meson.options

# BMCWEB_KVM
option(
    'kvm',
    type: 'feature',
    value: 'enabled',
    description: '''Enable the KVM host video WebSocket.  Path is /kvm/0.
                    Video is from the BMCs /dev/videodevice.''',
)

# BMCWEB_TESTS
option(
    'tests',
    type: 'feature',
    value: 'enabled',
    description: 'Enable Unit tests for bmcweb',
)

# BMCWEB_VM_WEBSOCKET
option(
    'vm-websocket',
    type: 'feature',
    value: 'enabled',
    description: '''Enable the Virtual Media WebSocket. Path is /vm/0/0 and /nbd/<id> to
                    open the websocket. See
                    https://github.com/openbmc/jsnbd/blob/master/README.''',
)

# BMCWEB_NBDPROXY
# if you use this option and are seeing this comment, please comment here:
# https://github.com/openbmc/bmcweb/issues/188 and put forward your intentions
# for this code.  At this point, no daemon has been upstreamed that implements
# this interface, so for the moment this appears to be dead code;  In leiu of
# removing it, it has been disabled to try to give those that use it the
# opportunity to upstream their backend implementation
#option(
#    'vm-nbdproxy',
#    type: 'feature',
#    value: 'disabled',
#    description: 'Enable the Virtual Media WebSocket.'
#)

# BMCWEB_REST
option(
    'rest',
    type: 'feature',
    value: 'disabled',
    description: '''Enable Phosphor REST (D-Bus) APIs. Paths directly map
                    Phosphor D-Bus object paths, for example,
                    /xyz/openbmc_project/logging/entry/enumerate. See
                    https://github.com/openbmc/docs/blob/master/rest-api.md.''',
)

# BMCWEB_REDFISH
option(
    'redfish',
    type: 'feature',
    value: 'enabled',
    description: '''Enable Redfish APIs.  Paths are under /redfish/v1/. See
                    https://github.com/openbmc/bmcweb/blob/master/DEVELOPING.md#redfish.''',
)

# BMCWEB_HOST_SERIAL_SOCKET
option(
    'host-serial-socket',
    type: 'feature',
    value: 'enabled',
    description: '''Enable host serial console WebSocket. Path is /console0.
                    See https://github.com/openbmc/docs/blob/master/console.md.''',
)

# BMCWEB_STATIC_HOSTING
option(
    'static-hosting',
    type: 'feature',
    value: 'enabled',
    description: '''Enable serving files from the /usr/share/www directory
                    as paths under /.''',
)

# BMCWEB_REDFISH_BMC_JOURNAL
option(
    'redfish-bmc-journal',
    type: 'feature',
    value: 'enabled',
    description: '''Enable BMC journal access through Redfish. Paths are under
                    /redfish/v1/Managers/bmc/LogServices/Journal.''',
)

# BMCWEB_REDFISH_CPU_LOG
option(
    'redfish-cpu-log',
    type: 'feature',
    value: 'disabled',
    description: '''Enable CPU log service transactions through Redfish. Paths
                    are under /redfish/v1/Systems/system/LogServices/Crashdump'.''',
)

# BMCWEB_REDFISH_DUMP_LOG
option(
    'redfish-dump-log',
    type: 'feature',
    value: 'enabled',
    description: '''Enable Dump log service transactions through Redfish. Paths
                   are under /redfish/v1/Systems/system/LogServices/Dump
                   and /redfish/v1/Managers/bmc/LogServices/Dump''',
)

# BMCWEB_REDFISH_DBUS_LOG
option(
    'redfish-dbus-log',
    type: 'feature',
    value: 'disabled',
    description: '''Enable DBUS log service transactions through Redfish. Paths
                    are under
                    /redfish/v1/Systems/system/LogServices/EventLog/Entries''',
)

# BMCWEB_EXPERIMENTAL_REDFISH_DBUS_LOG_SUBSCRIPTION
option(
    'experimental-redfish-dbus-log-subscription',
    type: 'feature',
    value: 'disabled',
    description: '''
        Allows EventService subscriptions when the redfish-dbus-log option is
        enabled.
        This option is currently non-functional, given Redfish requirements for
        MessageId support in Events.
        Option will be removed begining of Q2-2026.
        Should not be enabled on any production systems.
    ''',
)

