| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This action resets the BIOS attributes to default.
Tested:
GET test:
1. $ curl -k -H "X-Auth-Token: $token" https://${bmc}/redfish/v1/Systems/system
{
...
"Bios": {
"@odata.id": "/redfish/v1/Systems/system/Bios"
},
...
}
2. $ curl -k -H "X-Auth-Token: $token" https://${bmc}/redfish/v1/Systems/system/Bios
{
"@odata.id": "/redfish/v1/Systems/system/Bios",
"@odata.type": "#Bios.v1_1_0.Bios",
"Actions": {
"#Bios.ResetBios": {
"target": "/redfish/v1/Systems/system/Bios/Actions/Bios.ResetBios"
}
},
"Description": "BIOS Configuration Service",
"Id": "BIOS",
"Name": "BIOS Configuration"
}
POST test:
1. Change gard list:
# ./gard list
No GARD entries to display
# ./gard create /Sys0/Node0/Proc1/EQ1/EX1/Core0
# ./gard list
ID | Error | Type | Path
-----------------------------------------------------------------------
00000001 | 00000000 | Manual | /Sys0/Node0/Proc1/EQ1/EX1/Core0
=======================================================================
2. Reset bios:
# curl -k -H "X-Auth-Token: $token" -X POST https://${bmc}/redfish/v1/Systems/system/Bios/Actions/Bios.ResetBios
3. Check gard list again:
# ./gard list
No GARD entries to display
Validator tool test:
Counter({'pass': 3001, 'skipOptional': 2475, 'metadataNamespaces': 1605,
'passGet': 191, 'serviceNamespaces': 72, 'invalidPropertyValue': 10,
'passAction': 7, 'optionalAction': 6, 'warningPresent': 6, 'warnDeprecated':
2, 'unverifiedComplexAdditional': 1})
Validation has succeeded.
Signed-off-by: Carol Wang <wangkair@cn.ibm.com>
Change-Id: I0cba966bfde04566001b6df07ad15217f627c327
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This change is to GET and PATCH the ApplyTime property using the
UpdateServce redfish schema. GET request can be used to check the value
before initiating the BMC image upload and activation. PATCH request
can be used to update the ApplyTime value.
If the ApplyTime value is Immediate, force-reboot.service gets called
which reboots the BMC. If the ApplyTime value is OnReset, no force reboot
will be triggered and the new BMC image will be functional till the user
decideds to reboot the BMC manually.
Tested:
Changes passed the Redfish-Service-Validator test.
Success Scenarios:
1. If the value of ApplyTime is Immediate (GET request)
GET https://$bmc/redfish/v1/UpdateService
{
"@odata.context": "/redfish/v1/$metadata#UpdateService.UpdateService",
"@odata.id": "/redfish/v1/UpdateService",
"@odata.type": "#UpdateService.v1_2_0.UpdateService",
"ApplyTime": "Immediate",
"Description": "Service for Software Update",
"FirmwareInventory": {
"@odata.id": "/redfish/v1/UpdateService/FirmwareInventory"
},
"HttpPushUri": "/redfish/v1/UpdateService",
"Id": "UpdateService",
"Name": "Update Service",
"ServiceEnabled": true
}
2. PATCH request to change value to OnReset:
PATCH -d '{ "HttpPushUriOptions": { "HttpPushUriApplyTime":
{ "ApplyTime""OnReset"}}}' https://${bmc}/redfish/v1/UpdateService
{
"@Message.ExtendedInfo": [
{
"@odata.type": "/redfish/v1/$metadata#Message.v1_0_0.Message",
"Message": "Successfully Completed Request",
"MessageArgs": [],
"MessageId": "Base.1.4.0.Success",
"Resolution": "None",
"Severity": "OK"
}
]
}
Error Scenarios:
1. Test by giving wrong HttpPushUriOptions name
[Given as "HttpPushUriOptions1"]
PATCH -d '{ "HttpPushUriOptions1": { "HttpPushUriApplyTime":
{ "ApplyTime":"Immediate"}}}' https://${bmc}/redfish/v1/UpdateService
{
"HttpPushUriOptions1@Message.ExtendedInfo": [
{
"@odata.type": "/redfish/v1/$metadata#Message.v1_0_0.Message",
"Message": "The property HttpPushUriOptions1 is not in the list of valid properties for the resource.",
"MessageArgs": [
"HttpPushUriOptions1"
],
"MessageId": "Base.1.4.0.PropertyUnknown",
"Resolution": "Remove the unknown property from the request body and resubmit the request if the operation failed.",
"Severity": "Warning"
}
]
}
2. Test by giving wrong HttpPushUriApplyTime name
[Given as "HttpPushUriApplyTime1"]
PATCH -d '{ "HttpPushUriOptions": { "HttpPushUriApplyTime1":
{ "ApplyTime:"Immediate"}}}' https://${bmc}/redfish/v1/UpdateService
{
"HttpPushUriApplyTime1@Message.ExtendedInfo": [
{
"@odata.type": "/redfish/v1/$metadata#Message.v1_0_0.Message",
"Message": "The property HttpPushUriApplyTime1 is not in the list of valid properties for the resource.",
"MessageArgs": [
"HttpPushUriApplyTime1"
],
"MessageId": "Base.1.4.0.PropertyUnknown",
"Resolution": "Remove the unknown property from the request body and resubmit the request if the operation failed.",
"Severity": "Warning"
}
]
}
