Fix openbmc account service

Regenerate the OpenBMCAccount service json files from the script.

Tested: Redfish service validator passes.

Change-Id: I8661d8303b6963c58b6d97aafd52757b83aeb9cc
Signed-

Fix openbmc account service

Regenerate the OpenBMCAccount service json files from the script.

Tested: Redfish service validator passes.

Change-Id: I8661d8303b6963c58b6d97aafd52757b83aeb9cc
Signed-off-by: Ed Tanous <ed@tanous.net>

show more ...

Delete schemas.hpp

It is no longer used. Schemas are determined automatically from schemas
on disk. There's no reason to have one fixed schema list anymore.

Tested: Code compiles.

Change-Id: I8e

Delete schemas.hpp

It is no longer used. Schemas are determined automatically from schemas
on disk. There's no reason to have one fixed schema list anymore.

Tested: Code compiles.

Change-Id: I8e1692f3b137423efcb63d3fcfafcdb3e67a72f9
Signed-off-by: Ed Tanous <ed@tanous.net>

show more ...

Make journal log efficient

Journal logging currently loops over all entries to find even a single
entry. This was reasonable at the time when bmc couldn't really store a
lot, but now that BMCs are

Make journal log efficient

Journal logging currently loops over all entries to find even a single
entry. This was reasonable at the time when bmc couldn't really store a
lot, but now that BMCs are getting significantly more flash storage,
this simplification is insufficient. In an example system with an
AST2600, this API takes 32 seconds to respond. This is mediocre for
obvious reasons.

This commit updates to use the sd_journal APIs to let journald do the
skipping, which can use internal details and can be a lot more
efficient. To get the total size, bmcweb still needs to pull the
sequenceids of HEAD and TAIL to determine the complete size, but this is
still reasonable.

Tested:
Redfish service validator passes.

Various versions of top and skip return the correct result, pulling
various top sizes from 0, omitted to the limit.

https://gerrit.openbmc.org/c/openbmc/openbmc-tools/+/72975

To test all corner cases.

Change-Id: I0456bca4e037529f70eaee0bdd9191e9d5839226
Signed-off-by: Ed Tanous <etanous@nvidia.com>

show more ...

Break journal logging into methods

Like we've done other places, make log services journal follow the
naming convention, and break down lambdas into actual methods.

This is a refactor not intended

Break journal logging into methods

Like we've done other places, make log services journal follow the
naming convention, and break down lambdas into actual methods.

This is a refactor not intended to make any functional changes.

Tested: Redfish service validator passes. Journal works as before.

Change-Id: Ibbc7a13fba9c63606f7fd9c741af3b296633b664
Signed-off-by: Ed Tanous <etanous@nvidia.com>

show more ...

Break out Journal log into its own file

log_services.hpp probably shouldn't have been allowed to get as large
as it has. This commit starts by breaking out functions from
log_services.hpp, and move

Break out Journal log into its own file

log_services.hpp probably shouldn't have been allowed to get as large
as it has. This commit starts by breaking out functions from
log_services.hpp, and moves them to manager_logservices_journal.hpp.
Code is moved as-is with no functional changes.

Tested: Journal GET works as before. Redfish service validator passes.

Change-Id: I93c372ae3e39967e1b0eaf0cf496f84ac4114b5c
Signed-off-by: Ed Tanous <ed@tanous.net>

show more ...

EventDestination: Implement VerifyCertificate

VerifyCertificate is a property on the Redfish EventDestination schema.
It specifies that this property is:
``` An indication of whether the service wil

EventDestination: Implement VerifyCertificate

VerifyCertificate is a property on the Redfish EventDestination schema.
It specifies that this property is:
``` An indication of whether the service will verify the certificate of
the server referenced by the `Destination` property prior to sending the
event ```

To keep prior behavior, and to ensure behavior that's secure by default,
if the user omits the property, it is assumed to be true. This property
is also persisted and restored.

