Add support for custom role names
While IPMI has well defined roles and redfish has some well-defined starter roles, permit management of users for custom roles. Change-Id: Id6ff87a8ccbb12491adc37b460765d4eadf2c92d
This commit is contained in:
Jarrod Johnson
parent
2a525bb1e6
commit
fc9d92da73
@ -1698,6 +1698,7 @@ class Command(object):
|
|||||||
* administrator
|
* administrator
|
||||||
* proprietary
|
* proprietary
|
||||||
* no_access
|
* no_access
|
||||||
|
* custom.<name>
|
||||||
"""
|
"""
|
||||||
self.oem_init()
|
self.oem_init()
|
||||||
if hasattr(self._oem, 'oem_user_access'):
|
if hasattr(self._oem, 'oem_user_access'):
|
||||||
@ -1726,6 +1727,8 @@ class Command(object):
|
|||||||
self.oem_init()
|
self.oem_init()
|
||||||
self._oem.set_user_access(
|
self._oem.set_user_access(
|
||||||
uid, channel, callback, link_auth, ipmi_msg, privilege_level)
|
uid, channel, callback, link_auth, ipmi_msg, privilege_level)
|
||||||
|
if privilege_level.startswith('custom.'):
|
||||||
|
return True # unable to proceed with standard support
|
||||||
data = [b, uid & 0b00111111,
|
data = [b, uid & 0b00111111,
|
||||||
privilege_levels[privilege_level] & 0b00001111, 0]
|
privilege_levels[privilege_level] & 0b00001111, 0]
|
||||||
response = self.raw_command(netfn=0x06, command=0x43, data=data)
|
response = self.raw_command(netfn=0x06, command=0x43, data=data)
|
||||||
@ -1772,6 +1775,11 @@ class Command(object):
|
|||||||
r['access']['callback'] = (data[3] & 0b01000000) != 0
|
r['access']['callback'] = (data[3] & 0b01000000) != 0
|
||||||
r['access']['link_auth'] = (data[3] & 0b00100000) != 0
|
r['access']['link_auth'] = (data[3] & 0b00100000) != 0
|
||||||
r['access']['ipmi_msg'] = (data[3] & 0b00010000) != 0
|
r['access']['ipmi_msg'] = (data[3] & 0b00010000) != 0
|
||||||
|
self.oem_init()
|
||||||
|
oempriv = self._oem.get_user_privilege_level(uid)
|
||||||
|
if oempriv:
|
||||||
|
r['access']['privilege_level'] = oempriv
|
||||||
|
else:
|
||||||
privilege_levels = {
|
privilege_levels = {
|
||||||
0: 'reserved',
|
0: 'reserved',
|
||||||
1: 'callback',
|
1: 'callback',
|
||||||
|
|||||||
@ -329,6 +329,8 @@ class OEMHandler(object):
|
|||||||
|
|
||||||
def set_user_access(self, uid, channel, callback, link_auth, ipmi_msg,
|
def set_user_access(self, uid, channel, callback, link_auth, ipmi_msg,
|
||||||
privilege_level):
|
privilege_level):
|
||||||
|
if privilege_level.startswith('custom.'):
|
||||||
|
raise exc.UnsupportedFunctionality()
|
||||||
return # Nothing to do
|
return # Nothing to do
|
||||||
|
|
||||||
def set_alert_ipv6_destination(self, ip, destination, channel):
|
def set_alert_ipv6_destination(self, ip, destination, channel):
|
||||||
@ -399,6 +401,9 @@ class OEMHandler(object):
|
|||||||
def get_user_expiration(self, uid):
|
def get_user_expiration(self, uid):
|
||||||
return None
|
return None
|
||||||
|
|
||||||
|
def get_user_privilege_level(self, uid):
|
||||||
|
return None
|
||||||
|
|
||||||
def set_oem_extended_privilleges(self, uid):
|
def set_oem_extended_privilleges(self, uid):
|
||||||
"""Set user extended privillege as 'KVM & VMedia Allowed'
|
"""Set user extended privillege as 'KVM & VMedia Allowed'
|
||||||
|
|
||||||
|
|||||||
@ -1316,6 +1316,11 @@ class OEMHandler(generic.OEMHandler):
|
|||||||
return True
|
return True
|
||||||
return False
|
return False
|
||||||
|
|
||||||
|
def get_user_privilege_level(self, uid):
|
||||||
|
if self.has_xcc:
|
||||||
|
return self.immhandler.get_user_privilege_level(uid)
|
||||||
|
return None
|
||||||
|
|
||||||
def set_user_access(self, uid, channel, callback, link_auth, ipmi_msg, privilege_level):
|