3. Test by giving wrong ApplyTime name [Given as "ApplyTime1"]
PATCH -d '{ "HttpPushUriOptions": { "HttpPushUriApplyTime":
{ "ApplyTime1":"Immediate"}}}' https://${bmc}/redfish/v1/UpdateService
{
"ApplyTime1@Message.ExtendedInfo": [
{
"@odata.type": "/redfish/v1/$metadata#Message.v1_0_0.Message",
"Message": "The property ApplyTime1 is not in the list of valid properties for the resource.",
"MessageArgs": [
"ApplyTime1"
],
"MessageId": "Base.1.4.0.PropertyUnknown",
"Resolution": "Remove the unknown property from the request body and resubmit the request if the operation failed.",
"Severity": "Warning"
}
]
}
4. Giving wrong ApplyTime value ["Immediat" instead of "Immediate"]
PATCH -d '{ "HttpPushUriOptions": { "HttpPushUriApplyTime":
{ "ApplyTime":"Immediat"}}}' https://${bmc}/redfish/v1/UpdateService
{
"ApplyTime@Message.ExtendedInfo": [
{
"@odata.type": "/redfish/v1/$metadata#Message.v1_0_0.Message",
"Message": "The value Immediat for the property ApplyTime is not in the list of acceptable values.",
"MessageArgs": [
"Immediat",
"ApplyTime"
],
"MessageId": "Base.1.4.0.PropertyValueNotInList",
"Resolution": "Choose a value from the enumeration list that the implementation can support and resubmit the request if the operation failed.",
"Severity": "Warning"
}
]
}
5. NULL value given for "HttpPushUriOptions"
PATCH -d '{ "HttpPushUriOptions": ""}' https://${bmc}/redfish/v1/UpdateSrvice
{
"HttpPushUriOptions@Message.ExtendedInfo": [
{
"@odata.type": "/redfish/v1/$metadata#Message.v1_0_0.Message",
"Message": "The value \"\" for the property HttpPushUriOptions is of a different type than the property can accept.",
"MessageArgs": [
"\"\"",
"HttpPushUriOptions"
],
"MessageId": "Base.1.4.0.PropertyValueTypeError",
"Resolution": "Correct the value for the property in the request body and resubmit the request if the operation failed.",
"Severity": "Warning"
}
]
}
6. NULL value given for "HttpPushUriApplyTime"
PATCH -d '{ "HttpPushUriOptions": { "HttpPushUriApplyTime":""}}' https:/${bmc}/redfish/v1/UpdateService
{
"HttpPushUriApplyTime@Message.ExtendedInfo": [
{
"@odata.type": "/redfish/v1/$metadata#Message.v1_0_0.Message",
"Message": "The value \"\" for the property HttpPushUriApplyTime is of a different type than the property can accept.",
"MessageArgs": [
"\"\"",
"HttpPushUriApplyTime"
],
"MessageId": "Base.1.4.0.PropertyValueTypeError",
"Resolution": "Correct the value for the property in the request body and resubmit the request if the operation failed.",
"Severity": "Warning"
}
]
}
7. NULL value given for "HttpPushUriApplyTime"
PATCH -d '{ "HttpPushUriOptions": { "HttpPushUriApplyTime":{ "ApplyTime":""}}}' https://${bmc}/redfish/v1/UpdateService
{
"ApplyTime@Message.ExtendedInfo": [
{
"@odata.type": "/redfish/v1/$metadata#Message.v1_0_0.Message",
"Message": "The value for the property ApplyTime is not in the list of acceptable values.",
"MessageArgs": [
"",
"ApplyTime"
],
"MessageId": "Base.1.4.0.PropertyValueNotInList",
"Resolution": "Choose a value from the enumeration list that the implementation can support and resubmit the request if the operation failed.",
"Severity": "Warning"
}
]
}
Signed-off-by: Jayashankar Padath <jayashankar.padath@in.ibm.com>
Change-Id: Icd01bb6c102c0a24285c79ccf4d41fd5fe53f0ed
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Total Memory in redfish is always 0, fix the problem.
Tested:
After DC cycle the system. TotalSystemMemoryGiB in Redfish system page should
not be zero.
"MemorySummary": {
"Status": {
"State": "Enabled"
},
"TotalSystemMemoryGiB": 16
},
Signed-off-by: Cheng C Yang <cheng.c.yang@linux.intel.com>
Change-Id: I89ad8ed1cf5f9ca9589db444740167645dab9a6e
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Since an OnDemand crashdump could take some time it may cause
the request to time out before the response can be sent.
The correct fix for this is to implement the Redfish Task Monitor
service to handle all asynchronous tasks. Until then, this
change will return 204 (no content) and add the OnDemand log to
the Entries list.
When Task Monitor is implemented it can return 202 (accepted) with
the location of the Task to poll.
Tested:
Used Postman to trigger the OnDemand action and immediately got a
204 response. Polled the Entries list and saw the OnDemand entry
after it was ready.
Change-Id: I3e2692ec5d377823072e0d610fa3ca17a9259a37
Signed-off-by: Jason M. Bills <jason.m.bills@linux.intel.com>
|
| |
|
|
|
|
|
|
|
| |
Tested:
Used Postman to send the OnDemand action twice and got a 503 with
a retry message on the second attempt.
