPrivileges: BASE USER: ConfigureSelf
[DEBUG "routing.hpp":113] checkPrivileges: OEM REQUIRED: OpenBMCHostConsole
[ERROR "routing.hpp":1192] Insufficient Privilege
+ curl -k https://${bmc}/redfish/v1/AccountService/Accounts/user99
{
"@odata.id": "/redfish/v1/AccountService/Accounts/user99",
"@odata.type": "#ManagerAccount.v1_4_0.ManagerAccount",
"AccountTypes": [
"IPMI",
"Redfish",
"WebUI",
"ManagerConsole"
],
"Description": "User Account",
"Enabled": true,
"Id": "user99",
"Links": {
"Role": {
"@odata.id": "/redfish/v1/AccountService/Roles/Operator"
}
},
"Locked": false,
"Locked@Redfish.AllowableValues": [
"false"
],
"Name": "User Account",
"Password": null,
"PasswordChangeRequired": false,
"RoleId": "Operator",
"UserName": "user99"
[INFO "http_connection.hpp":209] Request: 0x21c7c38 HTTP/1.1 GET /console0 ::ffff:x.x.xx.xxx
[DEBUG "routing.hpp":1265] Matched rule (upgrade) '/console0' 1 / 2
[DEBUG "routing.hpp":1084] userName = user99 userRole = priv-operator
[DEBUG "routing.hpp":1123] IsUserPrivileged: group=ipmi
[DEBUG "routing.hpp":1123] IsUserPrivileged: group=redfish
[DEBUG "routing.hpp":1123] IsUserPrivileged: group=ssh
[DEBUG "routing.hpp":1123] IsUserPrivileged: group=web
[DEBUG "routing.hpp":93] checkPrivileges: BASE USER: Login
[DEBUG "routing.hpp":93] checkPrivileges: BASE USER: ConfigureComponents
[DEBUG "routing.hpp":93] checkPrivileges: BASE USER: ConfigureSelf
[DEBUG "routing.hpp":113] checkPrivileges: OEM REQUIRED: OpenBMCHostConsole
[ERROR "routing.hpp":1192] Insufficient Privilege
Related commits:
NOTE: docs, openbmc, obmc-console changes are already merged. bmcweb
and phosphor-user-manager will be merged together.
docs: https://gerrit.openbmc.org/c/openbmc/docs/+/60968
phosphor-user-manager: https://gerrit.openbmc.org/c/openbmc/phosphor-user-manager/+/61583
openbmc: https://gerrit.openbmc.org/c/openbmc/openbmc/+/61582
obmc-console: https://gerrit.openbmc.org/c/openbmc/obmc-console/+/61581
bmcweb: https://gerrit.openbmc.org/c/openbmc/bmcweb/+/61580
Change-Id: Ia5a33dafc9a76444e6a8e74e752f0f90cb0a31c8
Signed-off-by: Ninad Palsule <ninadpalsule@us.ibm.com>
|
|
The latest version of the specification is 1.17.0, and arguably, we
should be updating this every time we pull in any new feature, but that
hasn't happened.
So far as I'm aware, there are no tools that actually look at this
parameter to make branching decisions in the client about supported
features, so the likelihood this has impact is basically nil.
Tested:
GET /redfish/v1 returns RedfishVersion of 1.17.0
Redfish service validator passes.
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: I055b6010329599b7b39c587fa85faf51a38c9b57
|
|
The clang-tidy warning 'modernize-use-emplace' correctly flags a
few places where emplace should be used over push.
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Change-Id: I6ca79285a87d6927e718345dc8dce0387e6b1eda
|
|
Json has a bunch of implicit overloaded operators for comparing
vectors/arrays/maps with their json counterparts. Unfortunately, when
used in unit tests, these cause warnings in clang, so update the code to
use the ElementsAre check from gmock.
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: I658557cb59d568fd50cf6f3bef73d6f90b5c56cf
|
|
clang-format-16 has some backwards incompatible changes that require
additional settings for best compatibility and re-running the formatter.
Copy the latest .clang-format from the docs repository and reformat the
repository.
