Bump base registry to 1.19.0

Adds GenerateSecretKeyRequired registry to the Base for MFA

Change-Id: Ia690639b4bebbbd265b223bd626b0eb814103f99
Signed-off-by: Jishnu CM <jishnunambiarcm@duck.com>

Update to 2024.3

1 line change in update_schemas.py and rerun it.

See below for more info on this release:
https://www.dmtf.org/content/redfish-release-20243-now-available

Tested: Inspection only.

Update to 2024.3

1 line change in update_schemas.py and rerun it.

See below for more info on this release:
https://www.dmtf.org/content/redfish-release-20243-now-available

Tested: Inspection only.

Change-Id: I856b9777fd386f828724bd7a521dcd5c8c3270cf
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>

show more ...

Update to 2024.2

Redfish changed the directory structure again. Don't see that ZipFile
has a "cd" so insert the version in the path when checking or building
the path.

You can see this directory st

Update to 2024.2

Redfish changed the directory structure again. Don't see that ZipFile
has a "cd" so insert the version in the path when checking or building
the path.

You can see this directory structure change by downloading 2024.2 vs
2024.1. Also by printing the ZipFile Info.

<ZipInfo filename='DSP8010_2024.2/info.json' compress_type=deflate
filemode='-rw-r--r--' file_size=54 compress_size=42>

This is how we used to do it. [1]

[1]: https://github.com/openbmc/bmcweb/commit/60c922dfacd5d1aeec8789e03edc91b47f4a6661

Make the changes for the script, bump the version, and run the script.

See below for more info on this release:
https://www.dmtf.org/content/redfish-release-20242-now-available

Tested: Validator is happy.

Change-Id: I87674d5b9ff19b39d3cdf2fb046543e21a6ebc5b
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>

show more ...

scripts: csdl-to-json-converter: README.md: Fix MD034 warnings

The following warnings are generated by using markdownlint analysis:
```
MD034/no-bare-urls Bare URL used [Context: "https://github.com

scripts: csdl-to-json-converter: README.md: Fix MD034 warnings

The following warnings are generated by using markdownlint analysis:
```
MD034/no-bare-urls Bare URL used [Context: "https://github.com/openbmc/doc...";]
```
Refer to markdown-lint [1] to fix MD034
[1]: https://github.com/updownpress/markdown-lint/blob/master/rules/034-no-bare-urls.md

Signed-off-by: George Liu <liuxiwei@ieisystem.com>
Change-Id: I85dea378a1f08293b2ef071c949fd184dcc7c015

show more ...

scripts: csdl-to-json-converter: README.md: Fix MD040 warnings

The following warnings are generated by using markdownlint analysis:
```
MD040/fenced-code-language Fenced code blocks should have a la

scripts: csdl-to-json-converter: README.md: Fix MD040 warnings

The following warnings are generated by using markdownlint analysis:
```
MD040/fenced-code-language Fenced code blocks should have a language specified [Context: "```"]
```
Refer to markdown-lint [1] to fix MD040
[1]: https://github.com/updownpress/markdown-lint/blob/master/rules/040-fenced-code-language.md

Signed-off-by: George Liu <liuxiwei@ieisystem.com>
Change-Id: I183c4e220b7fdcec9c235a04dcdd9b4f065863e8

show more ...

Fix Task Monitor URI

Fixes #272

The TaskMonitor urls we create aren't correct per Redfish. Per DSP0266
section 12.2, our TaskMonitor URIs should take the form

/redfish/v1/TaskService/TaskMonitors

Fix Task Monitor URI

Fixes #272

The TaskMonitor urls we create aren't correct per Redfish. Per DSP0266
section 12.2, our TaskMonitor URIs should take the form

/redfish/v1/TaskService/TaskMonitors/<id>

Note that even though this appears to be a collection, it is not, and
does not "exist" in the Redfish schema, hence why it is called out
explicitly.

Tested:
Started dump collection task with
POST
```
/redfish/v1/Managers/bmc/LogServices/Dump/Actions/LogService.CollectDiagnosticData
```
GET /redfish/v1/Tasks/0

Returned TaskMonitor = /redfish/v1/Tasks/TaskMonitors/0

GET /redfish/v1/Tasks/TaskMonitors/0 returned 200

Change-Id: I9fb1d62090f7787d7649c077b748b51ac3202f8a
Signed-off-by: Ed Tanous <ed@tanous.net>

show more ...

Document Json OEM schema creation

This commit documents how to create json schemas for OEM parameters. It
adds a config file for running the Redfish-Tools

Tested: Documentation only.

