summaryrefslogtreecommitdiffstats
path: root/redfish-core/lib
Commit message (Collapse)AuthorAgeFilesLines
* Add a pid controller size limitJames Feist2020-02-101-0/+33
| | | | | | | | | | | Right now there is no limit, so someone could attack the bmc by adding a very large number of controllers. Create a limit so this isn't possible. Tested: Add / Remove functionality still works Change-Id: Ib408293431250d93b0af71616a1668f6a3d0904a Signed-off-by: James Feist <james.feist@linux.intel.com>
* PID: Don't attempt to delete unknown objectsJames Feist2020-02-101-4/+25
| | | | | | | | | | | | | | | This puts a block in to return early if we are asked to delete something we can't find on D-Bus. This code path was creating a segfault, but theres no reason to continue after we can't find an object we are asked to delete, so we can just avoid it. Also clean up the end iterator dereference so it doesn't happen in any other path. Tested: Segfault goes away Change-Id: I33622e5e8ab09fba0681e4f86f4a7068f6ef0be7 Signed-off-by: James Feist <james.feist@linux.intel.com>
* Update AccountService PrivilegeGunnar Mills2020-02-101-2/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | "GET" should be a "Login" Privilege for the AccountService resource. This makes sense, a "Readonly" and "Operator" user should be able to see properties like MaxPasswordLength and MinPasswordLength since they are allowed to change their own password. This was changed in Redfish 2019.3, redfish issue 1914 explains more. From Redfish_1.0.4_PrivilegeRegistry.json: "Entity": "AccountService", "OperationMap": { "GET": [ { "Privilege": [ "Login" ] } ], "HEAD": [ { "Privilege": [ "Login" ] } ], "PATCH": [ { "Privilege": [ "ConfigureUsers" ] } ], "PUT": [ { "Privilege": [ "ConfigureUsers" ] } ], "DELETE": [ { "Privilege": [ "ConfigureUsers" ] } ], "POST": [ { "Privilege": [ "ConfigureUsers" ] } ] Change-Id: Iab8acbac97a58aed865bf94f665d6c9a32de81dd Tested: Build for Witherspoon and AccountService looks good. Signed-off-by: Gunnar Mills <gmills@us.ibm.com>
* Add Power Supply AttributesGunnar Mills2020-02-071-7/+224
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Map DeratingFactor from PowerSupplyAttributes.interface.yaml to the Redfish property PowerSupply "EfficiencyPercent". Only do this call when the "Power" schema is called. Use the InventoryItem class introduced in adc4f0db57568c5e5d2a3398fce00dbb050a3b72 Tested: Power, Thermal, all look good. Passed the Redfish Validator. "PowerSupplies": [ { "@odata.id": "/redfish/v1/Chassis/chassis/Power#/PowerSupplies/0", "EfficiencyPercent": 90, "IndicatorLED": "Off", "Manufacturer": "", "MemberId": "powersupply0", "Model": "2B1D", "Name": "powersupply0", "PartNumber": "01KL471", "PowerInputWatts": 12.0, "SerialNumber": "71G370", "Status": { "Health": "OK", "State": "Enabled" } }, Change-Id: I344577a7a3d72cd37d5f6bab03edbdce13b9f764 Signed-off-by: Gunnar Mills <gmills@us.ibm.com>
* Move Crashdump to OemCrashdumpGunnar Mills2020-02-071-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | All other Oem Schemas start with Oem. This is used by the update_schemas.py to determine an Oem schema and is a reasonable requirement for Oem schemas. https://github.com/openbmc/bmcweb/blob/a3268f98f308ca7c8660b1ace44d5b9a40be204b/scripts/update_schemas.py#L43 Tested: Ran the validator against this change on a Witherspoon with BMCWEB_ENABLE_REDFISH_CPU_LOG enabled and OemCheck true. Validator passed. Might be worth running on a system that actually uses BMCWEB_ENABLE_REDFISH_CPU_LOG. curl -k https://${bmc}/redfish/v1/Systems/system/LogServices/Crashdump { "@odata.context": "/redfish/v1/$metadata#LogService.LogService", "@odata.id": "/redfish/v1/Systems/system/LogServices/Crashdump", "@odata.type": "#LogService.v1_1_0.LogService", "Actions": { "#LogService.ClearLog": { "target": "/redfish/v1/Systems/system/LogServices/Crashdump/Actions/LogService.ClearLog" }, "Oem": { "#Crashdump.OnDemand": { "target": "/redfish/v1/Systems/system/LogServices/Crashdump/Actions/Oem/Crashdump.OnDemand" } } }, "Description": "Oem Crashdump Service", "Entries": { "@odata.id": "/redfish/v1/Systems/system/LogServices/Crashdump/Entries" }, "Id": "Oem Crashdump", "MaxNumberOfRecords": 3, "Name": "Open BMC Oem Crashdump Service", "OverWritePolicy": "WrapsWhenFull" } Change-Id: Iacc11be1284b99c2ed9a6c2ca0a936bd97855afb Signed-off-by: Gunnar Mills <gmills@us.ibm.com>
* Add support to fetch the 'Updateable' componentsAppaRao Puli2020-02-031-1/+3
| | | | | | | | | | | | | | | | Currently 'Updateable' property value in SoftwareInventory schema is hardcoded. Added support to look through the updateable software associations objects and use it for 'Updateable' Redfish property in SoftwareInventory. Tested: - Checked 'Updateable' Property value for both programmable and non-programmable firmware inventory components and it works as expected. - Ran the Redfish validator and no new issues found. Signed-off-by: AppaRao Puli <apparao.puli@linux.intel.com> Change-Id: Ia24f942f3afe49674ec3628cac0356a5496ef337
* Enhance return value from pamAuthenticateUserJoseph Reynolds2020-01-301-1/+1
| | | | | | | | | | | | | | | | This enhances the return value from the pamAuthenticateUser function so callers can articulate PAM error codes like PAM_NEW_AUTHTOK_REQD which means the credentials are correct, but the password must be changed. Tested: Yes, scenarios via both Redfish login and Basic Auth: - correct username and password, password is not expired - correct username and password, password is expired - correct username and incorrect password, password is not expired - correct username and incorrect password, password is expired - non-existent user (passsword is not relevant) Signed-off-by: Joseph Reynolds <joseph-reynolds@charter.net> Change-Id: I1114d6c9cc591fb0a1853cb4edea32ad22f7b015
* Add OemVirtualMedia schemaPrzemyslaw Czarnowski2020-01-271-4/+7
| | | | | | | | | | | | | | OEM Schema for VirtualMedia added. Also OpenBMC level has been added to OEM field in the code to conform to schema standard. Tested: Manually using full stack of VirtualMedia. * Inserting/ejecting media in both legacy and proxy mode * Redfish Service Validator 1.3.2 ran Change-Id: Iaa87dd767a4bf2062bd4e74dd790a2496aca96de Signed-off-by: Przemyslaw Czarnowski <przemyslaw.hawrylewicz.czarnowski@intel.com>
* InsertMedia and EjectMedia actions added to VirtualMedia schemaPrzemyslaw Czarnowski2020-01-271-1/+376
| | | | | | | | | | | | | | | | | | | | | | | As continuation for VirtualMedia Redfish support, this patch adds insertion and eject actions into existing VirtualMedia code base. Testing: * Manual tests together with nbd proxy and virtual media app - For requests: Postman and/or HTTPie, with logs enabled and Valgrind) - Manual result validation * Tests run: - GET on collection with manual validation - PUT/POST/DELETE on collection - GET on item/nonexistent item - PUT/POST/DELETE on item - GET/PUT/DELETE on action - POST on action - EjectMedia/InsertMedia, legacy mode - POST on action - InsertMedia, proxy mode - POST on action - input validation (empty, invalid URL), legacy mode * Redfish Service Validator tested, no new issues found. Change-Id: Icccc433c1e84bc2ac37d9c295fe72749187fb735 Signed-off-by: Przemyslaw Czarnowski <przemyslaw.hawrylewicz.czarnowski@intel.com>
