1*** Settings *** 2 3Documentation VMI certificate exchange tests. 4 5Library ../../lib/jobs_processing.py 6Resource ../../lib/resource.robot 7Resource ../../lib/bmc_redfish_resource.robot 8Resource ../../lib/openbmc_ffdc.robot 9Resource ../../lib/bmc_redfish_utils.robot 10Resource ../../lib/utils.robot 11 12Suite Setup Suite Setup Execution 13Test Teardown FFDC On Test Case Fail 14Suite Teardown Suite Teardown Execution 15 16 17*** Variables *** 18 19# users User Name password 20@{ADMIN} admin_user TestPwd123 21@{OPERATOR} operator_user TestPwd123 22@{ReadOnly} readonly_user TestPwd123 23@{NoAccess} noaccess_user TestPwd123 24&{USERS} Administrator=${ADMIN} Operator=${OPERATOR} ReadOnly=${ReadOnly} 25... NoAccess=${NoAccess} 26${VMI_BASE_URI} /ibm/v1/ 27 28 29*** Test Cases *** 30 31Get CSR Request Signed By VMI And Verify 32 [Documentation] Get CSR request signed by VMI using different user roles and verify. 33 [Tags] Get_CSR_Request_Signed_By_VMI_And_Verify 34 [Template] Get Certificate Signed By VMI 35 36 # username password force_create valid_csr valid_status_code 37 ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 38 39 # Send CSR request from operator user. 40 operator_user TestPwd123 ${False} ${True} ${HTTP_FORBIDDEN} 41 42 # Send CSR request from ReadOnly user. 43 readonly_user TestPwd123 ${False} ${True} ${HTTP_FORBIDDEN} 44 45 # Send CSR request from NoAccess user. 46 noaccess_user TestPwd123 ${False} ${True} ${HTTP_FORBIDDEN} 47 48 49Get Root Certificate Using Different Privilege Users Role 50 [Documentation] Get root certificate using different users. 51 [Tags] Get_Root_Certificate_Using_Different_Privilege_Users_Role 52 [Template] Get Root Certificate 53 54 # username password force_create valid_csr valid_status_code 55 # Request root certificate from admin user. 56 admin_user TestPwd123 ${True} ${True} ${HTTP_OK} 57 58 # Request root certificate from operator user. 59 operator_user TestPwd123 ${False} ${True} ${HTTP_FORBIDDEN} 60 61 # Request root certificate from ReadOnly user. 62 readonly_user TestPwd123 ${False} ${True} ${HTTP_FORBIDDEN} 63 64 # Request root certificate from NoAccess user. 65 noaccess_user TestPwd123 ${False} ${True} ${HTTP_FORBIDDEN} 66 67 68Send CSR Request When VMI Is Off And Verify 69 [Documentation] Send CSR signing request to VMI when it is off and expect an error. 70 [Tags] Send_CSR_Request_When_VMI_Is_Off_And_Verify 71 [Setup] Redfish Power Off 72 [Teardown] Run keywords Redfish Power On stack_mode=skip AND FFDC On Test Case Fail 73 [Template] Get Certificate Signed By VMI 74 75 # username password force_create valid_csr valid_status_code read_timeout 76 ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_SERVICE_UNAVAILABLE} 60 77 78 # Send CSR request from operator user. 79 operator_user TestPwd123 ${False} ${True} ${HTTP_FORBIDDEN} 80 81 # Send CSR request from ReadOnly user. 82 readonly_user TestPwd123 ${False} ${True} ${HTTP_FORBIDDEN} 83 84 # Send CSR request from NoAccess user. 85 noaccess_user TestPwd123 ${False} ${True} ${HTTP_FORBIDDEN} 86 87Get Corrupted CSR Request Signed By VMI And Verify 88 [Documentation] Send corrupted CSR for signing and expect an error. 89 [Tags] Get_Corrupted_CSR_Request_Signed_By_VMI_And_Verify 90 [Template] Get Certificate Signed By VMI 91 92 # username password force_create valid_csr valid_status_code read_timeout 93 ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_SERVICE_UNAVAILABLE} 60 94 95 # Send CSR request from operator user. 96 operator_user TestPwd123 ${False} ${False} ${HTTP_FORBIDDEN} 97 98 # Send CSR request from ReadOnly user. 99 readonly_user TestPwd123 ${False} ${False} ${HTTP_FORBIDDEN} 100 101 # Send CSR request from NoAccess user. 102 noaccess_user TestPwd123 ${False} ${False} ${HTTP_FORBIDDEN} 103 104Get Root Certificate When VMI Is Off And Verify 105 [Documentation] Get root certificate when vmi is off and verify. 