Implement createGroup/deleteGroup
This commit adds the implementation for CreateGroup and DeleteGroup.
These interfaces give the possibility to create OEMRole and OEMPrivilege
as proposed in the Dynamic Redfish Authz design.
[1] https://github.com/openbmc/docs/blob/master/designs/redfish-authorization.md
Since now secondary groups will change at runtime, this commit made the
|groupsMgr| non-constant. When the service starts up, it will load all
the groups in the system, and recover its |groupsMgr| in memory.
Currently, only groups with certain prefixes are allowed to change
(creation or deletion). The only use case now is Redfish previleges and
roles so the current prefixes only cover that.
Similar to user creation, this commit also added limits and checks to
make sure these interfaces are safe.
Coverage:
lines......: 84.1% (2197 of 2613 lines)
functions..: 94.3% (492 of 522 functions)
branches...: 31.1% (3506 of 11263 branches)
Signed-off-by: Nan Zhou <nanzhoumails@gmail.com>
Change-Id: I245017afda909a0bfa594ef112d7b0d40045f80d
3 files changed