Change-Id: I75f89d2959b0f1338c20d72ad669fbdc1d720835
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
|
|
Adds a function to process responses from URIs that are uptree from
a top level collection. A follow-up patch will hook this into the
aggregation code to allow adding links to top level collections which
are only supported by satellite BMCs.
Adds test cases to validate this function is working correctly.
Tested:
New test cases pass
Signed-off-by: Carson Labrado <clabrado@google.com>
Change-Id: I7f0fd6c3955398e2fde136c1d3b37a6bf4bf06b9
|
|
Adds a search function which is able to determine if a passed URI is a
top level collection, is uptree from a top level collection, or both.
The type being searched for depends on a second argument passed to the
function.
Each of these searches are used to add links to top level collections
which are only supported by a satellite BMC. They all use similar steps
so rolling them into a single function cuts down on redundant code.
Adds test cases to verify the implementation is correct.
Tested:
New test cases pass
Signed-off-by: Carson Labrado <clabrado@google.com>
Change-Id: I72ae7442d5f314656b57a73aee544bca516fa7c2
|
|
The "HttpHeaders" property in a response is an array of HTTP headers. We
perform prefix fixing on the "Location" header from responses so we
should also fix any "Location" headers which are contained by
"HttpHeaders" in an aggregated response. This requires special handling
since each header is represented as a single string in the response.
Added testcase for HttpHeaders property
Tested:
All unit tests pass
Signed-off-by: Carson Labrado <clabrado@google.com>
Change-Id: I3040c4ea52b2bebcb6e206bb50585c6a75538f0a
|
|
There are cases in aggregation where an expand parameter might get
forwarded to a client. Because our previous expand algorithm assumed
that any endpoint within bmcweb would only produce "depth=1" responses,
it was reasonable to assume that the pre-response could not contain
expanded content. Aggregated resources can't make that assumption.
This commit attempts to pass through depth through the request, to
ensure that we only expand the level that the user requested, and not
any level returned by the request. This is done by using the existence
of the resource identifer "@odata.id" to indicate each level in an
expanded response. This should be fine since the Redfish spec requires
that property to exist.
Added unit tests to cover aggregation scenarios. Modified existing
$expand tests to comply with the resource identifier dependency.
Tested:
New unit tests pass
Queried '/redfish/v1/Systems?$expand=.($levels=2)' on an aggregated
system whose satellite BMC supported $expand. The overall response was
correctly expanded for both resources on the aggregating BMC as well as
on the satellite BMC. Expanding the satellite resources did not require
sending multiple queries to the satellite.
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: I20ba60ee39bac11ffb3fe1768cec6299cf9ee13e
Signed-off-by: Carson Labrado <clabrado@google.com>
|
|
Per cpp core guidelines, these should be methods.
Tested: on last patchset of the series.
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: Ib16479db9d2b68da68e7ad6e825c7e205c64f1de
|
|
This property was added in Redfish 2022.3 to allow clients to determine
which manager is hosting the ServiceRoot, such that they can find uptime
statistics, and other metrics from that resource, without needing to
attach them directly to serviceroot.
Tested:
Redfish service validator passes.
GET /redfish/v1/Managers/bmc returns the expected response.
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: If2b78528d1499fbdae46120e1a1792ecf7ceb1d3
|
|
This change moves getMessage and getMessageFromRegistry to a .cpp file
so that they can be easily tested.
Tested: Unit test passes
Signed-off-by: Sui Chen <suichen@google.com>
Change-Id: Ia9fc91e5a47036198bf013ff3ea21ea9f6d5259a
|
|
Corrections style complaints in the aggregator code.
Tested:
Jenkins output did not show any style complaints
Signed-off-by: Carson Labrado <clabrado@google.com>
Change-Id: I87426fcf2a48448a62152e0ad4a6c3aa54a7fc45
|
|
For systems implementing to the OWASP security guidelines[1] (of which all
should ideally) we should be checking the content-type header all times
that we parse a request as JSON.
This commit adds an option for parsing content-type, and sets a default
of "must get content-type". Ideally this would not be a breaking
change, but given the number of guides and scripts that omit the content
type, it seems worthwhile to add a trapdoor, such that people can opt
into their own model on how they would like to see this checking work.