Change-Id: I

Document Json OEM schema creation

This commit documents how to create json schemas for OEM parameters. It
adds a config file for running the Redfish-Tools

Tested: Documentation only.

Change-Id: I84493b58bf81320259f41856eb932d4b4e9e82f8
Signed-off-by: Ed Tanous <ed@tanous.net>

show more ...

Make schemas selectable

Which schemas are installed should be selectable in both a meson config,
and trivially by forks. This commit gets us closer to that idea.

It does it in several ways, first,

Make schemas selectable

Which schemas are installed should be selectable in both a meson config,
and trivially by forks. This commit gets us closer to that idea.

It does it in several ways, first, the code for generating
JsonSchemaFile resources has been changed to be generated at runtime,
based on files on disk. This is slightly slower, but allows installing
schemas from anywhere, and matches the CSDL handling.

Next, the schema folders are separated into two sets
csdl -> This includes the complete schema pack from dmtf
installed -> this includes only the schemas the bmc includes

Similar folders exist for json-schema and json-schema-installed.

This allows any additional schemas to be a single symlink addition.
Note, this also checks in all of the dmtf json schemas, not just the
versions we use. This allows us to update the schema pack without
needing to break our versions we ship.

Because the static files are now selectable, all files need to be in a
folder. This forces the css and image for the redfish built-in gui to
be moved.

Tested:
/redfish/v1/JsonSchemas returns the correct result
/redfish/v1/JsonSchemas/UpdateService returns a JsonSchemaFile instance
/redfish/v1/JsonSchemas/UpdateService/UpdateService<version>json returns
the JsonSchemaFile contents.

Redfish service validator passes.

Change-Id: Ie96b2e4b623788dc2ec94eb40fcfd80325f0d826
Signed-off-by: Ed Tanous <ed@tanous.net>

show more ...

Bump base registry to 1.18.1

72169 points out a mistake in 1.16 which is fixed in 1.18. Let's pull
1.18.1 in. 1.18.1 is the latest.

Changed 1 line in parse_registries.py and reran it.

Tested: None

Bump base registry to 1.18.1

72169 points out a mistake in 1.16 which is fixed in 1.18. Let's pull
1.18.1 in. 1.18.1 is the latest.

Changed 1 line in parse_registries.py and reran it.

Tested: None. In the past bumping these hasn't caused problems.

Change-Id: I79b135b8366d9b423f789c34802b1c0366d4e8a5
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>
Signed-off-by: Ed Tanous <ed@tanous.net>

show more ...

Pull in 2024.1 schemas

Redfish released 2024.1 in May.
https://www.dmtf.org/content/redfish-release-20241-now-available

"The bundle includes 29 schema updates and additional developer
resources." T

Pull in 2024.1 schemas

Redfish released 2024.1 in May.
https://www.dmtf.org/content/redfish-release-20241-now-available

"The bundle includes 29 schema updates and additional developer
resources." There was a request on the discord server to pull this in.

Changed 1 line scripts/update_schemas.py and reran the tool.

Tested: None. Inspection only. Picking up new schemas hasn't caused
problems in the past.

Change-Id: I44f08ab56ad2f97b757b48003ac97a2f914bd8ea
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>

show more ...

Add verification

Static analysis flags that we're not checking certs here. Make it
optional, and default to verification.

Tested: No backend available. Commands parse on command line, and fail
in

Add verification

Static analysis flags that we're not checking certs here. Make it
optional, and default to verification.

Tested: No backend available. Commands parse on command line, and fail
in redfish.

Change-Id: I7558c55b5f1e1695844b986b5587561d1391f245
Signed-off-by: Ed Tanous <ed@tanous.net>

show more ...

Generate metadata at runtime

In the initial implementation of metadata indexing the bmc knew at
compile time what schemas it could potentially publish. bmcweb took the
approach of adding all schema

Generate metadata at runtime

In the initial implementation of metadata indexing the bmc knew at
compile time what schemas it could potentially publish. bmcweb took the
approach of adding all schemas of all versions to the $metadata
resource. Since that was made, two major changes have happened.
First, Redfish has added significantly more versions of each schema, as
well as significantly more schemas to the point where the metadata index
is now 213KB. While this file compresses fairly well, the size is
obvious from the large amount of time that redfish service validator
takes to parse the schemas, compared to actually acquiring BMC redfish
resources.
Second, aggregation was added, where an aggregated Redfish service might
implement any number of schemas, including OEM ones.

In an effort to fix this, this patch takes the compile-time algorithm in
update_schemas.py, and moves it into bmcweb itself, parsing the files on
disk as needed on demand. This has some immediate benefits; First, is
that now schemas can be potentially installed from anywhere, not only
from within the bmcweb build, and they will be resolved at runtime.

