1*** Settings *** 2 3Documentation VMI certificate exchange tests. 4 5Library ../../lib/jobs_processing.py 6Resource ../../lib/resource.robot 7Resource ../../lib/bmc_redfish_resource.robot 8Resource ../../lib/openbmc_ffdc.robot 9Resource ../../lib/bmc_redfish_utils.robot 10Resource ../../lib/utils.robot 11 12Suite Setup Suite Setup Execution 13Test Teardown FFDC On Test Case Fail 14Suite Teardown Run Keyword And Ignore Error Suite Teardown Execution 15 16Force Tags Vmicert_Management 17 18 19*** Variables *** 20 21# users User Name password 22@{ADMIN} admin_user TestPwd123 23@{OPERATOR} operator_user TestPwd123 24@{ReadOnly} readonly_user TestPwd123 25@{NoAccess} noaccess_user TestPwd123 26# Removing Operator, need to add it back once support is given. 27&{USERS} Administrator=${ADMIN} ReadOnly=${ReadOnly} 28${VMI_BASE_URI} /ibm/v1/ 29 30 31*** Test Cases *** 32 33Get CSR Request Signed By VMI And Verify 34 [Documentation] Get CSR request signed by VMI using different user roles and verify. 35 [Tags] Get_CSR_Request_Signed_By_VMI_And_Verify 36 [Template] Get Certificate Signed By VMI 37 38 # username password force_create valid_csr valid_status_code 39 ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 40 41 # Send CSR request from operator user. 42 # operator_user TestPwd123 ${False} ${True} ${HTTP_FORBIDDEN} 43 44 # Send CSR request from ReadOnly user. 45 readonly_user TestPwd123 ${False} ${True} ${HTTP_FORBIDDEN} 46 47 # Send CSR request from NoAccess user. 48 # noaccess_user TestPwd123 ${False} ${True} ${HTTP_FORBIDDEN} 49 50 51Get Root Certificate Using Different Privilege Users Role 52 [Documentation] Get root certificate using different users. 53 [Tags] Get_Root_Certificate_Using_Different_Privilege_Users_Role 54 [Template] Get Root Certificate 55 56 # username password force_create valid_csr valid_status_code 57 # Request root certificate from admin user. 58 admin_user TestPwd123 ${True} ${True} ${HTTP_OK} 59 60 # Request root certificate from operator user. 61 # operator_user TestPwd123 ${False} ${True} ${HTTP_FORBIDDEN} 62 63 # Request root certificate from ReadOnly user. 64 readonly_user TestPwd123 ${False} ${True} ${HTTP_FORBIDDEN} 65 66 # Request root certificate from NoAccess user. 67 # noaccess_user TestPwd123 ${False} ${True} ${HTTP_FORBIDDEN} 68 69 70Send CSR Request When VMI Is Off And Verify 71 [Documentation] Send CSR signing request to VMI when it is off and expect an error. 72 [Tags] Send_CSR_Request_When_VMI_Is_Off_And_Verify 73 [Setup] Redfish Power Off 74 [Teardown] Run Keywords Redfish Power On stack_mode=skip AND 75 ... Wait For Host Boot Progress To Reach Required State 76 [Template] Get Certificate Signed By VMI 77 78 # username password force_create valid_csr valid_status_code read_timeout 79 ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_SERVICE_UNAVAILABLE} 60 80 81 # Send CSR request from operator user. 82 # operator_user TestPwd123 ${False} ${True} ${HTTP_FORBIDDEN} 83 84 # Send CSR request from ReadOnly user. 85 readonly_user TestPwd123 ${False} ${True} ${HTTP_FORBIDDEN} 86 87 # Send CSR request from NoAccess user. 88 # noaccess_user TestPwd123 ${False} ${True} ${HTTP_FORBIDDEN} 89 90 91Get Corrupted CSR Request Signed By VMI And Verify 92 [Documentation] Send corrupted CSR for signing and expect an error. 93 [Tags] Get_Corrupted_CSR_Request_Signed_By_VMI_And_Verify 94 [Template] Get Certificate Signed By VMI 95 96 # username password force_create valid_csr valid_status_code read_timeout 97 ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_BAD_REQUEST} 60 98 99 # Send CSR request from operator user. 100 # operator_user TestPwd123 ${False} ${False} ${HTTP_FORBIDDEN} 101 102 # Send CSR request from ReadOnly user. 103 readonly_user TestPwd123 ${False} ${False} ${HTTP_FORBIDDEN} 104 105 # Send CSR request from NoAccess user. 106 # noaccess_user TestPwd123 ${False} ${False} ${HTTP_FORBIDDEN} 107 108 109Get Root Certificate When VMI Is Off And Verify 110 [Documentation] Get root certificate when vmi is off and verify. 