def set_user_access(self, uid, channel, callback, link_auth, ipmi_msg, privilege_level):
|
||||||
if self.has_xcc:
|
if self.has_xcc:
|
||||||
self.immhandler.set_user_access(uid, privilege_level)
|
self.immhandler.set_user_access(uid, privilege_level)
|
||||||
|
|||||||
@ -883,6 +883,14 @@ class XCCClient(IMMClient):
|
|||||||
self.ipmicmd.ipmi_session.register_keepalive(self.keepalive, None)
|
self.ipmicmd.ipmi_session.register_keepalive(self.keepalive, None)
|
||||||
self.adp_referer = None
|
self.adp_referer = None
|
||||||
|
|
||||||
|
def get_user_privilege_level(self, uid):
|
||||||
|
uid = uid - 1
|
||||||
|
accurl = '/redfish/v1/AccountService/Accounts/{0}'.format(uid)
|
||||||
|
accinfo, status = self.grab_redfish_response_with_status(accurl)
|
||||||
|
if status == 200:
|
||||||
|
return accinfo.get('RoleId', None)
|
||||||
|
return None
|
||||||
|
|
||||||
def set_user_access(self, uid, privilege_level):
|
def set_user_access(self, uid, privilege_level):
|
||||||
uid = uid - 1
|
uid = uid - 1
|
||||||
role = None
|
role = None
|
||||||
@ -892,6 +900,8 @@ class XCCClient(IMMClient):
|
|||||||
role = 'Operator'
|
role = 'Operator'
|
||||||
elif privilege_level == 'user':
|
elif privilege_level == 'user':
|
||||||
role = 'ReadOnly'
|
role = 'ReadOnly'
|
||||||
|
elif privilege_level.startswith('custom.'):
|
||||||
|
role = privilege_level.replace('custom.', '')
|
||||||
if role:
|
if role:
|
||||||
self.grab_redfish_response_with_status(
|
self.grab_redfish_response_with_status(
|
||||||
'/redfish/v1/AccountService/Accounts/{0}'.format(uid),
|
'/redfish/v1/AccountService/Accounts/{0}'.format(uid),
|
||||||
@ -2019,6 +2029,9 @@ class XCCClient(IMMClient):
|
|||||||
'/redfish/v1/UpdateService',
|
'/redfish/v1/UpdateService',
|
||||||
{'HttpPushUriTargets': []}, method='PATCH')
|
{'HttpPushUriTargets': []}, method='PATCH')
|
||||||
|
|
||||||
|
def set_custom_user_privilege(self, uid, privilege):
|
||||||
|
return self.set_user_access(self, uid, privilege)
|
||||||
|
|
||||||
def update_firmware(self, filename, data=None, progress=None, bank=None):
|
def update_firmware(self, filename, data=None, progress=None, bank=None):
|
||||||
usd = self.grab_redfish_response_emptyonerror(
|
usd = self.grab_redfish_response_emptyonerror(
|
||||||
'/redfish/v1/UpdateService')
|
'/redfish/v1/UpdateService')
|
||||||
|
|||||||
@ -354,6 +354,8 @@ class Command(object):
|
|||||||
return True
|
return True
|
||||||
|
|
||||||
def set_user_access(self, uid, privilege_level='ReadOnly'):
|
def set_user_access(self, uid, privilege_level='ReadOnly'):
|
||||||
|
if privilege_level.startswith('custom.'):
|
||||||
|
privilege_level = privilege_level.replace('custom.', '')
|
||||||
accinfo = self._account_url_info_by_id(uid)
|
accinfo = self._account_url_info_by_id(uid)
|
||||||
if not accinfo:
|
if not accinfo:
|
||||||
raise Exception("Unable to find indicated uid")
|
raise Exception("Unable to find indicated uid")
|
||||||
@ -375,6 +377,8 @@ class Command(object):
|
|||||||
accinfo = self._account_url_info_by_id(uid)
|
accinfo = self._account_url_info_by_id(uid)
|
||||||
if not accinfo:
|
if not accinfo:
|
||||||
raise Exception("Unable to find indicated uid")
|
raise Exception("Unable to find indicated uid")
|
||||||
|
if privilege_level.startswith('custom.'):
|
||||||
|
privilege_level = privilege_level.replace('custom.', '')
|
||||||
for role in self._validroles:
|
for role in self._validroles:
|
||||||
if role.lower() == privilege_level.lower():
|
if role.lower() == privilege_level.lower():
|
||||||
privilege_level = role
|
privilege_level = role
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user