# BMCWEB_REDFISH_HOST_LOGGER
option(
    'redfish-host-logger',
    type: 'feature',
    value: 'enabled',
    description: '''Enable host log service transactions based on
                    phosphor-hostlogger through Redfish.  Paths are under
                    /redfish/v1/Systems/system/LogServices/HostLogger''',
)

# BMCWEB_REDFISH_EVENTLOG_LOCATION
option(
    'redfish-eventlog-location',
    type: 'combo',
    choices: ['systems', 'managers'],
    value: 'systems',
    description: '''Set which Redfish resource enables event log service
                    transactions through Redfish. By default, this option
                    is set to systems. In that case paths are under
                    /redfish/v1/Systems/<redfish-system-uri-name>/LogServices/EventLog
                    Change to managers, for paths to be under
                    /redfish/v1/Managers/<redfish-manager-uri-name>/LogServices/EventLog''',
)

# BMCWEB_REDFISH_PROVISIONING_FEATURE
option(
    'redfish-provisioning-feature',
    type: 'feature',
    value: 'disabled',
    description: '''Enable provisioning feature support in redfish. Paths are
                    under /redfish/v1/Systems/system/''',
)

# BMCWEB_REDFISH_MANAGER_URI_NAME
option(
    'redfish-manager-uri-name',
    type: 'string',
    value: 'bmc',
    description: '''The static Redfish Manager ID representing the BMC
                    instance. This option will appear in the Redfish tree at
                    /redfish/v1/Managers/<redfish-manager-uri-name>.
                    Defaults to \'bmc\' which resolves to
                    /redfish/v1/Managers/bmc''',
)

# BMCWEB_REDFISH_SYSTEM_URI_NAME
option(
    'redfish-system-uri-name',
    type: 'string',
    value: 'system',
    description: '''The static Redfish System ID representing the host
                    instance. This option will appear in the Redfish tree at
                    /redfish/v1/Systems/<redfish-system-uri-name>.
                    Defaults to \'system\' which resolves to
                    /redfish/v1/Systems/system''',
)

# BMCWEB_LOGGING_LEVEL
option(
    'bmcweb-logging',
    type: 'combo',
    choices: [
        'disabled',
        'enabled',
        'debug',
        'info',
        'warning',
        'error',
        'critical',
    ],
    value: 'error',
    description: '''Enable output the extended logging level.
                    - disabled: disable bmcweb log traces.
                    - enabled: treated as 'debug'
                    - For the other logging level option, see DEVELOPING.md.''',
)

# BMCWEB_BASIC_AUTH
option(
    'basic-auth',
    type: 'feature',
    value: 'enabled',
    description: 'Enable basic authentication',
)

# BMCWEB_SESSION_AUTH
option(
    'session-auth',
    type: 'feature',
    value: 'enabled',
    description: 'Enable session authentication',
)

# BMCWEB_XTOKEN_AUTH
option(
    'xtoken-auth',
    type: 'feature',
    value: 'enabled',
    description: 'Enable xtoken authentication',
)

# BMCWEB_COOKIE_AUTH
option(
    'cookie-auth',
    type: 'feature',
    value: 'enabled',
    description: 'Enable cookie authentication',
)

# BMCWEB_MUTUAL_TLS_AUTH
option(
    'mutual-tls-auth',
    type: 'feature',
    value: 'enabled',
    description: '''Enables authenticating users through TLS client
                    certificates. The insecure-disable-ssl must be disabled for
                    this option to take effect.''',
)

# BMCWEB_MUTUAL_TLS_COMMON_NAME_PARSING_DEFAULT
option(
    'mutual-tls-common-name-parsing-default',
    type: 'combo',
    choices: ['CommonName', 'Whole', 'UserPrincipalName'],
    description: '''Default MTLS parse mode to get username from the
                    client's x509 certificate''',
)

# BMCWEB_IBM_MANAGEMENT_CONSOLE
option(
    'ibm-management-console',
    type: 'feature',
    value: 'disabled',
    description: '''Enable the IBM management console specific functionality.
                    Paths are under /ibm/v1/''',
)

# BMCWEB_GOOGLE_API
option(
    'google-api',
    type: 'feature',
    value: 'disabled',
    description: '''Enable the Google specific functionality. Paths are under
                    /google/v1/''',
)

# BMCWEB_HTTP_BODY_LIMIT
option(
    'http-body-limit',
    type: 'integer',
    min: 0,
    max: 512,
    value: 30,
    description: 'Specifies the http request body length limit',
)

