Fix build break

608ad2cc0e17bf62ff34bae7ceb499816fe13fbb
and
c1a75ebc267a78853fb26a3da8c6b3388e6ee07c
Collided. Fix the build error.

Change-Id: I683ea7a7b21b2297ab93010815b01e04373e1cea
Signed-off

Fix build break

608ad2cc0e17bf62ff34bae7ceb499816fe13fbb
and
c1a75ebc267a78853fb26a3da8c6b3388e6ee07c
Collided. Fix the build error.

Change-Id: I683ea7a7b21b2297ab93010815b01e04373e1cea
Signed-off-by: Ed Tanous <ed@tanous.net>

show more ...

Fix crash on requesting all events if dbus logging enabled

afterLogEntriesGetManagedObjects prepares members array (all the
LogEntry objects) to be used in response to the /EventLog/Entries
requests

Fix crash on requesting all events if dbus logging enabled

afterLogEntriesGetManagedObjects prepares members array (all the
LogEntry objects) to be used in response to the /EventLog/Entries
requests. It calls the fillEventLogLogEntryFromPropertyMap for every
event passing the dbus properties map and json object, expecting
the function to translate the properties map to JSON. It stores all
the json objects in an array. It uses .emplace_back on the array
to create an empty instance of JSON object which it immediately
passes to be filled.
If something fails in fillEventLogLogEntryFromPropertyMap (like DBus
property map is malformed), it fires an internal error and return
immediately without filling any fields in JSON object.
As a result, in case of earlier return from the function, the array will
have objects with no data. After collecting all the objects, it reorders
the elements by Id, however as some of them have no Id fields populated,
accessing to non-existent fields causes service to crash.

Testing:
Before the command [1] the process core dumped.

After, the same command [1] works [2].
Requesting individual entries keeps working [3].

[1] Command to fetch all EventLog Entries:
```
curl -ks -H "Content-Type: application/json" -H "X-Auth-Token: $token" https://${bmc}/redfish/v1/Systems/system/LogServices/EventLog/Entries
```

[2] Result from the server after fixing
```
root@bmc:~# curl -ks -H "Content-Type: application/json" -H "X-Auth-Token: $token" https://${bmc}/redfish/v1/Systems/system/LogServices/EventLog/Entries
{
"@odata.id": "/redfish/v1/Systems/system/LogServices/EventLog/Entries",
"@odata.type": "#LogEntryCollection.LogEntryCollection",
"Description": "Collection of System Event Log Entries",
"Name": "System Event Log Entries",
"error": {
"@Message.ExtendedInfo": [
{
"@odata.type": "#Message.v1_1_1.Message",
"Message": "The request failed due to an internal service error. The service is still operational.",
"MessageArgs": [],
"MessageId": "Base.1.19.InternalError",
"MessageSeverity": "Critical",
"Resolution": "Resubmit the request. If the problem persists, consider resetting the service."
}
],
"code": "Base.1.19.InternalError",
"message": "The request failed due to an internal service error. The service is still operational."
}
}
```

[3] Fetching a single entry correct and failing
```
root@bmc:~# curl -ks -H "Content-Type: application/json" -H "X-Auth-Token: $token" https://${bmc}/redfish/v1/Systems/system/LogServices/EventLog/Entries/1
{
"error": {
"@Message.ExtendedInfo": [
{
"@odata.type": "#Message.v1_1_1.Message",
"Message": "The request failed due to an internal service error. The service is still operational.",
"MessageArgs": [],
"MessageId": "Base.1.19.InternalError",
"MessageSeverity": "Critical",
"Resolution": "Resubmit the request. If the problem persists, consider resetting the service."
}
],
"code": "Base.1.19.InternalError",
"message": "The request failed due to an internal service error. The service is still operational."
}
}

root@bmc:~# curl -ks -H "Content-Type: application/json" -H "X-Auth-Token: $token" https://${bmc}/redfish/v1/Systems/system/LogServices/EventLog/Entries/2
{
"@odata.id": "/redfish/v1/Systems/system/LogServices/EventLog/Entries/2",
"@odata.type": "#LogEntry.v1_9_0.LogEntry",
"AdditionalDataURI": "/redfish/v1/Systems/system/LogServices/EventLog/Entries/2/attachment",
"Created": "2025-04-02T09:54:37.777+00:00",
"EntryType": "Event",
"Id": "2",
"Message": "Sensor 'BIC_JI_SENSOR_MB_RETIMER_TEMP_C' reading of 10.2 (xyz.openbmc_project.Sensor.Value.Unit.DegreesC) is below the 15.5 lower critical threshold.",
"MessageArgs": [
"BIC_JI_SENSOR_MB_RETIMER_TEMP_C",
"10.2",
"xyz.openbmc_project.Sensor.Value.Unit.DegreesC",
"15.5"
],
"MessageId": "SensorEvent.1.0.ReadingBelowLowerCriticalThreshold",
"Modified": "2025-04-02T09:54:37.777+00:00",
"Name": "System Event Log Entry",
"Resolution": "Check the condition of the resources listed in RelatedItem.",
"Resolved": false,
"Severity": "Critical"
}
```