* Add VirtualMedia schema to RedfishPrzemyslaw Czarnowski2020-01-273-5/+387
| | | | | | | | | | | | | | | | | | | | | | | This change adds VirtualMedia scheme to Redfish. Implementation is based on input from virtual-media module and nbd proxy which is a bmcweb part. The code is used only in case ndb-proxy is supported in bmcweb (BMCWEB_ENABLE_VM_NBDPROXY compilation flag). Tested: * Manual tests together with nbd proxy and virtual media app - For requests: Postman and/or HTTPie, started with logs enabled and Valgrind - Manual result validation * Tests ran: - GET on collection with manual validation - PUT/POST/DELETE on collection - GET on item/nonexistent item - PUT/POST/DELETE on item * Redfish Service Validator tested, no new issues found. Signed-off-by: Przemyslaw Czarnowski <przemyslaw.hawrylewicz.czarnowski@intel.com> Change-Id: I5415dc0ffe52069fd35bc614b0378bbc4ad41ff6
* Changed input data format for Crashdump.SendRawPeciKarthick Sundarrajan2020-01-171-12/+50
| | | | | | | | | | | | | | | At present, the Crashdump.SendRawPeci redfish interface accepts one PECI command at a time. Changed it to accept array of PECI commands through which multiple PECI commands can be aggregated into one redfish call. Also provided backward compatibility for existing single PECI command input format. Tested: Tested by aggregating 1000 PECI commands in one redfish call. Tested by giving single PECI command with the existing format. Change-Id: I05c547438ce9833519807b39347223183bdfb4ed Signed-off-by: Karthick Sundarrajan <karthick.sundarrajan@intel.com>
* only return fw images in FirmwareInventoryAndrew Geissler2020-01-071-2/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Some systems create a xyz.openbmc_project.Software.Version D-bus object for reasons other then storing a FirmwareInventory object. For example the phosphor-logging code can add it to a log to track what level of code was running when a log was created. These should not show up in the Redfish FirmwareInventory API. Tested: Before this change, 3 and 4 correlated to phosphor-logs on system curl -k -H "X-Auth-Token: $TOKEN" -X GET https://${BMC_IP}/redfish/v1/UpdateService/FirmwareInventory/ { "@odata.context": "/redfish/v1/$metadata#SoftwareInventoryCollection.SoftwareInventoryCollection", "@odata.id": "/redfish/v1/UpdateService/FirmwareInventory", "@odata.type": "#SoftwareInventoryCollection.SoftwareInventoryCollection", "Members": [ { "@odata.id": "/redfish/v1/UpdateService/FirmwareInventory/3" }, { "@odata.id": "/redfish/v1/UpdateService/FirmwareInventory/4" }, { "@odata.id": "/redfish/v1/UpdateService/FirmwareInventory/224cd310" }, { "@odata.id": "/redfish/v1/UpdateService/FirmwareInventory/3b296352" }, { "@odata.id": "/redfish/v1/UpdateService/FirmwareInventory/e9b7a436" } ], "Members@odata.count": 5, "Name": "Software Inventory Collection" } After: Verified 3 and 4 were no longer returned in FirmwareInventory curl -k -H "X-Auth-Token: $TOKEN" -X GET https://${BMC_IP}/redfish/v1/UpdateService/FirmwareInventory/ { "@odata.context": "/redfish/v1/$metadata#SoftwareInventoryCollection.SoftwareInventoryCollection", "@odata.id": "/redfish/v1/UpdateService/FirmwareInventory", "@odata.type": "#SoftwareInventoryCollection.SoftwareInventoryCollection", "Members": [ { "@odata.id": "/redfish/v1/UpdateService/FirmwareInventory/224cd310" }, { "@odata.id": "/redfish/v1/UpdateService/FirmwareInventory/2d556644" }, { "@odata.id": "/redfish/v1/UpdateService/FirmwareInventory/7432374c" } ], "Members@odata.count": 3, "Name": "Software Inventory Collection" } Ran Redfish validator and ensured no errors Change-Id: I3e99fe7570b87b83f75918873267fb1587add182 Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
* Add IndicatorLed to Chassis SchemaJames Feist2020-01-073-138/+280
| | | | | | | | | | | This adds the indicator property to Chassis Schema, and moves the logic from systems.hpp to a common header to share the code. Tested: Passed the validator, was able to turn LED on Change-Id: I79458a2a4656d7ddf2939bb9f56845eb6d9a27ca Signed-off-by: James Feist <james.feist@linux.intel.com>
* Redfish: Support health status of firmware inventory objectsCarol Wang2019-12-121-1/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Support health status of firmware inventory objects based on the mapping relationship: [dbus status] [redfish state] [redfish health] Ready Disabled OK Activating Updating OK Active Enabled OK NotReady Disabled Warning Invalid Disabled Warning Failed Disabled Warning Tested: [dbus status] --> [redfish state] --> [redfish health] 1. Ready --> Disabled --> OK $ curl -k -H "X-Auth-Token: $token" https://$bmc/xyz/openbmc_project/software/enumerate { ... "/xyz/openbmc_project/software/9557fe67": { "Activation": "xyz.openbmc_project.Software.Activation.Activations.Ready", ... } $curl -k -H "X-Auth-Token: $token" https://${bmc}/redfish/v1/UpdateService/FirmwareInventory/9557fe67 { "@odata.context": "/redfish/v1/$metadata#SoftwareInventory.SoftwareInventory", "@odata.id": "/redfish/v1/UpdateService/FirmwareInventory/9557fe67", ... "Status": { "Health": "OK", "HealthRollup": "OK", "State": "Disabled" }, ... } 2. Activating --> Updating --> OK $ curl -k -H "X-Auth-Token: $token" https://$bmc/xyz/openbmc_project/software/enumerate { ... "/xyz/openbmc_project/software/9557fe67": { "Activation": "xyz.openbmc_project.Software.Activation.Activations.Activating", ... } $curl -k -H "X-Auth-Token: $token" https://${bmc}/redfish/v1/UpdateService/FirmwareInventory/9557fe67 { "@odata.context": "/redfish/v1/$metadata#SoftwareInventory.SoftwareInventory", "@odata.id": "/redfish/v1/UpdateService/FirmwareInventory/9557fe67", ... "Status": { "Health": "OK", "HealthRollup": "OK", "State": "Updating" }, ... } 3. Active --> Enabled --> OK $ curl -k -H "X-Auth-Token: $token" https://$bmc/xyz/openbmc_project/software/enumerate { "data": { "/xyz/openbmc_project/software/9557fe67": { "Activation": "xyz.openbmc_project.Software.Activation.Activations.Active", ... } $ curl -k -H "X-Auth-Token: $token" https://${bmc}/redfish/v1/UpdateService/FirmwareInventory/9557fe67 { "@odata.context": "/redfish/v1/$metadata#SoftwareInventory.SoftwareInventory", "@odata.id": "/redfish/v1/UpdateService/FirmwareInventory/9557fe67", ... "Status": { "Health": "OK", "HealthRollup": "OK", "State": "Enabled" }, ... } 4. Invalid --> Disabled --> Warning # busctl call xyz.openbmc_project.Software.BMC.Updater /xyz/openbmc_project/software/c0bbba12 \ org.freedesktop.DBus.Properties Set ssv xyz.openbmc_project.Software.Activation Activation s \ xyz.openbmc_project.Software.Activation.Activations.Invalid $ curl -k -H "X-Auth-Token: $token" https://$bmc/xyz/openbmc_project/software/enumerate { ... "/xyz/openbmc_project/software/c0bbba12": { "Activation": "xyz.openbmc_project.Software.Activation.Activations.Invalid", ... } $ curl -k -H "X-Auth-Token: $token" https://${bmc}/redfish/v1/UpdateService/FirmwareInventory/c0bbba12 { "@odata.context": "/redfish/v1/$metadata#SoftwareInventory.SoftwareInventory", "@odata.id": "/redfish/v1/UpdateService/FirmwareInventory/c0bbba12", ... "Status": { "Health": "Warning", "HealthRollup": "OK", "State": "Disabled" }, ... } 5. NotReady --> Disabled --> Warning # busctl call xyz.openbmc_project.Software.BMC.Updater /xyz/openbmc_project/software/c0bbba12 \ org.freedesktop.DBus.Properties Set ssv xyz.openbmc_project.Software.Activation Activation s \ xyz.openbmc_project.Software.Activation.Activations.NotReady $ curl -k -H "X-Auth-Token: $token" https://$bmc/xyz/openbmc_project/software/enumerate { ... "/xyz/openbmc_project/software/c0bbba12": { "Activation": "xyz.openbmc_project.Software.Activation.Activations.NotReady", ... } $ curl -k -H "X-Auth-Token: $token" https://${bmc}/redfish/v1/UpdateService/FirmwareInventory/c0bbba12 { "@odata.context": "/redfish/v1/$metadata#SoftwareInventory.SoftwareInventory", "@odata.id": "/redfish/v1/UpdateService/FirmwareInventory/c0bbba12", ... "Status": { "Health": "Warning", "HealthRollup": "OK", "State": "Disabled" }, ... } 6. Failed --> Disabled --> Warning # busctl call xyz.openbmc_project.Software.BMC.Updater /xyz/openbmc_project/software/c0bbba12 \ org.freedesktop.DBus.Properties Set ssv xyz.openbmc_project.Software.Activation Activation s \ xyz.openbmc_project.Software.Activation.Activations.Failed $ curl -k -H "X-Auth-Token: $token" https://$bmc/xyz/openbmc_project/software/enumerate { ... "/xyz/openbmc_project/software/c0bbba12": { "Activation": "xyz.openbmc_project.Software.Activation.Activations.Failed", ... } $ curl -k -H "X-Auth-Token: $token" https://${bmc}/redfish/v1/UpdateService/FirmwareInventory/c0bbba12 { "@odata.context": "/redfish/v1/$metadata#SoftwareInventory.SoftwareInventory", "@odata.id": "/redfish/v1/UpdateService/FirmwareInventory/c0bbba12", ... "Status": { "Health": "Warning", "HealthRollup": "OK", "State": "Disabled" }, ... } Validator tool result: Counter({'pass': 2992, 'skipOptional': 2470, 'metadataNamespaces': 1605, 'passGet': 189, 'serviceNamespaces': 71, 'invalidPropertyValue': 10, 'warningPresent': 6, 'passAction': 6, 'optionalAction': 5, 'warnDeprecated': 2, 'unverifiedComplexAdditional': 1}) Validation has succeeded. Change-Id: Ic475f56d19c0be01ca7aebf67a3f6814d35bcacd Signed-off-by: Carol Wang <wangkair@cn.ibm.com>
* ProcSummary: Use NothrowJames Feist2019-12-091-7/+21
| | | | | | | | | | Exceptions are compiled out, and json.get throws, change it to get_ptr. Tested: no functional change Change-Id: Ie2db7285b89b45b1fd61d8526561b772c85151b3 Signed-off-by: James Feist <james.feist@linux.intel.com>
* bmcweb: Handle ConfigureSelf privilegeJoseph Reynolds2019-12-062-3/+55
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Enhances BMCWeb to correctly handle the Redfish ConfigureSelf privilege. Redfish document DSP2046 defines the ConfigureSelf privilege as "Can change the password for the current user account and log out of their own sessions." This notion is formalized in the Redfish DSP8011 PrivilegeRegistry where ConfigureSelf appears in three operations: - ManagerAccount (/redfish/v1/AccountService/Accounts/{account}) GET operation. - ManagerAccount (/redfish/v1/AccountService/Accounts/{account}) PATCH Password property override. - Session (/redfish/v1/SessionService/Sessions/{sessionid}) DELETE operation. Tested: Yes, tested the above operations using users with various Roles to determine which operations are allowed. ReadOnly users (privileges: Login, ConfigureSelf): - Can GET their own account. - Can change their password. - Can log out. - Cannot change any other properties of their own account. - Cannot change anyone else's password. - Cannot GET someone else's account. - Cannot log out anyone else. Operator users (privileges: Login, ConfigureComponents, ConfigureSelf): - Same access as a ReadOnly user. Administrator users (all privileges): - Can do everything Operator can do. - Can change one or more properties of their account - Can GET and change properties of someone else's account. - Can logoff any session. Signed-off-by: Joseph Reynolds <joseph-reynolds@charter.net> Change-Id: If8efd71cb9743a59b7c5fe1565804d21e788ea29
* Redfish: Implement ResetBios actionCarol Wang2019-12-052-0/+76
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This action resets the BIOS attributes to default. Tested: GET test: 1. $ curl -k -H "X-Auth-Token: $token" https://${bmc}/redfish/v1/Systems/system { ... "Bios": { "@odata.id": "/redfish/v1/Systems/system/Bios" }, ... } 2. $ curl -k -H "X-Auth-Token: $token" https://${bmc}/redfish/v1/Systems/system/Bios { "@odata.id": "/redfish/v1/Systems/system/Bios", "@odata.type": "#Bios.v1_1_0.Bios", "Actions": { "#Bios.ResetBios": { "target": "/redfish/v1/Systems/system/Bios/Actions/Bios.ResetBios" } }, "Description": "BIOS Configuration Service", "Id": "BIOS", "Name": "BIOS Configuration" } POST test: 1. Change gard list: # ./gard list No GARD entries to display # ./gard create /Sys0/Node0/Proc1/EQ1/EX1/Core0 # ./gard list ID | Error | Type | Path ----------------------------------------------------------------------- 00000001 | 00000000 | Manual | /Sys0/Node0/Proc1/EQ1/EX1/Core0 ======================================================================= 2. Reset bios: # curl -k -H "X-Auth-Token: $token" -X POST https://${bmc}/redfish/v1/Systems/system/Bios/Actions/Bios.ResetBios 3. Check gard list again: # ./gard list No GARD entries to display Validator tool test: Counter({'pass': 3001, 'skipOptional': 2475, 'metadataNamespaces': 1605, 'passGet': 191, 'serviceNamespaces': 72, 'invalidPropertyValue': 10, 'passAction': 7, 'optionalAction': 6, 'warningPresent': 6, 'warnDeprecated': 2, 'unverifiedComplexAdditional': 1}) Validation has succeeded. Signed-off-by: Carol Wang <wangkair@cn.ibm.com> Change-Id: I0cba966bfde04566001b6df07ad15217f627c327
* Redfish: ApplyTime property GET and PATCH supportJayashankar Padath2019-12-041-33/+96
