| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Converting hpp -> cpp determined that these functions were unused. Fix
them.
Tested: Code compiles.
Change-Id: Ifb712cb12085c187847666194b59caa959f37f83
Signed-off-by: Ed Tanous <etanous@nvidia.com>
|
|
This comment snuck in, probably added by clang-format. Fix it.
Change-Id: I0c272922c040ab80e9f5849698b063b0cfaea9e8
Signed-off-by: Ed Tanous <ed@tanous.net>
|
|
Problem:
It is observed that PATCH request network protocol using request
```
curl -k -u ${credentials} -X PATCH https://${IP}/redfish/v1/Managers/bmc/NetworkProtocol -d '{"NTP": {"ProtocolEnabled": true, "NTPServers": ["\n"]}}' -H "Content-Type:application/json"
returns 204 response.
Root cause : The 400 Bad response set by bmcweb when NTP server set
value "NTPServers": ["\n"] is overridden by "ProtocolEnabled" response
value of 204 therefore we were getting 204 response for invalid
arguments as well.
Fix : Check the response of "NTPServers" value in async object and set
the response code
The MRs for PDI and phosphor network are as below
https://gerrit.openbmc.org/c/openbmc/phosphor-dbus-interfaces/+/82693
https://gerrit.openbmc.org/c/openbmc/phosphor-networkd/+/82694
Testing:
curl -k -u ${credentials} -X PATCH https://${IP}/redfish/v1/Managers/bmc/NetworkProtocol -d '{"NTP": {"ProtocolEnabled": true, "NTPServers": ["\n"]}}' -H "Content-Type:application/json"
{
"error": {
"@Message.ExtendedInfo": [
{
"@odata.type": "#Message.v1_1_1.Message",
"Message": "The property 'NTP/NTPServers/' with the requested value of '[\"\\n\"]' could not be written because the value does not meet the constraints of the implementation.",
"MessageArgs": [
"NTP/NTPServers/",
"[\"\\n\"]"
],
"MessageId": "Base.1.19.PropertyValueIncorrect",
"MessageSeverity": "Warning",
"Resolution": "None."
}
],
"code": "Base.1.19.PropertyValueIncorrect",
"message": "The property 'NTP/NTPServers/' with the requested value of '[\"\\n\"]' could not be written because the value does not meet the constraints of the implementation."
}
}
```
Change-Id: Icfbfc3d065a6a307344093eef8b2eb3e39c70f83
Signed-off-by: Chandramohan Harkude <chandramohan.harkude@gmail.com>
|
|
Adding async_method_call in dbus utility gives us a place where we can
intercept method call requests from dbus to potentially add
logging/caching.
An example of logging is in the later commit:
https://gerrit.openbmc.org/c/openbmc/bmcweb/+/78265/
We already do this for setProperty, this moves the method calls to
follow a similar pattern.
Tested: Redfish service validator passes.
Change-Id: I6d2c96e2b6b6a023ed2138106a55faebca161592
Signed-off-by: Ed Tanous <etanous@nvidia.com>
|
|
This commit is intended to implement the UserPrincipalName (UPN) parse
mode on mutual TLS (MTLS). By implementing this we can use the X509
certificate extension Subject Alternative Name (SAN), specifically UPN
to be used as the username
In our case, this feature is needed because we have a specific format
on our Subject CN of X509 certificate. This format cannot directly
mapped to the username of bmcweb because it contains special
characters (`/` and `:`), which cannot exist in the username.
Changing the format of our Subject CN is very risky. By enabling
this feature we can use other field, which is the SAN extension to
be used as the username and do not change our Subject CN on the
X509 certificate
In general, by implementing this feature, we can enable multiple
options for the system. There might be other cases where we want to
have the username of the bmcweb is not equal to the Subject CN of the
certificate, instead the username is added as the UserPrincipalName
field in the certificate
The format of the UPN is `<username>@<domain>` [1][2]. The format
is similar to email format. The domain name identifies the domain
in which the user is located [3] and it should match the device name's
domain (domain forest).
Tested
- Test using `generate_auth_certificate.py` (extended on patch [4])
- Manual testing (please see the script mentioned above for more detail)
- Setup certificate with UPN inside SAN extension
- Change the CertificateMappingAttribute to use UPN
- Get request to `/SessionService/Sessions`
- Run unit tests
[1] UPN Format: https://learn.microsoft.com/en-us/windows/win32/secauthn/user-name-formats#user-principal-name
[2] UPN Properties: https://learn.microsoft.com/en-us/windows/win32/ad/naming-properties#userprincipalname
[3] UPN Glossary: https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-wcce/719b890d-62e6-4322-b9b1-1f34d11535b4#gt_9d606f55-b798-4def-bf96-97b878bb92c6
[4] Patch Testing Script: https://gerrit.openbmc.org/c/openbmc/bmcweb/+/78837
Change-Id: I490da8b95aee9579546971e58ab2c4afd64c5997
Signed-off-by: Malik Akbar Hashemi Rafsanjani <malikrafsan@meta.com>
|
|
Copy the latest format file from the docs repository and apply.