Tested:
```
curl --insecure -H "Content-Type: application/json" -X POST -D headers.txt https://${bmc}/redfish/v1/SessionService/Sessions -d '{"UserName":"root", "Password":"0penBmc"}'
```
Succeeds.
Removing Content-Type argument causes bmc to return
Base.1.13.0.UnrecognizedRequestBody.
[1] cheatsheetseries.owasp.org/cheatsheets/REST_Security_Cheat_Sheet.html
Change-Id: Iaa47dd563b40036ff2fc2cacb70d941fd8853038
Signed-off-by: Ed Tanous <edtanous@google.com>
|
|
In the continual quest to get tidy passing when run in isolation, fix
some more includes.
This includes removing a circular #include to app.hpp. We don't use
app.hpp in these files, which is why our code compiles but having this
include it here causes a few circular dependencies
app.hpp -> http_server.hpp -> persistent_data.hpp -> app.hpp.
app.hpp -> http_server.hpp -> authentication.hpp -> app.hpp.
This confuses clang when run on header files directly.
Fix a couple more includes at the same time.
Tested: Code compiles
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: Ib62d78b49c7e38ef7061c9fbbf6b3d463f11917d
|
|
The aggregator did not propagate header's fields from aggregated
responses. This change will take into account of response code other
than 200, which will modify a field called "Location". The Location
field in the response's header will point to where the response data
can be read from. This "Location" field in response Header will now
contain the correct URI with the prefix appended.
We will also copy over other Header Values to aggregated response. These
header values include "Content-Type", "Allow", "Retry-After", and also
the response's body
Added some test cases for the above fixes.
Tested:
Unit Tests pass.
Queries reponse that returns other result than 200 that has Location
field and the response received is as expected.
Signed-off-by: Khang Kieu <khangk@google.com>
Change-Id: I77c7dae32a103fbec3015fe14b51a3ed0022143e
|
|
It's possible for HTTP client's request buffer to become full
(especially when $expand is used). Instead of ignoring the requests
we should provide a 429 Too Many Requests response for the provided
callback to process.
The aggregator's response handling also needs to account for this
possibility so that it only completely overwrites the asyncResp
object when it receives a response from a satellite.
Also added more test cases for the response processing functions.
Tested:
Unit tests passed
Flooded aggregator with requests for satellite resources. Requests
began returning 429 Too Many Requests errors after the request buffer
became full.
Signed-off-by: Carson Labrado <clabrado@google.com>
Change-Id: Ib052dc0454d759de7fae761977ca26d6b8d208e5
|
|
This function is something that's easily unit tested. Do it.
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: I8d664c77ec4b3a9886128597449c5f9c041b86b3
|
|
We only attempt prefix matching when we receive a 200 response. For
the retry policy we consider 2XX and 404 to be valid codes. Instead we
should forward all responses to the client and let them decide what
action they want to take. As part of that we should always attempt to
do prefix fixing on the response.
Also fixes an oversight where we attempt to do prefix fixing on
"OriginOfCondition" properties. That property is only a URI when it is
an Action parameter in a SubmitTestEvent request. It is an object when
it appears as a response property.
Adds test cases for the above fixes.
Tested:
Tests pass. Queries to top level collections and aggregated URIs still
return expected results with added prefixes.
Signed-off-by: Carson Labrado <clabrado@google.com>
Change-Id: Ic76324ceab618160061be5f3c687af20a857fa25
|
|
Per the title, add unit tests for this function.
Tested: Unit tests pass
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: Ifdd9c314d2fa62ae3fa3b8f8150fcdd224a7eb03
|
|
Update the clearDump() implementation to call the DeleteAll D-Bus
method instead of iterating through D-Bus objects representing
individual log entries and calling the Delete D-Bus method on each one.
(It's more efficient for phosphor-debug-collector to iterate through
entries in its DeleteAll method handler than for bmcweb to iterate
through them.)
It seems like clearDump() wasn't originally implemented using DeleteAll
because dumps of various types were under the same D-Bus path namespace
at the time and there wasn't a way to selectively clear dumps of only a
specific type. The commit at [1] put different dump types under
different path namespaces (enabling us to now use DeleteAll).
