g3/server.h - gbmcweb - Git at Google

 #ifndef THIRD_PARTY_MILOTIC_INTERNAL_CC_BMCWEB_SERVER_H_
 #define THIRD_PARTY_MILOTIC_INTERNAL_CC_BMCWEB_SERVER_H_

 // The headers with NOLINT are necessary dependencies that are commonly used in
 // gBMC's tech stack.

 #include <chrono>  // NOLINT
 #include <cstddef>
 #include <map>
 #include <memory>
 #include <string>

 #include "boost/asio/io_context.hpp"  // NOLINT
 #include "boost/asio/thread_pool.hpp"  // NOLINT
 #include "boost/beast/http/verb.hpp"  // NOLINT
 #include "boost/uuid/uuid.hpp"  // NOLINT
 #include "boost/uuid/uuid_generators.hpp"  // NOLINT
 #include "boost/uuid/uuid_io.hpp"  // NOLINT
 #include "subscription.h"
 #include "redfish_v1.grpc.pb.h"
 #include "redfish_v1.pb.h"
 #include "redfish_v1_grpc_include.h"
 #include "grpcpp/security/auth_context.h"
 #include "grpcpp/security/server_credentials.h"
 #include "grpcpp/server.h"
 #include "grpcpp/server_builder.h"
 #include "grpcpp/server_context.h"
 #include "grpcpp/support/status.h"
 #include "grpcpp/support/string_ref.h"
 #include "tlbmc/redfish/app.h"
 #include "app.hpp"
 #include "zatar/bmcweb_cert_provider.h"
 #include "tlbmc/service/hft_service.h"

 namespace milotic {

 // The configuration for the Redfish service.
 struct RedfishServiceConfig {
   int port = 443;
   std::string trust_bundle_path = "/var/google/trust_bundle/trust_bundle.pem";
   std::string private_key_path = "/var/volatile/prodid/server.pem";
   std::string own_cert_path = "/var/volatile/prodid/server.pem";
   std::string self_signed_key_cert_path =
       "/var/volatile/self_signed_key_cert.pem";
   std::string crl_directory = "/var/google/loas3/crl";
   std::string authz_config_path = "/var/google/authz_policies/redfish.json";
   std::string authz_platform_config_path =
       "/var/google/authz_policies/redfish_platform_addendum.json";
   std::string persistent_base_privileges_folder = "/var/google/authz_policies";
   std::string rofs_base_privileges_folder = "/usr/share/redfish_privileges";
   std::string gmi_file_path =
       "/var/google/googlemachineidentity/live/machine_identity.pb";
   std::string oauth_key_path = "/var/volatile/oauth_public_key.pem";
   std::string pattern_to_entity_overrides_path =
       "/usr/share/redfish_privileges/pattern_to_uri.json";
   std::string redfish_override_policy_path =
       "/usr/share/redfish_override_policy";
   std::string offline_node_entity_path =
       "/var/google/googlemachineidentity/live/offline_node_entities.pb";
   std::string authority_policy_file_binary = "/var/google/loas3/policy.pb";

   // Enable multi-threading for the GET requests.
   bool multi_thread_get = false;

   // Enable TLBMC service.
   bool enable_tlbmc = false;

   // Enable pacemaker service.
   bool enable_pacemaker = false;

   // The maximum number of events to queue per client.
   size_t maximum_event_queue_size = 1000;

   // Disable the Redfish eventing.
   bool disable_eventing = false;

   // Disable Authentication and authorization. DO NOT USE in production.
   bool enable_insecure_server = false;

   // Generate a serials of testing events. DO NOT USE in production.
   // This can be removed once we are able to inject a fake subscription service.
   bool generate_testing_events = false;

   // Record various latencies, such as time spent in job queue, total handler
   // latency time, etc inside the response for profiling.
   bool do_profiling = false;

   // Check the existence of the LOAS3 validation policy. If set to true and the
   // policy is not found, the server will start up without client verification
   // and only allow recovery Redfish operations.
   bool check_loas3_policy = false;

   // Enable HFT service.
   bool enable_hft = true;

   // Enable HFT fake subscription manager.
   bool enable_hft_fake_manager = false;
 };

 // Checks server's creds state and request metadata/headers
 grpc::Status SubscriptionPreCheck(
     const grpc::AuthContext& auth_context,
     const std::multimap<grpc::string_ref, grpc::string_ref>& client_metadata,
     const ::redfish::v1::Request* request,
     ::milotic::redfish::BmcWebCertProvider::ServerStatus server_status);

 class GrpcRedfishService {
  public:
   // For server with no multi-thread support.
   GrpcRedfishService(
       App& app,
       const std::shared_ptr<boost::asio::io_context>& io_context_main_thread,
       const RedfishServiceConfig& config)
       : GrpcRedfishService(app, io_context_main_thread, nullptr, config,
                            nullptr) {}