Change-Id: I231b2266ccee27e83363cd1363c130d3fe8f1ed3
Signed-off-by: Igor Kanyuka <ifelmail@gmail.com>

show more ...

Make Request copy explicit

It is currently too easy to accidentally make copies of the Request
object. Ideally code would parse out the Request in the first handler,
then no longer require an async

Make Request copy explicit

It is currently too easy to accidentally make copies of the Request
object. Ideally code would parse out the Request in the first handler,
then no longer require an async copy. There is one case in the redfish
query things where we actually need a copy of the request object, so we
need these constructors, but we should make them explicit.

This commit moves the Request constructor to be private, and adds a new
method called copy() for explicitly making a copy. Ironcially, this
finds one place where we were actually making a copy of the request
object unintentionally, so fix that to only capture the value
required,the user session.

Tested:
- Compiles
- Run GET/PATCH related curl or If-Match like PATCH Account
- Redfish Service Validator runs and passes

Change-Id: I19255981f42757ed736112c003201e3f758735ac
Signed-off-by: Ed Tanous <ed@tanous.net>
Signed-off-by: Myung Bae <myungbae@us.ibm.com>

show more ...

OEM Route Handling Infrastructure

Goal of the MR is to provide infrastructure support in bmcweb to manage
the OEM fragment handling separately. OEM schema are vendor defined and
per DMTF resource we

OEM Route Handling Infrastructure

Goal of the MR is to provide infrastructure support in bmcweb to manage
the OEM fragment handling separately. OEM schema are vendor defined and
per DMTF resource we could have multiple vendor defined OEM schema to be
enabled.

The feature allows registration of route handler per schema per OEM
namespace.
Example
```
REDFISH_SUB_ROUTE<"/redfish/v1/Managers/<str>/#/Oem/OpenBmc">(service,
HttpVerb::Get)(oemOpenBmcCallback);
REDFISH_SUB_ROUTE<"/redfish/v1/Managers/<str>/#/Oem/Nvidia">(service,
HttpVerb::Get)(oemNidiaCallback);
```

We can have separate vendor defined route handlers per resource. Each of
these route handlers can populate their own vendor specific OEM data.
The OEM code can be better organized and enabled/disabled as per the
platform needs. The current MR has the code changes related to handling
GET requests alone. The feature only supports requests
where the response payload is JSON.

Tests
- All UT cases passes
- New UT added for RF OEM router passes
- Service Validator passes on qemu
- GET Response on Manager/bmc resource contains the OEM fragment

```
curl -c cjar -b cjar -k -X GET https://127.0.0.1:2443/redfish/v1/Managers/bmc
{
"@odata.id": "/redfish/v1/Managers/bmc",
"@odata.type": "#Manager.v1_14_0.Manager",

"Oem": {
"OpenBmc": {
"@odata.id": "/redfish/v1/Managers/bmc#/Oem/OpenBmc",
"@odata.type": "#OpenBMCManager.v1_0_0.Manager",
"Certificates": {
"@odata.id": "/redfish/v1/Managers/bmc/Truststore/Certificates"
}
}
},

"UUID": "40575e98-90d7-4c10-9eb5-8d8a7156c9b9"
}
```

Change-Id: Ic82aa5fe760eda31e2792fbdfb6884ac3ea613dc
Signed-off-by: Rohit PAI <rohitpai77@gmail.com>

show more ...

