*** Settings ***
Documentation    Script to test Redfish privilege registry with various users
...  such as test, admin, operator, readonly, patched.

Resource         ../../lib/resource.robot
Resource         ../../lib/bmc_redfish_resource.robot
Resource         ../../lib/openbmc_ffdc.robot
Resource         ../../lib/bmc_redfish_utils.robot

Suite Setup      Create And Verify Various Privilege Users
Suite Teardown   Delete Created Redfish Users Except Default Admin
Test Teardown    Redfish.Logout

*** Variables ***

${test_user}           testuser
${test_password}       testpassword
${admin_user}          testadmin
${admin_password}      adminpassword
${operator_user}       testoperator
${operator_password}   operatorpassword
${readonly_user}       testreadonly
${readonly_password}   readonlypassword
${patched_user}        patchuser
${post_user}           postuser
${post_password}       postpassword
${account_service}     ${2}

** Test Cases **

Verify Redfish Privilege Registry Properties
    [Documentation]  Verify the Redfish Privilege Registry properties.
    [Tags]  Verify_Redfish_Privilege_Registry_Properties

    Redfish.Login

    # Get the complete Privilege Registry URL
    ${url}=   Get Redfish Privilege Registry json URL
    ${resp}=   Redfish.Get  ${url}
    Should Be Equal As Strings  ${resp.status}  ${HTTP_OK}

    # Verify the Privilege Registry Resource.
    # Example:
    #  "Id": "Redfish_1.1.0_PrivilegeRegistry",
    #  "Name": "Privilege Mapping array collection",
    #  "PrivilegesUsed": [
    #     "Login",
    #     "ConfigureManager",
    #     "ConfigureUsers",
    #     "ConfigureComponents",
    #     "ConfigureSelf"
    #  ],

    Should Be Equal As Strings  ${resp.dict["Id"]}  Redfish_1.1.0_PrivilegeRegistry
    Should Be Equal As Strings  ${resp.dict["Name"]}  Privilege Mapping array collection
    Should Be Equal As Strings  ${resp.dict["PrivilegesUsed"][0]}  Login
    Should Be Equal As Strings  ${resp.dict["PrivilegesUsed"][1]}  ConfigureManager
    Should Be Equal As Strings  ${resp.dict["PrivilegesUsed"][2]}  ConfigureUsers
    Should Be Equal As Strings  ${resp.dict["PrivilegesUsed"][3]}  ConfigureComponents
    Should Be Equal As Strings  ${resp.dict["PrivilegesUsed"][4]}  ConfigureSelf

Verify Redfish Privilege Registry Mappings Properties For Account Service
    [Documentation]  Verify Privilege Registry Account Service Mappings resource properties.
    [Tags]  Verify_Redfish_Privilege_Registry_Mappings_Properties_For_Account_Service

    # Below is the mapping for Redfish Privilege Registry property for
    # Account Service.

    # "Mappings": [
    #    {
    #        "Entity": "AccountService",
    #        "OperationMap": {
    #            "GET": [{
    #                    "Privilege": [
    #                        "Login"
    #                    ]}],
    #            "HEAD": [{
    #                    "Privilege": [
    #                        "Login"
    #                    ]}],
    #            "PATCH": [{
    #                    "Privilege": [
    #                        "ConfigureUsers"
    #                    ]}],
    #            "PUT": [{
    #                    "Privilege": [
    #                        "ConfigureUsers"
    #                    ]}],
    #            "DELETE": [{
    #                    "Privilege": [
    #                        "ConfigureUsers"
    #                    ]}],
    #            "POST": [{
    #                    "Privilege": [
    #                        "ConfigureUsers"
    #                    ]}]}
    #    }

    # | ROLE NAME     | ASSIGNED PRIVILEGES
    # |---------------|--------------------
    # | Administrator | Login, ConfigureManager, ConfigureUsers, ConfigureComponents, ConfigureSelf.
    # | Operator      | Login, ConfigureComponents, ConfigureSelf.
    # | ReadOnly      | Login, ConfigureSelf.

