User: add interfaces and errors for groups

FighterNan · FighterNan · commit 1a891d324378 · 2022-11-15T20:28:32.000Z
As proposed in the following design, [1] https://github.com/openbmc/docs/blob/master/designs/redfish-authorization.md The UserManager interface needs to expose new interfaces to add/delete secondary groups, which are then used to model Redfish roles and privileges. An implementation is in the follow code review, [1] https://gerrit.openbmc.org/c/openbmc/phosphor-user-manager/+/58143. Signed-off-by: Nan Zhou <nanzhoumails@gmail.com> Change-Id: I252e56dc03e694e3aedf3ae6fdda64edc947fc06
diff --git a/yaml/xyz/openbmc_project/User/Common.errors.yaml b/yaml/xyz/openbmc_project/User/Common.errors.yaml
@@ -16,3 +16,9 @@
 # xyz.openbmc_project.User.Common.Error.PrivilegeMappingExists
 - name: PrivilegeMappingExists
   description: Specified privilege mapping already exists.
+# xyz.openbmc_project.User.Common.Error.GroupNameExists
+- name: GroupNameExists
+  description: Specified group name already exists.
+# xyz.openbmc_project.User.Common.Error.GroupNameDoesNotExist
+- name: GroupNameDoesNotExist
+  description: Specified group name does not exist.
diff --git a/yaml/xyz/openbmc_project/User/Common.metadata.yaml b/yaml/xyz/openbmc_project/User/Common.metadata.yaml
@@ -17,3 +17,7 @@
   meta:
       - str: "REASON=%s"
         type: string
+- name: GroupNameExists
+  level: ERR
+- name: GroupNameDoesNotExist
+  level: ERR
diff --git a/yaml/xyz/openbmc_project/User/Manager.interface.yaml b/yaml/xyz/openbmc_project/User/Manager.interface.yaml
@@ -100,6 +100,34 @@ methods:
           - xyz.openbmc_project.Common.Error.InvalidArgument
           - xyz.openbmc_project.User.Common.Error.UserNameDoesNotExist
 
+    - name: CreateGroup
+      description: >
+          Creates a new groups. If the group already exists, or the
+          group name is not allowed to be created, it throws an error.
+      parameters:
+          - name: GroupName
+            type: string
+            description: >
+                The group to be added to the system.
+      errors:
+          - xyz.openbmc_project.Common.Error.InternalFailure
+          - xyz.openbmc_project.Common.Error.InvalidArgument
+          - xyz.openbmc_project.User.Common.Error.GroupNameExists
+
+    - name: DeleteGroup
+      description: >
+          Deletes an existing groups. If the group doesn't exists, or the
+          group name is not allowed to be deleted, it throws an error.
+      parameters:
+          - name: GroupName
+            type: string
+            description: >
+                The group to be deleted from the system.
+      errors:
+          - xyz.openbmc_project.Common.Error.InternalFailure
+          - xyz.openbmc_project.Common.Error.InvalidArgument
+          - xyz.openbmc_project.User.Common.Error.GroupNameDoesNotExist
+
 properties:
     - name: AllPrivileges
       type: array[string]