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This change is to GET and PATCH the ApplyTime property using the UpdateServce redfish schema. GET request can be used to check the value before initiating the BMC image upload and activation. PATCH request can be used to update the ApplyTime value. If the ApplyTime value is Immediate, force-reboot.service gets called which reboots the BMC. If the ApplyTime value is OnReset, no force reboot will be triggered and the new BMC image will be functional till the user decideds to reboot the BMC manually. Tested: Changes passed the Redfish-Service-Validator test. Success Scenarios: 1. If the value of ApplyTime is Immediate (GET request) GET https://$bmc/redfish/v1/UpdateService { "@odata.context": "/redfish/v1/$metadata#UpdateService.UpdateService", "@odata.id": "/redfish/v1/UpdateService", "@odata.type": "#UpdateService.v1_2_0.UpdateService", "ApplyTime": "Immediate", "Description": "Service for Software Update", "FirmwareInventory": { "@odata.id": "/redfish/v1/UpdateService/FirmwareInventory" }, "HttpPushUri": "/redfish/v1/UpdateService", "Id": "UpdateService", "Name": "Update Service", "ServiceEnabled": true } 2. PATCH request to change value to OnReset: PATCH -d '{ "HttpPushUriOptions": { "HttpPushUriApplyTime": { "ApplyTime""OnReset"}}}' https://${bmc}/redfish/v1/UpdateService { "@Message.ExtendedInfo": [ { "@odata.type": "/redfish/v1/$metadata#Message.v1_0_0.Message", "Message": "Successfully Completed Request", "MessageArgs": [], "MessageId": "Base.1.4.0.Success", "Resolution": "None", "Severity": "OK" } ] } Error Scenarios: 1. Test by giving wrong HttpPushUriOptions name [Given as "HttpPushUriOptions1"] PATCH -d '{ "HttpPushUriOptions1": { "HttpPushUriApplyTime": { "ApplyTime":"Immediate"}}}' https://${bmc}/redfish/v1/UpdateService { "HttpPushUriOptions1@Message.ExtendedInfo": [ { "@odata.type": "/redfish/v1/$metadata#Message.v1_0_0.Message", "Message": "The property HttpPushUriOptions1 is not in the list of valid properties for the resource.", "MessageArgs": [ "HttpPushUriOptions1" ], "MessageId": "Base.1.4.0.PropertyUnknown", "Resolution": "Remove the unknown property from the request body and resubmit the request if the operation failed.", "Severity": "Warning" } ] } 2. Test by giving wrong HttpPushUriApplyTime name [Given as "HttpPushUriApplyTime1"] PATCH -d '{ "HttpPushUriOptions": { "HttpPushUriApplyTime1": { "ApplyTime:"Immediate"}}}' https://${bmc}/redfish/v1/UpdateService { "HttpPushUriApplyTime1@Message.ExtendedInfo": [ { "@odata.type": "/redfish/v1/$metadata#Message.v1_0_0.Message", "Message": "The property HttpPushUriApplyTime1 is not in the list of valid properties for the resource.", "MessageArgs": [ "HttpPushUriApplyTime1" ], "MessageId": "Base.1.4.0.PropertyUnknown", "Resolution": "Remove the unknown property from the request body and resubmit the request if the operation failed.", "Severity": "Warning" } ] } 3. Test by giving wrong ApplyTime name [Given as "ApplyTime1"] PATCH -d '{ "HttpPushUriOptions": { "HttpPushUriApplyTime": { "ApplyTime1":"Immediate"}}}' https://${bmc}/redfish/v1/UpdateService { "ApplyTime1@Message.ExtendedInfo": [ { "@odata.type": "/redfish/v1/$metadata#Message.v1_0_0.Message", "Message": "The property ApplyTime1 is not in the list of valid properties for the resource.", "MessageArgs": [ "ApplyTime1" ], "MessageId": "Base.1.4.0.PropertyUnknown", "Resolution": "Remove the unknown property from the request body and resubmit the request if the operation failed.", "Severity": "Warning" } ] } 4. Giving wrong ApplyTime value ["Immediat" instead of "Immediate"] PATCH -d '{ "HttpPushUriOptions": { "HttpPushUriApplyTime": { "ApplyTime":"Immediat"}}}' https://${bmc}/redfish/v1/UpdateService { "ApplyTime@Message.ExtendedInfo": [ { "@odata.type": "/redfish/v1/$metadata#Message.v1_0_0.Message", "Message": "The value Immediat for the property ApplyTime is not in the list of acceptable values.", "MessageArgs": [ "Immediat", "ApplyTime" ], "MessageId": "Base.1.4.0.PropertyValueNotInList", "Resolution": "Choose a value from the enumeration list that the implementation can support and resubmit the request if the operation failed.", "Severity": "Warning" } ] } 5. NULL value given for "HttpPushUriOptions" PATCH -d '{ "HttpPushUriOptions": ""}' https://${bmc}/redfish/v1/UpdateSrvice { "HttpPushUriOptions@Message.ExtendedInfo": [ { "@odata.type": "/redfish/v1/$metadata#Message.v1_0_0.Message", "Message": "The value \"\" for the property HttpPushUriOptions is of a different type than the property can accept.", "MessageArgs": [ "\"\"", "HttpPushUriOptions" ], "MessageId": "Base.1.4.0.PropertyValueTypeError", "Resolution": "Correct the value for the property in the request body and resubmit the request if the operation failed.", "Severity": "Warning" } ] } 6. NULL value given for "HttpPushUriApplyTime" PATCH -d '{ "HttpPushUriOptions": { "HttpPushUriApplyTime":""}}' https:/${bmc}/redfish/v1/UpdateService { "HttpPushUriApplyTime@Message.ExtendedInfo": [ { "@odata.type": "/redfish/v1/$metadata#Message.v1_0_0.Message", "Message": "The value \"\" for the property HttpPushUriApplyTime is of a different type than the property can accept.", "MessageArgs": [ "\"\"", "HttpPushUriApplyTime" ], "MessageId": "Base.1.4.0.PropertyValueTypeError", "Resolution": "Correct the value for the property in the request body and resubmit the request if the operation failed.", "Severity": "Warning" } ] } 7. NULL value given for "HttpPushUriApplyTime" PATCH -d '{ "HttpPushUriOptions": { "HttpPushUriApplyTime":{ "ApplyTime":""}}}' https://${bmc}/redfish/v1/UpdateService { "ApplyTime@Message.ExtendedInfo": [ { "@odata.type": "/redfish/v1/$metadata#Message.v1_0_0.Message", "Message": "The value for the property ApplyTime is not in the list of acceptable values.", "MessageArgs": [ "", "ApplyTime" ], "MessageId": "Base.1.4.0.PropertyValueNotInList", "Resolution": "Choose a value from the enumeration list that the implementation can support and resubmit the request if the operation failed.", "Severity": "Warning" } ] } Signed-off-by: Jayashankar Padath <jayashankar.padath@in.ibm.com> Change-Id: Icd01bb6c102c0a24285c79ccf4d41fd5fe53f0ed
* Fix No Total Memory Size IssueCheng C Yang2019-12-032-20/+39
| | | | | | | | | | | | | | | | | | Total Memory in redfish is always 0, fix the problem. Tested: After DC cycle the system. TotalSystemMemoryGiB in Redfish system page should not be zero. "MemorySummary": { "Status": { "State": "Enabled" }, "TotalSystemMemoryGiB": 16 }, Signed-off-by: Cheng C Yang <cheng.c.yang@linux.intel.com> Change-Id: I89ad8ed1cf5f9ca9589db444740167645dab9a6e
* Return no-content instead of waiting for OnDemandJason M. Bills2019-12-021-89/+1
| | | | | | | | | | | | | | | | | | | | | Since an OnDemand crashdump could take some time it may cause the request to time out before the response can be sent. The correct fix for this is to implement the Redfish Task Monitor service to handle all asynchronous tasks. Until then, this change will return 204 (no content) and add the OnDemand log to the Entries list. When Task Monitor is implemented it can return 202 (accepted) with the location of the Task to poll. Tested: Used Postman to trigger the OnDemand action and immediately got a 204 response. Polled the Entries list and saw the OnDemand entry after it was ready. Change-Id: I3e2692ec5d377823072e0d610fa3ca17a9259a37 Signed-off-by: Jason M. Bills <jason.m.bills@linux.intel.com>
* Return 503 instead of 500 when Crashdump is busyJason M. Bills2019-12-021-0/+6