# BMCWEB_HTTP_ZSTD
option(
    'http-zstd',
    type: 'feature',
    value: 'enabled',
    description: 'Allows compression/decompression using zstd',
)

# BMCWEB_REDFISH_NEW_POWERSUBSYSTEM_THERMALSUBSYSTEM
option(
    'redfish-new-powersubsystem-thermalsubsystem',
    type: 'feature',
    value: 'enabled',
    description: '''Enable/disable the new PowerSubsystem, ThermalSubsystem,
                    and all children schemas. This includes displaying all
                    sensors in the SensorCollection.''',
)

# BMCWEB_REDFISH_ALLOW_DEPRECATED_INDICATORLED
option(
    'redfish-allow-deprecated-indicatorled',
    type: 'feature',
    value: 'disabled',
    description: '''Enable/disable the deprecated IndicatorLED property. The
                    default condition is disabled. The code to enable this
                    option will be removed by March 2026.''',
)

# BMCWEB_REDFISH_USE_HARDCODED_SYSTEM_LOCATION_INDICATOR
option(
    'redfish-use-hardcoded-system-location-indicator',
    type: 'feature',
    value: 'enabled',
    description: '''Enable/disable the use of hard-coded LED group
                    enclosure_identify_blink and enclosure_identify for getting
                    and setting the LocationIndicatorActive for the Systems
                    response. The default condition will be enabled until
                    October 15, 2025.  The code to enable this option will be
                    removed by June 2026.''',
)

# BMCWEB_REDFISH_ALLOW_DEPRECATED_POWER_THERMAL
option(
    'redfish-allow-deprecated-power-thermal',
    type: 'feature',
    value: 'disabled',
    description: '''Enable/disable the old Power / Thermal. This has been
                    replaced by the new PowerSubsystem, ThermalSubsystem, and
                    the redfish-new-powersubsystem-thermalsubsystem option.
                    This option will be removed June 2026.''',
)

# BMCWEB_REDFISH_OEM_MANAGER_FAN_DATA
option(
    'redfish-oem-manager-fan-data',
    type: 'feature',
    value: 'enabled',
    description: '''Enables Redfish OEM fan data on the manager resource.
                    This includes PID and Stepwise controller data. See
                    OpenBMCManager schema for more detail.''',
)

# BMCWEB_REDFISH_UPDATESERVICE_USE_DBUS
option(
    'redfish-updateservice-use-dbus',
    type: 'feature',
    value: 'enabled',
    description: '''Enables xyz.openbmc_project.Software.Update D-Bus interface
                    to propagate UpdateService requests to the corresponding
                    updater daemons instead of moving files to /tmp/images dir.
                ''',
)

# BMCWEB_REDFISH_ALLOW_SIMPLE_UPDATE
option(
    'redfish-allow-simple-update',
    type: 'feature',
    value: 'disabled',
    description: '''Enables Redfish UpdateService SimpleUpdate Action.  Note
                    that at this time this option is non-functional.  Redfish
                    recommends using MultiPartUpdate.''',
)


option(
    'https_port',
    type: 'integer',
    min: -1,
    max: 65535,
    value: 443,
    description: '''HTTPS default port number.  Set to -1 to disable and rely
                    only on additional_ports''',
)


# Additional ports
# This series of options below allows setting up non-trivial deployments of
# bmcweb, binding specific ports, authentication profiles, and device binds to
# multiple ports.
# Setting these options incorrectly can have severe security consequences and
# should be reserved for platform experts familiar with their particular
# platforms security requirements.

option(
    'additional-ports',
    type: 'array',
    value: [],
    description: '''Additional ports to listen to.  Allows bmcweb to listen to
                    multiple ports at a given protocol''',
)

option(
    'additional-protocol',
    type: 'array',
    value: [],
    description: '''Allows specifying a specific protocol type for a given
                    additional-ports index.  Allows setting http, https, or both
                    to each socket index.  If not provided for a given
                    additional-ports index, assumes https.''',
)

option(
    'additional-bind-to-device',
    type: 'array',
    value: [],
    description: '''Allows specifying an SO_BINDTODEVICE or BindToDevice systemd
                    directive for each additional socket file.  If not provided
                    for a given additional-ports index, assumes bind to all
                    devices''',
)

option(
    'additional-auth',
    type: 'array',
    value: [],
    description: '''Allows specifying an authentication profile for each socket
                    created with additional-ports.  Allows auth or noauth, and
                    defaults to auth if not provided.  If noauth is provided,
                    authentication will not be performed for a given socket/port
                    index.''',
)
# end additional ports

