Karol Niczyj authored Jul 15, 2021 and Ed Tanous committed Jul 20, 2021

According to https://www.apache.org/licenses/LICENSE-2.0


contents of apache license (LICENSE-2.0.txt) should be in LICENSE file.

Signed-off-by: Karol Niczyj <karol.niczyj@intel.com>
Change-Id: Iae83df57e0719a370868daf57bb98c578dcaa473

Konstantin Aladyshev authored Feb 26, 2021 and Ed Tanous committed Jul 20, 2021

BootSourceOverrideMode is the BIOS boot mode to use when
the system boots from the BootSourceOverrideTarget boot source.

Possible values are:
-Legacy - The system boots in non-UEFI boot mode to
          the boot source override target
-UEFI   - The system boots in UEFI boot mode to
          the boot source override target

For the architectures that don't implement Legacy/UEFI boot mode
property (for example POWER), don't publish BootSourceOverrideMode
interface at all.

Redfish validator has been executed on this change and no new
error was found.

Also tested with the help of the openbmc-test-automation framework.
When the Legacy/UEFI boot mode is present in the system command for
testing is:
  robot -v PLATFORM_ARCH_TYPE:x86 \
        -v OPENBMC_HOST:<BMC IP> \
        redfish/systems/test_boot_devices.robot

When the Legacy/UEFI boot mode is not present in the system command
for testing is:
  robot -v OPENBMC_HOST:<BMC IP> \
        redfish/systems/test_boot_devices.robot

Signed-off-by: Konstantin Aladyshev <aladyshev22@gmail.com>
Change-Id: Id64e428752b820d481ce15d56566dd7b06738ec0

Abhishek Patel authored Jun 21, 2021 and Ed Tanous committed Jul 20, 2021

Plan to use getPortInfo() to get the SSH SerialConsole in the
ComputerSystem.
This commit moves the getPortInfo functionality into the redfish
utility.

Tested: manually tested on Witherspoon system, there is no change in
output. Run Redfish validator, no error found.

Before:

"HTTPS": {
  "Certificates": {
    "@odata.id": "/redfish/v1/Managers/bmc/NetworkProtocol/HTTPS/
Certificates"
  },
  "Port": 443,
  "ProtocolEnabled": true
},
"IPMI": {
  "Port": 623,
  "ProtocolEnabled": true
},
"SSH": {
  "Port": 22,
  "ProtocolEnabled": true
}

After:

"HTTPS": {
  "Certificates": {
    "@odata.id": "/redfish/v1/Managers/bmc/NetworkProtocol/HTTPS/
Certificates"
  },
  "Port": 443,
  "ProtocolEnabled": true
},
"IPMI": {
  "Port": 623,
  "ProtocolEnabled": true
},
"SSH": {
  "Port": 22,
  "ProtocolEnabled": true
}

Change-Id: I126827fbbecec59adcf630b88e31bc5ff8151588
Signed-off-by: Abhishek Patel <Abhishek.Patel@ibm.com>

Mansi Joshi authored Jul 19, 2021 and Ed Tanous committed Jul 20, 2021

Memory Device Type support wasn't there for DDR5 type dimm.
Added code for the same as per latest SMBIOS spec DSP0134
version 3.4.0.

Tested:
Get of https://BMC-IP/redfish/v1/Systems/system/Memory/dimm

 gives
correct values.
"MemoryDeviceType": "DDR5",
"MemoryType": "DRAM"

Signed-off-by: Mansi Joshi <mansi.joshi@linux.intel.com>
Change-Id: I7c3590f3f0a1e17ea9f44736ced8a4f22d211411

P Dheeraj Srujan Kumar authored Jul 12, 2021 and Ed Tanous committed Jul 20, 2021

Altered return values form the function. With the earlier
implementation, the function returned PAM_AUTH_ERR on failure scenarios
which is incorrect. Replaced PAM_AUTH_ERR with PAM_CONV_ERR and
PAM_BUF_ERR at respetive places.

Added a check for number of messages received by the conversation
function capped at PAM_MAX_NUM_MSG.

Added a check for password size, which is capped at PAM_MAX_RESP_SIZE
as the bytes in the password greater than this limit would be discarded
by PAM.

Though pam_response structure and response, which are dynamically
allocated by the pam conversation function are the responsibility of the
caller to free them, with the current implemention, there is a possibility of
memory leak when numMsg would be zero or if PAM_PROMPT_ECHO_OFF
message never arrived.
This commit fixes the possible memory leak by allocating only on
receiving PAM_PROMPT_ECHO_OFF message.

Tested:
 - Basic Authencation is functional.
 - POST on /redfish/v1/SessionService/Sessions was succesfull with
   the right credentials
 - POST on /redfish/v1/AccountService was successfull when the password
   was within the limit, and returned a failure when password length
   exceeded the limit.

Signed-off-by: P Dheeraj Srujan Kumar <p.dheeraj.srujan.kumar@intel.com>
Change-Id: Idfa41d94d5a01b62aec119f88cbdaab1523ad936

sdbusplus changed the preferred template name to follow C++14
STL conventions and be named 'dedup_variant_t'.

Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Change-Id: I20a2526076170d7b6284956f2c889c9ecdac06ec

Asmitha Karunanithi authored Jul 13, 2021 and Ed Tanous committed Jul 14, 2021

The system dump entries URI was wrong (same as bmc dump entries) and
hence causes bmcweb to crash with the following error: "handler already
exists for /redfish/v1/Managers/bmc/LogServices/Dump/Entries/"

The below commit has caused this issue:
https://github.com/openbmc/bmcweb/commit/ed3982131dcef2b499da36e674d2d21


b2289ef29
The above change will impact the clients as listing of system dumps will
never work and also this causes bmcweb to crash.

