pr: add password rotation method of session logon API

Signed-off-by: Yanlin Ren <renylin@cn.ibm.com>
zhmcclient · Oct 31, 2023 · 9e814c2 · 9e814c2
1 parent cf77823
commit 9e814c2
Show file tree

Hide file tree

Showing 2 changed files with 82 additions and 7 deletions.
diff --git a/pkg/zhmcclient/client.go b/pkg/zhmcclient/client.go
@@ -1,4 +1,3 @@
-
 // Copyright 2021-2023 IBM Corp. All Rights Reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
@@ -87,6 +86,12 @@ type LogonData struct {
 	Password string `json:"password"`
 }
 
+type ChangePasswordData struct {
+	Userid      string `json:"userid"`
+	Password    string `json:"password"`
+	NewPassword string `json:"new-password"`
+}
+
 // TODO, Use cache and use JobTopic, ObjectTopic to update cache
 type Session struct {
 	MajorVersion int    `json:"api-major-version,omitempty"`
@@ -109,12 +114,7 @@ type Client struct {
 	traceOutput    io.Writer
 }
 
-func NewClient(endpoint string, opts *Options, l Logger) (ClientAPI, *HmcError) {
-
-	if l != nil {
-		logger = l
-	}
-
+func newClientStruct(endpoint string, opts *Options) (*Client, *HmcError) {
 	tslConfig, err := SetCertificate(opts, &tls.Config{})
 	if err != nil {
 		return nil, err
@@ -146,6 +146,19 @@ func NewClient(endpoint string, opts *Options, l Logger) (ClientAPI, *HmcError)
 			Password: opts.Password,
 		},
 	}
+	return client, nil
+}
+
+func NewClient(endpoint string, opts *Options, l Logger) (ClientAPI, *HmcError) {
+
+	if l != nil {
+		logger = l
+	}
+
+	client, err := newClientStruct(endpoint, opts)
+	if err != nil {
+		return nil, err
+	}
 
 	err = client.Logon()
 	if err != nil {
@@ -266,6 +279,47 @@ func (c *Client) Logon() *HmcError {
 	return GenerateErrorFromResponse(responseBody)
 }
 
+// login and change password, then end session
+func ChangePassword(endpoint string, opts *Options, newPassword string) *HmcError {
+	c, err := newClientStruct(endpoint, opts)
+	if err != nil {
+		return err
+	}
+
+	c.clearSession()
+	url := c.CloneEndpointURL()
+	if url == nil {
+		return &HmcError{Reason: int(ERR_CODE_HMC_INVALID_URL), Message: ERR_MSG_EMPTY_JOB_URI}
+	}
+	url.Path = path.Join(url.Path, "/api/sessions")
+
+	changePasswordData := ChangePasswordData{
+		Userid:      c.logondata.Userid,
+		Password:    c.logondata.Password,
+		NewPassword: newPassword,
+	}
+
+	status, responseBody, hmcErr := c.executeMethod(http.MethodPost, url.String(), changePasswordData, "")
+
+	defer c.Logoff()
+
+	if hmcErr != nil {
+		return hmcErr
+	}
+
+	if status == http.StatusOK || status == http.StatusCreated {
+		session := &Session{}
+		err := json.Unmarshal(responseBody, session)
+		if err != nil {
+			return getHmcErrorFromErr(ERR_CODE_HMC_UNMARSHAL_FAIL, err)
+		}
+		c.session = session
+		return nil
+	}
+
+	return GenerateErrorFromResponse(responseBody)
+}
+
 func (c *Client) LogonConsole() (sessionID string, status int, err *HmcError) {
 	url := c.CloneEndpointURL()
 	url.Path = path.Join(url.Path, "/api/sessions")

diff --git a/pkg/zhmcclient/client_test.go b/pkg/zhmcclient/client_test.go
@@ -185,6 +185,27 @@ var _ = Describe("client", func() {
 		})
 	})
 
+	Describe("ChangePassword", func() {
+		BeforeEach(func() {
+			hmcErr = &HmcError{
+				Reason:  int(ERR_CODE_HMC_BAD_REQUEST),
+				Message: "error message",
+			}
+		})
+		Context("When ChangePassword is Executed", func() {
+			It("Check the result of ChangePassword", func() {
+				var endpoint string
+				opts := &Options{
+					SkipCert: false,
+					Username: "",
+					Password: "",
+				}
+				err := ChangePassword(endpoint, opts, "")
+				Expect(err.Error()).ToNot(BeNil())
+			})
+		})
+	})
+
 	Describe("SetCertificate", func() {
 		Context("When skipcert is false", func() {
 			It("returns tls config without CaCert", func() {