forked from stmcginnis/gofish
-
Notifications
You must be signed in to change notification settings - Fork 0
/
manageraccount.go
240 lines (212 loc) · 8.14 KB
/
manageraccount.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
//
// SPDX-License-Identifier: BSD-3-Clause
//
package redfish
import (
"encoding/json"
"reflect"
"github.com/stmcginnis/gofish/common"
)
// AccountTypes is the type of the account.
type AccountTypes string
const (
// RedfishAccountTypes Allow access to the Redfish Service.
RedfishAccountTypes AccountTypes = "Redfish"
// SNMPAccountTypes Allow access to SNMP services.
SNMPAccountTypes AccountTypes = "SNMP"
// OEMAccountTypes OEM account type.
OEMAccountTypes AccountTypes = "OEM"
)
// ManagerAccount shall represent Resources that represent the user
// accounts for the manager.
type ManagerAccount struct {
common.Entity
// ODataContext is the odata context.
ODataContext string `json:"@odata.context"`
// ODataEtag is the odata etag.
ODataEtag string `json:"@odata.etag"`
// ODataType is the odata type.
ODataType string `json:"@odata.type"`
// AccountTypes shall contain an array of the various
// account types that apply to the account. If this property is not
// provided by the client, the default value shall be an array with the
// single value `Redfish`.
AccountTypes []AccountTypes
// Certificates shall contain a link to a Resource
// Collection of type CertificateCollection.
certificates string
// Description provides a description of this resource.
Description string
// Enabled shall indicate whether an account is enabled.
// If `true`, the account is enabled and the user can log in. If
// `false`, the account is disabled and, in the future, the user cannot
// log in.
Enabled bool
// Locked shall indicate whether the Account Service
// automatically locked the account because the AccountLockoutThreshold
// was exceeded. To manually unlock the account before the lockout
// duration period, an administrator shall be able to change the property
// to `false` to clear the lockout condition.
Locked bool
// Password shall contain the password for this account.
// The value shall be `null` in responses.
Password string
// PasswordChangeRequired shall indicate whether the
// service requires that the password for this account be changed before
// further access to the account is allowed. The implementation may deny
// access to the service if the password has not been changed. A manager
// account created with an initial PasswordChangeRequired value of `true`
// may force a password change before first access of the account. When
// the Password property for this account is updated, the service shall
// set this property to `false`.
PasswordChangeRequired bool
// PasswordExpiration shall contain the date and time
// when this account password expires. If the value is `null`, the
// account password never expires.
PasswordExpiration string
// RoleID shall contain the RoleId of the Role Resource
// configured for this account. The Service shall reject POST, PATCH, or
// PUT operations that provide a RoleId that does not exist by returning
// the HTTP 400 (Bad Request) status code.
RoleID string `json:"RoleId"`
// SNMP shall contain the SNMP settings for this account
// when AccountTypes contains `SNMP`.
SNMP SNMPUserInfo
// UserName shall contain the user name for this account.
UserName string
// rawData holds the original serialized JSON so we can compare updates.
rawData []byte
// role is a link the the user roles.
role string
}
// UnmarshalJSON unmarshals a ManagerAccount object from the raw JSON.
func (manageraccount *ManagerAccount) UnmarshalJSON(b []byte) error {
type temp ManagerAccount
type AccountLinks struct {
Role common.Link
}
var t struct {
temp
Links AccountLinks
Certificates common.Link
}
err := json.Unmarshal(b, &t)
if err != nil {
return err
}
*manageraccount = ManagerAccount(t.temp)
// Extract the links to other entities for later
manageraccount.role = t.Links.Role.String()
manageraccount.certificates = t.Certificates.String()
// This is a read/write object, so we need to save the raw object data for later
manageraccount.rawData = b
return nil
}
// Update commits updates to this object's properties to the running system.
func (manageraccount *ManagerAccount) Update() error {
// Get a representation of the object's original state so we can find what
// to update.