106 [Tags] Get_Root_Certificate_When_VMI_Is_Off_And_Verify 107 [Setup] Redfish Power Off 108 [Teardown] Run keywords Redfish Power On stack_mode=skip AND FFDC On Test Case Fail 109 [Template] Get Root Certificate 110 111 # username password force_create valid_csr valid_status_code 112 ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 113 114 # Request root certificate from operator user. 115 operator_user TestPwd123 ${False} ${True} ${HTTP_FORBIDDEN} 116 117 # Request root certificate from ReadOnly user. 118 readonly_user TestPwd123 ${False} ${True} ${HTTP_FORBIDDEN} 119 120 # Request root certificate from NoAccess user. 121 noaccess_user TestPwd123 ${False} ${True} ${HTTP_FORBIDDEN} 122 123 124Get Root Certificate After BMC Reboot And Verify 125 [Documentation] Get root certificate after bmc reboot and verify. 126 [Tags] Get_Root_Certificate_After_BMC_Reboot_And_Verify 127 [Setup] Run Keywords OBMC Reboot (off) AND Redfish Power On 128 [Template] Get Root Certificate 129 130 # username password force_create valid_csr valid_status_code 131 ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 132 133 # Request root certificate from operator user. 134 operator_user TestPwd123 ${False} ${True} ${HTTP_FORBIDDEN} 135 136 # Request root certificate from ReadOnly user. 137 readonly_user TestPwd123 ${False} ${True} ${HTTP_FORBIDDEN} 138 139 # Request root certificate from NoAccess user. 140 noaccess_user TestPwd123 ${False} ${True} ${HTTP_FORBIDDEN} 141 142Get Concurrent Root Certificate Requests From Multiple Admin Users 143 [Documentation] Get multiple concurrent root certificate requests from multiple admins 144 ... and verify no errors. 145 [Tags] Get_Concurrent_Root_Certificate_Requests_From_Multiple_Admin_Users 146 147 FOR ${i} IN RANGE ${5} 148 ${dict}= Execute Process Multi Keyword ${5} 149 ... Get Root Certificate ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 150 ... Get Root Certificate ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 151 ... Get Root Certificate ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 152 Dictionary Should Not Contain Value ${dict} False 153 ... msg=One or more operations has failed. 154 END 155 156Get Concurrent CSR Requests From Multiple Admin Users 157 [Documentation] Get multiple concurrent csr requests from multiple admins and verify no errors. 158 [Tags] Get_Concurrent_CSR_Requests_From_Multiple_Admin_Users 159 160 FOR ${i} IN RANGE ${5} 161 ${dict}= Execute Process Multi Keyword ${5} 162 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 163 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 164 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 165 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 166 Dictionary Should Not Contain Value ${dict} False 167 ... msg=One or more operations has failed. 168 END 169 170Get Concurrent Corrupted CSR Requests From Multiple Admin Users 171 [Documentation] Get multiple concurrent corrupted csr requests from multiple admins and verify no errors. 172 [Tags] Get_Concurrent_Corrupted_CSR_Requests_From_Multiple_Admin_Users 173 174 FOR ${i} IN RANGE ${5} 175 ${dict}= Execute Process Multi Keyword ${5} 176 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_INTERNAL_SERVER_ERROR} 177 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_INTERNAL_SERVER_ERROR} 178 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_INTERNAL_SERVER_ERROR} 179 Dictionary Should Not Contain Value ${dict} False 180 ... msg=One or more operations has failed. 181 END 182 183Get Concurrent Root Certificate Request From Operator Users 184 [Documentation] Get multiple concurrent root certificate from non admin users and verify no errors. 185 [Tags] Get_Concurrent_Root_Certificate_Request_From_Operator_Users 186 187 FOR ${i} IN RANGE ${5} 188 ${dict}= Execute Process Multi Keyword ${5} 189 ... Get Root Certificate operator_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN} 190 ... Get Root Certificate operator_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN} 191 ... Get Root Certificate operator_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN} 192 Dictionary Should Not Contain Value ${dict} False 193 ... msg=One or more operations has failed. 194 END 195 196Get Concurrent Root Certificate Request From Admin And Non Admin Users 197 [Documentation] Get multiple concurrent root certificate from admin and non admin users 198 ... and verify no errors. 