Revert "Redfish: Add PATCH operation support for RemoteRoleMapping"
This reverts commit 2a21b9db6fcfe477f9ef31453df93e3f6c442a44.
Reason for revert:
Merged accidentally. Tested locally, and seems to work as designed. Needs fixed to match the comments below, then should be good to go.
Change-Id: I95c19e47a09ca5afa343fd7590bc39f750cd81e0
diff --git a/redfish-core/lib/account_service.hpp b/redfish-core/lib/account_service.hpp
index d4e1b38..6cbbdce 100644
--- a/redfish-core/lib/account_service.hpp
+++ b/redfish-core/lib/account_service.hpp
@@ -37,8 +37,6 @@
constexpr const char* ldapCreateInterface =
"xyz.openbmc_project.User.Ldap.Create";
constexpr const char* ldapEnableInterface = "xyz.openbmc_project.Object.Enable";
-constexpr const char* ldapPrivMapperInterface =
- "xyz.openbmc_project.User.PrivilegeMapper";
constexpr const char* dbusObjManagerIntf = "org.freedesktop.DBus.ObjectManager";
constexpr const char* propertyInterface = "org.freedesktop.DBus.Properties";
constexpr const char* mapperBusName = "xyz.openbmc_project.ObjectMapper";
@@ -151,243 +149,6 @@
}
/**
- * @brief deletes given RoleMapping Object.
- */
-static void deleteRoleMappingObject(const std::shared_ptr<AsyncResp>& asyncResp,
- const std::string& objPath,
- const std::string& serverType,
- unsigned int index)
-{
-
- BMCWEB_LOG_DEBUG << "deleteRoleMappingObject objPath =" << objPath;
-
- crow::connections::systemBus->async_method_call(
- [asyncResp, serverType, index](const boost::system::error_code ec) {
- if (ec)
- {
- BMCWEB_LOG_ERROR << "DBUS response error: " << ec;
- messages::internalError(asyncResp->res);
- return;
- }
- asyncResp->res.jsonValue[serverType]["RemoteRoleMapping"][index] =
- nullptr;
- },
- ldapDbusService, objPath, "xyz.openbmc_project.Object.Delete",
- "Delete");
-}
-
-/**
- * @brief sets RoleMapping Object's property with given value.
- */
-static void setRoleMappingProperty(
- const std::shared_ptr<AsyncResp>& asyncResp, const std::string& objPath,
- const std::string& redfishProperty, const std::string& dbusProperty,
- const std::string& value, const std::string& serverType, unsigned int index)
-{
- BMCWEB_LOG_DEBUG << "setRoleMappingProperty objPath: " << objPath
- << "value: " << value;
-
- // need to get the dbus privilege from the given refish role
- std::string dbusVal = value;
- if (redfishProperty == "LocalRole")
- {
- dbusVal = getPrivilegeFromRoleId(value);
- }
-
- crow::connections::systemBus->async_method_call(
- [asyncResp, serverType, index, redfishProperty,
- value](const boost::system::error_code ec) {
- if (ec)
- {
- BMCWEB_LOG_ERROR << "DBUS response error: " << ec;
- messages::internalError(asyncResp->res);
- return;
- }
- asyncResp->res.jsonValue[serverType]["RemoteRoleMapping"][index]
- [redfishProperty] = value;
- },
- ldapDbusService, objPath, "org.freedesktop.DBus.Properties", "Set",
- "xyz.openbmc_project.User.PrivilegeMapperEntry",
- std::move(dbusProperty), std::variant<std::string>(std::move(dbusVal)));
-}
-
-/**
- * @brief validates given JSON input and then calls appropriate method to
- * create, to delete or to set Rolemapping object based on the given input.
- *
- */
-static void handleRoleMapPatch(
- const std::shared_ptr<AsyncResp>& asyncResp,
- const std::vector<std::pair<std::string, LDAPRoleMapData>>& roleMapObjData,
- const std::string& serverType, const nlohmann::json& input)
-{
- if (!input.is_array())
- {
- messages::propertyValueTypeError(asyncResp->res, input.dump(),
- "RemoteRoleMapping");
- return;
- }
-
- size_t index = 0;
- for (const nlohmann::json& thisJson : input)
- {
- // Check that entry is not of some unexpected type
- if (!thisJson.is_object() && !thisJson.is_null())
- {
- messages::propertyValueTypeError(asyncResp->res, thisJson.dump(),
- "RemoteGroup or LocalRole");
- index++;
- continue;
- }
- BMCWEB_LOG_DEBUG << "JSON=" << thisJson << "\n";
- // delete the existing object
- if (thisJson.is_null())
- {
- if (input.size() <= roleMapObjData.size())
- {
- deleteRoleMappingObject(asyncResp,
- roleMapObjData.at(index).first,
- serverType, index);
- }
- else
- {
- BMCWEB_LOG_ERROR << "Can't delete the object";
- messages::propertyValueTypeError(
- asyncResp->res, thisJson.dump(), "RemoteRoleMapping");
- return;
- }
-
- index++;
- continue;
- }
-
- if (thisJson.empty())
- {
- if ((input.size() > roleMapObjData.size()) &&
- (index > roleMapObjData.size()))
- {
- BMCWEB_LOG_ERROR << "Empty object can't be inserted";
- messages::propertyValueTypeError(
- asyncResp->res, thisJson.dump(), "RemoteRoleMapping");
- return;
