Update schema pack to 2022.3
Update scripts/update_schemas.py to point at 2022.3 and run.
Schema pack 2022.3 is the latest Redfish release, released 01/23/2023.
It contains several new schemas and support for Multi-factor
Authentication and CXL support along other things.
Update done by automation.
Tested: Redfish service validator passes.
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: I55a64d7cda26572e7b75135acc324cb44d316fe6
diff --git a/static/redfish/v1/JsonSchemas/AccountService/AccountService.json b/static/redfish/v1/JsonSchemas/AccountService/AccountService.json
index 180e008..b66c1bc 100644
--- a/static/redfish/v1/JsonSchemas/AccountService/AccountService.json
+++ b/static/redfish/v1/JsonSchemas/AccountService/AccountService.json
@@ -1,5 +1,5 @@
{
- "$id": "http://redfish.dmtf.org/schemas/v1/AccountService.v1_11_1.json",
+ "$id": "http://redfish.dmtf.org/schemas/v1/AccountService.v1_12_0.json",
"$ref": "#/definitions/AccountService",
"$schema": "http://redfish.dmtf.org/schemas/v1/redfish-schema-v1.json",
"copyright": "Copyright 2014-2022 DMTF. For the full DMTF copyright policy, see http://www.dmtf.org/about/policies/copyright",
@@ -175,6 +175,19 @@
"readonly": false,
"type": "integer"
},
+ "MultiFactorAuth": {
+ "anyOf": [
+ {
+ "$ref": "#/definitions/MultiFactorAuth"
+ },
+ {
+ "type": "null"
+ }
+ ],
+ "description": "The multi-factor authentication settings that this account service supports.",
+ "longDescription": "This property shall contain the multi-factor authentication settings that this account service supports.",
+ "versionAdded": "v1_12_0"
+ },
"Name": {
"$ref": "http://redfish.dmtf.org/schemas/v1/Resource.json#/definitions/Name",
"readonly": true
@@ -366,7 +379,8 @@
"string",
"null"
],
- "versionAdded": "v1_8_0"
+ "versionAdded": "v1_8_0",
+ "writeOnly ": true
},
"EncryptionKeySet": {
"description": "Indicates if the EncryptionKey property is set.",
@@ -386,7 +400,8 @@
"string",
"null"
],
- "versionAdded": "v1_3_0"
+ "versionAdded": "v1_3_0",
+ "writeOnly ": true
},
"Oem": {
"$ref": "http://redfish.dmtf.org/schemas/v1/Resource.json#/definitions/Oem",
@@ -402,7 +417,8 @@
"string",
"null"
],
- "versionAdded": "v1_3_0"
+ "versionAdded": "v1_3_0",
+ "writeOnly ": true
},
"Token": {
"description": "The token for this service. A PATCH or PUT operation writes the token. This property is `null` in responses.",
@@ -412,7 +428,8 @@
"string",
"null"
],
- "versionAdded": "v1_3_0"
+ "versionAdded": "v1_3_0",
+ "writeOnly ": true
},
"Username": {
"description": "The user name for the service.",
@@ -439,6 +456,87 @@
},
"type": "string"
},
+ "CertificateMappingAttribute": {
+ "enum": [
+ "Whole",
+ "CommonName",
+ "UserPrincipalName"
+ ],
+ "enumDescriptions": {
+ "CommonName": "Match the Common Name (CN) field in the provided certificate to the username.",
+ "UserPrincipalName": "Match the User Principal Name (UPN) field in the provided certificate to the username.",
+ "Whole": "Match the whole certificate."
+ },
+ "enumLongDescriptions": {
+ "CommonName": "This value shall indicate the service matches the RFC5280-defined 'commonName' attribute in the provided certificate to the UserName property in a ManagerAccount resource or the appropriate field from an external account provider.",
+ "UserPrincipalName": "This value shall indicate the service matches the User Principal Name (UPN) field in the provided certificate to the UserName property in a ManagerAccount resource or the appropriate field from an external account provider.",
+ "Whole": "This value shall indicate the service matches the entire certificate with a Certificate resource subordinate to a ManagerAccount resource or the entire certificate matches the appropriate field from an external account provider."