111 [Tags] Get_Root_Certificate_When_VMI_Is_Off_And_Verify 112 [Setup] Redfish Power Off 113 [Teardown] Run Keywords Redfish Power On stack_mode=skip AND 114 ... Wait For Host Boot Progress To Reach Required State 115 [Template] Get Root Certificate 116 117 # username password force_create valid_csr valid_status_code 118 ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 119 120 # Request root certificate from operator user. 121 # operator_user TestPwd123 ${False} ${True} ${HTTP_FORBIDDEN} 122 123 # Request root certificate from ReadOnly user. 124 readonly_user TestPwd123 ${False} ${True} ${HTTP_FORBIDDEN} 125 126 # Request root certificate from NoAccess user. 127 # noaccess_user TestPwd123 ${False} ${True} ${HTTP_FORBIDDEN} 128 129 130Get Root Certificate After BMC Reboot And Verify 131 [Documentation] Get root certificate after bmc reboot and verify. 132 [Tags] Get_Root_Certificate_After_BMC_Reboot_And_Verify 133 [Setup] Run Keywords OBMC Reboot (off) stack_mode=skip AND Redfish Power On 134 [Template] Get Root Certificate 135 136 # username password force_create valid_csr valid_status_code 137 ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 138 139 # Request root certificate from operator user. 140 # operator_user TestPwd123 ${False} ${True} ${HTTP_FORBIDDEN} 141 142 # Request root certificate from ReadOnly user. 143 readonly_user TestPwd123 ${False} ${True} ${HTTP_FORBIDDEN} 144 145 # Request root certificate from NoAccess user. 146 # noaccess_user TestPwd123 ${False} ${True} ${HTTP_FORBIDDEN} 147 148 149Get Concurrent Root Certificate Requests From Multiple Admin Users 150 [Documentation] Get multiple concurrent root certificate requests from multiple admins 151 ... and verify no errors. 152 [Tags] Get_Concurrent_Root_Certificate_Requests_From_Multiple_Admin_Users 153 154 FOR ${i} IN RANGE ${5} 155 ${dict}= Execute Process Multi Keyword ${5} 156 ... Get Root Certificate ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 157 ... Get Root Certificate ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 158 ... Get Root Certificate ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 159 Dictionary Should Not Contain Value ${dict} False 160 ... msg=One or more operations has failed. 161 END 162 163 164Get Concurrent CSR Requests From Multiple Admin Users 165 [Documentation] Get multiple concurrent csr requests from multiple admins and verify no errors. 166 [Tags] Get_Concurrent_CSR_Requests_From_Multiple_Admin_Users 167 168 FOR ${i} IN RANGE ${5} 169 ${dict}= Execute Process Multi Keyword ${5} 170 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 171 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 172 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 173 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 174 Dictionary Should Not Contain Value ${dict} False 175 ... msg=One or more operations has failed. 176 END 177 178 179Get Concurrent Corrupted CSR Requests From Multiple Admin Users 180 [Documentation] Get multiple concurrent corrupted csr requests from multiple admins and verify no errors. 181 [Tags] Get_Concurrent_Corrupted_CSR_Requests_From_Multiple_Admin_Users 182 183 FOR ${i} IN RANGE ${5} 184 ${dict}= Execute Process Multi Keyword ${5} 185 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_BAD_REQUEST} 186 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_BAD_REQUEST} 187 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_BAD_REQUEST} 188 Dictionary Should Not Contain Value ${dict} False 189 ... msg=One or more operations has failed. 190 END 191 192 193*** Comment *** 194 195Get Concurrent Root Certificate Request From Operator Users 196 [Documentation] Get multiple concurrent root certificate from non admin users and verify no errors. 197 [Tags] Get_Concurrent_Root_Certificate_Request_From_Operator_Users 198 199 FOR ${i} IN RANGE ${5} 200 ${dict}= Execute Process Multi Keyword ${5} 201 ... Get Root Certificate operator_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN} 202 ... Get Root Certificate operator_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN} 203 ... Get Root Certificate operator_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN} 204 Dictionary Should Not Contain Value ${dict} False 205 ... msg=One or more operations has failed. 