User: add interfaces and errors for groups
As proposed in the following design,
[1] https://github.com/openbmc/docs/blob/master/designs/redfish-authorization.md
The UserManager interface needs to expose new interfaces to add/delete
secondary groups, which are then used to model Redfish roles and
privileges.
An implementation is in the follow code review,
[1] https://gerrit.openbmc.org/c/openbmc/phosphor-user-manager/+/58143.
Signed-off-by: Nan Zhou <nanzhoumails@gmail.com>
Change-Id: I252e56dc03e694e3aedf3ae6fdda64edc947fc06
diff --git a/yaml/xyz/openbmc_project/User/Common.errors.yaml b/yaml/xyz/openbmc_project/User/Common.errors.yaml
index ed93ca1..f0d7593 100644
--- a/yaml/xyz/openbmc_project/User/Common.errors.yaml
+++ b/yaml/xyz/openbmc_project/User/Common.errors.yaml
@@ -16,3 +16,9 @@
# xyz.openbmc_project.User.Common.Error.PrivilegeMappingExists
- name: PrivilegeMappingExists
description: Specified privilege mapping already exists.
+# xyz.openbmc_project.User.Common.Error.GroupNameExists
+- name: GroupNameExists
+ description: Specified group name already exists.
+# xyz.openbmc_project.User.Common.Error.GroupNameDoesNotExist
+- name: GroupNameDoesNotExist
+ description: Specified group name does not exist.
diff --git a/yaml/xyz/openbmc_project/User/Common.metadata.yaml b/yaml/xyz/openbmc_project/User/Common.metadata.yaml
index 1d7a58f..5e20ac1 100644
--- a/yaml/xyz/openbmc_project/User/Common.metadata.yaml
+++ b/yaml/xyz/openbmc_project/User/Common.metadata.yaml
@@ -17,3 +17,7 @@
meta:
- str: "REASON=%s"
type: string
+- name: GroupNameExists
+ level: ERR
+- name: GroupNameDoesNotExist
+ level: ERR
diff --git a/yaml/xyz/openbmc_project/User/Manager.interface.yaml b/yaml/xyz/openbmc_project/User/Manager.interface.yaml
index 532f7af..14774c0 100644
--- a/yaml/xyz/openbmc_project/User/Manager.interface.yaml
+++ b/yaml/xyz/openbmc_project/User/Manager.interface.yaml
@@ -100,6 +100,34 @@
- xyz.openbmc_project.Common.Error.InvalidArgument
- xyz.openbmc_project.User.Common.Error.UserNameDoesNotExist
+ - name: CreateGroup
+ description: >
+ Creates a new groups. If the group already exists, or the
+ group name is not allowed to be created, it throws an error.
+ parameters:
+ - name: GroupName
+ type: string
+ description: >
+ The group to be added to the system.
+ errors:
+ - xyz.openbmc_project.Common.Error.InternalFailure
+ - xyz.openbmc_project.Common.Error.InvalidArgument
+ - xyz.openbmc_project.User.Common.Error.GroupNameExists
+
+ - name: DeleteGroup
+ description: >
+ Deletes an existing groups. If the group doesn't exists, or the
+ group name is not allowed to be deleted, it throws an error.
+ parameters:
+ - name: GroupName
+ type: string
+ description: >
+ The group to be deleted from the system.
+ errors:
+ - xyz.openbmc_project.Common.Error.InternalFailure
+ - xyz.openbmc_project.Common.Error.InvalidArgument
+ - xyz.openbmc_project.User.Common.Error.GroupNameDoesNotExist
+
properties:
- name: AllPrivileges
type: array[string]