    # Get the complete Privilege Registry URL.
    ${url}=   Get Redfish Privilege Registry json URL
    ${resp}=   Redfish.Get  ${url}

    # Get mappings properties for Entity: Account Service.
    @{mappings}=  Get From Dictionary  ${resp.dict}  Mappings

    Should Be Equal   ${mappings[${account_service}]['OperationMap']['GET'][0]['Privilege'][0]}
    ...   Login
    Should Be Equal   ${mappings[${account_service}]['OperationMap']['HEAD'][0]['Privilege'][0]}
    ...   Login
    Should Be Equal   ${mappings[${account_service}]['OperationMap']['PATCH'][0]['Privilege'][0]}
    ...   ConfigureUsers
    Should Be Equal   ${mappings[${account_service}]['OperationMap']['PUT'][0]['Privilege'][0]}
    ...   ConfigureUsers
    Should Be Equal   ${mappings[${account_service}]['OperationMap']['DELETE'][0]['Privilege'][0]}
    ...   ConfigureUsers
    Should Be Equal   ${mappings[${account_service}]['OperationMap']['POST'][0]['Privilege'][0]}
    ...   ConfigureUsers

Verify Admin User Privileges Via Redfish
    [Documentation]  Verify Admin user privileges via Redfish.
    [Tags]  Verify_Admin_User_Privileges_Via_Redfish

    Redfish.Login   ${admin_user}   ${admin_password}

    ${payload}=  Create Dictionary
    ...  UserName=${post_user}  Password=${post_password}  RoleId=Operator  Enabled=${true}
    Redfish.Post  ${REDFISH_ACCOUNTS_URI}  body=&{payload}
    ...  valid_status_codes=[${HTTP_CREATED}]

    ${data}=  Create Dictionary  UserName=${patched_user}
    Redfish.patch  ${REDFISH_ACCOUNTS_URI}${test_user}  body=&{data}
    ...  valid_status_codes=[${HTTP_OK}, ${HTTP_NO_CONTENT}]

    ${patched_user_name}=   Redfish.Get Attribute  ${REDFISH_ACCOUNTS_URI}${patched_user}  UserName
    Should Be Equal  ${patched_user_name}  ${patched_user}

Verify Operator User Privileges Via Redfish
    [Documentation]  Verify Operator user privileges via Redfish.
    [Tags]  Verify_Operator_User_Privileges_Via_Redfish

    Redfish.Login   ${operator_user}   ${operator_password}

    ${payload}=  Create Dictionary
    ...  UserName=${post_user}  Password=${post_password}  RoleId=Operator  Enabled=${true}
    Redfish.Post  ${REDFISH_ACCOUNTS_URI}  body=&{payload}
    ...  valid_status_codes=[${HTTP_FORBIDDEN}]

    ${data}=  Create Dictionary  UserName=${patched_user}
    Redfish.patch  ${REDFISH_ACCOUNTS_URI}${test_user}  body=&{data}
    ...  valid_status_codes=[${HTTP_FORBIDDEN}]

    Redfish.Get   ${REDFISH_ACCOUNTS_URI}${patched_user}
    ...  valid_status_codes=[${HTTP_FORBIDDEN}]

    Redfish.Delete  ${REDFISH_ACCOUNTS_URI}${patched_user}
    ...  valid_status_codes=[${HTTP_FORBIDDEN}]

Verify ReadOnly User Privileges Via Redfish
    [Documentation]  Verify ReadOnly user privileges via Redfish.
    [Tags]  Verify_ReadOnly_User_Privileges_Via_Redfish

    Redfish.Login   ${readonly_user}   ${readonly_password}

    ${payload}=  Create Dictionary
    ...  UserName=${post_user}  Password=${post_password}  RoleId=Operator  Enabled=${true}
    Redfish.Post  ${REDFISH_ACCOUNTS_URI}  body=&{payload}
    ...  valid_status_codes=[${HTTP_FORBIDDEN}]

