Auth methods configuration

Added Oem extension for AccountService allowing user to configure
which authentication methods should be enabled. User is now able
to turn on and off authentication method

Auth methods configuration

Added Oem extension for AccountService allowing user to configure
which authentication methods should be enabled. User is now able
to turn on and off authentication methods like BasicAuth, XToken, etc.
User is not allowed to turn off all of the methods at once - at least
one method has to be active to prevent lock-out. This configuration
is persistent, will be saved on file-system and will be loaded on
bmcweb's restart.

Tested:
No regression found in manual testing. By default everything works as before,
and disabling auth method prevents user to authenticate by it. Tested that
user is not allowed to disable all the methods - either in one PATCH or by
disabling them one at a time.
ServiceValidator run with success.

This change is a fix for this request:
https://gerrit.openbmc-project.xyz/c/openbmc/bmcweb/+/23590/18

which was revert here:
https://gerrit.openbmc-project.xyz/c/openbmc/bmcweb/+/26869

Signed-off-by: Zbigniew Kurzynski <zbigniew.kurzynski@intel.com>
Change-Id: I66b5ad423746f1992070a14f2983a07b1320190e

show more ...

account_service: redfish user Patch error handling

Modified doPatch method to populate redfish user update error codes.

Tested:
Tested user updates with below scenarios
1)Provided username is not e

account_service: redfish user Patch error handling

Modified doPatch method to populate redfish user update error codes.

Tested:
Tested user updates with below scenarios
1)Provided username is not exist
2)Replace username already user exists
3)Replace Username is NULL/Invalid
4)Replace username is not starting with alphabet
5)Replace username exceeds more than 16 characters
6)Password is not valid for Replace/existing username

Redfish validator test results:
1 failProp errors in /redfish/v1/Systems/system/LogServices/EventLog
1 problemResource errors in /redfish/v1/Systems/system/LogServices/
EventLog/Entries
Counter({'skipOptional': 17887, 'pass': 12133, 'passGet': 1285,
'metadataNamespaces': 1047, 'serviceNamespaces': 69, 'reflink': 9,
'passAction': 7, 'warningPresent': 6, 'optionalAction': 6,
'repeat': 3, 'invalidPropertyValue': 3, 'failErrorPresent': 1,
'err.LogEntryCollection.LogEntryCollection': 1, 'failProp': 1,
'unvalidated': 1, 'problemResource': 1,
'unverifiedComplexAdditional': 1, 'warnTrailingSlashLink': 1})
Validation has failed: 3 problems found

Signed-off-by: jayaprakash Mutyala <mutyalax.jayaprakash@intel.com>
Change-Id: Ibee448c5d5c4f38c5c4cacda757864593f6001fc

show more ...

Revert "Auth methods configuration"

This reverts commit 0ff64dc2cd3a15b4204a477ad2eb5219d66e6110.

Reason for revert: <breaks redfish validator, <edmx:Reference Uri="/redfish/v1/schema/OemAccountSer

Revert "Auth methods configuration"

This reverts commit 0ff64dc2cd3a15b4204a477ad2eb5219d66e6110.

Reason for revert: <breaks redfish validator, <edmx:Reference Uri="/redfish/v1/schema/OemAccountService_v1.xml"> but the file name unversioned static/redfish/v1/schema/OemAccountService.xml>

Change-Id: I696dd09bf519e364f5f529a674e047a8eeead578
Signed-off-by: James Feist <james.feist@linux.intel.com>

show more ...

Auth methods configuration

Added Oem extension for AccountService allowing user to configure
which authentication methods should be enabled. User is now able
to turn on and off authentication method

Auth methods configuration

Added Oem extension for AccountService allowing user to configure
which authentication methods should be enabled. User is now able
to turn on and off authentication methods like BasicAuth, XToken, etc.
User is not allowed to turn off all of the methods at once - at least
one method has to be active to prevent lock-out. This configuration
is persistent, will be saved on file-system and will be loaded on
bmcweb's restart.

Tested:
No regression found in manual testing. By default everything works as before,
and disabling auth method prevents user to authenticate by it. Tested that
user is not allowed to disable all the methods - either in one PATCH or by
disabling them one at a time.
ServiceValidator run with success.