Tested:
Redfish-Event-Listener succeeds with the following procedure
Start Redfish-Event-Listener
PATCH /redfish/v1/Subscriptions/<subid> VerifyCertificate: false
POST /redfish/v1/EventService/Actions/EventService.SubmitTestEvent

Redfish-Event-Listener then hits an internal error, due to an encoding
compatibility unrelated to this patch, but is documented in the receiver
[1]

POST of a subscription with VerifyCertificate: false set, succeeds.

[1] https://github.com/DMTF/Redfish-Event-Listener/blob/6f3f98beafc89fa9bbf86aa4f8cac6c1987390fb/RedfishEventListener_v1.py#L61

Change-Id: I27e0a3fe87b4dbd0432bfaa22ebf593c3955db11
Signed-off-by: Ravi Teja <raviteja28031990@gmail.com>
Signed-off-by: Ed Tanous <etanous@nvidia.com>

show more ...

Fix markdownlint issues

Markdownlint flags a number of issues, mostly around using bare urls.
Fix all reported issues.

Tested: Markdownlint builds now run without warnings.

Change-Id: I11631c6e038

Fix markdownlint issues

Markdownlint flags a number of issues, mostly around using bare urls.
Fix all reported issues.

Tested: Markdownlint builds now run without warnings.

Change-Id: I11631c6e038dcbefc231fdbaa92431f0913a571e
Signed-off-by: Ed Tanous <etanous@nvidia.com>

show more ...

Fix meson warnings on symlinks

Meson warns on copying symlinks that the behavior might change. Make it
explicit.

Tested: Code compiles without warnings.

Change-Id: I32e1e7ab36db0c3b67b89aa215fe00

Fix meson warnings on symlinks

Meson warns on copying symlinks that the behavior might change. Make it
explicit.

Tested: Code compiles without warnings.

Change-Id: I32e1e7ab36db0c3b67b89aa215fe00c8931ddd89
Signed-off-by: Ed Tanous <etanous@nvidia.com>

show more ...

Fix crash on subscriptions

When the subscription limit is hit, there is Subscription events
generated when Subscription objects are constructed. Unfortunately, we
make an accidental copy of the Sub

Fix crash on subscriptions

When the subscription limit is hit, there is Subscription events
generated when Subscription objects are constructed. Unfortunately, we
make an accidental copy of the Subscription object in
include/persistent_data.hpp

https://gerrit.openbmc.org/c/openbmc/bmcweb/+/72670

Is lined up to fix that issue, but we need to fix the underlying problem
where we have memory safety issues in global variables.

This commit is something to fix the issue, by simply destroying the
object causing the problem before more events can be received.

Tested:
Followed instructions on the aforementioned commit to create the max
number of subscriptions.
Called systemctl restart bmcweb

Observed no more crash on shutdown.

Change-Id: Ie52545f5cb8a044c186d0e9db47362e170b1fdb5
Signed-off-by: Ed Tanous <ed@tanous.net>

show more ...

Remove unused variable

This hasn't been used in a while. Remove it.

Tested: Code compiles.

Change-Id: I3134cee6e013a630cc7d17727c2f29de3a40fbc1
Signed-off-by: Ed Tanous <etanous@nvidia.com>
Signe

Remove unused variable

This hasn't been used in a while. Remove it.

Tested: Code compiles.

Change-Id: I3134cee6e013a630cc7d17727c2f29de3a40fbc1
Signed-off-by: Ed Tanous <etanous@nvidia.com>
Signed-off-by: Ed Tanous <ed@tanous.net>

show more ...

Fix typo regression

This is an obvious typo introduced in
253f11b84347de6bff7c6b624bef270fefae5f5a

It's under a less used option, which is why it doesn't show up in
tests, but is obviously wrong.

Fix typo regression

This is an obvious typo introduced in
253f11b84347de6bff7c6b624bef270fefae5f5a

It's under a less used option, which is why it doesn't show up in
tests, but is obviously wrong. Fix it.

Tested: Inspection only.

