*** Settings *** Documentation VMI certificate exchange tests. Library ../../lib/jobs_processing.py Resource ../../lib/resource.robot Resource ../../lib/bmc_redfish_resource.robot Resource ../../lib/openbmc_ffdc.robot Resource ../../lib/bmc_redfish_utils.robot Resource ../../lib/utils.robot Suite Setup Suite Setup Execution Test Teardown FFDC On Test Case Fail Suite Teardown Run Keyword And Ignore Error Suite Teardown Execution Force Tags Vmicert_Management *** Variables *** # users User Name password @{ADMIN} admin_user TestPwd123 @{OPERATOR} operator_user TestPwd123 @{ReadOnly} readonly_user TestPwd123 @{NoAccess} noaccess_user TestPwd123 # Removing Operator, need to add it back once support is given. &{USERS} Administrator=${ADMIN} ReadOnly=${ReadOnly} ${VMI_BASE_URI} /ibm/v1/ *** Test Cases *** Get CSR Request Signed By VMI And Verify [Documentation] Get CSR request signed by VMI using different user roles and verify. [Tags] Get_CSR_Request_Signed_By_VMI_And_Verify [Template] Get Certificate Signed By VMI # username password force_create valid_csr valid_status_code ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} # Send CSR request from operator user. # operator_user TestPwd123 ${False} ${True} ${HTTP_FORBIDDEN} # Send CSR request from ReadOnly user. readonly_user TestPwd123 ${False} ${True} ${HTTP_FORBIDDEN} # Send CSR request from NoAccess user. # noaccess_user TestPwd123 ${False} ${True} ${HTTP_FORBIDDEN} Get Root Certificate Using Different Privilege Users Role [Documentation] Get root certificate using different users. [Tags] Get_Root_Certificate_Using_Different_Privilege_Users_Role [Template] Get Root Certificate # username password force_create valid_csr valid_status_code # Request root certificate from admin user. admin_user TestPwd123 ${True} ${True} ${HTTP_OK} # Request root certificate from operator user. # operator_user TestPwd123 ${False} ${True} ${HTTP_FORBIDDEN} # Request root certificate from ReadOnly user. readonly_user TestPwd123 ${False} ${True} ${HTTP_FORBIDDEN} # Request root certificate from NoAccess user. # noaccess_user TestPwd123 ${False} ${True} ${HTTP_FORBIDDEN} Send CSR Request When VMI Is Off And Verify [Documentation] Send CSR signing request to VMI when it is off and expect an error. [Tags] Send_CSR_Request_When_VMI_Is_Off_And_Verify [Setup] Redfish Power Off [Teardown] Run Keywords Redfish Power On stack_mode=skip AND ... Wait For Host Boot Progress To Reach Required State [Template] Get Certificate Signed By VMI # username password force_create valid_csr valid_status_code read_timeout ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_SERVICE_UNAVAILABLE} 60 # Send CSR request from operator user. # operator_user TestPwd123 ${False} ${True} ${HTTP_FORBIDDEN} # Send CSR request from ReadOnly user. readonly_user TestPwd123 ${False} ${True} ${HTTP_FORBIDDEN} # Send CSR request from NoAccess user. # noaccess_user TestPwd123 ${False} ${True} ${HTTP_FORBIDDEN} Get Corrupted CSR Request Signed By VMI And Verify [Documentation] Send corrupted CSR for signing and expect an error. [Tags] Get_Corrupted_CSR_Request_Signed_By_VMI_And_Verify [Template] Get Certificate Signed By VMI # username password force_create valid_csr valid_status_code read_timeout ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_BAD_REQUEST} 60 # Send CSR request from operator user. # operator_user TestPwd123 ${False} ${False} ${HTTP_FORBIDDEN} # Send CSR request from ReadOnly user. readonly_user TestPwd123 ${False} ${False} ${HTTP_FORBIDDEN} # Send CSR request from NoAccess user. # noaccess_user TestPwd123 ${False} ${False} ${HTTP_FORBIDDEN} Get Root Certificate When VMI Is Off And Verify [Documentation] Get root certificate when vmi is off and verify. [Tags] Get_Root_Certificate_When_VMI_Is_Off_And_Verify [Setup] Redfish Power Off [Teardown] Run Keywords Redfish Power On stack_mode=skip AND ... Wait For Host Boot Progress To Reach Required State [Template] Get Root Certificate # username password force_create valid_csr valid_status_code ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} # Request root certificate from operator user. # operator_user TestPwd123 ${False} ${True} ${HTTP_FORBIDDEN} # Request root certificate from ReadOnly user. readonly_user TestPwd123 ${False} ${True} ${HTTP_FORBIDDEN} # Request root certificate from NoAccess user. # noaccess_user TestPwd123 ${False} ${True} ${HTTP_FORBIDDEN} Get Root Certificate After BMC Reboot And Verify [Documentation] Get root certificate after bmc reboot and verify. [Tags] Get_Root_Certificate_After_BMC_Reboot_And_Verify [Setup] Run Keywords OBMC Reboot (off) stack_mode=skip AND Redfish Power On [Template] Get Root Certificate # username password force_create valid_csr valid_status_code ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} # Request root certificate from operator user. # operator_user TestPwd123 ${False} ${True} ${HTTP_FORBIDDEN} # Request root certificate from ReadOnly user. readonly_user TestPwd123 ${False} ${True} ${HTTP_FORBIDDEN} # Request root certificate from NoAccess user. # noaccess_user TestPwd123 ${False} ${True} ${HTTP_FORBIDDEN} Get Concurrent Root Certificate Requests From Multiple Admin Users [Documentation] Get multiple concurrent root certificate requests from multiple admins ... and verify no errors. [Tags] Get_Concurrent_Root_Certificate_Requests_From_Multiple_Admin_Users FOR ${i} IN RANGE ${5} ${dict}= Execute Process Multi Keyword ${5} ... Get Root Certificate ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} ... Get Root Certificate ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} ... Get Root Certificate ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} Dictionary Should Not Contain Value ${dict} False ... msg=One or more operations has failed. END Get Concurrent CSR Requests From Multiple Admin Users [Documentation] Get multiple concurrent csr requests from multiple admins and verify no errors. [Tags] Get_Concurrent_CSR_Requests_From_Multiple_Admin_Users FOR ${i} IN RANGE ${5} ${dict}= Execute Process Multi Keyword ${5} ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} Dictionary Should Not Contain Value ${dict} False ... msg=One or more operations has failed. END Get Concurrent Corrupted CSR Requests From Multiple Admin Users [Documentation] Get multiple concurrent corrupted csr requests from multiple admins and verify no errors. [Tags] Get_Concurrent_Corrupted_CSR_Requests_From_Multiple_Admin_Users FOR ${i} IN RANGE ${5} ${dict}= Execute Process Multi Keyword ${5} ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_BAD_REQUEST} ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_BAD_REQUEST} ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_BAD_REQUEST} Dictionary Should Not Contain Value ${dict} False ... msg=One or more operations has failed. END *** Comment *** Get Concurrent Root Certificate Request From Operator Users [Documentation] Get multiple concurrent root certificate from non admin users and verify no errors. [Tags] Get_Concurrent_Root_Certificate_Request_From_Operator_Users FOR ${i} IN RANGE ${5} ${dict}= Execute Process Multi Keyword ${5} ... Get Root Certificate operator_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN} ... Get Root Certificate operator_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN} ... Get Root Certificate operator_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN} Dictionary Should Not Contain Value ${dict} False ... msg=One or more operations has failed. END *** Test Cases *** Get Concurrent Root Certificate Request From Admin And Non Admin Users [Documentation] Get multiple concurrent root certificate from admin and non admin users ... and verify no errors. [Tags] Get_Concurrent_Root_Certificate_Request_From_Admin_And_Non_Admin_Users FOR ${i} IN RANGE ${5} ${dict}= Execute Process Multi Keyword ${5} ... Get Root Certificate ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} ... Get Root Certificate readonly_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN} Dictionary Should Not Contain Value ${dict} False ... msg=One or more operations has failed. END *** Comment *** Get Concurrent Root Certificate Request From Different Non Admin Users [Documentation] Get multiple concurrent root certificate from different non admin users ... and verify no errors. [Tags] Get_Concurrent_Root_Certificate_Request_From_Different_Non_Admin_Users FOR ${i} IN RANGE ${5} ${dict}= Execute Process Multi Keyword ${5} ... Get Root Certificate operator_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN} ... Get