Change-Id: I3a775d783ac05998d17b8e91800962bffd8cab52
Signed-off-by: Kowalski, Kamil <kamil.kowalski@intel.com>
Signed-off-by: Zbigniew Kurzynski <zbigniew.kurzynski@intel.com>

show more ...

Modernize: use emplace instead of push_back

We had a couple uses of push_back in the code that could be made more
efficient with emplace(). Use them instead.

Tested: No functional change. Needs t

Modernize: use emplace instead of push_back

We had a couple uses of push_back in the code that could be made more
efficient with emplace(). Use them instead.

Tested: No functional change. Needs tested.

Signed-off-by: Ed Tanous <ed.tanous@intel.com>
Change-Id: I417601e416b1d0be989617a372978d52670135d8

show more ...

Renamed User role name to ReadOnly

As per redfish specification (DSP0266), there are
set of predefined privilege roles. In OpenBMC code
has "User" as role name instead of "ReadOnly".
So corrected th

Renamed User role name to ReadOnly

As per redfish specification (DSP0266), there are
set of predefined privilege roles. In OpenBMC code
has "User" as role name instead of "ReadOnly".
So corrected the same. Updated Redfish.md accordingly.

Spec says:
Role Name = "ReadOnly"
▪ AssignedPrivileges = Login, ConfigureSelf

Tested:
- Role collection shows new role.
- GET on /redfish/v1/AccountService/Roles/ReadOnly
URI shows correct AssignedPrivileges.
- Ran negative test with /redfish/v1/AccountService/Roles/User
and observed error(404 - Not Found).
- Ran Redfish validator and no new issues observed.

Signed-off-by: AppaRao Puli <apparao.puli@linux.intel.com>
Change-Id: I7b0132c628fb4950b6ec095269cd1a12e92aea9a

show more ...

Fix a bunch of warnings

using the list of warnings from here:
https://github.com/lefticus/cppbestpractices/blob/e73393f25a85f83fed7399d8b65cb117d00b2231/02-Use_the_Tools_Available.md#L100

Seems lik

Fix a bunch of warnings

using the list of warnings from here:
https://github.com/lefticus/cppbestpractices/blob/e73393f25a85f83fed7399d8b65cb117d00b2231/02-Use_the_Tools_Available.md#L100

Seems like a good place to start, and would improve things a bit
type-wise. This patchset attempts to correct all the issues in one
shot.

Tested:
It builds. Will test various subsystems that have been touched

Signed-off-by: Ed Tanous <ed.tanous@intel.com>
Change-Id: I588c26440e5a97f718a0f0ea74cc84107d53aa1e

show more ...

Redfish: Add PATCH operation support for RemoteRoleMapping

Added PATCH operation support for RemoteRoleMapping property under
LDAP/ActiveDirectory property in AccountService schema.

1. How to add t

Redfish: Add PATCH operation support for RemoteRoleMapping

Added PATCH operation support for RemoteRoleMapping property under
LDAP/ActiveDirectory property in AccountService schema.

1. How to add the Role Mapping?

PATCH {"ActiveDirectory":{"RemoteRoleMapping": [{"RemoteGroup":
"Admingroup15","LocalRole": "User"},{"RemoteGroup": "Admingroup13",
"LocalRole": "Administrator"},{"RemoteGroup": "Admingroup14",
"LocalRole": "Operator"}]}}

With the above PATCH request, all the above role mapping gets added.

2. How to delete a specific role mapping?

After adding the above roles mapping, if user want to delete the second mapping
which is ({"RemoteGroup": "Admingroup13", "LocalRole": "Administrator"})

Following PATCH request would be used.
PATCH {"ActiveDirectory":{"RemoteRoleMapping": [{},null,{}]}}

3. How to update specific role mapping ?

Let's take a case where user want to update the second role mapping
PATCH {"ActiveDirectory":{"RemoteRoleMapping": [{},{"RemoteGroup":"Admingroup25","LocalRole": "User"},{}]}}
or
PATCH {"ActiveDirectory":{"RemoteRoleMapping": [{},{"RemoteGroup":"Admingroup25"},{}]}} and \
PATCH {"ActiveDirectory":{"RemoteRoleMapping": [{},{"LocalRole": "User"},{}]}}
Tested:

