Add interface to assign privilege to groups

This interface will be implemented to assign privilege roles to
groups. The privilege roles will be assigned to groups
and the user accounts which are part of the group will inherit
the privilege role.

Change-Id: I2326de5f7f3e6e92c2a0d7648a5677b33a0b1db0
Signed-off-by: Tom Joseph <tomjoseph@in.ibm.com>

3 files changed, 61 insertions, 0 deletions

diff --git a/xyz/openbmc_project/User/Common.errors.yaml b/xyz/openbmc_project/User/Common.errors.yaml
index ccca302..2bcfb38 100644
--- a/xyz/openbmc_project/User/Common.errors.yaml
+++ b/xyz/openbmc_project/User/Common.errors.yaml
@@ -13,3 +13,6 @@
 # xyz.openbmc_project.User.Common.Error.NoResource
 - name: NoResource
   description: No resource available.
+# xyz.openbmc_project.User.Common.Error.PrivilegeMappingExists
+- name: PrivilegeMappingExists
+  description: Specified privilege mapping already exists.
\ No newline at end of file
diff --git a/xyz/openbmc_project/User/PrivilegeMapper.interface.yaml b/xyz/openbmc_project/User/PrivilegeMapper.interface.yaml
new file mode 100644
index 0000000..5b4f511
--- /dev/null
+++ b/xyz/openbmc_project/User/PrivilegeMapper.interface.yaml
@@ -0,0 +1,41 @@
+description: >
+    Implement this interface to set the privilege of the user based on the
+    group name. The users in the group will inherit the privilege mapping of
+    the group. The Create method on success creates the object which implements
+    xyz.openbmc_project.User.PrivilegeMapperEntry. For example in the case of
+    LDAP, the object path will be /xyz/openbmc_project/user/ldap/<GroupName>.
+    If the privilege mapping already exists then it throws the exception
+    xyz.openbmc_project.User.Common.Error.PrivilegeMappingExists. To modify the
+    privilege for a mapping which already exists, the Privilege property in the
+    xyz.openbmc_project.User.PrivilegeMapperEntry interface needs to be set.
+
+methods:
+    - name: Create
+      description: >
+          Creates a mapping for the group to the privilege.
+      parameters:
+        - name: GroupName
+          type: string
+          description: >
+              Group Name to which the privilege is to be assigned. In the case
+              of LDAP, the GroupName will be the LDAP group the user is part
+              of.
+        - name: Privilege
+          type: string
+          description: >
+              The privilege associated with the group. The set of available
+              privileges are xyz.openbmc_project.User.Manager.AllPrivileges.
+              xyz.openbmc_project.Common.Error.InvalidArgument exception will
+              be thrown if the privilege is invalid. Additional documentation
+              on privilege is available here.
+              https://github.com/openbmc/docs/blob/master/user_management.md
+      returns:
+        - name: Path
+          type: string
+          description: >
+            The path for the created privilege mapping object.
+
+      errors:
+          - xyz.openbmc_project.Common.Error.InternalFailure
+          - xyz.openbmc_project.Common.Error.InvalidArgument
+          - xyz.openbmc_project.User.Common.Error.PrivilegeMappingExists
\ No newline at end of file
diff --git a/xyz/openbmc_project/User/PrivilegeMapperEntry.interface.yaml b/xyz/openbmc_project/User/PrivilegeMapperEntry.interface.yaml
new file mode 100644
index 0000000..a90989d
--- /dev/null
+++ b/xyz/openbmc_project/User/PrivilegeMapperEntry.interface.yaml
@@ -0,0 +1,17 @@
+description: >
+    Implement to provide privilege for the group.
+
+properties:
+    - name: Privilege
+      type: string
+      description: >
+          One of the privilege as defined by
+          xyz.openbmc_project.User.Manager.AllPrivileges.
+          xyz.openbmc_project.Common.Error.InvalidArgument exception will be
+          thrown if the privilege is invalid. Additional documentation
+          on privilege is available here.
+          https://github.com/openbmc/docs/blob/master/user_management.md
+
+      errors:
+        - xyz.openbmc_project.Common.Error.InternalFailure
+        - xyz.openbmc_project.Common.Error.InvalidArgument
\ No newline at end of file