This commit has the fix for the same.
Old Incorrect URI:
/redfish/v1/Managers/bmc/LogServices/Dump/Entries/
is changed to the following RI:
/redfish/v1/Systems/system/LogServices/Dump/Entries/


Tested the same.

Signed-off-by: Asmitha Karunanithi <asmitk01@in.ibm.com>
Change-Id: Idbf23cb2ca52575dd47d296884793a33710e07d5

Ed Tanous authored Jun 21, 2021 and Ed Tanous committed Jul 13, 2021

Clang-13 rightfully warns that the hasWebuiRoute variable isn't declared
as static.  This commit resolves that, and adds the static keyword so it
can be used in multiple compile units.  It also adds the static keyword
to the privilege registry, and the inline keyword to many methods that
now need it.

clang-format is also updated to version 12 in parse_registies.py, as
that's what CI uses, and what most people have installed.

Tested:
Followed clang-tidy instructions in README.md
"bitbake bmcweb" step now succeeds.

Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: Id43b13606754cb37a404799fce155599ac3a3240

GET on URI "/bus/system/" causes bmcweb service to crash.
This occurred as asyncResp was captured by reference by lambda.

Tested:
 - GET on /bus/system/ responded with desired output without crash.

Signed-off-by: P Dheeraj Srujan Kumar <p.dheeraj.srujan.kumar@intel.com>
Change-Id: I2c777be4bc2c95332d47df380c867891b133d016

Add return 0 for int main()

Signed-off-by: P Dheeraj Srujan Kumar <p.dheeraj.srujan.kumar@intel.com>
Change-Id: Ifa3216ae1b4cd0eb422679149ace6a1b59dbf85e

Ed Tanous authored Jun 14, 2021 and Ed Tanous committed Jul 07, 2021

Because these files are generated, there is no copyright that makes
sense, as these are "derivative works".  sdbusplus does not include
these in its generated files, bmcweb should do the same.

Tested:
Code compiles.

Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: I3c729f8c03176770b31b4f54ebdbdab92daae163

Ed Tanous authored Jun 09, 2021 and Ed Tanous committed Jul 07, 2021

This commit attempts to automate the creation of our privileges
structures from the redfish privilege registry.  It accomplishes this by
updating parse_registries.py to also pull down the privilege registry
from DMTF.
The script then generates privilege_registry.hpp, which include const
defines for all the privilege registry entries in the same format that
the Privileges struct accepts.  This allows new clients to simply
reference the variable to these privilege structures, instead of having
to manually (ie error pronely) put the privileges in themselves.

This commit updates all the routes.

For the moment, override and OEM schemas are not considered.  Today we
don't have any OEM-specific Redfish routes, so the existing ones inherit
their parents schema.  Overrides have other issues, and are already
incorrect as Redfish defines them.

Binary size remains unchanged after this patchset.

Tested:
Ran redfish service validator

Ran test case from f9a6708c to ensure
that the new privileges constructor didn't cause us to regress the brace
construction initializer.

Checked binary size with:
gzip -c
$BBPATH/tmp/work/s7106-openbmc-linux-gnueabi/obmc-phosphor-image/1.0-r0/rootfs/usr/bin/bmcweb
| wc -c
1244048

(tested on previous patchset)

Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: Ideede3d5b39d50bffe7fe78a0848bdbc22ac387f

The computer system power mode defines the behavior of a system
based on the performance and power saving requirements.
For example, a system could be set to MaximumPerformance to
run as fast as possible without regard to power consumption.
A system could also be configured to run in PowerSaving mode
which would be running at slower speeds to try to save power.
More information can be found at https://gerrit.openbmc-project.xyz/c/openbmc/docs/+/38786

This commit will allow GET / PATCH operations to the PowerMode property

PowerMode was added in Redfish Release 2021.1:
https://www.dmtf.org/content/redfish-release-20211-now-available

Tested: I manually tested retrieving and setting the PowerMode property
on a Rainier system (with good and bad values):
  # curl -k https://$bmc/redfish/v1/Systems/system
  {
    "@odata.id": "/redfish/v1/Systems/system",
    "@odata.type": "#ComputerSystem.v1_15_0.ComputerSystem
  ...
    "PartNumber": "",
    "PowerMode": "MaximumPerformance",
    "PowerMode@Redfish.AllowableValues": [
      "Static",
      "MaximumPerformance",
      "PowerSaving"
    ],
    "PowerRestorePolicy": "AlwaysOff",
  ...
  # curl -k https://$bmc/xyz/openbmc_project/control/host0/power_mode
  {
    "data": {
      "PowerMode": "xyz.openbmc_project.Control.Power.Mode.PowerMode.MaximumPerformance"
    },
    "message": "200 OK",
    "status": "ok"
  }
  # curl -k -X PATCH -d '{ "PowerMode":"Static"}' https://$bmc/redfish/v1/Systems/system
  curl -k https://$bmc/xyz/openbmc_project/control/host0/power_mode


  {
    "data": {
      "PowerMode": "xyz.openbmc_project.Control.Power.Mode.PowerMode.Static"
    },
    "message": "200 OK",
    "status": "ok"
  }
Ran Validator on hardware and all tests passed:
Elapsed time: 0:05:07
Counter({'skipOptional': 7128, 'pass': 6020, 'metadataNamespaces': 2217, 'passGet': 315, 'warnDeprecated': 212, 'serviceNamespaces': 79, 'warningPresent': 47, 'warnTrailingSlashLink': 24, 'invalidPropertyValue': 18, 'passAction': 14, 'optionalAction': 11, 'repeat': 3, 'unverifiedComplexAdditional': 1})
Validation has succeeded.

