1*** Settings *** 2 3Documentation VMI certificate exchange tests. 4 5Library ../../lib/jobs_processing.py 6Resource ../../lib/resource.robot 7Resource ../../lib/bmc_redfish_resource.robot 8Resource ../../lib/openbmc_ffdc.robot 9Resource ../../lib/bmc_redfish_utils.robot 10Resource ../../lib/utils.robot 11 12Suite Setup Suite Setup Execution 13Test Teardown FFDC On Test Case Fail 14Suite Teardown Run Keyword And Ignore Error Suite Teardown Execution 15 16Test Tags Vmicert_Management 17 18 19*** Variables *** 20 21# users User Name password 22@{ADMIN} admin_user TestPwd123 23@{OPERATOR} operator_user TestPwd123 24@{ReadOnly} readonly_user TestPwd123 25@{NoAccess} noaccess_user TestPwd123 26# Removing Operator, need to add it back once support is given. 27&{USERS} Administrator=${ADMIN} ReadOnly=${ReadOnly} 28${VMI_BASE_URI} /ibm/v1/ 29 30 31*** Test Cases *** 32 33Get CSR Request Signed By VMI And Verify 34 [Documentation] Get CSR request signed by VMI using different user roles and verify. 35 [Tags] Get_CSR_Request_Signed_By_VMI_And_Verify 36 [Template] Get Certificate Signed By VMI 37 38 # username password force_create valid_csr valid_status_code 39 ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 40 41 # Send CSR request from operator user. 42 # operator_user TestPwd123 ${False} ${True} ${HTTP_FORBIDDEN} 43 44 # Send CSR request from ReadOnly user. 45 readonly_user TestPwd123 ${False} ${True} ${HTTP_FORBIDDEN} 46 47 # Send CSR request from NoAccess user. 48 # noaccess_user TestPwd123 ${False} ${True} ${HTTP_FORBIDDEN} 49 50 51Get Root Certificate Using Different Privilege Users Role 52 [Documentation] Get root certificate using different users. 53 [Tags] Get_Root_Certificate_Using_Different_Privilege_Users_Role 54 [Template] Get Root Certificate 55 56 # username password force_create valid_csr valid_status_code 57 # Request root certificate from admin user. 58 admin_user TestPwd123 ${True} ${True} ${HTTP_OK} 59 60 # Request root certificate from operator user. 61 # operator_user TestPwd123 ${False} ${True} ${HTTP_FORBIDDEN} 62 63 # Request root certificate from ReadOnly user. 64 readonly_user TestPwd123 ${False} ${True} ${HTTP_FORBIDDEN} 65 66 # Request root certificate from NoAccess user. 67 # noaccess_user TestPwd123 ${False} ${True} ${HTTP_FORBIDDEN} 68 69 70Send CSR Request When VMI Is Off And Verify 71 [Documentation] Send CSR signing request to VMI when it is off and expect an error. 72 [Tags] Send_CSR_Request_When_VMI_Is_Off_And_Verify 73 [Setup] Redfish Power Off 74 [Teardown] Run Keywords Redfish Power On stack_mode=skip AND 75 ... Wait For Host Boot Progress To Reach Required State 76 [Template] Get Certificate Signed By VMI 77 78 # username password force_create valid_csr valid_status_code read_timeout 79 ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_SERVICE_UNAVAILABLE} 60 80 81 # Send CSR request from operator user. 82 # operator_user TestPwd123 ${False} ${True} ${HTTP_FORBIDDEN} 83 84 # Send CSR request from ReadOnly user. 85 readonly_user TestPwd123 ${False} ${True} ${HTTP_FORBIDDEN} 86 87 # Send CSR request from NoAccess user. 88 # noaccess_user TestPwd123 ${False} ${True} ${HTTP_FORBIDDEN} 89 90 91Get Corrupted CSR Request Signed By VMI And Verify 92 [Documentation] Send corrupted CSR for signing and expect an error. 93 [Tags] Get_Corrupted_CSR_Request_Signed_By_VMI_And_Verify 94 [Template] Get Certificate Signed By VMI 95 96 # username password force_create valid_csr valid_status_code read_timeout 97 ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_BAD_REQUEST} 60 98 99 # Send CSR request from operator user. 100 # operator_user TestPwd123 ${False} ${False} ${HTTP_FORBIDDEN} 101 102 # Send CSR request from ReadOnly user. 103 readonly_user TestPwd123 ${False} ${False} ${HTTP_FORBIDDEN} 104 105 # Send CSR request from NoAccess user. 106 # noaccess_user TestPwd123 ${False} ${False} ${HTTP_FORBIDDEN} 107 108 109Get Root Certificate When VMI Is Off And Verify 110 [Documentation] Get root certificate when vmi is off and verify. 