# BMCWEB_DNS_RESOLVER
option(
    'dns-resolver',
    type: 'combo',
    choices: ['systemd-dbus', 'asio'],
    value: 'systemd-dbus',
    description: '''Sets which DNS resolver backend should be used.
    systemd-dbus uses the Systemd ResolveHostname on dbus, but requires dbus
    support.  asio relies on boost::asio::tcp::resolver, but cannot resolve
    names when boost threading is disabled.''',
)

# BMCWEB_REDFISH_AGGREGATION
option(
    'redfish-aggregation',
    type: 'feature',
    value: 'disabled',
    description: 'Allows this BMC to aggregate resources from satellite BMCs',
)

# BMCWEB_HYPERVISOR_COMPUTER_SYSTEM
option(
    'hypervisor-computer-system',
    type: 'feature',
    value: 'disabled',
    description: '''This puts a hypervisor computer system resource at
    /redfish/v1/Systems/hypervisor. This system resource has children
    resources such as EthernetInterfaces and ComputerSystem.Reset.''',
)

# BMCWEB_EXPERIMENTAL_REDFISH_MULTI_COMPUTER_SYSTEM
option(
    'experimental-redfish-multi-computer-system',
    type: 'feature',
    value: 'disabled',
    description: '''This is a temporary option flag for staging the
    ComputerSystemCollection transition to multi-host.  It, as well as the code
    still beneath it will be removed on 1/1/2026.  Do not enable in a
    production environment, or where API stability is required.''',
)

# BMCWEB_EXPERIMENTAL_BMCWEB_USER
option(
    'experimental-bmcweb-user',
    type: 'feature',
    value: 'disabled',
    description: '''Enable to run bmcweb as the bmcweb user.  This is
    experimental.  Expect many things to be broken if you enable this
    option, and this should not be used for production usage.  This
    option will be removed Q1 2026.''',
)

# BMCWEB_HTTP2
option(
    'http2',
    type: 'feature',
    value: 'enabled',
    description: 'Enable HTTP/2 protocol support using nghttp2.',
)

# BMCWEB_WATCHDOG_TIMEOUT
option(
    'watchdog-timeout-seconds',
    type: 'integer',
    min: 0,
    max: 600,
    value: 120,
    description: '''Specifies the systemd watchdog timeout interval in seconds.
                    Set to 0 to disable the watchdog.''',
)

# Insecure options. Every option that starts with a `insecure` flag should
# not be enabled by default for any platform, unless the author fully comprehends
# the implications of doing so.In general, enabling these options will cause security
# problems of varying degrees

# BMCWEB_INSECURE_DISABLE_CSRF
option(
    'insecure-disable-csrf',
    type: 'feature',
    value: 'disabled',
    description: '''Disable CSRF prevention checks.Should be set to false for
                    production systems.''',
)

# BMCWEB_INSECURE_DISABLE_SSL
option(
    'insecure-disable-ssl',
    type: 'feature',
    value: 'disabled',
    description: '''Disable SSL ports. Should be set to false for production
                    systems.''',
)

# BMCWEB_INSECURE_DISABLE_AUTH
option(
    'insecure-disable-auth',
    type: 'feature',
    value: 'disabled',
    description: '''Disable authentication and authoriztion on all ports.
                    Should be set to false for production systems.''',
)

# BMCWEB_INSECURE_IGNORE_CONTENT_TYPE
option(
    'insecure-ignore-content-type',
    type: 'feature',
    value: 'disabled',
    description: '''Allows parsing PUT/POST/PATCH content as JSON regardless
                    of the presence of the content-type header.  Enabling this
                    conflicts with the input parsing guidelines, but may be
                    required to support old clients that may not set the
                    Content-Type header on payloads.''',
)

# BMCWEB_INSECURE_PUSH_STYLE_NOTIFICATION
option(
    'insecure-push-style-notification',
    type: 'feature',
    value: 'disabled',
    description: 'Enable HTTP push style eventing feature',
)

# BMCWEB_INSECURE_ENABLE_REDFISH_QUERY
option(
    'insecure-enable-redfish-query',
    type: 'feature',
    value: 'disabled',
    description: '''Enables Redfish expand query parameter.  This feature is
                    experimental, and has not been tested against the full
                    limits of user-facing behavior.  It is not recommended to
                    enable on production systems at this time.  Other query
                    parameters such as only are not controlled by this option.''',
)