*** Settings *** Documentation Test Redfish user account. Resource ../../lib/resource.robot Resource ../../lib/bmc_redfish_resource.robot Resource ../../lib/openbmc_ffdc.robot Resource ../../lib/bmc_redfish_utils.robot Library SSHLibrary Test Setup Redfish.Login Test Teardown Test Teardown Execution *** Variables *** ${account_lockout_duration} ${30} ${account_lockout_threshold} ${3} ** Test Cases ** Verify AccountService Available [Documentation] Verify Redfish account service is available. [Tags] Verify_AccountService_Available ${resp} = Redfish_utils.Get Attribute /redfish/v1/AccountService ServiceEnabled Should Be Equal As Strings ${resp} ${True} Verify Redfish Admin User Persistence After Reboot [Documentation] Verify Redfish admin user persistence after reboot. [Tags] Verify_Redfish_Admin_User_Persistence_After_Reboot [Setup] Run Keywords Redfish.Login AND ... Redfish Create User admin_user TestPwd123 Administrator ${True} [Teardown] Run Keywords Redfish.Delete /redfish/v1/AccountService/Accounts/admin_user ... AND Test Teardown Execution # Reboot BMC. Redfish OBMC Reboot (off) stack_mode=normal # Verify users after reboot. Redfish Verify User admin_user TestPwd123 Administrator ${True} Verify Redfish Operator User Persistence After Reboot [Documentation] Verify Redfish operator user persistence after reboot. [Tags] Verify_Redfish_Operator_User_Persistence_After_Reboot [Setup] Run Keywords Redfish.Login AND ... Redfish Create User operator_user TestPwd123 Operator ${True} [Teardown] Run Keywords Redfish.Delete /redfish/v1/AccountService/Accounts/operator_user ... AND Test Teardown Execution # Reboot BMC. Redfish OBMC Reboot (off) stack_mode=normal # Verify users after reboot. Redfish Verify User operator_user TestPwd123 Operator ${True} Verify Redfish Readonly User Persistence After Reboot [Documentation] Verify Redfish readonly user persistence after reboot. [Tags] Verify_Redfish_Readonly_User_Persistence_After_Reboot [Setup] Run Keywords Redfish.Login AND ... Redfish Create User readonly_user TestPwd123 ReadOnly ${True} [Teardown] Run Keywords Redfish.Delete /redfish/v1/AccountService/Accounts/readonly_user ... AND Test Teardown Execution # Reboot BMC. Redfish OBMC Reboot (off) stack_mode=normal # Verify users after reboot. Redfish Verify User readonly_user TestPwd123 ReadOnly ${True} Redfish Create and Verify Admin User [Documentation] Create a Redfish user with administrator role and verify. [Tags] Redfish_Create_and_Verify_Admin_User [Template] Redfish Create And Verify User #username password role_id enabled admin_user TestPwd123 Administrator ${True} Redfish Create and Verify Operator User [Documentation] Create a Redfish user with operator role and verify. [Tags] Redfish_Create_and_Verify_Operator_User [Template] Redfish Create And Verify User #username password role_id enabled operator_user TestPwd123 Operator ${True} Redfish Create and Verify Readonly User [Documentation] Create a Redfish user with readonly role and verify. [Tags] Redfish_Create_and_Verify_Readonly_User [Template] Redfish Create And Verify User #username password role_id enabled readonly_user TestPwd123 ReadOnly ${True} Verify Redfish Admin User With Wrong Password [Documentation] Verify Redfish admin user with wrong password. [Tags] Verify_Redfish_Admin_User_With_Wrong_Password [Template] Verify Redfish User with Wrong Password #username password role_id enabled wrong_password admin_user TestPwd123 Administrator ${True} alskjhfwurh Verify Redfish Operator User with Wrong Password [Documentation] Verify Redfish operator user with wrong password. [Tags] Verify_Redfish_Operator_User_with_Wrong_Password [Template] Verify Redfish User with Wrong Password #username password role_id enabled wrong_password operator_user TestPwd123 Operator ${True} 12j8a8uakjhdaosiruf024 Verify Redfish Readonly User With Wrong Password [Documentation] Verify Redfish readonly user with wrong password. [Tags] Verify_Redfish_Readonly_User_With_Wrong_Password [Template] Verify Redfish User with Wrong Password #username password role_id enabled