* Disable specific URLs in bmcweb
@ 2020-09-02 5:38 Alan Kuo (郭振維)
2020-09-02 5:53 ` Ed Tanous
0 siblings, 1 reply; 5+ messages in thread
From: Alan Kuo (郭振維) @ 2020-09-02 5:38 UTC (permalink / raw)
To: openbmc@lists.ozlabs.org
[-- Attachment #1: Type: text/plain, Size: 131 bytes --]
Hi,
Are there some configuration files in bmcweb that can be used to disable specific URLs and HTTP methods ?
Thanks,
Alan
[-- Attachment #2: Type: text/html, Size: 2338 bytes --]
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Disable specific URLs in bmcweb
2020-09-02 5:38 Disable specific URLs in bmcweb Alan Kuo (郭振維)
@ 2020-09-02 5:53 ` Ed Tanous
2020-09-02 16:57 ` Richard Hanley
0 siblings, 1 reply; 5+ messages in thread
From: Ed Tanous @ 2020-09-02 5:53 UTC (permalink / raw)
To: Alan Kuo (郭振維); +Cc: openbmc@lists.ozlabs.org
On Tue, Sep 1, 2020 at 10:40 PM Alan Kuo (郭振維) <Alan_Kuo@quantatw.com> wrote:
>
> Are there some configuration files in bmcweb that can be used to disable specific URLs and HTTP methods ?
>
There are compile time options that can disable features (and
therefore URLs associated). They're listed in the CMakeLists.txt
file.
As far as disabling particular methods, why are you wanting to disable
them? It seems odd to want to disable a few particular HTTP verbs.
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Disable specific URLs in bmcweb
2020-09-02 5:53 ` Ed Tanous
@ 2020-09-02 16:57 ` Richard Hanley
2020-09-02 17:46 ` Ed Tanous
0 siblings, 1 reply; 5+ messages in thread
From: Richard Hanley @ 2020-09-02 16:57 UTC (permalink / raw)
To: Ed Tanous; +Cc: Alan Kuo (郭振維), openbmc@lists.ozlabs.org
[-- Attachment #1: Type: text/plain, Size: 832 bytes --]
Hi Ed,
In this particular case, I think Alan is talking about disabling the POST
for certain resources, effectively making them readonly. One example I
remember talking to him about was disabling the addition of new users via
bmcweb.
- Richard
On Tue, Sep 1, 2020 at 10:55 PM Ed Tanous <ed@tanous.net> wrote:
> On Tue, Sep 1, 2020 at 10:40 PM Alan Kuo (郭振維) <Alan_Kuo@quantatw.com>
> wrote:
> >
> > Are there some configuration files in bmcweb that can be used to disable
> specific URLs and HTTP methods ?
> >
> There are compile time options that can disable features (and
> therefore URLs associated). They're listed in the CMakeLists.txt
> file.
>
> As far as disabling particular methods, why are you wanting to disable
> them? It seems odd to want to disable a few particular HTTP verbs.
>
[-- Attachment #2: Type: text/html, Size: 1235 bytes --]
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Disable specific URLs in bmcweb
2020-09-02 16:57 ` Richard Hanley
@ 2020-09-02 17:46 ` Ed Tanous
2020-09-02 18:02 ` Joseph Reynolds
0 siblings, 1 reply; 5+ messages in thread
From: Ed Tanous @ 2020-09-02 17:46 UTC (permalink / raw)
To: Richard Hanley
Cc: Alan Kuo (郭振維), openbmc@lists.ozlabs.org
On Wed, Sep 2, 2020 at 9:57 AM Richard Hanley <rhanley@google.com> wrote:
>
> Hi Ed,
>
> In this particular case, I think Alan is talking about disabling the POST for certain resources, effectively making them readonly. One example I remember talking to him about was disabling the addition of new users via bmcweb.
>
Gotcha.
In that particular case, Redfish PrivilegeRegistry schema is probably
what you're looking for. To handle that specific case, you would add
a mapping that looks like:
{
"Entity": "ManagerAccount",
"OperationMap": {
"GET": [
{
"Privilege": [
"Login"
]
}
],
"HEAD": [
{
"Privilege": [
"Login"
]
}
],
"PATCH": [
{
"Privilege": []
}
],
"POST": [
{
"Privilege": [,
"PUT": [
{
"Privilege": []
}
],
"DELETE": [
{
"Privilege": []
}
]
}
},
I don't believe there's an implementation of PrivilegeRegistry for
bmcweb today, although we kept it in mind (ish) when we built the
privileges system. If you want to chat more about how you could add
it, I'm happy to talk more specifics with you.
