| #ifndef THIRD_PARTY_MILOTIC_INTERNAL_CC_BMCWEB_SERVER_H_ |
| #define THIRD_PARTY_MILOTIC_INTERNAL_CC_BMCWEB_SERVER_H_ |
| |
| // The headers with NOLINT are necessary dependencies that are commonly used in |
| // gBMC's tech stack. |
| |
| #include <chrono> // NOLINT |
| #include <cstddef> |
| #include <map> |
| #include <memory> |
| #include <string> |
| |
| #include "boost/asio/io_context.hpp" // NOLINT |
| #include "boost/asio/thread_pool.hpp" // NOLINT |
| #include "boost/beast/http/verb.hpp" // NOLINT |
| #include "boost/uuid/uuid.hpp" // NOLINT |
| #include "boost/uuid/uuid_generators.hpp" // NOLINT |
| #include "boost/uuid/uuid_io.hpp" // NOLINT |
| #include "subscription.h" |
| #include "redfish_v1.grpc.pb.h" |
| #include "redfish_v1.pb.h" |
| #include "redfish_v1_grpc_include.h" |
| #include "grpcpp/security/auth_context.h" |
| #include "grpcpp/security/server_credentials.h" |
| #include "grpcpp/server.h" |
| #include "grpcpp/server_builder.h" |
| #include "grpcpp/server_context.h" |
| #include "grpcpp/support/status.h" |
| #include "grpcpp/support/string_ref.h" |
| #include "tlbmc/redfish/app.h" |
| #include "app.hpp" |
| #include "zatar/bmcweb_cert_provider.h" |
| #include "tlbmc/service/hft_service.h" |
| |
| namespace milotic { |
| |
| // The configuration for the Redfish service. |
| struct RedfishServiceConfig { |
| int port = 443; |
| std::string trust_bundle_path = "/var/google/trust_bundle/trust_bundle.pem"; |
| std::string private_key_path = "/var/volatile/prodid/server.pem"; |
| std::string own_cert_path = "/var/volatile/prodid/server.pem"; |
| std::string self_signed_key_cert_path = |
| "/var/volatile/self_signed_key_cert.pem"; |
| std::string crl_directory = "/var/google/loas3/crl"; |
| std::string authz_config_path = "/var/google/authz_policies/redfish.json"; |
| std::string authz_platform_config_path = |
| "/var/google/authz_policies/redfish_platform_addendum.json"; |
| std::string persistent_base_privileges_folder = "/var/google/authz_policies"; |
| std::string rofs_base_privileges_folder = "/usr/share/redfish_privileges"; |
| std::string gmi_file_path = |
| "/var/google/googlemachineidentity/live/machine_identity.pb"; |
| std::string oauth_key_path = "/var/volatile/oauth_public_key.pem"; |
| std::string pattern_to_entity_overrides_path = |
| "/usr/share/redfish_privileges/pattern_to_uri.json"; |
| std::string redfish_override_policy_path = |
| "/usr/share/redfish_override_policy"; |
| std::string offline_node_entity_path = |
| "/var/google/googlemachineidentity/live/offline_node_entities.pb"; |
| std::string authority_policy_file_binary = "/var/google/loas3/policy.pb"; |
| |
| // Enable multi-threading for the GET requests. |
| bool multi_thread_get = false; |
| |
| // Enable TLBMC service. |
| bool enable_tlbmc = false; |
| |
| // Enable pacemaker service. |
| bool enable_pacemaker = false; |
| |
| // The maximum number of events to queue per client. |
| size_t maximum_event_queue_size = 1000; |
| |
| // Disable the Redfish eventing. |
| bool disable_eventing = false; |
| |
| // Disable Authentication and authorization. DO NOT USE in production. |
| bool enable_insecure_server = false; |
| |
| // Generate a serials of testing events. DO NOT USE in production. |
| // This can be removed once we are able to inject a fake subscription service. |
| bool generate_testing_events = false; |
| |
| // Record various latencies, such as time spent in job queue, total handler |