199 [Tags] Get_Concurrent_Root_Certificate_Request_From_Admin_And_Non_Admin_Users 200 201 FOR ${i} IN RANGE ${5} 202 ${dict}= Execute Process Multi Keyword ${5} 203 ... Get Root Certificate ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 204 ... Get Root Certificate operator_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN} 205 ... Get Root Certificate readonly_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN} 206 Dictionary Should Not Contain Value ${dict} False 207 ... msg=One or more operations has failed. 208 END 209 210Get Concurrent Root Certificate Request From Different Non Admin Users 211 [Documentation] Get multiple concurrent root certificate from different non admin users 212 ... and verify no errors. 213 [Tags] Get_Concurrent_Root_Certificate_Request_From_Different_Non_Admin_Users 214 215 FOR ${i} IN RANGE ${5} 216 ${dict}= Execute Process Multi Keyword ${5} 217 ... Get Root Certificate operator_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN} 218 ... Get Root Certificate readonly_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN} 219 ... Get Root Certificate noaccess_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN} 220 Dictionary Should Not Contain Value ${dict} False 221 ... msg=One or more operations has failed. 222 END 223 224Get Concurrent CSR Request From Operator Users 225 [Documentation] Get multiple concurrent csr request from non admin users and verify no errors. 226 [Tags] Get_Concurrent_CSR_Request_From_Operator_Users 227 228 FOR ${i} IN RANGE ${5} 229 ${dict}= Execute Process Multi Keyword ${5} 230 ... Get Certificate Signed By VMI operator_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN} 231 ... Get Certificate Signed By VMI operator_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN} 232 ... Get Certificate Signed By VMI operator_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN} 233 Dictionary Should Not Contain Value ${dict} False 234 ... msg=One or more operations has failed. 235 END 236 237Get Root Certificate And Send CSR Request Concurrently And Verify 238 [Documentation] Get root certificate and send csr request concurrently and 239 ... verify gets root and signed certificate. 240 [Tags] Get_Root_Certificate_And_Send_CSR_Request_Concurrently_And_Verify 241 242 FOR ${i} IN RANGE ${5} 243 ${dict}= Execute Process Multi Keyword ${5} 244 ... Get Root Certificate ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 245 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 246 Dictionary Should Not Contain Value ${dict} False 247 ... msg=One or more operations has failed. 248 END 249 250Get Concurrent Root Certificate And Send CSR Request And Verify 251 [Documentation] Get concurrent root certificate and send csr request 252 ... and verify gets root certificate and signed certificate. 253 [Tags] Get_Concurrent_Root_Certificate_And_Send_CSR_Request_And_Verify 254 255 FOR ${i} IN RANGE ${5} 256 ${dict}= Execute Process Multi Keyword ${5} 257 ... Get Root Certificate ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 258 ... Get Root Certificate ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 259 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 260 Dictionary Should Not Contain Value ${dict} False 261 ... msg=One or more operations has failed. 262 END 263 264Get Root Certificate And Send Multiple CSR Requests Concurrently And Verify 265 [Documentation] Get root certificate and send multiple csr requests concurrently and 266 ... verify gets root certificate and signed certificates. 267 [Tags] Get_Root_Certificate_And_Send_Multiple_CSR_Requests_Concurrently_And_Verify 268 269 FOR ${i} IN RANGE ${5} 270 ${dict}= Execute Process Multi Keyword ${5} 271 ... Get Root Certificate ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 272 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 273 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 274 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 275 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 276 Dictionary Should Not Contain Value ${dict} False 277 ... msg=One or more operations has failed. 278 END 279 280Get Root Certificate And Send Multiple Corrupted CSR Requests Concurrently And Verify 281 [Documentation] Get root certificate and send multiple corrupted csr requests concurrently and 282 ... verify gets root certificate and error for corrupted csr requests. 