commit | 6c51eab135bb573c292d111170bc138b3a4b4eb0 | [log] [tgz] |
---|---|---|
author | Ed Tanous <edtanous@google.com> | Thu Jun 03 12:30:29 2021 -0700 |
committer | Ed Tanous <edtanous@google.com> | Tue Jun 08 12:27:51 2021 -0700 |
tree | 4a345e576d5680cd79304a8c58b46811aa439ec2 | |
parent | 2c37b4b0f465344aeea311efd61fd9a217ad8e3e [diff] |
Remove Node class from Account Service This is a progression of 7e860f1550c8686eec42f7a75bc5f2ef51e756ad, which correctly noted that AccountService has a number of class specific variables. This commit removes the Node class from those in line with the aformentioned patchset, and at the same time removes the need for the isAllowedWithoutConfigureSelf method, which was relying on state captured to do some complex rule checking. Fortunately, it is relatively easy to check current permissions at runtime using the Privileges::isSupersetOf check against the current users role. This significantly reduces the complexity of the code, while still giving the same result (users with only ConfigureSelf cannot see or modify other users). Ideally these two things, isAllowedWithoutConfigureSelf, and the Node moving would've been done in separate commits, but given that the former would've required moving a number of features out of the node derived class anyway, separating them would lead to essentially the same diff twice, hence why they are combined for easier review. Tested: Ran Redfish service validator. No new errors. (UUID error present that appears to be unrelated) Change-Id: Iad919dbc7ab7e8d47cc1160999ed9f43f685fa56 Signed-off-by: Ed Tanous <edtanous@google.com>
This component attempts to be a "do everything" embedded webserver for openbmc.
At this time, the webserver implements a few interfaces:
BMCWeb is configured by setting -D
flags that correspond to options in bmcweb/meson_options.txt
and then compiling. For example, meson <builddir> -Dkvm=disabled ...
followed by ninja
in build directory. The option names become C++ preprocessor symbols that control which code is compiled into the program.
meson builddir ninja -C builddir
meson builddir -Dbuildtype=minsize -Db_lto=true -Dtests=disabled ninja -C buildir
If any of the dependencies are not found on the host system during configuration, meson automatically gets them via its wrap dependencies mentioned in bmcweb/subprojects
.
meson builddir -Dwrap_mode=nofallback ninja -C builddir
meson builddir -Dbuildtype=debug ninja -C builddir
meson builddir -Db_coverage=true -Dtests=enabled ninja coverage -C builddir test
When BMCWeb starts running, it reads persistent configuration data (such as UUID and session data) from a local file. If this is not usable, it generates a new configuration.
When BMCWeb SSL support is enabled and a usable certificate is not found, it will generate a self-sign a certificate before launching the server. The keys are generated by the secp384r1
algorithm. The certificate
C=US, O=OpenBMC, CN=testhost
,SHA-256
algorithm.