1*** Settings *** 2 3Documentation VMI certificate exchange tests. 4 5Library ../../lib/jobs_processing.py 6Resource ../../lib/resource.robot 7Resource ../../lib/bmc_redfish_resource.robot 8Resource ../../lib/openbmc_ffdc.robot 9Resource ../../lib/bmc_redfish_utils.robot 10Resource ../../lib/utils.robot 11 12Suite Setup Suite Setup Execution 13Test Teardown FFDC On Test Case Fail 14Suite Teardown Suite Teardown Execution 15 16 17*** Variables *** 18 19# users User Name password 20@{ADMIN} admin_user TestPwd123 21@{OPERATOR} operator_user TestPwd123 22@{ReadOnly} readonly_user TestPwd123 23@{NoAccess} noaccess_user TestPwd123 24# Removing Operator, need to add it back once support is given. 25&{USERS} Administrator=${ADMIN} ReadOnly=${ReadOnly} 26${VMI_BASE_URI} /ibm/v1/ 27 28 29*** Test Cases *** 30 31Get CSR Request Signed By VMI And Verify 32 [Documentation] Get CSR request signed by VMI using different user roles and verify. 33 [Tags] Get_CSR_Request_Signed_By_VMI_And_Verify 34 [Template] Get Certificate Signed By VMI 35 36 # username password force_create valid_csr valid_status_code 37 ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 38 39 # Send CSR request from operator user. 40 # operator_user TestPwd123 ${False} ${True} ${HTTP_FORBIDDEN} 41 42 # Send CSR request from ReadOnly user. 43 readonly_user TestPwd123 ${False} ${True} ${HTTP_FORBIDDEN} 44 45 # Send CSR request from NoAccess user. 46 # noaccess_user TestPwd123 ${False} ${True} ${HTTP_FORBIDDEN} 47 48 49Get Root Certificate Using Different Privilege Users Role 50 [Documentation] Get root certificate using different users. 51 [Tags] Get_Root_Certificate_Using_Different_Privilege_Users_Role 52 [Template] Get Root Certificate 53 54 # username password force_create valid_csr valid_status_code 55 # Request root certificate from admin user. 56 admin_user TestPwd123 ${True} ${True} ${HTTP_OK} 57 58 # Request root certificate from operator user. 59 # operator_user TestPwd123 ${False} ${True} ${HTTP_FORBIDDEN} 60 61 # Request root certificate from ReadOnly user. 62 readonly_user TestPwd123 ${False} ${True} ${HTTP_FORBIDDEN} 63 64 # Request root certificate from NoAccess user. 65 # noaccess_user TestPwd123 ${False} ${True} ${HTTP_FORBIDDEN} 66 67 68Send CSR Request When VMI Is Off And Verify 69 [Documentation] Send CSR signing request to VMI when it is off and expect an error. 70 [Tags] Send_CSR_Request_When_VMI_Is_Off_And_Verify 71 [Setup] Redfish Power Off 72 [Teardown] Run keywords Redfish Power On stack_mode=skip AND FFDC On Test Case Fail 73 [Template] Get Certificate Signed By VMI 74 75 # username password force_create valid_csr valid_status_code read_timeout 76 ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_SERVICE_UNAVAILABLE} 60 77 78 # Send CSR request from operator user. 79 # operator_user TestPwd123 ${False} ${True} ${HTTP_FORBIDDEN} 80 81 # Send CSR request from ReadOnly user. 82 readonly_user TestPwd123 ${False} ${True} ${HTTP_FORBIDDEN} 83 84 # Send CSR request from NoAccess user. 85 # noaccess_user TestPwd123 ${False} ${True} ${HTTP_FORBIDDEN} 86 87 88Get Corrupted CSR Request Signed By VMI And Verify 89 [Documentation] Send corrupted CSR for signing and expect an error. 90 [Tags] Get_Corrupted_CSR_Request_Signed_By_VMI_And_Verify 91 [Template] Get Certificate Signed By VMI 92 93 # username password force_create valid_csr valid_status_code read_timeout 94 ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_BAD_REQUEST} 60 95 96 # Send CSR request from operator user. 97 # operator_user TestPwd123 ${False} ${False} ${HTTP_FORBIDDEN} 98 99 # Send CSR request from ReadOnly user. 100 readonly_user TestPwd123 ${False} ${False} ${HTTP_FORBIDDEN} 101 102 # Send CSR request from NoAccess user. 103 # noaccess_user TestPwd123 ${False} ${False} ${HTTP_FORBIDDEN} 104 105 106Get Root Certificate When VMI Is Off And Verify 107 [Documentation] Get root certificate when vmi is off and verify. 