Signed-off-by: Chris Cain <cjcain@us.ibm.com>
Change-Id: I5523a0ebe4a2a77ea4709a14863bff7b55f0303d

Ali Ahmed authored Jun 29, 2021 and Ed Tanous committed Jul 01, 2021

TrustedModuleRequiredToBoot is a Redfish ComputerSystem v1_14_0
property, determining if a working TPM is required in order to boot
the host. The TPM Required property is mapped to the "TPMEnable" D-Bus
property. The possible values for the Redfish property are "Required"
and "Disabled".

This commit will add the GET operations to the
TrustedModuleRequiredToBoot Redfish property.
(See https://gerrit.openbmc-project.xyz/c/openbmc/bmcweb/+/44044


for the PATCH operations for this property).

Testing:

1) Tested on HW: I manually tested retrieving the property:
     $ curl -k https://${bmc}/redfish/v1/Systems/system
{
  "@odata.id": "/redfish/v1/Systems/system",
  "@odata.type": "#ComputerSystem.v1_14_0.ComputerSystem",
...
 "Boot": {
    "AutomaticRetryAttempts": 3,
    "AutomaticRetryConfig": "RetryAttempts",
    "AutomaticRetryConfig@Redfish.AllowableValues": [
      "Disabled",
      "RetryAttempts"
    ],
    "BootSourceOverrideEnabled": "Disabled",
    "BootSourceOverrideMode": "Legacy",
    "BootSourceOverrideTarget": "None",
    "BootSourceOverrideTarget@Redfish.AllowableValues": [
      "None",
      "Pxe",
      "Hdd",
      "Cd",
      "Diags",
      "BiosSetup",
      "Usb"
    ],
    "RemainingAutomaticRetryAttempts": 3,
    "TrustedModuleRequiredToBoot": "Required"
  },
...

TrustedModuleRequiredToBoot switches between 'Required' and 'Disabled'
values when the relevant  dbus property is changed.
(D-Bus Interface: xyz.openbmc_project.Control.TPM.Policy)
(D-Bus Property: TPMEnable)

2) Redfish Validator Testing: Tested on ComputerSystem v1_14_0 schema
    Validator Test everything passed and 0 failures.

Signed-off-by: Ali Ahmed <ama213000@gmail.com>
Change-Id: I7d0b9430e592d6d8ec95cd9090551fab802d8f54

This reverts commit 0ef217f4.

This commit requires 753d034d to
function, which is also being reverted as part of fixing a regression.

Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: Ie6cfa6bb247d66f7c0d0291a07982bbd54d104c4

This reverts commit af61db10 which
breaks the ability to detect and post json content as HTTP.  I suspect
something went wrong with the requestPrefersHtml() method that was
modified in this commit.  Authors should feel free to resubmit this
patch once they have the failure understood and fixed.

Change-Id: Id6e8d102fe5d4b02ac0dce06bff50c28edfcf44c
Signed-off-by: Ed Tanous <edtanous@google.com>

432a890c removed the ambiguous privileges constructor.
af61db10 added code that used this removed ambiguous privileges
constructor.

This is causing bmcweb CI and bmcweb autobumps to fail.

The error looks like:
error: cannot convert '<brace-enclosed initializer list>' to 'const
std::initializer_list<std::initializer_list<const char*> >&'
|  3102 |         .privileges({"Login"})

af61db10 passed CI because it was pushed before and based on a parent
that was before 432a890c.

Tested: bmcweb builds. No further testing done.
Change-Id: I21399033d63851e3c83f3cd5a00e1227064e6941
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>

DMTF published new entity privileges for certificate service classes
which modify entity privilege Certificate, CertificateCollection,
CertificateLocations, and CertificateService on bmcweb. Modification
restricts a user without "ConfigureManager" from accessing the
CertificateCollection and Certificate scehamas

Redfish is a hypermedia API where the parent URI describes sub-URI.
Thus, restricting sub-URI in a parent-URI data helps to forbidden user
access, stricken the rule.  So sub-URI only gets display if a user has
access to that URI.

Restricting the link allows the Redfish Validator to pass.

These impact roles without ConfigureManager, which include operator
and read-only. No access is not impacted since it already did not
have access.

The following are bmcweb user consequences:
1. ReadOnly and Operator role users are no longer able to view
   certificates or the certificate collection (LDAP, HTTPS, TrustStore)
2. Operator role users are no longer able to replace the certificates
   (LDAP, HTTPS, TrustStore), Install certificates (LDAP, HTTPS,
   TrustStore) or delete the Truststore Certificate. HTTPS and LDAP
   certificates do not have delete methods.

Resolves openbmc/bmcweb#61

Tested: manually tested on Witherspoon system and run Redfish-Service-
Validator with all roles root, operator, read-only, and No access. Test
pass for root, operator, and read-only roles, And new errors get
introduced for no access role.

Signed-off-by: Abhishek Patel <Abhishek.Patel@ibm.com>
Change-Id: Ibc5eed7db7e224e46f8572df8bcfba2a1ff47644

Tejas Patil authored Jun 04, 2021 and Ed Tanous committed Jun 30, 2021

This commit adds the support for "DateTimeLocalOffset" property under
"/redfish/v1/Managers/bmc/" Redfish URI.
And it also adds the support for "DateTime" & "DateTimeLocalOffset"
properties under "/redfish/v1/Systems/system/LogServices/<id>/" &
"/redfish/v1/Managers/bmc/LogServices/<id>/" Redfish URI's.

These properties shows the current Date, Time & the UTC offset that the
current DateTime property value contains.