111 [Tags] Get_Root_Certificate_When_VMI_Is_Off_And_Verify 112 [Setup] Redfish Power Off 113 [Teardown] Run Keywords Redfish Power On stack_mode=skip AND 114 ... Wait For Host Boot Progress To Reach Required State 115 [Template] Get Root Certificate 116 117 # username password force_create valid_csr valid_status_code 118 ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 119 120 # Request root certificate from operator user. 121 # operator_user TestPwd123 ${False} ${True} ${HTTP_FORBIDDEN} 122 123 # Request root certificate from ReadOnly user. 124 readonly_user TestPwd123 ${False} ${True} ${HTTP_FORBIDDEN} 125 126 # Request root certificate from NoAccess user. 127 # noaccess_user TestPwd123 ${False} ${True} ${HTTP_FORBIDDEN} 128 129 130Get Root Certificate After BMC Reboot And Verify 131 [Documentation] Get root certificate after bmc reboot and verify. 132 [Tags] Get_Root_Certificate_After_BMC_Reboot_And_Verify 133 [Setup] Run Keywords OBMC Reboot (off) stack_mode=skip AND Redfish Power On 134 [Template] Get Root Certificate 135 136 # username password force_create valid_csr valid_status_code 137 ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 138 139 # Request root certificate from operator user. 140 # operator_user TestPwd123 ${False} ${True} ${HTTP_FORBIDDEN} 141 142 # Request root certificate from ReadOnly user. 143 readonly_user TestPwd123 ${False} ${True} ${HTTP_FORBIDDEN} 144 145 # Request root certificate from NoAccess user. 146 # noaccess_user TestPwd123 ${False} ${True} ${HTTP_FORBIDDEN} 147 148 149Get Concurrent Root Certificate Requests From Multiple Admin Users 150 [Documentation] Get multiple concurrent root certificate requests from multiple admins 151 ... and verify no errors. 152 [Tags] Get_Concurrent_Root_Certificate_Requests_From_Multiple_Admin_Users 153 154 FOR ${i} IN RANGE ${5} 155 ${dict}= Execute Process Multi Keyword ${5} 156 ... Get Root Certificate ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 157 ... Get Root Certificate ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 158 ... Get Root Certificate ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 159 Dictionary Should Not Contain Value ${dict} False 160 ... msg=One or more operations has failed. 161 END 162 163 164Get Concurrent CSR Requests From Multiple Admin Users 165 [Documentation] Get multiple concurrent csr requests from multiple admins and verify no errors. 166 [Tags] Get_Concurrent_CSR_Requests_From_Multiple_Admin_Users 167 168 FOR ${i} IN RANGE ${5} 169 ${dict}= Execute Process Multi Keyword ${5} 170 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 171 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 172 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 173 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 174 Dictionary Should Not Contain Value ${dict} False 175 ... msg=One or more operations has failed. 176 END 177 178 179Get Concurrent Corrupted CSR Requests From Multiple Admin Users 180 [Documentation] Get multiple concurrent corrupted csr requests from multiple admins and verify no errors. 181 [Tags] Get_Concurrent_Corrupted_CSR_Requests_From_Multiple_Admin_Users 182 183 FOR ${i} IN RANGE ${5} 184 ${dict}= Execute Process Multi Keyword ${5} 185 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_BAD_REQUEST} 186 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_BAD_REQUEST} 187 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_BAD_REQUEST} 188 Dictionary Should Not Contain Value ${dict} False 189 ... msg=One or more operations has failed. 190 END 191 192 193*** Comments *** 194 195Get Concurrent Root Certificate Request From Operator Users 196 [Documentation] Get multiple concurrent root certificate from non admin users and verify no errors. 197 [Tags] Get_Concurrent_Root_Certificate_Request_From_Operator_Users 198 199 FOR ${i} IN RANGE ${5} 200 ${dict}= Execute Process Multi Keyword ${5} 201 ... Get Root Certificate operator_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN} 202 ... Get Root Certificate operator_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN} 203 ... Get Root Certificate operator_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN} 204 Dictionary Should Not Contain Value ${dict} False 205 ... msg=One or more operations has failed. 