206 END 207 208 209*** Test Cases *** 210 211Get Concurrent Root Certificate Request From Admin And Non Admin Users 212 [Documentation] Get multiple concurrent root certificate from admin and non admin users 213 ... and verify no errors. 214 [Tags] Get_Concurrent_Root_Certificate_Request_From_Admin_And_Non_Admin_Users 215 216 FOR ${i} IN RANGE ${5} 217 ${dict}= Execute Process Multi Keyword ${5} 218 ... Get Root Certificate ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 219 ... Get Root Certificate readonly_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN} 220 Dictionary Should Not Contain Value ${dict} False 221 ... msg=One or more operations has failed. 222 END 223 224 225*** Comment *** 226 227Get Concurrent Root Certificate Request From Different Non Admin Users 228 [Documentation] Get multiple concurrent root certificate from different non admin users 229 ... and verify no errors. 230 [Tags] Get_Concurrent_Root_Certificate_Request_From_Different_Non_Admin_Users 231 232 FOR ${i} IN RANGE ${5} 233 ${dict}= Execute Process Multi Keyword ${5} 234 ... Get Root Certificate operator_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN} 235 ... Get Root Certificate readonly_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN} 236 ... Get Root Certificate noaccess_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN} 237 Dictionary Should Not Contain Value ${dict} False 238 ... msg=One or more operations has failed. 239 END 240 241 242Get Concurrent CSR Request From Operator Users 243 [Documentation] Get multiple concurrent csr request from non admin users and verify no errors. 244 [Tags] Get_Concurrent_CSR_Request_From_Operator_Users 245 246 FOR ${i} IN RANGE ${5} 247 ${dict}= Execute Process Multi Keyword ${5} 248 ... Get Certificate Signed By VMI operator_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN} 249 ... Get Certificate Signed By VMI operator_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN} 250 ... Get Certificate Signed By VMI operator_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN} 251 Dictionary Should Not Contain Value ${dict} False 252 ... msg=One or more operations has failed. 253 END 254 255 256*** Test Cases *** 257 258Get Root Certificate And Send CSR Request Concurrently And Verify 259 [Documentation] Get root certificate and send csr request concurrently and 260 ... verify gets root and signed certificate. 261 [Tags] Get_Root_Certificate_And_Send_CSR_Request_Concurrently_And_Verify 262 263 FOR ${i} IN RANGE ${5} 264 ${dict}= Execute Process Multi Keyword ${5} 265 ... Get Root Certificate ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 266 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 267 Dictionary Should Not Contain Value ${dict} False 268 ... msg=One or more operations has failed. 269 END 270 271 272Get Concurrent Root Certificate And Send CSR Request And Verify 273 [Documentation] Get concurrent root certificate and send csr request 274 ... and verify gets root certificate and signed certificate. 275 [Tags] Get_Concurrent_Root_Certificate_And_Send_CSR_Request_And_Verify 276 277 FOR ${i} IN RANGE ${5} 278 ${dict}= Execute Process Multi Keyword ${5} 279 ... Get Root Certificate ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 280 ... Get Root Certificate ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 281 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 282 Dictionary Should Not Contain Value ${dict} False 283 ... msg=One or more operations has failed. 284 END 285 286 287Get Root Certificate And Send Multiple CSR Requests Concurrently And Verify 288 [Documentation] Get root certificate and send multiple csr requests concurrently and 289 ... verify gets root certificate and signed certificates. 290 [Tags] Get_Root_Certificate_And_Send_Multiple_CSR_Requests_Concurrently_And_Verify 291 292 FOR ${i} IN RANGE ${5} 293 ${dict}= Execute Process Multi Keyword ${5} 294 ... Get Root Certificate ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 295 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 296 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 297 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 298 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 299 Dictionary Should Not Contain Value ${dict} False 300 ... msg=One or more operations has failed. 