283 [Tags] Get_Root_Certificate_And_Send_Multiple_Corrupted_CSR_Requests_Concurrently_And_Verify 284 285 FOR ${i} IN RANGE ${5} 286 ${dict}= Execute Process Multi Keyword ${5} 287 ... Get Root Certificate ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 288 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_INTERNAL_SERVER_ERROR} 289 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_INTERNAL_SERVER_ERROR} 290 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_INTERNAL_SERVER_ERROR} 291 Dictionary Should Not Contain Value ${dict} False 292 ... msg=One or more operations has failed. 293 END 294 295Send Concurrent CSR Request And Corrupted CSR Request And Verify 296 [Documentation] Send concurrent csr request and corrupted csr request 297 ... and verify gets certificate for valid csr and error for corrupted csr. 298 [Tags] Send_Concurrent_CSR_Request_And_Corrupted_CSR_Request_And_Verify 299 300 FOR ${i} IN RANGE ${5} 301 ${dict}= Execute Process Multi Keyword ${5} 302 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 303 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 304 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_INTERNAL_SERVER_ERROR} 305 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_INTERNAL_SERVER_ERROR} 306 Dictionary Should Not Contain Value ${dict} False 307 ... msg=One or more operations has failed. 308 END 309 310Get Root Certificate Send CSR And Corrupted CSR Request Concurrently And Verify 311 [Documentation] Get root certificate send csr and corrupted csr requests concurrently and 312 ... verify gets root certificate and certificate for valid csr and error for corrupted csr. 313 [Tags] Get_Root_Certificate_Send_CSR_And_Corrupted_CSR_Request_Concurrently_And_Verify 314 315 FOR ${i} IN RANGE ${5} 316 ${dict}= Execute Process Multi Keyword ${5} 317 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 318 ... Get Root Certificate ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 319 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_INTERNAL_SERVER_ERROR} 320 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_INTERNAL_SERVER_ERROR} 321 Dictionary Should Not Contain Value ${dict} False 322 ... msg=One or more operations has failed. 323 END 324 325Send Concurrent CSR Request From Admin And Non Admin Users And Verify 326 [Documentation] Send concurrent csr requests from admin and non-admin users and verify 327 ... admin gets certificate and non-admin gets error. 328 [Tags] Send_Concurrent_CSR_Request_From_Admin_And_Non_Admin_Users_And_Verify 329 330 FOR ${i} IN RANGE ${5} 331 ${dict}= Execute Process Multi Keyword ${5} 332 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 333 ... Get Certificate Signed By VMI operator_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN} 334 ... Get Certificate Signed By VMI readonly_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN} 335 Dictionary Should Not Contain Value ${dict} False 336 ... msg=One or more operations has failed. 337 END 338 339Send Concurrent CSR Request From Non Admin Users And Verify 340 [Documentation] Send concurrent csr request from non admin users 341 ... and verify gets error. 342 [Tags] Send_Concurrent_CSR_Request_From_Non_Admin_Users_And_Verify 343 344 FOR ${i} IN RANGE ${5} 345 ${dict}= Execute Process Multi Keyword ${5} 346 ... Get Certificate Signed By VMI operator_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN} 347 ... Get Certificate Signed By VMI readonly_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN} 348 ... Get Certificate Signed By VMI noaccess_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN} 349 Dictionary Should Not Contain Value ${dict} False 350 ... msg=One or more operations has failed. 351 END 352 353Get Root Certificate And Send Corrupted CSR From Admin CSR Request From Operator Concurrently 354 [Documentation] Get root certificate and send corrupted csr request from admin and 355 ... csr from operator concurrently and verify gets root certificate and errors for corrupted 356 ... and for operator. 