refactor log_services.hpp, separate handlers

Handlers are separated from bmcweb route declarations.

The decoupling separates the http side of things and the logic for
handling the request.

As an a

refactor log_services.hpp, separate handlers

Handlers are separated from bmcweb route declarations.

The decoupling separates the http side of things and the logic for
handling the request.

As an additional bonus this reduces the indentation needed and improves
readability.

Tested: moving code with no logic change does not require testing

Change-Id: Ice5f62dca26fb46b35c3b26843fa25d3c6666258
Signed-off-by: Alexander Hansen <alexander.hansen@9elements.com>
Signed-off-by: Ed Tanous <etanous@nvidia.com>

show more ...

Remove "Function wasn't a string?" messages for PCIe

Currently for every PCIe function bmcweb checks every property of the
"xyz.openbmc_project.Inventory.Item.PCIeDevice" interface if it is a
string

Remove "Function wasn't a string?" messages for PCIe

Currently for every PCIe function bmcweb checks every property of the
"xyz.openbmc_project.Inventory.Item.PCIeDevice" interface if it is a
string. And if it is not the message "Function wasn't a string?" is
produced.
This is wrong since the properties "MaxLanes" and "LanesInUse" are not
strings but integers.
Drop the error print statement to remove the false error messages.

Change-Id: I1cc082e5aaf392b0cc4c051ab0bc6d8418aed0f9
Signed-off-by: Konstantin Aladyshev <aladyshev22@gmail.com>

show more ...

chassis: fix power state regression

Commit 539d8c6 introduced a regression on the reported chassis power
state (caught by romulus qemu CI).

Tested:
- None, simple fix

Change-Id: Iac5b27ae7103fc071

chassis: fix power state regression

Commit 539d8c6 introduced a regression on the reported chassis power
state (caught by romulus qemu CI).

Tested:
- None, simple fix

Change-Id: Iac5b27ae7103fc0717547cb3e6f124a1c75d65a8
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>

show more ...

Remove unused code

This line was added in 055713e4b201b049cd6a2d9ca58b89dbf916759f but
clang-18 correctly notes that it is unused. Remove it.

Tested: Code compiles.

Change-Id: I4fc836e4de4c29a22b

Remove unused code

This line was added in 055713e4b201b049cd6a2d9ca58b89dbf916759f but
clang-18 correctly notes that it is unused. Remove it.

Tested: Code compiles.

Change-Id: I4fc836e4de4c29a22b26fad048309efa297d3412
Signed-off-by: Ed Tanous <etanous@nvidia.com>

show more ...

Add missing nullptr check

Static analysis flags two missing nullptr checks. Add them.

Tested: dbus-rest is a deprecated option, so unit testing is the only
difference there.
Log services notify wa

Add missing nullptr check

Static analysis flags two missing nullptr checks. Add them.

Tested: dbus-rest is a deprecated option, so unit testing is the only
difference there.
Log services notify was added recently. Need help testing, otherwise
inspection only.

Change-Id: If92153ffa9c9fdf8903ce386f025ceebcf7510eb
Signed-off-by: Ed Tanous <etanous@nvidia.com>

show more ...

Add back odata support

/redfish/v1/odata/index.json was inadvertently moved to be not
installed in
a529a6aa44e04ae5845d1324f3e8c887ebd47f7b

This file is basically unused, and even this author doesn

Add back odata support

/redfish/v1/odata/index.json was inadvertently moved to be not
installed in
a529a6aa44e04ae5845d1324f3e8c887ebd47f7b

This file is basically unused, and even this author doesn't understand
what it's used for, but it is technically required in the spec, so add
it back using a runtime derived handler.

Tested:
Get /redfish/v1/odata returns the appropriate struct.

Change-Id: I548abbdd9f0b1eb28299165202626feede41e363
Signed-off-by: Ed Tanous <etanous@nvidia.com>

show more ...

Consistently use generated enumerations

This commit causes all of Redfish to use generated enum values for enum
types. Using generated code prevents problems, and makes it more clear
what types are

Consistently use generated enumerations

This commit causes all of Redfish to use generated enum values for enum
types. Using generated code prevents problems, and makes it more clear
what types are allowed.

Doing this found two places where we had structs that didn't fulfill the
schema. They have been commented, but will be fixed with a breaking
change at some point in the future.

Tested: WIP

Change-Id: I5fdd2f2dfb6ec05606a522e1f4e331f982c8e476
Signed-off-by: Ed Tanous <ed@tanous.net>

show more ...