| // latency time, etc inside the response for profiling. |
| bool do_profiling = false; |
| |
| // Check the existence of the LOAS3 validation policy. If set to true and the |
| // policy is not found, the server will start up without client verification |
| // and only allow recovery Redfish operations. |
| bool check_loas3_policy = false; |
| |
| // Enable HFT service. |
| bool enable_hft = true; |
| |
| // Enable HFT fake subscription manager. |
| bool enable_hft_fake_manager = false; |
| }; |
| |
| // Checks server's creds state and request metadata/headers |
| grpc::Status SubscriptionPreCheck( |
| const grpc::AuthContext& auth_context, |
| const std::multimap<grpc::string_ref, grpc::string_ref>& client_metadata, |
| const ::redfish::v1::Request* request, |
| ::milotic::redfish::BmcWebCertProvider::ServerStatus server_status); |
| |
| class GrpcRedfishService { |
| public: |
| // For server with no multi-thread support. |
| GrpcRedfishService( |
| App& app, |
| const std::shared_ptr<boost::asio::io_context>& io_context_main_thread, |
| const RedfishServiceConfig& config) |
| : GrpcRedfishService(app, io_context_main_thread, nullptr, config, |
| nullptr) {} |
| |
| // If `SubscriptionService` is not available, the service will start without |
| // event support. |
| GrpcRedfishService( |
| App& app, |
| const std::shared_ptr<boost::asio::io_context>& io_context_main_thread, |
| const std::shared_ptr<boost::asio::io_context>& io_context_worker_threads, |
| const RedfishServiceConfig& config) |
| : GrpcRedfishService(app, io_context_main_thread, |
| io_context_worker_threads, config, nullptr) {} |
| |
| // The actual constructor that takes all the parameters. |
| GrpcRedfishService( |
| App* app, const milotic_tlbmc::RedfishApp* tlbmc_app, |
| const std::shared_ptr<boost::asio::io_context>& io_context_main_thread, |
| const std::shared_ptr<boost::asio::io_context>& io_context_worker_threads, |
| const RedfishServiceConfig& config, |
| ecclesia::SubscriptionService* subscription_service); |
| |
| // Traditional gBMCWeb only mode. |
| GrpcRedfishService( |
| App& app, |
| const std::shared_ptr<boost::asio::io_context>& io_context_main_thread, |
| const std::shared_ptr<boost::asio::io_context>& io_context_worker_threads, |
| const RedfishServiceConfig& config, |
| ecclesia::SubscriptionService* subscription_service) |
| : GrpcRedfishService(&app, nullptr, io_context_main_thread, |
| io_context_worker_threads, config, |
| subscription_service) {} |
| |
| // TLBMC only mode. |
| GrpcRedfishService(const milotic_tlbmc::RedfishApp& tlbmc_app, |
| const RedfishServiceConfig& config) |
| : GrpcRedfishService(nullptr, &tlbmc_app, nullptr, nullptr, config, |
| nullptr) {} |
| |
| void Wait() { server_->Wait(); } |
| |
| ~GrpcRedfishService() { Shutdown(); } |
| |
| private: |
| void Shutdown(); |
| |
| // `cert_provider_` must be initialized before and destructed after the other |
| // data members. |
| std::unique_ptr<::milotic::redfish::BmcWebCertProvider> cert_provider_; |
| std::unique_ptr<grpc::Server> server_; |
| std::unique_ptr<ecclesia::GrpcRedfishV1::CallbackService> service_; |
| std::unique_ptr<milotic_hft::HftServiceImpl> hft_service_; |
| RedfishServiceConfig config_; |
| ecclesia::SubscriptionService* subscription_service_ = nullptr; |
| }; |
| } // namespace milotic |
| |
| #endif // THIRD_PARTY_MILOTIC_INTERNAL_CC_BMCWEB_SERVER_H_ |