+ },
+ "type": "string"
+ },
+ "ClientCertificate": {
+ "additionalProperties": false,
+ "description": "Various settings for client certificate authentication such as mTLS or CAC/PIV.",
+ "longDescription": "This type shall contain settings for client certificate authentication.",
+ "patternProperties": {
+ "^([a-zA-Z_][a-zA-Z0-9_]*)?@(odata|Redfish|Message)\\.[a-zA-Z_][a-zA-Z0-9_]*$": {
+ "description": "This property shall specify a valid odata or Redfish property.",
+ "type": [
+ "array",
+ "boolean",
+ "integer",
+ "number",
+ "null",
+ "object",
+ "string"
+ ]
+ }
+ },
+ "properties": {
+ "CertificateMappingAttribute": {
+ "anyOf": [
+ {
+ "$ref": "#/definitions/CertificateMappingAttribute"
+ },
+ {
+ "type": "null"
+ }
+ ],
+ "description": "The client certificate attribute to map to a user.",
+ "longDescription": "This property shall contain the client certificate attribute to map to a user.",
+ "readonly": false,
+ "versionAdded": "v1_12_0"
+ },
+ "Certificates": {
+ "$ref": "http://redfish.dmtf.org/schemas/v1/CertificateCollection.json#/definitions/CertificateCollection",
+ "description": "The link to a collection of CA certificates used to validate client certificates.",
+ "longDescription": "This property shall contain a link to a resource collection of type CertificateCollection that represents the CA certificates used to validate client certificates during TLS handshaking. Regardless of the contents of this collection, services may perform additional verification based on other factors, such as the configuration of the SecurityPolicy resource. If the service supports the RevokedCertificates or TrustedCertificates properties within the Client property within TLS property of the SecurityPolicy resource, the service shall verify the provided client certificate with the SecurityPolicy resource prior to verifying it with this collection.",
+ "readonly": true,
+ "versionAdded": "v1_12_0"
+ },
+ "Enabled": {
+ "description": "An indication of whether client certificate authentication is enabled.",
+ "longDescription": "This property shall indicate whether client certificate authentication is enabled.",
+ "readonly": false,
+ "type": [
+ "boolean",
+ "null"
+ ],
+ "versionAdded": "v1_12_0"
+ },
+ "RespondToUnauthenticatedClients": {
+ "description": "An indication of whether the service responds to clients that do not successfully authenticate.",
+ "longDescription": "This property shall indicate whether the service responds to clients that do not successfully authenticate. If this property is not supported by the service, it shall be assumed to be `true`. See the 'Client certificate authentication' clause in the Redfish Specification.",
+ "readonly": false,
+ "type": [
+ "boolean",
+ "null"
+ ],
+ "versionAdded": "v1_12_0"
+ }
+ },
+ "type": "object"
+ },
"ExternalAccountProvider": {
"additionalProperties": false,
"description": "The external account provider services that can provide accounts for this manager to use for authentication.",
@@ -579,6 +677,55 @@
},
"type": "object"
},
+ "GoogleAuthenticator": {
+ "additionalProperties": false,
+ "description": "Various settings for Google Authenticator multi-factor authentication.",
+ "longDescription": "This type shall contain settings for Google Authenticator multi-factor authentication.",
+ "patternProperties": {
+ "^([a-zA-Z_][a-zA-Z0-9_]*)?@(odata|Redfish|Message)\\.[a-zA-Z_][a-zA-Z0-9_]*$": {
+ "description": "This property shall specify a valid odata or Redfish property.",
+ "type": [
+ "array",
+ "boolean",
+ "integer",
+ "number",
+ "null",
+ "object",
+ "string"
+ ]
+ }
+ },
+ "properties": {
+ "Enabled": {
+ "description": "An indication of whether multi-factor authentication with Google Authenticator is enabled.",
