Update schemas to 2023.2
To quote from The Redfish release [1]
2022.3 Redfish Schema Bundle – This .zip file contains the current
versions of all Redfish schemas. The bundle includes 40 schema updates
and developer resources.
Added Compute Express Link (CXL) support (NEW)
Extensions to Fabric, PCIeDevice, Processor, Memory, ComputerSystem,
and Chassis schemas Defined by DMTF alliance partner Compute Express
Link (CXL) Consortium
Extensions to Fabric, PCIeDevice, Processor, Memory, ComputerSystem,
and Chassis schemas New CXLLogicalDevice schema
Added MultiFactorAuth to AccountService to configure a service for
multi-factor authentication
HTTP Basic authentication is not available for accounts configured
for multi-factor authentication
For client certificate authentication, the client provides their
identity certificate during TLS handshaking
For RSA SecurID, Google Authenticator, and Microsoft Authenticator,
clients provide a new Token property in the session creation request
Added Heater and HeaterMetrics resources
[1] https://www.dmtf.org/content/redfish-release-20223-now-available
Change-Id: Iefe80866bfb83e65ab98b2cf4ee2eacce5238c5b
Signed-off-by: Ed Tanous <ed@tanous.net>
diff --git a/static/redfish/v1/JsonSchemas/AccountService/AccountService.json b/static/redfish/v1/JsonSchemas/AccountService/AccountService.json
index 68589a6..0e2d3ef 100644
--- a/static/redfish/v1/JsonSchemas/AccountService/AccountService.json
+++ b/static/redfish/v1/JsonSchemas/AccountService/AccountService.json
@@ -1,5 +1,5 @@
{
- "$id": "http://redfish.dmtf.org/schemas/v1/AccountService.v1_13_0.json",
+ "$id": "http://redfish.dmtf.org/schemas/v1/AccountService.v1_14_0.json",
"$ref": "#/definitions/AccountService",
"$schema": "http://redfish.dmtf.org/schemas/v1/redfish-schema-v1.json",
"copyright": "Copyright 2014-2023 DMTF. For the full DMTF copyright policy, see http://www.dmtf.org/about/policies/copyright",
@@ -22,11 +22,11 @@
"TACACSplus": "An external TACACS+ service."
},
"enumLongDescriptions": {
- "ActiveDirectoryService": "The external account provider shall be a Microsoft Active Directory Technical Specification-conformant service. The ServiceAddresses format shall contain a set of fully qualified domain names (FQDN) or NetBIOS names that links to the set of domain servers for the Active Directory service.",
- "LDAPService": "The external account provider shall be an RFC4511-conformant service. The ServiceAddresses format shall contain a set of fully qualified domain names (FQDN) that links to the set of LDAP servers for the service.",
- "OAuth2": "The external account provider shall be an RFC6749-conformant service. The ServiceAddresses format shall contain a set of URIs that correspond to the RFC8414-defined metadata for the OAuth 2.0 service.",
- "RedfishService": "The external account provider shall be a DMTF Redfish Specification-conformant service. The ServiceAddresses format shall contain a set of URIs that correspond to a Redfish account service.",
- "TACACSplus": "The external account provider shall be an RFC8907-conformant service. The ServiceAddresses format shall contain a set of host:port that correspond to a TACACS+ service and where the format for host and port are defined in RFC3986."
+ "ActiveDirectoryService": "The external account provider shall be a Microsoft Active Directory Technical Specification-conformant service. The ServiceAddresses property shall contain fully qualified domain names (FQDN) or NetBIOS names that link to the domain servers for the Active Directory service.",
+ "LDAPService": "The external account provider shall be an RFC4511-conformant service. The ServiceAddresses property shall contain RFC3986-defined URIs in the format `scheme://host:port`, where `scheme://` and `:port` are optional, that link to the LDAP servers for the service. If the scheme is not specified, services shall assume it is `ldaps://`. If the port is not specified, services shall assume it is `636`. For example, `ldaps://contoso.com:636` or `contoso.com`.",
+ "OAuth2": "The external account provider shall be an RFC6749-conformant service. The ServiceAddresses property shall contain RFC3986-defined URIs that correspond to the RFC8414-defined metadata for the OAuth 2.0 service. For example, `https://contoso.org/.well-known/oauth-authorization-server`.",
+ "RedfishService": "The external account provider shall be a DMTF Redfish Specification-conformant service. The ServiceAddresses property shall contain URIs to AccountService resources that correspond to Redfish services. For example, `https://192.168.1.50/redfish/v1/AccountService`.",
+ "TACACSplus": "The external account provider shall be an RFC8907-conformant service. The ServiceAddresses property shall contain RFC3986-defined URIs in the format `host:port` that correspond to the TACACS+ services."
},
"enumVersionAdded": {
"OAuth2": "v1_10_0",
@@ -36,7 +36,7 @@
},
"AccountService": {
"additionalProperties": false,
- "description": "The AccountService schema defines an account service. The properties are common to, and enable management of, all user accounts. The properties include the password requirements and control features, such as account lockout. Properties and actions in this service specify general behavior that should be followed for typical accounts, however implementations may override these behaviors for special accounts or situations to avoid denial of service or other deadlock situations.",
+ "description": "The AccountService schema defines an account service. The properties are common to, and enable management of, all user accounts. The properties include the password requirements and control features, such as account lockout. Properties and actions in this service specify general behavior that should be followed for typical accounts, however implementations might override these behaviors for special accounts or situations to avoid denial of service or other deadlock situations.",
"longDescription": "This resource shall represent an account service for a Redfish implementation. The properties are common to, and enable management of, all user accounts. The properties include the password requirements and control features, such as account lockout. Properties and actions in this service specify general behavior that should be followed for typical accounts, however implementations may override these behaviors for special accounts or situations to avoid denial of service or other deadlock situations.",
"patternProperties": {
"^([a-zA-Z_][a-zA-Z0-9_]*)?@(odata|Redfish|Message)\\.[a-zA-Z_][a-zA-Z0-9_]*$": {
@@ -211,6 +211,19 @@
"description": "The OEM extension property.",
"longDescription": "This property shall contain the OEM extensions. All values for properties that this object contains shall conform to the Redfish Specification-described requirements."