206 END 207 208 209*** Test Cases *** 210 211Get Concurrent Root Certificate Request From Admin And Non Admin Users 212 [Documentation] Get multiple concurrent root certificate from admin and non admin users 213 ... and verify no errors. 214 [Tags] Get_Concurrent_Root_Certificate_Request_From_Admin_And_Non_Admin_Users 215 216 FOR ${i} IN RANGE ${5} 217 ${dict}= Execute Process Multi Keyword ${5} 218 ... Get Root Certificate ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 219 ... Get Root Certificate readonly_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN} 220 Dictionary Should Not Contain Value ${dict} False 221 ... msg=One or more operations has failed. 222 END 223 224 225*** Comments *** 226 227Get Concurrent Root Certificate Request From Different Non Admin Users 228 [Documentation] Get multiple concurrent root certificate from different non admin users 229 ... and verify no errors. 230 [Tags] Get_Concurrent_Root_Certificate_Request_From_Different_Non_Admin_Users 231 232 FOR ${i} IN RANGE ${5} 233 ${dict}= Execute Process Multi Keyword ${5} 234 ... Get Root Certificate operator_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN} 235 ... Get Root Certificate readonly_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN} 236 ... Get Root Certificate noaccess_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN} 237 Dictionary Should Not Contain Value ${dict} False 238 ... msg=One or more operations has failed. 239 END 240 241 242Get Concurrent CSR Request From Operator Users 243 [Documentation] Get multiple concurrent csr request from non admin users and verify no errors. 244 [Tags] Get_Concurrent_CSR_Request_From_Operator_Users 245 246 FOR ${i} IN RANGE ${5} 247 ${dict}= Execute Process Multi Keyword ${5} 248 ... Get Certificate Signed By VMI operator_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN} 249 ... Get Certificate Signed By VMI operator_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN} 250 ... Get Certificate Signed By VMI operator_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN} 251 Dictionary Should Not Contain Value ${dict} False 252 ... msg=One or more operations has failed. 253 END 254 255 256*** Test Cases *** 257 258Get Root Certificate And Send CSR Request Concurrently And Verify 259 [Documentation] Get root certificate and send csr request concurrently and 260 ... verify gets root and signed certificate. 261 [Tags] Get_Root_Certificate_And_Send_CSR_Request_Concurrently_And_Verify 262 263 FOR ${i} IN RANGE ${5} 264 ${dict}= Execute Process Multi Keyword ${5} 265 ... Get Root Certificate ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 266 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 267 Dictionary Should Not Contain Value ${dict} False 268 ... msg=One or more operations has failed. 269 END 270 271 272Get Concurrent Root Certificate And Send CSR Request And Verify 273 [Documentation] Get concurrent root certificate and send csr request 274 ... and verify gets root certificate and signed certificate. 275 [Tags] Get_Concurrent_Root_Certificate_And_Send_CSR_Request_And_Verify 276 277 FOR ${i} IN RANGE ${5} 278 ${dict}= Execute Process Multi Keyword ${5} 279 ... Get Root Certificate ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 280 ... Get Root Certificate ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 281 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 282 Dictionary Should Not Contain Value ${dict} False 283 ... msg=One or more operations has failed. 284 END 285 286 287Get Root Certificate And Send Multiple CSR Requests Concurrently And Verify 288 [Documentation] Get root certificate and send multiple csr requests concurrently and 289 ... verify gets root certificate and signed certificates. 290 [Tags] Get_Root_Certificate_And_Send_Multiple_CSR_Requests_Concurrently_And_Verify 291 292 FOR ${i} IN RANGE ${5} 293 ${dict}= Execute Process Multi Keyword ${5} 294 ... Get Root Certificate ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 295 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 296 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 297 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 298 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 299 Dictionary Should Not Contain Value ${dict} False 300 ... msg=One or more operations has failed. 