Use Node as template parameter for creating Tries

Abstracting Node can help us extend Tries for other use case like sub
routes management

Tested
1. Service Validator passes

Change-Id: I4703af9f301

Use Node as template parameter for creating Tries

Abstracting Node can help us extend Tries for other use case like sub
routes management

Tested
1. Service Validator passes

Change-Id: I4703af9f30107ce2bc3685683a5fd5b669341d35
Signed-off-by: Rohit PAI <ropai@nvidia.com>

show more ...

Move router trie to its own file

Just as the title says. Trie is useful outside of just the router (for
making other routers.)

Change-Id: I961927f2cea44ee78f32337e64741edad9dc542f
Signed-off-by:

Move router trie to its own file

Just as the title says. Trie is useful outside of just the router (for
making other routers.)

Change-Id: I961927f2cea44ee78f32337e64741edad9dc542f
Signed-off-by: Ed Tanous <etanous@nvidia.com>

show more ...

Make trie a template

This trie class would be useful to use with any arbitrary type, not just
those inheriting from BaseRule.

Change-Id: I325474a100e083ea36407530c6e4e8f6412718ac
Signed-off-by: Ed

Make trie a template

This trie class would be useful to use with any arbitrary type, not just
those inheriting from BaseRule.

Change-Id: I325474a100e083ea36407530c6e4e8f6412718ac
Signed-off-by: Ed Tanous <etanous@nvidia.com>

show more ...

Add odata.type for ClientCertificate/Certificates

This Certificate URI does not give the odata.type.

```
curl -k -X GET https://${bmc}/redfish/v1/AccountService/MultiFactorAuth/ClientCertificate/Ce

Add odata.type for ClientCertificate/Certificates

This Certificate URI does not give the odata.type.

```
curl -k -X GET https://${bmc}/redfish/v1/AccountService/MultiFactorAuth/ClientCertificate/Certificates
{
"Members": [],
"Members@odata.count": 0
}
```
As a result, Redfish Service Validator may fail if this URI is
triggered.

This adds the type like
```
curl -k -X GET https://${bmc}/redfish/v1/AccountService/MultiFactorAuth/ClientCertificate/Certificates