1. Did a PATCH operation with below given Data:

' {"ActiveDirectory":{"RemoteRoleMapping": [{"RemoteGroup": "Admingroup215","LocalRole": "User"}, \
{"RemoteGroup": "Admingroup213","LocalRole":"Administrator"},{"RemoteGroup":"Admingroup214","LocalRole":"Operator"}]}}'

2. With GET got below given data:

"RemoteRoleMapping": [
{
"LocalRole": "Operator",
"RemoteGroup": "Admingroup214"
},
{
"LocalRole": "Administrator",
"RemoteGroup": "Admingroup213"
},
{
"LocalRole": "User",
"RemoteGroup": "Admingroup215"
}
],

3. Did a PATCH operation with below given Data:

'{"ActiveDirectory":{"RemoteRoleMapping": [{},null,{}]}}'

4. With GET got below given data:

"RemoteRoleMapping": [
{
"LocalRole": "Operator",
"RemoteGroup": "Admingroup214"
},
{
"LocalRole": "User",
"RemoteGroup": "Admingroup215"
}
],

5. Did a PATCH operation with below given Data:

'{"ActiveDirectory":{"RemoteRoleMapping": [null,null]}}'

6. With GET got below given data:

"RemoteRoleMapping": []

7. Did a PATCH operation with below given Data:

'{"ActiveDirectory":{"RemoteRoleMapping": [{"RemoteGroup": "Admingroup215","LocalRole": "User"}, \
{"RemoteGroup": "Admingroup213","LocalRole":"Administrator"},{"RemoteGroup":"Admingroup214","LocalRole":"Operator"}]}}'

8. With GET got below given data:

"RemoteRoleMapping": [
{
"LocalRole": "Administrator",
"RemoteGroup": "Admingroup213"
},
{
"LocalRole": "Operator",
"RemoteGroup": "Admingroup214"
},
{
"LocalRole": "User",
"RemoteGroup": "Admingroup215"
}
],
9. Did a PATCH operation with below given Data:

'{"ActiveDirectory":{"RemoteRoleMapping": [{"RemoteGroup": "Admingroup25"},{},{}]}}'

10.With GET got below given data:

"RemoteRoleMapping": [
{
"LocalRole": "Administrator",
"RemoteGroup": "Admingroup25"
},
{
"LocalRole": "Operator",
"RemoteGroup": "Admingroup214"
},
{
"LocalRole": "User",
"RemoteGroup": "Admingroup215"
}
],
11. Did a PATCH operation with below given Data:

'{"ActiveDirectory":{"RemoteRoleMapping": [{"LocalRole": "User"},{},{}]}}'

12.With GET got below given data:

"RemoteRoleMapping": [
{
"LocalRole": "User",
"RemoteGroup": "Admingroup25"
},
{
"LocalRole": "Operator",
"RemoteGroup": "Admingroup214"
},
{
"LocalRole": "User",
"RemoteGroup": "Admingroup215"
}
],

13. Did a PATCH operation with below given Data:

'{"ActiveDirectory":{"RemoteRoleMapping": [{},{"RemoteGroup": "Admingroup26","LocalRole": "User"},{}]}}'

14.With GET got below given data:

"RemoteRoleMapping": [
{
"LocalRole": "User",
"RemoteGroup": "Admingroup25"
},
{
"LocalRole": "User",
"RemoteGroup": "Admingroup26"
},
{
"LocalRole": "User",
"RemoteGroup": "Admingroup215"
}
],

15. Try to delete the role map when there was no role map entry and get the following error.
"RemoteRoleMapping/1@Message.ExtendedInfo": [
{
"@odata.type": "/redfish/v1/$metadata#Message.v1_0_0.Message",
"Message": "The value null for the property RemoteRoleMapping/0 is of a different type than the property can accept.",
"MessageArgs": [
"null",
"RemoteRoleMapping/0"
],
"MessageId": "Base.1.4.0.PropertyValueTypeError",
"Resolution": "Correct the value for the property in the request body and resubmit the request if the operation failed.",
"Severity": "Warning"
}

Signed-off-by: Ratan Gupta <ratagupt@linux.vnet.ibm.com>
Change-Id: Iaa37221bd6fdc87dbf51755d9425ecd5b07eee6c

show more ...