   // If `SubscriptionService` is not available, the service will start without
   // event support.
   GrpcRedfishService(
       App& app,
       const std::shared_ptr<boost::asio::io_context>& io_context_main_thread,
       const std::shared_ptr<boost::asio::io_context>& io_context_worker_threads,
       const RedfishServiceConfig& config)
       : GrpcRedfishService(app, io_context_main_thread,
                            io_context_worker_threads, config, nullptr) {}

   // The actual constructor that takes all the parameters.
   GrpcRedfishService(
       App* app, const milotic_tlbmc::RedfishApp* tlbmc_app,
       const std::shared_ptr<boost::asio::io_context>& io_context_main_thread,
       const std::shared_ptr<boost::asio::io_context>& io_context_worker_threads,
       const RedfishServiceConfig& config,
       ecclesia::SubscriptionService* subscription_service);

   // Traditional gBMCWeb only mode.
   GrpcRedfishService(
       App& app,
       const std::shared_ptr<boost::asio::io_context>& io_context_main_thread,
       const std::shared_ptr<boost::asio::io_context>& io_context_worker_threads,
       const RedfishServiceConfig& config,
       ecclesia::SubscriptionService* subscription_service)
       : GrpcRedfishService(&app, nullptr, io_context_main_thread,
                            io_context_worker_threads, config,
                            subscription_service) {}

   // TLBMC only mode.
   GrpcRedfishService(const milotic_tlbmc::RedfishApp& tlbmc_app,
                      const RedfishServiceConfig& config)
       : GrpcRedfishService(nullptr, &tlbmc_app, nullptr, nullptr, config,
                            nullptr) {}

   void Wait() { server_->Wait(); }

   ~GrpcRedfishService() { Shutdown(); }

  private:
   void Shutdown();

   // `cert_provider_` must be initialized before and destructed after the other
   // data members.
   std::unique_ptr<::milotic::redfish::BmcWebCertProvider> cert_provider_;
   std::unique_ptr<grpc::Server> server_;
   std::unique_ptr<ecclesia::GrpcRedfishV1::CallbackService> service_;
   std::unique_ptr<milotic_hft::HftServiceImpl> hft_service_;
   RedfishServiceConfig config_;
   ecclesia::SubscriptionService* subscription_service_ = nullptr;
 };
 }  // namespace milotic

 #endif  // THIRD_PARTY_MILOTIC_INTERNAL_CC_BMCWEB_SERVER_H_
	#ifndef THIRD_PARTY_MILOTIC_INTERNAL_CC_BMCWEB_SERVER_H_
	#define THIRD_PARTY_MILOTIC_INTERNAL_CC_BMCWEB_SERVER_H_

	// The headers with NOLINT are necessary dependencies that are commonly used in
	// gBMC's tech stack.

	#include <chrono> // NOLINT
	#include <cstddef>
	#include <map>
	#include <memory>
	#include <string>

	#include "boost/asio/io_context.hpp" // NOLINT
	#include "boost/asio/thread_pool.hpp" // NOLINT
	#include "boost/beast/http/verb.hpp" // NOLINT
	#include "boost/uuid/uuid.hpp" // NOLINT
	#include "boost/uuid/uuid_generators.hpp" // NOLINT
	#include "boost/uuid/uuid_io.hpp" // NOLINT
	#include "subscription.h"
	#include "redfish_v1.grpc.pb.h"
	#include "redfish_v1.pb.h"
	#include "redfish_v1_grpc_include.h"
	#include "grpcpp/security/auth_context.h"
	#include "grpcpp/security/server_credentials.h"
	#include "grpcpp/server.h"
	#include "grpcpp/server_builder.h"
	#include "grpcpp/server_context.h"
	#include "grpcpp/support/status.h"
	#include "grpcpp/support/string_ref.h"
	#include "tlbmc/redfish/app.h"
	#include "app.hpp"
	#include "zatar/bmcweb_cert_provider.h"
	#include "tlbmc/service/hft_service.h"

	namespace milotic {

	// The configuration for the Redfish service.
	struct RedfishServiceConfig {
	int port = 443;
	std::string trust_bundle_path = "/var/google/trust_bundle/trust_bundle.pem";
	std::string private_key_path = "/var/volatile/prodid/server.pem";
	std::string own_cert_path = "/var/volatile/prodid/server.pem";
	std::string self_signed_key_cert_path =
	"/var/volatile/self_signed_key_cert.pem";
	std::string crl_directory = "/var/google/loas3/crl";
	std::string authz_config_path = "/var/google/authz_policies/redfish.json";
	std::string authz_platform_config_path =
	"/var/google/authz_policies/redfish_platform_addendum.json";
	std::string persistent_base_privileges_folder = "/var/google/authz_policies";
	std::string rofs_base_privileges_folder = "/usr/share/redfish_privileges";
	std::string gmi_file_path =
	"/var/google/googlemachineidentity/live/machine_identity.pb";
	std::string oauth_key_path = "/var/volatile/oauth_public_key.pem";
	std::string pattern_to_entity_overrides_path =
	"/usr/share/redfish_privileges/pattern_to_uri.json";
	std::string redfish_override_policy_path =
	"/usr/share/redfish_override_policy";
	std::string offline_node_entity_path =
	"/var/google/googlemachineidentity/live/offline_node_entities.pb";
	std::string authority_policy_file_binary = "/var/google/loas3/policy.pb";