wrong_password readonly_user TestPwd123 ReadOnly ${True} 12 Verify Login with Deleted Redfish Admin User [Documentation] Verify login with deleted Redfish admin user. [Tags] Verify_Login_with_Deleted_Redfish_Admin_User [Template] Verify Login with Deleted Redfish User #username password role_id enabled admin_user TestPwd123 Administrator ${True} Verify Login with Deleted Redfish Operator User [Documentation] Verify login with deleted Redfish operator user. [Tags] Verify_Login_with_Deleted_Redfish_Operator_User [Template] Verify Login with Deleted Redfish User #username password role_id enabled operator_user TestPwd123 Operator ${True} Verify Login with Deleted Redfish Readonly User [Documentation] Verify login with deleted Redfish readonly user. [Tags] Verify_Login_with_Deleted_Redfish_Readonly_User [Template] Verify Login with Deleted Redfish User #username password role_id enabled readonly_user TestPwd123 ReadOnly ${True} Verify Admin User Creation Without Enabling It [Documentation] Verify admin user creation without enabling it. [Tags] Verify_Admin_User_Creation_Without_Enabling_It [Template] Verify Create User Without Enabling #username password role_id enabled admin_user TestPwd123 Administrator ${False} Verify Operator User Creation Without Enabling It [Documentation] Verify operator user creation without enabling it. [Tags] Verify_Operator_User_Creation_Without_Enabling_It [Template] Verify Create User Without Enabling #username password role_id enabled operator_user TestPwd123 Operator ${False} Verify Readonly User Creation Without Enabling It [Documentation] Verify readonly user creation without enabling it. [Tags] Verify_Readonly_User_Creation_Without_Enabling_It [Template] Verify Create User Without Enabling #username password role_id enabled readonly_user TestPwd123 ReadOnly ${False} Verify User Creation With Invalid Role Id [Documentation] Verify user creation with invalid role ID. [Tags] Verify_User_Creation_With_Invalid_Role_Id # Make sure the user account in question does not already exist. Redfish.Delete /redfish/v1/AccountService/Accounts/test_user ... valid_status_codes=[${HTTP_OK}, ${HTTP_NOT_FOUND}] # Create specified user. ${payload}= Create Dictionary ... UserName=test_user Password=TestPwd123 RoleId=wrongroleid Enabled=${True} Redfish.Post /redfish/v1/AccountService/Accounts/ body=&{payload} ... valid_status_codes=[${HTTP_BAD_REQUEST}] Verify Error Upon Creating Same Users With Different Privileges [Documentation] Verify error upon creating same users with different privileges. [Tags] Verify_Error_Upon_Creating_Same_Users_With_Different_Privileges Redfish Create User test_user TestPwd123 Administrator ${True} # Create specified user. ${payload}= Create Dictionary ... UserName=test_user Password=TestPwd123 RoleId=ReadOnly Enabled=${True} Redfish.Post /redfish/v1/AccountService/Accounts/ body=&{payload} ... valid_status_codes=[${HTTP_BAD_REQUEST}] Redfish.Delete /redfish/v1/AccountService/Accounts/test_user Verify Modifying User Attributes [Documentation] Verify modifying user attributes. [Tags] Verify_Modifying_User_Attributes # Create Redfish users. Redfish Create User admin_user TestPwd123 Administrator ${True} Redfish Create User readonly_user TestPwd123 ReadOnly ${True} # Make sure the new user account does not already exist. Redfish.Delete /redfish/v1/AccountService/Accounts/newadmin_user ... valid_status_codes=[${HTTP_OK}, ${HTTP_NOT_FOUND}] # Update admin_user username using Redfish. ${payload}= Create Dictionary UserName=newadmin_user Redfish.Patch /redfish/v1/AccountService/Accounts/admin_user body=&{payload} # Update readonly_user role using Redfish. ${payload}= Create Dictionary RoleId=Administrator Redfish.Patch /redfish/v1/AccountService/Accounts/readonly_user body=&{payload} # Verify users after updating Redfish Verify User newadmin_user TestPwd123 Administrator ${True} Redfish Verify User readonly_user TestPwd123 Administrator ${True} # Delete created users. Redfish.Delete /redfish/v1/AccountService/Accounts/newadmin_user Redfish.Delete /redfish/v1/AccountService/Accounts/readonly_user