301 END 302 303 304Get Root Certificate And Send Multiple Corrupted CSR Requests Concurrently And Verify 305 [Documentation] Get root certificate and send multiple corrupted csr requests concurrently and 306 ... verify gets root certificate and error for corrupted csr requests. 307 [Tags] Get_Root_Certificate_And_Send_Multiple_Corrupted_CSR_Requests_Concurrently_And_Verify 308 309 FOR ${i} IN RANGE ${5} 310 ${dict}= Execute Process Multi Keyword ${5} 311 ... Get Root Certificate ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 312 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_BAD_REQUEST} 313 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_BAD_REQUEST} 314 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_BAD_REQUEST} 315 Dictionary Should Not Contain Value ${dict} False 316 ... msg=One or more operations has failed. 317 END 318 319 320Send Concurrent CSR Request And Corrupted CSR Request And Verify 321 [Documentation] Send concurrent csr request and corrupted csr request 322 ... and verify gets certificate for valid csr and error for corrupted csr. 323 [Tags] Send_Concurrent_CSR_Request_And_Corrupted_CSR_Request_And_Verify 324 325 FOR ${i} IN RANGE ${5} 326 ${dict}= Execute Process Multi Keyword ${5} 327 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 328 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 329 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_BAD_REQUEST} 330 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_BAD_REQUEST} 331 Dictionary Should Not Contain Value ${dict} False 332 ... msg=One or more operations has failed. 333 END 334 335 336Get Root Certificate Send CSR And Corrupted CSR Request Concurrently And Verify 337 [Documentation] Get root certificate send csr and corrupted csr requests concurrently and 338 ... verify gets root certificate and certificate for valid csr and error for corrupted csr. 339 [Tags] Get_Root_Certificate_Send_CSR_And_Corrupted_CSR_Request_Concurrently_And_Verify 340 341 FOR ${i} IN RANGE ${5} 342 ${dict}= Execute Process Multi Keyword ${5} 343 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 344 ... Get Root Certificate ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 345 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_BAD_REQUEST} 346 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_BAD_REQUEST} 347 Dictionary Should Not Contain Value ${dict} False 348 ... msg=One or more operations has failed. 349 END 350 351 352Send Concurrent CSR Request From Admin And Non Admin Users And Verify 353 [Documentation] Send concurrent csr requests from admin and non-admin users and verify 354 ... admin gets certificate and non-admin gets error. 355 [Tags] Send_Concurrent_CSR_Request_From_Admin_And_Non_Admin_Users_And_Verify 356 357 FOR ${i} IN RANGE ${5} 358 ${dict}= Execute Process Multi Keyword ${5} 359 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 360 ... Get Certificate Signed By VMI readonly_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN} 361 Dictionary Should Not Contain Value ${dict} False 362 ... msg=One or more operations has failed. 363 END 364 365 366*** Comment *** 367 368Send Concurrent CSR Request From Non Admin Users And Verify 369 [Documentation] Send concurrent csr request from non admin users 370 ... and verify gets error. 371 [Tags] Send_Concurrent_CSR_Request_From_Non_Admin_Users_And_Verify 372 373 FOR ${i} IN RANGE ${5} 374 ${dict}= Execute Process Multi Keyword ${5} 375 ... Get Certificate Signed By VMI operator_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN} 376 ... Get Certificate Signed By VMI readonly_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN} 377 ... Get Certificate Signed By VMI noaccess_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN} 378 Dictionary Should Not Contain Value ${dict} False 379 ... msg=One or more operations has failed. 380 END 381 382 383Get Root Certificate And Send Corrupted CSR From Admin CSR Request From Operator Concurrently 384 [Documentation] Get root certificate and send corrupted csr request from admin and 385 ... csr from operator concurrently and verify gets root certificate and errors for corrupted 386 ... and for operator. 