+ "longDescription": "This property shall indicate whether multi-factor authentication with Google Authenticator is enabled.",
+ "readonly": false,
+ "type": [
+ "boolean",
+ "null"
+ ],
+ "versionAdded": "v1_12_0"
+ },
+ "SecretKey": {
+ "description": "The secret key to use when communicating with the Google Authenticator server. This property is `null` in responses.",
+ "longDescription": "This property shall contain the client key to use when communication with the Google Authenticator Server. The value shall be `null` in responses.",
+ "readonly": false,
+ "type": [
+ "string",
+ "null"
+ ],
+ "versionAdded": "v1_12_0"
+ },
+ "SecretKeySet": {
+ "description": "Indicates if the SecretKey property is set.",
+ "longDescription": "This property shall contain `true` if a valid value was provided for the SecretKey property. Otherwise, the property shall contain `false`.",
+ "readonly": true,
+ "type": "boolean",
+ "versionAdded": "v1_12_0"
+ }
+ },
+ "type": "object"
+ },
"LDAPSearchSettings": {
"additionalProperties": false,
"description": "The settings to search a generic LDAP service.",
@@ -712,6 +859,168 @@
},
"type": "string"
},
+ "MFABypass": {
+ "additionalProperties": false,
+ "description": "Multi-factor authentication bypass settings.",
+ "longDescription": "This type shall contain multi-factor authentication bypass settings.",
+ "patternProperties": {
+ "^([a-zA-Z_][a-zA-Z0-9_]*)?@(odata|Redfish|Message)\\.[a-zA-Z_][a-zA-Z0-9_]*$": {
+ "description": "This property shall specify a valid odata or Redfish property.",
+ "type": [
+ "array",
+ "boolean",
+ "integer",
+ "number",
+ "null",
+ "object",
+ "string"
+ ]
+ }
+ },
+ "properties": {
+ "BypassTypes": {
+ "description": "The types of multi-factor authentication this account or role mapping is allowed to bypass.",
+ "items": {
+ "anyOf": [
+ {
+ "$ref": "http://redfish.dmtf.org/schemas/v1/AccountService.json#/definitions/MFABypassType"
+ },
+ {
+ "type": "null"
+ }
+ ]
+ },
+ "longDescription": "This property shall contain the types of multi-factor authentication this account or role mapping is allowed to bypass. An empty array shall indicate this account or role mapping cannot bypass any multi-factor authentication types that are currently enabled.",
+ "readonly": false,
+ "type": "array",
+ "versionAdded": "v1_12_0"
+ }
+ },
+ "type": "object"
+ },
+ "MicrosoftAuthenticator": {
+ "additionalProperties": false,
+ "description": "Various settings for Microsoft Authenticator multi-factor authentication.",
+ "longDescription": "This type shall contain settings for Microsoft Authenticator multi-factor authentication.",
+ "patternProperties": {
+ "^([a-zA-Z_][a-zA-Z0-9_]*)?@(odata|Redfish|Message)\\.[a-zA-Z_][a-zA-Z0-9_]*$": {
+ "description": "This property shall specify a valid odata or Redfish property.",
+ "type": [
+ "array",
+ "boolean",
+ "integer",
+ "number",
+ "null",
+ "object",
+ "string"
+ ]
+ }
+ },
+ "properties": {
+ "Enabled": {
+ "description": "An indication of whether multi-factor authentication with Microsoft Authenticator is enabled.",
+ "longDescription": "This property shall indicate whether multi-factor authentication with Microsoft Authenticator is enabled.",
+ "readonly": false,
+ "type": [
+ "boolean",
+ "null"
+ ],
+ "versionAdded": "v1_12_0"
+ },
+ "SecretKey": {
+ "description": "The secret key to use when communicating with the Microsoft Authenticator server. This property is `null` in responses.",
+ "longDescription": "This property shall contain the client key to use when communication with the Microsoft Authenticator server. The value shall be `null` in responses.",
+ "readonly": false,
+ "type": [
+ "string",
+ "null"
+ ],
+ "versionAdded": "v1_12_0"
+ },