Change-Id: I2f0b9d0fb6e01ed36a2f34c750ba52de3b6d15d1
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
|
|
Clang-tidy misc-include-cleaner appears to now be enforcing
significantly more headers than previously. That is overall a good
thing, but forces us to fix some issues. This commit is largely just
taking the clang-recommended fixes and checking them in. Subsequent
patches will fix the more unique issues.
Note, that a number of new ignores are added into the .clang-tidy file.
These can be cleaned up over time as they're understood. The majority
are places where boost includes a impl/x.hpp and x.hpp, but expects you
to use the later. include-cleaner opts for the impl, but it isn't clear
why.
Change-Id: Id3fdd7ee6df6c33b2fd35626898523048dd51bfb
Signed-off-by: Ed Tanous <etanous@nvidia.com>
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>
|
|
SPDX identifiers are simpler, and reduce the amount of cruft we have in
code files. They are recommended by linux foundation, and therefore we
should do as they allow.
This patchset does not intend to modify any intent on any existing
copyrights or licenses, only to standardize their inclusion.
[1] https://www.linuxfoundation.org/blog/blog/copyright-notices-in-open-source-software-projects
Change-Id: I935c7c0156caa78fc368c929cebd0f068031e830
Signed-off-by: Ed Tanous <etanous@nvidia.com>
|
|
Having all dbus calls run through the same utility reduces the amount of
generated code, and more importantly, gives us a place where we can log
the requests and responses to help with debugging.
Tested: Redfish service validator passes.
Change-Id: Ic1bf45130b5069cd57f7af26e12c8d3159c87c67
Signed-off-by: Ed Tanous <etanous@nvidia.com>
|
|
clang-format may potentially reformat the readJson calls if they may
have more keys or key names are longer. This makes formatting in a way
that's readable by forcing to break a line for each key using an
empty-comment (`//`) each line.
It also allows trivially alphabetizing the list such that new additions
are less likely to have merge conflicts.
Tested:
- Check whitespace only.
- Code compiles.
- Redfish Service Validator with the same results before this
Change-Id: I3824a8c4faa9fa7c820d5d2fab6b565404926e2c
Signed-off-by: Ed Tanous <etanous@nvidia.com>
Signed-off-by: Myung Bae <myungbae@us.ibm.com>
|
|
Static analysis flags that these two comments are redundant[1], which
seem to be duplicated a lot in copyright headers. Although there is a
larger discussion that can likely be had.
[1] https://sonarcloud.io/project/issues?issueStatuses=OPEN%2CCONFIRMED&id=edtanous_bmcweb&open=AY9_HYjgKXKyw1ZFwgVP
Tested: Comment change only. Code compiles.
Change-Id: Ia960317761f558a87842347ca0b5f3da63f8e730
Signed-off-by: Ed Tanous <etanous@nvidia.com>
|
|
This commit re-introduces changes proposed earlier to support
NetworkSuppliedServers property in bmcweb.
https://gerrit.openbmc.org/c/openbmc/bmcweb/+/52671
It helps to differentiate between the static and DHCP assigned
NTP servers. Networkd and Dbus has added support for StaticNTPServers to
save the static configuration.
Tested by:
1. PATCH /redfish/v1/Managers/bmc/NetworkProtocol -d
'{"NTP":{"NTPServers": [<ip>]}}'
Verify that this adds the NTPs server to the NetworkProtocol
2. Enable DHCP to fetch NTP servers list from the DHCP server. Verify
that they are listed when GET on NetworkProtocol as below
"NTP": {
"NTPServers": [
<static ntp server ip>
],
"NetworkSuppliedServers": [
<dynamic ntp server ip>
],
"ProtocolEnabled": true
},
3. Redfish validator run
Change-Id: I22591ad6d49245bf74ef24dd68a51f015f6a8b07
Signed-off-by: Jishnu CM <jishnunambiarcm@duck.com>
|
|
clang-format-18 isn't compatible with the clang-format-17 output, so we
need to reformat the code with the latest version. The way clang-18
handles lambda formatting also changed, so we have made changes to the
organization default style format to better handle lambda formatting.
See I5e08687e696dd240402a2780158664b7113def0e for updated style.
See Iea0776aaa7edd483fa395e23de25ebf5a6288f71 for clang-18 enablement.
Change-Id: Iceec1dc95b6c908ec6c21fb40093de9dd18bf11a
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
|
|
This commit causes all of Redfish to use generated enum values for enum
types. Using generated code prevents problems, and makes it more clear
what types are allowed.
Doing this found two places where we had structs that didn't fulfill the
schema. They have been commented, but will be fixed with a breaking
change at some point in the future.
Tested: WIP
Change-Id: I5fdd2f2dfb6ec05606a522e1f4e331f982c8e476
Signed-off-by: Ed Tanous <ed@tanous.net>
|
|
It was pointed out that the setDbusProperty method should have an end
that approximately matches dbus-send and busctl set-property in its
arguments, to aid with debug. This seems reasonable.
Tested: Redfish service validator passes.
