Move clang-off / clang-on to catch scope

As a comment in https://gerrit.openbmc.org/c/openbmc/bmcweb/+/86868
suggested "You might also consider moving this up a line so you catch
the scope on both s

Move clang-off / clang-on to catch scope

As a comment in https://gerrit.openbmc.org/c/openbmc/bmcweb/+/86868
suggested "You might also consider moving this up a line so you catch
the scope on both sides."

This enforces just the slightest bit more clang-format.

Rerun script.

Tested: Builds. Manual changes to script only. Rest generated.

Change-Id: I8ff01befc56c576716f5d83bd90763354b1ff0c5
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>

show more ...

Rename switch namespace

switch is a reserved keyword in C++.. Therefore "namespace switch" is
illegal C++ code.

Add a couple lines of python code to check for keywords and then rename
with a rf_ at

Rename switch namespace

switch is a reserved keyword in C++.. Therefore "namespace switch" is
illegal C++ code.

Add a couple lines of python code to check for keywords and then rename
with a rf_ at the front, e.g. namespace rf_switch.

Rerun the script update_schemas.py script.

This showed downstream, but probably would have upstream too.

```
switch.hpp:8:11: error: expected identifier or '{' [clang-diagnostic-error]
8 | namespace switch
| ^
.../bmcweb/redfish-core/include/generated/enums/switch.hpp:8:11: error: expected unqualified-id [clang-diagnostic-error]

...

FAILED: meson-internal__clang-tidy-fix
```

Change-Id: I58be67fc0df6e5056e63da5302724e6509b7114b
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>

show more ...

Move to Redfish 2025.4

One line change and rerun the script. 2025.4 includes new properties.
One use case is for Redundancy. For the complete overview see [1].

Tested: Visual and build only. In the

Move to Redfish 2025.4

One line change and rerun the script. 2025.4 includes new properties.
One use case is for Redundancy. For the complete overview see [1].

Tested: Visual and build only. In the past these have not broken things.

[1]: https://www.dmtf.org/sites/default/files/Redfish_Release_2025.4_Overview.pdf

Change-Id: Icaf710eaa99816264993a964ef9dd8a7f5e7722a
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>

show more ...

Modify enum generation for clang

Clang-format was unhappy with the new
redfish-core/include/generated/enums/switch.hpp in 2025.4

```
diff --git a/redfish-core/include/generated/enums/switch.hpp b/r

Modify enum generation for clang

Clang-format was unhappy with the new
redfish-core/include/generated/enums/switch.hpp in 2025.4

```
diff --git a/redfish-core/include/generated/enums/switch.hpp b/redfish-core/include/generated/enums/switch.hpp
index 6acf6e28..cabc8562 100644
--- a/redfish-core/include/generated/enums/switch.hpp
+++ b/redfish-core/include/generated/enums/switch.hpp
@@ -5,7 +5,7 @@