Tested:

- Redfish Validator Test passed.

curl -k -H "X-Auth-Token: $token" -H "Content-Type: application/json" -X GET https://${bmc}/redfish/v1/Managers/bmc/
{
"@odata.id": "/redfish/v1/Managers/bmc",
"@odata.type": "#Manager.v1_11_0.Manager",
"Actions": {
"#Manager.Reset": {
"@Redfish.ActionInfo": "/redfish/v1/Managers/bmc/ResetActionInfo",
"target": "/redfish/v1/Managers/bmc/Actions/Manager.Reset"
},
"#Manager.ResetToDefaults": {
"ResetType@Redfish.AllowableValues": [
"ResetAll"
],
"target": "/redfish/v1/Managers/bmc/Actions/Manager.ResetToDefaults"
}
},
"DateTime": "2021-06-04T12:18:28+00:00",
"DateTimeLocalOffset": "+00:00",
"Description": "Baseboard Management Controller",
"EthernetInterfaces": {
"@odata.id": "/redfish/v1/Managers/bmc/EthernetInterfaces"
},
"FirmwareVersion": "2.11.0-dev-114-gc1989599d",
"GraphicalConsole": {
"ConnectTypesSupported": [
"KVMIP"
],
"MaxConcurrentSessions": 4,
"ServiceEnabled": true
},
"Id": "bmc",
"LastResetTime": "2021-06-04T12:07:02+00:00",
"Links": {
"ActiveSoftwareImage": {
"@odata.id": "/redfish/v1/UpdateService/FirmwareInventory/419c86fb"
},
"ManagerForServers": [
{
"@odata.id": "/redfish/v1/Systems/system"
}
],
"ManagerForServers@odata.count": 1,
"SoftwareImages": [
{
"@odata.id": "/redfish/v1/UpdateService/FirmwareInventory/419c86fb"
}
],
"SoftwareImages@odata.count": 1
},
"LogServices": {
"@odata.id": "/redfish/v1/Managers/bmc/LogServices"
},
"ManagerType": "BMC",
"Model": "OpenBmc",
"Name": "OpenBmc Manager",
"NetworkProtocol": {
"@odata.id": "/redfish/v1/Managers/bmc/NetworkProtocol"
},
"Oem": {
"@odata.id": "/redfish/v1/Managers/bmc#/Oem",
"@odata.type": "#OemManager.Oem",
"OpenBmc": {
"@odata.id": "/redfish/v1/Managers/bmc#/Oem/OpenBmc",
"@odata.type": "#OemManager.OpenBmc",
"Certificates": {
"@odata.id": "/redfish/v1/Managers/bmc/Truststore/Certificates"
}
}
},
"PowerState": "On",
"SerialConsole": {
"ConnectTypesSupported": [
"IPMI",
"SSH"
],
"MaxConcurrentSessions": 15,
"ServiceEnabled": true
},
"ServiceEntryPointUUID": "1832ebbb-0b54-44e9-90d7-b49108f6863c",
"Status": {
"Health": "OK",
"HealthRollup": "OK",
"State": "Enabled"
},
"UUID": "7fe3d13d-4ae7-4a4f-add1-2d60308124b4"
}

curl -k -H "X-Auth-Token: $token" -H "Content-Type: application/json" -X GET https://${bmc}/redfish/v1/Systems/system/LogServices/EventLog/
{
"@odata.id": "/redfish/v1/Systems/system/LogServices/EventLog",
"@odata.type": "#LogService.v1_1_0.LogService",
"Actions": {
"#LogService.ClearLog": {
"target": "/redfish/v1/Systems/system/LogServices/EventLog/Actions/LogService.ClearLog"
}
},
"DateTime": "2021-06-04T12:11:10+00:00",
"DateTimeLocalOffset": "+00:00",
"Description": "System Event Log Service",
"Entries": {
"@odata.id": "/redfish/v1/Systems/system/LogServices/EventLog/Entries"
},
"Id": "EventLog",
"Name": "Event Log Service",
"OverWritePolicy": "WrapsWhenFull"
}

Signed-off-by: Tejas Patil <tejaspp@ami.com>
Change-Id: I416d13ae11e236cf4552f817a9bd69b48f9b5afb

Abhishek Patel authored Jun 11, 2021 and Ed Tanous committed Jun 30, 2021

GitHub, whenever it detects URI/URL, then converts that into a
hyperlink.

It is good to disable auto-linking, but there are only two ways to
implement it, one is adding HTML tag (Ex: <spam>) and
HTML code (&#8203;), which convert URL/URI into non-url.

Commits 2ebb9683 and cb0d27e0 added an extra \. This failed to disable
autolinking. This commit removes that extra \

NOTE:- There might be another way possible, but this is a tested
way to remove hyperlink

Both changes get added to the middle of the text, which gets converted
to hyperlinks, making it hard to read and understand when reading from
a file (not from GitHub).

Signed-off-by: Abhishek Patel <Abhishek.Patel@ibm.com>
Change-Id: I61a7721d8218a1d3ac0405dec4ba74832c817e87

- Add a GET method /redfish/v1/Systems/system/LogServices/PostCodes
  /Entries/<str>/attachment/, Get the attribute value through the
  getPostCodes method and encode it as base64, and send it off.

- This allows the use to offload error logs for analysis and further
  parsing if needed. An http header of "Accept:
  application/octet-stream" or the default "*/*" is expected.

Tested:
- Ran Redfish validator.

