Move to 2020.4
2020.4 contains a lot of new schemas.
New feature include: new power and thermal schemas, conditions,
and new account types.
For more information, see:
https://www.dmtf.org/sites/default/files/Redfish_Release_2020.4_Overview.pdf
Tested: Validator passes. Able to see new schemas.
Change-Id: I7fb860c84fa4cff80698dcb26a463b155e6faba7
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>
diff --git a/static/redfish/v1/JsonSchemas/AccountService/AccountService.json b/static/redfish/v1/JsonSchemas/AccountService/AccountService.json
index c5da56d..cb6c347 100644
--- a/static/redfish/v1/JsonSchemas/AccountService/AccountService.json
+++ b/static/redfish/v1/JsonSchemas/AccountService/AccountService.json
@@ -1,5 +1,5 @@
{
- "$id": "http://redfish.dmtf.org/schemas/v1/AccountService.v1_7_2.json",
+ "$id": "http://redfish.dmtf.org/schemas/v1/AccountService.v1_8_0.json",
"$ref": "#/definitions/AccountService",
"$schema": "http://redfish.dmtf.org/schemas/v1/redfish-schema-v1.json",
"copyright": "Copyright 2014-2020 DMTF. For the full DMTF copyright policy, see http://www.dmtf.org/about/policies/copyright",
@@ -9,18 +9,24 @@
"RedfishService",
"ActiveDirectoryService",
"LDAPService",
- "OEM"
+ "OEM",
+ "TACACSplus"
],
"enumDescriptions": {
"ActiveDirectoryService": "An external Active Directory service.",
"LDAPService": "A generic external LDAP service.",
"OEM": "An OEM-specific external authentication or directory service.",
- "RedfishService": "An external Redfish service."
+ "RedfishService": "An external Redfish service.",
+ "TACACSplus": "An external TACACS+ service."
},
"enumLongDescriptions": {
- "ActiveDirectoryService": "The external account provider shall be a Microsoft Active Directory Technical Specification-comformant service. The ServiceAddresses format shall contain a set of fully qualified domain names (FQDN) or NetBIOS names that links to the set of domain servers for the Active Directory service.",
+ "ActiveDirectoryService": "The external account provider shall be a Microsoft Active Directory Technical Specification-conformant service. The ServiceAddresses format shall contain a set of fully qualified domain names (FQDN) or NetBIOS names that links to the set of domain servers for the Active Directory service.",
"LDAPService": "The external account provider shall be an RFC4511-conformant service. The ServiceAddresses format shall contain a set of fully qualified domain names (FQDN) that links to the set of LDAP servers for the service.",
- "RedfishService": "The external account provider shall be a DMTF Redfish Specification-comformant service. The ServiceAddresses format shall contain a set of URIs that correspond to a Redfish account service."
+ "RedfishService": "The external account provider shall be a DMTF Redfish Specification-conformant service. The ServiceAddresses format shall contain a set of URIs that correspond to a Redfish account service.",
+ "TACACSplus": "The external account provider shall be an RFC8907-conformant service. The ServiceAddresses format shall contain a set of host:port that correspond to a TACACS+ service and where the format for host and port are defined in RFC3986."