namespace switch
{
-// clang-format off
+ // clang-format off
```

Move turning clang-format off before the namespace fixes.
¯\_(ツ)_/¯
Do that in generate_schema_enums.py and rerun update_schemas.py.

Adding 4 spaces before the clang-format off broke other generated
enums. Broke out from 2025.4.

Tested: Visual and build only.

Change-Id: Ic03aa558b405957f15035570d376c46c545906c0
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>

show more ...

Fix CI: Reformat using Black 26.1.0

CI is failing due to the formatting of scripts/parse_registries.py. Run
Black.

black -l 79 <filename>

Current:
Running black (black, 26.1.0 (compiled: no))

Fix CI: Reformat using Black 26.1.0

CI is failing due to the formatting of scripts/parse_registries.py. Run
Black.

black -l 79 <filename>

Current:
Running black (black, 26.1.0 (compiled: no))
reformatted scripts/parse_registries.py

Before:
Running black (black, 25.12.0 (compiled: no))

Tested: Visual only.

Change-Id: I08051019760994a095eeedab2ae0d8c91984e979
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>

show more ...

Parse number types from the base registry

Rather than maintaining a list of arguments that are numbers (which is
error prone), update the script to just trust that the few parameters
labeled in Redf

Parse number types from the base registry

Rather than maintaining a list of arguments that are numbers (which is
error prone), update the script to just trust that the few parameters
labeled in Redfish as numbers should in fact show up in the API as
numbers.

Functionally this changes the APIs for only a few error messages, only
one of which (StringValueTooShort) is used and that usage was added
recently.

Tested: SRV passes.

Change-Id: I580523ecc0263688738bcb7f7925913e40e2a113
Signed-off-by: Ed Tanous <etanous@nvidia.com>

show more ...

PasswordChangeRequired: Fix error message

The PasswordChangeRequired error was incorrectly formatted. Per the
spec, it should be an error response and 403 on all requests except for
session creation

PasswordChangeRequired: Fix error message

The PasswordChangeRequired error was incorrectly formatted. Per the
spec, it should be an error response and 403 on all requests except for
session creation, which is just a `@Message.ExtendedInfo` annotation.
See [1].

This is a follow-up to 1c651ee12ad55ab6626c2baf3754aecda305ba43 which
accidentally only broke out the password change logic for session
creation. This change adjusts the non-session-creation error response
for PasswordChangeRequired to return a proper error.

Tested:
- Built a romulus image
- Ran `passwd --expire root`
- curl to Managers and session creation

```
╰─○ curl -kv --user "$BMC_USER:$BMC_PASS" https: //localhost:2443/redfish/v1/Managers
< HTTP/2 403
{
"error": {
"@Message.ExtendedInfo": [
{
"@odata.type": "#Message.v1_1_1.Message",
"Message": "The password provided for this account must be changed before access is granted. PATCH the Password property for this account located at the target URI '/redfish/v1/AccountService/Accounts/root' to complete this process.",
"MessageArgs": [
"/redfish/v1/AccountService/Accounts/root"
],
"MessageId": "Base.1.19.PasswordChangeRequired",
"MessageSeverity": "Critical",
"Resolution": "Change the password for this account using a PATCH to the Password property at the URI provided."
}
],
"code": "Base.1.19.PasswordChangeRequired",
"message": "The password provided for this account must be changed before access is granted. PATCH the Password property for this account located at the target URI '/redfish/v1/AccountService/Accounts/root' to complete this process."
}
}