-Ed
> - Richard
>
> On Tue, Sep 1, 2020 at 10:55 PM Ed Tanous <ed@tanous.net> wrote:
>>
>> On Tue, Sep 1, 2020 at 10:40 PM Alan Kuo (郭振維) <Alan_Kuo@quantatw.com> wrote:
>> >
>> > Are there some configuration files in bmcweb that can be used to disable specific URLs and HTTP methods ?
>> >
>> There are compile time options that can disable features (and
>> therefore URLs associated). They're listed in the CMakeLists.txt
>> file.
>>
>> As far as disabling particular methods, why are you wanting to disable
>> them? It seems odd to want to disable a few particular HTTP verbs.
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Disable specific URLs in bmcweb
2020-09-02 17:46 ` Ed Tanous
@ 2020-09-02 18:02 ` Joseph Reynolds
0 siblings, 0 replies; 5+ messages in thread
From: Joseph Reynolds @ 2020-09-02 18:02 UTC (permalink / raw)
To: Ed Tanous, Richard Hanley
Cc: Alan Kuo (郭振維), openbmc@lists.ozlabs.org
On 9/2/20 12:46 PM, Ed Tanous wrote:
> On Wed, Sep 2, 2020 at 9:57 AM Richard Hanley <rhanley@google.com> wrote:
>> Hi Ed,
>>
>> In this particular case, I think Alan is talking about disabling the POST for certain resources, effectively making them readonly. One example I remember talking to him about was disabling the addition of new users via bmcweb.
>>
> Gotcha.
>
> In that particular case, Redfish PrivilegeRegistry schema is probably
> what you're looking for. To handle that specific case, you would add
Here is an alternate solution: use the administrator account (currently
"root") to create a new user with the Operator role, then use that new
account and discontinue using the Administrator account. For example
(change the password):
|curl -x POST https://${bmc}/redfish/v1/AccountService/Accounts/ -d
'{"UserName": "joeoperator", "Password": "0penBmc1", "RoleId": "Operator"}'|
- Joseph
> a mapping that looks like:
> {
> "Entity": "ManagerAccount",
> "OperationMap": {
> "GET": [
> {
> "Privilege": [
> "Login"
> ]
> }
> ],
> "HEAD": [
> {
> "Privilege": [
> "Login"
> ]
> }
> ],
> "PATCH": [
> {
> "Privilege": []
> }
> ],
> "POST": [
> {
> "Privilege": [,
> "PUT": [
> {
> "Privilege": []
> }
> ],
> "DELETE": [
> {
> "Privilege": []
> }
> ]
> }
> },
>
> I don't believe there's an implementation of PrivilegeRegistry for
> bmcweb today, although we kept it in mind (ish) when we built the
> privileges system. If you want to chat more about how you could add
> it, I'm happy to talk more specifics with you.
>
> -Ed
>
>> - Richard
>>
>> On Tue, Sep 1, 2020 at 10:55 PM Ed Tanous <ed@tanous.net> wrote:
>>> On Tue, Sep 1, 2020 at 10:40 PM Alan Kuo (郭振維) <Alan_Kuo@quantatw.com> wrote:
>>>> Are there some configuration files in bmcweb that can be used to disable specific URLs and HTTP methods ?
>>>>
>>> There are compile time options that can disable features (and
>>> therefore URLs associated). They're listed in the CMakeLists.txt
>>> file.
>>>
>>> As far as disabling particular methods, why are you wanting to disable
>>> them? It seems odd to want to disable a few particular HTTP verbs.
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2020-09-02 18:02 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2020-09-02 5:38 Disable specific URLs in bmcweb Alan Kuo (郭振維)
2020-09-02 5:53 ` Ed Tanous
2020-09-02 16:57 ` Richard Hanley
2020-09-02 17:46 ` Ed Tanous
2020-09-02 18:02 ` Joseph Reynolds
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.