+ },
+ "enumVersionAdded": {
+ "TACACSplus": "v1_8_0"
},
"type": "string"
},
@@ -72,7 +78,7 @@
},
"AccountLockoutDuration": {
"description": "The period of time, in seconds, that an account is locked after the number of failed login attempts reaches the account lockout threshold, within the period between the last failed login attempt and the reset of the lockout threshold counter. If this value is `0`, no lockout will occur. If the AccountLockoutCounterResetEnabled value is `false`, this property is ignored.",
- "longDescription": "This property shall contain the period of time, in seconds, that an account is locked after the number of failed login attempts reaches the AccountLockoutThreshold value, within the AccountLockoutCounterResetAfter window of time. The value shall be greater than or equal to the AccountLockoutResetAfter value. If this value is `0`, no lockout shall occur. If AccountLockoutCounterResetEnabled value is `false`, this property shall be ignored.",
+ "longDescription": "This property shall contain the period of time, in seconds, that an account is locked after the number of failed login attempts reaches the AccountLockoutThreshold value, within the AccountLockoutCounterResetAfter window of time. The value shall be greater than or equal to the AccountLockoutCounterResetAfter value. If this value is `0`, no lockout shall occur. If AccountLockoutCounterResetEnabled value is `false`, this property shall be ignored.",
"minimum": 0,
"readonly": false,
"type": [
@@ -181,6 +187,26 @@
"readonly": true,
"versionAdded": "v1_1_0"
},
+ "RestrictedOemPrivileges": {
+ "description": "The set of restricted OEM privileges.",
+ "items": {
+ "type": "string"
+ },
+ "longDescription": "This property shall contain an array of OEM privileges that are restricted by the service.",
+ "readonly": true,
+ "type": "array",
+ "versionAdded": "v1_8_0"
+ },
+ "RestrictedPrivileges": {
+ "description": "The set of restricted Redfish privileges.",
+ "items": {
+ "$ref": "http://redfish.dmtf.org/schemas/v1/Privileges.json#/definitions/PrivilegeType"
+ },
+ "longDescription": "This property shall contain an array of Redfish privileges that are restricted by the service.",
+ "readonly": true,
+ "type": "array",
+ "versionAdded": "v1_8_0"
+ },
"Roles": {
"$ref": "http://redfish.dmtf.org/schemas/v1/RoleCollection.json#/definitions/RoleCollection",
"description": "The collection of Redfish roles.",
@@ -200,6 +226,39 @@
"$ref": "http://redfish.dmtf.org/schemas/v1/Resource.json#/definitions/Status",
"description": "The status and health of the resource and its subordinate or dependent resources.",
"longDescription": "This property shall contain any status or health properties of the resource."
+ },
+ "SupportedAccountTypes": {
+ "description": "The account types supported by the service.",
+ "items": {
+ "$ref": "http://redfish.dmtf.org/schemas/v1/ManagerAccount.json#/definitions/AccountTypes"
+ },
+ "longDescription": "This property shall contain an array of the account types supported by the service.",
+ "readonly": true,
+ "type": "array",
+ "versionAdded": "v1_8_0"
+ },
+ "SupportedOEMAccountTypes": {
+ "description": "The OEM account types supported by the service.",
+ "items": {
+ "type": "string"
+ },
+ "longDescription": "This property shall contain an array of the OEM account types supported by the service.",
+ "readonly": true,
+ "type": "array",
+ "versionAdded": "v1_8_0"
+ },
+ "TACACSplus": {
+ "anyOf": [
+ {
+ "$ref": "#/definitions/ExternalAccountProvider"
+ },
+ {
+ "type": "null"
+ }
+ ],
+ "description": "The first TACACS+ external account provider that this account service supports.",
+ "longDescription": "This property shall contain the first TACACS+ external account provider that this account service supports. If the account service supports one or more TACACS+ services as an external account provider, this entity shall be populated by default. This entity shall not be present in the additional external account providers resource collection.",
+ "versionAdded": "v1_8_0"
}
},
"required": [
@@ -271,6 +330,27 @@
"readonly": false,
"versionAdded": "v1_3_0"
},
+ "EncryptionKey": {
+ "description": "Specifies the encryption key.",
+ "longDescription": "This property shall contain the value of a symmetric encryption key for account services that support some form of encryption, obfuscation, or authentication such as TACACS+. The value shall be `null` in responses. The property shall accept a hexadecimal string whose length depends on the external account service, such as TACACS+. A TACACS+ service shall use this property to specify the secret key as defined in RFC8907.",
+ "pattern": "^[0-9a-fA-F]+$",
+ "readonly": false,
+ "type": [
+ "string",
+ "null"
+ ],
+ "versionAdded": "v1_8_0"
+ },
+ "EncryptionKeySet": {
+ "description": "Indicates if the EncryptionKey property is set.",
