背景
IPMI设置密码复杂度强制永远开启后,使用Web、Redfish、CLI接口还可以关闭密码复杂度,需要修复此问题。需要用到公共的错误码PasswordForbidSetComplexityCheck,但它的HttpStatusCode是401,不符合错误码实际场景。
关联ISSUE
IPMI设置密码复杂度强制开启后, 使用北向接口还可以关闭密码复杂度问题
方案
当使用IPMI命令设置密码复杂度强制永远开启后,使用IPMI、Web、Redfish、CLI接口关闭密码复杂度时,报错使用公共的PasswordForbidSetComplexityCheck自定义错误。
评审点
将公共的自定义错误PasswordForbidSetComplexityCheck的HttpStatusCode从401变更为400,并优化Message为
It is not allowed to disable password complexity check when password complexity check enhancement is enabled.
修改后为:
"PasswordForbidSetComplexityCheck": {
"Description": "Indicates that password complexity check has been enhanced.",
"Message": "It is not allowed to disable password complexity check when password complexity check enhancement is enabled.",
"Severity": "Warning",
"NumberOfArgs": 0,
"Resolution": "Password complexity check cannot be changed.",
"HttpStatusCode": 400,
"IpmiCompletionCode": "0xFF",
"SnmpStatusCode": 5,
"TraceDepth": 0
},
变更影响评估
- snmp不涉及设置密码复杂度,无影响。
- 仅ipmi使用PasswordForbidSetComplexityCheck错误,IpmiCompletionCode为0xff符合原有预期。之前版本的Web、Redfish、Cli未使用过该错误,且该错误码特定于设置密码复杂度场景,不具备通用性,仅变更HttpStatusCode实际对外接口无影响。
评审结论
同意将自定义错误PasswordForbidSetComplexityCheck的HttpStatusCode从401变更为400,并优化Message描述为
It is not allowed to disable password complexity check when password complexity check enhancement is enabled.