301 END 302 303 304Get Root Certificate And Send Multiple Corrupted CSR Requests Concurrently And Verify 305 [Documentation] Get root certificate and send multiple corrupted csr requests concurrently and 306 ... verify gets root certificate and error for corrupted csr requests. 307 [Tags] Get_Root_Certificate_And_Send_Multiple_Corrupted_CSR_Requests_Concurrently_And_Verify 308 309 FOR ${i} IN RANGE ${5} 310 ${dict}= Execute Process Multi Keyword ${5} 311 ... Get Root Certificate ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 312 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_BAD_REQUEST} 313 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_BAD_REQUEST} 314 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_BAD_REQUEST} 315 Dictionary Should Not Contain Value ${dict} False 316 ... msg=One or more operations has failed. 317 END 318 319 320Send Concurrent CSR Request And Corrupted CSR Request And Verify 321 [Documentation] Send concurrent csr request and corrupted csr request 322 ... and verify gets certificate for valid csr and error for corrupted csr. 323 [Tags] Send_Concurrent_CSR_Request_And_Corrupted_CSR_Request_And_Verify 324 325 FOR ${i} IN RANGE ${5} 326 ${dict}= Execute Process Multi Keyword ${5} 327 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 328 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 329 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_BAD_REQUEST} 330 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_BAD_REQUEST} 331 Dictionary Should Not Contain Value ${dict} False 332 ... msg=One or more operations has failed. 333 END 334 335 336Get Root Certificate Send CSR And Corrupted CSR Request Concurrently And Verify 337 [Documentation] Get root certificate send csr and corrupted csr requests concurrently and 338 ... verify gets root certificate and certificate for valid csr and error for corrupted csr. 339 [Tags] Get_Root_Certificate_Send_CSR_And_Corrupted_CSR_Request_Concurrently_And_Verify 340 341 FOR ${i} IN RANGE ${5} 342 ${dict}= Execute Process Multi Keyword ${5} 343 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 344 ... Get Root Certificate ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 345 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_BAD_REQUEST} 346 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_BAD_REQUEST} 347 Dictionary Should Not Contain Value ${dict} False 348 ... msg=One or more operations has failed. 349 END 350 351 352Send Concurrent CSR Request From Admin And Non Admin Users And Verify 353 [Documentation] Send concurrent csr requests from admin and non-admin users and verify 354 ... admin gets certificate and non-admin gets error. 355 [Tags] Send_Concurrent_CSR_Request_From_Admin_And_Non_Admin_Users_And_Verify 356 357 FOR ${i} IN RANGE ${5} 358 ${dict}= Execute Process Multi Keyword ${5} 359 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 360 ... Get Certificate Signed By VMI readonly_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN} 361 Dictionary Should Not Contain Value ${dict} False 362 ... msg=One or more operations has failed. 363 END 364 365 366*** Comments *** 367 368Send Concurrent CSR Request From Non Admin Users And Verify 369 [Documentation] Send concurrent csr request from non admin users 370 ... and verify gets error. 371 [Tags] Send_Concurrent_CSR_Request_From_Non_Admin_Users_And_Verify 372 373 FOR ${i} IN RANGE ${5} 374 ${dict}= Execute Process Multi Keyword ${5} 375 ... Get Certificate Signed By VMI operator_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN} 376 ... Get Certificate Signed By VMI readonly_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN} 377 ... Get Certificate Signed By VMI noaccess_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN} 378 Dictionary Should Not Contain Value ${dict} False 379 ... msg=One or more operations has failed. 380 END 381 382 383Get Root Certificate And Send Corrupted CSR From Admin CSR Request From Operator Concurrently 384 [Documentation] Get root certificate and send corrupted csr request from admin and 385 ... csr from operator concurrently and verify gets root certificate and errors for corrupted 386 ... and for operator. 