Verify Modifying Operator User Attributes [Documentation] Verify modifying operator user attributes. [Tags] Verify_Modifying_Operator_User_Attributes [Setup] Run Keywords Redfish.Login AND ... Redfish Create User operator_user TestPwd123 Operator ${True} [Teardown] Run Keywords Redfish.Delete /redfish/v1/AccountService/Accounts/operator_user ... AND Test Teardown Execution # Update operator_user password using Redfish. ${payload}= Create Dictionary Password=NewTestPwd123 Redfish.Patch /redfish/v1/AccountService/Accounts/operator_user body=&{payload} # Verify users after updating Redfish Verify User operator_user NewTestPwd123 Operator ${True} Verify User Account Locked [Documentation] Verify user account locked upon trying with invalid password. [Tags] Verify_User_Account_Locked Redfish Create User admin_user TestPwd123 Administrator ${True} ${payload}= Create Dictionary AccountLockoutThreshold=${account_lockout_threshold} ... AccountLockoutDuration=${account_lockout_duration} Redfish.Patch ${REDFISH_ACCOUNTS_SERVICE_URI} body=${payload} Redfish.Logout # Make ${account_lockout_threshold} failed login attempts. Repeat Keyword ${account_lockout_threshold} times ... Run Keyword And Expect Error InvalidCredentialsError* Redfish.Login admin_user abc123 # Verify that legitimate login fails due to lockout. Run Keyword And Expect Error InvalidCredentialsError* ... Redfish.Login admin_user TestPwd123 # Wait for lockout duration to expire and then verify that login works. Sleep ${account_lockout_duration}s Redfish.Login admin_user TestPwd123 Redfish.Logout Redfish.Login Redfish.Delete /redfish/v1/AccountService/Accounts/admin_user Verify User Account Unlock [Documentation] Verify manually unlocking the account before lockout time [Tags] Verify_User_Account_Unlock [Teardown] Run Keywords Redfish.Logout AND Redfish.Login AND ... AND Redfish.Delete /redfish/v1/AccountService/Accounts/test_user ... AND SSHLibrary.Close All Connections Redfish Create User test_user TestPwd123 Administrator ${True} ${payload}= Create Dictionary ... AccountLockoutThreshold=${account_lockout_threshold} ... AccountLockoutDuration=${account_lockout_duration} Redfish.Patch ${REDFISH_ACCOUNTS_SERVICE_URI} body=${payload} Redfish.Logout # Make ${account_lockout_threshold} failed login attempts. Repeat Keyword ${account_lockout_threshold} times ... Run Keyword And Expect Error InvalidCredentialsError* ... Redfish.Login test_user abc123 # Ensure SSH Login with locked account gets failed SSHLibrary.Open Connection ${OPENBMC_HOST} Run Keyword And Expect Error Authentication failed* ... SSHLibrary.Login test_user TestPwd123 # Verify that legitimate login fails due to lockout. Run Keyword And Expect Error InvalidCredentialsError* ... Redfish.Login test_user TestPwd123 ${payload}= Create Dictionary Locked=${FALSE} # Manually unlock the account before lockout threshold expires Redfish.Login Redfish.Patch ${REDFISH_ACCOUNTS_URI}test_user body=${payload} Redfish.Logout # Try redfish login with the recently unlocked account Redfish.Login test_user TestPwd123 # Try SSH login with the unlocked account SSHLibrary.Open Connection ${OPENBMC_HOST} SSHLibrary.Login test_user TestPwd123 Verify Admin User Privilege [Documentation] Verify admin user privilege. [Tags] Verify_Admin_User_Privilege Redfish Create User admin_user TestPwd123 Administrator ${True} Redfish Create User readonly_user TestPwd123 ReadOnly ${True} Redfish.Logout Redfish.Login admin_user TestPwd123 # Change password of 'readonly' user with admin user. Redfish.Patch /redfish/v1/AccountService/Accounts/readonly_user body={'Password': 'NewTestPwd123'} # Verify modified user. Redfish Verify User readonly_user NewTestPwd123 ReadOnly ${True} # Note: Delete user would work here because a root login is # performed as part of "Redfish Verify User" keyword's teardown. Redfish.Delete /redfish/v1/AccountService/Accounts/admin_user Redfish.Delete /redfish/v1/AccountService/Accounts/readonly_user Verify Operator User Role Change Using Admin Privilege User [Documentation] Verify operator