Now clients should see a bit of performance improvement when running
the ClearLog action on dump LogServices, due to the reduced number of
D-Bus method calls needed to execute ClearLog.
Also updated getDumpServiceInfo() to populate the ClearLog action for
dump LogServices based on whether their dump manager object implements
xyz.openbmc_project.Collection.DeleteAll.
Tested:
Cleared the fault log containing 100 entries.
Ran with the time command several times before and after the change:
```
time curl -k -H "X-Auth-Token: $token" -X POST http://${bmc}/redfish/v1/Managers/bmc/LogServices/FaultLog/Actions/LogService.ClearLog
```
Before the change, "real" time reported was ~1.2s.
After the change, "real" time reported was ~0.4s.
Forced creation of dump entries and then ran Redfish ClearLog action on
each dump type:
```
curl -k -H "X-Auth-Token: $token" -X POST http://${bmc}/redfish/v1/Managers/bmc/LogServices/Dump/Actions/LogService.ClearLog
curl -k -H "X-Auth-Token: $token" -X POST http://${bmc}/redfish/v1/Managers/bmc/LogServices/FaultLog/Actions/LogService.ClearLog
curl -k -H "X-Auth-Token: $token" -X POST http://${bmc}/redfish/v1/Systems/system/LogServices/Dump/Actions/LogService.ClearLog
```
Then verified that there were no dump LogService entries afterwards:
```
curl -k -H "X-Auth-Token: $token" -X GET http://${bmc}/redfish/v1/Managers/bmc/LogServices/Dump/Entries
curl -k -H "X-Auth-Token: $token" -X GET http://${bmc}/redfish/v1/Managers/bmc/LogServices/FaultLog/Entries
curl -k -H "X-Auth-Token: $token" -X GET http://${bmc}/redfish/v1/Systems/system/LogServices/Dump/Entries
```
Also verified that the corresponding D-Bus objects were gone from the
D-Bus tree after running ClearLog on each dump type:
Before ClearLog:
busctl tree xyz.openbmc_project.Dump.Manager
`-/xyz
`-/xyz/openbmc_project
`-/xyz/openbmc_project/dump
|-/xyz/openbmc_project/dump/bmc
| `-/xyz/openbmc_project/dump/bmc/entry
| `-/xyz/openbmc_project/dump/bmc/entry/101
|-/xyz/openbmc_project/dump/faultlog
| `-/xyz/openbmc_project/dump/faultlog/entry
| |-/xyz/openbmc_project/dump/faultlog/entry/11
| |-/xyz/openbmc_project/dump/faultlog/entry/12
| |-/xyz/openbmc_project/dump/faultlog/entry/13
| |-/xyz/openbmc_project/dump/faultlog/entry/14
| |-/xyz/openbmc_project/dump/faultlog/entry/15
| |-/xyz/openbmc_project/dump/faultlog/entry/16
| |-/xyz/openbmc_project/dump/faultlog/entry/17
| |-/xyz/openbmc_project/dump/faultlog/entry/18
| |-/xyz/openbmc_project/dump/faultlog/entry/19
| `-/xyz/openbmc_project/dump/faultlog/entry/20
|-/xyz/openbmc_project/dump/internal
| `-/xyz/openbmc_project/dump/internal/manager
`-/xyz/openbmc_project/dump/system
`-/xyz/openbmc_project/dump/system/entry
|-/xyz/openbmc_project/dump/system/entry/3
`-/xyz/openbmc_project/dump/system/entry/4
After ClearLog:
busctl tree xyz.openbmc_project.Dump.Manager
`-/xyz
`-/xyz/openbmc_project
`-/xyz/openbmc_project/dump
|-/xyz/openbmc_project/dump/bmc
|-/xyz/openbmc_project/dump/faultlog
|-/xyz/openbmc_project/dump/internal
| `-/xyz/openbmc_project/dump/internal/manager
`-/xyz/openbmc_project/dump/system
Confirmed that ClearLog action is listed for the following
LogServices:
/redfish/v1/Managers/bmc/LogServices/Dump
/redfish/v1/Managers/bmc/LogServices/FaultLog
/redfish/v1/Systems/system/LogServices/Dump
Then ran "systemctl stop xyz.openbmc_project.Dump.Manager" (which
removes dump manager objects including their
xyz.openbmc_project.Collection.DeleteAll interface) and saw that the
ClearLog action was no longer listed. Also locally built a version of
phosphor-debug-collecor with the interface
xyz.openbmc_project.Collection.DeleteAll removed from dump managers and
ran it and saw that the ClearLog action wasn't listed.