357 [Tags] Get_Root_Certificate_And_Send_Corrupted_CSR_From_Admin_CSR_Request_From_Operator_Concurrently 358 359 FOR ${i} IN RANGE ${5} 360 ${dict}= Execute Process Multi Keyword ${5} 361 ... Get Root Certificate ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 362 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_INTERNAL_SERVER_ERROR} 363 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_INTERNAL_SERVER_ERROR} 364 ... Get Certificate Signed By VMI operator_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN} 365 Dictionary Should Not Contain Value ${dict} False 366 ... msg=One or more operations has failed. 367 END 368 369Get Root Certificate From Operator And Send Corrupted CSR Request And CSR Request From Admin Concurrently 370 [Documentation] Get root certificate from operator and send corrupted csr request 371 ... and csr from admin and verify errors for operator and corrupted csr and signed certificate 372 ... for valid csr. 373 [Tags] Get_Root_Certificate_From_Operator_And_Send_Corrupted_CSR_Request_And_CSR_Request_From_Admin_Concurrently 374 375 FOR ${i} IN RANGE ${5} 376 ${dict}= Execute Process Multi Keyword ${5} 377 ... Get Root Certificate operator_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN} 378 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_INTERNAL_SERVER_ERROR} 379 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_INTERNAL_SERVER_ERROR} 380 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 381 Dictionary Should Not Contain Value ${dict} False 382 ... msg=One or more operations has failed. 383 END 384 385 386Get Root Certificate From Operator And Admin Send CSR Request From Admin Concurrently 387 [Documentation] Get root certificate from operator and admin and 388 ... and send csr request from admin concurrently and verify error for operator 389 ... and admin gets root and signed certificate. 390 [Tags] Get_Root_Certificate_From_Operator_And_Admin_Send_CSR_Request_From_Admin_Concurrently 391 392 FOR ${i} IN RANGE ${5} 393 ${dict}= Execute Process Multi Keyword ${5} 394 ... Get Root Certificate operator_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN} 395 ... Get Root Certificate ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 396 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 397 Dictionary Should Not Contain Value ${dict} False 398 ... msg=One or more operations has failed. 399 END 400 401Send CSR Request From Admin And Operator And Corrupted CSR From Admin Concurrently And Verify 402 [Documentation] Send csr request from admin and operator and corrupted 403 ... csr request from admin and verify gets signed certificate for valid csr for admin 404 ... gets error for operator and error for corrupted csr. 405 [Tags] Send_CSR_Request_From_Admin_And_Operator_And_Corrupted_CSR_From_Admin_Concurrently_And_Verify 406 407 FOR ${i} IN RANGE ${5} 408 ${dict}= Execute Process Multi Keyword ${5} 409 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 410 ... Get Certificate Signed By VMI operator_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN} 411 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_INTERNAL_SERVER_ERROR} 412 Dictionary Should Not Contain Value ${dict} False 413 ... msg=One or more operations has failed. 414 END 415 416Send Corrupted CSR Requests From Admin And Operator And CSR Request From Admin Concurrently And Verify 417 [Documentation] Send corrupted csr request from admin and operator and csr request 418 ... from admin concurrently and verify errors for corrupted csr and gets signed certificate 419 ... for valid csr from admin. 420 [Tags] Send_Corrupted_CSR_Requests_From_Admin_And_Operator_And_CSR_Request_From_Admin_Concurrently_And_Verify 421 422 FOR ${i} IN RANGE ${5} 423 ${dict}= Execute Process Multi Keyword ${5} 424 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_INTERNAL_SERVER_ERROR} 425 ... Get Certificate Signed By VMI operator_user TestPwd123 ${True} ${False} ${HTTP_FORBIDDEN} 426 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 427 Dictionary Should Not Contain Value ${dict} False 428 ... msg=One or more operations has failed. 429 END 430 431Send Corrupted CSR Requests From Admin And Operator User Concurrently And Verify 432 [Documentation] Send corrupted csr requests from admin and operator and 433 ... verify gets error. 