+ "longDescription": "This property shall contain `true` if a valid value was provided for the EncryptionKey property. Otherwise, the property shall contain `false`. For a TACACS+ service, the value `false` shall indicate data obfuscation, as defined in section 4.5 of RFC8907, is disabled.",
+ "readonly": true,
+ "type": [
+ "boolean",
+ "null"
+ ],
+ "versionAdded": "v1_8_0"
+ },
"KerberosKeytab": {
"description": "The Base64-encoded version of the Kerberos keytab for this service. A PATCH or PUT operation writes the keytab. This property is `null` in responses.",
"longDescription": "This property shall contain a Base64-encoded version of the Kerberos keytab for this service. A PATCH or PUT operation writes the keytab. The value shall be `null` in responses.",
@@ -393,6 +473,17 @@
"type": "boolean",
"versionAdded": "v1_7_0"
},
+ "Priority": {
+ "description": "The authentication priority for the external account provider.",
+ "longDescription": "This property shall contain the assigned priority for the specified external account provider. The value `0` value shall indicate the highest priority. Increasing values shall represent decreasing priority. If an external provider does not have a priority assignment or two or more external providers have the same priority, the behavior shall be determined by the Redfish service. The priority is used to determine the order of authentication and authorization for each external account provider.",
+ "minimum": 0,
+ "readonly": false,
+ "type": [
+ "integer",
+ "null"
+ ],
+ "versionAdded": "v1_8_0"
+ },
"RemoteRoleMapping": {
"description": "The mapping rules to convert the external account providers account information to the local Redfish role.",
"items": {
@@ -431,6 +522,19 @@
"null"
],
"versionAdded": "v1_3_0"
+ },
+ "TACACSplusService": {
+ "anyOf": [
+ {
+ "$ref": "#/definitions/TACACSplusService"
+ },
+ {
+ "type": "null"
+ }
+ ],
+ "description": "The additional information needed to parse a TACACS+ services.",
+ "longDescription": "This property shall contain additional information needed to parse a TACACS+ services. This property should only be present inside a TACACSplus property.",
+ "versionAdded": "v1_8_0"
}
},
"type": "object"
@@ -636,9 +740,82 @@
}
},
"type": "object"
+ },
+ "TACACSplusPasswordExchangeProtocol": {
+ "enum": [
+ "ASCII",
+ "PAP",
+ "CHAP",
+ "MSCHAPv1",
+ "MSCHAPv2"
+ ],
+ "enumDescriptions": {
+ "ASCII": "The ASCII Login method.",
+ "CHAP": "The CHAP Login method.",
+ "MSCHAPv1": "The MS-CHAP v1 Login method.",
+ "MSCHAPv2": "The MS-CHAP v2 Login method.",
+ "PAP": "The PAP Login method."
+ },
+ "enumLongDescriptions": {
+ "ASCII": "This value shall indicate the ASCII Login flow as described under section 5.4.2 of RFC8907.",
+ "CHAP": "This value shall indicate the CHAP Login flow as described under section 5.4.2 of RFC8907.",
+ "MSCHAPv1": "This value shall indicate the MS-CHAP v1 Login flow as described under section 5.4.2 of RFC8907.",
+ "MSCHAPv2": "This value shall indicate the MS-CHAP v2 Login flow as described under section 5.4.2 of RFC8907.",
+ "PAP": "This value shall indicate the PAP Login flow as described under section 5.4.2 of RFC8907."
+ },
+ "type": "string"
+ },
+ "TACACSplusService": {
+ "additionalProperties": false,
+ "description": "Various settings to parse a TACACS+ service.",
+ "longDescription": "This type shall contain settings for parsing a TACACS+ service.",
+ "patternProperties": {
+ "^([a-zA-Z_][a-zA-Z0-9_]*)?@(odata|Redfish|Message)\\.[a-zA-Z_][a-zA-Z0-9_]*$": {
+ "description": "This property shall specify a valid odata or Redfish property.",
+ "type": [
+ "array",
+ "boolean",
+ "integer",
+ "number",
+ "null",
+ "object",
+ "string"
+ ]
+ }
+ },
+ "properties": {
+ "PasswordExchangeProtocols": {
+ "description": "Indicates the allowed TACACS+ password exchange protocols.",
+ "items": {
+ "anyOf": [
+ {
+ "$ref": "#/definitions/TACACSplusPasswordExchangeProtocol"
+ },
+ {
+ "type": "null"
+ }
+ ]
+ },
+ "longDescription": "This property shall indicate all the allowed TACACS+ password exchange protocol described under section 5.4.2 of RFC8907.",
+ "readonly": false,
+ "type": "array",
+ "versionAdded": "v1_8_0"
+ },
+ "PrivilegeLevelArgument": {
+ "description": "Indicates the name of the TACACS+ argument name in an authorization request.",
+ "longDescription": "This property shall specify the name of the argument in a TACACS+ Authorization REPLY packet body, as defined in RFC8907, that contains the user's privilege level.",
+ "readonly": false,
+ "type": [
+ "string",
+ "null"
+ ],
+ "versionAdded": "v1_8_0"
+ }
+ },
+ "type": "object"
}
},
"owningEntity": "DMTF",
- "release": "2019.4",
- "title": "#AccountService.v1_7_2.AccountService"
+ "release": "2020.4",
+ "title": "#AccountService.v1_8_0.AccountService"
}
\ No newline at end of file