user role change using admin privilege user [Tags] Verify_Operator_User_Role_Change_Using_Admin_Privilege_User Redfish Create User admin_user TestPwd123 Administrator ${True} Redfish Create User operator_user TestPwd123 Operator ${True} Redfish.Logout # Change role ID of operator user with admin user. # Login with admin user. Redfish.Login admin_user TestPwd123 # Modify Role ID of Operator user. Redfish.Patch /redfish/v1/AccountService/Accounts/operator_user body={'RoleId': 'Administrator'} # Verify modified user. Redfish Verify User operator_user TestPwd123 Administrator ${True} Redfish.Delete /redfish/v1/AccountService/Accounts/admin_user Redfish.Delete /redfish/v1/AccountService/Accounts/operator_user Verify Operator User Privilege [Documentation] Verify operator user privilege. [Tags] Verify_Operator_User_Privilege Redfish Create User admin_user TestPwd123 Administrator ${True} Redfish Create User operator_user TestPwd123 Operator ${True} Redfish.Logout # Login with operator user. Redfish.Login operator_user TestPwd123 # Verify BMC reset. Run Keyword And Expect Error ValueError* Redfish BMC Reset Operation # Attempt to change password of admin user with operator user. Redfish.Patch /redfish/v1/AccountService/Accounts/admin_user body={'Password': 'NewTestPwd123'} ... valid_status_codes=[${HTTP_FORBIDDEN}] Redfish.Logout Redfish.Login Redfish.Delete /redfish/v1/AccountService/Accounts/admin_user Redfish.Delete /redfish/v1/AccountService/Accounts/operator_user Verify ReadOnly User Privilege [Documentation] Verify ReadOnly user privilege. [Tags] Verify_ReadOnly_User_Privilege Redfish Create User readonly_user TestPwd123 ReadOnly ${True} Redfish.Logout # Login with read_only user. Redfish.Login readonly_user TestPwd123 # Read system level data. ${system_model}= Redfish_Utils.Get Attribute ... ${SYSTEM_BASE_URI} Model Redfish.Logout Redfish.Login Redfish.Delete ${REDFISH_ACCOUNTS_URI}readonly_user Verify Minimum Password Length For Redfish User [Documentation] Verify minimum password length for new and existing user. [Tags] Verify_Minimum_Password_Length_For_Redfish_User ${user_name}= Set Variable testUser # Make sure the user account in question does not already exist. Redfish.Delete /redfish/v1/AccountService/Accounts/${user_name} ... valid_status_codes=[${HTTP_OK}, ${HTTP_NOT_FOUND}] # Try to create a user with invalid length password. ${payload}= Create Dictionary ... UserName=${user_name} Password=UserPwd RoleId=Administrator Enabled=${True} Redfish.Post /redfish/v1/AccountService/Accounts/ body=&{payload} ... valid_status_codes=[${HTTP_BAD_REQUEST}] # Create specified user with valid length password. Set To Dictionary ${payload} Password UserPwd1 Redfish.Post /redfish/v1/AccountService/Accounts/ body=&{payload} ... valid_status_codes=[${HTTP_CREATED}] # Try to change to an invalid password. Redfish.Patch /redfish/v1/AccountService/Accounts/${user_name} body={'Password': 'UserPwd'} ... valid_status_codes=[${HTTP_BAD_REQUEST}] # Change to a valid password. Redfish.Patch /redfish/v1/AccountService/Accounts/${user_name} body={'Password': 'UserPwd1'} # Verify login. Redfish.Logout Redfish.Login ${user_name} UserPwd1 Redfish.Logout Redfish.Login Redfish.Delete /redfish/v1/AccountService/Accounts/${user_name} Verify Standard User Roles Defined By Redfish [Documentation] Verify standard user roles defined by Redfish. [Tags] Verify_Standard_User_Roles_Defined_By_Redfish ${member_list}= Redfish_Utils.Get Member List ... /redfish/v1/AccountService/Roles @{roles}= Create List ... /redfish/v1/AccountService/Roles/Administrator ... /redfish/v1/AccountService/Roles/Operator ... /redfish/v1/AccountService/Roles/ReadOnly List Should Contain Sub List ${member_list} ${roles} # The standard roles are: # | Role name | Assigned privileges | # | Administrator | Login, ConfigureManager, ConfigureUsers, ConfigureComponents, ConfigureSelf | # | Operator | Login, ConfigureComponents, ConfigureSelf | # | ReadOnly | Login, ConfigureSelf | @{admin}= Create List Login ConfigureManager ConfigureUsers ConfigureComponents