Change-Id: Ic20295d93c71c957e3e76704e1eda9da187861b1
Signed-off-by: Ginu George <ginugeorge@ami.com>
Signed-off-by: Ed Tanous <ed@tanous.net>
|
|
These includes seem to have snuck in. In theory nothing in redfish
should be taking a #include in anything in openbmc-rest.
Tested: Code compiles
Change-Id: Ifec2a9b18f296870f67b15f98fc44c67050e9e28
Signed-off-by: Ed Tanous <ed@tanous.net>
|
|
In the early days of bmcweb, we made two pretty critical assumptions;
First, is that a given platform would only have a single BMC instance
(represented as "bmc") and a single host instance (represented as
"system").
Second we assumed that, given that Redfish suggests against hardcoding
URIs in client implementation and leaves them freeform, clients would
code to the standard.
Our own webui-vue hardcodes Redfish URIs [1], and the documentation is
littered with examples of hardcoded curl examples of hardcoding these
URIs. That bug was filed in 2020, and the issue has only gotten worse
over time.
This patchset is an attempt to give a target that we can start solving
these issues, without trying to boil the ocean and fix all clients in
parallel.
This commit adds the meson options
redfish-manager-uri-name
and
redfish-system-uri-name
These are used to control the "name" that bmcweb places in the fixed
locations in the ManagerCollection and ComputerSystemCollection schemas.
Note, managers is added, but is not currently testable. It will be
iterated on over time.
Tested:
Changed the URL options to "edsbmc" and "edssystem" in meson options.
Redfish service validator passes.
URLs appear changed when walking the tree.
[1] https://github.com/openbmc/webui-vue/issues/43
Change-Id: I4b44685067051512bd065da8c2e3db68ae5ce23a
Signed-off-by: Ed Tanous <ed@tanous.net>
|
|
There's currently a problem with phosphor-timesyncd, where enabling NTP
doesn't immediately reflect in the system status on return[1]. To say
it another way, NTP is not enabled/disabled atomically, which leads to
the following problem.
// Disable NTP
PATCH /redfish/v1/Managers/bmc/NetworkProtocol
{"NTP":{"ProtocolEnabled": false}}
// Set the time manually
PATCH /redfish/v1/Managers/bmc {"DateTime": "<timestring"}
Doing this in rapid succession leads to a 500 error, which is obviously
a bug. In the prior commit, this error was changed to a
PropertyValueConflict error, which is still incorrect, but at least
informative of what's going on. REST APIs are intended to have CRUD
compliance. The response should not be returned until the value has
been accepted, and not doing that can lead to problems.
This commit changes the backend to use systemd directly, rather than
routing through phosphor-settings, to avoid this race.
Quite possibly resolves #264 but haven't tested that.
Tested: The above procedure succeeds.
[1] https://github.com/systemd/systemd/pull/11424
Change-Id: I19241e7677d9b6415aff79ac65c474ae71984417
Signed-off-by: Ed Tanous <ed@tanous.net>
|
|
NTPServers is our last usage of nlohmann::json in a readJson unpack.
The capability and unit tests are left in place for that type in case we
need them in the future, but for now, document them as deprecated.
Tested: Redfish service validator passes. Redfish protocol validator
passes most tests (1 known failure in SSE is unrelated to this change).
Change-Id: If4b2ea061a941cc23d47189af7ff453094dc7dca
Signed-off-by: Ed Tanous <ed@tanous.net>
|
|
This commit changes sdbusplus setProperty calls (in various files) to
setDbusProperty method in Redfish namespace that handles all DBus
errors in a consistent manner.
It also handles and translates additional DBus errors to Redfish
specific errors in dbus_utils file.
Tested By:
Not tested yet
Change-Id: If440774879413754f4c24f9b6572c3c9fa1fd033
Signed-off-by: Asmitha Karunanithi <asmitk01@in.ibm.com>
|
|
Clang has new checks for std::move/std::forward correctness, which
catches quite a few "wrong" things where we were making copies of
callback handlers.
Unfortunately, the lambda syntax of
callback{std::forward<Callback>(callback)}
in a capture confuses it, so change usages to
callback = std::forward<Callback>(callback)
to be consistent.
Tested: Redfish service validator passes.
Change-Id: I7a111ec00cf78ecb7d5f5b102c786c1c14d74384
Signed-off-by: Ed Tanous <ed@tanous.net>
|
|
nlohmann::json::dump() is not an easy function to get the call
parameters correct on. We should limit the places we use it.
Luckily, both logging and redfish::messages support printing
json values directly. Use them where appropriate.
Tested: Error logging and out of range calls only of heavily used
messages and logging calls. Inspection only.
Change-Id: I57521d8791dd95250c93e8e3b2d4a959740ac713
Signed-off-by: Ed Tanous <ed@tanous.net>
|
|
The less we rely on boost, and more on std algorithms, the less people
have to look up, and the more likely that our code will deduplicate.
Replace all uses of boost::algorithms with std alternatives.
Tested: Redfish Service Validator passes.