Change-Id: I319a6318ee57e504a54b3fdb6894a5aeb43af203
Signed-off-by: Jason M. Bills <jason.m.bills@linux.intel.com>
|
| |
|
|
|
|
|
|
|
| |
Tested:
Used a browser to request an invalid Crashdump URI and got a
404 with a resource not found error.
Change-Id: Idcac7868bb1f3b4c0248926b46be2cf4fce05328
Signed-off-by: Jason M. Bills <jason.m.bills@linux.intel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Whenever the Redfish response is that a service is temporarily
unavailable, the "Retry-After" header is added with the same
value, so just set the header automatically with the response.
Tested:
Confirmed that the "Retry-After" header is set correctly with
the Redfish temporarily unavailable message.
Change-Id: I9c940be94d9d284b9633c5caa2ce71ade76d22d5
Signed-off-by: Jason M. Bills <jason.m.bills@linux.intel.com>
|
| |
|
|
|
|
|
| |
This interface doesn't have to exist
Change-Id: If0ea4e3c201c80c25e825f64ba3601685ef9ed95
Signed-off-by: James Feist <james.feist@linux.intel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This adds support for Storage Controllers.
Tested: Validator passed
{
"@odata.context": "/redfish/v1/$metadata#Storage.Storage",
"@odata.id": "/redfish/v1/Systems/system/Storage/1",
"@odata.type": "#Storage.v1_7_1.Storage",
"Drives": [
{
"@odata.id": "/redfish/v1/Systems/system/Storage/1/Drives/Drive_1"
},
{
"@odata.id": "/redfish/v1/Systems/system/Storage/1/Drives/Drive_2"
},
{
"@odata.id": "/redfish/v1/Systems/system/Storage/1/Drives/Drive_3"
},
{
"@odata.id": "/redfish/v1/Systems/system/Storage/1/Drives/Drive_4"
},
{
"@odata.id": "/redfish/v1/Systems/system/Storage/1/Drives/Drive_5"
},
{
"@odata.id": "/redfish/v1/Systems/system/Storage/1/Drives/Drive_6"
},
{
"@odata.id": "/redfish/v1/Systems/system/Storage/1/Drives/Drive_7"
},
{
"@odata.id": "/redfish/v1/Systems/system/Storage/1/Drives/Drive_8"
}
],
"Drives@odata.count": 8,
"Id": "1",
"Name": "Storage Controller",
"Status": {
"Health": "OK",
"HealthRollup": "OK",
"State": "Enabled"
},
"StorageControllers": [
{
"@odata.context": "/redfish/v1/$metadata#Storage.StorageController",
"@odata.id": "/redfish/v1/Systems/system/Storage/1#/StorageControllers/0",
"@odata.type": "#Storage.v1_7_0.StorageController",
"Manufacturer": "$BOARD_MANUFACTURER",
"MemberId": "HSBP_1",
"Model": "$BOARD_PRODUCT_NAME",
"Name": "HSBP_1",
"PartNumber": "$BOARD_PART_NUMBER",
"SerialNumber": "$BOARD_SERIAL_NUMBER",
"Status": {
"Health": "OK",
"HealthRollup": "OK",
"State": "Enabled"
}
}
]
}
Change-Id: I9d956343daa74ddfa912e3cbe0d38b0e42a4859f
Signed-off-by: James Feist <james.feist@linux.intel.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
In the Redfish.md, we state "The redfish implementation shall pass
the Redfish Service Validator with no warnings or errors".
Added testing the Redfish Service Validator as part of the
"Developing and Testing" in DEVELOPING.md.
Change-Id: I1688d6a33066d74ca9d6a79d6241e8cc9fe9deb8
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Populate does a mapper call and a get managed objects
and should only be called once. Enforce it.
Tested: No actual change, it is currently never called
twice, this is just for future protection with multiple
async calls.
Change-Id: I8fb9d8d19b2aa2a1c957a0ac8b609adf5e6ba6d0
Signed-off-by: James Feist <james.feist@linux.intel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Some log messages were not following logging format used in this
file, after this change logs from the http_connection.h file
should be coherent.
Also changing log level of one of messages in ‘doRead’ function.
Tested: Manually, the bmcweb was build with logging enabled and
tested by journalctl log verification.
Signed-off-by: Zbigniew Kurzynski <zbigniew.kurzynski@intel.com>
Change-Id: I6c96124cbc3b5ef96bfdca57f04c834728f52fe6
|
| |
|
|
|
|
|
|
|
| |
Comment was incorrect, and probably leftover from a clang-format run.
Tested: No tests needed. Only a comment
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
Change-Id: I3f4cb86bc624b02d0bda536bcc66ce7c99882329
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Nbd-proxy is responsible for exposing websocket endpoint in bmcweb.
It matches WS endpoints with unix socket paths using configuration
exposed on D-Bus by Virtual-Media.
Virtual-Media is then notified about unix socket availability through
mount/unmount D-Bus methods.
Currently, this feature is disabled by default.
Tested: Integrated with initial version of Virtual-Media.
Change-Id: I9c572e9841b16785727e5676fea1bb63b0311c63
Signed-off-by: Iwona Klimaszewska <iwona.klimaszewska@intel.com>
Signed-off-by: Przemyslaw Czarnowski <przemyslaw.hawrylewicz.czarnowski@intel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
std::strtol() expects null-terminated string. This means that passing
string_view.data() to it may cause undefined behaviour.
Let's fix it by using boost::convert instead.
Tested: Manually by sending valid requests and looking for empty
responses.