Fix RemoteRoleMap PATCH operation

RemoteRoleMap "LocalRole" property update fails since there was
conversion missing from redfish privilege to D-bus values

Looks like this commit dropped this chang

Fix RemoteRoleMap PATCH operation

RemoteRoleMap "LocalRole" property update fails since there was
conversion missing from redfish privilege to D-bus values

Looks like this commit dropped this change
https://gerrit.openbmc.org/c/openbmc/bmcweb/+/64325/

This commit fixes this issue

Tested by:
Verified patch operation on RemoteRoleMap

Change-Id: Ic05aa3457a45e98ea5dc8e9dd83e0f1a42772070
Signed-off-by: Ravi Teja <raviteja28031990@gmail.com>

show more ...

update service: simplify object path lookup

Simplify the object path lookup for the update interface by placing it
at the same object path as the version interface. This involves moving
the update i

update service: simplify object path lookup

Simplify the object path lookup for the update interface by placing it
at the same object path as the version interface. This involves moving
the update interface to /xyz/openbmc_project/software/<swId> rather than
/xyz/openbmc_project/software/<deviceX>.
This change is based on -
https://gerrit.openbmc.org/c/openbmc/phosphor-dbus-interfaces/+/65738
https://gerrit.openbmc.org/c/openbmc/docs/+/65739

Related Commit from phosphor-bmc-code-mgmt -
https://gerrit.openbmc.org/c/openbmc/phosphor-bmc-code-mgmt/+/70668

Tested -
FirmwareInventory as TargetURI:
```
> curl -k -H "X-Auth-Token: $token" -H "Content-Type:multipart/form-data" -X POST -F UpdateParameters="{\"Targets\":[\"/redfish/v1/UpdateService/FirmwareInventory/3c956be0\"],\"@Redfish.OperationApplyTime\":\"Immediate\"};type=application/json" -F "UpdateFile=@obmc-phosphor-image-romulus-20240529184214.static.mtd.tar;type=application/octet-stream" https://${bmc}/redfish/v1/UpdateService/update
{
"@odata.id": "/redfish/v1/TaskService/Tasks/0",
"@odata.type": "#Task.v1_4_3.Task",
"Id": "0",
"TaskState": "Running",
"TaskStatus": "OK"
}
```

/redfish/v1/Managers/bmc as Target URI:
```
> curl -k -H "X-Auth-Token: $token" -H "Content-Type:multipart/form-data" -X POST -F UpdateParameters="{\"Targets\":[\"/redfish/v1/Managers/bmc\"],\"@Redfish.OperationApplyTime\":\"Immediate\"};type=application/json" -F "UpdateFile=@obmc-phosphor-image-romulus-20240529184214.static.mtd.tar;type=application/octet-stream" https://${bmc}/redfish/v1/UpdateService/update
{
"@odata.id": "/redfish/v1/TaskService/Tasks/0",
"@odata.type": "#Task.v1_4_3.Task",
"Id": "0",
"TaskState": "Running",
"TaskStatus": "OK"
}
```

Redfish service validator passing:
```
Elapsed time: 0:04:33
metadataNamespaces: 3727
pass: 5184
passAction: 16
passGet: 213
passRedfishUri: 205
skipNoSchema: 3
skipOptional: 3535
unvalidated: 1
warnDeprecated: 5
warningPresent: 6
```

Change-Id: I6c22a904cecaf8e3043706990ae3a71da8f5addf
Signed-off-by: Jagpal Singh Gill <paligill@gmail.com>

show more ...

Add SSE filter param support

The Redfish spec require filtering of SSE entries to be supported.
This commit rearranges the code, and implements SSE sorting as well
as support for Last-Event-Id. To

Add SSE filter param support

The Redfish spec require filtering of SSE entries to be supported.
This commit rearranges the code, and implements SSE sorting as well
as support for Last-Event-Id. To do this it adds a dependency on
boost circular_buffer.

Tested:

SSE connections succeed. Show filtered results.

Change-Id: I7aeb266fc40471519674c7b65cd5cc4625019e68
Signed-off-by: Ed Tanous <etanous@nvidia.com>

show more ...

Fix Task Monitor URI

Fixes #272

The TaskMonitor urls we create aren't correct per Redfish. Per DSP0266
section 12.2, our TaskMonitor URIs should take the form

/redfish/v1/TaskService/TaskMonitors

Fix Task Monitor URI

Fixes #272

The TaskMonitor urls we create aren't correct per Redfish. Per DSP0266
section 12.2, our TaskMonitor URIs should take the form

/redfish/v1/TaskService/TaskMonitors/<id>

Note that even though this appears to be a collection, it is not, and
does not "exist" in the Redfish schema, hence why it is called out
explicitly.