Root Certificate readonly_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN} ... Get Root Certificate noaccess_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN} Dictionary Should Not Contain Value ${dict} False ... msg=One or more operations has failed. END Get Concurrent CSR Request From Operator Users [Documentation] Get multiple concurrent csr request from non admin users and verify no errors. [Tags] Get_Concurrent_CSR_Request_From_Operator_Users FOR ${i} IN RANGE ${5} ${dict}= Execute Process Multi Keyword ${5} ... Get Certificate Signed By VMI operator_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN} ... Get Certificate Signed By VMI operator_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN} ... Get Certificate Signed By VMI operator_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN} Dictionary Should Not Contain Value ${dict} False ... msg=One or more operations has failed. END *** Test Cases *** Get Root Certificate And Send CSR Request Concurrently And Verify [Documentation] Get root certificate and send csr request concurrently and ... verify gets root and signed certificate. [Tags] Get_Root_Certificate_And_Send_CSR_Request_Concurrently_And_Verify FOR ${i} IN RANGE ${5} ${dict}= Execute Process Multi Keyword ${5} ... Get Root Certificate ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} Dictionary Should Not Contain Value ${dict} False ... msg=One or more operations has failed. END Get Concurrent Root Certificate And Send CSR Request And Verify [Documentation] Get concurrent root certificate and send csr request ... and verify gets root certificate and signed certificate. [Tags] Get_Concurrent_Root_Certificate_And_Send_CSR_Request_And_Verify FOR ${i} IN RANGE ${5} ${dict}= Execute Process Multi Keyword ${5} ... Get Root Certificate ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} ... Get Root Certificate ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} Dictionary Should Not Contain Value ${dict} False ... msg=One or more operations has failed. END Get Root Certificate And Send Multiple CSR Requests Concurrently And Verify [Documentation] Get root certificate and send multiple csr requests concurrently and ... verify gets root certificate and signed certificates. [Tags] Get_Root_Certificate_And_Send_Multiple_CSR_Requests_Concurrently_And_Verify FOR ${i} IN RANGE ${5} ${dict}= Execute Process Multi Keyword ${5} ... Get Root Certificate ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} Dictionary Should Not Contain Value ${dict} False ... msg=One or more operations has failed. END Get Root Certificate And Send Multiple Corrupted CSR Requests Concurrently And Verify [Documentation] Get root certificate and send multiple corrupted csr requests concurrently and ... verify gets root certificate and error for corrupted csr requests. [Tags] Get_Root_Certificate_And_Send_Multiple_Corrupted_CSR_Requests_Concurrently_And_Verify FOR ${i} IN RANGE ${5} ${dict}= Execute Process Multi Keyword ${5} ... Get Root Certificate ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_BAD_REQUEST} ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_BAD_REQUEST} ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_BAD_REQUEST} Dictionary Should Not Contain Value ${dict} False ... msg=One or more operations has failed. END Send Concurrent CSR Request And Corrupted CSR Request And Verify [Documentation] Send concurrent csr request and corrupted csr request ... and verify gets certificate for valid csr and error for corrupted csr. [Tags] Send_Concurrent_CSR_Request_And_Corrupted_CSR_Request_And_Verify FOR ${i} IN RANGE ${5} ${dict}= Execute Process Multi Keyword ${5} ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_BAD_REQUEST} ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_BAD_REQUEST} Dictionary Should Not Contain Value ${dict} False ... msg=One or more operations has failed. END Get Root Certificate Send CSR And Corrupted CSR Request Concurrently And Verify [Documentation] Get root certificate send csr and corrupted csr requests concurrently and ... verify gets root certificate and certificate for valid csr and error for corrupted csr. [Tags] Get_Root_Certificate_Send_CSR_And_Corrupted_CSR_Request_Concurrently_And_Verify FOR ${i} IN RANGE ${5} ${dict}= Execute Process Multi Keyword ${5} ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} ... Get Root Certificate ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_BAD_REQUEST} ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_BAD_REQUEST} Dictionary Should Not Contain Value ${dict} False ... msg=One or more operations has failed. END Send Concurrent CSR Request From Admin And Non Admin Users And Verify [Documentation] Send concurrent csr requests from admin and non-admin users and verify ... admin gets certificate and non-admin gets error. [Tags] Send_Concurrent_CSR_Request_From_Admin_And_Non_Admin_Users_And_Verify FOR ${i} IN RANGE ${5} ${dict}= Execute Process Multi Keyword ${5} ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} ... Get Certificate Signed By VMI readonly_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN} Dictionary Should Not Contain Value ${dict} False ... msg=One or more operations has failed. END *** Comment *** Send Concurrent CSR Request From Non Admin Users And Verify [Documentation] Send concurrent csr request from non admin users ... and verify gets error. [Tags] Send_Concurrent_CSR_Request_From_Non_Admin_Users_And_Verify FOR ${i} IN RANGE ${5} ${dict}= Execute Process Multi Keyword ${5} ... Get Certificate Signed By VMI operator_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN} ... Get Certificate Signed By VMI readonly_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN} ... Get Certificate Signed By VMI noaccess_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN} Dictionary Should Not Contain Value ${dict} False ... msg=One or more operations has failed. END Get Root Certificate And Send Corrupted CSR From Admin CSR Request From Operator Concurrently [Documentation] Get root certificate and send corrupted csr request from admin and ... csr from operator concurrently and verify gets root certificate and errors for corrupted ... and for operator. [Tags] Get_Root_Certificate_And_Send_Corrupted_CSR_From_Admin_CSR_Request_From_Operator_Concurrently FOR ${i} IN RANGE ${5} ${dict}= Execute Process Multi Keyword ${5} ... Get Root Certificate ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_BAD_REQUEST} ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_BAD_REQUEST} ... Get Certificate Signed By VMI operator_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN} Dictionary Should Not Contain Value ${dict} False ... msg=One or more operations has failed. END Get Root Certificate From Operator And Send Corrupted CSR Request And CSR Request From Admin Concurrently [Documentation] Get root certificate from operator and send corrupted csr request ... and csr from admin and verify errors for operator and corrupted csr and signed certificate ... for valid csr. [Tags] Get_Root_Certificate_From_Operator_And_Send_Corrupted_CSR_Request_And_CSR_Request_From_Admin_Concurrently FOR ${i} IN RANGE ${5} ${dict}= Execute Process Multi Keyword ${5} ... Get Root Certificate operator_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN} ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_BAD_REQUEST} ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_BAD_REQUEST} ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} Dictionary Should Not Contain Value ${dict} False ... msg=One or more operations has failed. END Get Root Certificate From Operator And Admin Send CSR Request From Admin Concurrently [Documentation] Get root certificate from operator and admin and ... and send csr request from admin concurrently and verify error for operator ... and admin gets root and signed certificate. [Tags] Get_Root_Certificate_From_Operator_And_Admin_Send_CSR_Request_From_Admin_Concurrently FOR ${i} IN RANGE ${5} ${dict}= Execute Process Multi Keyword ${5} ... Get Root Certificate operator_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN} ... Get Root Certificate ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} Dictionary Should Not Contain Value ${dict} False ... msg=One or more operations has failed. END Send CSR Request From Admin And Operator And Corrupted CSR From Admin Concurrently And Verify [Documentation] Send csr request from admin and operator and corrupted ... csr request from admin and verify gets signed certificate for valid csr