},
+ "OutboundConnections": {
+ "anyOf": [
+ {
+ "$ref": "http://redfish.dmtf.org/schemas/v1/OutboundConnectionCollection.json#/definitions/OutboundConnectionCollection"
+ },
+ {
+ "type": "null"
+ }
+ ],
+ "description": "The collection of outbound connection configurations.",
+ "longDescription": "This property shall contain a resource collection of type OutboundConnectionCollection.",
+ "versionAdded": "v1_14_0"
+ },
"PasswordExpirationDays": {
"description": "The number of days before account passwords in this account service will expire.",
"longDescription": "This property shall contain the number of days before account passwords in this account service will expire. The value shall be applied during account creation and password modification unless the PasswordExpiration property is provided. The value `null` shall indicate that account passwords never expire. This property does not apply to accounts from external account providers.",
@@ -228,6 +241,16 @@
"readonly": true,
"versionAdded": "v1_1_0"
},
+ "RequireChangePasswordAction": {
+ "description": "An indication of whether clients are required to invoke the ChangePassword action to modify account passwords.",
+ "longDescription": "This property shall indicate whether clients are required to invoke the ChangePassword action to modify the password property in ManagerAccount resources. If `true`, services shall reject PATCH and PUT requests to modify the Password property in ManagerAccount resources.",
+ "readonly": false,
+ "type": [
+ "boolean",
+ "null"
+ ],
+ "versionAdded": "v1_14_0"
+ },
"RestrictedOemPrivileges": {
"description": "The set of restricted OEM privileges.",
"items": {
@@ -779,6 +802,16 @@
"type": "array",
"versionAdded": "v1_3_0"
},
+ "EmailAttribute": {
+ "description": "The attribute name that contains the LDAP user's email address.",
+ "longDescription": "This property shall contain the attribute name that contains the LDAP user's email address. If this value is not set by the user, or the property is not present, the value shall be `mail`.",
+ "readonly": false,
+ "type": [
+ "string",
+ "null"
+ ],
+ "versionAdded": "v1_14_0"
+ },
"GroupNameAttribute": {
"description": "The attribute name that contains the LDAP group name entry.",
"longDescription": "This property shall contain the attribute name that contains the LDAP group name.",
@@ -1026,6 +1059,19 @@
"longDescription": "This property shall contain the settings related to Microsoft Authenticator multi-factor authentication.",
"versionAdded": "v1_12_0"
},
+ "OneTimePasscode": {
+ "anyOf": [
+ {
+ "$ref": "#/definitions/OneTimePasscode"
+ },
+ {
+ "type": "null"
+ }
+ ],
+ "description": "The settings related to one-time passcode (OTP) multi-factor authentication.",
+ "longDescription": "This property shall contain the settings related to one-time passcode multi-factor authentication.",
+ "versionAdded": "v1_14_0"
+ },
"SecurID": {
"anyOf": [
{
@@ -1143,6 +1189,38 @@
"properties": {},
"type": "object"
},
+ "OneTimePasscode": {
+ "additionalProperties": false,
+ "description": "Various settings for one-time passcode (OTP) multi-factor authentication.",
+ "longDescription": "This type shall contain settings for one-time passcode (OTP) multi-factor authentication.",
+ "patternProperties": {
+ "^([a-zA-Z_][a-zA-Z0-9_]*)?@(odata|Redfish|Message)\\.[a-zA-Z_][a-zA-Z0-9_]*$": {
+ "description": "This property shall specify a valid odata or Redfish property.",
+ "type": [
+ "array",
+ "boolean",
+ "integer",
+ "number",
+ "null",
+ "object",
+ "string"
+ ]
+ }
+ },
+ "properties": {
+ "Enabled": {
+ "description": "An indication of whether multi-factor authentication using a one-time passcode is enabled.",
+ "longDescription": "This property shall indicate whether multi-factor authentication using a one-time passcode is enabled. The passcode is sent to the delivery address associated with the account credentials provided in the request. If the credentials are associated with a ManagerAccount resource, the delivery address is specified by the OneTimePasscodeDeliveryAddress property. If the credentials are associated with a user from an LDAP account provider, the delivery address is contained in the LDAP attribute specified by the EmailAttribute property. An attempt to create a session when the Token property is not included in the request shall generate a message sent to the delivery address, using the SMTP settings from the Redfish event service, containing a one-time passcode. The service shall accept the one-time passcode as the valid value for the Token property in the next POST operation to create a session for the respective account.",
+ "readonly": false,
+ "type": [
+ "boolean",
+ "null"
+ ],
+ "versionAdded": "v1_14_0"
+ }
+ },
+ "type": "object"
+ },
"RoleMapping": {
"additionalProperties": false,
"description": "The mapping rules that are used to convert the external account providers account information to the local Redfish role.",
@@ -1379,6 +1457,6 @@
}
},
"owningEntity": "DMTF",
- "release": "2023.1",
- "title": "#AccountService.v1_13_0.AccountService"
+ "release": "2023.2",
+ "title": "#AccountService.v1_14_0.AccountService"
}
\ No newline at end of file