+ "SecretKeySet": {
+ "description": "Indicates if the SecretKey property is set.",
+ "longDescription": "This property shall contain `true` if a valid value was provided for the SecretKey property. Otherwise, the property shall contain `false`.",
+ "readonly": true,
+ "type": "boolean",
+ "versionAdded": "v1_12_0"
+ }
+ },
+ "type": "object"
+ },
+ "MultiFactorAuth": {
+ "additionalProperties": false,
+ "description": "Multi-factor authentication settings.",
+ "longDescription": "This type shall contain multi-factor authentication settings.",
+ "patternProperties": {
+ "^([a-zA-Z_][a-zA-Z0-9_]*)?@(odata|Redfish|Message)\\.[a-zA-Z_][a-zA-Z0-9_]*$": {
+ "description": "This property shall specify a valid odata or Redfish property.",
+ "type": [
+ "array",
+ "boolean",
+ "integer",
+ "number",
+ "null",
+ "object",
+ "string"
+ ]
+ }
+ },
+ "properties": {
+ "ClientCertificate": {
+ "anyOf": [
+ {
+ "$ref": "#/definitions/ClientCertificate"
+ },
+ {
+ "type": "null"
+ }
+ ],
+ "description": "The settings related to client certificate authentication schemes such as mTLS or CAC/PIV.",
+ "longDescription": "This property shall contain the settings related to client certificate authentication.",
+ "versionAdded": "v1_12_0"
+ },
+ "GoogleAuthenticator": {
+ "anyOf": [
+ {
+ "$ref": "#/definitions/GoogleAuthenticator"
+ },
+ {
+ "type": "null"
+ }
+ ],
+ "description": "The settings related to Google Authenticator multi-factor authentication.",
+ "longDescription": "This property shall contain the settings related to Google Authenticator multi-factor authentication.",
+ "versionAdded": "v1_12_0"
+ },
+ "MicrosoftAuthenticator": {
+ "anyOf": [
+ {
+ "$ref": "#/definitions/MicrosoftAuthenticator"
+ },
+ {
+ "type": "null"
+ }
+ ],
+ "description": "The settings related to Microsoft Authenticator multi-factor authentication.",
+ "longDescription": "This property shall contain the settings related to Microsoft Authenticator multi-factor authentication.",
+ "versionAdded": "v1_12_0"
+ },
+ "SecurID": {
+ "anyOf": [
+ {
+ "$ref": "#/definitions/SecurID"
+ },
+ {
+ "type": "null"
+ }
+ ],
+ "description": "The settings related to RSA SecurID multi-factor authentication.",
+ "longDescription": "This property shall contain the settings related to RSA SecurID multi-factor authentication.",
+ "versionAdded": "v1_12_0"
+ }
+ },
+ "type": "object"
+ },
"OAuth2Mode": {
"enum": [
"Discovery",
@@ -775,7 +1084,7 @@
},
"OAuthServiceSigningKeys": {
"description": "The Base64-encoded signing keys of the issuer of the OAuth 2.0 service. Clients should configure this property if Mode contains `Offline`.",
- "longDescription": "This property shall contain a Base64-encoded string of the RFC7517-defined signing keys of the issuer of the OAuth 2.0 service. If the Mode property contains the value `Discovery`, this property shall contain the keys found at the URI specified by the `jwks_uri` string from the OAuth 2.0 service's metadata and this property shall be read-only. Clients should configure this property if Mode contains `Offline`.",
+ "longDescription": "This property shall contain a Base64-encoded string of the RFC7517-defined signing keys of the issuer of the OAuth 2.0 service. Services shall verify the token provided in the `Authorization` header of the request with the value of this property. If the Mode property contains the value `Discovery`, this property shall contain the keys found at the URI specified by the `jwks_uri` string from the OAuth 2.0 service's metadata and this property shall be read-only. Clients should configure this property if Mode contains `Offline`.",
"readonly": false,
"type": [
"string",
@@ -836,6 +1145,19 @@
],
"versionAdded": "v1_3_0"
},
+ "MFABypass": {
+ "anyOf": [
+ {