387 [Tags] Get_Root_Certificate_And_Send_Corrupted_CSR_From_Admin_CSR_Request_From_Operator_Concurrently 388 389 FOR ${i} IN RANGE ${5} 390 ${dict}= Execute Process Multi Keyword ${5} 391 ... Get Root Certificate ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 392 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_BAD_REQUEST} 393 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_BAD_REQUEST} 394 ... Get Certificate Signed By VMI operator_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN} 395 Dictionary Should Not Contain Value ${dict} False 396 ... msg=One or more operations has failed. 397 END 398 399 400Get Root Certificate From Operator And Send Corrupted CSR Request And CSR Request From Admin Concurrently 401 [Documentation] Get root certificate from operator and send corrupted csr request 402 ... and csr from admin and verify errors for operator and corrupted csr and signed certificate 403 ... for valid csr. 404 [Tags] Get_Root_Certificate_From_Operator_And_Send_Corrupted_CSR_Request_And_CSR_Request_From_Admin_Concurrently 405 406 FOR ${i} IN RANGE ${5} 407 ${dict}= Execute Process Multi Keyword ${5} 408 ... Get Root Certificate operator_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN} 409 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_BAD_REQUEST} 410 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_BAD_REQUEST} 411 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 412 Dictionary Should Not Contain Value ${dict} False 413 ... msg=One or more operations has failed. 414 END 415 416 417Get Root Certificate From Operator And Admin Send CSR Request From Admin Concurrently 418 [Documentation] Get root certificate from operator and admin and 419 ... and send csr request from admin concurrently and verify error for operator 420 ... and admin gets root and signed certificate. 421 [Tags] Get_Root_Certificate_From_Operator_And_Admin_Send_CSR_Request_From_Admin_Concurrently 422 423 FOR ${i} IN RANGE ${5} 424 ${dict}= Execute Process Multi Keyword ${5} 425 ... Get Root Certificate operator_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN} 426 ... Get Root Certificate ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 427 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 428 Dictionary Should Not Contain Value ${dict} False 429 ... msg=One or more operations has failed. 430 END 431 432 433Send CSR Request From Admin And Operator And Corrupted CSR From Admin Concurrently And Verify 434 [Documentation] Send csr request from admin and operator and corrupted 435 ... csr request from admin and verify gets signed certificate for valid csr for admin 436 ... gets error for operator and error for corrupted csr. 437 [Tags] Send_CSR_Request_From_Admin_And_Operator_And_Corrupted_CSR_From_Admin_Concurrently_And_Verify 438 439 FOR ${i} IN RANGE ${5} 440 ${dict}= Execute Process Multi Keyword ${5} 441 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 442 ... Get Certificate Signed By VMI operator_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN} 443 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_BAD_REQUEST} 444 Dictionary Should Not Contain Value ${dict} False 445 ... msg=One or more operations has failed. 446 END 447 448 449Send Corrupted CSR Requests From Admin And Operator And CSR Request From Admin Concurrently And Verify 450 [Documentation] Send corrupted csr request from admin and operator and csr request 451 ... from admin concurrently and verify errors for corrupted csr and gets signed certificate 452 ... for valid csr from admin. 453 [Tags] Send_Corrupted_CSR_Requests_From_Admin_And_Operator_And_CSR_Request_From_Admin_Concurrently_And_Verify 454 455 FOR ${i} IN RANGE ${5} 456 ${dict}= Execute Process Multi Keyword ${5} 457 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_BAD_REQUEST} 458 ... Get Certificate Signed By VMI operator_user TestPwd123 ${True} ${False} ${HTTP_FORBIDDEN} 459 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 460 Dictionary Should Not Contain Value ${dict} False 461 ... msg=One or more operations has failed. 462 END 463 464 465Send Corrupted CSR Requests From Admin And Operator User Concurrently And Verify 466 [Documentation] Send corrupted csr requests from admin and operator and 467 ... verify gets error. 