Change-Id: I8a26f39b5709adc444b4178e92f5f3c7b988b05b
Signed-off-by: Ed Tanous <edtanous@google.com>
|
|
clang-format-17 has some backwards incompatible changes that require
additional settings for best compatibility and re-running the formatter.
Copy the latest .clang-format from the docs repository and reformat the
repository.
Change-Id: I2f9540cf0d545a2da4d6289fc87b754f684bc9a7
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
|
|
std::format is a much more modern logging solution, and gives us a lot
more flexibility, and better compile times when doing logging.
Unfortunately, given its level of compile time checks, it needs to be a
method, instead of the stream style logging we had before. This
requires a pretty substantial change. Fortunately, this change can be
largely automated, via the script included in this commit under
scripts/replace_logs.py. This is to aid people in moving their
patchsets over to the new form in the short period where old patches
will be based on the old logging. The intention is that this script
eventually goes away.
The old style logging (stream based) looked like.
BMCWEB_LOG_DEBUG << "Foo " << foo;
The new equivalent of the above would be:
BMCWEB_LOG_DEBUG("Foo {}", foo);
In the course of doing this, this also cleans up several ignored linter
errors, including macro usage, and array to pointer deconstruction.
Note, This patchset does remove the timestamp from the log message. In
practice, this was duplicated between journald and bmcweb, and there's
no need for both to exist.
One design decision of note is the addition of logPtr. Because the
compiler can't disambiguate between const char* and const MyThing*, it's
necessary to add an explicit cast to void*. This is identical to how
fmt handled it.
Tested: compiled with logging meson_option enabled, and launched bmcweb
Saw the usual logging, similar to what was present before:
```
[Error include/webassets.hpp:60] Unable to find or open /usr/share/www/ static file hosting disabled
[Debug include/persistent_data.hpp:133] Restored Session Timeout: 1800
[Debug redfish-core/include/event_service_manager.hpp:671] Old eventService config not exist
[Info src/webserver_main.cpp:59] Starting webserver on port 18080
[Error redfish-core/include/event_service_manager.hpp:1301] inotify_add_watch failed for redfish log file.
[Info src/webserver_main.cpp:137] Start Hostname Monitor Service...
```
Signed-off-by: Ed Tanous <ed@tanous.net>
Change-Id: I86a46aa2454be7fe80df608cb7e5573ca4029ec8
|
|
We're not consistent here, which leads to people copying and pasting
code all over, which has lead to a bunch of different names for error
codes.
This commit changes to coerce them all to "ec", because that's what
boost uses for a naming convention.
Tested: Rename only, code compiles.
Change-Id: I7053cc738faa9f7a82f55fc46fc78618bdf702a5
Signed-off-by: Ed Tanous <edtanous@google.com>
|
|
SetProperty is a method we should use more, and use consistently in the
codebase, this commit makes it consistently used from the utility
namespace.
Tested: Refactor. Code compiles.
Signed-off-by: George Liu <liuxiwei@inspur.com>
Change-Id: I5939317d23483e16bd98a8298f53e75604ef374d
|
|
Since the getManagedObjects method has been implemented in
dbus_utility and this commit is to integrate all the places where the
GetManagedObjects method is obtained, and use the method in
dbus_utility uniformly.
Signed-off-by: George Liu <liuxiwei@inspur.com>
Change-Id: Ic13f2bef7b30f805cd3444a75d7df17b031f2eb0
|
|
The new pre-defined usergroup named "hostconsole" is added to
differentiate access between host console and manager console.
The only users allowed to interact with host console are part of the
"hostconsole" group and they are in an administrator role.
Note: The changes are spread across multiple repositories listed under
"Related commits:"
The bmcweb changes to incorporate new group are as follows:
- The new user is added in the hostconsole group only if it has an
administrative role.
- The ssh usergroup is only translated to ManagerConsole redfish group
and hostconsole usergroup is translated to HostConsole redfish group.
- The following changes are made to check the privileges for host console
access
- The new OEM privilege "OpenBMCHostConsole" added for host console
access. This privilege is not shared externally hence it is not
documented.
- Updated obmc_console BMCWEB_ROUTE to use the new privilege.
- Router functions now save user role and user groups in the session
- getUserPrivileges() function now takes session reference instead
of user role. This function now also checks for the user group
"hostconsole" and add the new privilege if user is member of this
group.
- Updated all callers of the getUserPrivileges to pass session
reference.
- Added test to validate that new privilege is set correctly.
Tested:
Loaded code on the system and validated that;
- New user gets added in hostconsole group. NOTE: Prior to this commit
all groups are assigned to new user. This drop does not change that
behavior.
- Access from the web gui is only available for users in hostconsole
group. Used IBM internal simulator called simics to test this. This
simulator allows accessing openbmc from GUI.
- Checked the role collection and there is no change.