Change-Id: Ic90f680890c32c0a2b698de61cc5caa99799e40b
Signed-off-by: Ed Tanous <ed@tanous.net>

show more ...

Fix OpenBMC OEMManager

The OpenBMC OEM schemas have had many things wrong since their creation,
to the point where nobody could be using them to generate values. This
commit fixes the issues, namel

Fix OpenBMC OEMManager

The OpenBMC OEM schemas have had many things wrong since their creation,
to the point where nobody could be using them to generate values. This
commit fixes the issues, namely.
OemManager schema and namespace are renamed to OpenBMCManager, in line
with the Redfish specification around OEM naming conventions.
OpenBMCManager now includes versions, which is a partial fix for #184.
json-schemas are regenerated from the CSDL to json script in
Redfish-Tools, rather than being handmade. This also introduces
versions in the json-schema.

Tested:
Redfish service validator passes.

Change-Id: I18f7d0445105a361775c04ae614d6ae2e297bbf6
Signed-off-by: Ed Tanous <ed@tanous.net>

show more ...

Show hypervisor path on GET of Systems collection

Redfish GET on `/redfish/v1/Systems` is missing to show the hypervisor
resource in its members list, even though hypervisor is available.
This commi

Show hypervisor path on GET of Systems collection

Redfish GET on `/redfish/v1/Systems` is missing to show the hypervisor
resource in its members list, even though hypervisor is available.
This commit fixes missing hypervisor resource in a GET response on
Systems collection. The `Members@odata.count` is retrieved as `uint64_t`
pointer. But the Json library might store this value as "int" or
"size_t". Therefore, directly casting it to uint64_t* might not work
as expected.

Tested By:
Verified "GET https://${bmc}/redfish/v1/Systems" returns the hypervisor
resource

Change-Id: If8713fc70663cf72cc555f695b8f4ec6547215a2
Signed-off-by: Asmitha Karunanithi <asmitk01@in.ibm.com>

show more ...

Make schemas selectable

Which schemas are installed should be selectable in both a meson config,
and trivially by forks. This commit gets us closer to that idea.

It does it in several ways, first,

Make schemas selectable

Which schemas are installed should be selectable in both a meson config,
and trivially by forks. This commit gets us closer to that idea.

It does it in several ways, first, the code for generating
JsonSchemaFile resources has been changed to be generated at runtime,
based on files on disk. This is slightly slower, but allows installing
schemas from anywhere, and matches the CSDL handling.

Next, the schema folders are separated into two sets
csdl -> This includes the complete schema pack from dmtf
installed -> this includes only the schemas the bmc includes

Similar folders exist for json-schema and json-schema-installed.

This allows any additional schemas to be a single symlink addition.
Note, this also checks in all of the dmtf json schemas, not just the
versions we use. This allows us to update the schema pack without
needing to break our versions we ship.

Because the static files are now selectable, all files need to be in a
folder. This forces the css and image for the redfish built-in gui to
be moved.

Tested:
/redfish/v1/JsonSchemas returns the correct result
/redfish/v1/JsonSchemas/UpdateService returns a JsonSchemaFile instance
/redfish/v1/JsonSchemas/UpdateService/UpdateService<version>json returns
the JsonSchemaFile contents.

Redfish service validator passes.

Change-Id: Ie96b2e4b623788dc2ec94eb40fcfd80325f0d826
Signed-off-by: Ed Tanous <ed@tanous.net>

show more ...

Support RespondToUnauthenticatedClients PATCH

RespondToUnauthenticatedClients allows users to explicitly select mTLS
as their only authentication mechanism, thus significantly reducing
their code ex

Support RespondToUnauthenticatedClients PATCH

RespondToUnauthenticatedClients allows users to explicitly select mTLS
as their only authentication mechanism, thus significantly reducing
their code exposure to unauthenticated clients.