original := new(ManagerAccount)
err := original.UnmarshalJSON(manageraccount.rawData)
if err != nil {
return err
}
readWriteFields := []string{
"AccountTypes",
"Enabled",
"Locked",
// "OEMAccountTypes",
"Password",
"PasswordChangeRequired",
"PasswordExpiration",
"RoleId",
"UserName",
}
originalElement := reflect.ValueOf(original).Elem()
currentElement := reflect.ValueOf(manageraccount).Elem()
return manageraccount.Entity.Update(originalElement, currentElement, readWriteFields)
}
// GetManagerAccount will get a ManagerAccount instance from the service.
func GetManagerAccount(c common.Client, uri string) (*ManagerAccount, error) {
var managerAccount ManagerAccount
return &managerAccount, managerAccount.Get(c, uri, &managerAccount)
}
// ListReferencedManagerAccounts gets the collection of ManagerAccount from
// a provided reference.
func ListReferencedManagerAccounts(c common.Client, link string) ([]*ManagerAccount, error) { //nolint:dupl
var result []*ManagerAccount
if link == "" {
return result, nil
}
type GetResult struct {
Item *ManagerAccount
Link string
Error error
}
ch := make(chan GetResult)
collectionError := common.NewCollectionError()
get := func(link string) {
manageraccount, err := GetManagerAccount(c, link)
ch <- GetResult{Item: manageraccount, Link: link, Error: err}
}
go func() {
err := common.CollectList(get, c, link)
if err != nil {
collectionError.Failures[link] = err
}
close(ch)
}()
for r := range ch {
if r.Error != nil {
collectionError.Failures[r.Link] = r.Error
} else {
result = append(result, r.Item)
}
}
if collectionError.Empty() {
return result, nil
}
return result, collectionError
}
// SNMPUserInfo is shall contain the SNMP settings for an account.
type SNMPUserInfo struct {
// AuthenticationKey shall contain the key for SNMPv3
// authentication. The value shall be `null` in responses. This
// property accepts a passphrase or a hex-encoded key. If the string
// starts with `Passphrase:`, the remainder of the string shall be the
// passphrase and shall be converted to the key as described in the
// 'Password to Key Algorithm' section of RFC3414. If the string starts
// with `Hex:`, then the remainder of the string shall be the key encoded
// in hexadecimal notation. If the string starts with neither, the full
// string shall be a passphrase and shall be converted to the key as
// described in the 'Password to Key Algorithm' section of RFC3414. The
// passphrase may contain any printable characters except for the double
// quotation mark.
AuthenticationKey string
// AuthenticationKeySet shall contain `true` if a valid
// value was provided for the AuthenticationKey property. Otherwise, the
// property shall contain `false`.
AuthenticationKeySet bool
// AuthenticationProtocol shall contain the SNMPv3
// authentication protocol.
AuthenticationProtocol SNMPAuthenticationProtocols
// EncryptionKey shall contain the key for SNMPv3
// encryption. The value shall be `null` in responses. This property
// accepts a passphrase or a hex-encoded key. If the string starts with
// `Passphrase:`, the remainder of the string shall be the passphrase and
// shall be converted to the key as described in the 'Password to Key
// Algorithm' section of RFC3414. If the string starts with `Hex:`, then
// the remainder of the string shall be the key encoded in hexadecimal
// notation. If the string starts with neither, the full string shall be
// a passphrase and shall be converted to the key as described in the
// 'Password to Key Algorithm' section of RFC3414. The passphrase may
// contain any printable characters except for the double quotation mark.
EncryptionKey string
// EncryptionKeySet shall contain `true` if a valid
// value was provided for the EncryptionKey property. Otherwise, the
// property shall contain `false`.
EncryptionKeySet bool
// EncryptionProtocol shall contain the SNMPv3
// encryption protocol.
EncryptionProtocol SNMPEncryptionProtocols
}