commit | 96200606ab8a2a8de9f007f9e06cd748b134e2c5 | [log] [tgz] |
---|---|---|
author | jayaprakash Mutyala <mutyalax.jayaprakash@intel.com> | Wed Apr 08 11:09:10 2020 +0000 |
committer | Jayaprakash Mutyala <mutyalax.jayaprakash@intel.com> | Wed Apr 22 04:53:54 2020 +0000 |
tree | 30f66be731e0d4da8cd85d17b0583810a9170fcc | |
parent | bd030d0a6796bf5c9e2db2ae7e2bcade5979516c [diff] |
Redfish: Support NoAccess user creation Support NoAccess privilege user creation from Redfish Tested: 1. Verified redfish validator passed 2. Create NoAccess user from Redfish POST: https://<BMC-IP>/redfish/v1/AccountService/Accounts/ Body: { "UserName": "user2", "RoleId": "NoAccess", "Password": "asdf1234" } Response: { "@Message.ExtendedInfo": [ { "@odata.type": "#Message.v1_0_0.Message", "Message": "The resource has been created successfully", "MessageArgs": [], "MessageId": "Base.1.4.0.Created", "Resolution": "None", "Severity": "OK" } ] } 3. Create NoAccess user with empty privilege POST: https://<BMC-IP>/redfish/v1/AccountService/Accounts/ Body: { "UserName": "user3", "RoleId": "", "Password": "asdf1234" } Response: { "@Message.ExtendedInfo": [ { "@odata.type": "#Message.v1_0_0.Message", "Message": "The resource has been created successfully", "MessageArgs": [], "MessageId": "Base.1.4.0.Created", "Resolution": "None", "Severity": "OK" } ] } 4. Verified Patch, by updating the "NoAccess" RoleId to "Operator" 5. Verified Patch, by updating the "" RoleId to "ReadOnly" 6. Display user list ID Name Callin Link Auth IPMI Msg Channel Priv Limit 1 root false true true ADMINISTRATOR 2 user2 false true true NO ACCESS 3 user3 false true true NO ACCESS 4 user4 false true true USER 5 user5 false true true OPERATOR Signed-off-by: jayaprakash Mutyala <mutyalax.jayaprakash@intel.com> Change-Id: Ied8bd452d1a57409bfdbe231332986d36bd07c72
This component attempts to be a "do everything" embedded webserver for openbmc.
At this time, the webserver implements a few interfaces:
BMCWeb is configured by setting -D
flags that correspond to options in bmcweb/CMakeLists.txt
and then compiling. For example, cmake -DBMCWEB_ENABLE_KVM=NO ...
followed by make
. The option names become C++ preprocessor symbols that control which code is compiled into the program.
When BMCWeb starts running, it reads persistent configuration data (such as UUID and session data) from a local file. If this is not usable, it generates a new configuration.
When BMCWeb SSL support is enabled and a usable certificate is not found, it will generate a self-sign a certificate before launching the server. The keys are generated by the secp384r1
algorithm. The certificate
C=US, O=OpenBMC, CN=testhost
,SHA-256
algorithm.