$ curl -k -H "X-Auth-Token: $TOKEN" -X GET \
https://${bmc}/redfish/v1/AccountService/Roles
$ curl -k -H "X-Auth-Token: $TOKEN" -X GET \
https://${bmc}/redfish/v1/AccountService/Roles/Administrator
$ curl -k -H "X-Auth-Token: $TOKEN" -X GET \
https://${bmc}/redfish/v1/AccountService/Roles/ReadOnly
$ curl -k -H "X-Auth-Token: $TOKEN" -X GET \
https://${bmc}/redfish/v1/AccountService/Roles/Operator
- HostConsole is in AccountType when hostconsole group is present in
UserGroups D-Bus property
$ id user99
uid=1006(user99) gid=100(users) groups=1000(priv-admin),1005(web),\
1006(redfish),1013(hostconsole),100(users)
$ curl -k https://${bmc}/redfish/v1/AccountService/Accounts/user99
{
"@odata.id": "/redfish/v1/AccountService/Accounts/user99",
"@odata.type": "#ManagerAccount.v1_4_0.ManagerAccount",
"AccountTypes": [
"HostConsole",
"Redfish",
"WebUI",
"ManagerConsole"
],
"Description": "User Account",
"Enabled": true,
"Id": "user99",
"Links": {
"Role": {
"@odata.id": "/redfish/v1/AccountService/Roles/Administrator"
}
},
"Locked": false,
"Locked@Redfish.AllowableValues": [
"false"
],
"Name": "User Account",
"Password": null,
"PasswordChangeRequired": false,
"RoleId": "Administrator",
"UserName": "user99"
- The hostconsole group is not present for readonly or operator users
and also made sure that console access is not provided. This testing
is done one the system and console access was tried by modifying the
https://github.com/openbmc/bmcweb/blob/master/scripts/websocket_test.py
+ curl -k https://${bmc}/redfish/v1/AccountService/Accounts/user99
{
"@odata.id": "/redfish/v1/AccountService/Accounts/user99",
"@odata.type": "#ManagerAccount.v1_4_0.ManagerAccount",
"AccountTypes": [
"IPMI",
"Redfish",
"WebUI",
"ManagerConsole"
],
"Description": "User Account",
"Enabled": true,
"Id": "user99",
"Links": {
"Role": {
"@odata.id": "/redfish/v1/AccountService/Roles/ReadOnly"
}
},
"Locked": false,
"Locked@Redfish.AllowableValues": [
"false"
],
"Name": "User Account",
"Password": null,
"PasswordChangeRequired": false,
"RoleId": "ReadOnly",
"UserName": "user99"
[INFO "http_connection.hpp":209] Request: 0x150ac38 HTTP/1.1 GET /console0 ::ffff:x.x.xx.xxx
[DEBUG "routing.hpp":1265] Matched rule (upgrade) '/console0' 1 / 2
[DEBUG "routing.hpp":1084] userName = user99 userRole = priv-user
[DEBUG "routing.hpp":1123] IsUserPrivileged: group=ipmi
[DEBUG "routing.hpp":1123] IsUserPrivileged: group=redfish
[DEBUG "routing.hpp":1123] IsUserPrivileged: group=ssh
[DEBUG "routing.hpp":1123] IsUserPrivileged: group=web
[DEBUG "routing.hpp":93] checkPrivileges: BASE USER: Login
[DEBUG "routing.hpp":93] checkPrivileges: BASE USER: ConfigureSelf
[DEBUG "routing.hpp":113] checkPrivileges: OEM REQUIRED: OpenBMCHostConsole
[ERROR "routing.hpp":1192] Insufficient Privilege
+ curl -k https://${bmc}/redfish/v1/AccountService/Accounts/user99
{
"@odata.id": "/redfish/v1/AccountService/Accounts/user99",
"@odata.type": "#ManagerAccount.v1_4_0.ManagerAccount",
"AccountTypes": [
"IPMI",
"Redfish",
"WebUI",
"ManagerConsole"
],
"Description": "User Account",
"Enabled": true,
"Id": "user99",
"Links": {
"Role": {
"@odata.id": "/redfish/v1/AccountService/Roles/Operator"
}
},
"Locked": false,
"Locked@Redfish.AllowableValues": [
"false"
],
"Name": "User Account",
"Password": null,
"PasswordChangeRequired": false,
"RoleId": "Operator",
"UserName": "user99"
[INFO "http_connection.hpp":209] Request: 0x21c7c38 HTTP/1.1 GET /console0 ::ffff:x.x.xx.xxx
[DEBUG "routing.hpp":1265] Matched rule (upgrade) '/console0' 1 / 2
[DEBUG "routing.hpp":1084] userName = user99 userRole = priv-operator
[DEBUG "routing.hpp":1123] IsUserPrivileged: group=ipmi
[DEBUG "routing.hpp":1123] IsUserPrivileged: group=redfish
[DEBUG "routing.hpp":1123] IsUserPrivileged: group=ssh
[DEBUG "routing.hpp":1123] IsUserPrivileged: group=web
[DEBUG "routing.hpp":93] checkPrivileges: BASE USER: Login
[DEBUG "routing.hpp":93] checkPrivileges: BASE USER: ConfigureComponents
[DEBUG "routing.hpp":93] checkPrivileges: BASE USER: ConfigureSelf
[DEBUG "routing.hpp":113] checkPrivileges: OEM REQUIRED: OpenBMCHostConsole
[ERROR "routing.hpp":1192] Insufficient Privilege
Related commits:
NOTE: docs, openbmc, obmc-console changes are already merged. bmcweb
and phosphor-user-manager will be merged together.
