diff options
| author | Ratan Gupta <ratagupt@linux.vnet.ibm.com> | 2019-04-22 14:18:33 +0530 |
|---|---|---|
| committer | Ratan Gupta <ratagupt@linux.vnet.ibm.com> | 2019-06-24 14:41:51 +0530 |
| commit | ab828d7cba9f61019c27f3dfffe00eee264f96f7 (patch) | |
| tree | fe05b83e09e5d478c532a8af2bebbbe76f4be50c | |
| parent | 06b1b63c3cc85b5b77521e7fed0b2a23a63bfbb6 (diff) | |
| download | bmcweb-ab828d7cba9f61019c27f3dfffe00eee264f96f7.tar.gz bmcweb-ab828d7cba9f61019c27f3dfffe00eee264f96f7.zip | |
Redfish: Populate the ActiveDirectory property in AccountService schema
With this commit get request on account service gets the
LDAP/AD configuration.
TestedBy: 1) Run the redfish - validator
=> when there is no configuration
=> After LDAP Configuration.
=> After ActiveDirectory Configuration.
2) GET request through redfish
/redfish/v1/AccountService
Gets both LDAP and ActiveDirectory properties.
Detailed test results are at following location.
https://pastebin.com/ibX5nyAc
Change-Id: I0d6cdc2039eecffe96b6a27f3d65905ceb92d9b9
Signed-off-by: Ratan Gupta <ratagupt@linux.vnet.ibm.com>
| -rw-r--r-- | redfish-core/lib/account_service.hpp | 314 |
1 files changed, 180 insertions, 134 deletions
diff --git a/redfish-core/lib/account_service.hpp b/redfish-core/lib/account_service.hpp index 061c1a2..8d03a25 100644 --- a/redfish-core/lib/account_service.hpp +++ b/redfish-core/lib/account_service.hpp @@ -27,6 +27,9 @@ namespace redfish constexpr const char* ldapConfigObject = "/xyz/openbmc_project/user/ldap/openldap"; +constexpr const char* ADConfigObject = + "/xyz/openbmc_project/user/ldap/active_directory"; + constexpr const char* ldapRootObject = "/xyz/openbmc_project/user/ldap"; constexpr const char* ldapDbusService = "xyz.openbmc_project.Ldap.Config"; constexpr const char* ldapConfigInterface = @@ -102,10 +105,12 @@ inline std::string getRoleIdFromPrivilege(std::string_view role) } void parseLDAPConfigData(nlohmann::json& json_response, - const LDAPConfigData& confData) + const LDAPConfigData& confData, + const std::string& ldapType) { - std::string service = "LDAPService"; - json_response["LDAP"] = { + std::string service = + (ldapType == "LDAP") ? "LDAPService" : "ActiveDirectoryService"; + json_response[ldapType] = { {"AccountProviderType", service}, {"ServiceEnabled", confData.serviceEnabled}, {"ServiceAddresses", nlohmann::json::array({confData.uri})}, @@ -136,86 +141,126 @@ inline void getLDAPConfigData(const std::string& ldapType, LDAPConfigData confData{}; if (error_code) { - callback(false, confData); + callback(false, confData, ldapType); BMCWEB_LOG_ERROR << "D-Bus responses error: " << error_code; return; } - std::string ldapConfigObjectStr = std::string(ldapConfigObject); - std::string ldapEnableInterfaceStr = std::string(ldapEnableInterface); - std::string ldapConfigInterfaceStr = std::string(ldapConfigInterface); + + std::string ldapDbusType; + if (ldapType == "LDAP") + { + ldapDbusType = "xyz.openbmc_project.User.Ldap.Config.Type.OpenLdap"; + } + else if (ldapType == "ActiveDirectory") + { + ldapDbusType = "xyz.openbmc_project.User.Ldap.Config.Type." + "ActiveDirectory"; + } + else + { + BMCWEB_LOG_ERROR << "Can't get the DbusType for the given type=" + << ldapType; + callback(false, confData, ldapType); + return; + } + + std::string ldapEnableInterfaceStr = ldapEnableInterface; + std::string ldapConfigInterfaceStr = ldapConfigInterface; + for (const auto& object : ldapObjects) { - if (object.first == ldapConfigObjectStr) + // let's find the object whose ldap type is equal to the given type + auto intfit = object.second.find(ldapConfigInterfaceStr); + if (intfit == object.second.end()) { - for (const auto& interface : object.second) + continue; + } + auto propit = intfit->second.find("LDAPType"); + if (propit == intfit->second.end()) + { + continue; + } + + const