| | | | | | | | | Tested: Used Postman to send the OnDemand action twice and got a 503 with a retry message on the second attempt. Change-Id: I319a6318ee57e504a54b3fdb6894a5aeb43af203 Signed-off-by: Jason M. Bills <jason.m.bills@linux.intel.com>
* Return a 404 instead of 500 for invalid Crashdump URIsJason M. Bills2019-12-021-1/+10
| | | | | | | | | Tested: Used a browser to request an invalid Crashdump URI and got a 404 with a resource not found error. Change-Id: Idcac7868bb1f3b4c0248926b46be2cf4fce05328 Signed-off-by: Jason M. Bills <jason.m.bills@linux.intel.com>
* Add "Retry-After" header for temporarily unavailable messagesJason M. Bills2019-12-023-3/+0
| | | | | | | | | | | | | Whenever the Redfish response is that a service is temporarily unavailable, the "Retry-After" header is added with the same value, so just set the header automatically with the response. Tested: Confirmed that the "Retry-After" header is set correctly with the Redfish temporarily unavailable message. Change-Id: I9c940be94d9d284b9633c5caa2ce71ade76d22d5 Signed-off-by: Jason M. Bills <jason.m.bills@linux.intel.com>
* Remove error for empty subtree responseJames Feist2019-11-271-1/+1
| | | | | | | This interface doesn't have to exist Change-Id: If0ea4e3c201c80c25e825f64ba3601685ef9ed95 Signed-off-by: James Feist <james.feist@linux.intel.com>
* Storage: Add Storage ControllerJames Feist2019-11-272-21/+174
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This adds support for Storage Controllers. Tested: Validator passed { "@odata.context": "/redfish/v1/$metadata#Storage.Storage", "@odata.id": "/redfish/v1/Systems/system/Storage/1", "@odata.type": "#Storage.v1_7_1.Storage", "Drives": [ { "@odata.id": "/redfish/v1/Systems/system/Storage/1/Drives/Drive_1" }, { "@odata.id": "/redfish/v1/Systems/system/Storage/1/Drives/Drive_2" }, { "@odata.id": "/redfish/v1/Systems/system/Storage/1/Drives/Drive_3" }, { "@odata.id": "/redfish/v1/Systems/system/Storage/1/Drives/Drive_4" }, { "@odata.id": "/redfish/v1/Systems/system/Storage/1/Drives/Drive_5" }, { "@odata.id": "/redfish/v1/Systems/system/Storage/1/Drives/Drive_6" }, { "@odata.id": "/redfish/v1/Systems/system/Storage/1/Drives/Drive_7" }, { "@odata.id": "/redfish/v1/Systems/system/Storage/1/Drives/Drive_8" } ], "Drives@odata.count": 8, "Id": "1", "Name": "Storage Controller", "Status": { "Health": "OK", "HealthRollup": "OK", "State": "Enabled" }, "StorageControllers": [ { "@odata.context": "/redfish/v1/$metadata#Storage.StorageController", "@odata.id": "/redfish/v1/Systems/system/Storage/1#/StorageControllers/0", "@odata.type": "#Storage.v1_7_0.StorageController", "Manufacturer": "$BOARD_MANUFACTURER", "MemberId": "HSBP_1", "Model": "$BOARD_PRODUCT_NAME", "Name": "HSBP_1", "PartNumber": "$BOARD_PART_NUMBER", "SerialNumber": "$BOARD_SERIAL_NUMBER", "Status": { "Health": "OK", "HealthRollup": "OK", "State": "Enabled" } } ] } Change-Id: I9d956343daa74ddfa912e3cbe0d38b0e42a4859f Signed-off-by: James Feist <james.feist@linux.intel.com>
* Health: Allow populate to only be called onceJames Feist2019-11-251-0/+6
| | | | | | | | | | | | Populate does a mapper call and a get managed objects and should only be called once. Enforce it. Tested: No actual change, it is currently never called twice, this is just for future protection with multiple async calls. Change-Id: I8fb9d8d19b2aa2a1c957a0ac8b609adf5e6ba6d0 Signed-off-by: James Feist <james.feist@linux.intel.com>
* Fix extracting certificate idIwona Klimaszewska2019-11-211-7/+6
| | | | | | | | | | | | | std::strtol() expects null-terminated string. This means that passing string_view.data() to it may cause undefined behaviour. Let's fix it by using boost::convert instead. Tested: Manually by sending valid requests and looking for empty responses. Change-Id: I319277551b5e85586783afdc8c86e4a7d8db876e Signed-off-by: Iwona Klimaszewska <iwona.klimaszewska@intel.com>
* Redfish: Set the power capCarol Wang2019-11-193-69/+241
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Set the PowerCap with redfish patch. Tested: Case 1: PowerCapEnable is false $ curl -k -H "X-Auth-Token: $token" -X PUT -d '{"data":false}' https://$bmc/xyz/openbmc_project/control/host0/power_cap/attr/PowerCapEnable $ curl -k -H "X-Auth-Token: $token"https://${bmc}/redfish/v1/Chassis/chassis/Power { "@odata.context": "/redfish/v1/$metadata#Power.Power", "@odata.id": "/redfish/v1/Chassis/chassis/Power", "@odata.type": "#Power.v1_5_2.Power", "Id": "Power", "Name": "Power", "PowerControl": [ { "@odata.id": "/redfish/v1/Chassis/chassis/Power#/PowerControl/0", "@odata.type": "#Power.v1_0_0.PowerControl", "MemberId": "0", "Name": "Chassis Power Control", "PowerLimit": { "LimitInWatts": null } } ], ... } $curl -k -H "X-Auth-Token: $token" https://${bmc}/redfish/v1/Chassis/chassis/Power -X PATCH -d '{"PowerControl":[{"PowerLimit":{"LimitInWatts":2004}}]}' { "error": { "@Message.ExtendedInfo": [ { "@odata.type": "/redfish/v1/$metadata#Message.v1_0_0.Message", "Message": "PowerCapEnable is false, can't set the PowerCap.", "MessageArgs": [], "MessageId": "Base.1.4.0.UnableToSetPowerCap", "Resolution": "Set PowerCapEnable to be true before setting PowerCap.", "Severity": "Warning" } ], "code": "Base.1.4.0.UnableToSetPowerCap", "message": "PowerCapEnable is false, can't set the PowerCap." } } Case 2: PowerCapEnable is true, PowerControl json only $ curl -k -H "X-Auth-Token: $token" -X PUT -d '{"data":true}' https://$bmc/xyz/openbmc_project/control/host0/power_cap/attr/PowerCapEnable $ curl -k -H "X-Auth-Token: $token"https://${bmc}/redfish/v1/Chassis/chassis/Power { "@odata.context": "/redfish/v1/$metadata#Power.Power", "@odata.id": "/redfish/v1/Chassis/chassis/Power", "@odata.type": "#Power.v1_5_2.Power", "Id": "Power", "Name": "Power", "PowerControl": [ { "@odata.id": "/redfish/v1/Chassis/chassis/Power#/PowerControl/0", "@odata.type": "#Power.v1_0_0.PowerControl", "MemberId": "0", "Name": "Chassis Power Control", "PowerLimit": { "LimitInWatts": 2001.0 } } ], ... } $ curl -k -H "X-Auth-Token: $token"https://${bmc}/redfish/v1/Chassis/chassis/Power -X PATCH -d '{"PowerControl":[{"PowerLimit":{"LimitInWatts":2004}}]}' -v ... < HTTP/1.1 204 No Content ... $ curl -k -H "X-Auth-Token: $token" https://${bmc}/redfish/v1/Chassis/chassis/Power { "@odata.context": "/redfish/v1/$metadata#Power.Power", "@odata.id": "/redfish/v1/Chassis/chassis/Power", "@odata.type": "#Power.v1_5_2.Power", "Id": "Power", "Name": "Power", "PowerControl": [ { "@odata.id": "/redfish/v1/Chassis/chassis/Power#/PowerControl/0", "@odata.type": "#Power.v1_0_0.PowerControl", "MemberId": "0", "Name": "Chassis Power Control", "PowerLimit": { "LimitInWatts": 2004.0 } } ], ... } Case 3: PowerCapEnable is true, PowerControl and Voltages json $ curl -k -H "X-Auth-Token: $token" https://${bmc}/redfish/v1/Chassis/chassis/Power -X PATCH -d '{"PowerControl":[{"PowerLimit"{"LimitInWatts":2001}}], "Voltages": [{"MemberId" : "p0_vcs_voltage", "ReadingVolts":8}]}' -v ... < HTTP/1.1 204 No Content ... Case 4: Wrong chassis path $ curl -k -H "X-Auth-Token: $token" https://${bmc}/redfish/v1/Chassis/chassi/Power -X PATCH -d '{"PowerControl":[{"PowerLimit":{"LimitInWatts":2001}}]}' { "error": { "@Message.ExtendedInfo": [ { "@odata.type": "/redfish/v1/$metadata#Message.v1_0_0.Message", "Message": "The requested resource of type Chassis named chassi was not found.", "MessageArgs": [ "Chassis", "chassi" ], "MessageId": "Base.1.4.0.ResourceNotFound", "Resolution": "Provide a valid resource identifier and resubmit the request.", "Severity": "Critical" } ], "code": "Base.1.4.0.ResourceNotFound", "message": "The requested resource of type Chassis named chassi was not found." } } Signed-off-by: Carol Wang <wangkair@cn.ibm.com> Change-Id: Ifabdf053005b31cf3e3539009a1ec20ce4d46d5b