Second, patches that want to add support for a given schema need to only
symlink the schema into the correct folder, without needing to rerun
update_schemas.py. This saves time in review.

Finally, this opens to door to reducing the schema versions present in
the metadata to the unique set of only what this bmcweb instance, and
its aggregated BMCs expose.

Tested: Redfish service validator passes. Need A/B checking to verify
the file is byte for byte the same.
GET /redfish/v1/$metadata returns what looks like sane results, with a
correct content-type.
Unit tests require the use of TemporaryFileHandle, so that class is
moved into a more general folder, outside of test/http.

Change-Id: I326159099c6b6c4056023b2e173c5f074ed88ce1
Signed-off-by: Ed Tanous <ed@tanous.net>

show more ...

Move existing schemas into folders

Reorganize the existing schemas into folders under redfish core.

The existing schema system has some problems:
1. It's hard to add new schemas
2. We have to rerun

Move existing schemas into folders

Reorganize the existing schemas into folders under redfish core.

The existing schema system has some problems:
1. It's hard to add new schemas
2. We have to rerun the script any time we want to change what schemas
we use.
3. Adding schemas optionally takes effort

In an effort to combat this, this patchset moves all the existing
schemas into folders that represent their namespace names

dmtf/csdl represents the CSDL that dmtf publishes
oem/openbmc represents the CSDL that OpenBMC publishes

In theory, this means that in the future we can relax OEM_SCHEMAS.md,
and allow folks to possibly implement their own schemas in a way that
doesn't have to effect all other systems.

This also has the advantage of not requiring changes to
update_schemas.py when we want to add, remove, or modify what version of
a schema we use. "current" schemas are just symlinks, so they can be
updated using git, and not necessarily have merge conflicts with one
another.

Tested: Redfish service validator passes.

Change-Id: I6d4a130bba4cb874ef00a06ed579cc67f53dc7ae
Signed-off-by: Ed Tanous <ed@tanous.net>

show more ...

Initialize schemas array with explicit size

Currently `update_schemas.py` generates a schema list definition like

redfish-core/include/schemas.hpp:
```
constexpr std::array schemas {
"A

Initialize schemas array with explicit size

Currently `update_schemas.py` generates a schema list definition like

redfish-core/include/schemas.hpp:
```
constexpr std::array schemas {
"AccountService",
"ActionInfo",
...
"OpenBMCAccountService",
};
```

However, if the number of schemas is more than the clang's default
max size, CI may fail.
The default is `-fbracket-depth=256`.