std::string* value = + std::get_if<std::string>(&(propit->second)); + if (value == nullptr || (*value) != ldapDbusType) + { + + // this is not the interested configuration, + // let's move on to the other configuration. + continue; + } + else + { + confData.serverType = *value; + } + + for (const auto& interface : object.second) + { + if (interface.first == ldapEnableInterfaceStr) { - if (interface.first == ldapEnableInterfaceStr) + // rest of the properties are string. + for (const auto& property : interface.second) { - // rest of the properties are string. - for (const auto& property : interface.second) + if (property.first == "Enabled") { - if (property.first == "Enabled") + const bool* value = + std::get_if<bool>(&property.second); + if (value == nullptr) { - const bool* value = - std::get_if<bool>(&property.second); - if (value == nullptr) - { - continue; - } - confData.serviceEnabled = *value; - break; + continue; } + confData.serviceEnabled = *value; + break; } } - else if (interface.first == ldapConfigInterfaceStr) - { + } + else if (interface.first == ldapConfigInterfaceStr) + { - for (const auto& property : interface.second) + for (const auto& property : interface.second) + { + const std::string* value = + std::get_if<std::string>(&property.second); + if (value == nullptr) { - const std::string* value = - std::get_if<std::string>(&property.second); - if (value == nullptr) - { - continue; - } - if (property.first == "LDAPServerURI") - { - confData.uri = *value; - } - else if (property.first == "LDAPBindDN") - { - confData.bindDN = *value; - } - else if (property.first == "LDAPBaseDN") - { - confData.baseDN = *value; - } - else if (property.first == "LDAPSearchScope") - { - confData.searchScope = *value; - } - else if (property.first == "LDAPType") - { - confData.serverType = *value; - } - else if (property.first == "GroupNameAttribute") - { - confData.groupAttribute = *value; - } - else if (property.first == "UserNameAttribute") - { - confData.userNameAttribute = *value; - } + continue; + } + if (property.first == "LDAPServerURI") + { + confData.uri = *value; + } + else if (property.first == "LDAPBindDN") + { + confData.bindDN = *value; + } + else if (property.first == "LDAPBaseDN") + { + confData.baseDN = *value; + } + else if (property.first == "LDAPSearchScope") + { + confData.searchScope = *value; + } + else if (property.first == "GroupNameAttribute") + { + confData.groupAttribute = *value; + } + else if (property.first == "UserNameAttribute") + { + confData.userNameAttribute = *value; } } } - - callback(true, confData); + } + if (confData.serverType == ldapDbusType) + { + callback(true, confData, ldapType); break; } } }; - auto getServiceName = [callback, getConfig(std::move(getConfig))]( + auto getServiceName = [callback, ldapType, getConfig(std::move(getConfig))]( const boost::system::error_code ec, const GetObjectType& resp) { LDAPConfigData confData{}; @@ -223,7 +268,7 @@ inline void getLDAPConfigData(const std::string& ldapType, { BMCWEB_LOG_ERROR << "DBUS response error during getting of service name: " << ec; - callback(false, confData); + callback(false, confData, ldapType); return; } std::string service = resp.begin()->first; @@ -654,77 +699,77 @@ class AccountService : public Node // Get the existing resource first then keep modifying // whenever any property gets updated. - getLDAPConfigData( - serverType, - [this, asyncResp, userName, password, baseDNList, userNameAttribute, - groupsAttribute, accountProviderType, serviceAddressList, - serviceEnabled, - serverType](bool success, LDAPConfigData confData) { - if (!success) - { - messages::internalError(asyncResp->res); - return; - } - parseLDAPConfigData(asyncResp->res.jsonValue, confData); - if (confData.serviceEnabled) - { - // Disable the service