468 [Tags] Send_Corrupted_CSR_Requests_From_Admin_And_Operator_User_Concurrently_And_Verify 469 470 FOR ${i} IN RANGE ${5} 471 ${dict}= Execute Process Multi Keyword ${5} 472 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_BAD_REQUEST} 473 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_BAD_REQUEST} 474 ... Get Certificate Signed By VMI operator_user TestPwd123 ${True} ${False} ${HTTP_FORBIDDEN} 475 Dictionary Should Not Contain Value ${dict} False 476 ... msg=One or more operations has failed. 477 END 478 479 480*** Test Cases *** 481 482Get Root Certificate From Admin And Send CSR Requests From Non Admin Concurrently And Verify 483 [Documentation] Get root certificate from admin and csr requests from 484 ... non admin users concurrently and verify gets root certificate for admin and 485 ... errors for non-admins. 486 [Tags] Get_Root_Certificate_From_Admin_And_Send_CSR_Requests_From_Non_Admin_Concurrently_And_Verify 487 488 FOR ${i} IN RANGE ${5} 489 ${dict}= Execute Process Multi Keyword ${5} 490 ... Get Root Certificate ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 491 ... Get Certificate Signed By VMI readonly_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN} 492 Dictionary Should Not Contain Value ${dict} False 493 ... msg=One or more operations has failed. 494 END 495 496 497Get Root Certificate And Send CSR Requests From Non Admin Users Concurrently And Verify 498 [Documentation] Get root certificate and send csr requests from non admin 499 ... users and verify gets errors. 500 [Tags] Get_Root_Certificate_And_Send_CSR_Requests_From_Non_Admin_Users_Concurrently_And_Verify 501 502 FOR ${i} IN RANGE ${5} 503 ${dict}= Execute Process Multi Keyword ${5} 504 ... Get Root Certificate readonly_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN} 505 ... Get Certificate Signed By VMI readonly_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN} 506 Dictionary Should Not Contain Value ${dict} False 507 ... msg=One or more operations has failed. 508 END 509 510 511Send Corrupted CSR Request From Admin And CSR Requests From Non Admin Concurrently And Verify 512 [Documentation] Send corrupted csr request from admin and csr request from non admin 513 ... users concurrently and verify gets errors. 514 [Tags] Send_Corrupted_CSR_Request_From_Admin_And_CSR_Requests_From_Non_Admin_Concurrently_And_Verify 515 516 FOR ${i} IN RANGE ${5} 517 ${dict}= Execute Process Multi Keyword ${5} 518 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_BAD_REQUEST} 519 ... Get Certificate Signed By VMI readonly_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN} 520 Dictionary Should Not Contain Value ${dict} False 521 ... msg=One or more operations has failed. 522 END 523 524 525Send CSR Request And Corrupted CSR Requests From Non Admin Users Concurrently And Verify 526 [Documentation] Send csr and corrupted csr request from non admin users 527 ... and verify gets errors. 528 [Tags] Send_CSR_Request_And_Corrupted_CSR_Requests_From_Non_Admin_Users_Concurrently_And_Verify 529 530 FOR ${i} IN RANGE ${5} 531 ${dict}= Execute Process Multi Keyword ${5} 532 ... Get Certificate Signed By VMI readonly_user TestPwd123 ${True} ${False} ${HTTP_FORBIDDEN} 533 ... Get Certificate Signed By VMI readonly_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN} 534 Dictionary Should Not Contain Value ${dict} False 535 ... msg=One or more operations has failed. 536 END 537 538 539*** Comment *** 540 541Get Root Certificate And Send CSR Requests From Admin And Operator Concurrently And Verify 542 [Documentation] Get root certificate from admin and send csr requests 543 ... from admin and operator concurrently and verify gets root certificate 544 ... and signed certificate and gets error for operator. 545 [Tags] Get_Root_Certificate_And_Send_CSR_Requests_From_Admin_And_Operator_Concurrently_And_Verify 546 547 FOR ${i} IN RANGE ${5} 548 ${dict}= Execute Process Multi Keyword ${5} 549 ... Get Root Certificate ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 550 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 551 ... Get Certificate Signed By VMI operator_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN} 552 Dictionary Should Not Contain Value ${dict} False 553 ... msg=One or more operations has failed. 