* bmcweb: Add IndicatorLED property to sensorsAnthony Wilson2019-11-181-6/+321
| | | | | | | | | | | Added support for the IndicatorLED property for physical leds associated with Thermal and Power sensors. Testing: Verified output on a witherspoon. No new errors in redfish validation. Change-Id: I4e49b3c1769742e49f57c6c1b77a82511cdc8b99 Signed-off-by: Anthony Wilson <wilsonan@us.ibm.com>
* Fix for IndicatorLED if blinking object not foundAppaRao Puli2019-11-181-58/+57
| | | | | | | | | | | | | | | | | | Currently some systems doesn't have enclosure_identity_blink object for supporting blinking feature which are leading to systems/system uri failing with 500 error. Corrected the code to make enclosure_identity_blink object get/set as optional. Tested: Tested IndicatorLED for all 3 cases and it works fine. Simulated case to not have enclosure_identity_blink object and teste all 3 InidicatorLED value set and get. Ran the redfish validator with success results. Change-Id: I310fb71269aae6d36ea025556ad3b1d87b0acb39 Signed-off-by: AppaRao Puli <apparao.puli@linux.intel.com> Signed-off-by: James Feist <james.feist@linux.intel.com>
* IndicatorLED get and set supportAppaRao Puli2019-11-141-104/+111
| | | | | | | | | | | | | | | | Updated get and set of IndicatorLED state to use the correct d-bus service. Added code to support LED blinking state. Tested: - Using PATCH method on below URI, changed "IndicatorLed" to multiple states like 'Lit', 'Off', 'Blinking' and verified correct response using GET method. URI: /redfish/v1/Systems/system - Ran the Redfish validator and no new issues observed. Change-Id: I40f103b1cb0190c48605f60bfca39ba1d20a28ec Signed-off-by: AppaRao Puli <apparao.puli@linux.intel.com>
* TLS method configurationZbigniew Kurzynski2019-11-121-2/+10
| | | | | | | | | | | | | | User is now able to turn on and off the TLS authentication method. Tested: No regression found in manual testing. By default everything works as before, and disabling TLS method prevents user to authenticate by it. Tested with Redfish Service Validator, version 1.2.8 Signed-off-by: Zbigniew Kurzynski <zbigniew.kurzynski@intel.com> Change-Id: Ib7be1af659db568caa7e5b97e3844617586d7754
* account_service: Added NoAccess role to Redfishjayaprakash Mutyala2019-11-122-0/+16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Added NoAccess role to the Redfish, to properly show users created using IPMI with NoAccess privilege. This patch will add NoAccess role & will use the same when the user privilege is empty. Note: This code was reverted due to redfish validator failure and the same has been fixed in this patch, by creating proper json array empty object. Tested: 1. Verified redfish validator passed and the earlier issue of failNullCollection for the NoAccess role is resolved. 2. Verified NoAccess role is listed properly Get: https://<BMC IP>/redfish/v1/AccountService/Roles/NoAccess { "@odata.context": "/redfish/v1/$metadata#Role.Role", "@odata.id": "/redfish/v1/AccountService/Roles/NoAccess", "@odata.type": "#Role.v1_2_2.Role", "AssignedPrivileges": [], "Description": "NoAccess User Role", "Id": "NoAccess", "IsPredefined": true, "Name": "User Role", "OemPrivileges": [], "RoleId": "NoAccess" } 3. Verified user with No Privilege is listed without any error. Get: https://<BMC IP>/redfish/v1/AccountService/Accounts/user6 { "@odata.context": "/redfish/v1/$metadata#ManagerAccount. ManagerAccount", "@odata.id": "/redfish/v1/AccountService/Accounts/user6", "@odata.type": "#ManagerAccount.v1_0_3.ManagerAccount", "Description": "User Account", "Enabled": false, "Id": "user6", "Links": { "Role": { "@odata.id": "/redfish/v1/AccountService/Roles/NoAccess" } }, "Locked": false, "Locked@Redfish.AllowableValues": [ "false" ], "Name": "User Account", "Password": null, "RoleId": "NoAccess", "UserName": "user6" } Change-Id: If9577598e0a6215cf76f5db031ad5f8bcf2387a7 Signed-off-by: jayaprakash Mutyala <mutyalax.jayaprakash@intel.com> Signed-off-by: Richard Marian Thomaiyar <richard.marian.thomaiyar@linux.intel.com>
* Replace all uses of NULL with nullptrEd Tanous2019-11-112-3/+3
| | | | | | | | | | This was an automatic change made by clang-tidy. It moves all uses of NULL to nullptr, which are equivalent, but nullptr is prefered. Tested: Code compiles. Signed-off-by: Ed Tanous <ed.tanous@intel.com> Change-Id: I9526599b222693c9723a69934b599c7a5b5d1fbf
* Remove priv-callback support from bmcwebRichard Marian Thomaiyar2019-11-092-16/+0
| | | | | | | | | | | | | | | priv-callback is valid only for IPMI modem callback, which was never used, and it's decided to deprecate the same https://gerrit.openbmc-project.xyz/#/c/openbmc/docs/+/26839/ Removing the support in redfish now. Tested: 1. Verified callback role was not in list in Get of https://<BMC IP>/redfish/v1/AccountService/Roles/ 2. Redfish validator passed for this change. Change-Id: Ia16fb584a07bbdf29197cd5dd54e7a9682627c19 Signed-off-by: Richard Marian Thomaiyar <richard.marian.thomaiyar@linux.intel.com>
* Revert "account_service: Added NoAccess role to Redfish"James Feist2019-11-082-16/+0
| | | | | | | | | This reverts commit 27c10d2ee746b85e9463efb0fc6773c209b2f5ba. Reason for revert: <Makes the validator fail> Change-Id: I379d9eda57416476ff1cc17e594c55dedd0bc4eb Signed-off-by: James Feist <james.feist@linux.intel.com>