387 [Tags] Get_Root_Certificate_And_Send_Corrupted_CSR_From_Admin_CSR_Request_From_Operator_Concurrently 388 389 FOR ${i} IN RANGE ${5} 390 ${dict}= Execute Process Multi Keyword ${5} 391 ... Get Root Certificate ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 392 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_BAD_REQUEST} 393 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_BAD_REQUEST} 394 ... Get Certificate Signed By VMI operator_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN} 395 Dictionary Should Not Contain Value ${dict} False 396 ... msg=One or more operations has failed. 397 END 398 399 400Get Root Certificate From Operator And Send Corrupted CSR Request And CSR Request From Admin Concurrently 401 [Documentation] Get root certificate from operator and send corrupted csr request 402 ... and csr from admin and verify errors for operator and corrupted csr and signed certificate 403 ... for valid csr. 404 [Tags] Get_Root_Certificate_From_Operator_And_Send_Corrupted_CSR_Request_And_CSR_Request_From_Admin_Concurrently 405 406 FOR ${i} IN RANGE ${5} 407 ${dict}= Execute Process Multi Keyword ${5} 408 ... Get Root Certificate operator_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN} 409 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_BAD_REQUEST} 410 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_BAD_REQUEST} 411 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 412 Dictionary Should Not Contain Value ${dict} False 413 ... msg=One or more operations has failed. 414 END 415 416 417Get Root Certificate From Operator And Admin Send CSR Request From Admin Concurrently 418 [Documentation] Get root certificate from operator and admin and 419 ... and send csr request from admin concurrently and verify error for operator 420 ... and admin gets root and signed certificate. 421 [Tags] Get_Root_Certificate_From_Operator_And_Admin_Send_CSR_Request_From_Admin_Concurrently 422 423 FOR ${i} IN RANGE ${5} 424 ${dict}= Execute Process Multi Keyword ${5} 425 ... Get Root Certificate operator_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN} 426 ... Get Root Certificate ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 427 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 428 Dictionary Should Not Contain Value ${dict} False 429 ... msg=One or more operations has failed. 430 END 431 432 433Send CSR Request From Admin And Operator And Corrupted CSR From Admin Concurrently And Verify 434 [Documentation] Send csr request from admin and operator and corrupted 435 ... csr request from admin and verify gets signed certificate for valid csr for admin 436 ... gets error for operator and error for corrupted csr. 437 [Tags] Send_CSR_Request_From_Admin_And_Operator_And_Corrupted_CSR_From_Admin_Concurrently_And_Verify 438 439 FOR ${i} IN RANGE ${5} 440 ${dict}= Execute Process Multi Keyword ${5} 441 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 442 ... Get Certificate Signed By VMI operator_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN} 443 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_BAD_REQUEST} 444 Dictionary Should Not Contain Value ${dict} False 445 ... msg=One or more operations has failed. 446 END 447 448 449Send Corrupted CSR Requests From Admin And Operator And CSR Request From Admin Concurrently And Verify 450 [Documentation] Send corrupted csr request from admin and operator and csr request 451 ... from admin concurrently and verify errors for corrupted csr and gets signed certificate 452 ... for valid csr from admin. 453 [Tags] Send_Corrupted_CSR_Requests_From_Admin_And_Operator_And_CSR_Request_From_Admin_Concurrently_And_Verify 454 455 FOR ${i} IN RANGE ${5} 456 ${dict}= Execute Process Multi Keyword ${5} 457 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_BAD_REQUEST} 458 ... Get Certificate Signed By VMI operator_user TestPwd123 ${True} ${False} ${HTTP_FORBIDDEN} 459 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 460 Dictionary Should Not Contain Value ${dict} False 461 ... msg=One or more operations has failed. 462 END 463 464 465Send Corrupted CSR Requests From Admin And Operator User Concurrently And Verify 466 [Documentation] Send corrupted csr requests from admin and operator and 467 ... verify gets error. 