docs: https://gerrit.openbmc.org/c/openbmc/docs/+/60968
phosphor-user-manager: https://gerrit.openbmc.org/c/openbmc/phosphor-user-manager/+/61583
openbmc: https://gerrit.openbmc.org/c/openbmc/openbmc/+/61582
obmc-console: https://gerrit.openbmc.org/c/openbmc/obmc-console/+/61581
bmcweb: https://gerrit.openbmc.org/c/openbmc/bmcweb/+/61580
Change-Id: Ia5a33dafc9a76444e6a8e74e752f0f90cb0a31c8
Signed-off-by: Ninad Palsule <ninadpalsule@us.ibm.com>
|
|
The code logic currently calls the systemd 'ListUnits' interface and
then compares the returned services and sockets with a predefined map
that associates the systemd units with specific protocols. The
appropriate 'Port' and 'ProtocolEnabled' properties are then filled into
the Redfish response to a redfish/v1/Managers/bmc/NetworkProtocol query.
The issue is that when certain services like IPMI or SSH are disabled,
the systemd unit will no longer be returned by the 'ListUnits' d-bus
interface. This results in the IPMI and SSH protocols not showing up in
the Redfish query. This commit ensures if a feature like IPMI or SSH is
disabled, the user will still see it in the Redfish query and it will
shows false for 'ProtocolEnabled'.
Looked into calling 'ListUnitFiles' which sounds like it returns all
possible units in the system, but that consistently timed out when
calling in a witherspoon qemu session (vs. the instant response to
`ListUnits` in the same session).
Prior to commit 5c3e927 the code operated differently and would look up
each individual protocol. If it didn't find it, then it would fill in
defaults. The change caused us to no longer put a default in for the
protocols when they are disabled.
Tested:
- Confirmed when IPMI was disabled that a query to NetworkProtocol
returned with IPMI in its response and 'ProtocolEnabled' was false
- Basic testing to ensure IPMI could be enabled/disabled and Redfish
responses were as expected
- Ran redfish validator when NetworkProtocol was returning IPMI disabled
Change-Id: I476361413fdb508c93aea88ca6142bc649562c56
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
|
|
clang-format-16 has some backwards incompatible changes that require
additional settings for best compatibility and re-running the formatter.
Copy the latest .clang-format from the docs repository and reformat the
repository.
Change-Id: I75f89d2959b0f1338c20d72ad669fbdc1d720835
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
|
|
When we have 2 or more netdevs, if eth0 configured the StaticNTPServers
and eth1 not by default, the NTPServers will be empty.
We could merge all the NTPServers from all the interfaces, and remove
the duplicate ones(Already have).
Limitations(not this patch):
When setting the NTPServers, will set all the interfaces, cannot be
set individually.
Tested:
Only config the eth0's NTPServers, keep eth1's NTPServers empty.
```
~# curl -k -H "X-Auth-Token: $token" https://$bmc/redfish/v1/Managers/bmc/NetworkProtocol
{
...
"NTP": {
"NTPServers": [
"fdbd:dc00::10:8:8:14",
"fdbd:dc00::10:8:8:15",
"fdbd:dc00::10:8:8:16",
"10.8.8.14",
"10.8.8.15",
"10.8.8.16"
],
"ProtocolEnabled": true
},
}
```
Change-Id: Ie181bb117577bc46f87e714b87dcb7cd8f5145a8
Signed-off-by: Jian Zhang <zhangjian.3032@bytedance.com>
|
|
In systems.hpp for Serialconsole, SSH service-enabled and its Port
number info is hardcoded. Same for IPMI service-enabled info is also
hardcoded.
Implementation:
SSH:
check for obmc-console-ssh@2200.service service is enable or not, and
yes then, on which port number. Retrieve service-related information
and pass that into DMTF for "/redfish/v1/Systems/system/".
IPMI:-
check for phosphor-ipmi-net@eth0.socket service is enable or not, and
pass that info DMTF for "/redfish/v1/Systems/system/".
Tested:
Manually tested on the Witherspoon system, there is no change in output.
Run Redfish validator. No error found.
Before:
"SerialConsole": {
"IPMI": {
"ServiceEnabled": true
},
"MaxConcurrentSessions": 15,
"SSH": {
"HotKeySequenceDisplay": "Press ~. to exit console",
"Port": 2200,
"ServiceEnabled": true
}
}
After:
Note: SSH Info retrieve via Dbus ListUnit API
"SerialConsole": {
"IPMI": {
"ServiceEnabled": true
},
"MaxConcurrentSessions": 15,
"SSH": {
"HotKeySequenceDisplay": "Press ~. to exit console",
"Port": 2200,
"ServiceEnabled": true
}
}
Signed-off-by: Abhishek Patel <Abhishek.Patel@ibm.com>
Change-Id: I70009ee785aab3ca4a61fe0d96fbc5b340831647
|
|
Similar to support added earlier in the tree, add support for the Link
header that Redfish requires.