Fix: Only return error info in invalid URI case

Collection schemas return some valuable parameter information values
on get query, even when the URI is invalid and 404/400 error code
is returned.
Fi

Fix: Only return error info in invalid URI case

Collection schemas return some valuable parameter information values
on get query, even when the URI is invalid and 404/400 error code
is returned.
Fix for the same is provided by packing the json response at proper
places and returning only the required error info, for security reasons.

Tested:
Verified by redfish GET query for invalid uri cases.
Only error msg and info is returned.

Signed-off-by: Ayushi Smriti <smriti.ayushi@linux.intel.com>
Change-Id: Iae45da86c2d2adbc39d78f7c267d551d4e6525f2

show more ...

Read AllGroups property from user manager

This bmcweb code is to create users as per the available groups,
and make the code dynamic.

Tested: Created a new user and did redfish post query.
Verified

Read AllGroups property from user manager

This bmcweb code is to create users as per the available groups,
and make the code dynamic.

Tested: Created a new user and did redfish post query.
Verified through busctl introspection, available groups were listed
for the new user.

Signed-off-by: Ayushi Smriti <smriti.ayushi@linux.intel.com>
Change-Id: Ifec6d71d9721e4bfef53c9e38b17e9b7864777e6

show more ...

Revert "Redfish: Add PATCH operation support for RemoteRoleMapping"

This reverts commit 2a21b9db6fcfe477f9ef31453df93e3f6c442a44.

Reason for revert:

Merged accidentally. Tested locally, and seems

Revert "Redfish: Add PATCH operation support for RemoteRoleMapping"

This reverts commit 2a21b9db6fcfe477f9ef31453df93e3f6c442a44.

Reason for revert:

Merged accidentally. Tested locally, and seems to work as designed. Needs fixed to match the comments below, then should be good to go.

Change-Id: I95c19e47a09ca5afa343fd7590bc39f750cd81e0

show more ...

Redfish: Add PATCH operation support for RemoteRoleMapping

Added PATCH operation support for RemoteRoleMapping property under
LDAP/ActiveDirectory property in AccountService schema.

1. How to add t

Redfish: Add PATCH operation support for RemoteRoleMapping

Added PATCH operation support for RemoteRoleMapping property under
LDAP/ActiveDirectory property in AccountService schema.

1. How to add the Role Mapping?

PATCH {"ActiveDirectory":{"RemoteRoleMapping": [{"RemoteGroup":
"Admingroup15","LocalRole": "User"},{"RemoteGroup": "Admingroup13",
"LocalRole": "Administrator"},{"RemoteGroup": "Admingroup14",
"LocalRole": "Operator"}]}}

With the above PATCH request, all the above role mapping gets added.

2. How to delete a specific role mapping?

After adding the above roles mapping, if user want to delete the second mapping
which is ({"RemoteGroup": "Admingroup13", "LocalRole": "Administrator"})

Following PATCH request would be used.
PATCH {"ActiveDirectory":{"RemoteRoleMapping": [{},null,{}]}}

3. How to update specific role mapping ?

Let's take a case where user want to update the second role mapping
PATCH {"ActiveDirectory":{"RemoteRoleMapping": [{},{"RemoteGroup":"Admingroup25","LocalRole": "User"},{}]}}
or
PATCH {"ActiveDirectory":{"RemoteRoleMapping": [{},{"RemoteGroup":"Admingroup25"},{}]}} and \
PATCH {"ActiveDirectory":{"RemoteRoleMapping": [{},{"LocalRole": "User"},{}]}}
Tested:

1. Did a PATCH operation with below given Data:

' {"ActiveDirectory":{"RemoteRoleMapping": [{"RemoteGroup": "Admingroup215","LocalRole": "User"}, \
{"RemoteGroup": "Admingroup213","LocalRole":"Administrator"},{"RemoteGroup":"Admingroup214","LocalRole":"Operator"}]}}'

2. With GET got below given data:

"RemoteRoleMapping": [
{
"LocalRole": "Operator",
"RemoteGroup": "Admingroup214"
},
{
"LocalRole": "Administrator",
"RemoteGroup": "Admingroup213"
},
{
"LocalRole": "User",
"RemoteGroup": "Admingroup215"
}
],

3. Did a PATCH operation with below given Data:

'{"ActiveDirectory":{"RemoteRoleMapping": [{},null,{}]}}'