first and update the rest of - // the properties. - handleServiceEnablePatch(false, asyncResp, serverType, - ldapConfigObject); - } + getLDAPConfigData(serverType, [this, asyncResp, userName, password, + baseDNList, userNameAttribute, + groupsAttribute, accountProviderType, + serviceAddressList, serviceEnabled]( + bool success, LDAPConfigData confData, + const std::string& serverType) { + if (!success) + { + messages::internalError(asyncResp->res); + return; + } + parseLDAPConfigData(asyncResp->res.jsonValue, confData, serverType); + if (confData.serviceEnabled) + { + // Disable the service first and update the rest of + // the properties. + handleServiceEnablePatch(false, asyncResp, serverType, + ldapConfigObject); + } - if (serviceAddressList) - { - handleServiceAddressPatch(*serviceAddressList, asyncResp, - serverType, ldapConfigObject); - } - if (userName) - { - handleUserNamePatch(*userName, asyncResp, serverType, - ldapConfigObject); - } - if (password) - { - handlePasswordPatch(*password, asyncResp, serverType, - ldapConfigObject); - } + if (serviceAddressList) + { + handleServiceAddressPatch(*serviceAddressList, asyncResp, + serverType, ldapConfigObject); + } + if (userName) + { + handleUserNamePatch(*userName, asyncResp, serverType, + ldapConfigObject); + } + if (password) + { + handlePasswordPatch(*password, asyncResp, serverType, + ldapConfigObject); + } - if (baseDNList) - { - handleBaseDNPatch(*baseDNList, asyncResp, serverType, - ldapConfigObject); - } - if (userNameAttribute) - { - handleUserNameAttrPatch(*userNameAttribute, asyncResp, - serverType, ldapConfigObject); - } - if (groupsAttribute) - { - handleGroupNameAttrPatch(*groupsAttribute, asyncResp, - serverType, ldapConfigObject); - } - if (serviceEnabled) - { - // if user has given the value as true then enable - // the service. if user has given false then no-op - // as service is already stopped. - if (*serviceEnabled) - { - handleServiceEnablePatch(*serviceEnabled, asyncResp, - serverType, ldapConfigObject); - } - } - else + if (baseDNList) + { + handleBaseDNPatch(*baseDNList, asyncResp, serverType, + ldapConfigObject); + } + if (userNameAttribute) + { + handleUserNameAttrPatch(*userNameAttribute, asyncResp, + serverType, ldapConfigObject); + } + if (groupsAttribute) + { + handleGroupNameAttrPatch(*groupsAttribute, asyncResp, + serverType, ldapConfigObject); + } + if (serviceEnabled) + { + // if user has given the value as true then enable + // the service. if user has given false then no-op + // as service is already stopped. + if (*serviceEnabled) { - // if user has not given the service enabled value - // then revert it to the same state as it was - // before. - handleServiceEnablePatch(confData.serviceEnabled, asyncResp, + handleServiceEnablePatch(*serviceEnabled, asyncResp, serverType, ldapConfigObject); } - }); + } + else + { + // if user has not given the service enabled value + // then revert it to the same state as it was + // before. + handleServiceEnablePatch(confData.serviceEnabled, asyncResp, + serverType, ldapConfigObject); + } + }); } void doGet(crow::Response& res, const crow::Request& req, @@ -799,12 +844,13 @@ class AccountService : public Node "org.freedesktop.DBus.Properties", "GetAll", "xyz.openbmc_project.User.AccountPolicy"); - std::string ldapType = "LDAP"; - getLDAPConfigData( - ldapType, - [asyncResp, ldapType](bool success, LDAPConfigData& confData) { - parseLDAPConfigData(asyncResp->res.jsonValue, confData); - }); + auto callback = [asyncResp](bool success, LDAPConfigData& confData, + const std::string& ldapType) { + parseLDAPConfigData(asyncResp->res.jsonValue, confData, ldapType); + }; + + getLDAPConfigData("LDAP", callback); + getLDAPConfigData("ActiveDirectory", callback); } void doPatch(crow::Response& res, const crow::Request& req, |