434 [Tags] Send_Corrupted_CSR_Requests_From_Admin_And_Operator_User_Concurrently_And_Verify 435 436 FOR ${i} IN RANGE ${5} 437 ${dict}= Execute Process Multi Keyword ${5} 438 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_INTERNAL_SERVER_ERROR} 439 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_INTERNAL_SERVER_ERROR} 440 ... Get Certificate Signed By VMI operator_user TestPwd123 ${True} ${False} ${HTTP_FORBIDDEN} 441 Dictionary Should Not Contain Value ${dict} False 442 ... msg=One or more operations has failed. 443 END 444 445Get Root Certificate From Admin And Send CSR Requests From Non Admin Concurrently And Verify 446 [Documentation] Get root certificate from admin and csr requests from 447 ... non admin users concurrently and verify gets root certificate for admin and 448 ... errors for non-admins. 449 [Tags] Get_Root_Certificate_From_Admin_And_Send_CSR_Requests_From_Non_Admin_Concurrently_And_Verify 450 451 FOR ${i} IN RANGE ${5} 452 ${dict}= Execute Process Multi Keyword ${5} 453 ... Get Root Certificate ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 454 ... Get Certificate Signed By VMI operator_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN} 455 ... Get Certificate Signed By VMI readonly_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN} 456 Dictionary Should Not Contain Value ${dict} False 457 ... msg=One or more operations has failed. 458 END 459 460Get Root Certificate And Send CSR Requests From Non Admin Users Concurrently And Verify 461 [Documentation] Get root certificate and send csr requests from non admin 462 ... users and verify gets errors. 463 [Tags] Get_Root_Certificate_And_Send_CSR_Requests_From_Non_Admin_Users_Concurrently_And_Verify 464 465 FOR ${i} IN RANGE ${5} 466 ${dict}= Execute Process Multi Keyword ${5} 467 ... Get Root Certificate operator_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN} 468 ... Get Root Certificate readonly_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN} 469 ... Get Certificate Signed By VMI readonly_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN} 470 ... Get Certificate Signed By VMI noaccess_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN} 471 Dictionary Should Not Contain Value ${dict} False 472 ... msg=One or more operations has failed. 473 END 474 475Send Corrupted CSR Request From Admin And CSR Requests From Non Admin Concurrently And Verify 476 [Documentation] Send corrupted csr request from admin and csr request from non admin 477 ... users concurrently and verify gets errors. 478 [Tags] Send_Corrupted_CSR_Request_From_Admin_And_CSR_Requests_From_Non_Admin_Concurrently_And_Verify 479 480 FOR ${i} IN RANGE ${5} 481 ${dict}= Execute Process Multi Keyword ${5} 482 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_INTERNAL_SERVER_ERROR} 483 ... Get Certificate Signed By VMI operator_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN} 484 ... Get Certificate Signed By VMI readonly_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN} 485 Dictionary Should Not Contain Value ${dict} False 486 ... msg=One or more operations has failed. 487 END 488 489Send CSR Request And Corrupted CSR Requests From Non Admin Users Concurrently And Verify 490 [Documentation] Send csr and corrupted csr request from non admin users 491 ... and verify gets errors. 492 [Tags] Send_CSR_Request_And_Corrupted_CSR_Requests_From_Non_Admin_Users_Concurrently_And_Verify 493 494 FOR ${i} IN RANGE ${5} 495 ${dict}= Execute Process Multi Keyword ${5} 496 ... Get Certificate Signed By VMI operator_user TestPwd123 ${True} ${False} ${HTTP_FORBIDDEN} 497 ... Get Certificate Signed By VMI readonly_user TestPwd123 ${True} ${False} ${HTTP_FORBIDDEN} 498 ... Get Certificate Signed By VMI noaccess_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN} 499 ... Get Certificate Signed By VMI readonly_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN} 500 Dictionary Should Not Contain Value ${dict} False 501 ... msg=One or more operations has failed. 502 END 503 504Get Root Certificate And Send CSR Requests From Admin And Operator Concurrently And Verify 505 [Documentation] Get root certificate from admin and send csr requests 506 ... from admin and operator concurrently and verify gets root certificate 507 ... and signed certificate and gets error for operator. 