blob: 60a2ea0464d185933d273a7ec63e14f461d7874f [file] [log] [blame]
#ifndef THIRD_PARTY_MILOTIC_INTERNAL_CC_BMCWEB_SERVER_H_
#define THIRD_PARTY_MILOTIC_INTERNAL_CC_BMCWEB_SERVER_H_
// The headers with NOLINT are necessary dependencies that are commonly used in
// gBMC's tech stack.
#include <chrono> // NOLINT
#include <cstddef>
#include <map>
#include <memory>
#include <string>
#include "boost/asio/io_context.hpp" // NOLINT
#include "boost/asio/thread_pool.hpp" // NOLINT
#include "boost/beast/http/verb.hpp" // NOLINT
#include "boost/uuid/uuid.hpp" // NOLINT
#include "boost/uuid/uuid_generators.hpp" // NOLINT
#include "boost/uuid/uuid_io.hpp" // NOLINT
#include "subscription.h"
#include "redfish_v1.grpc.pb.h"
#include "redfish_v1.pb.h"
#include "redfish_v1_grpc_include.h"
#include "grpcpp/security/auth_context.h"
#include "grpcpp/security/server_credentials.h"
#include "grpcpp/server.h"
#include "grpcpp/server_builder.h"
#include "grpcpp/server_context.h"
#include "grpcpp/support/status.h"
#include "grpcpp/support/string_ref.h"
#include "tlbmc/redfish/app.h"
#include "app.hpp"
#include "zatar/bmcweb_cert_provider.h"
#include "tlbmc/service/hft_service.h"
namespace milotic {
// The configuration for the Redfish service.
struct RedfishServiceConfig {
int port = 443;
std::string trust_bundle_path = "/var/google/trust_bundle/trust_bundle.pem";
std::string private_key_path = "/var/volatile/prodid/server.pem";
std::string own_cert_path = "/var/volatile/prodid/server.pem";
std::string self_signed_key_cert_path =
"/var/volatile/self_signed_key_cert.pem";
std::string crl_directory = "/var/google/loas3/crl";
std::string authz_config_path = "/var/google/authz_policies/redfish.json";
std::string authz_platform_config_path =
"/var/google/authz_policies/redfish_platform_addendum.json";
std::string persistent_base_privileges_folder = "/var/google/authz_policies";
std::string rofs_base_privileges_folder = "/usr/share/redfish_privileges";
std::string gmi_file_path =
"/var/google/googlemachineidentity/live/machine_identity.pb";
std::string oauth_key_path = "/var/volatile/oauth_public_key.pem";
std::string pattern_to_entity_overrides_path =
"/usr/share/redfish_privileges/pattern_to_uri.json";
std::string redfish_override_policy_path =
"/usr/share/redfish_override_policy";
std::string offline_node_entity_path =
"/var/google/googlemachineidentity/live/offline_node_entities.pb";
std::string authority_policy_file_binary = "/var/google/loas3/policy.pb";
// Enable multi-threading for the GET requests.
bool multi_thread_get = false;
// Enable TLBMC service.
bool enable_tlbmc = false;
// Enable pacemaker service.
bool enable_pacemaker = false;
// The maximum number of events to queue per client.
size_t maximum_event_queue_size = 1000;
// Disable the Redfish eventing.
bool disable_eventing = false;
// Disable Authentication and authorization. DO NOT USE in production.
bool enable_insecure_server = false;
// Generate a serials of testing events. DO NOT USE in production.
// This can be removed once we are able to inject a fake subscription service.
bool generate_testing_events = false;
// Record various latencies, such as time spent in job queue, total handler
// latency time, etc inside the response for profiling.
bool do_profiling = false;
// Check the existence of the LOAS3 validation policy. If set to true and the
// policy is not found, the server will start up without client verification
// and only allow recovery Redfish operations.
bool check_loas3_policy = false;
// Enable HFT service.
bool enable_hft = true;
// Enable HFT fake subscription manager.
bool enable_hft_fake_manager = false;
};
// Checks server's creds state and request metadata/headers
grpc::Status SubscriptionPreCheck(
const grpc::AuthContext& auth_context,
const std::multimap<grpc::string_ref, grpc::string_ref>& client_metadata,
const ::redfish::v1::Request* request,
::milotic::redfish::BmcWebCertProvider::ServerStatus server_status);
class GrpcRedfishService {
public:
// For server with no multi-thread support.
GrpcRedfishService(
App& app,
const std::shared_ptr<boost::asio::io_context>& io_context_main_thread,
const RedfishServiceConfig& config)
: GrpcRedfishService(app, io_context_main_thread, nullptr, config,
nullptr) {}
// If `SubscriptionService` is not available, the service will start without
// event support.
GrpcRedfishService(
App& app,
const std::shared_ptr<boost::asio::io_context>& io_context_main_thread,
const std::shared_ptr<boost::asio::io_context>& io_context_worker_threads,
const RedfishServiceConfig& config)
: GrpcRedfishService(app, io_context_main_thread,
io_context_worker_threads, config, nullptr) {}
// The actual constructor that takes all the parameters.
GrpcRedfishService(
App* app, const milotic_tlbmc::RedfishApp* tlbmc_app,
const std::shared_ptr<boost::asio::io_context>& io_context_main_thread,
const std::shared_ptr<boost::asio::io_context>& io_context_worker_threads,
const RedfishServiceConfig& config,
ecclesia::SubscriptionService* subscription_service);
// Traditional gBMCWeb only mode.
GrpcRedfishService(
App& app,
const std::shared_ptr<boost::asio::io_context>& io_context_main_thread,
const std::shared_ptr<boost::asio::io_context>& io_context_worker_threads,
const RedfishServiceConfig& config,
ecclesia::SubscriptionService* subscription_service)
: GrpcRedfishService(&app, nullptr, io_context_main_thread,
io_context_worker_threads, config,
subscription_service) {}
// TLBMC only mode.
GrpcRedfishService(const milotic_tlbmc::RedfishApp& tlbmc_app,
const RedfishServiceConfig& config)
: GrpcRedfishService(nullptr, &tlbmc_app, nullptr, nullptr, config,
nullptr) {}
void Wait() { server_->Wait(); }
~GrpcRedfishService() { Shutdown(); }
private:
void Shutdown();
// `cert_provider_` must be initialized before and destructed after the other
// data members.
std::unique_ptr<::milotic::redfish::BmcWebCertProvider> cert_provider_;
std::unique_ptr<grpc::Server> server_;
std::unique_ptr<ecclesia::GrpcRedfishV1::CallbackService> service_;
std::unique_ptr<milotic_hft::HftServiceImpl> hft_service_;
RedfishServiceConfig config_;
ecclesia::SubscriptionService* subscription_service_ = nullptr;
};
} // namespace milotic
#endif // THIRD_PARTY_MILOTIC_INTERNAL_CC_BMCWEB_SERVER_H_