4. With GET got below given data:

"RemoteRoleMapping": [
{
"LocalRole": "Operator",
"RemoteGroup": "Admingroup214"
},
{
"LocalRole": "User",
"RemoteGroup": "Admingroup215"
}
],

5. Did a PATCH operation with below given Data:

'{"ActiveDirectory":{"RemoteRoleMapping": [null,null]}}'

6. With GET got below given data:

"RemoteRoleMapping": []

7. Did a PATCH operation with below given Data:

'{"ActiveDirectory":{"RemoteRoleMapping": [{"RemoteGroup": "Admingroup215","LocalRole": "User"}, \
{"RemoteGroup": "Admingroup213","LocalRole":"Administrator"},{"RemoteGroup":"Admingroup214","LocalRole":"Operator"}]}}'

8. With GET got below given data:

"RemoteRoleMapping": [
{
"LocalRole": "Administrator",
"RemoteGroup": "Admingroup213"
},
{
"LocalRole": "Operator",
"RemoteGroup": "Admingroup214"
},
{
"LocalRole": "User",
"RemoteGroup": "Admingroup215"
}
],
9. Did a PATCH operation with below given Data:

'{"ActiveDirectory":{"RemoteRoleMapping": [{"RemoteGroup": "Admingroup25"},{},{}]}}'

10.With GET got below given data:

"RemoteRoleMapping": [
{
"LocalRole": "Administrator",
"RemoteGroup": "Admingroup25"
},
{
"LocalRole": "Operator",
"RemoteGroup": "Admingroup214"
},
{
"LocalRole": "User",
"RemoteGroup": "Admingroup215"
}
],
11. Did a PATCH operation with below given Data:

'{"ActiveDirectory":{"RemoteRoleMapping": [{"LocalRole": "User"},{},{}]}}'

12.With GET got below given data:

"RemoteRoleMapping": [
{
"LocalRole": "User",
"RemoteGroup": "Admingroup25"
},
{
"LocalRole": "Operator",
"RemoteGroup": "Admingroup214"
},
{
"LocalRole": "User",
"RemoteGroup": "Admingroup215"
}
],

13. Did a PATCH operation with below given Data:

'{"ActiveDirectory":{"RemoteRoleMapping": [{},{"RemoteGroup": "Admingroup26","LocalRole": "User"},{}]}}'

14.With GET got below given data:

"RemoteRoleMapping": [
{
"LocalRole": "User",
"RemoteGroup": "Admingroup25"
},
{
"LocalRole": "User",
"RemoteGroup": "Admingroup26"
},
{
"LocalRole": "User",
"RemoteGroup": "Admingroup215"
}
],

Change-Id: Idc80cee94b8b55d036c2514d50c147a72ed4c7f2
Signed-off-by: Ratan Gupta <ratagupt@linux.vnet.ibm.com>
Signed-off-by: Nagaraju Goruganti <ngorugan@in.ibm.com>

show more ...

Redfish: Populate the RemoteRoleMapping prop under AccountService schema

Get request on account service gets the RemoteRoleMapping info.

Tested:
1.Ran redifsh validator and there are no errors
2.GE

Redfish: Populate the RemoteRoleMapping prop under AccountService schema

Get request on account service gets the RemoteRoleMapping info.

Tested:
1.Ran redifsh validator and there are no errors
2.GET Request on AccountService would add below given info if RoleMapping data
is configured on the system.
GET
"RemoteRoleMapping": [
{
"LocalRole": "<configured role>",
"RemoteUser": "<configured user>"
},
],

Change-Id: Ie22f0bb520de795d31a9aba76a56fe88886ed50b
Signed-off-by: Ratan Gupta <ratagupt@linux.vnet.ibm.com>
Signed-off-by: Nagaraju Goruganti <ngorugan@in.ibm.com>

show more ...

Redfish: Add support to upload/replace/view LDAP Certificate

Implements CertificateCollection schema to upload/list
existing LDAP certificates

Implements Certificate schema to view existing LDAP
ce

Redfish: Add support to upload/replace/view LDAP Certificate

Implements CertificateCollection schema to upload/list
existing LDAP certificates

Implements Certificate schema to view existing LDAP
certificate

Implements ReplaceCertificate action to replace existing
LDAP certificate.