108 [Tags] Get_Root_Certificate_When_VMI_Is_Off_And_Verify 109 [Setup] Redfish Power Off 110 [Teardown] Run keywords Redfish Power On stack_mode=skip AND FFDC On Test Case Fail 111 [Template] Get Root Certificate 112 113 # username password force_create valid_csr valid_status_code 114 ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 115 116 # Request root certificate from operator user. 117 # operator_user TestPwd123 ${False} ${True} ${HTTP_FORBIDDEN} 118 119 # Request root certificate from ReadOnly user. 120 readonly_user TestPwd123 ${False} ${True} ${HTTP_FORBIDDEN} 121 122 # Request root certificate from NoAccess user. 123 # noaccess_user TestPwd123 ${False} ${True} ${HTTP_FORBIDDEN} 124 125 126Get Root Certificate After BMC Reboot And Verify 127 [Documentation] Get root certificate after bmc reboot and verify. 128 [Tags] Get_Root_Certificate_After_BMC_Reboot_And_Verify 129 [Setup] Run Keywords OBMC Reboot (off) stack_mode=skip AND Redfish Power On 130 [Template] Get Root Certificate 131 132 # username password force_create valid_csr valid_status_code 133 ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 134 135 # Request root certificate from operator user. 136 # operator_user TestPwd123 ${False} ${True} ${HTTP_FORBIDDEN} 137 138 # Request root certificate from ReadOnly user. 139 readonly_user TestPwd123 ${False} ${True} ${HTTP_FORBIDDEN} 140 141 # Request root certificate from NoAccess user. 142 # noaccess_user TestPwd123 ${False} ${True} ${HTTP_FORBIDDEN} 143 144 145Get Concurrent Root Certificate Requests From Multiple Admin Users 146 [Documentation] Get multiple concurrent root certificate requests from multiple admins 147 ... and verify no errors. 148 [Tags] Get_Concurrent_Root_Certificate_Requests_From_Multiple_Admin_Users 149 150 FOR ${i} IN RANGE ${5} 151 ${dict}= Execute Process Multi Keyword ${5} 152 ... Get Root Certificate ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 153 ... Get Root Certificate ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 154 ... Get Root Certificate ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 155 Dictionary Should Not Contain Value ${dict} False 156 ... msg=One or more operations has failed. 157 END 158 159 160Get Concurrent CSR Requests From Multiple Admin Users 161 [Documentation] Get multiple concurrent csr requests from multiple admins and verify no errors. 162 [Tags] Get_Concurrent_CSR_Requests_From_Multiple_Admin_Users 163 164 FOR ${i} IN RANGE ${5} 165 ${dict}= Execute Process Multi Keyword ${5} 166 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 167 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 168 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 169 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 170 Dictionary Should Not Contain Value ${dict} False 171 ... msg=One or more operations has failed. 172 END 173 174 175Get Concurrent Corrupted CSR Requests From Multiple Admin Users 176 [Documentation] Get multiple concurrent corrupted csr requests from multiple admins and verify no errors. 177 [Tags] Get_Concurrent_Corrupted_CSR_Requests_From_Multiple_Admin_Users 178 179 FOR ${i} IN RANGE ${5} 180 ${dict}= Execute Process Multi Keyword ${5} 181 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_BAD_REQUEST} 182 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_BAD_REQUEST} 183 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_BAD_REQUEST} 184 Dictionary Should Not Contain Value ${dict} False 185 ... msg=One or more operations has failed. 186 END 187 188 189*** Comment *** 190 191Get Concurrent Root Certificate Request From Operator Users 192 [Documentation] Get multiple concurrent root certificate from non admin users and verify no errors. 193 [Tags] Get_Concurrent_Root_Certificate_Request_From_Operator_Users 194 195 FOR ${i} IN RANGE ${5} 196 ${dict}= Execute Process Multi Keyword ${5} 197 ... Get Root Certificate operator_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN} 198 ... Get Root Certificate operator_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN} 199 ... Get Root Certificate operator_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN} 200 Dictionary Should Not Contain Value ${dict} False 201 ... msg=One or more operations has failed. 202 END 203 204 205*** Test Cases *** 206 207Get Concurrent Root Certificate Request From Admin And Non Admin Users 208 [Documentation] Get multiple concurrent root certificate from admin and non admin users 209 ... and verify no errors. 