- pldmtool raw --data 0x80 0x3F 0xC 0x0A 0x00 0x00 0x00 0x00 0x00 0x07 0x00 0x00 0x00 0x48 0x00 0x00 0x00 0x02 0x00 0x00 0x01 0x00 0x00 0x00 0x48 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x53 0x54 0x41 0x4e 0x44 0x42 0x59 0x20 0x20 0x20 0x20 0x20 0x20 0x20 0x20 0x20 0x20 0x20 0x20 0x20 0x20 0x20 0x20 0x20 0x20 0x20 0x20 0x20 0x20 0x20 0x20 0x20

$curl -k https://127.0.0.1:2443/redfish/v1/Systems/system/LogServices/PostCodes/Entries/B1-1/attachment/


output:
AgAAAQAAAEgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFNUQU5EQlkgICAgICAgICAgICAgICAgICAgICAgICAg

Signed-off-by: George Liu <liuxiwei@inspur.com>
Change-Id: I74dd6c1dc2d3dfb7908f7741e0d9e7825c1df816

- Need to support the Additional Data URI on Post Code log service.
  IBM progress codes are typically 72 bytes including a primary code
  (8 bytes) and a secondary code that contains hex words that would
  provide additional details on the core problem during boot hangs.
  These secondary hex words would be in this Additional Data URI.

- Need to check for the secondary progress code(std::vector<uint8_t>)
  If it is empty, then do not generate the Additional Data URI.
  If it is not empty, then generate Additional Data URI for that
  particular post entry.

- This commit is not alone for IBM, it is a generic code that should
  work on every system.
  As per the recent PDI change that went into Progress code structure
  https://github.com/openbmc/phosphor-dbus-interfaces/commit/9a96970ebb93eb1f495c200801343a4d1c53977c#diff-0aad0ef8ed32e2652256f50357eede1aedd6ff1398df1bb1a121ad9125916c5f
  1. The primary code(uint64_t) is what we see in the BIOSPOSTCode
     Message registry.
  2. The secondary code(array[byte]) is the entire raw buffer which
     could be used to offload the information out of BMC.
  This should not impact any systems that does not have a secondary
  code, as if the secondary code is empty -> we will not populate the
  AdditionalDataURI at all.

Tested:
- Ran Redfish validator which instructed to bump the odata.type from
  v1_4_0 to v1_8_0 and passed.

- Verified the new AdditionalDataURI was correct for
  LogServices/PostCodes/Entries/<str>:
  $ curl -k
https://127.0.0.1:2443/redfish/v1/Systems/system/LogServices/PostCodes/Entries/B1-1


  {
	"@odata.id": "/redfish/v1/Systems/system/LogServices/PostCodes/Entries",
	"@odata.type": "#LogEntry.v1_8_0.LogEntry",
	"Description": "Collection of POST Code Log Entries",
	"Members": [
	  {
        "@odata.id": "/redfish/v1/Systems/system/LogServices/PostCodes/Entries/B1-1",
	    "@odata.type": "#LogEntry.v1_8_0.LogEntry",
	    "AdditionalDataURI": "/redfish/v1/Systems/system/LogServices/PostCodes/Entries/B1-1/attachment",
	    ... ...
      }
	],
	"Members@odata.count": 1,
	"Name": "BIOS POST Code Log Entries"
  }

Signed-off-by: George Liu <liuxiwei@inspur.com>
Change-Id: I897888a08db94e22b5a8098bc2a874b00bfb5361

Gunnar Mills authored Nov 06, 2020 and Ed Tanous committed Jun 27, 2021

2020.3 moved SerialConsole and GraphicalConsole to ComputerSystem.

More information can be found on:
http://www.dmtf.org/sites/default/files/Redfish_Release_2020.3_Overview.pdf

These Consoles are readonly properties and were recently added.
Figured no clients are looking for them, but the OCP profile does
require SerialConsole so left them in Manager.

The OCP profile has not released a new version in 18 months.
Filed the following issue with the profile:
https://github.com/opencomputeproject/OCP-Profiles/issues/23



After we remove from manager the following validator warning
will go away:
"SerialConsole: The given property is deprecated by revision:
This property has been deprecated in favor of the SerialConsole
property in the ComputerSystem resource."

Tested: Passes Validator.
  "GraphicalConsole": {
    "ConnectTypesSupported": [
      "KVMIP"
    ],
    "MaxConcurrentSessions": 4,
    "ServiceEnabled": true
  },

  "SerialConsole": {
    "IPMI": {
      "ServiceEnabled": true
    },
    "MaxConcurrentSessions": 15,
    "SSH": {
      "HotKeySequenceDisplay": "Press ~. to exit console",
      "Port": 2200,
      "ServiceEnabled": true
    }
  },

Change-Id: I1cc41c0da67e0d4123678f645828dfe1856d7a8f
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>
Signed-off-by: Abhishek Patel <Abhishek.Patel@ibm.com>

The allow list should contain all schemas implemented by bmcweb.

The allow list was missing the Privileges schema. The Privileges schema
is referenced in the Role schema here:

"AssignedPrivileges": {
  "description": "The Redfish privileges for this role.",
  "items": {
    "$ref": "http://redfish.dmtf.org/schemas/v1/Privileges.json#/definitions/PrivilegeType"

https://redfish.dmtf.org/schemas/v1/Role.v1_3_1.json

In OpenBMC CI Redfish Validator testing the following error was hit 3
times:

ERROR - ConnectionError on http://redfish.dmtf.org/schemas/v1/Privileges_v1.xml:
ConnectionError(ProtocolError('Connection aborted.',
RemoteDisconnected('Remote end closed connection without response')))

Network glitch somewhere but inspired this change.

Long term not sure if the allow list makes sense. While still used today
(and for the immediate future) it should attempt to accurately reflect
the implemented schemas in bmcweb.