468 [Tags] Send_Corrupted_CSR_Requests_From_Admin_And_Operator_User_Concurrently_And_Verify 469 470 FOR ${i} IN RANGE ${5} 471 ${dict}= Execute Process Multi Keyword ${5} 472 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_BAD_REQUEST} 473 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_BAD_REQUEST} 474 ... Get Certificate Signed By VMI operator_user TestPwd123 ${True} ${False} ${HTTP_FORBIDDEN} 475 Dictionary Should Not Contain Value ${dict} False 476 ... msg=One or more operations has failed. 477 END 478 479 480*** Test Cases *** 481 482Get Root Certificate From Admin And Send CSR Requests From Non Admin Concurrently And Verify 483 [Documentation] Get root certificate from admin and csr requests from 484 ... non admin users concurrently and verify gets root certificate for admin and 485 ... errors for non-admins. 486 [Tags] Get_Root_Certificate_From_Admin_And_Send_CSR_Requests_From_Non_Admin_Concurrently_And_Verify 487 488 FOR ${i} IN RANGE ${5} 489 ${dict}= Execute Process Multi Keyword ${5} 490 ... Get Root Certificate ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 491 ... Get Certificate Signed By VMI readonly_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN} 492 Dictionary Should Not Contain Value ${dict} False 493 ... msg=One or more operations has failed. 494 END 495 496 497Get Root Certificate And Send CSR Requests From Non Admin Users Concurrently And Verify 498 [Documentation] Get root certificate and send csr requests from non admin 499 ... users and verify gets errors. 500 [Tags] Get_Root_Certificate_And_Send_CSR_Requests_From_Non_Admin_Users_Concurrently_And_Verify 501 502 FOR ${i} IN RANGE ${5} 503 ${dict}= Execute Process Multi Keyword ${5} 504 ... Get Root Certificate readonly_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN} 505 ... Get Certificate Signed By VMI readonly_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN} 506 Dictionary Should Not Contain Value ${dict} False 507 ... msg=One or more operations has failed. 508 END 509 510 511Send Corrupted CSR Request From Admin And CSR Requests From Non Admin Concurrently And Verify 512 [Documentation] Send corrupted csr request from admin and csr request from non admin 513 ... users concurrently and verify gets errors. 514 [Tags] Send_Corrupted_CSR_Request_From_Admin_And_CSR_Requests_From_Non_Admin_Concurrently_And_Verify 515 516 FOR ${i} IN RANGE ${5} 517 ${dict}= Execute Process Multi Keyword ${5} 518 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_BAD_REQUEST} 519 ... Get Certificate Signed By VMI readonly_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN} 520 Dictionary Should Not Contain Value ${dict} False 521 ... msg=One or more operations has failed. 522 END 523 524 525Send CSR Request And Corrupted CSR Requests From Non Admin Users Concurrently And Verify 526 [Documentation] Send csr and corrupted csr request from non admin users 527 ... and verify gets errors. 528 [Tags] Send_CSR_Request_And_Corrupted_CSR_Requests_From_Non_Admin_Users_Concurrently_And_Verify 529 530 FOR ${i} IN RANGE ${5} 531 ${dict}= Execute Process Multi Keyword ${5} 532 ... Get Certificate Signed By VMI readonly_user TestPwd123 ${True} ${False} ${HTTP_FORBIDDEN} 533 ... Get Certificate Signed By VMI readonly_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN} 534 Dictionary Should Not Contain Value ${dict} False 535 ... msg=One or more operations has failed. 536 END 537 538 539*** Comments *** 540 541Get Root Certificate And Send CSR Requests From Admin And Operator Concurrently And Verify 542 [Documentation] Get root certificate from admin and send csr requests 543 ... from admin and operator concurrently and verify gets root certificate 544 ... and signed certificate and gets error for operator. 545 [Tags] Get_Root_Certificate_And_Send_CSR_Requests_From_Admin_And_Operator_Concurrently_And_Verify 546 547 FOR ${i} IN RANGE ${5} 548 ${dict}= Execute Process Multi Keyword ${5} 549 ... Get Root Certificate ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 550 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 551 ... Get Certificate Signed By VMI operator_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN} 552 Dictionary Should Not Contain Value ${dict} False 553 ... msg=One or more operations has failed. 