Closed troyprouty closed 4 months ago
Hi @troyprouty
Delete function in the script will make 2 PATCH calls to reset all user account properties to default values. If you try to pass in {"Enabled":False,"RoleId":"None","UserName": ""} for one PATCH call, username will get cleared and enabled set to false but the role id value will not get set back to none.
Example below using one PATCH call which shows role id still set to administrator:
[root@localhost ~]# curl -k -X GET -u root:calvin -H "Content-Type: application/json" 'https://192.168.0.120/redfish/v1/Managers/iDRAC.Embedded.1/Accounts/3' --insecure | jq
.Enabled,.UserName,.RoleId
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 1049 100 1049 0 0 2564 0 --:--:-- --:--:-- --:--:-- 2564
true
"tester"
"Administrator"
[root@localhost ~]# curl -k -X PATCH -u root:calvin -H "Content-Type: application/json" 'https://192.168.0.120/redfish/v1/Managers/iDRAC.Embedded.1/Accounts/3' --insecure -d '{"Enabled":false,"RoleId":"None","UserName":""}' -i
HTTP/1.1 200 OK
Date: Thu, 14 Mar 2024 21:24:15 GMT
Server: Apache
OData-Version: 4.0
Cache-Control: no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Content-Length: 841
Vary: Accept-Encoding
Content-Type: application/json;odata.metadata=minimal;charset=utf-8
{"@Message.ExtendedInfo":[{"Message":"The specified value is not allowed to be configured if the user name or password is blank.","MessageArgs":[],"MessageArgs@odata.count":0,"MessageId":"IDRAC.2.9.SWC0296","RelatedProperties":["#/RoleId"],"RelatedProperties@odata.count":1,"Resolution":"Enter the command with the username and password.","Severity":"Warning"},{"Message":"The request completed successfully.","MessageArgs":[],"MessageArgs@odata.count":0,"MessageId":"Base.1.12.Success","RelatedProperties":[],"RelatedProperties@odata.count":0,"Resolution":"None","Severity":"OK"},{"Message":"The operation successfully completed.","MessageArgs":[],"MessageArgs@odata.count":0,"MessageId":"IDRAC.2.9.SYS413","RelatedProperties":[],"RelatedProperties@odata.count":0,"Resolution":"No response action is required.","Severity":"Informational"}]}
[root@localhost ~]# curl -k -X GET -u root:calvin -H "Content-Type: application/json" 'https://192.168.0.120/redfish/v1/Managers/iDRAC.Embedded.1/Accounts/3' --insecure | jq .Enabled,.UserName,.RoleId
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 1044 100 1044 0 0 3852 0 --:--:-- --:--:-- --:--:-- 3838
false
""
"Administrator"
Example below making two PATCH calls to reset role id back to None:
[root@localhost ~]# curl -k -X GET -u root:calvin -H "Content-Type: application/json" 'https://192.168.0.120/redfish/v1/Managers/iDRAC.Embedded.1/Accounts/3' --insecure | jq .Enabled,.UserName,.RoleId
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 1049 100 1049 0 0 4179 0 --:--:-- --:--:-- --:--:-- 4196
true
"tester"
"Administrator"
[root@localhost ~]# curl -k -X PATCH -u root:calvin -H "Content-Type: application/json" 'https://192.168.0.120/redfish/v1/Managers/iDRAC.Embedded.1/Accounts/3' --insecure -d '{"Enabled":false,"RoleId":"None"}' -i
HTTP/1.1 200 OK
Date: Thu, 14 Mar 2024 21:25:58 GMT
Server: Apache
OData-Version: 4.0
Cache-Control: no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Content-Length: 506
Vary: Accept-Encoding
Content-Type: application/json;odata.metadata=minimal;charset=utf-8
{"@Message.ExtendedInfo":[{"Message":"The request completed successfully.","MessageArgs":[],"MessageArgs@odata.count":0,"MessageId":"Base.1.12.Success","RelatedProperties":[],"RelatedProperties@odata.count":0,"Resolution":"None","Severity":"OK"},{"Message":"The operation successfully completed.","MessageArgs":[],"MessageArgs@odata.count":0,"MessageId":"IDRAC.2.9.SYS413","RelatedProperties":[],"RelatedProperties@odata.count":0,"Resolution":"No response action is required.","Severity":"Informational"}]}
[root@localhost ~]# curl -k -X PATCH -u root:calvin -H "Content-Type: application/json" 'https://192.168.0.120/redfish/v1/Managers/iDRAC.Embedded.1/Accounts/3' --insecure -d '{"UserName":""}' -i
HTTP/1.1 200 OK
Date: Thu, 14 Mar 2024 21:26:15 GMT
Server: Apache
OData-Version: 4.0
Cache-Control: no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Content-Length: 506
Vary: Accept-Encoding
Content-Type: application/json;odata.metadata=minimal;charset=utf-8
{"@Message.ExtendedInfo":[{"Message":"The request completed successfully.","MessageArgs":[],"MessageArgs@odata.count":0,"MessageId":"Base.1.12.Success","RelatedProperties":[],"RelatedProperties@odata.count":0,"Resolution":"None","Severity":"OK"},{"Message":"The operation successfully completed.","MessageArgs":[],"MessageArgs@odata.count":0,"MessageId":"IDRAC.2.9.SYS413","RelatedProperties":[],"RelatedProperties@odata.count":0,"Resolution":"No response action is required.","Severity":"Informational"}]}
[root@localhost ~]# curl -k -X GET -u root:calvin -H "Content-Type: application/json" 'https://192.168.0.120/redfish/v1/Managers/iDRAC.Embedded.1/Accounts/3' --insecure | jq .Enabled,.UserName,.RoleId
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 1026 100 1026 0 0 2743 0 --:--:-- --:--:-- --:--:-- 2750
false
""
"None"
Thanks Tex
Sorry, I missed that you were sending the "UserName":"" as a separate payload in a later request. That makes sense...thank you.
Reference: https://github.com/dell/iDRAC-Redfish-Scripting/blob/f102578551706433111704b232617ea963f4c69f/Redfish%20Python/CreateDeleteIdracUsersREDFISH.py#L112
{"Enabled":False,"RoleId":"None"} disables the account from what I've tested.
Something like this is needed to actually delete the account: {"Enabled":false, "UserName": ""}