554 END 555 556 557Get Root Certificate And Send Corrupted CSR Requests From Admin And Operator Concurrently And Verify 558 [Documentation] Get root certificate from admin and send corrupted csr requests 559 ... from admin and operator concurrently and verify gets root certificate and errors 560 ... for corrupted csr. 561 [Tags] Get_Root_Certificate_And_Send_Corrupted_CSR_Requests_From_Admin_And_Operator_Concurrently_And_Verify 562 563 FOR ${i} IN RANGE ${5} 564 ${dict}= Execute Process Multi Keyword ${5} 565 ... Get Root Certificate ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 566 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_BAD_REQUEST} 567 ... Get Certificate Signed By VMI operator_user TestPwd123 ${True} ${False} ${HTTP_FORBIDDEN} 568 Dictionary Should Not Contain Value ${dict} False 569 ... msg=One or more operations has failed. 570 END 571 572 573*** Keywords *** 574 575Generate CSR String 576 [Documentation] Generate a csr string. 577 578 # Note: Generates and returns csr string. 579 ${csr_gen_time} = Get Current Date Time 580 ${CSR_FILE}= Catenate SEPARATOR=_ ${csr_gen_time} csr_server.csr 581 ${CSR_KEY}= Catenate SEPARATOR=_ ${csr_gen_time} csr_server.key 582 Set Test Variable ${CSR_FILE} 583 Set Test Variable ${CSR_KEY} 584 ${ssl_cmd}= Set Variable openssl req -new -newkey rsa:2048 -nodes -keyout ${CSR_KEY} -out ${CSR_FILE} 585 ${ssl_sub}= Set Variable 586 ... -subj "/C=XY/ST=Abcd/L=Efgh/O=ABC/OU=Systems/CN=abc.com/emailAddress=xyz@xx.ABC.com" 587 588 # Run openssl command to create a new private key and use that to generate a CSR string 589 # in server.csr file. 590 ${output}= Run ${ssl_cmd} ${ssl_sub} 591 ${csr}= OperatingSystem.Get File ${CSR_FILE} 592 593 [Return] ${csr} 594 595 596Send CSR To VMI And Get Signed 597 [Documentation] Upload CSR to VMI and get signed. 598 [Arguments] ${csr} ${force_create} ${username} ${password} ${read_timeout} 599 600 # Description of argument(s): 601 # csr Certificate request from client to VMI. 602 # force_create Create a new REST session if True. 603 # username Username to create a REST session. 604 # password Password to create a REST session. 605 606 Run Keyword If "${XAUTH_TOKEN}" != "${EMPTY}" or ${force_create} == ${True} 607 ... Initialize OpenBMC rest_username=${username} rest_password=${password} 608 609 ${data}= Create Dictionary 610 ${headers}= Create Dictionary X-Auth-Token=${XAUTH_TOKEN} 611 ... Content-Type=application/json 612 613 ${cert_uri}= Set Variable ${VMI_BASE_URI}Host/Actions/SignCSR 614 615 # For SignCSR request, we need to pass CSR string generated by openssl command. 616 ${csr_data}= Create Dictionary CsrString ${csr} 617 618 ${resp}= POST On Session openbmc ${cert_uri} json=${csr_data} headers=${headers} 619 ... timeout=${read_timeout} expected_status=any 620 Log to console ${resp.content} 621 622 [Return] ${resp} 623 624 625Get Root Certificate 626 [Documentation] Get root certificate from VMI. 627 [Arguments] ${username}=${OPENBMC_USERNAME} ${password}=${OPENBMC_PASSWORD} 628 ... ${force_create}=${False} ${valid_csr}=${True} ${valid_status_code}=${HTTP_OK} 629 630 # Description of argument(s): 631 # cert_type Type of the certificate requesting. eg. root or SignCSR. 632 # username Username to create a REST session. 633 # password Password to create a REST session. 634 # force_create Create a new REST session if True. 635 # valid_csr Uses valid CSR string in the REST request if True. 636 # This is not applicable for root certificate. 637 # valid_status_code Expected status code from REST request. 638 639 Run Keyword If "${XAUTH_TOKEN}" != "${EMPTY}" or ${force_create} == ${True} 640 ... Initialize OpenBMC rest_username=${username} rest_password=${password} 641 642 ${data}= Create Dictionary 643 ${headers}= Create Dictionary X-Auth-Token=${XAUTH_TOKEN} 644 ... Content-Type=application/json 645 646 ${cert_uri}= Set Variable ${VMI_BASE_URI}Host/Certificate/root 647 648 ${resp}= GET On Session openbmc ${cert_uri} &{data} headers=${headers} 649 ... expected_status=any 650 651 Should Be Equal As Strings ${resp.status_code} ${valid_status_code} 652 Return From Keyword If ${resp.status_code} != ${HTTP_OK} 653 654 ${cert}= Evaluate json.loads('''${resp.text}''', strict=False) json 655 Should Contain ${cert["Certificate"]} BEGIN CERTIFICATE 656 Should Contain ${cert["Certificate"]} END CERTIFICATE 657 658 659Get Subject 660 [Documentation] Generate a csr string. 