From the Redfish specification

```
The RespondToUnauthenticatedClients property within the
ClientCertificate property within the MFA property of the AccountService
resource controls the response behavior when an invalid certificate is
provided by the client.
• If the property contains true or is not
supported by the service, the service shall not fail the TLS handshake.
This is to allow the service to send error messages or unauthenticated
resources to the client.
• If the property contains false , the service
shall fail the TLS handshake.
```

This commit implements that behavior.

This also has some added benefits in that we no longer have to check the
filesystem for every connection, as TLS is controlled explicitly, and
not whether or not a root cert is in place.

Note, this also implements a TODO to disable cookie auth when using
mTLS. Clients can still use IsAuthenticated to determine if they are
authenticated on request.

Tested:
Run scripts/generate_auth_certs.py to set up a root certificate and
client certificate. This verifies that mTLS as optional has not been
broken. Script succeeds.

```
PATCH /redfish/v1/AccountService
{"MultiFactorAuth": {"ClientCertificate": {"RespondToUnauthenticatedClients": false}}}
```

GET /redfish/v1
without a client certificate now fails with an ssl verification error

GET /redfish/v1
with a client certificate returns the result

```
PATCH /redfish/v1/AccountService
{"MultiFactorAuth": {"ClientCertificate": {"RespondToUnauthenticatedClients": false}}}
With certificate returns non mTLS functionality.
```

Change-Id: I5a9d6d6b1698bff83ab62b1f760afed6555849c9
Signed-off-by: Ed Tanous <ed@tanous.net>

show more ...

Store Request Fields that are needed later

Because of recent changes to how dbus authentication is done, Requests
might be moved out before they can be used. This commit is an attempt
to mitigate t

Store Request Fields that are needed later

Because of recent changes to how dbus authentication is done, Requests
might be moved out before they can be used. This commit is an attempt
to mitigate the problem without needing to revert that patch.

This commit does two relatively distinct things.

First, it moves basic auth types to a model where they're timed out
instead of removed on destruction. This removes the need for a Request
object to track that state, and arguably gives better behavior, as
basic auth sessions will survive through the timeout.
To prevent lots of basic auth sessions getting created, a basic auth
session is reused if it was:
1. Created by basic auth previously.
2. Created by the same user.
3. Created from the same source IP address.

Second, both connection classes now store the accept, and origin headers
from the request in the connection class itself, removing the need for
them.

Tested: HTML page now loads when pointing at a redfish URL with a
browser.

Change-Id: I623b43cbcbb43d9e65b408853660be09a5edb2b3
Signed-off-by: Ed Tanous <ed@tanous.net>

show more ...

Mutual TLS parsing change at runtime

Redfish AccountService[1] defines methods for selecting how to map a
certificate CommonName attribute to a user. These are intended to be a
patch parameter.

Th

Mutual TLS parsing change at runtime

Redfish AccountService[1] defines methods for selecting how to map a
certificate CommonName attribute to a user. These are intended to be a
patch parameter.

This commit implements the Redfish defined schemas; The parsing mode is
stored in the bmcweb persistent configuration file as an integer enum,
with Mapping to the Redfish schema.

To handle OEM specific parsing modes, an enum value of 100+ is defined
to allow the additional OEM parameters. Unfortunately, Redfish doesn't
have a way to represent these today, so those modes are currently not
selectable at runtime.

Now that things are runtime selectable, this obsoletes the option
mutual-tls-common-name-parsing, as it is not longer required at compile
time.

Tested:
GET /redfish/v1/AccountService

returns MultiFactorAuth/ClientCertificate/CertificateMappingAttribute

PATCH /redfish/v1/AccountService
```
{"MultiFactorAuth": {"ClientCertificate": {"CertificateMappingAttribute":"CommonName"}}}
```

Returns 200

[1] https://github.com/DMTF/Redfish-Publications/blob/5b217908b5378b24e4f390c063427d7a707cd308/csdl/AccountService_v1.xml#L1631

Change-Id: I67db0dfa5245a9da973320aab666d12dbd9229e4
Signed-off-by: Ed Tanous <ed@tanous.net>

show more ...