554 END 555 556 557Get Root Certificate And Send Corrupted CSR Requests From Admin And Operator Concurrently And Verify 558 [Documentation] Get root certificate from admin and send corrupted csr requests 559 ... from admin and operator concurrently and verify gets root certificate and errors 560 ... for corrupted csr. 561 [Tags] Get_Root_Certificate_And_Send_Corrupted_CSR_Requests_From_Admin_And_Operator_Concurrently_And_Verify 562 563 FOR ${i} IN RANGE ${5} 564 ${dict}= Execute Process Multi Keyword ${5} 565 ... Get Root Certificate ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 566 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_BAD_REQUEST} 567 ... Get Certificate Signed By VMI operator_user TestPwd123 ${True} ${False} ${HTTP_FORBIDDEN} 568 Dictionary Should Not Contain Value ${dict} False 569 ... msg=One or more operations has failed. 570 END 571 572 573*** Keywords *** 574 575Generate CSR String 576 [Documentation] Generate a csr string. 577 578 # Note: Generates and returns csr string. 579 ${csr_gen_time} = Get Current Date Time 580 ${CSR_FILE}= Catenate SEPARATOR=_ ${csr_gen_time} csr_server.csr 581 ${CSR_KEY}= Catenate SEPARATOR=_ ${csr_gen_time} csr_server.key 582 Set Test Variable ${CSR_FILE} 583 Set Test Variable ${CSR_KEY} 584 ${ssl_cmd}= Set Variable openssl req -new -newkey rsa:2048 -nodes -keyout ${CSR_KEY} -out ${CSR_FILE} 585 ${ssl_sub}= Set Variable 586 ... -subj "/C=XY/ST=Abcd/L=Efgh/O=ABC/OU=Systems/CN=abc.com/emailAddress=xyz@xx.ABC.com" 587 588 # Run openssl command to create a new private key and use that to generate a CSR string 589 # in server.csr file. 590 ${output}= Run ${ssl_cmd} ${ssl_sub} 591 ${csr}= OperatingSystem.Get File ${CSR_FILE} 592 593 RETURN ${csr} 594 595 596Send CSR To VMI And Get Signed 597 [Documentation] Upload CSR to VMI and get signed. 598 [Arguments] ${csr} ${force_create} ${username} ${password} ${read_timeout} 599 600 # Description of argument(s): 601 # csr Certificate request from client to VMI. 602 # force_create Create a new REST session if True. 603 # username Username to create a REST session. 604 # password Password to create a REST session. 605 606 IF "${XAUTH_TOKEN}" != "${EMPTY}" or ${force_create} == ${True} 607 Initialize OpenBMC rest_username=${username} rest_password=${password} 608 END 609 610 ${data}= Create Dictionary 611 ${headers}= Create Dictionary X-Auth-Token=${XAUTH_TOKEN} 612 ... Content-Type=application/json 613 614 ${cert_uri}= Set Variable ${VMI_BASE_URI}Host/Actions/SignCSR 615 616 # For SignCSR request, we need to pass CSR string generated by openssl command. 617 ${csr_data}= Create Dictionary CsrString ${csr} 618 619 ${resp}= POST On Session openbmc ${cert_uri} json=${csr_data} headers=${headers} 620 ... timeout=${read_timeout} expected_status=any 621 Log to console ${resp.content} 622 623 RETURN ${resp} 624 625 626Get Root Certificate 627 [Documentation] Get root certificate from VMI. 628 [Arguments] ${username}=${OPENBMC_USERNAME} ${password}=${OPENBMC_PASSWORD} 629 ... ${force_create}=${False} ${valid_csr}=${True} ${valid_status_code}=${HTTP_OK} 630 631 # Description of argument(s): 632 # cert_type Type of the certificate requesting. eg. root or SignCSR. 633 # username Username to create a REST session. 634 # password Password to create a REST session. 635 # force_create Create a new REST session if True. 636 # valid_csr Uses valid CSR string in the REST request if True. 637 # This is not applicable for root certificate. 638 # valid_status_code Expected status code from REST request. 639 640 IF "${XAUTH_TOKEN}" != "${EMPTY}" or ${force_create} == ${True} 641 Initialize OpenBMC rest_username=${username} rest_password=${password} 642 END 643 644 ${data}= Create Dictionary 645 ${headers}= Create Dictionary X-Auth-Token=${XAUTH_TOKEN} 646 ... Content-Type=application/json 647 648 ${cert_uri}= Set Variable ${VMI_BASE_URI}Host/Certificate/root 649 650 ${resp}= GET On Session openbmc ${cert_uri} &{data} headers=${headers} 651 ... expected_status=any 652 653 Should Be Equal As Strings ${resp.status_code} ${valid_status_code} 654 IF ${resp.status_code} != ${HTTP_OK} RETURN 655 656 ${cert}= Evaluate json.loads('''${resp.text}''', strict=False) json 657 Should Contain ${cert["Certificate"]} BEGIN CERTIFICATE 658 Should Contain ${cert["Certificate"]} END CERTIFICATE 659 660 661Get Subject 662 [Documentation] Generate a csr string. 