Tested:
1. Tested schema with validator and no issues
2. Privilege map for certificate service is not yet pubished
3. POST on /redfish/v1/AccountService/LDAP/Certificates
curl -c cjar -b cjar -k -H "X-Auth-Token: $bmc_token" -H "Content-Type: application/octet-stream" -X POST -T testcert.pem https://${bmc}/redfish/v1/AccountServie/LDAP/Certificates
{
"@odata.context": "/redfish/v1/$metadata#Certificate.Certificate",
"@odata.id": "/redfish/v1/AccountService/LDAP/Certificates/1",
"@odata.type": "#Certificate.v1_0_0.Certificate",
"CertificateString": "-----BEGIN CERTIFICATE---------END CERTIFICATE-----\n",
"Description": "LDAP Certificate",
"Id": "1",
"Issuer": {
"City": "SomeCity",
"CommonName": "www.company.com",
"Country": "US",
"Organization": "MyCompany",
"State": "VA",
"organizationUnit": "MyDivision"
},
"KeyUsage": [
"KeyAgreement",
"ServerAuthentication"
],
"Name": "LDAP Certificate",
"Subject": {
"City": "SomeCity",
"CommonName": "www.company.com",
"Organization": "MyCompany",
"State": "VA",
"organizationUnit": "MyDivision"
},
"ValidNotAfter": "2029-03-14T02:11:02+00:00",
"ValidNotBefore": "2019-03-17T02:11:02+00:00"
}

4. GET on /redfish/v1/AccountService/LDAP/Certificates/
{
"@odata.context":
"/redfish/v1/$metadata#CertificateCollection.CertificateCollection",
"@odata.id": "/redfish/v1/AccountService/LDAP/Certificates",
"@odata.type": "#CertificateCollection.CertificatesCollection",
"Description": "A Collection of LDAP certificate instances",
"Members": [
{
"@odata.id": "/redfish/v1/AccountService/LDAP/Certificates/1"
}
],
"Members@odata.count": 1,
"Name": "LDAP Certificate Collection"
}

5.GET on /redfish/v1/CertificateService/CertificateLocations/
{
"@odata.context":
"/redfish/v1/$metadata#CertificateLocations.CertificateLocations",
"@odata.id": "/redfish/v1/CertificateService/CertificateLocations",
"@odata.type": "#CertificateLocations.v1_0_0.CertificateLocations",
"Description": "Defines a resource that an administrator can use in order to
locate all certificates installed on a given service",
"Id": "CertificateLocations",
"Links": {
"Certificates": [
{
"@odata.id":
"/redfish/v1/Managers/bmc/NetworkProtocol/HTTPS/Certificates/1"
},
{
"@odata.id": "/redfish/v1/AccountService/LDAP/Certificates/1"
}
],
"Certificates@odata.count": 2
},
"Name": "Certificate Locations"
}

6.GET on /redfish/v1/AccountService/LDAP/Certificates/1
{
"@odata.context": "/redfish/v1/$metadata#Certificate.Certificate",
"@odata.id": "/redfish/v1/AccountService/LDAP/Certificates/1",
"@odata.type": "#Certificate.v1_0_0.Certificate",
"CertificateString": "-----BEGINCERTIFICATE-----\n ... -----ENDCERTIFICATE-----\n",
"CertificateType": "PEM",
"Description": "LDAP Certificate",
"Id": "1",
"Issuer": {
"CommonName": "localhost",
"Organization": "openbmc-project.xyz"
},
"KeyUsage": [],
"Name": "LDAP Certificate",
"Subject": {
"CommonName": "localhost"
}

7.Replace certificate
POST on /redfish/v1/CertificateService/Actions/CertificateService.ReplaceCertificate/
{
"@odata.context": "/redfish/v1/$metadata#Certificate.Certificate",
"@odata.id": "/redfish/v1/AccountService/LDAP/Certificates/1",
"@odata.type": "#Certificate.v1_0_0.Certificate",
...
}
8.GET on AccountService
curl -k -H "X-Auth-Token: $bmc_token" -X GET
https://${bmc}/redfish/v1/AccountService
{
"@odata.context": "/redfish/v1/$metadata#AccountService.AccountService",
"@odata.id": "/redfish/v1/AccountService",
"@odata.type": "#AccountService.v1_4_0.AccountService",
"Id": "AccountService",
"LDAP": {
"AccountProviderType": "LDAPService",
"Certificates": {
"@odata.id": "/redfish/v1/AccountService/LDAP/Certificates"
},

Change-Id: I056a4cea8b0377e156b660984857cdfadbfe1b2c
Signed-off-by: Marri Devender Rao <devenrao@in.ibm.com>

show more ...