ConfigureSelf @{operator}= Create List Login ConfigureComponents ConfigureSelf @{readOnly}= Create List Login ConfigureSelf ${roles_dict}= create dictionary admin_privileges=${admin} operator_privileges=${operator} ... readOnly_privileges=${readOnly} ${resp}= redfish.Get /redfish/v1/AccountService/Roles/Administrator List Should Contain Sub List ${resp.dict['AssignedPrivileges']} ${roles_dict['admin_privileges']} ${resp}= redfish.Get /redfish/v1/AccountService/Roles/Operator List Should Contain Sub List ${resp.dict['AssignedPrivileges']} ${roles_dict['operator_privileges']} ${resp}= redfish.Get /redfish/v1/AccountService/Roles/ReadOnly List Should Contain Sub List ${resp.dict['AssignedPrivileges']} ${roles_dict['readOnly_privileges']} Verify Error While Deleting Root User [Documentation] Verify error while deleting root user. [Tags] Verify_Error_While_Deleting_Root_User Redfish.Delete /redfish/v1/AccountService/Accounts/root valid_status_codes=[${HTTP_FORBIDDEN}] Verify SSH Login Access With Admin User [Documentation] Verify that admin user does not have SSH login access. [Tags] Verify_SSH_Login_Access_With_Admin_User # Create an admin User. Redfish Create User new_admin TestPwd1 Administrator ${True} # Attempt SSH login with admin user. SSHLibrary.Open Connection ${OPENBMC_HOST} ${status}= Run Keyword And Return Status SSHLibrary.Login new_admin TestPwd1 Should Be Equal ${status} ${False} Redfish.Login Redfish.Delete /redfish/v1/AccountService/Accounts/new_admin Verify Configure BasicAuth Enable And Disable [Documentation] Verify configure basicauth enable and disable [Tags] Verify_Configure_BasicAuth_Enable_And_Disable [Template] Template For Configure Auth Methods # auth_method BasicAuth XToken *** Keywords *** Test Teardown Execution [Documentation] Do the post test teardown. Run Keyword And Ignore Error Redfish.Logout FFDC On Test Case Fail Redfish Create User [Documentation] Redfish create user. [Arguments] ${username} ${password} ${role_id} ${enabled} ${login_check}=${True} # Description of argument(s): # username The username to be created. # password The password to be assigned. # role_id The role ID of the user to be created # (e.g. "Administrator", "Operator", etc.). # enabled Indicates whether the username being created # should be enabled (${True}, ${False}). # login_check Checks user login for created user. # (e.g. ${True}, ${False}). # Make sure the user account in question does not already exist. Redfish.Delete /redfish/v1/AccountService/Accounts/${userName} ... valid_status_codes=[${HTTP_OK}, ${HTTP_NOT_FOUND}] # Create specified user. ${payload}= Create Dictionary ... UserName=${username} Password=${password} RoleId=${role_id} Enabled=${enabled} Redfish.Post /redfish/v1/AccountService/Accounts/ body=&{payload} ... valid_status_codes=[${HTTP_CREATED}] # Resetting faillock count as a workaround for issue # openbmc/phosphor-user-manager#4 ${cmd}= Catenate test -f /usr/sbin/faillock && /usr/sbin/faillock --user USER --reset ... || /usr/sbin/pam_tally2 -u ${username} --reset Bmc Execute Command ${cmd} # Verify login with created user. ${status}= Run Keyword If '${login_check}' == '${True}' ... Verify Redfish User Login ${username} ${password} Run Keyword If '${login_check}' == '${True}' Should Be Equal ${status} ${enabled} # Validate Role ID of created user. ${role_config}= Redfish_Utils.Get Attribute ... /redfish/v1/AccountService/Accounts/${username} RoleId Should Be Equal ${role_id} ${role_config} Redfish Verify User [Documentation] Redfish user verification. [Arguments] ${username} ${password} ${role_id} ${enabled} # Description of argument(s): # username The username to be created. # password The password to be assigned. # role_id The role ID of the user to be created # (e.g. "Administrator", "Operator", etc.). # enabled Indicates whether the username being created # should be enabled (${True}, ${False}). ${status}= Verify Redfish User Login ${username} ${password} # Doing a check of the returned status. Should Be Equal ${status} ${enabled} # Validate Role Id of user. ${role_config}= Redfish_Utils.Get