508 [Tags] Get_Root_Certificate_And_Send_CSR_Requests_From_Admin_And_Operator_Concurrently_And_Verify 509 510 FOR ${i} IN RANGE ${5} 511 ${dict}= Execute Process Multi Keyword ${5} 512 ... Get Root Certificate ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 513 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 514 ... Get Certificate Signed By VMI operator_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN} 515 Dictionary Should Not Contain Value ${dict} False 516 ... msg=One or more operations has failed. 517 END 518 519 520Get Root Certificate And Send Corrupted CSR Requests From Admin And Operator Concurrently And Verify 521 [Documentation] Get root certificate from admin and send corrupted csr requests 522 ... from admin and operator concurrently and verify gets root certificate and errors 523 ... for corrupted csr. 524 [Tags] Get_Root_Certificate_And_Send_Corrupted_CSR_Requests_From_Admin_And_Operator_Concurrently_And_Verify 525 526 FOR ${i} IN RANGE ${5} 527 ${dict}= Execute Process Multi Keyword ${5} 528 ... Get Root Certificate ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 529 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_INTERNAL_SERVER_ERROR} 530 ... Get Certificate Signed By VMI operator_user TestPwd123 ${True} ${False} ${HTTP_FORBIDDEN} 531 Dictionary Should Not Contain Value ${dict} False 532 ... msg=One or more operations has failed. 533 END 534 535*** Keywords *** 536 537Generate CSR String 538 [Documentation] Generate a csr string. 539 540 # Note: Generates and returns csr string. 541 ${csr_gen_time} = Get Current Date Time 542 ${CSR_FILE}= Catenate SEPARATOR=_ ${csr_gen_time} csr_server.csr 543 ${CSR_KEY}= Catenate SEPARATOR=_ ${csr_gen_time} csr_server.key 544 Set Test Variable ${CSR_FILE} 545 Set Test Variable ${CSR_KEY} 546 ${ssl_cmd}= Set Variable openssl req -new -newkey rsa:2048 -nodes -keyout ${CSR_KEY} -out ${CSR_FILE} 547 ${ssl_sub}= Set Variable 548 ... -subj "/C=XY/ST=Abcd/L=Efgh/O=ABC/OU=Systems/CN=abc.com/emailAddress=xyz@xx.ABC.com" 549 550 # Run openssl command to create a new private key and use that to generate a CSR string 551 # in server.csr file. 552 ${output}= Run ${ssl_cmd} ${ssl_sub} 553 ${csr}= OperatingSystem.Get File ${CSR_FILE} 554 555 [Return] ${csr} 556 557 558Send CSR To VMI And Get Signed 559 [Documentation] Upload CSR to VMI and get signed. 560 [Arguments] ${csr} ${force_create} ${username} ${password} ${read_timeout} 561 562 # Description of argument(s): 563 # csr Certificate request from client to VMI. 564 # force_create Create a new REST session if True. 565 # username Username to create a REST session. 566 # password Password to create a REST session. 567 568 Run Keyword If "${XAUTH_TOKEN}" != "${EMPTY}" or ${force_create} == ${True} 569 ... Initialize OpenBMC rest_username=${username} rest_password=${password} 570 571 ${data}= Create Dictionary 572 ${headers}= Create Dictionary X-Auth-Token=${XAUTH_TOKEN} 573 ... Content-Type=application/json 574 575 ${cert_uri}= Set Variable ${VMI_BASE_URI}Host/Actions/SignCSR 576 577 # For SignCSR request, we need to pass CSR string generated by openssl command. 578 ${csr_data}= Create Dictionary CsrString ${csr} 579 Set To Dictionary ${data} data ${csr_data} 580 581 ${resp}= Post Request openbmc ${cert_uri} &{data} headers=${headers} timeout=${read_timeout} 582 Log to console ${resp.content} 583 584 [Return] ${resp} 585 586 587Get Root Certificate 588 [Documentation] Get root certificate from VMI. 589 [Arguments] ${username}=${OPENBMC_USERNAME} ${password}=${OPENBMC_PASSWORD} 590 ... ${force_create}=${False} ${valid_csr}=${True} ${valid_status_code}=${HTTP_OK} 591 592 # Description of argument(s): 593 # cert_type Type of the certificate requesting. eg. root or SignCSR. 594 # username Username to create a REST session. 595 # password Password to create a REST session. 596 # force_create Create a new REST session if True. 597 # valid_csr Uses valid CSR string in the REST request if True. 598 # This is not applicable for root certificate. 599 # valid_status_code Expected status code from REST request. 