* account_service: Added NoAccess role to Redfishjayaprakash Mutyala2019-11-082-0/+16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Issue: With IPMI command- If New user created, by defualt created with "NO ACCESS" Channel priv Limit. But same role is not populating from Redfish. This test can be done only with below patch being merged. https://gerrit.openbmc-project.xyz/#/c/openbmc/phosphor-user-manager/ +/24784/ Tested: Added "NoAccess" Role to Redfish(if Channel privilege Limit is empty in userlist). Below is Snapshot from Redfish: Get: https://<BMC IP>/redfish/v1/AccountService/Roles/NoAccess { "@odata.context": "/redfish/v1/$metadata#Role.Role", "@odata.id": "/redfish/v1/AccountService/Roles/NoAccess", "@odata.type": "#Role.v1_2_2.Role", "AssignedPrivileges": null, "Description": "NoAccess User Role", "Id": "NoAccess", "IsPredefined": true, "Name": "User Role", "OemPrivileges": [], "RoleId": "NoAccess" } Get: https://<BMC IP>/redfish/v1/AccountService/Accounts/user6 { "@odata.context": "/redfish/v1/$metadata#ManagerAccount. ManagerAccount", "@odata.id": "/redfish/v1/AccountService/Accounts/user6", "@odata.type": "#ManagerAccount.v1_0_3.ManagerAccount", "Description": "User Account", "Enabled": false, "Id": "user6", "Links": { "Role": { "@odata.id": "/redfish/v1/AccountService/Roles/NoAccess" } }, "Locked": false, "Locked@Redfish.AllowableValues": [ "false" ], "Name": "User Account", "Password": null, "RoleId": "NoAccess", "UserName": "user6" } Redfish validator test results: Counter({'skipOptional': 31791, 'pass': 22397, 'passGet': 2293, 'metadataNamespaces': 1047, 'warningPresent': 70, 'serviceNamespaces': 68, 'invalidPropertyValue': 67, 'err.LogEntry.v1_0_0.EventSeverity': 64, 'failProp': 64, 'repeat': 14, 'reflink': 9, 'passAction': 7, 'optionalAction': 6, 'failErrorPresent': 1, 'unverifiedComplexAdditional': 1, 'warnTrailingSlashLink': 1}) Validation has failed: 65 problems found Signed-off-by: jayaprakash Mutyala <mutyalax.jayaprakash@intel.com> Change-Id: Ibc74e2fe4519ec6160dd516893d5e542feeabb0d
* Update NetworkProtocol servicesAppaRao Puli2019-11-071-39/+39
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Updated the NetworkProtocol GET method code to lookup the service names and socket paths directly fetched from System control ListenSockets. Tested: - Performed GET on NetworkProtocol URI and validated all responses. - Stopped services(ssh) and validated Enabled status. - Successfully ran Redfish validator without any issues. URI: /redfish/v1/Managers/bmc/NetworkProtocol Response: ............ "IPMI": { "Port": 623, "ProtocolEnabled": true }, "HTTPS": { ..... "Port": 443, "ProtocolEnabled": true }, "SSH": { "Port": 22, "ProtocolEnabled": true }, .......... Change-Id: I047910d3e6430a2779b3803a0f1e836104e2bda3 Signed-off-by: AppaRao Puli <apparao.puli@linux.intel.com>
* account_service:redfish user creation err handlinganil kumar appana2019-11-071-9/+9
| | | | | | | | | | | | | | | | | | | Modified POST method to handle redfish user creation error codes. Tested: Tested user creation with below test cases 1)Already user exists 2)Max users reached 3)Username is NULL 4)Username is not starting with alphabet 5)Username exceed more than 16 characters 6)Invalid Password Redfish validator test results: Passed Signed-off-by: anil kumar appana <anil.kumarx.appana@intel.com> Change-Id: I58361ddd4dfd067802f805f9d870b2bc1692ea1d
* Auth methods configurationZbigniew Kurzynski2019-11-071-8/+101
| | | | | | | | | | | | | | | | | | | | | | | | | | Added Oem extension for AccountService allowing user to configure which authentication methods should be enabled. User is now able to turn on and off authentication methods like BasicAuth, XToken, etc. User is not allowed to turn off all of the methods at once - at least one method has to be active to prevent lock-out. This configuration is persistent, will be saved on file-system and will be loaded on bmcweb's restart. Tested: No regression found in manual testing. By default everything works as before, and disabling auth method prevents user to authenticate by it. Tested that user is not allowed to disable all the methods - either in one PATCH or by disabling them one at a time. ServiceValidator run with success. This change is a fix for this request: https://gerrit.openbmc-project.xyz/c/openbmc/bmcweb/+/23590/18 which was revert here: https://gerrit.openbmc-project.xyz/c/openbmc/bmcweb/+/26869 Signed-off-by: Zbigniew Kurzynski <zbigniew.kurzynski@intel.com> Change-Id: I66b5ad423746f1992070a14f2983a07b1320190e
* Redfish: Implement DHCPv4 and DHCPv6 handlingJohnathan Mantey2019-11-061-95/+256
| | | | | | | | | | | | | | | | | | The Redfish DHCP handling has independent control of DHCPv4 and DHCPv6. This change combines with phosphor-network and phosphor-dbus-interface changes to implement the independent control capability. Tested by: Verified DHCP is able to be enabled for both DHCPv4 and DHCPv6 Verified DHCPv4 can be enabled, and static IPv6 addresses configured Verified DHCPv6 can be enabled, and static IPv4 addresses configured Verified DHCP can be disabled for both interfaces Confirmed enable/disable of UseNTP, UseDNS, and UseHostname Passes Redfish Service Validator Change-Id: I449ec096a3c41231c9bc9aa1bf67824982525cec Signed-off-by: Johnathan Mantey <johnathanx.mantey@intel.com>
* Certificate delete API – middlewareZbigniew Kurzynski2019-11-061-0/+42
| | | | | | | | | | | | | | | | | With introducing Mutual-TLS and option to add multiple certificates there is a need to give user a possibility to remove them, for example when they expire. This commit adds implementation of DELETE function to TLS Certificate node, so each of them can be removed. Beckend implementation is here: https://gerrit.openbmc-project.xyz/c/openbmc/phosphor-certificate-manager/+/25268 Tested with uploaded multiple TLS certificates. Other certificates remains irremovable as they were so far. Signed-off-by: Zbigniew Kurzynski <zbigniew.kurzynski@intel.com> Change-Id: I9781c5c79288ec5d080e80e42c63a55e471ddb77 Depends-On: I9dd6fa998e8bd8081fbd13549831bc94a4a7aa54
* account_service: redfish user Patch error handlingjayaprakash Mutyala2019-11-051-21/+88
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | Modified doPatch method to populate redfish user update error codes. Tested: Tested user updates with below scenarios 1)Provided username is not exist 2)Replace username already user exists 3)Replace Username is NULL/Invalid 4)Replace username is not starting with alphabet 5)Replace username exceeds more than 16 characters 6)Password is not valid for Replace/existing username Redfish validator test results: 1 failProp errors in /redfish/v1/Systems/system/LogServices/EventLog 1 problemResource errors in /redfish/v1/Systems/system/LogServices/ EventLog/Entries Counter({'skipOptional': 17887, 'pass': 12133, 'passGet': 1285, 'metadataNamespaces': 1047, 'serviceNamespaces': 69, 'reflink': 9, 'passAction': 7, 'warningPresent': 6, 'optionalAction': 6, 'repeat': 3, 'invalidPropertyValue': 3, 'failErrorPresent': 1, 'err.LogEntryCollection.LogEntryCollection': 1, 'failProp': 1, 'unvalidated': 1, 'problemResource': 1, 'unverifiedComplexAdditional': 1, 'warnTrailingSlashLink': 1}) Validation has failed: 3 problems found Signed-off-by: jayaprakash Mutyala <mutyalax.jayaprakash@intel.com> Change-Id: Ibee448c5d5c4f38c5c4cacda757864593f6001fc
* Revert "Auth methods configuration"James Feist2019-11-041-101/+8
| | | | | | | | | This reverts commit 0ff64dc2cd3a15b4204a477ad2eb5219d66e6110. Reason for revert: <breaks redfish validator, <edmx:Reference Uri="/redfish/v1/schema/OemAccountService_v1.xml"> but the file name unversioned static/redfish/v1/schema/OemAccountService.xml> Change-Id: I696dd09bf519e364f5f529a674e047a8eeead578 Signed-off-by: James Feist <james.feist@linux.intel.com>