Tested:
Started dump collection task with
POST
```
/redfish/v1/Managers/bmc/LogServices/Dump/Actions/LogService.CollectDiagnosticData
```
GET /redfish/v1/Tasks/0

Returned TaskMonitor = /redfish/v1/Tasks/TaskMonitors/0

GET /redfish/v1/Tasks/TaskMonitors/0 returned 200

Change-Id: I9fb1d62090f7787d7649c077b748b51ac3202f8a
Signed-off-by: Ed Tanous <ed@tanous.net>

show more ...

Task json dump whitespace

When reading the JsonBody property, we should not be encoding json
whitespace or trying to pretty print it. The json is already going into
a string payload, it should show

Task json dump whitespace

When reading the JsonBody property, we should not be encoding json
whitespace or trying to pretty print it. The json is already going into
a string payload, it should show up on one line if possible.

Tested:
Started a dump, observed
"JsonBody": "{\"DiagnosticDataType\":\"Manager\"}",

Change-Id: I964609db6bd67a2a5415e40d4479feba65814ad0
Signed-off-by: Ed Tanous <ed@tanous.net>

show more ...

Simplify task service code

This code repeats itself a lot. Reduce complexity.

Tested:
```
curl -vvvv -k --http1.1 --user "root:0penBmc" -X POST "https://192.168.7.2/redfish/v1/Managers/bmc/LogServ

Simplify task service code

This code repeats itself a lot. Reduce complexity.

Tested:
```
curl -vvvv -k --http1.1 --user "root:0penBmc" -X POST "https://192.168.7.2/redfish/v1/Managers/bmc/LogServices/Dump/Actions/LogService.CollectDiagnosticData" -H "Content-Type: application/json" -d '{"DiagnosticDataType": "Manager"}'
```

Starts a dump, and operates as expected.

Change-Id: I36000aababfc842845ba0d2103d3f6cd79a12385
Signed-off-by: Ed Tanous <ed@tanous.net>

show more ...

OemComputerSystem -> OpenBMCComputerSystem

Rename these and add a version like we've done other places.

Partial fix for #184

Change-Id: I9039974a90f6508bdd474e6363a3df7286b1473c
Signed-off-by: Ed

OemComputerSystem -> OpenBMCComputerSystem

Rename these and add a version like we've done other places.

Partial fix for #184

Change-Id: I9039974a90f6508bdd474e6363a3df7286b1473c
Signed-off-by: Ed Tanous <ed@tanous.net>

show more ...

Rename OemVirtualMedia to OpenBMCVirtualMedia

Per the redfish spec, we should be naming these schemas correctly

Rename OemVirtualMedia -> OpenBMCVirtualMedia.

Tested:
These are only enabled when t

Rename OemVirtualMedia to OpenBMCVirtualMedia

Per the redfish spec, we should be naming these schemas correctly

Rename OemVirtualMedia -> OpenBMCVirtualMedia.

Tested:
These are only enabled when the option flag nbd-proxy is enabled, which
is commented out. Code inspection only.

Change-Id: Ic94025e2125e5b44e09637024acf9b80897328bd
Signed-off-by: Ed Tanous <ed@tanous.net>

show more ...

Make journal log efficient

Journal logging currently loops over all entries to find even a single
entry. This was reasonable at the time when bmc couldn't really store a
lot, but now that BMCs are

Make journal log efficient

Journal logging currently loops over all entries to find even a single
entry. This was reasonable at the time when bmc couldn't really store a
lot, but now that BMCs are getting significantly more flash storage,
this simplification is insufficient. In an example system with an
AST2600, this API takes 32 seconds to respond. This is mediocre for
obvious reasons.

This commit updates to use the sd_journal APIs to let journald do the
skipping, which can use internal details and can be a lot more
efficient. To get the total size, bmcweb still needs to pull the
sequenceids of HEAD and TAIL to determine the complete size, but this is
still reasonable.

Tested:
Redfish service validator passes.

Various versions of top and skip return the correct result, pulling
various top sizes from 0, omitted to the limit.

https://gerrit.openbmc.org/c/openbmc/openbmc-tools/+/72975

To test all corner cases.

Change-Id: I0456bca4e037529f70eaee0bdd9191e9d5839226
Signed-off-by: Ed Tanous <etanous@nvidia.com>

show more ...

Break journal logging into methods

Like we've done other places, make log services journal follow the
naming convention, and break down lambdas into actual methods.

This is a refactor not intended

Break journal logging into methods

Like we've done other places, make log services journal follow the
naming convention, and break down lambdas into actual methods.

This is a refactor not intended to make any functional changes.

Tested: Redfish service validator passes. Journal works as before.

Change-Id: Ibbc7a13fba9c63606f7fd9c741af3b296633b664
Signed-off-by: Ed Tanous <etanous@nvidia.com>

show more ...

Break out Journal log into its own file

log_services.hpp probably shouldn't have been allowed to get as large
as it has. This commit starts by breaking out functions from
log_services.hpp, and move

Break out Journal log into its own file

log_services.hpp probably shouldn't have been allowed to get as large
as it has. This commit starts by breaking out functions from
log_services.hpp, and moves them to manager_logservices_journal.hpp.
Code is moved as-is with no functional changes.

Tested: Journal GET works as before. Redfish service validator passes.

Change-Id: I93c372ae3e39967e1b0eaf0cf496f84ac4114b5c
Signed-off-by: Ed Tanous <ed@tanous.net>

show more ...

EventDestination: Implement VerifyCertificate

VerifyCertificate is a property on the Redfish EventDestination schema.
It specifies that this property is:
``` An indication of whether the service wil