╰─○ curl -kv -X POST -H 'Content-Type: application/json' -d '{"UserName": "root", "Password": "..."}' https://localhost:2443/redfish/v1/SessionService/Sessions
< HTTP/2 201
{
"@Message.ExtendedInfo": [
{
"@odata.type": "#Message.v1_1_1.Message",
"Message": "The password provided for this account must be changed before access is granted. PATCH the Password property for this account located at the target URI '/redfish/v1/AccountService/Accounts/root' to complete this process.",
"MessageArgs": [
"/redfish/v1/AccountService/Accounts/root"
],
"MessageId": "Base.1.19.PasswordChangeRequired",
"MessageSeverity": "Critical",
"Resolution": "Change the password for this account using a PATCH to the Password property at the URI provided."
}
],
"@odata.id": "/redfish/v1/SessionService/Sessions/klDQdHSMME",
"@odata.type": "#Session.v1_7_0.Session",
"ClientOriginIPAddress": "0.0.0.0",
"Description": "Manager User Session",
"Id": "klDQdHSMME",
"Name": "User Session",
"Roles": [
"Administrator"
],
"UserName": "root"
}
```

[1]: https://www.dmtf.org/sites/default/files/standards/documents/DSP0266_1.22.1.html#password-change-required-handling

Change-Id: I0ab50b4e2298d13ae00f84bc7891c2a14610e1b2
Signed-off-by: Joey Berkovitz <joey@berkovitz.us>

show more ...

Add back include cleaner

Include cleaner helps the code review process. Add it back, by ignoring
some of the more recent boost headers.

Change-Id: I6eddd0e67cd9f469c93fbb344cc1ab46231e450f
Signed-

Add back include cleaner

Include cleaner helps the code review process. Add it back, by ignoring
some of the more recent boost headers.

Change-Id: I6eddd0e67cd9f469c93fbb344cc1ab46231e450f
Signed-off-by: Ed Tanous <etanous@nvidia.com>

show more ...

Redfish 2025.3

1 line change in scripts/update_schemas.py to point at 2025.3 and run
the script.

See below for more info on this release [1]

Tested: Inspection only. These have not broke things in

Redfish 2025.3

1 line change in scripts/update_schemas.py to point at 2025.3 and run
the script.

See below for more info on this release [1]

Tested: Inspection only. These have not broke things in the past.
Symlinks are getting updated:
```
head -n 4 redfish-core/schema/dmtf/json-schema-installed/ComputerSystem.v1_*.json
{
"$id": "http://redfish.dmtf.org/schemas/v1/ComputerSystem.v1_26_0.json",
"$ref": "#/definitions/ComputerSystem",
"$schema": "http://redfish.dmtf.org/schemas/v1/redfish-schema-v1.json",
```

[1]: https://www.dmtf.org/sites/default/files/Redfish_Release_2025.3_Overview.pdf

Change-Id: Icc0e7b2bc775be6fa0f842670820319b79606507
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>

show more ...

Generate update registry

Generate the update registry, needed to return correct error messages
from update service.

Change-Id: Ifaa699cad8531070aea47d2476c1834df7c61e08
Signed-off-by: Alexander Han

Generate update registry

Generate the update registry, needed to return correct error messages
from update service.

Change-Id: Ifaa699cad8531070aea47d2476c1834df7c61e08
Signed-off-by: Alexander Hansen <alexander.hansen@9elements.com>

show more ...

flip http2 flag for generate auth cert integration test

this commit is enhancing the gen auth cert test by using better
flag option for http2 and not flipping the value

Change-Id: I989606807ba0f286

flip http2 flag for generate auth cert integration test

this commit is enhancing the gen auth cert test by using better
flag option for http2 and not flipping the value

Change-Id: I989606807ba0f286a16c1e6e3f1bfc5dbe6a430d
Signed-off-by: Malik Akbar Hashemi Rafsanjani <malikrafsan@meta.com>

show more ...

add integration testing for auth using http2

with this commit, we will make the integration testing of
`generate_auth_certificate` to use http2 by default

this is aligned with previous commit to en

add integration testing for auth using http2

with this commit, we will make the integration testing of
`generate_auth_certificate` to use http2 by default

this is aligned with previous commit to enable http2 for mutual TLS

Change-Id: I79bb95ef1ad3aaa597900c122372a06d205386f2
Signed-off-by: Malik Akbar Hashemi Rafsanjani <malikrafsan@meta.com>

show more ...

Add SubordinateOverrides & Fix Log_services privileges

SubordinateOverrides:
This commit automates the creation of SubordinateOverrides privileges
structures from the redfish privilege registry.

Add SubordinateOverrides & Fix Log_services privileges

SubordinateOverrides:
This commit automates the creation of SubordinateOverrides privileges
structures from the redfish privilege registry. In addition, it
enhances the function of parse_registries.py.

It reads SubordinateOverrides privilege registry from DMTF and
generates const defines SubordinateOverrides for all the privilege
registry entries in the same format that the Privileges struct
accepts.

Moreover, it generates unique const defines for all
SubordinateOverrides target levels.
Ex: EthernetInterface SubordinateOverrides has two "Targets":
["Manager", "EthernetInterfaceCollection"]. So
parse_registries.py generates two unique const

1) Subordinate override for Manager -> EthernetInterface
2) Subordinate override for Manager ->
EthernetInterfaceCollection -> EthernetInterface

Note: if SubordinateOverrides privilege gets changed, then it
automatically updates that route privilege, but if
SubordinateOverrides target gets changed, then the user needs to
update that manually.

Fix Log_services privileges:
In Log_services, some of the privileges not following the
Redfish_1.1.0_PrivilegeRegistry registry.

This commit contains the following LogServices privileges.

1) POST method
```
ComputerSystem -> LogServiceCollection -> LogService
- POST /redfish/v1/Systems/<str>/LogServices/EventLog/Actions/LogService.ClearLog/
- POST /redfish/v1/Systems/<str>/LogServices/Dump/Actions/LogService.CollectDiagnosticData/
- POST /redfish/v1/Systems/<str>/LogServices/Dump/Actions/LogService.ClearLog/
- POST /LogServices/PostCodes/Actions/LogService.ClearLog/
```

2) DELETE method
```
ComputerSystem -> LogServiceCollection -> LogService -> LogEntryCollection -> LogEntry
- DELETE /redfish/v1/Systems/<str>/LogServices/EventLog/Entries/<str>/
```

This commit also changes the current privilege

1) ConfigureManager to ConfigureComponents.