```
In file included from /usr/bin/../lib/gcc/x86_64-linux-gnu/13/../../../../include/c++/13/functional:65:
[1m/usr/bin/../lib/gcc/x86_64-linux-gnu/13/../../../../include/c++/13/array:288:52: [0m [0;1;31mfatal error:
instantiating fold expression with 276 arguments exceeded expression nesting limit of 256
288 | -> array<enable_if_t<(is_same_v<_Tp, _Up> && ...), _Tp>, [0m
| [0;1;32m ~~~~~~~~~~~~~~~~~~~~~~~~^~~~
[0m [1m../redfish-core/include/schemas.hpp:17:26: [0m [0;1;30mnote:
while substituting deduced template arguments into function template '<deduction guide for array>' [with _Tp =
const char *, _Up = <const char *, const char *, const char *, const char *, const char *,
...
const char *>] [0m
17 | constexpr std::array schemas { [0m
| [0;1;32m ^
[0m1 error generated.

```

To avoid the failure, we can set the size explicitly like
```
constexpr std::array<std::string_view,277> schemas {
"AccountService",
...
```

Tested:
1) Remove `include_list` so that all possible schemas are to be used
2) Run with the fixed `scripts/update_schemas.py`
3) Compiles successfully

Change-Id: Ib68db9fd3be1b6dbe0c4b5cc0e9a4324966d759e
Signed-off-by: Myung Bae <myungbae@us.ibm.com>

show more ...

Update Privilege Registry from 1.3.0 to 1.5.0

Change 1 line in scripts/parse_registries.py and rerun the script.

Long term OpenBMC/bmcweb need more direction here on the Privilege
Registry, but for

Update Privilege Registry from 1.3.0 to 1.5.0

Change 1 line in scripts/parse_registries.py and rerun the script.

Long term OpenBMC/bmcweb need more direction here on the Privilege
Registry, but for now continue with the current direction of using the
Privilege Registry and taking it from the DMTF.

There is new entries in 1.4/1.5 that are needed for future development.

Tested: It builds.

Change-Id: I4337dc44e794c58f00f7307ea0508b84f14e8c8f
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>

show more ...

Pull in all registries

Before Redfish put all messages in Base, but as the Messages became more
specific Redfish started creating new registries. Redfish might have
went a little registry happy. Hea

Pull in all registries

Before Redfish put all messages in Base, but as the Messages became more
specific Redfish started creating new registries. Redfish might have
went a little registry happy. HeartbeatEvent just has 1 message and all
these new ones registries each just have a handful of messages.

Add the remaining 15 registries:
composition, environmental, ethernetfabric, fabric, heartbeat_event,
job_event, license, logservice, networkdevice, platform, power,
sensor_event, storage_device, telemetry, update.

Some of these are wanted for both current development and future
development but it is hard to decide which ones so just added them all.
power, fabric, telemetry, update are all things we support today. Having
a UpdateInProgress or UpdateSuccessful makes a lot of sense and this
enables that.

Put these alphabetically. Use a new for loop to do this.

Make changes to scripts/parse_registries.py and run the tool.

No difference in size.

Before: 66928640 Apr 10 13:32
obmc-phosphor-image-p10bmc-20240410183051.ext4.mmc.tar

After: 66928640 Apr 10 13:18
obmc-phosphor-image-p10bmc-20240410181439.ext4.mmc.tar

Tested: bmcweb builds.
"./scripts/parse_registries.py --registries license,update" works.

Change-Id: I43b4d041531cf338e9e7e621714ca7d95f6b01a5
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>

show more ...

Fix generate auth certs

bmcs might not have the correct time, so allow certificates for 100
years starting from epoch. As is, the script makes the certificate
valid for now + 10 years. After chang

Fix generate auth certs

bmcs might not have the correct time, so allow certificates for 100
years starting from epoch. As is, the script makes the certificate
valid for now + 10 years. After changes make the script valid from
epoch (1970) to 100 years later (2070).

This makes the script run to completion against a qemu instance of the
bmc.

Additional changes include detecting if a CA key is already present, to
not rewrite it. This allows installing a CA certificate on test
machines once, and using it to authenticate forever.

Additionally, add "alternative names" support, for pointing to a bmc at
localhost, or on the default qemu port, which allows these things to
work by default in those scenarios.

Lastly, change the directory to use a path relative to the script path,
instead of relative to current path when generating certificates. This
ensures that certs are always generated in the same place, which helps
when a CA is reused.

Tested: Script runs to completion without errors.

Change-Id: Ia5c31041dd5cb193b897bf1f7bae3cd9767656d0
Signed-off-by: Ed Tanous <ed@tanous.net>

show more ...

redfish-schema: add Protocol

The Drive schema indirectly references Protocol, but it is missing
from the schema list. Modify `update_schemas.py` to include it and
run, checking in the results.

Sig

redfish-schema: add Protocol

The Drive schema indirectly references Protocol, but it is missing
from the schema list. Modify `update_schemas.py` to include it and
run, checking in the results.

Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Change-Id: Ic3adad00924d450d3b7062c94ec04fc26e4cc9b9

show more ...

Bump Redfish schemas to 2023.3

Redfish released 2023.3 1/25/2024.
https://www.dmtf.org/content/redfish-release-20233-now-available

It is several new schemas and added properties to a pile of schema

Bump Redfish schemas to 2023.3

Redfish released 2023.3 1/25/2024.
https://www.dmtf.org/content/redfish-release-20233-now-available

It is several new schemas and added properties to a pile of schemas.
One use case is: ComputerSystem v1.22.0
Added EfficiencyFavorPower and EfficiencyFavorPerformance to PowerMode
https://gerrit.openbmc.org/c/openbmc/phosphor-dbus-interfaces/+/69122

This is a one line change to scripts/update_schemas.py and then ran the
script.

Tested: See the new schema versions (e.g. System 1.22.0).
No new Validator errors on p10bmc.

Change-Id: I5c10d78e891da71fd14187f63aa6ac682cf15598
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>

show more ...

Reformat scripts

Change-Id: Ie8fb9f9733e75b887b14516cfa12f662aa5d3a82
Signed-off-by: Ed Tanous <ed@tanous.net>

Fix spelling mistakes

These were found with:
codespell -w $(git ls-files | grep "\.[hc]\(pp\)\?$")

At some point in the future, we might want to get this enabled in CI.

Change-Id: Iccb57b2adfd06a2

Fix spelling mistakes

These were found with:
codespell -w $(git ls-files | grep "\.[hc]\(pp\)\?$")

At some point in the future, we might want to get this enabled in CI.

Change-Id: Iccb57b2adfd06a2e177e99db2923fe4e8e329118
Signed-off-by: Ed Tanous <ed@tanous.net>

show more ...

Update schemas to 2023.2

To quote from The Redfish release [1]

2022.3 Redfish Schema Bundle – This .zip file contains the current
versions of all Redfish schemas. The bundle includes 40 schema upda

Update schemas to 2023.2

To quote from The Redfish release [1]

2022.3 Redfish Schema Bundle – This .zip file contains the current
versions of all Redfish schemas. The bundle includes 40 schema updates
and developer resources.
Added Compute Express Link (CXL) support (NEW)
Extensions to Fabric, PCIeDevice, Processor, Memory, ComputerSystem,
and Chassis schemas Defined by DMTF alliance partner Compute Express
Link (CXL) Consortium
Extensions to Fabric, PCIeDevice, Processor, Memory, ComputerSystem,
and Chassis schemas New CXLLogicalDevice schema
Added MultiFactorAuth to AccountService to configure a service for
multi-factor authentication
HTTP Basic authentication is not available for accounts configured
for multi-factor authentication
For client certificate authentication, the client provides their
identity certificate during TLS handshaking
For RSA SecurID, Google Authenticator, and Microsoft Authenticator,
clients provide a new Token property in the session creation request
Added Heater and HeaterMetrics resources

[1] https://www.dmtf.org/content/redfish-release-20223-now-available

Change-Id: Iefe80866bfb83e65ab98b2cf4ee2eacce5238c5b
Signed-off-by: Ed Tanous <ed@tanous.net>

show more ...

Fix update_schemas.py to add Oem JsonSchemas

GET on redfish/v1/JsonSchema does not show OEM schemas but shows only
DMTF redfish schemas.

It is because Oem schemas are not included into `schemas.hpp

Fix update_schemas.py to add Oem JsonSchemas

GET on redfish/v1/JsonSchema does not show OEM schemas but shows only
DMTF redfish schemas.

It is because Oem schemas are not included into `schemas.hpp`.

In addition, the explicit OEM JsonSchema gives the content of the file
rather than the valid Json output.

Tested:

- Query JsonSchemas