Attribute ... /redfish/v1/AccountService/Accounts/${username} RoleId Should Be Equal ${role_id} ${role_config} Verify Redfish User Login [Documentation] Verify Redfish login with given user id. [Teardown] Run Keywords Run Keyword And Ignore Error Redfish.Logout AND Redfish.Login [Arguments] ${username} ${password} # Description of argument(s): # username Login username. # password Login password. # Logout from current Redfish session. # We don't really care if the current session is flushed out since we are going to login # with new credential in next. Run Keyword And Ignore Error Redfish.Logout ${status}= Run Keyword And Return Status Redfish.Login ${username} ${password} [Return] ${status} Redfish Create And Verify User [Documentation] Redfish create and verify user. [Arguments] ${username} ${password} ${role_id} ${enabled} # Description of argument(s): # username The username to be created. # password The password to be assigned. # role_id The role ID of the user to be created # (e.g. "Administrator", "Operator", etc.). # enabled Indicates whether the username being created # should be enabled (${True}, ${False}). # Example: #{ #"@odata.context": "/redfish/v1/$metadata#ManagerAccount.ManagerAccount", #"@odata.id": "/redfish/v1/AccountService/Accounts/test1", #"@odata.type": "#ManagerAccount.v1_0_3.ManagerAccount", #"Description": "User Account", #"Enabled": true, #"Id": "test1", #"Links": { # "Role": { # "@odata.id": "/redfish/v1/AccountService/Roles/Administrator" # } #}, Redfish Create User ${username} ${password} ${role_id} ${enabled} Redfish Verify User ${username} ${password} ${role_id} ${enabled} # Delete Specified User Redfish.Delete /redfish/v1/AccountService/Accounts/${username} Verify Redfish User with Wrong Password [Documentation] Verify Redfish User with Wrong Password. [Arguments] ${username} ${password} ${role_id} ${enabled} ${wrong_password} # Description of argument(s): # username The username to be created. # password The password to be assigned. # role_id The role ID of the user to be created # (e.g. "Administrator", "Operator", etc.). # enabled Indicates whether the username being created # should be enabled (${True}, ${False}). # wrong_password Any invalid password. Redfish Create User ${username} ${password} ${role_id} ${enabled} Redfish.Logout # Attempt to login with created user with invalid password. Run Keyword And Expect Error InvalidCredentialsError* ... Redfish.Login ${username} ${wrong_password} Redfish.Login # Delete newly created user. Redfish.Delete /redfish/v1/AccountService/Accounts/${username} Verify Login with Deleted Redfish User [Documentation] Verify Login with Deleted Redfish User. [Arguments] ${username} ${password} ${role_id} ${enabled} # Description of argument(s): # username The username to be created. # password The password to be assigned. # role_id The role ID of the user to be created # (e.g. "Administrator", "Operator", etc.). # enabled Indicates whether the username being created # should be enabled (${True}, ${False}). Redfish Create User ${username} ${password} ${role_id} ${enabled} # Delete newly created user. Redfish.Delete /redfish/v1/AccountService/Accounts/${userName} Redfish.Logout # Attempt to login with deleted user account. Run Keyword And Expect Error InvalidCredentialsError* ... Redfish.Login ${username} ${password} Redfish.Login Verify Create User Without Enabling [Documentation] Verify Create User Without Enabling. [Arguments] ${username} ${password} ${role_id} ${enabled} # Description of argument(s): # username The username to be created. # password The password to be assigned. # role_id The role ID of the user to be created # (e.g. "Administrator", "Operator", etc.). # enabled Indicates whether the username being created # should be enabled (${True}, ${False}). Redfish Create User ${username} ${password} ${role_id} ${enabled} ${False} Redfish.Logout # Login with created user. Run Keyword And Expect Error InvalidCredentialsError* ... Redfish.Login ${username} ${password} Redfish.Login # Delete newly created user. Redfish.Delete /redfish/v1/AccountService/Accounts/${username} Template For Configure Auth Methods [Documentation] Template to configure auth methods. [Arguments] ${auth_method} [Teardown] Configure AuthMethods ${auth_method}=${initial_value} # Description of Argument(s): # authmethods The authmethod setting which needs to be # set in account service URI. # valid values BasicAuth, XToken. Get AuthMethods Default Values ${auth_method} # Patch basicauth to TRUE Configure AuthMethods ${auth_method}=${TRUE} Run Keyword IF "${auth_method}" == "XToken" ... Check XToken Works Fine ${HTTP_OK} ... ELSE ... Check BasicAuth Works Fine ${HTTP_OK} # Patch basicauth to FALSE Configure AuthMethods ${auth_method}=${FALSE} Run Keyword IF "${auth_method}" == "BasicAuth" ... Check BasicAuth Works Fine ${HTTP_UNAUTHORIZED} ... ELSE ... Check XToken Works Fine ${HTTP_UNAUTHORIZED} Configure AuthMethods [Documentation] Enable/disable authmethod types. [Arguments] &{authmethods} # Description of argument(s): # authmethods The authmethod setting which needs to be # set in account service URI. # Usage Example Configure AuthMethods XToken=${TRUE} BasicAuth=${TRUE} # This will set the value of "XToken" and "BasicAuth" # property in accountservice uri to TRUE. ${openbmc}= Create Dictionary AuthMethods=${authmethods} ${oem}= Create Dictionary OpenBMC=${openbmc} ${payload}= Create Dictionary Oem=${oem} # Setting authmethod properties using Redfish session based auth ${status}= Run Keyword And Return Status ... Redfish.Patch ${REDFISH_BASE_URI}AccountService ... body=${payload} valid_status_codes=[${HTTP_OK},${HTTP_NO_CONTENT}] # Setting authmethod properties using basic auth incase the former fails IF ${status}==${FALSE} # Payload dictionary pre-process to match json formatting ${payload}= Convert To String ${payload} ${payload}= Replace String ${payload} ' " ${payload}= Replace String ${payload} False false ${payload}= Replace String ${payload} True true # Curl Command Framing for PATCH authmethod ${cmd}= Catenate curl -k -i -u ${OPENBMC_USERNAME}:${OPENBMC_PASSWORD} ... -X PATCH '${AUTH_URI}${REDFISH_ACCOUNTS_SERVICE_URI}' ... -H 'content-type:application/json' -H 'If-Match:*' ... -d '${payload}' ${rc} ${out}= Run And Return Rc And Output ${cmd} # Check the response of curl command is 200 or 204 ${check_no_content}= ... Run Keyword and Return Status Should Contain ${out} 204 ${check_ok}= ... Run Keyword and Return Status Should Contain ${out} 200 Pass Execution If ${check_no_content}==${TRUE} ... OR ${check_ok}==${TRUE} END Get AuthMethods Default Values [Documentation] Get enabled/disabled status of all authmethods ... from Redfish account service URI [Arguments] ${authmethod} # Description of argument(s): # authmethod The authmethod property whose value needs to be # retrieved from account service URI. # Usage Example Get AuthMethods Default Values BasicAuth # returns >> ${TRUE} # Example: # { # "@odata.id": "/redfish/v1/AccountService", # (...) # "Oem": { # "OpenBMC": { # "AuthMethods": { # "BasicAuth": true, # "Cookie": true, # "SessionToken": true, # "TLS": true, # "XToken": true # } # } # } # } ${resp}= Redfish.Get Attribute ${REDFISH_ACCOUNTS_SERVICE_URI} Oem ${authmethods}= Set Variable ${resp['OpenBMC']['AuthMethods']} ${initial_value}= Get From Dictionary ${authmethods} ${authmethod} Set Test Variable ${initial_value} Check XToken Works Fine [Documentation] Verify Xtoken works fine. [Arguments] ${status_code} # Description of Argument(s): # status_code : 200, 401. # Verify xtoken auth works for xtoken Redfish.Get ${REDFISH_ACCOUNTS_SERVICE_URI} ... valid_status_codes=[${status_code}] Check BasicAuth Works Fine [Documentation] Verify Basic Auth works fine. [Arguments] ${status_code} # Description of Argument(s): # status_code : 200, 401. # Verify basic auth works based on basic auth. ${cmd}= Catenate curl -k -i -u ${OPENBMC_USERNAME}:${OPENBMC_PASSWORD} ... ${AUTH_URI}/redfish/v1/AccountService ${rc} ${out}= Run And Return Rc And Output ${cmd} # Check the response of curl command is 200/401 Should Contain ${out} ${status_code}