- }
-
- index++;
- continue;
- }
-
- const std::string* remoteGroup = nullptr;
- nlohmann::json::const_iterator remoteGroupIt =
- thisJson.find("RemoteGroup");
-
- // extract "RemoteGroup" and "LocalRole" form JSON
- if (remoteGroupIt != thisJson.end())
- {
- remoteGroup = remoteGroupIt->get_ptr<const std::string*>();
- }
-
- const std::string* localRole = nullptr;
- nlohmann::json::const_iterator localRoleIt = thisJson.find("LocalRole");
- if (localRoleIt != thisJson.end())
- {
- localRole = localRoleIt->get_ptr<const std::string*>();
- }
-
- // Update existing RoleMapping Object
- if (roleMapObjData.size() >= input.size())
- {
- BMCWEB_LOG_DEBUG << "setRoleMappingProperties: Updating Object";
- // If "RemoteGroup" info is provided
- if (remoteGroup != nullptr)
- {
- if (remoteGroup->empty())
- {
- messages::propertyValueTypeError(
- asyncResp->res, thisJson.dump(), "RemoteGroup");
- return;
- }
- // check if the given data is not equal to already existing one
- else if (roleMapObjData.at(index).second.groupName.compare(
- *remoteGroup) != 0)
- {
- setRoleMappingProperty(asyncResp,
- roleMapObjData.at(index).first,
- "RemoteGroup", "GroupName",
- *remoteGroup, serverType, index);
- }
- }
-
- // If "LocalRole" info is provided
- if (localRole != nullptr)
- {
- if (localRole->empty())
- {
- messages::propertyValueTypeError(
- asyncResp->res, thisJson.dump(), "LocalRole");
- return;
- }
- // check if the given data is not equal to already existing one
- else if (roleMapObjData.at(index).second.privilege.compare(
- *localRole) != 0)
- {
- setRoleMappingProperty(
- asyncResp, roleMapObjData.at(index).first, "LocalRole",
- "Privilege", *localRole, serverType, index);
- }
- }
- index++;
- }
- // Create a new RoleMapping Object.
- else
- {
- BMCWEB_LOG_DEBUG << "setRoleMappingProperties: Creating new Object";
- if (localRole == nullptr || remoteGroup == nullptr)
- {
- messages::propertyValueTypeError(asyncResp->res,
- thisJson.dump(),
- "RemoteGroup or LocalRole");
- return;
- }
- else if (remoteGroup->empty() || localRole->empty())
- {
- messages::propertyValueTypeError(
- asyncResp->res, thisJson.dump(), "RemoteGroup LocalRole");
- return;
- }
-
- std::string dbusObjectPath;
- if (serverType == "ActiveDirectory")
- {
- dbusObjectPath = ADConfigObject;
- }
- else if (serverType == "LDAP")
- {
- dbusObjectPath = ldapConfigObject;
- }
-
- crow::connections::systemBus->async_method_call(
- [asyncResp, serverType, index, localRole{std::move(*localRole)},
- remoteGroup{std::move(*remoteGroup)}](
- const boost::system::error_code ec) {
- if (ec)
- {
- BMCWEB_LOG_ERROR << "DBUS response error: " << ec;
- messages::internalError(asyncResp->res);
- }
- nlohmann::json& remoteRoleJson =
- asyncResp->res
- .jsonValue[serverType]["RemoteRoleMapping"][index];
- remoteRoleJson["LocalRole"] = localRole;
- remoteRoleJson["RemoteGroup"] = remoteGroup;
- },
- ldapDbusService, dbusObjectPath, ldapPrivMapperInterface,
- "Create", *remoteGroup, getPrivilegeFromRoleId(*localRole));
- index++;
- }
- }
-}
-
-/**
* Function that retrieves all properties for LDAP config object
* into JSON
*/
@@ -938,14 +699,12 @@
std::optional<std::string> groupsAttribute;
std::optional<std::string> userName;
std::optional<std::string> password;
- std::optional<nlohmann::json> remoteRoleMapData;
if (!json_util::readJson(input, asyncResp->res, "Authentication",
authentication, "LDAPService", ldapService,
"ServiceAddresses", serviceAddressList,
"AccountProviderType", accountProviderType,
- "ServiceEnabled", serviceEnabled,
- "RemoteRoleMapping", remoteRoleMapData))
+ "ServiceEnabled", serviceEnabled))
{
return;
}
@@ -986,8 +745,7 @@
// nothing to update, then return
if (!userName && !password && !serviceAddressList && !baseDNList &&
- !userNameAttribute && !groupsAttribute && !serviceEnabled &&
- !remoteRoleMapData)
+ !userNameAttribute && !groupsAttribute && !serviceEnabled)
{
return;
}
@@ -998,7 +756,7 @@
baseDNList, userNameAttribute,
groupsAttribute, accountProviderType,
serviceAddressList, serviceEnabled,
- dbusObjectPath, remoteRoleMapData](
+ dbusObjectPath](
bool success, LDAPConfigData confData,
const std::string& serverType) {
if (!success)
@@ -1065,15 +823,9 @@
handleServiceEnablePatch(confData.serviceEnabled, asyncResp,
serverType, dbusObjectPath);
}
-
- if (remoteRoleMapData)
- {
-
- handleRoleMapPatch(asyncResp, confData.groupRoleList,
- serverType, *remoteRoleMapData);
- }
});
}
+
void doGet(crow::Response& res, const crow::Request& req,
const std::vector<std::string>& params) override
{