```
DELETE /redfish/v1/Systems/<str>/LogServices/EventLog/Entries/<str>
```

2) ConfigureCompnents -> ConfigureManager

```
POST /redfish/v1/Systems/<str>/LogServices/Dump/Actions/LogService.ClearLog/
POST /redfish/v1/Systems/<str>/LogServices/EventLog/Actions/LogService.ClearLog/
POST /redfish/v1/Systems/<str>/LogServices/Dump/Actions/LogService.CollectDiagnosticData/
```

Tested: manually tested on Witherspoon system, there is no change in
output. Run Redfish validator, with all different Privileges;
Error Get: UUID: String '' does not match pattern ''
this commit doesn't affect UUID

Email sent to openbmc list:
https://lists.ozlabs.org/pipermail/openbmc/2021-August/027232.html

Change-Id: I37d8a2882f1cfaa59a482083f180fdd0805e2e7d
Signed-off-by: Abhishek Patel <Abhishek.Patel@ibm.com>
Signed-off-by: Myung Bae <myungbae@us.ibm.com>

show more ...

Fix json-schema-installed version during schema update

This fixes `update_schemas.py` so that the existing installed csdl and
json symlinks are to be kept and also to be updated with the matching
js

Fix json-schema-installed version during schema update

This fixes `update_schemas.py` so that the existing installed csdl and
json symlinks are to be kept and also to be updated with the matching
json schema version when DMTF schema version is upgraded.

This commit also uses the symlinks to the closed relative paths like
- `../schema/dmtf/installed/<schema>.xml -> ../csdl/<schema>.xml`
- `../schema/dmtf/json-schema-installed/<json-file>.json ->
../json-schema/<json-file>.json`

Tested:
- Change VERSION in `update_schemas.py` and verify the generated files
- CI passes
- Redfish Service Validator passes

Change-Id: Ib7fede7e4c39bdfc13da227eb1e737d96b6c2b5e
Signed-off-by: Myung Bae <myungbae@us.ibm.com>

show more ...

Update to 2025.2

1 line change in update_schemas.py and rerun it.

See below for more info on this release [1]

Tested: Inspection only. These have not broke things in the past.

[1]: https://www.dm

Update to 2025.2

1 line change in update_schemas.py and rerun it.

See below for more info on this release [1]

Tested: Inspection only. These have not broke things in the past.

[1]: https://www.dmtf.org/sites/default/files/Redfish_Release_2025.2_Overview.pdf

Change-Id: I641bc4285fa502a5d81318ff56eaeb75c0af4762
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>

show more ...

Make PropertyNotWritable 405

forbidden (403) - "a 403 error means there is an authorization /
permission problem."

405 "Method Not Allowed" error means that the web server understands the
request b

Make PropertyNotWritable 405

forbidden (403) - "a 403 error means there is an authorization /
permission problem."

405 "Method Not Allowed" error means that the web server understands the
request but refuses to process it because the HTTP method (like GET,
POST, PUT, etc.) used in the request is not supported by the server or
the resource.".

Following a stackoverflow response here [1].

Dell mapped PropertyNotWritable to a 400 error. [2] A 400 would be my
2nd choice.

[1]: https://stackoverflow.com/questions/52892076/http-code-to-return-for-unsupported-patch
[2]: https://www.dell.com/support/manuals/en-in/idrac7-8-lifecycle-controller-v2.30.30.30/redfish_v2.30.30.30/managernetworkprotocol?guid=guid-b2be28b5-60a5-4782-83ac-3efb3af79ef2&lang=en-us

Change-Id: Iff3f773a1fdbea96d65f8b82fec75cfc34519ae0
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>

show more ...

Make registries return an object_t

All the registry helper functions should return an object_t, given that
they're guaranteed to return an object. nlohmann::json as a type can
technically be string

Make registries return an object_t

All the registry helper functions should return an object_t, given that
they're guaranteed to return an object. nlohmann::json as a type can
technically be string/int/bool/null/object/array, so it causes some
peculiarities in parsing.

Change-Id: If296477cb8d066d7f44ef0d12f17d94a5301e450
Signed-off-by: Ed Tanous <ed@tanous.net>

show more ...

registries: make registration dynamic

Rather than having to manually hook code for registries, add a small
registration function to the registry header and use this registration
results throughout t

registries: make registration dynamic

Rather than having to manually hook code for registries, add a small
registration function to the registry header and use this registration
results throughout the registry interactions.

Tested:

Confirmed registries have same behavior.

