From 2db77d34ca673f32411621b7e34b039dec948bd3 Mon Sep 17 00:00:00 2001 From: Johnathan Mantey Date: Fri, 20 Nov 2020 08:51:11 -0800 Subject: Force HostName property to be read-only per the schema The ManagerNetworkProtocol schema defines the HostName entry to be read-only. Change the doPatch code to prevent updating the hostname attribute. The DMTF redfish/v1/Managers/bmc/NetworkProtocol is a read-only location. The DMTF approved location for changing the HostName is: redfish/v1/Managers/bmc/EthernetInterfaces/ This change does not impact phosphor-webui, as it uses D-Bus to perform all of its work. This change does not impact webui-vue, as it is using the DMTF approved API. This commit deprecates allowing Read/Write access to the Hostname in the ManagersNetworkProtocol URI. To reduce the impact to Redfish clients that rely upon Read/Write access a Meson compile time flag has been added to allow Read/Write access to be restored. The Meson build flag, redfish-allow-deprecated-hostname-patch, can be enabled to restore Read/Write access. The Meson build flag is slated to be removed in Q4 2021 enforcing the read-only state. Tested: Explicitly PATCH'd HostName to confirm it cannot be modified. Enabled the HostName feature, and confirmed the HostName accepted a PATCH command. Ran Redfish_Service_Validator (deprecated, and re-enabled). Change-Id: If7f2148d8bbb8a7b420c4abde086272c4320977a Signed-off-by: Johnathan Mantey --- meson_options.txt | 1 + 1 file changed, 1 insertion(+) (limited to 'meson_options.txt') diff --git a/meson_options.txt b/meson_options.txt index 5e5f7b503d..9611631e85 100644 --- a/meson_options.txt +++ b/meson_options.txt @@ -29,6 +29,7 @@ option('cookie-auth', type : 'feature', value : 'enabled', description : '''Enab option('mutual-tls-auth', type : 'feature', value : 'enabled', description : '''Enables authenticating users through TLS client certificates. The insecure-disable-ssl must be disabled for this option to take effect.''') option('ibm-management-console', type : 'feature', value : 'disabled', description : 'Enable the IBM management console specific functionality. Paths are under \'/ibm/v1/\'') option('http-body-limit', type: 'integer', min : 0, max : 512, value : 30, description : 'Specifies the http request body length limit') +option('redfish-allow-deprecated-hostname-patch', type : 'feature', value : 'disabled', description : 'Enable/disable Managers/bmc/NetworkProtocol HostName PATCH commands. The default condition is to prevent HostName changes from this URI, following the Redfish schema. Enabling this switch permits the HostName to be PATCHed at this URI. In Q4 2021 this feature will be removed, and the Redfish schema enforced, making the HostName read-only.') # Insecure options. Every option that starts with a `insecure` flag should # not be enabled by default for any platform, unless the author fully comprehends -- cgit v1.2.3