600 601 Run Keyword If "${XAUTH_TOKEN}" != "${EMPTY}" or ${force_create} == ${True} 602 ... Initialize OpenBMC rest_username=${username} rest_password=${password} 603 604 ${data}= Create Dictionary 605 ${headers}= Create Dictionary X-Auth-Token=${XAUTH_TOKEN} 606 ... Content-Type=application/json 607 608 ${cert_uri}= Set Variable ${VMI_BASE_URI}Host/Certificate/root 609 610 ${resp}= Get Request openbmc ${cert_uri} &{data} headers=${headers} 611 612 Should Be Equal As Strings ${resp.status_code} ${valid_status_code} 613 Return From Keyword If ${resp.status_code} != ${HTTP_OK} 614 615 ${cert}= Evaluate json.loads('''${resp.text}''', strict=False) json 616 Should Contain ${cert["Certificate"]} BEGIN CERTIFICATE 617 Should Contain ${cert["Certificate"]} END CERTIFICATE 618 619 620Get Subject 621 [Documentation] Generate a csr string. 622 [Arguments] ${file_name} ${is_csr_file} 623 624 # Description of argument(s): 625 # file_name Name of CSR or signed CERT file. 626 # is_csr_file A True value means a CSR while a False is for signed CERT file. 627 628 ${subject}= Run Keyword If ${is_csr_file} Run openssl req -in ${file_name} -text -noout | grep Subject: 629 ... ELSE Run openssl x509 -in ${file_name} -text -noout | grep Subject: 630 631 [Return] ${subject} 632 633 634Get Public Key 635 [Documentation] Generate a csr string. 636 [Arguments] ${file_name} ${is_csr_file} 637 638 # Description of argument(s): 639 # file_name Name of CSR or CERT file. 640 # is_csr_file A True value means a CSR while a False is for signed CERT file. 641 642 ${PublicKey}= Run Keyword If ${is_csr_file} Run openssl req -in ${file_name} -noout -pubkey 643 ... ELSE Run openssl x509 -in ${file_name} -noout -pubkey 644 645 [Return] ${PublicKey} 646 647 648Get Certificate Signed By VMI 649 [Documentation] Get signed certificate from VMI. 650 [Arguments] ${username}=${OPENBMC_USERNAME} ${password}=${OPENBMC_PASSWORD} 651 ... ${force_create}=${False} ${valid_csr}=${True} ${valid_status_code}=${HTTP_OK} 652 ... ${read_timeout}=20 653 654 # Description of argument(s): 655 # cert_type Type of the certificate requesting. eg. root or SignCSR. 656 # username Username to create a REST session. 657 # password Password to create a REST session. 658 # force_create Create a new REST session if True. 659 # valid_csr Uses valid CSR string in the REST request if True. 660 # This is not applicable for root certificate. 661 # valid_status_code Expected status code from REST request. 662 663 Set Test Variable ${CSR} CSR 664 Set Test Variable ${CORRUPTED_CSR} CORRUPTED_CSR 665 666 ${CSR}= Generate CSR String 667 ${csr_left} ${csr_right}= Split String From Right ${CSR} == 1 668 ${CORRUPTED_CSR}= Catenate SEPARATOR= ${csr_left} \N ${csr_right} 669 670 # For SignCSR request, we need to pass CSR string generated by openssl command 671 ${csr_str}= Set Variable If ${valid_csr} == ${True} ${CSR} ${CORRUPTED_CSR} 672 673 ${resp}= Send CSR To VMI And Get Signed ${csr_str} ${force_create} ${username} ${password} 674 ... ${read_timeout} 675 676 Should Be Equal As Strings ${resp.status_code} ${valid_status_code} 677 Return From Keyword If ${resp.status_code} != ${HTTP_OK} 678 679 ${cert}= Evaluate json.loads('''${resp.text}''', strict=False) json 680 Should Contain ${cert["Certificate"]} BEGIN CERTIFICATE 681 Should Contain ${cert["Certificate"]} END CERTIFICATE 682 683 # Now do subject and public key verification 684 ${subject_csr}= Get Subject ${CSR_FILE} True 685 ${pubKey_csr}= Get Public Key ${CSR_FILE} True 686 687 # create a crt file with certificate string 688 ${signed_cert}= Set Variable ${cert["Certificate"]} 689 ${testcert_gen_time} = Get Current Date Time 690 ${test_cert_file}= Catenate SEPARATOR=_ ${testcert_gen_time} test_certificate.cert 691 692 Create File ${test_cert_file} ${signed_cert} 693 ${subject_signed_csr}= Get Subject ${test_cert_file} False 694 ${pubKey_signed_csr}= Get Public Key ${test_cert_file} False 695 696 Should be equal as strings ${subject_signed_csr} ${subject_csr} 697 Should be equal as strings ${pubKey_signed_csr} ${pubKey_csr} 698 699 700Suite Setup Execution 701 [Documentation] Suite setup execution. 702 703 Remove Files *.csr *.key *.cert 704 # Create different user accounts. 705 Redfish.Login 706 Redfish Power On 707 Create Users With Different Roles users=${USERS} force=${True} 708 709 710Suite Teardown Execution 711 [Documentation] Suite teardown execution. 712 713 Remove Files *.csr *.key *.cert 714 Delete BMC Users Via Redfish users=${USERS} 715 Delete All Sessions 716 Redfish.Logout 717