Change-Id: I319277551b5e85586783afdc8c86e4a7d8db876e
Signed-off-by: Iwona Klimaszewska <iwona.klimaszewska@intel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Considering that wild card captures are now known to be difficult to
maintain, remove a couple instances of them from app. They are no
longer used as a capture, so can be safely removed with no effect. It's
likely the compiler is doing this already.
Tested:
No functional change. Code compiles.
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
Change-Id: I252344a4608f7e107bcb273d725b5a484eb7a17d
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Set the PowerCap with redfish patch.
Tested:
Case 1: PowerCapEnable is false
$ curl -k -H "X-Auth-Token: $token" -X PUT -d '{"data":false}' https://$bmc/xyz/openbmc_project/control/host0/power_cap/attr/PowerCapEnable
$ curl -k -H "X-Auth-Token: $token"https://${bmc}/redfish/v1/Chassis/chassis/Power
{
"@odata.context": "/redfish/v1/$metadata#Power.Power",
"@odata.id": "/redfish/v1/Chassis/chassis/Power",
"@odata.type": "#Power.v1_5_2.Power",
"Id": "Power",
"Name": "Power",
"PowerControl": [
{
"@odata.id": "/redfish/v1/Chassis/chassis/Power#/PowerControl/0",
"@odata.type": "#Power.v1_0_0.PowerControl",
"MemberId": "0",
"Name": "Chassis Power Control",
"PowerLimit": {
"LimitInWatts": null
}
}
],
...
}
$curl -k -H "X-Auth-Token: $token" https://${bmc}/redfish/v1/Chassis/chassis/Power -X PATCH -d '{"PowerControl":[{"PowerLimit":{"LimitInWatts":2004}}]}'
{
"error": {
"@Message.ExtendedInfo": [
{
"@odata.type": "/redfish/v1/$metadata#Message.v1_0_0.Message",
"Message": "PowerCapEnable is false, can't set the PowerCap.",
"MessageArgs": [],
"MessageId": "Base.1.4.0.UnableToSetPowerCap",
"Resolution": "Set PowerCapEnable to be true before setting PowerCap.",
"Severity": "Warning"
}
],
"code": "Base.1.4.0.UnableToSetPowerCap",
"message": "PowerCapEnable is false, can't set the PowerCap."
}
}
Case 2: PowerCapEnable is true, PowerControl json only
$ curl -k -H "X-Auth-Token: $token" -X PUT -d '{"data":true}' https://$bmc/xyz/openbmc_project/control/host0/power_cap/attr/PowerCapEnable
$ curl -k -H "X-Auth-Token: $token"https://${bmc}/redfish/v1/Chassis/chassis/Power
{
"@odata.context": "/redfish/v1/$metadata#Power.Power",
"@odata.id": "/redfish/v1/Chassis/chassis/Power",
"@odata.type": "#Power.v1_5_2.Power",
"Id": "Power",
"Name": "Power",
"PowerControl": [
{
"@odata.id": "/redfish/v1/Chassis/chassis/Power#/PowerControl/0",
"@odata.type": "#Power.v1_0_0.PowerControl",
"MemberId": "0",
"Name": "Chassis Power Control",
"PowerLimit": {
"LimitInWatts": 2001.0
}
}
],
...
}
$ curl -k -H "X-Auth-Token: $token"https://${bmc}/redfish/v1/Chassis/chassis/Power -X PATCH -d '{"PowerControl":[{"PowerLimit":{"LimitInWatts":2004}}]}' -v
...
< HTTP/1.1 204 No Content
...
$ curl -k -H "X-Auth-Token: $token" https://${bmc}/redfish/v1/Chassis/chassis/Power
{
"@odata.context": "/redfish/v1/$metadata#Power.Power",
"@odata.id": "/redfish/v1/Chassis/chassis/Power",
"@odata.type": "#Power.v1_5_2.Power",
"Id": "Power",
"Name": "Power",
"PowerControl": [
{
"@odata.id": "/redfish/v1/Chassis/chassis/Power#/PowerControl/0",
"@odata.type": "#Power.v1_0_0.PowerControl",
"MemberId": "0",
"Name": "Chassis Power Control",
"PowerLimit": {
"LimitInWatts": 2004.0
}
}
],
...
}
Case 3: PowerCapEnable is true, PowerControl and Voltages json
$ curl -k -H "X-Auth-Token: $token" https://${bmc}/redfish/v1/Chassis/chassis/Power -X PATCH -d '{"PowerControl":[{"PowerLimit"{"LimitInWatts":2001}}], "Voltages": [{"MemberId" : "p0_vcs_voltage", "ReadingVolts":8}]}' -v
...
< HTTP/1.1 204 No Content
...
Case 4: Wrong chassis path
$ curl -k -H "X-Auth-Token: $token" https://${bmc}/redfish/v1/Chassis/chassi/Power -X PATCH -d '{"PowerControl":[{"PowerLimit":{"LimitInWatts":2001}}]}'
{
"error": {
"@Message.ExtendedInfo": [
{
"@odata.type": "/redfish/v1/$metadata#Message.v1_0_0.Message",
"Message": "The requested resource of type Chassis named chassi was not found.",
"MessageArgs": [
"Chassis",
"chassi"
],
"MessageId": "Base.1.4.0.ResourceNotFound",
"Resolution": "Provide a valid resource identifier and resubmit the request.",
"Severity": "Critical"
}
],
"code": "Base.1.4.0.ResourceNotFound",
"message": "The requested resource of type Chassis named chassi was not found."