for admin ... gets error for operator and error for corrupted csr. [Tags] Send_CSR_Request_From_Admin_And_Operator_And_Corrupted_CSR_From_Admin_Concurrently_And_Verify FOR ${i} IN RANGE ${5} ${dict}= Execute Process Multi Keyword ${5} ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} ... Get Certificate Signed By VMI operator_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN} ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_BAD_REQUEST} Dictionary Should Not Contain Value ${dict} False ... msg=One or more operations has failed. END Send Corrupted CSR Requests From Admin And Operator And CSR Request From Admin Concurrently And Verify [Documentation] Send corrupted csr request from admin and operator and csr request ... from admin concurrently and verify errors for corrupted csr and gets signed certificate ... for valid csr from admin. [Tags] Send_Corrupted_CSR_Requests_From_Admin_And_Operator_And_CSR_Request_From_Admin_Concurrently_And_Verify FOR ${i} IN RANGE ${5} ${dict}= Execute Process Multi Keyword ${5} ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_BAD_REQUEST} ... Get Certificate Signed By VMI operator_user TestPwd123 ${True} ${False} ${HTTP_FORBIDDEN} ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} Dictionary Should Not Contain Value ${dict} False ... msg=One or more operations has failed. END Send Corrupted CSR Requests From Admin And Operator User Concurrently And Verify [Documentation] Send corrupted csr requests from admin and operator and ... verify gets error. [Tags] Send_Corrupted_CSR_Requests_From_Admin_And_Operator_User_Concurrently_And_Verify FOR ${i} IN RANGE ${5} ${dict}= Execute Process Multi Keyword ${5} ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_BAD_REQUEST} ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_BAD_REQUEST} ... Get Certificate Signed By VMI operator_user TestPwd123 ${True} ${False} ${HTTP_FORBIDDEN} Dictionary Should Not Contain Value ${dict} False ... msg=One or more operations has failed. END *** Test Cases *** Get Root Certificate From Admin And Send CSR Requests From Non Admin Concurrently And Verify [Documentation] Get root certificate from admin and csr requests from ... non admin users concurrently and verify gets root certificate for admin and ... errors for non-admins. [Tags] Get_Root_Certificate_From_Admin_And_Send_CSR_Requests_From_Non_Admin_Concurrently_And_Verify FOR ${i} IN RANGE ${5} ${dict}= Execute Process Multi Keyword ${5} ... Get Root Certificate ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} ... Get Certificate Signed By VMI readonly_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN} Dictionary Should Not Contain Value ${dict} False ... msg=One or more operations has failed. END Get Root Certificate And Send CSR Requests From Non Admin Users Concurrently And Verify [Documentation] Get root certificate and send csr requests from non admin ... users and verify gets errors. [Tags] Get_Root_Certificate_And_Send_CSR_Requests_From_Non_Admin_Users_Concurrently_And_Verify FOR ${i} IN RANGE ${5} ${dict}= Execute Process Multi Keyword ${5} ... Get Root Certificate readonly_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN} ... Get Certificate Signed By VMI readonly_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN} Dictionary Should Not Contain Value ${dict} False ... msg=One or more operations has failed. END Send Corrupted CSR Request From Admin And CSR Requests From Non Admin Concurrently And Verify [Documentation] Send corrupted csr request from admin and csr request from non admin ... users concurrently and verify gets errors. [Tags] Send_Corrupted_CSR_Request_From_Admin_And_CSR_Requests_From_Non_Admin_Concurrently_And_Verify FOR ${i} IN RANGE ${5} ${dict}= Execute Process Multi Keyword ${5} ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_BAD_REQUEST} ... Get Certificate Signed By VMI readonly_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN} Dictionary Should Not Contain Value ${dict} False ... msg=One or more operations has failed. END Send CSR Request And Corrupted CSR Requests From Non Admin Users Concurrently And Verify [Documentation] Send csr and corrupted csr request from non admin users ... and verify gets errors. [Tags] Send_CSR_Request_And_Corrupted_CSR_Requests_From_Non_Admin_Users_Concurrently_And_Verify