{
"@odata.id": "/redfish/v1/AccountService/MultiFactorAuth/ClientCertificate/Certificates",
"@odata.type": "#CertificateCollection.CertificateCollection"
"Members": [],
"Members@odata.count": 0
"Name": "Certificates Collection"
}%
```

Change-Id: I9c453c6c5ba093a6a3a0530e99d2bf8766a98ed3
Signed-off-by: Myung Bae <myungbae@us.ibm.com>

show more ...

Handle NotFound error for GetSubTreeById

Currently, PowerSupplies handling is done via `GetSubTreeById` and it
returns the success with the empty collection, even if the given chassis
is invalid.
``

Handle NotFound error for GetSubTreeById

Currently, PowerSupplies handling is done via `GetSubTreeById` and it
returns the success with the empty collection, even if the given chassis
is invalid.
```
GET /redfish/v1/Chassis/INVALID/PowerSubsystem/PowerSupplies
```

Once phosphor-objmgr is fixed by [1], the above URI will cause an
internalError.

This commit is to handle the case as NotFound error for the invalid
chassis with [1], and fixes the common error [2].

Tested:
- GET /redfish/v1/Chassis/INVALID/PowerSubsystem/PowerSupplies with
NotFound.
- Redfish Service Validator passes

[1] https://gerrit.openbmc.org/c/openbmc/phosphor-objmgr/+/79311
[2] https://github.com/openbmc/bmcweb/blob/master/COMMON_ERRORS.md#11-not-responding-to-404

Change-Id: I1d2d19b7da6c0ad3b6a8d3090eb035732ec2e3ca
Signed-off-by: Myung Bae <myungbae@us.ibm.com>

show more ...

Refactor chassisInterfaces into chassis_utils

Some (e.g. IBM) do not use the
`xyz.openbmc_project.Inventory.Item.Board` interface for chassis
objects. To handle the use pattern easier, this refactor

Refactor chassisInterfaces into chassis_utils

Some (e.g. IBM) do not use the
`xyz.openbmc_project.Inventory.Item.Board` interface for chassis
objects. To handle the use pattern easier, this refactors the Chassis
interface into one location and it is referenced from the needed places
(e.g. `getValidChassisPath()`).

Moreover, this part is repeated many times, which goes against best
practices.

Tested:
- GET Chassis related API and check they are the same as before
- Redfish Service Validator passes

Change-Id: Id4a51986262892c5dc81b1a3bc46fa5be7c0e9da
Signed-off-by: Myung Bae <myungbae@us.ibm.com>

show more ...

Update symlinks for 2025.1

Wrote a quick bash script to update these symlinks.

These are versioned out in json schema directory[1].

The symlinks don't work without this update.

[1]: https://githu

Update symlinks for 2025.1

Wrote a quick bash script to update these symlinks.

These are versioned out in json schema directory[1].

The symlinks don't work without this update.

[1]: https://github.com/openbmc/bmcweb/tree/master/redfish-core/schema/dmtf/json-schema

https://gerrit.openbmc.org/c/openbmc/bmcweb/+/74676 did this for 2024.3

Tested: Cat a few of these links. They appear to work.
Before:
```
head -n 4 redfish-core/schema/dmtf/json-schema-installed/ComputerSystem.v1_*.json
head: cannot open 'redfish-core/schema/dmtf/json-schema-installed/ComputerSystem.v1_23_1.json' for reading: No such file or directory
```
After:
```
head -n 3 redfish-core/schema/dmtf/json-schema-installed/ComputerSystem.v1_*.json
{
"$id": "http://redfish.dmtf.org/schemas/v1/ComputerSystem.v1_24_0.json",
"$ref": "#/definitions/ComputerSystem",
```

Change-Id: Ief753a8c08699b0b1d934ee74c24890c3355d247
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>

show more ...

Update to 2025.1

1 line change in update_schemas.py and rerun it.

See below for more info on this release:
https://www.dmtf.org/content/redfish-release-20251-now-available

Tested: Inspection only.

Update to 2025.1

1 line change in update_schemas.py and rerun it.

See below for more info on this release:
https://www.dmtf.org/content/redfish-release-20251-now-available

Tested: Inspection only. These have not broke things in the past.

Change-Id: I8d386725b364e2bc7c91c869e519e5e7bfbf11f9
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>