The allow list was added in 349a2ac3 to save space.

Information on the CI Redfish Validator testing can be found at
https://github.com/openbmc/openbmc-test-automation/search?q=Redfish-Service-Validator


The test redownloads the schemas each time.

Tested: Validator passed.
See the new schema:
{
  "@odata.id": "/redfish/v1/JsonSchemas/Privileges"
},

Change-Id: Iaf3de36b211efab4115a17fd43f0263b8bd3107f
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>

Some Processors may support exposing a globally unique identifier in
addition to a serial number. Redfish supports this via
ProcessorId.ProtectedIdentificationNumber property. ("Protected"
indicates it may be a sensitive value due to tracking/privacy concerns -
Intel CPUs allow the customer to mask the PPIN so it can't be exposed.)

cpuinfoapp in smbios-mdr repo is currently implementing this interface.

Tested:
- New property is shown (only for cpus with valid PPIN)
- Passed Redfish Service Validator with no errors.

Signed-off-by: Jonathan Doman <jonathan.doman@intel.com>
Change-Id: I233931ac640338e8f50f37ba4cc7298c7a0db9bf

Ed Tanous authored Jun 17, 2021 and Ed Tanous committed Jun 22, 2021

As part of rearranging include files, it was found that a couple files
don't include what they use.  bmcweb_config.h.in uses size_t, which
isn't in cstdint, and a couple files use variables out of
bmcweb_config.h, which it didn't include.

Tested:
Code compiles;  No functional changes.

Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: I6d8f3617d10a30a1f0209e492841e9d3adc9c3f3

Make the https port number configurable through meson option
"https_port".
It will have a default value of 443.

Need the port to be configurable because on some setups the allowed
ports for BMC's network are limited. 443 is not one of the open ports.

Tested:
Tested default option and also explicitly setting to a specific
port.

Signed-off-by: Vivekanand Veeracholan <vveerach@google.com>
Change-Id: I8e9675865812da6f6ebcd121e87efab840b9dd33

Albert Zhang authored Jun 15, 2021 and Ed Tanous committed Jun 18, 2021

This patch adds support for disabling and enabling SSH using
Redfish API.

Tested:Validator passes

1.Disabled SSH from Redfish and verified cannot open a new SSH
connection to the machine, but the original SSH connection still
takes effect and verified ProtocolEnabled is false for SSH.

 curl -k -H "X-Auth-Token: $token" -X  GET
 https://${bmc}/redfish/v1/Managers/bmc/NetworkProtocol/
 {
  "@odata.id": "/redfish/v1/Managers/bmc/NetworkProtocol",
  ...
  "SSH": {
    "Port": 22,
    "ProtocolEnabled": true
  },
  ...
 }

 curl -k -H "X-Auth-Token: $token" -X PATCH '-d
 {"SSH": {"ProtocolEnabled": false}}'
 https://${bmc}/redfish/v1/Managers/bmc/NetworkProtocol/

 Open a new SSH connection:
 sudo ssh username@<IP>
 ssh: connect to host <IP> port 22: Connection refused

 curl -k -H "X-Auth-Token: $token" -X  GET
 https://${bmc}/redfish/v1/Managers/bmc/NetworkProtocol/
 {
  "@odata.id": "/redfish/v1/Managers/bmc/NetworkProtocol",
  ...
  "SSH": {
    "Port": 22,
    "ProtocolEnabled": false
  },
  ...
 }

 D-bus has changed to :

 busctl introspect xyz.openbmc_project.Control.Service.Manager
 /xyz/openbmc_project/control/service/dropbear
 NAME                   TYPE      SIGNATURE RESULT/VALUE FLAGS
 ...                    ...       ...
 xyz.openbmc_project.Control.Service.Attributes       interface
 .Enabled                property  b    false  emits-change writable
 .Masked                 property  b    false  emits-change writable
 .Running                property  b    false  emits-change writable
 ...

2.Abled SSH from Redfish, verified can open a new SSH
connection to the machine and ProtocolEnabled is true for SSH.

 curl -k -H "X-Auth-Token: $token" -X  GET
 https://${bmc}/redfish/v1/Managers/bmc/NetworkProtocol/
 {
  "@odata.id": "/redfish/v1/Managers/bmc/NetworkProtocol",
  ...
  "SSH": {
    "Port": 22,
    "ProtocolEnabled": false
  },
  ...
 }

 curl -k -H "X-Auth-Token: $token" -X PATCH '-d
 {"SSH": {"ProtocolEnabled": false}}'
 https://${bmc}/redfish/v1/Managers/bmc/NetworkProtocol/

 Open a new SSH connection:
 sudo ssh username@<IP>
 Successfully connected

 curl -k -H "X-Auth-Token: $token" -X  GET
 https://${bmc}/redfish/v1/Managers/bmc/NetworkProtocol/
 {
  "@odata.id": "/redfish/v1/Managers/bmc/NetworkProtocol",
  ...
  "SSH": {
    "Port": 22,
    "ProtocolEnabled": true
  },
  ...
 }

 D-bus has changed to :

 busctl introspect xyz.openbmc_project.Control.Service.Manager
 /xyz/openbmc_project/control/service/dropbear
 NAME                   TYPE      SIGNATURE RESULT/VALUE FLAGS
 ...                    ...       ...
 xyz.openbmc_project.Control.Service.Attributes       interface
 .Enabled                property  b    true  emits-change writable
 .Masked                 property  b    false  emits-change writable
 .Running                property  b    true  emits-change writable
 ...