Redfish Service Validator passed on the following URIs
(with service xyz.openbmc_project.Dump.Manager running):
/redfish/v1/Managers/bmc/LogServices/Dump
/redfish/v1/Managers/bmc/LogServices/FaultLog
/redfish/v1/Systems/system/LogServices/Dump
Note: Most dump LogService unit tests were removed in this patchset
since this patchset adds a D-Bus call to getDumpServiceInfo(), and
we haven't decided how to mock D-Bus calls for unit testing yet.
[1] https://github.com/openbmc/phosphor-debug-collector/commit/fef66a951fe6fe283515480b2c493dfdc2275a95
Signed-off-by: Claire Weinan <cweinan@google.com>
Change-Id: Ic5f8f9e3528f521887766d8710bd77f969d8236a
|
|
Utilize the new array of top level collection URIs to determine if a
given URI in the response needs to have the aggregation prefix added.
This removes the need to check for specific collections like
/redfish/v1/UpdateService/FirmwareInventory which do not fit the
generic format of /redfish/v1/<collection>.
Future patches will use this same approach to improve the logic for
initially determining if and how a request should be aggregated.
This patch also adds a series of unit tests for the function
responsible for adding a prefix to a given URI. Cases covered include
valid URIs that involve a selection of aggregated resources, top level
collection URIs, other invalid URIs, and URIs with a trailing "/".
Tested:
Unit tests pass.
Signed-off-by: Carson Labrado <clabrado@google.com>
Change-Id: I676983d3c77ae3126c04e9f57ad8698c51df2675
|
|
c1d019a6056a2a0ef50e577b3139ab5a8dc49355 Sensor Optimization
Recently changed the way Ids were calculated in the sensor subsystem.
Unfortunately, it wasn't clear to the author that this would effect the
sensor override system, which relies on matching up a member ID with a
dbus path, and was broken by this change.
This commit breaks out the code to calculate the type and name from a
given URI segment into a helper method.
Tested: Inspection only. Very few systems support this feature. Code appears more correct than previously, which is known broken, so the lack of testing here seems reasonable.
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: I9aa8099a947a36b5ce914bc07ae60f1ebf0d209b
|
|
There are a number of properties of Type "string (uri)" for which we
do not currently support adding prefixes. This patch adds support
for all existing URI properties which are missed by the existing
implementation.
This change will be needed by future patches which will expand
aggregation support to all top level collections defined by the
schema. Those collections that are not currently supported include
properties whose URIs should be fixed, but would be missed by the
existing implementation.
Tested:
New unit test passes.
URI properties are still handled correctly.
```shell
curl localhost/redfish/v1/Chassis/5B247A_<chassisID>
{
"@odata.id": "/redfish/v1/Chassis/5B247A_<chassisID>",
"@odata.type": "#Chassis.v1_16_0.Chassis",
"Actions": {
"#Chassis.Reset": {
"@Redfish.ActionInfo": "/redfish/v1/Chassis/5B247A_<chassisID>/ResetActionInfo",
"target": "/redfish/v1/Chassis/5B247A_<chassisID>/Actions/Chassis.Reset"
}
},
...
}
```
Signed-off-by: Carson Labrado <clabrado@google.com>
Change-Id: I3b3e06ee3191564d266598f7bc9f1641e6fcb333
|
|
Testd: unit test only change
Signed-off-by: Nan Zhou <nanzhoumails@gmail.com>
Change-Id: I0a8d1e97d8f0be8a79b9c40a75eeb0659bba638b
|
|
This is a dummy commit to test owner plugin. It can be merged in as well
given that it adds a little bit readability.
Signed-off-by: Nan Zhou <nanzhoumails@gmail.com>
Change-Id: Ia4cc1866ebeb19e6d0f1d1ceece0ecc73fb4b468
|
