`Roles` should be exposed in Redfish Session object (introduced in v1.7.0)

[paulfertser]

Is this the right place to submit this?

• [X] This is not a security vulnerability or a crashing bug
• [X] This is not a question about how to use OpenBMC
• [X] This is not a bug in an OpenBMC fork or a bug in code still under code review.
• [X] This is not a request for a new feature.

Bug Description

Currently bmcweb lacks Redfish-specified feature to indicate "The Redfish roles that contain the privileges of this session." https://redfish.dmtf.org/schemas/v1/Session.v1_7_2.json

As discussed at https://gerrit.openbmc.org/c/openbmc/webui-vue/+/70758 having that information available to front end is desired for UX purposes (hiding pages and actions that are not permitted to the current user anyway). The workaround webui-vue is using at the moment is a query to AccountService so it's limited to locally-administered users only.

For the reference, this field was added in #Session.v1_7_0.Session released on 2023.2.

Version

Current bmcweb version bdbfae2a0108de443fba5871c2fa21a4528b1f09 claims support for `#Session.v1_5_0.Session` and doesn't expose Roles there; OpenBMC version is irrelevant.

Additional Information

No response

[edtanous]

This is not a request for a new feature.

You've checked this box, then ignored what it said, and written up a feature that you would like supported. To my knowledge, this feature has never existed in bmcweb, so this is a feature request that, per the bug template, you should evangelize either on the openbmc mailing list, discuss on discord, or post the relevant code to gerrit where we can review it.

[paulfertser]

Sorry Ed, I knew I was kind of stretching it ticking that box.

I thought that when you wrote "Can someone please report this as a bug with steps to reproduce? ... but this is a failure on the Redfish interface, so it effects users beyond just the webui, and ideally should be fixed in bmcweb" you meant something along the lines, a ticket for bmcweb so this omission is not forgotten. I thought your opinion about having it is quite clear (and not having it is something needs to be fixed, i.e. a bug), it's a standard Redfish property (now) and having that would clearly help webui-vue, so evangelising wasn't actually needed. Reproducing given the context is trivial, as current bmcweb just doesn't provide the needed feature.

[edtanous]

No worries, I get it; What I said was said at a time when I believed that webui-vue was following the protocol correctly and bmcweb was giving a 4XX response (because I think that was what was reported).

FWIW, we don't really capture feature requests in github because they don't get all interested parties involved. My opinion is of course that we should have this feature, just that submitting it to github doesn't move that effort along. Ideally submitting a gerrit review adding the feature moves that along the best. Second best is sending emails to the mailing list asking for people that are capable of making the change to make it.

[paulfertser]

Ideally submitting a gerrit review adding the feature moves that along the best.

Fair enough, I'll try to cook a patch soon.