Signed-off-by: Albert Zhang <zhanghaodi@inspur.com>
Change-Id: Ifd80db4d33934e83d4e5f337e5dfd02b4ba39018

The compile flag should initially be enable(allowing the old
Power/Thermal). At a later date,we can move this flag to
defaulted off. At an even later date we can remove the old
Power/Thermal implementation.

Test:
1. Validator passed.
2.The default value is enable, so old Power/Thermal can be used
normally.Use the curl commond, old Power/Thermal still exists.
~$ curl -i -k -H "X-Auth-Token: $token" -X GET
"https://${bmc}/redfish/v1/Chassis/chassis"
{
"@odata.id": "/redfish/v1/Chassis/chassis",
"@odata.type": "#Chassis.v1_15_0.Chassis",
"Actions": {
"#Chassis.Reset": {
"@Redfish.ActionInfo": "/redfish/v1/Chassis/chassis/ResetActionInfo",
"target": "/redfish/v1/Chassis/chassis/Actions/Chassis.Reset"
}
},
"ChassisType": "RackMount",
"Id": "chassis",
"Links": {
"ComputerSystems": [
{
"@odata.id": "/redfish/v1/Systems/system"
}
],
"ManagedBy": [
{
"@odata.id": "/redfish/v1/Managers/bmc"
}
]
},
"Name": "chassis",
"PCIeDevices": {
"@odata.id": "/redfish/v1/Systems/system/PCIeDevices"
},
"PCIeSlots": {
"@odata.id": "/redfish/v1/Chassis/chassis/PCIeSlots"
},
"Power": {
"@odata.id": "/redfish/v1/Chassis/chassis/Power"
},
"PowerState": "Off",
"PowerSubsystem": {
"@odata.id": "/redfish/v1/Chassis/chassis/PowerSubsystem"
},
"Sensors": {
"@odata.id": "/redfish/v1/Chassis/chassis/Sensors"
},
"Status": {
"Health": "OK",
"HealthRollup": "OK",
"State": "StandbyOffline"
},
"Thermal": {
"@odata.id": "/redfish/v1/Chassis/chassis/Thermal"
}
}

Signed-off-by: zhanghaicheng <zhanghch05@inspur.com>
Change-Id: Id3556c18dc6aac95fd5aa02cdf2983378c01fb68

The ASN1 free will slowly leak memory for incorrect mutual auth
connections because if the certificate does not match the requirements
the function will return without freeing the usage string.

Tested: curl --cert client-cert.pem --key client-key.pem --cacert \
          CA-cert.pem https://${bmc}/redfish/v1/SessionService/Sessions

Change-Id: I4c335d3cd151187c7a10e7e668d1556c11389039
Signed-off-by: Vernon Mauery <vernon.mauery@linux.intel.com>

John Edward Broadbent authored Jun 10, 2021 and Ed Tanous committed Jun 16, 2021

It appears that the managers field was duplicated in the service root
response.

Tested: There was no change in the follow curl request
curl -c cjar -b cjar -k -H "Content-Type: application/json" -X GET https://192.168.7.2:443/redfish/v1/


{
  "@odata.id": "/redfish/v1",
  "@odata.type": "#ServiceRoot.v1_5_0.ServiceRoot",
  "AccountService": {
    "@odata.id": "/redfish/v1/AccountService"
  },
  "CertificateService": {
    "@odata.id": "/redfish/v1/CertificateService"
  },
  "Chassis": {
    "@odata.id": "/redfish/v1/Chassis"
  },
  "EventService": {
    "@odata.id": "/redfish/v1/EventService"
  },
  "Id": "RootService",
  "JsonSchemas": {
    "@odata.id": "/redfish/v1/JsonSchemas"
  },
  "Links": {
    "Sessions": {
      "@odata.id": "/redfish/v1/SessionService/Sessions"
    }
  },
  "Managers": {
    "@odata.id": "/redfish/v1/Managers"
  },
  "Name": "Root Service",
  "RedfishVersion": "1.9.0",
  "Registries": {
    "@odata.id": "/redfish/v1/Registries"
  },
  "SessionService": {
    "@odata.id": "/redfish/v1/SessionService"
  },
  "Systems": {
    "@odata.id": "/redfish/v1/Systems"
  },
  "Tasks": {
    "@odata.id": "/redfish/v1/TaskService"
  },
  "TelemetryService": {
    "@odata.id": "/redfish/v1/TelemetryService"
  },
  "UUID": "0d1ead49-71e5-47e2-943d-165635d7cf60",
  "UpdateService": {
    "@odata.id": "/redfish/v1/UpdateService"
  }
}

Signed-off-by: John Edward Broadbent <jebr@google.com>
Change-Id: Icc06d74fccf9efff6d36ef36559064dbab530ae6

There are a number of endpoints that assume that a given routes
privileges are governed by a single set of privileges, instead of
multiple sets ORed together.  To handle this, there were two overloads
of the privileges() method, one that took a vector of Privileges, and
one that took an initializer_list of const char*.  Unfortunately, this
leads some code in AccountService to pick the wrong overload when it's
called like this
.privileges( {{"ConfigureUsers"}, {"ConfigureManager"},
{"ConfigureSelf"}})

This is supposed to be "User must have ConfigureUsers, or
ConfigureManager, or ConfigureSelf".  Currently, because it selects the
wrong overload, it computes to "User must have ConfigureUsers AND
ConfigureManager AND ConfigureSelf.

The double braces are supposed to cause this to form a vector of
Privileges, but it appears that the initializer list gets consumed, and
the single invocation of initializer list is called.  Interestingly,
trying to put in a privileges overload of
intializer_list<initializer_list<const char*>> causes the compilation to
fail with an ambiguous call error, which is what I would've expected to
see previously in this case, but alas, I'm only a novice when it comes
to how the C++ standard works in these edge cases.  This is likely due
in part to the fact that they were templates of an unused template param
(seemingly copied from the previous method) and SFINAE rules around
templates.