EventDestination: Implement VerifyCertificate

VerifyCertificate is a property on the Redfish EventDestination schema.
It specifies that this property is:
``` An indication of whether the service will verify the certificate of
the server referenced by the `Destination` property prior to sending the
event ```

To keep prior behavior, and to ensure behavior that's secure by default,
if the user omits the property, it is assumed to be true. This property
is also persisted and restored.

Tested:
Redfish-Event-Listener succeeds with the following procedure
Start Redfish-Event-Listener
PATCH /redfish/v1/Subscriptions/<subid> VerifyCertificate: false
POST /redfish/v1/EventService/Actions/EventService.SubmitTestEvent

Redfish-Event-Listener then hits an internal error, due to an encoding
compatibility unrelated to this patch, but is documented in the receiver
[1]

POST of a subscription with VerifyCertificate: false set, succeeds.

[1] https://github.com/DMTF/Redfish-Event-Listener/blob/6f3f98beafc89fa9bbf86aa4f8cac6c1987390fb/RedfishEventListener_v1.py#L61

Change-Id: I27e0a3fe87b4dbd0432bfaa22ebf593c3955db11
Signed-off-by: Ravi Teja <raviteja28031990@gmail.com>
Signed-off-by: Ed Tanous <etanous@nvidia.com>

show more ...

Fix typo regression

This is an obvious typo introduced in
253f11b84347de6bff7c6b624bef270fefae5f5a

It's under a less used option, which is why it doesn't show up in
tests, but is obviously wrong.

Fix typo regression

This is an obvious typo introduced in
253f11b84347de6bff7c6b624bef270fefae5f5a

It's under a less used option, which is why it doesn't show up in
tests, but is obviously wrong. Fix it.

Tested: Inspection only.

Change-Id: Ic90f680890c32c0a2b698de61cc5caa99799e40b
Signed-off-by: Ed Tanous <ed@tanous.net>

show more ...

Fix OpenBMC OEMManager

The OpenBMC OEM schemas have had many things wrong since their creation,
to the point where nobody could be using them to generate values. This
commit fixes the issues, namel

Fix OpenBMC OEMManager

The OpenBMC OEM schemas have had many things wrong since their creation,
to the point where nobody could be using them to generate values. This
commit fixes the issues, namely.
OemManager schema and namespace are renamed to OpenBMCManager, in line
with the Redfish specification around OEM naming conventions.
OpenBMCManager now includes versions, which is a partial fix for #184.
json-schemas are regenerated from the CSDL to json script in
Redfish-Tools, rather than being handmade. This also introduces
versions in the json-schema.

Tested:
Redfish service validator passes.

Change-Id: I18f7d0445105a361775c04ae614d6ae2e297bbf6
Signed-off-by: Ed Tanous <ed@tanous.net>

show more ...

Show hypervisor path on GET of Systems collection

Redfish GET on `/redfish/v1/Systems` is missing to show the hypervisor
resource in its members list, even though hypervisor is available.
This commi

Show hypervisor path on GET of Systems collection

Redfish GET on `/redfish/v1/Systems` is missing to show the hypervisor
resource in its members list, even though hypervisor is available.
This commit fixes missing hypervisor resource in a GET response on
Systems collection. The `Members@odata.count` is retrieved as `uint64_t`
pointer. But the Json library might store this value as "int" or
"size_t". Therefore, directly casting it to uint64_t* might not work
as expected.

Tested By:
Verified "GET https://${bmc}/redfish/v1/Systems" returns the hypervisor
resource

Change-Id: If8713fc70663cf72cc555f695b8f4ec6547215a2
Signed-off-by: Asmitha Karunanithi <asmitk01@in.ibm.com>

show more ...

Make schemas selectable

Which schemas are installed should be selectable in both a meson config,
and trivially by forks. This commit gets us closer to that idea.

It does it in several ways, first,

Make schemas selectable

Which schemas are installed should be selectable in both a meson config,
and trivially by forks. This commit gets us closer to that idea.

It does it in several ways, first, the code for generating
JsonSchemaFile resources has been changed to be generated at runtime,
based on files on disk. This is slightly slower, but allows installing
schemas from anywhere, and matches the CSDL handling.

Next, the schema folders are separated into two sets
csdl -> This includes the complete schema pack from dmtf
installed -> this includes only the schemas the bmc includes

Similar folders exist for json-schema and json-schema-installed.

This allows any additional schemas to be a single symlink addition.
Note, this also checks in all of the dmtf json schemas, not just the
versions we use. This allows us to update the schema pack without
needing to break our versions we ship.

Because the static files are now selectable, all files need to be in a
folder. This forces the css and image for the redfish built-in gui to
be moved.

Tested:
/redfish/v1/JsonSchemas returns the correct result
/redfish/v1/JsonSchemas/UpdateService returns a JsonSchemaFile instance
/redfish/v1/JsonSchemas/UpdateService/UpdateService<version>json returns
the JsonSchemaFile contents.

Redfish service validator passes.

Change-Id: Ie96b2e4b623788dc2ec94eb40fcfd80325f0d826
Signed-off-by: Ed Tanous <ed@tanous.net>

show more ...

Support RespondToUnauthenticatedClients PATCH

RespondToUnauthenticatedClients allows users to explicitly select mTLS
as their only authentication mechanism, thus significantly reducing
their code ex

Support RespondToUnauthenticatedClients PATCH

RespondToUnauthenticatedClients allows users to explicitly select mTLS
as their only authentication mechanism, thus significantly reducing
their code exposure to unauthenticated clients.

From the Redfish specification