show more ...

Fix 302 cache handling

302 cache handling appears to have been broken when we went to AsyncResp
in the connection class instead of using Response directly. This is
because the expected hash was bei

Fix 302 cache handling

302 cache handling appears to have been broken when we went to AsyncResp
in the connection class instead of using Response directly. This is
because the expected hash was being written to the old response, not the
new one.

Resolve the issue.

Tested:
using curl to grab /redfish/v1
then pull the ETAG from the response
then use curl to set if-none-match

Shows that redfish now responds with 302 not modified.

Loading a browser window shows many requests are fulfilled with 302 not
modified.

Change-Id: Ie1e782fd5b2c6a5bcf942849ee13ca074973bf1e
Signed-off-by: Ed Tanous <etanous@nvidia.com>

show more ...

Virtual media should always create pipe

This is an attempt to fix the issue reported on discord [1]

Tested: This will break some folks downstream code, because we're
changing the prototype here of

Virtual media should always create pipe

This is an attempt to fix the issue reported on discord [1]

Tested: This will break some folks downstream code, because we're
changing the prototype here of the method call. I try to avoid that
where we can, but this interface isn't really viable as it is.

[1] https://discord.com/channels/775381525260664832/855566794994221117/1338885294417510444

Change-Id: I72aa7f7fe65432019d280477dc32559bb840dfb1
Signed-off-by: Ed Tanous <etanous@nvidia.com>

show more ...

Add handling for liquidflow & pressure sensors

When pressure [1] and liquidflow [2] were added to
phosphor-dbus-interfaces, bmcweb's unit-handling code and list of dbus
sensor paths weren't updated

Add handling for liquidflow & pressure sensors

When pressure [1] and liquidflow [2] were added to
phosphor-dbus-interfaces, bmcweb's unit-handling code and list of dbus
sensor paths weren't updated accordingly; let's add them now.

Tested: pressure and liquidflow sensors on dbus now appear (including
appropriate units) in the redfish hierarchy and on the webui-vue sensors
page.

[1] https://github.com/openbmc/phosphor-dbus-interfaces/commit/69d821b0368b8c6943a91c7f96528e2c0047f432
[2] https://github.com/openbmc/phosphor-dbus-interfaces/commit/6a8507d06e172d8d29c0459f0a0d078553d2ecc7

Signed-off-by: Zev Weiss <zev@bewilderbeest.net>
Change-Id: I1dbe869d6c642eaeebad8605adad50315c52ad3d

show more ...

Map debug level to info

As the comment states, openbmc currently squashes DEBUG level messages.
After ee993dc84b1e9917b545fdd7367f1127a358084a systemd can see the log
levels, which has the unintende

Map debug level to info

As the comment states, openbmc currently squashes DEBUG level messages.
After ee993dc84b1e9917b545fdd7367f1127a358084a systemd can see the log
levels, which has the unintended consequence of squashing DEBUG level
messages when enabled.

This is a temporary workaround to fix the regression. Ulimately
implementing something like DEBUG_INVOCATION might be the way to go.

Tested: Enabled debug logging

journalctl -u bmcweb showed debug level messages.

Change-Id: I3c57a47282dbcbf34c58a12d2b7da54f1082fac1
Signed-off-by: Ed Tanous <etanous@nvidia.com>

show more ...

Remove cookie clear

d8139c68[1] added:
asyncResp->res.addHeader("Clear-Site-Data",
R"("cache","cookies","storage")");

This causes the browsers to clear the cache, cookie, and storage for
that site.

Remove cookie clear

d8139c68[1] added:
asyncResp->res.addHeader("Clear-Site-Data",
R"("cache","cookies","storage")");

This causes the browsers to clear the cache, cookie, and storage for
that site. [2]

Don't see where OWASP recommends Clear-Site-Data response header. [3]

This seems reasonable but breaks our server manager (HMC) when using
webui-vue from the HMC proxy. [4][5]
The HMC is also using the cookie and storage from the same URI. The
proxy works by going to a URI and the HMC proxing it forward/reverse