}
}
Signed-off-by: Carol Wang <wangkair@cn.ibm.com>
Change-Id: Ifabdf053005b31cf3e3539009a1ec20ce4d46d5b
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The sessions implementation previously used operator== for session
comparisons. While unlikely to be attackable in the current
implementation, due to the time smearing in a number of cases, modern
security practices recommend using constant time comparison.
Tested By:
Logged into the webui, and observed no change to login flows. Logged
into redfish using Token Auth, and observed no changes. Closed a
previous session, then reopened with the new session information to
verify user sessions are restored properly and still work.
Change-Id: Ie759e4da67ba004fd8c327f177951ac756ea6799
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
Signed-off-by: James Feist <james.feist@linux.intel.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Added support for the IndicatorLED property for physical leds
associated with Thermal and Power sensors.
Testing: Verified output on a witherspoon.
No new errors in redfish validation.
Change-Id: I4e49b3c1769742e49f57c6c1b77a82511cdc8b99
Signed-off-by: Anthony Wilson <wilsonan@us.ibm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently some systems doesn't have enclosure_identity_blink
object for supporting blinking feature which are leading
to systems/system uri failing with 500 error.
Corrected the code to make enclosure_identity_blink object
get/set as optional.
Tested:
Tested IndicatorLED for all 3 cases and it works fine.
Simulated case to not have enclosure_identity_blink object
and teste all 3 InidicatorLED value set and get.
Ran the redfish validator with success results.
Change-Id: I310fb71269aae6d36ea025556ad3b1d87b0acb39
Signed-off-by: AppaRao Puli <apparao.puli@linux.intel.com>
Signed-off-by: James Feist <james.feist@linux.intel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This patch is about fixing mTLS access to URL requiring Administrator
or Opeartor privileges (e.g. /redfish/v1/AccountService).
Tested manually with cURL:
- prepare and install CA certificate,
- call GET to the url=/redfish/v1/AccountService,
- verify whether got status=200 and proper body in the response.
Signed-off-by: Zbigniew Lukwinski <zbigniew.lukwinski@linux.intel.com>
Change-Id: I65109bffadf4f1d6d410cd303687b6da55fd1be0
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Updated get and set of IndicatorLED state
to use the correct d-bus service. Added code to
support LED blinking state.
Tested:
- Using PATCH method on below URI, changed "IndicatorLed"
to multiple states like 'Lit', 'Off', 'Blinking' and
verified correct response using GET method.
URI: /redfish/v1/Systems/system
- Ran the Redfish validator and no new issues observed.
Change-Id: I40f103b1cb0190c48605f60bfca39ba1d20a28ec
Signed-off-by: AppaRao Puli <apparao.puli@linux.intel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This makes some browswers fail to login without a
certificate, it needs to stay disabled.
Introduced here:
https://github.com/openbmc/bmcweb/commit/55e43f69#diff-f34027492b16c1b7a880248323fe4fd8R316
Tested: Cert was not required in Chrome on Windows
Change-Id: I27e60e73784d04e14b9b1495ebd1399ad4ab96ab
Signed-off-by: James Feist <james.feist@linux.intel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This disables ssl renegotiaion based on the potential
DOS attack here: https://www.cvedetails.com/cve/CVE-2011-1473/
Tested: testssl shows it as disabled
https://github.com/drwetter/testssl.sh
validator passed
Fixes https://github.com/openbmc/openbmc/issues/3624
Change-Id: I4bfbd770d25ba5d1a7292421f1ccad2b2e73d3a6
Signed-off-by: James Feist <james.feist@linux.intel.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Because these structures are known at compile time, they can be
constexpr with no ill effect.
Tested: Code compiles, clang-tidy checks pass no functional change.
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
Signed-off-by: James Feist <james.feist@linux.intel.com>
Change-Id: Id78e3638b3dddd740f1a22e22d17fb0d6f8437d3
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
User is now able to turn on and off the TLS authentication method.
Tested:
No regression found in manual testing. By default everything works
as before, and disabling TLS method prevents user to authenticate
by it.
Tested with Redfish Service Validator, version 1.2.8
Signed-off-by: Zbigniew Kurzynski <zbigniew.kurzynski@intel.com>
Change-Id: Ib7be1af659db568caa7e5b97e3844617586d7754
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Added NoAccess role to the Redfish, to properly show
users created using IPMI with NoAccess privilege.
This patch will add NoAccess role & will use the same
when the user privilege is empty.
Note: This code was reverted due to redfish validator failure
and the same has been fixed in this patch, by creating
proper json array empty object.
Tested:
1. Verified redfish validator passed and the earlier issue of
failNullCollection for the NoAccess role is resolved.
2. Verified NoAccess role is listed properly
Get: https://<BMC IP>/redfish/v1/AccountService/Roles/NoAccess
{
"@odata.context": "/redfish/v1/$metadata#Role.Role",
"@odata.id": "/redfish/v1/AccountService/Roles/NoAccess",
"@odata.type": "#Role.v1_2_2.Role",
"AssignedPrivileges": [],
"Description": "NoAccess User Role",
"Id": "NoAccess",
"IsPredefined": true,
"Name": "User Role",
"OemPrivileges": [],
"RoleId": "NoAccess"
}
3. Verified user with No Privilege is listed without any error.
Get: https://<BMC IP>/redfish/v1/AccountService/Accounts/user6
{
"@odata.context": "/redfish/v1/$metadata#ManagerAccount.