Tested:
HEAD /redfish/v1/Managers/bmc/NetworkProtocol returns correct Link
header.
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: I0ffb86a4d95c8766822d208a51683dcbefc01dd5
|
|
Similar to the code we've been building elsewhere, move NetworkProtocol
to separate methods, and avoid lambdas.
Tested: Code compiles. Tested as part of next patch. (merge at the
same time)
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: I6dca5917f3e67153f0135ce9b915bb1f02ac6a0e
|
|
By convention, we should be following boost here, and passing error_code
by reference, not by value. This makes our code consistent, and removes
the need for a copy in some cases.
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: Id42ea4a90b6685a84818b87d1506c11256b3b9ae
|
|
Since the GetSubTree method has been implemented in dbus_utility and
this commit is to integrate all the places where the GetSubTree
method is called, and use the method in dbus_utility uniformly.
Tested: Redfish Validator Passed
Signed-off-by: George Liu <liuxiwei@inspur.com>
Change-Id: If3852b487d74e7cd8f123e0efffbd4affe92743c
|
|
Most of these missing includes were found by running clang-tidy on all
files, including headers. The existing scripts just run clang-tidy on
source files, which doesn't catch most of these.
Tested: Code compiles
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: Ic741fbb2cc9e5e92955fd5a1b778a482830e80e8
|
|
Clang correctly notes that this function is missing an inline
definition.
Tested: Code compiles further on clang (other failures still present).
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: I7d6420e2bb1c0c9360ff8427857aa916142c5a66
|
|
Recent changes to phosphor-network have changed the NTPServers property
to be actually StaticNTPServers. This makes PATCH incorrect.
Tested: Redfish-protocol-validator passes the NTPServers property again.
```
curl -vvvv --insecure --user root:0penBmc https://192.168.7.2/redfish/v1/Managers/bmc/NetworkProtocol -X PATCH -d '{"NTP": {"NTPServers": ["time-a-b.nist.gov", "time-b-b.nist.gov"]}}'
```
Now succeeds.
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: Ie4bcfa6190797dd250421d1a512677841a4319e4
|
|
There are currently many files that use the GetSubTree and
GetSubTreePaths methods. Since they are a general method, they are
defined in the dbus_utility.hpp file and will be further refactored
in subsequent patches.
Also, Updated the doPath method of NetworkProtocol synchronously.
Tested: Built bmcweb successfully and Validator passes
1. doGet NetworkProtocol
curl -k -H "X-Auth-Token: $token"
https://${bmc}/redfish/v1/Managers/bmc/NetworkProtocol
{
"@odata.id": "/redfish/v1/Managers/bmc/NetworkProtocol",
"IPMI": {
"Port": 623,
"ProtocolEnabled": true
},
...
}
2. change the ProtocolEnabled property to false
curl -k -H "X-Auth-Token: $token" -H "Content-Type: application/json"
-X PATCH -d '{"IPMI": {"ProtocolEnabled" :false}}'
https://${bmc}/redfish/v1/Managers/bmc/NetworkProtocol
3. doGet NetworkProtocol again
curl -k -H "X-Auth-Token: $token"
https://${bmc}/redfish/v1/Managers/bmc/NetworkProtocol
{
"@odata.id": "/redfish/v1/Managers/bmc/NetworkProtocol",
"IPMI": {
"Port": null,
"ProtocolEnabled": false
},
...
}
Signed-off-by: George Liu <liuxiwei@inspur.com>
Change-Id: I9ed3de74417d2662a7f433ea4a589f68f514a369
|
|
Along the lines of changes we've made elsewhere, add Links, and a HEAD
handler for bmc NetworkProcotol instances.
Tested:
```
curl -vvvv --insecure --user root:0penBmc https://192.168.7.2/redfish/v1/JsonSchemas/NetworkProtocol/NetworkProtocol.json
```
Returns a links header as part of the response.
Adding -X HEAD to the curl request results in the same header being
included.
Redfish service validator passes.
Redfish PROTOCOL VALIDATOR PASSES ! ! ! ! ! with zero failures.
Summary - PASS: 392, WARN: 0, FAIL: 0, NOT_TESTED: 32
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: Ib96f7c8d5d8d960000a1bb77065fc06d2829e4b8
|
|
This reverts commit 525fc07224884d3640e5c4a1b6a551aee024f7bd.
As discussed in discord,
https://gerrit.openbmc.org/c/openbmc/openbmc/+/57931 is a legit fail.
[1] https://discord.com/channels/775381525260664832/776550056391606352/1030497797121777768
The validator is failing due to:
ERROR - NetworkSuppliedServers not defined in Complex
NTPManagerNetworkProtocol.v1_2_0.NTPProtocol (check version, spelling
and casing)
Since the bmcweb bump merged, seeing validator fails in openbmc/openbmc.
Revert, get the validator passing again, will open an issue with
redfish since this looks like an issue with the schema itself.
