Disable specific URLs in bmcweb

Ed Tanous ed at tanous.net
Thu Sep 3 03:46:52 AEST 2020


On Wed, Sep 2, 2020 at 9:57 AM Richard Hanley <rhanley at google.com> wrote:
>
> Hi Ed,
>
> In this particular case, I think Alan is talking about disabling the POST for certain resources, effectively making them readonly. One example I remember talking to him about was disabling the addition of new users via bmcweb.
>

Gotcha.

In that particular case, Redfish PrivilegeRegistry schema is probably
what you're looking for.  To handle that specific case, you would add
a mapping that looks like:
        {
            "Entity": "ManagerAccount",
            "OperationMap": {
                "GET": [
                    {
                        "Privilege": [
                            "Login"
                        ]
                    }
                ],
                "HEAD": [
                    {
                        "Privilege": [
                            "Login"
                        ]
                    }
                ],
                "PATCH": [
                    {
                        "Privilege": []
                    }
                ],
                "POST": [
                    {
                        "Privilege": [,
                "PUT": [
                    {
                        "Privilege": []
                    }
                ],
                "DELETE": [
                    {
                        "Privilege": []
                    }
                ]
            }
        },

I don't believe there's an implementation of PrivilegeRegistry for
bmcweb today, although we kept it in mind (ish) when we built the
privileges system.  If you want to chat more about how you could add
it, I'm happy to talk more specifics with you.

-Ed

> - Richard
>
> On Tue, Sep 1, 2020 at 10:55 PM Ed Tanous <ed at tanous.net> wrote:
>>
>> On Tue, Sep 1, 2020 at 10:40 PM Alan Kuo (郭振維) <Alan_Kuo at quantatw.com> wrote:
>> >
>> > Are there some configuration files in bmcweb that can be used to disable specific URLs and HTTP methods ?
>> >
>> There are compile time options that can disable features (and
>> therefore URLs associated).  They're listed in the CMakeLists.txt
>> file.
>>
>> As far as disabling particular methods, why are you wanting to disable
>> them?  It seems odd to want to disable a few particular HTTP verbs.


More information about the openbmc mailing list