Make multipart use consistent parse

This is an instance of common error #5. Fix it.

Tested: Code compiles. Inspection only.

Change-Id: I5580a9789930ffab6513a03689b633d5201e72a4
Signed-off-by: Ed

Make multipart use consistent parse

This is an instance of common error #5. Fix it.

Tested: Code compiles. Inspection only.

Change-Id: I5580a9789930ffab6513a03689b633d5201e72a4
Signed-off-by: Ed Tanous <ed@tanous.net>

show more ...

Send cookies to webui-vue from Sessions POST

Using Redfish-standard X-Auth-Token authentication is less secure
(against injected JS code) compared to an HttpOnly (not available to the
JS VM) SESSION

Send cookies to webui-vue from Sessions POST

Using Redfish-standard X-Auth-Token authentication is less secure
(against injected JS code) compared to an HttpOnly (not available to the
JS VM) SESSION cookie. Currently webui-vue authenticates connections to
WebSocket URIs not only by a JS-accessible token (passed as subprotocol
when upgrading to WS) but also via a SESSION cookie (even though it is
not subject to CORS policy).

To allow WebSocket-based functionality (IP KVM, SOL, VM) after creating
a Session object send a set of cookies instead of the X-Auth-Token
header if the request was made by webui-vue (detected by presence of
"X-Requested-With" header).

Factor out cookie setting and clearing functions and use explicit Path=/
attribute as the cookies are valid for the whole server, not just the
path of the endpoint they were created by.

Not specifying Path was functional for /login endpoint because
https://www.rfc-editor.org/rfc/rfc6265#section-5.3 point 7 for this case
says "set the cookie's path to the default-path of the request-uri" and
https://www.rfc-editor.org/rfc/rfc6265#section-5.1.4 tells how to
compute the default path. Basically, it was a "happy coincidence" that
/login defaults to / for the Path, if it was /openbmc/login then the
cookies would have been set to Path=/openbmc and not work at all for
/redfish/v1 endpoints.

Tested: Redfish-Service-Validator doesn't see a difference. Runtime
testing logging in via Sessions endpoint, getting data, using websockets
and logging out against webui-vue with a corresponding change while
carefully observing Request and Response headers. Creating a session
with curl without the special header shows just X-Auth-Token and no
cookies in the response.

Change-Id: I0b1774e586671874bb79f115e9cddf194f9ea653
Signed-off-by: Paul Fertser <fercerpav@gmail.com>

show more ...

Fix Chassis Topology Links Handling

https://gerrit.openbmc.org/c/openbmc/bmcweb/+/60914 implements topology
links for chassis using `getAssociationEndPoints()` for
`containing/contained_by` associat

Fix Chassis Topology Links Handling

https://gerrit.openbmc.org/c/openbmc/bmcweb/+/60914 implements topology
links for chassis using `getAssociationEndPoints()` for
`containing/contained_by` associations.

If the association is used only between chassis, the desired result is
obtained.

```
busctl get-property xyz.openbmc_project.Inventory.Manager \
/xyz/openbmc_project/inventory/system/chassis \
xyz.openbmc_project.Association.Definitions Associations

a(sss) ...
containing" "contained_by" "/xyz/openbmc_project/inventory/system/chassis/motherboard/rdx0"
```

```
$ curl -k -X GET https://${bmc}/redfish/v1/Chassis/chassis
{
"@odata.id": "/redfish/v1/Chassis/chassis",
"@odata.type": "#Chassis.v1_22_0.Chassis",

"Links": {
"Contains": [
...
{
"@odata.id": "/redfish/v1/Chassis/rdx0"
},
```

However, the same associations can also be used for the other cases
which may also be used for the other types[1].