This commit functionally removes one of the privileges overloads, and
adds a second set of braces to every privileges call that previously had
a single set of braces.  Previous code will not compile now, which is
IMO a good thing.

This likely popped up in the Node class removal, because the Node class
explicitly constructs a vector of Privilege objects, ensuing it can hit
the right overload

Tested:
Ran Redfish service validator

Tested the specific use case outlined on discord with:
Creating a new user with operator privilege:
```
redfishtool -S Always -u root -p 0penBmc -vvvvvvvvv -r 192.168.7.2
AccountService adduser foo mysuperPass1 Operator
```

Then attempting to list accounts:
```
curl -vvvv --insecure --user foo:mysuperPass1
https://192.168.7.2/redfish/v1/AccountService/Accounts/foo


```

Which succeeded and returned the account in question.

Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: I83e62b70e97f56dc57d43b9081f333a02fe85495

With redfish-dump-log enabled, the bmcweb service would throw a
runtime error and exit because the dump entries routes for
Managers and Systems were the same.

The Systems dump entries route should be
'/redfish/v1/Systems/system/LogServices/Dump/Entries/'

Tested:
With redfish-dump-log enabled,
 - bmcweb service does not throw runtime error
 - Redfish Service Validator passes

Signed-off-by: Charles Boyer <Charles.Boyer@fii-usa.com>
Change-Id: I0ffd19bfc643cb8a3be3c5c2cd88c270ec974267

Ed Tanous authored Jun 11, 2021 and Ed Tanous committed Jun 11, 2021

The latest version of the registries causes a validator failure:
"ERROR - Messages.UndeterminedFault.ParamTypes: Value of Collection
property is null but Collections cannot be null, only their entries"

This appears to be because of a base registry bug where
UndeterminedFault has "NumberOfArgs": 1, but then is missing the
ParamTypes key.  This causes bmcweb to produce

ParamTypes: null

in the json, which is definitely incorrect.

This commit throws some duct tape over the problem for the moment, and
forces the key to at least be the correct type.  This changes the
response to:

ParamTypes: []

While this is still incorrect, bmcweb now passes the service validator,
which I think is ok for the moment.  I will follow up with a DMTF bug
against the base registry shortly, but because it will likely take them
several months to release a new revision, this temporary fix will be
required in the meantime.

Tested:
Ran service validator before and after this patch, and observed the
aformentioned behavior, and the validator now passes on the base
Registry schema.

Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: I7d007a0614e833b0a254c78cad068d3eb5fe88e3

Chicago Duan authored Jun 11, 2021 and Ed Tanous committed Jun 11, 2021

Fix the bug that can't get/patch/delete EventDestination

Tested: It works good and validation has succeeded.

Signed-off-by: Chicago Duan <duanzhijia01@inspur.com>
Change-Id: Ideb743f9f2a7900a444bc912bfedbb75dfe7c8e7

Ed Tanous authored Jun 10, 2021 and Ed Tanous committed Jun 10, 2021

the tests on
https://gerrit.openbmc-project.xyz/c/openbmc/openbmc/+/43984

 identified
that there are some that actually look at response codes, and expect
200.  This would show up as failures that looked like:

Test SSL Connection :: This testcase is for testing the SSL connec... | [31mFAIL[0m |
Parent suite setup failed:
ValueError: The HTTP status code was not valid:
status:                                           204
valid_status_codes:
  [0]:                                            200


This commit fixes the behavior change to move back to the old behavior,
and causes SessionService Delete to return 200 with a success message.
This commit changes this code back to 200, even though 204 is valid and
the test should pass for both, 200 with a success message more closely
follows Redfish.

Tested:
Code builds.  Expect the above bump to test this behavior directly.

Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: I1d6bbfab867dc757c78f745119cfd9835ebbc505

Chicago Duan authored Jun 10, 2021 and Ed Tanous committed Jun 10, 2021

MaxImageSizeBytes was added in this commit:
https://gerrit.openbmc-project.xyz/c/openbmc/bmcweb/+/43775
but the UpdateService version number was not changed.

MaxImageSizeBytes in UpdateService belongs to UpdateService.v1_5_0.json

https://redfish.dmtf.org/schemas/v1/UpdateService.v1_5_0.json



Tested: Validator passes

Signed-off-by: Chicago Duan <duanzhijia01@inspur.com>
Change-Id: I68f01ce5fb8f8e715c0e0fad6a34ab609acca01b

Ed Tanous authored Jun 09, 2021 and Ed Tanous committed Jun 10, 2021

We've had some fields get updated in the base registry that didn't seem
to run the script.  This commit updates us to the latest base and
TaskEvent Registries.  This should have no impact.

Tested:
Code compiles.  No functional impact.

Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: Iea4ee79fc798b57efa0e915195f72711858c61b9

Ed Tanous authored Jun 09, 2021 and Ed Tanous committed Jun 10, 2021

We're currently on clang-format-11, the scripts should represent this.

Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: Ic4d2719d4ae28e51e0579cdcc8e8efbd47b65dbe

Ed Tanous authored Jun 09, 2021 and Ed Tanous committed Jun 10, 2021

The python registries script used the variable json, which conflicts
with the "import json" module.  This commit changes the name of the
variable to json_dict, which is hopefully a more generic name:

Tested:
Ran script, observed same behavior.  Registries are out of date, but
will be updated in a later commit.

Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: Icedc1d79ff5c9d8bfc8fe5eac96a1c6ea059272a