Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / phosphor-dbus-interfaces / 1a891d32437863796137a239bebbf2be2884ebf1^! / .
commit1a891d32437863796137a239bebbf2be2884ebf1[log] [tgz]
authorNan Zhou <nanzhoumails@gmail.com>Mon Oct 24 23:51:41 2022 +0000
committerNan Zhou <nanzhoumails@gmail.com>Tue Nov 15 20:28:32 2022 +0000
tree4d05d5c6da3b76e25c6997ad0c2ea951df93bb31
parent219368bedb6a8607a50ec9ad9129478e45cdd68f [diff]
User: add interfaces and errors for groups

As proposed in the following design,
[1] https://github.com/openbmc/docs/blob/master/designs/redfish-authorization.md

The UserManager interface needs to expose new interfaces to add/delete
secondary groups, which are then used to model Redfish roles and
privileges.

An implementation is in the follow code review,
[1] https://gerrit.openbmc.org/c/openbmc/phosphor-user-manager/+/58143.

Signed-off-by: Nan Zhou <nanzhoumails@gmail.com>
Change-Id: I252e56dc03e694e3aedf3ae6fdda64edc947fc06

diff --git a/yaml/xyz/openbmc_project/User/Common.errors.yaml b/yaml/xyz/openbmc_project/User/Common.errors.yaml
index ed93ca1..f0d7593 100644
--- a/yaml/xyz/openbmc_project/User/Common.errors.yaml
+++ b/yaml/xyz/openbmc_project/User/Common.errors.yaml

@@ -16,3 +16,9 @@
 # xyz.openbmc_project.User.Common.Error.PrivilegeMappingExists
 - name: PrivilegeMappingExists
   description: Specified privilege mapping already exists.
+# xyz.openbmc_project.User.Common.Error.GroupNameExists
+- name: GroupNameExists
+  description: Specified group name already exists.
+# xyz.openbmc_project.User.Common.Error.GroupNameDoesNotExist
+- name: GroupNameDoesNotExist
+  description: Specified group name does not exist.

diff --git a/yaml/xyz/openbmc_project/User/Common.metadata.yaml b/yaml/xyz/openbmc_project/User/Common.metadata.yaml
index 1d7a58f..5e20ac1 100644
--- a/yaml/xyz/openbmc_project/User/Common.metadata.yaml
+++ b/yaml/xyz/openbmc_project/User/Common.metadata.yaml

@@ -17,3 +17,7 @@
   meta:
       - str: "REASON=%s"
         type: string
+- name: GroupNameExists
+  level: ERR
+- name: GroupNameDoesNotExist
+  level: ERR

diff --git a/yaml/xyz/openbmc_project/User/Manager.interface.yaml b/yaml/xyz/openbmc_project/User/Manager.interface.yaml
index 532f7af..14774c0 100644
--- a/yaml/xyz/openbmc_project/User/Manager.interface.yaml
+++ b/yaml/xyz/openbmc_project/User/Manager.interface.yaml

@@ -100,6 +100,34 @@
           - xyz.openbmc_project.Common.Error.InvalidArgument
           - xyz.openbmc_project.User.Common.Error.UserNameDoesNotExist
 
+    - name: CreateGroup
+      description: >
+          Creates a new groups. If the group already exists, or the
+          group name is not allowed to be created, it throws an error.
+      parameters:
+          - name: GroupName
+            type: string
+            description: >
+                The group to be added to the system.
+      errors:
+          - xyz.openbmc_project.Common.Error.InternalFailure
+          - xyz.openbmc_project.Common.Error.InvalidArgument
+          - xyz.openbmc_project.User.Common.Error.GroupNameExists
+
+    - name: DeleteGroup
+      description: >
+          Deletes an existing groups. If the group doesn't exists, or the
+          group name is not allowed to be deleted, it throws an error.
+      parameters:
+          - name: GroupName
+            type: string
+            description: >
+                The group to be deleted from the system.
+      errors:
+          - xyz.openbmc_project.Common.Error.InternalFailure
+          - xyz.openbmc_project.Common.Error.InvalidArgument
+          - xyz.openbmc_project.User.Common.Error.GroupNameDoesNotExist
+
 properties:
     - name: AllPrivileges
       type: array[string]