	// Enable multi-threading for the GET requests.
	bool multi_thread_get = false;

	// Enable TLBMC service.
	bool enable_tlbmc = false;

	// Enable pacemaker service.
	bool enable_pacemaker = false;

	// The maximum number of events to queue per client.
	size_t maximum_event_queue_size = 1000;

	// Disable the Redfish eventing.
	bool disable_eventing = false;

	// Disable Authentication and authorization. DO NOT USE in production.
	bool enable_insecure_server = false;

	// Generate a serials of testing events. DO NOT USE in production.
	// This can be removed once we are able to inject a fake subscription service.
	bool generate_testing_events = false;

	// Record various latencies, such as time spent in job queue, total handler
	// latency time, etc inside the response for profiling.
	bool do_profiling = false;

	// Check the existence of the LOAS3 validation policy. If set to true and the
	// policy is not found, the server will start up without client verification
	// and only allow recovery Redfish operations.
	bool check_loas3_policy = false;

	// Enable HFT service.
	bool enable_hft = true;

	// Enable HFT fake subscription manager.
	bool enable_hft_fake_manager = false;
	};

	// Checks server's creds state and request metadata/headers
	grpc::Status SubscriptionPreCheck(
	const grpc::AuthContext& auth_context,
	const std::multimap<grpc::string_ref, grpc::string_ref>& client_metadata,
	const ::redfish::v1::Request* request,
	::milotic::redfish::BmcWebCertProvider::ServerStatus server_status);

	class GrpcRedfishService {
	public:
	// For server with no multi-thread support.
	GrpcRedfishService(
	App& app,
	const std::shared_ptr<boost::asio::io_context>& io_context_main_thread,
	const RedfishServiceConfig& config)
	: GrpcRedfishService(app, io_context_main_thread, nullptr, config,
	nullptr) {}

	// If `SubscriptionService` is not available, the service will start without
	// event support.
	GrpcRedfishService(
	App& app,
	const std::shared_ptr<boost::asio::io_context>& io_context_main_thread,
	const std::shared_ptr<boost::asio::io_context>& io_context_worker_threads,
	const RedfishServiceConfig& config)
	: GrpcRedfishService(app, io_context_main_thread,
	io_context_worker_threads, config, nullptr) {}

	// The actual constructor that takes all the parameters.
	GrpcRedfishService(
	App* app, const milotic_tlbmc::RedfishApp* tlbmc_app,
	const std::shared_ptr<boost::asio::io_context>& io_context_main_thread,
	const std::shared_ptr<boost::asio::io_context>& io_context_worker_threads,
	const RedfishServiceConfig& config,
	ecclesia::SubscriptionService* subscription_service);

	// Traditional gBMCWeb only mode.
	GrpcRedfishService(
	App& app,
	const std::shared_ptr<boost::asio::io_context>& io_context_main_thread,
	const std::shared_ptr<boost::asio::io_context>& io_context_worker_threads,
	const RedfishServiceConfig& config,
	ecclesia::SubscriptionService* subscription_service)
	: GrpcRedfishService(&app, nullptr, io_context_main_thread,
	io_context_worker_threads, config,
	subscription_service) {}

	// TLBMC only mode.
	GrpcRedfishService(const milotic_tlbmc::RedfishApp& tlbmc_app,
	const RedfishServiceConfig& config)
	: GrpcRedfishService(nullptr, &tlbmc_app, nullptr, nullptr, config,
	nullptr) {}

	void Wait() { server_->Wait(); }

	~GrpcRedfishService() { Shutdown(); }

	private:
	void Shutdown();

	// `cert_provider_` must be initialized before and destructed after the other
	// data members.
	std::unique_ptr<::milotic::redfish::BmcWebCertProvider> cert_provider_;
	std::unique_ptr<grpc::Server> server_;
	std::unique_ptr<ecclesia::GrpcRedfishV1::CallbackService> service_;
	std::unique_ptr<milotic_hft::HftServiceImpl> hft_service_;
	RedfishServiceConfig config_;
	ecclesia::SubscriptionService* subscription_service_ = nullptr;
	};
	} // namespace milotic

	#endif // THIRD_PARTY_MILOTIC_INTERNAL_CC_BMCWEB_SERVER_H_