FOR ${i} IN RANGE ${5} ${dict}= Execute Process Multi Keyword ${5} ... Get Certificate Signed By VMI readonly_user TestPwd123 ${True} ${False} ${HTTP_FORBIDDEN} ... Get Certificate Signed By VMI readonly_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN} Dictionary Should Not Contain Value ${dict} False ... msg=One or more operations has failed. END *** Comment *** Get Root Certificate And Send CSR Requests From Admin And Operator Concurrently And Verify [Documentation] Get root certificate from admin and send csr requests ... from admin and operator concurrently and verify gets root certificate ... and signed certificate and gets error for operator. [Tags] Get_Root_Certificate_And_Send_CSR_Requests_From_Admin_And_Operator_Concurrently_And_Verify FOR ${i} IN RANGE ${5} ${dict}= Execute Process Multi Keyword ${5} ... Get Root Certificate ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} ... Get Certificate Signed By VMI operator_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN} Dictionary Should Not Contain Value ${dict} False ... msg=One or more operations has failed. END Get Root Certificate And Send Corrupted CSR Requests From Admin And Operator Concurrently And Verify [Documentation] Get root certificate from admin and send corrupted csr requests ... from admin and operator concurrently and verify gets root certificate and errors ... for corrupted csr. [Tags] Get_Root_Certificate_And_Send_Corrupted_CSR_Requests_From_Admin_And_Operator_Concurrently_And_Verify FOR ${i} IN RANGE ${5} ${dict}= Execute Process Multi Keyword ${5} ... Get Root Certificate ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_BAD_REQUEST} ... Get Certificate Signed By VMI operator_user TestPwd123 ${True} ${False} ${HTTP_FORBIDDEN} Dictionary Should Not Contain Value ${dict} False ... msg=One or more operations has failed. END *** Keywords *** Generate CSR String [Documentation] Generate a csr string. # Note: Generates and returns csr string. ${csr_gen_time} = Get Current Date Time ${CSR_FILE}= Catenate SEPARATOR=_ ${csr_gen_time} csr_server.csr ${CSR_KEY}= Catenate SEPARATOR=_ ${csr_gen_time} csr_server.key Set Test Variable ${CSR_FILE} Set Test Variable ${CSR_KEY} ${ssl_cmd}= Set Variable openssl req -new -newkey rsa:2048 -nodes -keyout ${CSR_KEY} -out ${CSR_FILE} ${ssl_sub}= Set Variable ... -subj "/C=XY/ST=Abcd/L=Efgh/O=ABC/OU=Systems/CN=abc.com/emailAddress=xyz@xx.ABC.com" # Run openssl command to create a new private key and use that to generate a CSR string # in server.csr file. ${output}= Run ${ssl_cmd} ${ssl_sub} ${csr}= OperatingSystem.Get File ${CSR_FILE} [Return] ${csr} Send CSR To VMI And Get Signed [Documentation] Upload CSR to VMI and get signed. [Arguments] ${csr} ${force_create} ${username} ${password} ${read_timeout} # Description of argument(s): # csr Certificate request from client to VMI. # force_create Create a new REST session if True. # username Username to create a REST session. # password Password to create a REST session. Run Keyword If "${XAUTH_TOKEN}" != "${EMPTY}" or ${force_create} == ${True} ... Initialize OpenBMC rest_username=${username} rest_password=${password} ${data}= Create Dictionary ${headers}= Create Dictionary X-Auth-Token=${XAUTH_TOKEN} ... Content-Type=application/json ${cert_uri}= Set Variable ${VMI_BASE_URI}Host/Actions/SignCSR # For SignCSR request, we need to pass CSR string generated by openssl command. ${csr_data}= Create Dictionary CsrString ${csr} ${resp}= POST On Session openbmc ${cert_uri} json=${csr_data} headers=${headers} ... timeout=${read_timeout} expected_status=any Log to console ${resp.content} [Return] ${resp} Get Root Certificate [Documentation] Get root certificate from VMI. [Arguments] ${username}=${OPENBMC_USERNAME} ${password}=${OPENBMC_PASSWORD} ... ${force_create}=${False} ${valid_csr}=${True} ${valid_status_code}=${HTTP_OK} # Description of argument(s): # cert_type Type of the certificate requesting. eg. root or SignCSR. # username Username to create a REST session. # password Password to create a REST session. # force_create Create a new REST session if True. # valid_csr Uses valid CSR string in the REST request if True. # This is not applicable for root certificate. # valid_status_code