+ "$ref": "http://redfish.dmtf.org/schemas/v1/AccountService.json#/definitions/MFABypass"
+ },
+ {
+ "type": "null"
+ }
+ ],
+ "description": "The multi-factor authentication bypass settings.",
+ "longDescription": "This property shall contain the multi-factor authentication bypass settings.",
+ "versionAdded": "v1_12_0"
+ },
"Oem": {
"$ref": "http://redfish.dmtf.org/schemas/v1/Resource.json#/definitions/Oem",
"description": "The OEM extension property.",
@@ -865,6 +1187,83 @@
},
"type": "object"
},
+ "SecurID": {
+ "additionalProperties": false,
+ "description": "Various settings for RSA SecurID multi-factor authentication.",
+ "longDescription": "This type shall contain settings for RSA SecurID multi-factor authentication.",
+ "patternProperties": {
+ "^([a-zA-Z_][a-zA-Z0-9_]*)?@(odata|Redfish|Message)\\.[a-zA-Z_][a-zA-Z0-9_]*$": {
+ "description": "This property shall specify a valid odata or Redfish property.",
+ "type": [
+ "array",
+ "boolean",
+ "integer",
+ "number",
+ "null",
+ "object",
+ "string"
+ ]
+ }
+ },
+ "properties": {
+ "Certificates": {
+ "$ref": "http://redfish.dmtf.org/schemas/v1/CertificateCollection.json#/definitions/CertificateCollection",
+ "description": "The link to a collection of server certificates for the RSA SecurID server referenced by the ServerURI property.",
+ "longDescription": "This property shall contain a link to a resource collection of type CertificateCollection that represent the server certificates for the RSA SecurID server referenced by the ServerURI property. Regardless of the contents of this collection, services may perform additional verification based on other factors, such as the configuration of the SecurityPolicy resource.",
+ "readonly": true,
+ "versionAdded": "v1_12_0"
+ },
+ "ClientId": {
+ "description": "The client ID to use when communicating with the RSA SecurID server.",
+ "longDescription": "This property shall contain the client ID to use when communication with the RSA SecurID server.",
+ "readonly": false,
+ "type": [
+ "string",
+ "null"
+ ],
+ "versionAdded": "v1_12_0"
+ },
+ "ClientSecret": {
+ "description": "The client secret to use when communicating with the RSA SecurID server. This property is `null` in responses.",
+ "longDescription": "This property shall contain the client secret to use when communication with the RSA SecurID server. The value shall be `null` in responses.",
+ "readonly": false,
+ "type": [
+ "string",
+ "null"
+ ],
+ "versionAdded": "v1_12_0"
+ },
+ "ClientSecretSet": {
+ "description": "Indicates if the ClientSecret property is set.",
+ "longDescription": "This property shall contain `true` if a valid value was provided for the ClientSecret property. Otherwise, the property shall contain `false`.",
+ "readonly": true,
+ "type": "boolean",
+ "versionAdded": "v1_12_0"
+ },
+ "Enabled": {
+ "description": "An indication of whether multi-factor authentication with RSA SecurID is enabled.",
+ "longDescription": "This property shall indicate whether multi-factor authentication with RSA SecurID is enabled.",
+ "readonly": false,
+ "type": [
+ "boolean",
+ "null"
+ ],
+ "versionAdded": "v1_12_0"
+ },
+ "ServerURI": {
+ "description": "The URI of the RSA SecurID server.",
+ "format": "uri-reference",
+ "longDescription": "This property shall contain the URI of the RSA SecurID server.",
+ "readonly": false,
+ "type": [
+ "string",
+ "null"
+ ],
+ "versionAdded": "v1_12_0"
+ }
+ },
+ "type": "object"
+ },
"TACACSplusPasswordExchangeProtocol": {
"enum": [
"ASCII",
@@ -940,6 +1339,6 @@
}
},
"owningEntity": "DMTF",
- "release": "2022.1",
- "title": "#AccountService.v1_11_1.AccountService"
+ "release": "2022.3",
+ "title": "#AccountService.v1_12_0.AccountService"
}
\ No newline at end of file