Force HostName property to be read-only per the schema The ManagerNetworkProtocol schema defines the HostName entry to be read-only. Change the doPatch code to prevent updating the hostname attribute. The DMTF redfish/v1/Managers/bmc/NetworkProtocol is a read-only location. The DMTF approved location for changing the HostName is: redfish/v1/Managers/bmc/EthernetInterfaces/<str> This change does not impact phosphor-webui, as it uses D-Bus to perform all of its work. This change does not impact webui-vue, as it is using the DMTF approved API. This commit deprecates allowing Read/Write access to the Hostname in the ManagersNetworkProtocol URI. To reduce the impact to Redfish clients that rely upon Read/Write access a Meson compile time flag has been added to allow Read/Write access to be restored. The Meson build flag, redfish-allow-deprecated-hostname-patch, can be enabled to restore Read/Write access. The Meson build flag is slated to be removed in Q4 2021 enforcing the read-only state. Tested: Explicitly PATCH'd HostName to confirm it cannot be modified. Enabled the HostName feature, and confirmed the HostName accepted a PATCH command. Ran Redfish_Service_Validator (deprecated, and re-enabled). Change-Id: If7f2148d8bbb8a7b420c4abde086272c4320977a Signed-off-by: Johnathan Mantey <johnathanx.mantey@intel.com>

commit: 2db77d34ca673f32411621b7e34b039dec948bd3 [log] [tgz]
author: Johnathan Mantey <johnathanx.mantey@intel.com> Fri Nov 20 08:51:11 2020 -0800
committer: Ed Tanous <ed@tanous.net> Tue Mar 16 20:27:33 2021 +0000
tree: 71fbb4110f9db5f73af186ffbe879dd753920d6c
parent: 75710de2c0708a40a0caf6d513dba9ace033aad7 [diff]
diff --git a/meson.build b/meson.build
index 1bb7636..66a066b 100644
--- a/meson.build
+++ b/meson.build

@@ -206,6 +206,16 @@
               },section : 'Enabled Features')
     endif
 
+    if( get_option('redfish-allow-deprecated-hostname-patch').enabled())
+     add_project_arguments([
+       '-DBMCWEB_ALLOW_DEPRECATED_HOSTNAME_PATCH'
+       ],
+      language : 'cpp')
+
+      summary({'hostname-patch' :'-DBMCWEB_ALLOW_DEPRECATED_HOSTNAME_PATCH'
+              },section : 'Enabled Features')
+    endif
+
   endif
 endif
 

diff --git a/meson_options.txt b/meson_options.txt
index 5e5f7b5..9611631 100644
--- a/meson_options.txt
+++ b/meson_options.txt

@@ -29,6 +29,7 @@
 option('mutual-tls-auth', type : 'feature', value : 'enabled', description : '''Enables authenticating users through TLS client certificates. The insecure-disable-ssl must be disabled for this option to take effect.''')
 option('ibm-management-console', type : 'feature', value : 'disabled', description : 'Enable the IBM management console specific functionality. Paths are under \'/ibm/v1/\'')
 option('http-body-limit', type: 'integer', min : 0, max : 512, value : 30, description : 'Specifies the http request body length limit')
+option('redfish-allow-deprecated-hostname-patch', type : 'feature', value : 'disabled', description : 'Enable/disable Managers/bmc/NetworkProtocol HostName PATCH commands. The default condition is to prevent HostName changes from this URI, following the Redfish schema. Enabling this switch permits the HostName to be PATCHed at this URI. In Q4 2021 this feature will be removed, and the Redfish schema enforced, making the HostName read-only.')
 
 # Insecure options. Every option that starts with a `insecure` flag should
 # not be enabled by default for any platform, unless the author fully comprehends

diff --git a/redfish-core/lib/network_protocol.hpp b/redfish-core/lib/network_protocol.hpp
index 65b90f7..c8f63d1 100644
--- a/redfish-core/lib/network_protocol.hpp
+++ b/redfish-core/lib/network_protocol.hpp

@@ -354,6 +354,7 @@
             "org.freedesktop.systemd1.Manager", "ListUnits");
     }
 
+#ifdef BMCWEB_ALLOW_DEPRECATED_HOSTNAME_PATCH
     void handleHostnamePatch(const std::string& hostName,
                              const std::shared_ptr<AsyncResp>& asyncResp)
     {
@@ -371,6 +372,7 @@
             "xyz.openbmc_project.Network.SystemConfiguration", "HostName",
             std::variant<std::string>(hostName));
     }
+#endif
 
     void handleNTPProtocolEnabled(const bool& ntpEnabled,
                                   const std::shared_ptr<AsyncResp>& asyncResp)
@@ -484,7 +486,7 @@
         std::optional<nlohmann::json> ntp;
         std::optional<nlohmann::json> ipmi;
 
-        if (!json_util::readJson(req, res, "HostName", newHostName, "NTP", ntp,
+        if (!json_util::readJson(req, res, "NTP", ntp, "HostName", newHostName,
                                  "IPMI", ipmi))
         {
             return;
@@ -493,7 +495,11 @@
         res.result(boost::beast::http::status::no_content);
         if (newHostName)
         {
+#ifdef BMCWEB_ALLOW_DEPRECATED_HOSTNAME_PATCH
             handleHostnamePatch(*newHostName, asyncResp);
+#else
+            messages::propertyNotWritable(asyncResp->res, "HostName");
+#endif
         }
 
         if (ntp)
commit	2db77d34ca673f32411621b7e34b039dec948bd3	[log] [tgz]
author	Johnathan Mantey <johnathanx.mantey@intel.com>	Fri Nov 20 08:51:11 2020 -0800
committer	Ed Tanous <ed@tanous.net>	Tue Mar 16 20:27:33 2021 +0000
tree	71fbb4110f9db5f73af186ffbe879dd753920d6c
parent	75710de2c0708a40a0caf6d513dba9ace033aad7 [diff]