661 [Arguments] ${file_name} ${is_csr_file} 662 663 # Description of argument(s): 664 # file_name Name of CSR or signed CERT file. 665 # is_csr_file A True value means a CSR while a False is for signed CERT file. 666 667 ${subject}= Run Keyword If ${is_csr_file} 668 ... Run openssl req -in ${file_name} -text -noout | grep Subject: 669 ... ELSE 670 ... Run openssl x509 -in ${file_name} -text -noout | grep Subject: 671 672 [Return] ${subject} 673 674 675Get Public Key 676 [Documentation] Generate a csr string. 677 [Arguments] ${file_name} ${is_csr_file} 678 679 # Description of argument(s): 680 # file_name Name of CSR or CERT file. 681 # is_csr_file A True value means a CSR while a False is for signed CERT file. 682 683 ${PublicKey}= Run Keyword If ${is_csr_file} Run openssl req -in ${file_name} -noout -pubkey 684 ... ELSE Run openssl x509 -in ${file_name} -noout -pubkey 685 686 [Return] ${PublicKey} 687 688 689Get Certificate Signed By VMI 690 [Documentation] Get signed certificate from VMI. 691 [Arguments] ${username}=${OPENBMC_USERNAME} ${password}=${OPENBMC_PASSWORD} 692 ... ${force_create}=${False} ${valid_csr}=${True} ${valid_status_code}=${HTTP_OK} 693 ... ${read_timeout}=20 694 695 # Description of argument(s): 696 # cert_type Type of the certificate requesting. eg. root or SignCSR. 697 # username Username to create a REST session. 698 # password Password to create a REST session. 699 # force_create Create a new REST session if True. 700 # valid_csr Uses valid CSR string in the REST request if True. 701 # This is not applicable for root certificate. 702 # valid_status_code Expected status code from REST request. 703 704 Set Test Variable ${CSR} CSR 705 Set Test Variable ${CORRUPTED_CSR} CORRUPTED_CSR 706 707 ${CSR}= Generate CSR String 708 ${csr_left} ${csr_right}= Split String From Right ${CSR} == 1 709 ${CORRUPTED_CSR}= Catenate SEPARATOR= ${csr_left} \N ${csr_right} 710 711 # For SignCSR request, we need to pass CSR string generated by openssl command 712 ${csr_str}= Set Variable If ${valid_csr} == ${True} ${CSR} ${CORRUPTED_CSR} 713 714 ${resp}= Send CSR To VMI And Get Signed ${csr_str} ${force_create} ${username} ${password} 715 ... ${read_timeout} 716 717 Should Be Equal As Strings ${resp.status_code} ${valid_status_code} 718 Return From Keyword If ${resp.status_code} != ${HTTP_OK} 719 720 ${cert}= Evaluate json.loads('''${resp.text}''', strict=False) json 721 Should Contain ${cert["Certificate"]} BEGIN CERTIFICATE 722 Should Contain ${cert["Certificate"]} END CERTIFICATE 723 724 # Now do subject and public key verification 725 ${subject_csr}= Get Subject ${CSR_FILE} True 726 ${pubKey_csr}= Get Public Key ${CSR_FILE} True 727 728 # create a crt file with certificate string 729 ${signed_cert}= Set Variable ${cert["Certificate"]} 730 ${testcert_gen_time} = Get Current Date Time 731 ${test_cert_file}= Catenate SEPARATOR=_ ${testcert_gen_time} test_certificate.cert 732 733 Create File ${test_cert_file} ${signed_cert} 734 ${subject_signed_csr}= Get Subject ${test_cert_file} False 735 ${pubKey_signed_csr}= Get Public Key ${test_cert_file} False 736 737 Should be equal as strings ${subject_signed_csr} ${subject_csr} 738 Should be equal as strings ${pubKey_signed_csr} ${pubKey_csr} 739 740 741Suite Setup Execution 742 [Documentation] Suite setup execution. 743 744 Remove Files *.csr *.key *.cert 745 # Create different user accounts. 746 Redfish.Login 747 748 Redfish Power Off 749 Set BIOS Attribute pvm_hmc_managed Enabled 750 751 Redfish Power On 752 Wait For Host Boot Progress To Reach Required State 753 Create Users With Different Roles users=${USERS} force=${True} 754 755 756Suite Teardown Execution 757 [Documentation] Suite teardown execution. 758 759 Remove Files *.csr *.key *.cert 760 Delete BMC Users Via Redfish users=${USERS} 761 Delete All Sessions 762 Redfish.Logout 763