Redfish: Implement PATCH operation for ActiveDirectory property in AccountService

With this commit PATCH operation on the ActiveDirectory property
would configure the ActiveDirectory on the OpenBMC.

Redfish: Implement PATCH operation for ActiveDirectory property in AccountService

With this commit PATCH operation on the ActiveDirectory property
would configure the ActiveDirectory on the OpenBMC.

If one of the config is enabled, user needs to disable the other config.
eg: If LDAP is enabled and user tries to enable the Active Diretory
user will get the error and user need to disable the LDAP first.

TestedBy:
Enable the LDAP service: PASS
Login through LDAP credentials : PASS
Enable the AD service throws error as LDAP is already enabled: PASS
Disable the LDAP service : PASS
Enable the AD service : PASS
Login through AD credentials: PASS
Login through LDAP credentials, should not be allowed: PASS
Detailed test results are at following location.
https://pastebin.com/ibX5nyAc

Change-Id: I36d17757db1542604dbf5215728ac30f4e91f610
Signed-off-by: Ratan Gupta <ratagupt@linux.vnet.ibm.com>

show more ...

Redfish: Populate the ActiveDirectory property in AccountService schema

With this commit get request on account service gets the
LDAP/AD configuration.

TestedBy: 1) Run the redfish - validator

Redfish: Populate the ActiveDirectory property in AccountService schema

With this commit get request on account service gets the
LDAP/AD configuration.

TestedBy: 1) Run the redfish - validator
=> when there is no configuration
=> After LDAP Configuration.
=> After ActiveDirectory Configuration.
2) GET request through redfish
/redfish/v1/AccountService
Gets both LDAP and ActiveDirectory properties.
Detailed test results are at following location.
https://pastebin.com/ibX5nyAc

Change-Id: I0d6cdc2039eecffe96b6a27f3d65905ceb92d9b9
Signed-off-by: Ratan Gupta <ratagupt@linux.vnet.ibm.com>

show more ...

Remove AllowableValues for read-only LDAP values

Given that today LDAP doesn't support modification of the
AccountProviderType, and AuthenticationType parameters, providing
AllowableValues is a bit

Remove AllowableValues for read-only LDAP values

Given that today LDAP doesn't support modification of the
AccountProviderType, and AuthenticationType parameters, providing
AllowableValues is a bit of a misnomer, and a waste.

Tested:
Work in progress.
Would like to get concensus on this, then will verify correct responses
and error codes

Signed-off-by: Ed Tanous <ed.tanous@intel.com>
Change-Id: I6d2d38b581ce5a9f7b4106582aeb4ec3fc9c424a

show more ...

Redfish: Move checkDbusPathExist function to dbus utility

This function is a utility function which would be needed
by other files.

TestedBy: ran the redfish validator: PASS

Change-Id: I2a0d07f264

Redfish: Move checkDbusPathExist function to dbus utility

This function is a utility function which would be needed
by other files.

TestedBy: ran the redfish validator: PASS

Change-Id: I2a0d07f264952f47a724da11f72b15ca5e019d62
Signed-off-by: Ratan Gupta <ratagupt@linux.vnet.ibm.com>

show more ...

Redfish(Account): Support the patch for individual properties for LDAP

This commit supports the patch of individual properties under LDAP.

Tested by:
Ldap Config not exist
1

Redfish(Account): Support the patch for individual properties for LDAP

This commit supports the patch of individual properties under LDAP.

Tested by:
Ldap Config not exist
1) Run the redfish validator tool
2) PATCH the authentication, auth type, username property
Keep getting the message what is missing.
3) PATCH with all the required properties.
Ldap Config Exist
4) Run the redfish validator tool
5) PATCH the service address property
6) PATCH Auth type, account providertype
7) PATCH user name
8) PATCH multiple properties

Detailed test reults are at the following location
https://pastebin.com/ibX5nyAc

Change-Id: Ib09c7765f86f626d3b74b5ba7a3e7a97cedb4acf
Signed-off-by: Ratan Gupta <ratagupt@linux.vnet.ibm.com>

show more ...