Expected status code from REST request. Run Keyword If "${XAUTH_TOKEN}" != "${EMPTY}" or ${force_create} == ${True} ... Initialize OpenBMC rest_username=${username} rest_password=${password} ${data}= Create Dictionary ${headers}= Create Dictionary X-Auth-Token=${XAUTH_TOKEN} ... Content-Type=application/json ${cert_uri}= Set Variable ${VMI_BASE_URI}Host/Certificate/root ${resp}= GET On Session openbmc ${cert_uri} &{data} headers=${headers} ... expected_status=any Should Be Equal As Strings ${resp.status_code} ${valid_status_code} Return From Keyword If ${resp.status_code} != ${HTTP_OK} ${cert}= Evaluate json.loads('''${resp.text}''', strict=False) json Should Contain ${cert["Certificate"]} BEGIN CERTIFICATE Should Contain ${cert["Certificate"]} END CERTIFICATE Get Subject [Documentation] Generate a csr string. [Arguments] ${file_name} ${is_csr_file} # Description of argument(s): # file_name Name of CSR or signed CERT file. # is_csr_file A True value means a CSR while a False is for signed CERT file. ${subject}= Run Keyword If ${is_csr_file} ... Run openssl req -in ${file_name} -text -noout | grep Subject: ... ELSE ... Run openssl x509 -in ${file_name} -text -noout | grep Subject: [Return] ${subject} Get Public Key [Documentation] Generate a csr string. [Arguments] ${file_name} ${is_csr_file} # Description of argument(s): # file_name Name of CSR or CERT file. # is_csr_file A True value means a CSR while a False is for signed CERT file. ${PublicKey}= Run Keyword If ${is_csr_file} Run openssl req -in ${file_name} -noout -pubkey ... ELSE Run openssl x509 -in ${file_name} -noout -pubkey [Return] ${PublicKey} Get Certificate Signed By VMI [Documentation] Get signed certificate from VMI. [Arguments] ${username}=${OPENBMC_USERNAME} ${password}=${OPENBMC_PASSWORD} ... ${force_create}=${False} ${valid_csr}=${True} ${valid_status_code}=${HTTP_OK} ... ${read_timeout}=20 # Description of argument(s): # cert_type Type of the certificate requesting. eg. root or SignCSR. # username Username to create a REST session. # password Password to create a REST session. # force_create Create a new REST session if True. # valid_csr Uses valid CSR string in the REST request if True. # This is not applicable for root certificate. # valid_status_code Expected status code from REST request. Set Test Variable ${CSR} CSR Set Test Variable ${CORRUPTED_CSR} CORRUPTED_CSR ${CSR}= Generate CSR String ${csr_left} ${csr_right}= Split String From Right ${CSR} == 1 ${CORRUPTED_CSR}= Catenate SEPARATOR= ${csr_left} \N ${csr_right} # For SignCSR request, we need to pass CSR string generated by openssl command ${csr_str}= Set Variable If ${valid_csr} == ${True} ${CSR} ${CORRUPTED_CSR} ${resp}= Send CSR To VMI And Get Signed ${csr_str} ${force_create} ${username} ${password} ... ${read_timeout} Should Be Equal As Strings ${resp.status_code} ${valid_status_code} Return From Keyword If ${resp.status_code} != ${HTTP_OK} ${cert}= Evaluate json.loads('''${resp.text}''', strict=False) json Should Contain ${cert["Certificate"]} BEGIN CERTIFICATE Should Contain ${cert["Certificate"]} END CERTIFICATE # Now do subject and public key verification ${subject_csr}= Get Subject ${CSR_FILE} True ${pubKey_csr}= Get Public Key ${CSR_FILE} True # create a crt file with certificate string ${signed_cert}= Set Variable ${cert["Certificate"]} ${testcert_gen_time} = Get Current Date Time ${test_cert_file}= Catenate SEPARATOR=_ ${testcert_gen_time} test_certificate.cert Create File ${test_cert_file} ${signed_cert} ${subject_signed_csr}= Get Subject ${test_cert_file} False ${pubKey_signed_csr}= Get Public Key ${test_cert_file} False Should be equal as strings ${subject_signed_csr} ${subject_csr} Should be equal as strings ${pubKey_signed_csr} ${pubKey_csr} Suite Setup Execution [Documentation] Suite setup execution. Remove Files *.csr *.key *.cert # Create different user accounts. Redfish.Login Redfish Power Off Set BIOS Attribute pvm_hmc_managed Enabled Redfish Power On Wait For Host Boot Progress To Reach Required State Create Users With Different Roles users=${USERS} force=${True} Suite Teardown Execution [Documentation] Suite teardown execution. Remove Files *.csr *.key *.cert Delete BMC Users Via Redfish users=${USERS} Delete All Sessions Redfish.Logout