Tested: None.
Change-Id: Ie8046c93eaf2f69c71eb5162dacb961032f9366c
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>
|
|
There was no way to differentiate between the static and DHCP assigned
NTP servers. Networkd and Dbus has added support for StaticNTPServers to
save the static configuration.
PATCH command will now set the StaticNTPServers property at the backend.
NTPServers property will contain network supplied dynamic NTP Servers at
the system.
Tested by:
1. PATCH /redfish/v1/Managers/bmc/NetworkProtocol -d
'{"NTP":{"NTPServers": [<ip>]}}'
Verify that this adds the NTPs server to the NetworkProtocol
2. Enable DHCP to fetch NTP servers list from the DHCP server. Verify
that they are listed when GET on NetworkProtocol as below
"NTP": {
"NTPServers": [
<static ntp server ip>
],
"NetworkSuppliedServers": [
<dynamic ntp server ip>
],
"ProtocolEnabled": true
},
3. Redfish validator run
Signed-off-by: sunharis <sunithaharish04@gmail.com>
Change-Id: Ifac77485485839292b770d36def35da17d723c4e
|
|
cppcheck correctly notes that a lot of variables in the new code can be
const. Make most of them const.
Tested: WIP
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: I8f37b6353fd707923f533e1d61c5b5419282bf23
|
|
The Redfish specification for PATCH of arrays defines a number of
requirements.
- Setting a value to null, should remove it from the list.
- Setting a value to empty object "{}" should leave the value unmodified
- Values at indexes larger than whats included in the PATCH request
shall be removed.
This commit attempts to fix this behavior for NTPServers and make it
correct. It does this by first getting the list of NTP servers, then
walking the list in parallel with the list given in the patch, and
either modifying or changing the list as the spec requires before
setting the setting across the system.
It also turns out that the current behavior of unpacking nlohmann::json
objects requires an object to be an array, object, or null, which
doesn't allow unpacking the strings required in this case, so that check
is removed. A quick inspection shows that we don't unpack nlohmann
objects very often, and this should have no impact.
Tested:
Redfish-protocol-validator tests for NTPServers now pass
'''
curl -vvvv --insecure --user root:0penBmc https://192.168.7.2/redfish/v1/Managers/bmc/NetworkProtocol -X PATCH -d '{"NTP": {"NTPServers": []}}'
'''
Used to patch values succeeds with various "good" values;
["time-a-b.nist.gov", "time-b-b.nist.gov"]
[{}, {}]
["time-a-b.nist.gov", null]
[]
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: I23a8febde34817bb0b934e46e2b77ff391b52a57
|
|
getEthernetIfaceData callback should ideally be returning exactly the
values the system has, minus duplicates. In every case this function is
used, we don't want duplicates, so move where we check for duplicates.
Tested: In conjunction with
https://gerrit.openbmc.org/c/openbmc/bmcweb/+/54829 test cases pass.
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: Ib202db99f70e1a6fdddf18969e15b2382e287848
|
|
After service-config-manager switched to encode its object path with
sdbusplus, bmcweb needs to encode them with sdbusplus as well.
Tested:
Verified PATCH ServiceEnabled property of SSH and IPMI works.
Change-Id: I1d3317489617b609327847eaf1d40fbc5659e53c
Signed-off-by: Jiaqing Zhao <jiaqing.zhao@intel.com>
|
|
This patchset is the conclusion of a multi-year effort to try to fix
shadowed variable names. Variables seem to be shadowed all over, and in
most places they exist, there's a "code smell" of things that aren't
doing what the author intended.
This commit attempts to clean up these in several ways by:
1. Renaming variables where appropriate.
2. Preferring to refer to member variables directly when operating
within a class
3. Rearranging code so that pass through variables are handled in the
calling scope, rather than passing them through.
These patterns are applied throughout the codebase, to the point where
-Wshadow can be enabled in meson.build.
Tested: Code compiles, unit tests pass. Still need to run redfish
service validator.
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: If703398c2282f9e096ca2694fd94515de36a098b
|
|
For Redfish Aggregation, we need a common point to check the D-Bus
for satellite configs. If they are available then we perform the
aggregation operations. The functions in query.hpp are used by all
endpoints making them the logical location. The aggregation code
requires a shared_ptr to the AsyncResp so these functions need to be
able to supply that.
This patch is broken out of a future patch for routing Redfish
Aggregation requests
https://gerrit.openbmc.org/c/openbmc/bmcweb/+/53310
The follow commands can be used to perform most of the replacements:
find . -type f | xargs sed -i 's/setUpRedfishRoute(app, req, asyncResp->res/setUpRedfishRoute(app, req, asyncResp/g'
find . -type f | xargs sed -i 's/setUpRedfishRouteWithDelegation(app, req, asyncResp->res/setUpRedfishRouteWithDelegation(app, req, asyncResp/g'
Signed-off-by: Carson Labrado <clabrado@google.com>
Change-Id: I4f4f9f22cdcfb14a3bd94b9a8f3d64aae34e57bc
|