ManagerAccount",
"@odata.id": "/redfish/v1/AccountService/Accounts/user6",
"@odata.type": "#ManagerAccount.v1_0_3.ManagerAccount",
"Description": "User Account",
"Enabled": false,
"Id": "user6",
"Links": {
"Role": {
"@odata.id": "/redfish/v1/AccountService/Roles/NoAccess"
}
},
"Locked": false,
"Locked@Redfish.AllowableValues": [
"false"
],
"Name": "User Account",
"Password": null,
"RoleId": "NoAccess",
"UserName": "user6"
}
Change-Id: If9577598e0a6215cf76f5db031ad5f8bcf2387a7
Signed-off-by: jayaprakash Mutyala <mutyalax.jayaprakash@intel.com>
Signed-off-by: Richard Marian Thomaiyar <richard.marian.thomaiyar@linux.intel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
clang-tidy has checks for bugprone constructs. In this case, self
assignment is handled poorly by this object. There is nowhere in the
code where we do this, but add the check anyway to silence the warning.
Background:
https://clang.llvm.org/extra/clang-tidy/checks/bugprone-unhandled-self-assignment.html
Tested:
clang-tidy now passes. Code still compiles.
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
Change-Id: I49b6d6e08165b23114a7f46f305523acfbb32241
|
| |
|
|
|
|
|
|
|
|
|
| |
clang-tidy flagged an error where strings were being constructed at
startup. Move them to const char* to save a little memory, and reduce
the possibility of a error being thrown at startup.
Tested: Code compiles. Error codes need tested functionally.
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
Change-Id: I227e91879e727f4b19d955111b0d2bac8e81b6ad
|
| |
|
|
|
|
|
|
|
|
| |
This was an automatic change made by clang-tidy. It moves all uses of
NULL to nullptr, which are equivalent, but nullptr is prefered.
Tested: Code compiles.
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
Change-Id: I9526599b222693c9723a69934b599c7a5b5d1fbf
|
| |
|
|
|
|
|
|
|
| |
In a recent format, the tabbing was made strange tabbing decisions.
Luckily, cmake-format doesn't change them after the fact when re-run, so
fix it.
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
Change-Id: I95f21f47f84a917a1104d92f8f55603c70cd927c
|
| |
|
|
|
|
|
|
|
| |
modernize-use-bool-literals flagged one violation in the code.
Tested: No functional change.
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
Change-Id: Iccfa7a88e7df0b7e7434fadd549c2f816c98a46e
|
| |
|
|
|
|
|
|
|
|
| |
Modern c++ prefers setting default destructors to =default
Tested: clang-tidy modernize-use-equals-default now passes
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
Change-Id: I9ca746473263abfe2330b7c3e2fe645cf96112f3
Signed-off-by: James Feist <james.feist@linux.intel.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
clang-tidy is a useful tool for automatically finding bad coding
patterns. Add documentation for how to run it manually.
Tested:
Docs change. Ran commands and verified that clang-tidy runs.
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
Change-Id: Ibff23be17af9042c2c5d9769c5d5570e5bbe7e3e
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
priv-callback is valid only for IPMI modem callback, which
was never used, and it's decided to deprecate the same
https://gerrit.openbmc-project.xyz/#/c/openbmc/docs/+/26839/
Removing the support in redfish now.
Tested:
1. Verified callback role was not in list in Get of
https://<BMC IP>/redfish/v1/AccountService/Roles/
2. Redfish validator passed for this change.
Change-Id: Ia16fb584a07bbdf29197cd5dd54e7a9682627c19
Signed-off-by: Richard Marian Thomaiyar <richard.marian.thomaiyar@linux.intel.com>
|
| |
|
|
|
|
|
|
|
| |
This reverts commit 27c10d2ee746b85e9463efb0fc6773c209b2f5ba.
Reason for revert: <Makes the validator fail>
Change-Id: I379d9eda57416476ff1cc17e594c55dedd0bc4eb
Signed-off-by: James Feist <james.feist@linux.intel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Issue: With IPMI command- If New user created, by defualt created with
"NO ACCESS" Channel priv Limit. But same role is not populating from
Redfish.
This test can be done only with below patch being merged.
https://gerrit.openbmc-project.xyz/#/c/openbmc/phosphor-user-manager/
+/24784/
Tested:
Added "NoAccess" Role to Redfish(if Channel privilege Limit is empty in
userlist).
Below is Snapshot from Redfish:
Get: https://<BMC IP>/redfish/v1/AccountService/Roles/NoAccess
{
"@odata.context": "/redfish/v1/$metadata#Role.Role",
"@odata.id": "/redfish/v1/AccountService/Roles/NoAccess",
"@odata.type": "#Role.v1_2_2.Role",
"AssignedPrivileges": null,
"Description": "NoAccess User Role",
"Id": "NoAccess",
"IsPredefined": true,
"Name": "User Role",
"OemPrivileges": [],
"RoleId": "NoAccess"
}
Get: https://<BMC IP>/redfish/v1/AccountService/Accounts/user6
{
"@odata.context": "/redfish/v1/$metadata#ManagerAccount.