For example, https://gerrit.openbmc.org/c/openbmc/openbmc/+/70372 also
adds the associations between chassis and the non-chassis/board
resources.

```
busctl get-property xyz.openbmc_project.Inventory.Manager \
/xyz/openbmc_project/inventory/system/chassis \
xyz.openbmc_project.Association.Definitions Associations
…

"containing" "contained_by" "/xyz/openbmc_project/inventory/system/chassis/motherboard/connector0"
…
"containing" "contained_by" "/xyz/openbmc_project/inventory/system/chassis/motherboard/rdx0"

```

In that case, Chassis Links gives the undesired result including
the non-chassis resources in `Contains` collection.

```
$ curl -k -X GET https://${bmc}/redfish/v1/Chassis/chassis
{
"@odata.id": "/redfish/v1/Chassis/chassis",
"@odata.type": "#Chassis.v1_22_0.Chassis",

"Links": {
"Contains": [
...
{
"@odata.id": "/redfish/v1/Chassis/connector0"
},
...
```

This commit is to limit to get the chassis/board resources for Chassis
`Contains` collection.

Tested:
- Check Chassis/Links collection to see whether there are non-chassis
`curl -k -X GET https://${bmc}/redfish/v1/Chassis/chassis`

- Redfish Service Validator passes

[1] https://github.com/openbmc/phosphor-dbus-interfaces/blob/e2c9bc74f2b8c0e78c305894289f8938d75ee108/yaml/xyz/openbmc_project/Inventory/Item/README.md?plain=1#L21

Change-Id: I472fc12379694acc35055965400141dbb1b33bfc
Signed-off-by: Myung Bae <myungbae@us.ibm.com>

show more ...

Fix returning Roles for Sessions POST

When the session is just getting created the normal privileges
validation workflow isn't executed and so the current role remains
unknown. Fix this by refactori

Fix returning Roles for Sessions POST

When the session is just getting created the normal privileges
validation workflow isn't executed and so the current role remains
unknown. Fix this by refactoring dbus_privileges.hpp to allow obtaining
the information from phosphor-user-manager late in the request
processing.

Tested: Redfish Service Validator passes.

Creating a session for local user:
```
$ curl -k -H "Content-Type: application/json" -X POST https://172.41.1.250:18080/redfish/v1/SessionService/Sessions -d '{"UserName":"root", "Password":"0penBmc"}'
{
"@odata.id": "/redfish/v1/SessionService/Sessions/lfFsCNjshV",
"@odata.type": "#Session.v1_7_0.Session",
"ClientOriginIPAddress": "172.40.1.4",
"Description": "Manager User Session",
"Id": "lfFsCNjshV",
"Name": "User Session",
"Roles": [
"Administrator"
],
"UserName": "root"
}
```
Creating a session for remote user mapped to Operator:
```
$ curl -k -H "Content-Type: application/json" -X POST https://172.41.1.250:18080/redfish/v1/SessionService/Sessions -d '{"UserName":ldap_sync", "Password":"ldap_password"}'
{
"@odata.id": "/redfish/v1/SessionService/Sessions/qVffc4ePJK",
"@odata.type": "#Session.v1_7_0.Session",
"ClientOriginIPAddress": "172.40.1.4",
"Description": "Manager User Session",
"Id": "qVffc4ePJK",
"Name": "User Session",
"Roles": [
"Operator"
],
"UserName": "ldap_sync"
}
```

Fixes: https://github.com/openbmc/bmcweb/issues/280
Fixes: ce22f6099e7e28ae26591348bf484ebedbc1ed42
Change-Id: If76c43563244e3819ee3fbc60d9df7f6a21c1fa3
Signed-off-by: Paul Fertser <fercerpav@gmail.com>

show more ...

Allow fuzzy string comparisons in $filter expr

Filter allows comparing certain strings as numeric greater than or less
than operators. The most obvious example of this is something like

\$filter=C

Allow fuzzy string comparisons in $filter expr

Filter allows comparing certain strings as numeric greater than or less
than operators. The most obvious example of this is something like

\$filter=Created gt <timestamp>

Because internally timestamps are treated as strings, this requires
including and parsing out the timestamps again, which we have utilities
for.

In addition, "fuzzy" string comparisons, like

GPU_2 gt GPU_1

Should also be supported.