663 [Arguments] ${file_name} ${is_csr_file} 664 665 # Description of argument(s): 666 # file_name Name of CSR or signed CERT file. 667 # is_csr_file A True value means a CSR while a False is for signed CERT file. 668 669 ${openssl_cmd}= Set Variable If ${is_csr_file} 670 ... openssl req -in ${file_name} -text -noout | grep Subject: 671 ... openssl x509 -in ${file_name} -text -noout | grep Subject: 672 ${subject}= Run ${openssl_cmd} 673 674 RETURN ${subject} 675 676 677Get Public Key 678 [Documentation] Generate a csr string. 679 [Arguments] ${file_name} ${is_csr_file} 680 681 # Description of argument(s): 682 # file_name Name of CSR or CERT file. 683 # is_csr_file A True value means a CSR while a False is for signed CERT file. 684 685 ${openssl_cmd}= Set Variable If ${is_csr_file} 686 ... openssl req -in ${file_name} -noout -pubkey 687 ... openssl x509 -in ${file_name} -noout -pubkey 688 ${PublicKey}= Run ${openssl_cmd} 689 690 RETURN ${PublicKey} 691 692 693Get Certificate Signed By VMI 694 [Documentation] Get signed certificate from VMI. 695 [Arguments] ${username}=${OPENBMC_USERNAME} ${password}=${OPENBMC_PASSWORD} 696 ... ${force_create}=${False} ${valid_csr}=${True} ${valid_status_code}=${HTTP_OK} 697 ... ${read_timeout}=20 698 699 # Description of argument(s): 700 # cert_type Type of the certificate requesting. eg. root or SignCSR. 701 # username Username to create a REST session. 702 # password Password to create a REST session. 703 # force_create Create a new REST session if True. 704 # valid_csr Uses valid CSR string in the REST request if True. 705 # This is not applicable for root certificate. 706 # valid_status_code Expected status code from REST request. 707 708 Set Test Variable ${CSR} CSR 709 Set Test Variable ${CORRUPTED_CSR} CORRUPTED_CSR 710 711 ${CSR}= Generate CSR String 712 ${csr_left} ${csr_right}= Split String From Right ${CSR} == 1 713 ${CORRUPTED_CSR}= Catenate SEPARATOR= ${csr_left} \N ${csr_right} 714 715 # For SignCSR request, we need to pass CSR string generated by openssl command 716 ${csr_str}= Set Variable If ${valid_csr} == ${True} ${CSR} ${CORRUPTED_CSR} 717 718 ${resp}= Send CSR To VMI And Get Signed ${csr_str} ${force_create} ${username} ${password} 719 ... ${read_timeout} 720 721 Should Be Equal As Strings ${resp.status_code} ${valid_status_code} 722 IF ${resp.status_code} != ${HTTP_OK} RETURN 723 724 ${cert}= Evaluate json.loads('''${resp.text}''', strict=False) json 725 Should Contain ${cert["Certificate"]} BEGIN CERTIFICATE 726 Should Contain ${cert["Certificate"]} END CERTIFICATE 727 728 # Now do subject and public key verification 729 ${subject_csr}= Get Subject ${CSR_FILE} True 730 ${pubKey_csr}= Get Public Key ${CSR_FILE} True 731 732 # create a crt file with certificate string 733 ${signed_cert}= Set Variable ${cert["Certificate"]} 734 ${testcert_gen_time} = Get Current Date Time 735 ${test_cert_file}= Catenate SEPARATOR=_ ${testcert_gen_time} test_certificate.cert 736 737 Create File ${test_cert_file} ${signed_cert} 738 ${subject_signed_csr}= Get Subject ${test_cert_file} False 739 ${pubKey_signed_csr}= Get Public Key ${test_cert_file} False 740 741 Should be equal as strings ${subject_signed_csr} ${subject_csr} 742 Should be equal as strings ${pubKey_signed_csr} ${pubKey_csr} 743 744 745Suite Setup Execution 746 [Documentation] Suite setup execution. 747 748 Remove Files *.csr *.key *.cert 749 # Create different user accounts. 750 Redfish.Login 751 752 Redfish Power Off 753 Set BIOS Attribute pvm_hmc_managed Enabled 754 755 Redfish Power On 756 Wait For Host Boot Progress To Reach Required State 757 Create Users With Different Roles users=${USERS} force=${True} 758 759 760Suite Teardown Execution 761 [Documentation] Suite teardown execution. 762 763 Remove Files *.csr *.key *.cert 764 Delete BMC Users Via Redfish users=${USERS} 765 Delete All Sessions 766 Redfish.Logout 767