ManagerAccount",
"@odata.id": "/redfish/v1/AccountService/Accounts/user6",
"@odata.type": "#ManagerAccount.v1_0_3.ManagerAccount",
"Description": "User Account",
"Enabled": false,
"Id": "user6",
"Links": {
"Role": {
"@odata.id": "/redfish/v1/AccountService/Roles/NoAccess"
}
},
"Locked": false,
"Locked@Redfish.AllowableValues": [
"false"
],
"Name": "User Account",
"Password": null,
"RoleId": "NoAccess",
"UserName": "user6"
}
Redfish validator test results:
Counter({'skipOptional': 31791, 'pass': 22397, 'passGet': 2293,
'metadataNamespaces': 1047, 'warningPresent': 70,
'serviceNamespaces': 68, 'invalidPropertyValue': 67,
'err.LogEntry.v1_0_0.EventSeverity': 64, 'failProp': 64,
'repeat': 14, 'reflink': 9, 'passAction': 7, 'optionalAction': 6,
'failErrorPresent': 1, 'unverifiedComplexAdditional': 1,
'warnTrailingSlashLink': 1})
Validation has failed: 65 problems found
Signed-off-by: jayaprakash Mutyala <mutyalax.jayaprakash@intel.com>
Change-Id: Ibc74e2fe4519ec6160dd516893d5e542feeabb0d
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Implemented TLS based user auth. It utilizes certificates stored by
Phosphor Certificate Manager in storage mode, to verify that user
that tries to log in, has a certificate signed by a trusted CA.
More about this can be read in redfish-tls-user-authentication.md design
document.
Tested that it does not break current authentication methods, when not
using TLS Auth - user should not see difference between versions. TLS Auth
itself allows user in when certificate is signed by trusted CA and valid, and
stops working immediatley after it is removed. User is not let in when provided
certificate is not between notBefore and notAfter dates. Session is tested to
not be created when user does not exist in the system (courtesy of earlier
UserManagement usage commits).
Signed-off-by: Kowalski, Kamil <kamil.kowalski@intel.com>
Change-Id: I6bcaff018fe3105f77d3c10f69765e0011af8dab
Signed-off-by: Zbigniew Kurzynski <zbigniew.kurzynski@intel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Need to Log security event for enabling uart-port-debug, P2A-bridge and
BMC 2nd boot flash to redfish.
tested:
By settng the SCU registers for uart-port-debug disable bit, P2A-bridge
enable bit and BMC 2nd boot flash enable bit, trigger security events, can
see their redfish log.
Change-Id: I75a7ed679c6b20d454a831e52d96dea30eea22bd
Signed-off-by: Chen,Yugang <yugang.chen@linux.intel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Updated the NetworkProtocol GET method code
to lookup the service names and socket paths
directly fetched from System control ListenSockets.
Tested:
- Performed GET on NetworkProtocol URI and validated
all responses.
- Stopped services(ssh) and validated Enabled status.
- Successfully ran Redfish validator without any issues.
URI: /redfish/v1/Managers/bmc/NetworkProtocol
Response:
............
"IPMI": {
"Port": 623,
"ProtocolEnabled": true
},
"HTTPS": {
.....
"Port": 443,
"ProtocolEnabled": true
},
"SSH": {
"Port": 22,
"ProtocolEnabled": true
},
..........
Change-Id: I047910d3e6430a2779b3803a0f1e836104e2bda3
Signed-off-by: AppaRao Puli <apparao.puli@linux.intel.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
clang-tidy flags these variables as having lifetime issues given that
they point to compile time parameters, resolve the error:
Tested: Code compiles, clang-tidy no longer returns an error on that
line.
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
Change-Id: Iaa0da0c346786a79a6e66877082c3716bcffdf69
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Modified POST method to handle redfish user creation
error codes.
Tested:
Tested user creation with below test cases
1)Already user exists
2)Max users reached
3)Username is NULL
4)Username is not starting with alphabet
5)Username exceed more than 16 characters
6)Invalid Password
Redfish validator test results: Passed
Signed-off-by: anil kumar appana <anil.kumarx.appana@intel.com>
Change-Id: I58361ddd4dfd067802f805f9d870b2bc1692ea1d
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Added Oem extension for AccountService allowing user to configure
which authentication methods should be enabled. User is now able
to turn on and off authentication methods like BasicAuth, XToken, etc.
User is not allowed to turn off all of the methods at once - at least
one method has to be active to prevent lock-out. This configuration
is persistent, will be saved on file-system and will be loaded on
bmcweb's restart.
Tested:
No regression found in manual testing. By default everything works as before,
and disabling auth method prevents user to authenticate by it. Tested that
user is not allowed to disable all the methods - either in one PATCH or by
disabling them one at a time.
ServiceValidator run with success.
This change is a fix for this request:
https://gerrit.openbmc-project.xyz/c/openbmc/bmcweb/+/23590/18
which was revert here:
https://gerrit.openbmc-project.xyz/c/openbmc/bmcweb/+/26869
Signed-off-by: Zbigniew Kurzynski <zbigniew.kurzynski@intel.com>
Change-Id: I66b5ad423746f1992070a14f2983a07b1320190e
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The Redfish DHCP handling has independent control of DHCPv4 and
DHCPv6. This change combines with phosphor-network and
phosphor-dbus-interface changes to implement the independent control
capability.