for webui-vue.

Also had other problems clearing headers, Clear-Site-Data seems too
strict, just remove it.

[1]: https://github.com/openbmc/bmcweb/commit/d8139c683a2f42c47ed913b731becc6cd681e2dd
[2]: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Clear-Site-Data
[3]: https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Headers_Cheat_Sheet.html
[4]: https://en.wikipedia.org/wiki/IBM_Hardware_Management_Console
[5]: https://www.ibm.com/docs/en/power10?topic=asmi-accessing-by-using-hmc

Tested: Firefox and Chrome no longer logout the HMC when logging out
webui-vue.

Change-Id: I061eae9163ce5d88a3bd9f297ca5e10ff3a07984
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>

show more ...

Refactor Cable code

It is refactoring Cable code for the future incoming codes into the
area. It includes the following to reduce the body size via the smaller
functions.
- getCableProperties
- req

Refactor Cable code

It is refactoring Cable code for the future incoming codes into the
area. It includes the following to reduce the body size via the smaller
functions.
- getCableProperties
- requestRoutesCable

Tested:
- GET Cable gives the same result as before

Change-Id: I67d17da4acd09080cbacead07678d24119c4c2b5
Signed-off-by: Myung Bae <myungbae@us.ibm.com>

show more ...

Fix getting a response for wrong URI

Resolve getting a response for wrong URI in Update Service
URI (/redfish/v1/UpdateService/FirmwareInventory/)

- After the fix a wrong URI that partially matches

Fix getting a response for wrong URI

Resolve getting a response for wrong URI in Update Service
URI (/redfish/v1/UpdateService/FirmwareInventory/)

- After the fix a wrong URI that partially matches the
last characters in a valid URI now gets a 404 as shown
in the example below :

$ curl -k -H "X-Auth-Token: $bmc_token" -X GET
https://$bmc/redfish/v1/UpdateService/FirmwareInventory/5e
{
"error": {
"@Message.ExtendedInfo": [
{
"@odata.type": "#Message.v1_1_1.Message",
"Message": "The resource at the URI '/redfish/v1/
UpdateService/FirmwareInventory/5e' was not found.",
"MessageArgs": [
"/redfish/v1/UpdateService/FirmwareInventory/5e"
],
"MessageId": "Base.1.19.ResourceMissingAtURI",
"MessageSeverity": "Critical",
"Resolution": "Place a valid resource at the URI or
correct the URI and resubmit the request."
}
],
"code": "Base.1.19.ResourceMissingAtURI",
"message": "The resource at the URI '/redfish/v1/
UpdateService/FirmwareInventory/5e' was not found."
}

- Two common errors were fixed with the changes
- imprecise-matching
- not-responding-to-404

- The fix also includes changes to the software images to
only look under /xyz/openbmc_project/software/.

Tested: No longer getting a response for wrong URI in Update
Service URI.

Change-Id: I72d8452b8ca1ef095d093a57bc14fade380be617
Signed-off-by: Abiola Asojo <abiola.asojo@ibm.com>

show more ...

Enhance Task removal when queue is full

Bmcweb operates with fixed queue length for tasks. The current code
removes the oldest task when queue is full. This makes task status
unavailable if the firs

Enhance Task removal when queue is full

Bmcweb operates with fixed queue length for tasks. The current code
removes the oldest task when queue is full. This makes task status
unavailable if the first task was still running and was not yet
completed.

The MR brings enhancement to remove the oldest completed/aborted task.
If all tasks are in running state then it removes the oldest task.

Tested
- UT passes
- Created long running task after boot-up followed by 100 short running
tasks which completed fast. Long running task status was still available
after task queue become full.

Change-Id: Ida5d4a84c2b51a4797c50677ce5c4ef2607f09a3
Signed-off-by: Rohit PAI <ropai@nvidia.com>

show more ...

Change Session Cookie name

We have a use case where the GUI sits behind a Apache Tomcat proxy[1].

In this environment the cookie looks like:
```
en-US,en;q=0.9cookie:
JSESSIONIDSSO=4E999D77EF4E01CB