Tested: Unit tests pass

Change-Id: I39fc543921ed8cc93664d9cf297dad8ee902b68f
Signed-off-by: Ed Tanous <ed@tanous.net>

show more ...

Use lexme in redfish filter parser

Previously, the parser added space ignore instructions between every
node. This is because there was one place where we actually cared about
spaces, when doing op

Use lexme in redfish filter parser

Previously, the parser added space ignore instructions between every
node. This is because there was one place where we actually cared about
spaces, when doing operator comparisons (x eq y). If spaces are
ignored, it's impossible to determine the end of x and the beginning of
eq.

Spirit x3 has a lexeme, which allows us to ignore the parser skips
temporarily, which allows us to parse the operations in a much simpler
way. This also requires that we change to phrase_parse instead of
parse.

Tested: Unit tests pass. Good coverage.

Change-Id: Ifc6f1681e8524ba5032ee118cc3b3a18b30c639e
Signed-off-by: Ed Tanous <ed@tanous.net>

show more ...

Add filter parameter support

$filter is a parameter documented in the Redfish specification, section
7.3.4. It defines a mechanism for filtering arbitrary collections of
parameters based on a set o

Add filter parameter support

$filter is a parameter documented in the Redfish specification, section
7.3.4. It defines a mechanism for filtering arbitrary collections of
parameters based on a set of arbitrary language expressions.

From the specification, it supports the following language operators:

() Precedence grouping operator.
(Status/State eq 'Enabled' and Status/Health eq 'OK')
or SystemType eq 'Physical'

and Logical and operator.
ProcessorSummary/Count eq 2 and MemorySummary/TotalSystemMemoryGiB gt 64

eq Equal comparison operator.
ProcessorSummary/Count eq 2

ge Greater than or equal to comparison operator.
ProcessorSummary/Count ge 2

gt Great than comparison operator.
ProcessorSummary/Count gt 2

le Less than or equal to comparison operator
MemorySummary/TotalSystemMemoryGiB le 64

lt Less than comparison operator.
MemorySummary/TotalSystemMemoryGiB lt 64

ne Not equal comparison operator.
SystemType ne 'Physical'

not Logical negation operator.
not (ProcessorSummary/Count eq 2)

or Logical or operator.
ProcessorSummary/Count eq 2 or ProcessorSummary/Count eq 4

Support for these operators have been added in previous commits. This
commit enables them behind the insecure-enable-redfish-query meson
option. This is an arbitrary language, so the likelihood there's some
improper implementation in the patch is high. This gives folks the
ability to test it.

Tested:
Lots of unit tests included in this patch.

Functionally tested the basic operators:
```
GET /redfish/v1/Managers/bmc/LogServices/Journal/Entries?\$filter=EntryType+eq+'Oem'
GET /redfish/v1/Managers/bmc/LogServices/Journal/Entries?\$filter=EntryType+ne+'Oem'
```

Function as expected, producing multiple results or no results
respectively.

GET /redfish/v1 reports "FilterQuery": true

Redfish service validator passes.

Change-Id: Id568acc5dcfce868af12da5ee16c4f0caae8060a
Signed-off-by: Ed Tanous <ed@tanous.net>

show more ...

Filter Expression parser

This commit implements a parser for $filter expressions, per the redfish
specification and odata specification. This is intended to be used to
support $filter query for col

Filter Expression parser

This commit implements a parser for $filter expressions, per the redfish
specification and odata specification. This is intended to be used to
support $filter query for collections.

For parsing libraries, this commit chooses boost spirit x3. It's chosen
because it doesn't require a new external dependency, and is done
entirely in the compiler, using C++ syntax. While the syntax is still
somewhat difficult to read, there's a slew of unit tests included to
make sure that at least the common things we expect to work will parse
correctly.

Tested: Unit tests pass (good coverage). Code not yet used.

Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: I1b0ab615bc49064acab4dad47f0a8aa499557bfc

show more ...