Tested by:
Verified DHCP is able to be enabled for both DHCPv4 and DHCPv6
Verified DHCPv4 can be enabled, and static IPv6 addresses configured
Verified DHCPv6 can be enabled, and static IPv4 addresses configured
Verified DHCP can be disabled for both interfaces
Confirmed enable/disable of UseNTP, UseDNS, and UseHostname
Passes Redfish Service Validator
Change-Id: I449ec096a3c41231c9bc9aa1bf67824982525cec
Signed-off-by: Johnathan Mantey <johnathanx.mantey@intel.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Considering that we use some of the latest features of boost, the code
no longer compiles with older versions. Update the CMakeLists.txt to
reflect that.
Tested: Code compiles. No functional change.
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
Change-Id: I583234523e29087b95bf3e4ca70c4f7dcfed36f6
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This allows logging of drive errors.
Tested:
"DriveError": {
"Description": "Indicates that a Drive Error occurred of the specified type or cause.",
"Message": "Drive Error Occurred: %1.",
"NumberOfArgs": 1,
"ParamTypes": [
"string"
],
"Resolution": "None.",
"Severity": "Warning"
}
Change-Id: Ic97611e26710f57b09a7f89e0470f1277f710d5d
Signed-off-by: James Feist <james.feist@linux.intel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
With introducing Mutual-TLS and option to add multiple certificates
there is a need to give user a possibility to remove them, for example
when they expire. This commit adds implementation of DELETE function
to TLS Certificate node, so each of them can be removed.
Beckend implementation is here:
https://gerrit.openbmc-project.xyz/c/openbmc/phosphor-certificate-manager/+/25268
Tested with uploaded multiple TLS certificates.
Other certificates remains irremovable as they were so far.
Signed-off-by: Zbigniew Kurzynski <zbigniew.kurzynski@intel.com>
Change-Id: I9781c5c79288ec5d080e80e42c63a55e471ddb77
Depends-On: I9dd6fa998e8bd8081fbd13549831bc94a4a7aa54
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Modified doPatch method to populate redfish user update error codes.
Tested:
Tested user updates with below scenarios
1)Provided username is not exist
2)Replace username already user exists
3)Replace Username is NULL/Invalid
4)Replace username is not starting with alphabet
5)Replace username exceeds more than 16 characters
6)Password is not valid for Replace/existing username
Redfish validator test results:
1 failProp errors in /redfish/v1/Systems/system/LogServices/EventLog
1 problemResource errors in /redfish/v1/Systems/system/LogServices/
EventLog/Entries
Counter({'skipOptional': 17887, 'pass': 12133, 'passGet': 1285,
'metadataNamespaces': 1047, 'serviceNamespaces': 69, 'reflink': 9,
'passAction': 7, 'warningPresent': 6, 'optionalAction': 6,
'repeat': 3, 'invalidPropertyValue': 3, 'failErrorPresent': 1,
'err.LogEntryCollection.LogEntryCollection': 1, 'failProp': 1,
'unvalidated': 1, 'problemResource': 1,
'unverifiedComplexAdditional': 1, 'warnTrailingSlashLink': 1})
Validation has failed: 3 problems found
Signed-off-by: jayaprakash Mutyala <mutyalax.jayaprakash@intel.com>
Change-Id: Ibee448c5d5c4f38c5c4cacda757864593f6001fc
|
| |
|
|
|
|
|
|
|
| |
This reverts commit 0ff64dc2cd3a15b4204a477ad2eb5219d66e6110.
Reason for revert: <breaks redfish validator, <edmx:Reference Uri="/redfish/v1/schema/OemAccountService_v1.xml"> but the file name unversioned static/redfish/v1/schema/OemAccountService.xml>
Change-Id: I696dd09bf519e364f5f529a674e047a8eeead578
Signed-off-by: James Feist <james.feist@linux.intel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This adds health to storage based on drive inventory and
updates systems health to include drives.
This also fixes properties that are manditory in drives to
make this patch pass the validator.
Tested:
Validator Passed.
Failed a drive and saw:
{
"@odata.context": "/redfish/v1/$metadata#Storage.Storage",
"@odata.id": "/redfish/v1/Systems/system/Storage/1",
"@odata.type": "#Storage.v1_7_1.Storage",
"Drives": [
{
"@odata.id": "/redfish/v1/Systems/system/Storage/1/Drive/Drive_1"
},
{
"@odata.id": "/redfish/v1/Systems/system/Storage/1/Drive/Drive_2"
},
{
"@odata.id": "/redfish/v1/Systems/system/Storage/1/Drive/Drive_3"
},
{
"@odata.id": "/redfish/v1/Systems/system/Storage/1/Drive/Drive_4"
},
{
"@odata.id": "/redfish/v1/Systems/system/Storage/1/Drive/Drive_5"
},
{
"@odata.id": "/redfish/v1/Systems/system/Storage/1/Drive/Drive_6"
},
{
"@odata.id": "/redfish/v1/Systems/system/Storage/1/Drive/Drive_7"
},
{
"@odata.id": "/redfish/v1/Systems/system/Storage/1/Drive/Drive_8"
}
],
"Drives@odata.count": 8,
"Id": "1",
"Name": "Storage Controller",
"Status": {
"Health": "Warning",
"HealthRollup": "Warning",
"State": "Enabled"
}
}
And In systems:
"Status": {
"Health": "Warning",
"HealthRollup": "Warning",
"State": "Enabled"
},
Change-Id: I7abf042ac51b1fbe9e4ee0b72876e9be96e60b7c
Signed-off-by: James Feist <james.feist@linux.intel.com>
|