Change Session Cookie name

We have a use case where the GUI sits behind a Apache Tomcat proxy[1].

In this environment the cookie looks like:
```
en-US,en;q=0.9cookie:
JSESSIONIDSSO=4E999D77EF4E01CB72DE63949D5FF830;
CCFWSESSION=48A66EB93C00AD4F6327FB3FC2A338FC; LOGIN_MODE=Dashboard;
XSRF-TOKEN=Ue1La3Ik48Bn5NosyLnJ; SESSION=pCAdqApWt4Kb4IUV9vh8dnt:
```

The bmcweb code thinks the CCFWSESSION= is the SESSION. The bmcweb code
could be made smarter to differentiate "CCFWSESSION" and "SESSION" but
reading SESSION seems too generic of a name and something like
"BMCWEB-SESSION" better matches [2], [3], and [4].

[1]: https://tomcat.apache.org/tomcat-9.0-doc/proxy-howto.html
[2]: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie#session_cookie
[3]: https://http.dev/set-cookie
[4]: https://www.geeksforgeeks.org/http-headers-set-cookie/

Tested: The GUI works and this proxy environment now works.

Change-Id: I9b63093c1839e26602fe26313a330e337961cb81
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>

show more ...

Fix CI on generated-enum

Generated enum files include `json.hpp' which causes the CI failures
like
```
/var/jenkins-openbmc/workspace/ci-repository/openbmc/bmcweb/redfish-core/include/generated/enum

Fix CI on generated-enum

Generated enum files include `json.hpp' which causes the CI failures
like
```
/var/jenkins-openbmc/workspace/ci-repository/openbmc/bmcweb/redfish-core/include/generated/enums/acceleration_function.hpp:4:1: error: included header json.hpp is not used directly [misc-include-cleaner,-warnings-as-errors]
4 | #include <nlohmann/json.hpp>
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~
5 |
```

So, this will treat `<nlohmann/json.hpp>` as `misc-include-cleaner` to
ignore the header check.

Tested:
- Compiles good
- CI passes

Change-Id: Id1d5e981b1de37398aa02c3303357e66fe902efd
Signed-off-by: Myung Bae <myungbae@us.ibm.com>

show more ...

Clean up meson summary

Make the meson summary better by:
Adding new sections for each value type (this implicitly sorts each
section, making the pattern more clear)
Remove the generated messon messa

Clean up meson summary

Make the meson summary better by:
Adding new sections for each value type (this implicitly sorts each
section, making the pattern more clear)
Remove the generated messon message, where we print the values of
ifdefs.
Enable bool_yn for feature options, which allows us to pass the feature
in directly, and print and colorize yes/no answers

Tested: meson setup builddir

Results in no messages printed for the ifdefs, and colorized output,
with yes/no answers, summarized below.

Feature Options
basic-auth : YES

String Options
dns-resolver : systemd-dbus

Numeric Options
http-body-limit : 30

Change-Id: I13f003846edaa355090c14113b61aacb05cbeb9a
Signed-off-by: Ed Tanous <etanous@nvidia.com>

show more ...

extend test script to cover upn testing

This commit is intended to extend existing `generate_auth_certificate`
python script that automatically test the auth functionality of bmcweb.
We extend the s

extend test script to cover upn testing

This commit is intended to extend existing `generate_auth_certificate`
python script that automatically test the auth functionality of bmcweb.
We extend the script by adding test for UserPrincipalName (UPN) feature.
This feature[1] allow us to use SubjectAlternativeName (SAN) extension
on X509 certificate and enable us to use the different name as username.
Previously we can only use CommonName in the certificate as username

By adding this changes, we can test the UPN feature easily using the
script. We add a new flag that enable the user to test using UPN feature
by specifying the UPN name to be tested.

UPN has OID that is specified by Microsoft[2]. The full OID path:
1 ISO
1.3 identified-organization (ISO/IEC 6523),
1.3.6 DoD,
1.3.6.1 internet,
1.3.6.1.4 private,
1.3.6.1.4.1 enterprise,
1.3.6.1.4.1.311 Microsoft,
1.3.6.1.4.1.311.20 Microsoft enrollment infrastructure,
1.3.6.1.4.1.311.20.2 Certificate Type Extension,
1.3.6.1.4.1.311.20.2.3 UserPrincipalName

Tested:
- Regress test on CommonName by running without `--upn` flag
- Test using correct UPN name
- There are two requirements for the UPN name (`username@domain`)
- `username` must exist in the BMC device accounts
- `domain` must match the domain forest of the device
- eg: malik@fb.com match macbmc1.abc.fb.com
- Test using incorrect UPN name
- Violate one of the requirements and the test should fail

[1] Patch feature: https://gerrit.openbmc.org/c/openbmc/bmcweb/+/78519
[2] OID of UPN: https://oidref.com/1.3.6.1.4.1.311.20.2.3

Change-Id: I997bea9a6662fa41c3824fde71ea4f20b606ca9c
Signed-off-by: Malik Akbar Hashemi Rafsanjani <malikrafsan@meta.com>

show more ...

Add support for systemd service watchdog

Systemd has support for enabling service level watchdog. The MR enables
this support for bmcweb daemon. Request for watchdog monitor from
systemd is added in

Add support for systemd service watchdog

Systemd has support for enabling service level watchdog. The MR enables
this support for bmcweb daemon. Request for watchdog monitor from
systemd is added in bmcweb.service.in. From the event loop a timer is
registered to kick the watchdog periodically

The default watchdog timeout is set at 120 seconds and the timer is set
to kick it at a quarter of the interval (every 30 seconds).
This timeout is set somewhat arbitrarily based on the longest blocking
call that could occur and still give a valid HTTP response. Suspect
lower values could work equally as well.

Benefits of Service Watchdog
- Bmcweb route handlers should not make any blocking IO calls which
block the event loop for considerable amount of time and slowdown the
response of other URI requests in the queue. Watchdog can help to detect
such issues.
- Watchdog can help restart the service if any route handler code has
uncaught bugs resulting from system API errors (this is in theory,
currently we don't have any use case).

Tested
1. UT is passing
2. Service validator is passing
3. Fw upgrade POST requests are working

Change-Id: If62397d8836c942fdcbc0618810fe82a8b248df8
Signed-off-by: rohitpai <ropai@nvidia.com>
Signed-off-by: Ed Tanous <etanous@nvidia.com>

show more ...