```
curl -k -H "X-Auth-Token: $token" -X GET "https://$bmc/redfish/v1/JsonSchemas"

curl -k -H "X-Auth-Token: $token" -X GET "https://$bmc/redfish/v1/JsonSchemas/<OemSchema>"
e.g.
curl -k -H "X-Auth-Token: $token" -X GET "https://$bmc/redfish/v1/JsonSchemas/OemManager"
```

- Redfish Service Validator passed

Change-Id: I0fc9c3d4a48fb9c6ddec9591af12fd2c849331e3
Signed-off-by: Myung Bae <myungbae@us.ibm.com>

show more ...

Generate OpenBMC registry

We haven't been very good about maintaining this file, so lets generate
it like we do everything else.

This commit takes the existing, manually built
openbmc_message_regis

Generate OpenBMC registry

We haven't been very good about maintaining this file, so lets generate
it like we do everything else.

This commit takes the existing, manually built
openbmc_message_registry.hpp and copies the generated json from a
working system, then hooks it into the parse_registries script to
generate the hpp file. This results in a couple changes, and somewhat
proves how bad our ability to manage this file manually is..

Tested: Looking for input on if this is the right direction.

Change-Id: I5dc03021d194f0674e4a8f41421096b211462a0a
Signed-off-by: Ed Tanous <edtanous@google.com>

show more ...

scripts: Script to autogenerate TLS certs

This script autogenerates:
1. Self-signed CA certificate/key pair
2. Server certificate/key pair
3. Client certificate/key pair
4. PKCS12 archive to store c

scripts: Script to autogenerate TLS certs

This script autogenerates:
1. Self-signed CA certificate/key pair
2. Server certificate/key pair
3. Client certificate/key pair
4. PKCS12 archive to store client certificate/key pair

These files are all generated and then stored in a local ./certs
directory.

Following this, they are added to the BMC over Redfish.

Then, the script attempts to use the client certificate/key pair to
access a Redfish url with permissions while not providing username or
password.

If this succeeds, then it generates the PKCS12 archive file and directs
the user to import it into a browser if they wish to test webui or would
prefer to do any testing in browser rather than over curl or similar
data tranfer tools for HTTP.

Tested:
Monitored output to ensure that each step succeeded and once the PKCS12
archive file was generated, imported it into a browser and accessed a
redfish url with permissions while not being redirected to the login
route.

Change-Id: Ie8a393feb472281d1865e52bddbdb58edbf5b071
Signed-off-by: Alex Schendel <alex.schendel@intel.com>

show more ...