* Add Storage Health & Update Systems HealthJames Feist2019-11-042-32/+38
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This adds health to storage based on drive inventory and updates systems health to include drives. This also fixes properties that are manditory in drives to make this patch pass the validator. Tested: Validator Passed. Failed a drive and saw: { "@odata.context": "/redfish/v1/$metadata#Storage.Storage", "@odata.id": "/redfish/v1/Systems/system/Storage/1", "@odata.type": "#Storage.v1_7_1.Storage", "Drives": [ { "@odata.id": "/redfish/v1/Systems/system/Storage/1/Drive/Drive_1" }, { "@odata.id": "/redfish/v1/Systems/system/Storage/1/Drive/Drive_2" }, { "@odata.id": "/redfish/v1/Systems/system/Storage/1/Drive/Drive_3" }, { "@odata.id": "/redfish/v1/Systems/system/Storage/1/Drive/Drive_4" }, { "@odata.id": "/redfish/v1/Systems/system/Storage/1/Drive/Drive_5" }, { "@odata.id": "/redfish/v1/Systems/system/Storage/1/Drive/Drive_6" }, { "@odata.id": "/redfish/v1/Systems/system/Storage/1/Drive/Drive_7" }, { "@odata.id": "/redfish/v1/Systems/system/Storage/1/Drive/Drive_8" } ], "Drives@odata.count": 8, "Id": "1", "Name": "Storage Controller", "Status": { "Health": "Warning", "HealthRollup": "Warning", "State": "Enabled" } } And In systems: "Status": { "Health": "Warning", "HealthRollup": "Warning", "State": "Enabled" }, Change-Id: I7abf042ac51b1fbe9e4ee0b72876e9be96e60b7c Signed-off-by: James Feist <james.feist@linux.intel.com>
* storage: s/Drive/DrivesJames Feist2019-11-011-3/+3
| | | | | | | | | | | The link was wrong, fix it. Tested: Navigated to a drive using new path, and it worked. Change-Id: Ie008efef23f4a7a17bfc0c3f74a4deac87e0d94c Signed-off-by: James Feist <james.feist@linux.intel.com>
* Auth methods configurationKowalski, Kamil2019-10-311-8/+101
| | | | | | | | | | | | | | | | | | | | | Added Oem extension for AccountService allowing user to configure which authentication methods should be enabled. User is now able to turn on and off authentication methods like BasicAuth, XToken, etc. User is not allowed to turn off all of the methods at once - at least one method has to be active to prevent lock-out. This configuration is persistent, will be saved on file-system and will be loaded on bmcweb's restart. Tested: No regression found in manual testing. By default everything works as before, and disabling auth method prevents user to authenticate by it. Tested that user is not allowed to disable all the methods - either in one PATCH or by disabling them one at a time. ServiceValidator run with success. Change-Id: I3a775d783ac05998d17b8e91800962bffd8cab52 Signed-off-by: Kowalski, Kamil <kamil.kowalski@intel.com> Signed-off-by: Zbigniew Kurzynski <zbigniew.kurzynski@intel.com>
* Redfish: Fix System IndicatorLEDCarol Wang2019-10-311-65/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | xyz.openbmc_project.LED.Controller.identify does not exist in all systems. Checking LED group enclosure_identify is generic and is expected to indicate the Indicator LED state. Remove LED physical identify related code to make it generic for all systems. Tested: $curl -k -H "X-Auth-Token: $token" -d "{\"data\": true}" -X PUT https://${bmc}/xyz/openbmc_project/led/groups/enclosure_identify/attr/Asserted { "data": null, "message": "200 OK", "status": "ok" } $ curl -k -H "X-Auth-Token: $token" X GET https://${bmc}/redfish/v1/Systems/system { "@odata.context": "/redfish/v1/$metadata#ComputerSystem.ComputerSystem", "@odata.id": "/redfish/v1/Systems/system", "@odata.type": "#ComputerSystem.v1_6_0.ComputerSystem", "Actions": { "#ComputerSystem.Reset": { "ResetType@Redfish.AllowableValues": [ "On", "ForceOff", "ForceOn", "ForceRestart", "GracefulRestart", "GracefulShutdown", "PowerCycle", "Nmi" ], "target": "/redfish/v1/Systems/system/Actions/ComputerSystem.Reset" } }, "AssetTag": "", "BiosVersion": "open-power-witherspoon-v2.3-rc2-390-g8db7a9e", "Boot": { "BootSourceOverrideEnabled": "Disabled", "BootSourceOverrideMode": "Legacy", "BootSourceOverrideTarget": "None", "BootSourceOverrideTarget@Redfish.AllowableValues": [ "None", "Pxe", "Hdd", "Cd", "Diags", "BiosSetup", "Usb" ] }, "Description": "Computer System", "Id": "1069A8T ", "IndicatorLED": "On", "Links": { "Chassis": [ { "@odata.id": "/redfish/v1/Chassis/chassis" } ], "ManagedBy": [ { "@odata.id": "/redfish/v1/Managers/bmc" } ] }, "LogServices": { "@odata.id": "/redfish/v1/Systems/system/LogServices" }, "Manufacturer": "", "Memory": { "@odata.id": "/redfish/v1/Systems/system/Memory" }, "MemorySummary": { "Status": { "State": "Enabled" }, "TotalSystemMemoryGiB": 0 }, "Model": "8286-42B ", "Name": "system", "PartNumber": "", "PowerState": "Off", "ProcessorSummary": { "Count": 2, "Status": { "State": "Enabled" } }, "Processors": { "@odata.id": "/redfish/v1/Systems/system/Processors" }, "SerialNumber": "1069A8T ", "Status": { "Health": "OK", "HealthRollup": "OK", "State": "Disabled" }, "SystemType": "Physical" } The result of redfish Validator tool: Counter Optional': 2480, 'metadataNamespaces': 1602, 'passGet': 191, 'serviceNamespaces': 69, 'invalidPropertyValue': 10, 'warningPresent': 6, 'passAction': 6, 'optionalAction': 5, 'warnDeprecated': 2, 'unverifiedComplexAdditional': 1}) Validation has succeeded. Change-Id: Ie4b7931404fd072df4c6f215656436f07d3e4cde Signed-off-by: Carol Wang <wangkair@cn.ibm.com>
* Added OemComputerSystems and properties for provisioningAppaRao Puli2019-10-301-0/+71
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - Added OemComputerSystems Schema for provisioning properties - Added "ProvisioningStatus" Oem property with EnumType 1) NotProvisioned 2) ProvisionedButNotLocked 3) ProvisionedAndLocked Intel secures platform firmware components using Intel PFR mechanism. This may differ for other Oem's(non-intel platforms) but the properties like Provisioned, Locked states should be of generic as per NIST SP 800-193. Added build time flag to enable/disable PFR supported platforms. Tested: - By default provisioning feature is OFF, using GET method on below URI verified Oem Property and observed no such property. This is default behaviour on upstream. URI: /redfish/v1/Systems/system Response: No "Oem" property. - Enabled provisioning feature in Intel platforms and Verified using Systems URI. Ran the redfish validator tool and no new issues found due to this change. URI: /redfish/v1/Systems/system RESPONSE: ..... "Oem": { "OpenBmc": { "FirmwareProvisioning": { "ProvisioningStatus": "NotProvisioned" } } } ..... Signed-off-by: AppaRao Puli <apparao.puli@linux.intel.com> Change-Id: I674e6075263f4fa2962637d3add47393a1ff0c0b
* Modernize: use emplace instead of push_backEd Tanous2019-10-291-2/+2
| | | | | | | | | | We had a couple uses of push_back in the code that could be made more efficient with emplace(). Use them instead. Tested: No functional change. Needs tested. Signed-off-by: Ed Tanous <ed.tanous@intel.com> Change-Id: I417601e416b1d0be989617a372978d52670135d8
OpenPOWER on IntegriCloud