```
The RespondToUnauthenticatedClients property within the
ClientCertificate property within the MFA property of the AccountService
resource controls the response behavior when an invalid certificate is
provided by the client.
• If the property contains true or is not
supported by the service, the service shall not fail the TLS handshake.
This is to allow the service to send error messages or unauthenticated
resources to the client.
• If the property contains false , the service
shall fail the TLS handshake.
```

This commit implements that behavior.

This also has some added benefits in that we no longer have to check the
filesystem for every connection, as TLS is controlled explicitly, and
not whether or not a root cert is in place.

Note, this also implements a TODO to disable cookie auth when using
mTLS. Clients can still use IsAuthenticated to determine if they are
authenticated on request.

Tested:
Run scripts/generate_auth_certs.py to set up a root certificate and
client certificate. This verifies that mTLS as optional has not been
broken. Script succeeds.

```
PATCH /redfish/v1/AccountService
{"MultiFactorAuth": {"ClientCertificate": {"RespondToUnauthenticatedClients": false}}}
```

GET /redfish/v1
without a client certificate now fails with an ssl verification error

GET /redfish/v1
with a client certificate returns the result

```
PATCH /redfish/v1/AccountService
{"MultiFactorAuth": {"ClientCertificate": {"RespondToUnauthenticatedClients": false}}}
With certificate returns non mTLS functionality.
```

Change-Id: I5a9d6d6b1698bff83ab62b1f760afed6555849c9
Signed-off-by: Ed Tanous <ed@tanous.net>

show more ...

Store Request Fields that are needed later

Because of recent changes to how dbus authentication is done, Requests
might be moved out before they can be used. This commit is an attempt
to mitigate t

Store Request Fields that are needed later

Because of recent changes to how dbus authentication is done, Requests
might be moved out before they can be used. This commit is an attempt
to mitigate the problem without needing to revert that patch.

This commit does two relatively distinct things.

First, it moves basic auth types to a model where they're timed out
instead of removed on destruction. This removes the need for a Request
object to track that state, and arguably gives better behavior, as
basic auth sessions will survive through the timeout.
To prevent lots of basic auth sessions getting created, a basic auth
session is reused if it was:
1. Created by basic auth previously.
2. Created by the same user.
3. Created from the same source IP address.

Second, both connection classes now store the accept, and origin headers
from the request in the connection class itself, removing the need for
them.

Tested: HTML page now loads when pointing at a redfish URL with a
browser.

Change-Id: I623b43cbcbb43d9e65b408853660be09a5edb2b3
Signed-off-by: Ed Tanous <ed@tanous.net>

show more ...