Add support for custom role names
While IPMI has well defined roles and redfish has some well-defined starter roles, permit management of users for custom roles. Change-Id: Id6ff87a8ccbb12491adc37b460765d4eadf2c92d
This commit is contained in:
parent
2a525bb1e6
commit
fc9d92da73
@ -1698,6 +1698,7 @@ class Command(object):
|
||||
* administrator
|
||||
* proprietary
|
||||
* no_access
|
||||
* custom.<name>
|
||||
"""
|
||||
self.oem_init()
|
||||
if hasattr(self._oem, 'oem_user_access'):
|
||||
@ -1726,6 +1727,8 @@ class Command(object):
|
||||
self.oem_init()
|
||||
self._oem.set_user_access(
|
||||
uid, channel, callback, link_auth, ipmi_msg, privilege_level)
|
||||
if privilege_level.startswith('custom.'):
|
||||
return True # unable to proceed with standard support
|
||||
data = [b, uid & 0b00111111,
|
||||
privilege_levels[privilege_level] & 0b00001111, 0]
|
||||
response = self.raw_command(netfn=0x06, command=0x43, data=data)
|
||||
@ -1772,6 +1775,11 @@ class Command(object):
|
||||
r['access']['callback'] = (data[3] & 0b01000000) != 0
|
||||
r['access']['link_auth'] = (data[3] & 0b00100000) != 0
|
||||
r['access']['ipmi_msg'] = (data[3] & 0b00010000) != 0
|
||||
self.oem_init()
|
||||
oempriv = self._oem.get_user_privilege_level(uid)
|
||||
if oempriv:
|
||||
r['access']['privilege_level'] = oempriv
|
||||
else:
|
||||
privilege_levels = {
|
||||
0: 'reserved',
|
||||
1: 'callback',
|
||||
|
@ -329,6 +329,8 @@ class OEMHandler(object):
|
||||
|
||||
def set_user_access(self, uid, channel, callback, link_auth, ipmi_msg,
|
||||
privilege_level):
|
||||
if privilege_level.startswith('custom.'):
|
||||
raise exc.UnsupportedFunctionality()
|
||||
return # Nothing to do
|
||||
|
||||
def set_alert_ipv6_destination(self, ip, destination, channel):
|
||||
@ -399,6 +401,9 @@ class OEMHandler(object):
|
||||
def get_user_expiration(self, uid):
|
||||
return None
|
||||
|
||||
def get_user_privilege_level(self, uid):
|
||||
return None
|
||||
|
||||
def set_oem_extended_privilleges(self, uid):
|
||||
"""Set user extended privillege as 'KVM & VMedia Allowed'
|
||||
|
||||
|
@ -1316,6 +1316,11 @@ class OEMHandler(generic.OEMHandler):
|
||||
return True
|
||||
return False
|
||||
|
||||
def get_user_privilege_level(self, uid):
|
||||
if self.has_xcc:
|
||||
return self.immhandler.get_user_privilege_level(uid)
|
||||
return None
|
||||
|
||||
def set_user_access(self, uid, channel, callback, link_auth, ipmi_msg, privilege_level):
|
||||
if self.has_xcc:
|
||||
self.immhandler.set_user_access(uid, privilege_level)
|
||||
|
@ -883,6 +883,14 @@ class XCCClient(IMMClient):
|
||||
self.ipmicmd.ipmi_session.register_keepalive(self.keepalive, None)
|
||||
self.adp_referer = None
|
||||
|
||||
def get_user_privilege_level(self, uid):
|
||||
uid = uid - 1
|
||||
accurl = '/redfish/v1/AccountService/Accounts/{0}'.format(uid)
|
||||
accinfo, status = self.grab_redfish_response_with_status(accurl)
|
||||
if status == 200:
|
||||
return accinfo.get('RoleId', None)
|
||||
return None
|
||||
|
||||
def set_user_access(self, uid, privilege_level):
|
||||
uid = uid - 1
|
||||
role = None
|
||||
@ -892,6 +900,8 @@ class XCCClient(IMMClient):
|
||||
role = 'Operator'
|
||||
elif privilege_level == 'user':
|
||||
role = 'ReadOnly'
|
||||
elif privilege_level.startswith('custom.'):
|
||||
role = privilege_level.replace('custom.', '')
|
||||
if role:
|
||||
self.grab_redfish_response_with_status(
|
||||
'/redfish/v1/AccountService/Accounts/{0}'.format(uid),
|
||||
@ -2019,6 +2029,9 @@ class XCCClient(IMMClient):
|
||||
'/redfish/v1/UpdateService',
|
||||
{'HttpPushUriTargets': []}, method='PATCH')
|
||||
|
||||
def set_custom_user_privilege(self, uid, privilege):
|
||||
return self.set_user_access(self, uid, privilege)
|
||||
|
||||
def update_firmware(self, filename, data=None, progress=None, bank=None):
|
||||
usd = self.grab_redfish_response_emptyonerror(
|
||||
'/redfish/v1/UpdateService')
|
||||
|
@ -354,6 +354,8 @@ class Command(object):
|
||||
return True
|
||||
|
||||
def set_user_access(self, uid, privilege_level='ReadOnly'):
|
||||
if privilege_level.startswith('custom.'):
|
||||
privilege_level = privilege_level.replace('custom.', '')
|
||||
accinfo = self._account_url_info_by_id(uid)
|
||||
if not accinfo:
|
||||
raise Exception("Unable to find indicated uid")
|
||||
@ -375,6 +377,8 @@ class Command(object):
|
||||
accinfo = self._account_url_info_by_id(uid)
|
||||
if not accinfo:
|
||||
raise Exception("Unable to find indicated uid")
|
||||
if privilege_level.startswith('custom.'):
|
||||
privilege_level = privilege_level.replace('custom.', '')
|
||||
for role in self._validroles:
|
||||
if role.lower() == privilege_level.lower():
|
||||
privilege_level = role
|
||||
|
Loading…
Reference in New Issue
Block a user