    ${data}=  Create Dictionary  UserName=${patched_user}
    Redfish.patch  ${REDFISH_ACCOUNTS_URI}${test_user}  body=&{data}
    ...  valid_status_codes=[${HTTP_FORBIDDEN}]

    Redfish.Get  ${REDFISH_ACCOUNTS_URI}${patched_user}
    ...  valid_status_codes=[${HTTP_FORBIDDEN}]

    Redfish.Delete  ${REDFISH_ACCOUNTS_URI}${patched_user}
    ...  valid_status_codes=[${HTTP_FORBIDDEN}]


*** Keywords ***

Get Redfish Privilege Registry Json URL
    [Documentation]  Return the complete Privilege Registry Json URL.

    # Get Privilege Registry version Json path in redfish.
    # Example: Redfish_1.1.0_PrivilegeRegistry.json

    ${resp}=  Redfish.Get
    ...  /redfish/v1/Registries/PrivilegeRegistry/
    @{location}=  Get From Dictionary  ${resp.dict}  Location
    ${uri}=   Set Variable   ${location[0]['Uri']}
    RETURN   ${uri}

Create And Verify Various Privilege Users
    [Documentation]  Create and verify admin, test, operator, and readonly users.

    Redfish Create User   ${test_user}  ${test_password}  Operator  ${true}
    Redfish Create User   ${admin_user}  ${admin_password}  Administrator  ${true}
    Redfish Create User   ${operator_user}  ${operator_password}  Operator  ${true}
    Redfish Create User   ${readonly_user}  ${readonly_password}  ReadOnly  ${true}

    Redfish Verify User   ${test_user}  ${test_password}  Operator
    Redfish Verify User   ${admin_user}  ${admin_password}  Administrator
    Redfish Verify User   ${operator_user}  ${operator_password}  Operator
    Redfish Verify User   ${readonly_user}  ${readonly_password}  ReadOnly

Redfish Verify User
    [Documentation]  Verify Redfish user with given credentials.
    [Arguments]   ${username}  ${password}  ${role_id}

    # Description of argument(s):
    # username            The username to be created.
    # password            The password to be assigned.
    # role_id             The role ID of the user to be created
    #                     (e.g. "Administrator", "Operator", etc.).

    Run Keyword And Ignore Error  Redfish.Logout
    Redfish.Login  ${username}  ${password}

    # Validate Role Id of user.
    ${role_config}=  Redfish_Utils.Get Attribute
    ...  /redfish/v1/AccountService/Accounts/${username}  RoleId
    Should Be Equal  ${role_id}  ${role_config}
    Redfish.Logout

Delete Created Redfish Users Except Default Admin
    [Documentation]  Delete the admin, patched, operator, readonly, and post users.

    Redfish.Login
    Run Keyword And Ignore Error  Redfish.Delete  ${REDFISH_ACCOUNTS_URI}${admin_user}
    ...  valid_status_codes=[${HTTP_OK}]
    Run Keyword And Ignore Error  Redfish.Delete  ${REDFISH_ACCOUNTS_URI}${patched_user}
    ...  valid_status_codes=[${HTTP_OK}]
    Run Keyword And Ignore Error  Redfish.Delete  ${REDFISH_ACCOUNTS_URI}${operator_user}
    ...  valid_status_codes=[${HTTP_OK}]
    Run Keyword And Ignore Error  Redfish.Delete  ${REDFISH_ACCOUNTS_URI}${readonly_user}
    ...  valid_status_codes=[${HTTP_OK}]
    Run Keyword And Ignore Error  Redfish.Delete  ${REDFISH_ACCOUNTS_URI}${post_user}
    ...  valid_status_codes=[${HTTP_OK}]
    Redfish.Logout