210 [Tags] Get_Concurrent_Root_Certificate_Request_From_Admin_And_Non_Admin_Users 211 212 FOR ${i} IN RANGE ${5} 213 ${dict}= Execute Process Multi Keyword ${5} 214 ... Get Root Certificate ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 215 ... Get Root Certificate readonly_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN} 216 Dictionary Should Not Contain Value ${dict} False 217 ... msg=One or more operations has failed. 218 END 219 220 221*** Comment *** 222 223Get Concurrent Root Certificate Request From Different Non Admin Users 224 [Documentation] Get multiple concurrent root certificate from different non admin users 225 ... and verify no errors. 226 [Tags] Get_Concurrent_Root_Certificate_Request_From_Different_Non_Admin_Users 227 228 FOR ${i} IN RANGE ${5} 229 ${dict}= Execute Process Multi Keyword ${5} 230 ... Get Root Certificate operator_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN} 231 ... Get Root Certificate readonly_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN} 232 ... Get Root Certificate noaccess_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN} 233 Dictionary Should Not Contain Value ${dict} False 234 ... msg=One or more operations has failed. 235 END 236 237 238Get Concurrent CSR Request From Operator Users 239 [Documentation] Get multiple concurrent csr request from non admin users and verify no errors. 240 [Tags] Get_Concurrent_CSR_Request_From_Operator_Users 241 242 FOR ${i} IN RANGE ${5} 243 ${dict}= Execute Process Multi Keyword ${5} 244 ... Get Certificate Signed By VMI operator_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN} 245 ... Get Certificate Signed By VMI operator_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN} 246 ... Get Certificate Signed By VMI operator_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN} 247 Dictionary Should Not Contain Value ${dict} False 248 ... msg=One or more operations has failed. 249 END 250 251 252*** Test Cases *** 253 254Get Root Certificate And Send CSR Request Concurrently And Verify 255 [Documentation] Get root certificate and send csr request concurrently and 256 ... verify gets root and signed certificate. 257 [Tags] Get_Root_Certificate_And_Send_CSR_Request_Concurrently_And_Verify 258 259 FOR ${i} IN RANGE ${5} 260 ${dict}= Execute Process Multi Keyword ${5} 261 ... Get Root Certificate ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 262 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 263 Dictionary Should Not Contain Value ${dict} False 264 ... msg=One or more operations has failed. 265 END 266 267 268Get Concurrent Root Certificate And Send CSR Request And Verify 269 [Documentation] Get concurrent root certificate and send csr request 270 ... and verify gets root certificate and signed certificate. 271 [Tags] Get_Concurrent_Root_Certificate_And_Send_CSR_Request_And_Verify 272 273 FOR ${i} IN RANGE ${5} 274 ${dict}= Execute Process Multi Keyword ${5} 275 ... Get Root Certificate ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 276 ... Get Root Certificate ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 277 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 278 Dictionary Should Not Contain Value ${dict} False 279 ... msg=One or more operations has failed. 280 END 281 282 283Get Root Certificate And Send Multiple CSR Requests Concurrently And Verify 284 [Documentation] Get root certificate and send multiple csr requests concurrently and 285 ... verify gets root certificate and signed certificates. 286 [Tags] Get_Root_Certificate_And_Send_Multiple_CSR_Requests_Concurrently_And_Verify 287 288 FOR ${i} IN RANGE ${5} 289 ${dict}= Execute Process Multi Keyword ${5} 290 ... Get Root Certificate ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 291 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 292 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 293 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 294 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 295 Dictionary Should Not Contain Value ${dict} False 296 ... msg=One or more operations has failed. 297 END 298 299 300Get Root Certificate And Send Multiple Corrupted CSR Requests Concurrently And Verify 301 [Documentation] Get root certificate and send multiple corrupted csr requests concurrently and 302 ... verify gets root certificate and error for corrupted csr requests. 