Redfish: Populate the LDAP property in AccountService schema

With this commit get request on account service gets the
LDAP/AD configuration.

RemoteRoleMapping under LDAP property will be supported

Redfish: Populate the LDAP property in AccountService schema

With this commit get request on account service gets the
LDAP/AD configuration.

RemoteRoleMapping under LDAP property will be supported by
other commit.

TestedBy: 1) Run the redfish - validator
=> when there is no LDAP configuration
=> After LDAP Configuration.
2) GET request through redfish
/redfish/v1/AccountService

Detailed test cases are at the following location.
https://pastebin.com/ibX5nyAc

Change-Id: I718d1eb4b40d3a626440487ac9a63d8c96721cee
Signed-off-by: Ratan Gupta <ratagupt@linux.vnet.ibm.com>

show more ...

bmcweb: /s/boost::beast::string_view/std::string_view/g

Follow-on to https://gerrit.openbmc-project.xyz/c/openbmc/bmcweb/+/18891

Tested: Checked that the host console and virtual media endpoints

bmcweb: /s/boost::beast::string_view/std::string_view/g

Follow-on to https://gerrit.openbmc-project.xyz/c/openbmc/bmcweb/+/18891

Tested: Checked that the host console and virtual media endpoints
still worked as expected.

Change-Id: Ifdc5f21f3668bdf9bd24189504aaeb17b232c921
Signed-off-by: Adriana Kobylak <anoo@us.ibm.com>

show more ...

Fix AllowableValues failProp error

The RedfishServiceValidator throws the following error:
"ERROR - Locked@Redfish.AllowableValues[0]: Expected
string value, got type class 'bool'"

From http://redf

Fix AllowableValues failProp error

The RedfishServiceValidator throws the following error:
"ERROR - Locked@Redfish.AllowableValues[0]: Expected
string value, got type class 'bool'"

From http://redfish.dmtf.org/schemas/DSP0266_1.0.html#allowable-values

"6.5.4.7.2. Allowable values

The property representing the action may be annotated with the
"AllowableValues" annotation in order to specify the list of
allowable values for a particular parameter.

The set of allowable values is specified by including a property
whose name is the name of the parameter followed by
"@Redfish.AllowableValues", and whose value is a JSON array of
strings representing the allowable values for the parameter."

Moved AllowableValues[0] to a string.

Tested: Ran RedfishServiceValidator and no longer observe the
error.

Change-Id: I167416fe62449dd428f549c486069db0de7676b0
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>

show more ...

Allow multiple registrations

This patchset is the beginings of the infrastructure to allow
separate registrations, and map privileges to the actual node in the
url table rather than having each regi

Allow multiple registrations

This patchset is the beginings of the infrastructure to allow
separate registrations, and map privileges to the actual node in the
url table rather than having each registration manage privileges
manually.

Tested by:
Running redfish compliance tool. All things still pass.

Change-Id: I72d278cc19c60ba5b6e563fbd705b0551faf9a6a
Signed-off-by: Ed Tanous <ed.tanous@intel.com>

show more ...

Changing maxPasswordLength to 20

Changed maxPasswordLength to 20 as per
documentation.

Tested by:
- Checked redfish account properties
response and observed change value.

Signed-off-by: AppaRa

Changing maxPasswordLength to 20

Changed maxPasswordLength to 20 as per
documentation.

Tested by:
- Checked redfish account properties
response and observed change value.

Signed-off-by: AppaRao Puli <apparao.puli@linux.intel.com>
Change-Id: If1a963c29381bb7feb431f7e9b270b4432b72f9d

show more ...

Redfish(AccountService): Send the correct error message for the read only property

MinPasswordLength and MaxPasswordLength is a readOnly property
in the account service schema, so send the correct m

Redfish(AccountService): Send the correct error message for the read only property

MinPasswordLength and MaxPasswordLength is a readOnly property
in the account service schema, so send the correct message
if the user tries to PATCH these properties.

Change-Id: If231ca13ef97fc05928435ac14a8190a186beb06
Signed-off-by: Ratan Gupta <ratagupt@linux.vnet.ibm.com>

show more ...