Automate PrivilegeRegistry to code
This commit attempts to automate the creation of our privileges
structures from the redfish privilege registry. It accomplishes this by
updating parse_registries.py to also pull down the privilege registry
from DMTF.
The script then generates privilege_registry.hpp, which include const
defines for all the privilege registry entries in the same format that
the Privileges struct accepts. This allows new clients to simply
reference the variable to these privilege structures, instead of having
to manually (ie error pronely) put the privileges in themselves.
This commit updates all the routes.
For the moment, override and OEM schemas are not considered. Today we
don't have any OEM-specific Redfish routes, so the existing ones inherit
their parents schema. Overrides have other issues, and are already
incorrect as Redfish defines them.
Binary size remains unchanged after this patchset.
Tested:
Ran redfish service validator
Ran test case from f9a6708c4c6490257e2eb6a8c04458f500902476 to ensure
that the new privileges constructor didn't cause us to regress the brace
construction initializer.
Checked binary size with:
gzip -c
$BBPATH/tmp/work/s7106-openbmc-linux-gnueabi/obmc-phosphor-image/1.0-r0/rootfs/usr/bin/bmcweb
| wc -c
1244048
(tested on previous patchset)
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: Ideede3d5b39d50bffe7fe78a0848bdbc22ac387f
diff --git a/redfish-core/lib/redfish_sessions.hpp b/redfish-core/lib/redfish_sessions.hpp
index bb7ad12..472151a 100644
--- a/redfish-core/lib/redfish_sessions.hpp
+++ b/redfish-core/lib/redfish_sessions.hpp
@@ -19,6 +19,7 @@
#include "persistent_data.hpp"
#include <app.hpp>
+#include <registries/privilege_registry.hpp>
namespace redfish
{
@@ -46,7 +47,7 @@
inline void requestRoutesSession(App& app)
{
BMCWEB_ROUTE(app, "/redfish/v1/SessionService/Sessions/<str>/")
- .privileges({{"Login"}})
+ .privileges(redfish::privileges::getSession)
.methods(boost::beast::http::verb::get)(
[](const crow::Request& /*req*/,
const std::shared_ptr<bmcweb::AsyncResp>& asyncResp,
@@ -66,7 +67,7 @@
});
BMCWEB_ROUTE(app, "/redfish/v1/SessionService/Sessions/<str>/")
- .privileges({{"ConfigureManager"}, {"ConfigureSelf"}})
+ .privileges(redfish::privileges::deleteSession)
.methods(boost::beast::http::verb::delete_)(
[](const crow::Request& req,
const std::shared_ptr<bmcweb::AsyncResp>& asyncResp,
@@ -105,7 +106,7 @@
});
BMCWEB_ROUTE(app, "/redfish/v1/SessionService/Sessions/")
- .privileges({{"Login"}})
+ .privileges(redfish::privileges::getSessionCollection)
.methods(boost::beast::http::verb::get)(
[](const crow::Request& /*req*/,
const std::shared_ptr<bmcweb::AsyncResp>& asyncResp) -> void {
@@ -133,6 +134,11 @@
});
BMCWEB_ROUTE(app, "/redfish/v1/SessionService/Sessions/")
+ // Note, this technically doesn't match the privilege registry given the
+ // way login mechanisms work. The base privilege registry lists this
+ // endpoint as requiring login privilege, but because this is the
+ // endpoint responsible for giving the login privilege, and it is itself
+ // its own route, it needs to not require Login
.privileges({})
.methods(boost::beast::http::verb::post)(
[](const crow::Request& req,
@@ -214,7 +220,7 @@
});
BMCWEB_ROUTE(app, "/redfish/v1/SessionService/")
- .privileges({{"Login"}})
+ .privileges(redfish::privileges::getSessionService)
.methods(boost::beast::http::verb::get)(
[](const crow::Request& /* req */,
const std::shared_ptr<bmcweb::AsyncResp>& asyncResp) -> void {
@@ -235,7 +241,7 @@
});
BMCWEB_ROUTE(app, "/redfish/v1/SessionService/")
- .privileges({{"ConfigureManager"}})
+ .privileges(redfish::privileges::patchSessionService)
.methods(boost::beast::http::verb::patch)(
[](const crow::Request& req,
const std::shared_ptr<bmcweb::AsyncResp>& asyncResp) -> void {