```
$ curl -s -k https://localhost:18080/redfish/v1/Registries/ | jq '.Members | map(."@odata.id")'
[
"/redfish/v1/Registries/Base",
"/redfish/v1/Registries/HeartbeatEvent",
"/redfish/v1/Registries/OpenBMC",
"/redfish/v1/Registries/ResourceEvent",
"/redfish/v1/Registries/TaskEvent",
"/redfish/v1/Registries/Telemetry"
]
```

```
$ curl -s -k https://localhost:18080/redfish/v1/Registries/TaskEvent/TaskEvent | jq ".Messages | keys"
[
"TaskAborted",
"TaskCancelled",
"TaskCompletedOK",
"TaskCompletedWarning",
"TaskPaused",
"TaskProgressChanged",
"TaskRemoved",
"TaskResumed",
"TaskStarted"
]
```

Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Change-Id: Iaa355420736a2587d9da4e995208d579443ca9b8

show more ...

Make Registry description optional

Currently, parse_registries.py assumes the description property exists
in every registry json it parses. However, according to the spec [1]
it is not a required pr

Make Registry description optional

Currently, parse_registries.py assumes the description property exists
in every registry json it parses. However, according to the spec [1]
it is not a required property, so it may not exist, see [2].
Switch it to optional and use an empty string as a default value.

Testing:
Ran the script and made sure the generated files remain unchanged.

[1] https://redfish.dmtf.org/schemas/v1/MessageRegistry.v1_4_0.json
[2] Run: `curl https://redfish.dmtf.org/schemas/v1/MessageRegistry.v1_4_0.json | jq .definitions.MessageRegistry.required`

Change-Id: I3e9ba84bbdb9ba5e6ed8b00cde48c15a1b5abba6
Signed-off-by: Igor Kanyuka <ifelmail@gmail.com>

show more ...

replace_logs: remove scripts per timeframe

The script has previously stated:
> This script will be removed Q2 2024

As such, delete it.

Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Change-Id

replace_logs: remove scripts per timeframe

The script has previously stated:
> This script will be removed Q2 2024

As such, delete it.

Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Change-Id: Idb35ee22e605bd0a8f456a2eca56904936d791d2

show more ...

Add TypeDefinition support for enumeration generation

TypeDefinition was not supported by generate_schema_enums.py, this
change is to support the 'TypeDefinition' generation from schema.

Tested:
'T

Add TypeDefinition support for enumeration generation

TypeDefinition was not supported by generate_schema_enums.py, this
change is to support the 'TypeDefinition' generation from schema.

Tested:
'TypeDefinition' fields in schema can be generated in generated files
with the change

Change-Id: Ibe61f65b905f2089f9e17a26fbd27e3ff1753166
Signed-off-by: Chandramohan Harkude <chandramohan.harkude@gmail.com>

show more ...

Add support for intermediate certificate chains in mTLS auth

When using the --use-intermediate flag, the script generates:

1. Root CA Certificate:
- Self-signed certificate (CA-cert.cer)
- Us

Add support for intermediate certificate chains in mTLS auth

When using the --use-intermediate flag, the script generates:

1. Root CA Certificate:
- Self-signed certificate (CA-cert.cer)
- Used as the root of trust
- Signs the intermediate certificates

2. Separate intermediate CAs for client and server:
- Client intermediate: client-intermediate-cert.cer
- Server intermediate: server-intermediate-cert.cer
- Each signed by the root CA

3. End-entity certificates with their respective intermediate chains:
- Client certificate chain: client-cert.pem (includes intermediate)
- Server certificate chain: server-cert.pem (includes intermediate)

Change-Id: Ifdfd1c044d1c8745638e44debfc90cad3b5aedb7
Signed-off-by: Ben Peled <bpeled@nvidia.com>

show more ...

Return forbidden return code for RestrictedRole operations

This fixes the http error code of the operations of the restricted role
which currently result in bad_request (400) instead of forbidden (4

Return forbidden return code for RestrictedRole operations

This fixes the http error code of the operations of the restricted role
which currently result in bad_request (400) instead of forbidden (403).

Tested:

```
$ redfishtool -r ${bmc}:18080 -u ${user} -p ${pass} -S Always raw POST /redfish/v1/AccountService/Accounts -d '{"UserName":"service","Password":"newPwd1","RoleId":"Operator"}'
redfishtool: Transport: Response Error: status_code: 403 -- Forbidden--user not authorized to perform action
redfishtool: raw: Error sending POST to resource, aborting

$ redfishtool -r ${bmc}:18080 -u ${user} -p ${pass} -S Always raw PATCH /redfish/v1/AccountService/Accounts/${user} -d '{"Password":"NewTestPwd123"}'
redfishtool: Transport: Response Error: status_code: 403 -- Forbidden--user not authorized to perform action

$ redfishtool -r ${bmc}:18080 -u ${user} -p ${pass} -S Always raw PATCH /redfish/v1/AccountService/Accounts/${user} -d '{"UserName":"new-service"}'
redfishtool: Transport: Response Error: status_code: 403 -- Forbidden--user not authorized to perform action

$ redfishtool -r ${bmc}:18080 -u ${user} -p ${pass} -S Always raw PATCH /redfish/v1/AccountService/Accounts/${user} -d '{"RoleId":"Operator"}'
redfishtool: Transport: Response Error: status_code: 403 -- Forbidden--user not authorized to perform action

$ redfishtool -r ${bmc}:18080 -u ${user} -p ${pass} -S Always raw DELETE /redfish/v1/AccountService/Accounts/${user}
redfishtool: Transport: Response Error: status_code: 403 -- Forbidden--user not authorized to perform action
redfishtool: raw: Error sending DELETE to resource, aborting

```

Change-Id: I1b212ccb5a630750eb5d4197970b4fb75fceffd7
Signed-off-by: Myung Bae <myungbae@us.ibm.com>

show more ...

Sort get_response_code names

It is better to sort get_response_code names in parse_registries.py.

Tested:
- Script run generates the same output

Change-Id: I79028c8f95c4cf6681bc4f5b12dd858188e9eff

Sort get_response_code names

It is better to sort get_response_code names in parse_registries.py.

Tested:
- Script run generates the same output

Change-Id: I79028c8f95c4cf6681bc4f5b12dd858188e9eff8
Signed-off-by: Myung Bae <myungbae@us.ibm.com>

show more ...

Update to 2025.1

1 line change in update_schemas.py and rerun it.

See below for more info on this release:
https://www.dmtf.org/content/redfish-release-20251-now-available

Tested: Inspection only.

Update to 2025.1

1 line change in update_schemas.py and rerun it.

See below for more info on this release:
https://www.dmtf.org/content/redfish-release-20251-now-available

Tested: Inspection only. These have not broke things in the past.

Change-Id: I8d386725b364e2bc7c91c869e519e5e7bfbf11f9
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>

show more ...