303 [Tags] Get_Root_Certificate_And_Send_Multiple_Corrupted_CSR_Requests_Concurrently_And_Verify 304 305 FOR ${i} IN RANGE ${5} 306 ${dict}= Execute Process Multi Keyword ${5} 307 ... Get Root Certificate ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 308 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_BAD_REQUEST} 309 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_BAD_REQUEST} 310 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_BAD_REQUEST} 311 Dictionary Should Not Contain Value ${dict} False 312 ... msg=One or more operations has failed. 313 END 314 315 316Send Concurrent CSR Request And Corrupted CSR Request And Verify 317 [Documentation] Send concurrent csr request and corrupted csr request 318 ... and verify gets certificate for valid csr and error for corrupted csr. 319 [Tags] Send_Concurrent_CSR_Request_And_Corrupted_CSR_Request_And_Verify 320 321 FOR ${i} IN RANGE ${5} 322 ${dict}= Execute Process Multi Keyword ${5} 323 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 324 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 325 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_BAD_REQUEST} 326 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_BAD_REQUEST} 327 Dictionary Should Not Contain Value ${dict} False 328 ... msg=One or more operations has failed. 329 END 330 331 332Get Root Certificate Send CSR And Corrupted CSR Request Concurrently And Verify 333 [Documentation] Get root certificate send csr and corrupted csr requests concurrently and 334 ... verify gets root certificate and certificate for valid csr and error for corrupted csr. 335 [Tags] Get_Root_Certificate_Send_CSR_And_Corrupted_CSR_Request_Concurrently_And_Verify 336 337 FOR ${i} IN RANGE ${5} 338 ${dict}= Execute Process Multi Keyword ${5} 339 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 340 ... Get Root Certificate ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 341 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_BAD_REQUEST} 342 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_BAD_REQUEST} 343 Dictionary Should Not Contain Value ${dict} False 344 ... msg=One or more operations has failed. 345 END 346 347 348Send Concurrent CSR Request From Admin And Non Admin Users And Verify 349 [Documentation] Send concurrent csr requests from admin and non-admin users and verify 350 ... admin gets certificate and non-admin gets error. 351 [Tags] Send_Concurrent_CSR_Request_From_Admin_And_Non_Admin_Users_And_Verify 352 353 FOR ${i} IN RANGE ${5} 354 ${dict}= Execute Process Multi Keyword ${5} 355 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 356 ... Get Certificate Signed By VMI readonly_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN} 357 Dictionary Should Not Contain Value ${dict} False 358 ... msg=One or more operations has failed. 359 END 360 361 362*** Comment *** 363 364Send Concurrent CSR Request From Non Admin Users And Verify 365 [Documentation] Send concurrent csr request from non admin users 366 ... and verify gets error. 367 [Tags] Send_Concurrent_CSR_Request_From_Non_Admin_Users_And_Verify 368 369 FOR ${i} IN RANGE ${5} 370 ${dict}= Execute Process Multi Keyword ${5} 371 ... Get Certificate Signed By VMI operator_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN} 372 ... Get Certificate Signed By VMI readonly_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN} 373 ... Get Certificate Signed By VMI noaccess_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN} 374 Dictionary Should Not Contain Value ${dict} False 375 ... msg=One or more operations has failed. 376 END 377 378 379Get Root Certificate And Send Corrupted CSR From Admin CSR Request From Operator Concurrently 380 [Documentation] Get root certificate and send corrupted csr request from admin and 381 ... csr from operator concurrently and verify gets root certificate and errors for corrupted 382 ... and for operator. 383 [Tags] Get_Root_Certificate_And_Send_Corrupted_CSR_From_Admin_CSR_Request_From_Operator_Concurrently 384 385 FOR ${i} IN RANGE ${5} 386 ${dict}= Execute Process Multi Keyword ${5} 387 ... Get Root Certificate ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 388 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_BAD_REQUEST} 389 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_BAD_REQUEST} 390 ... Get Certificate Signed By VMI operator_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN} 391 Dictionary Should Not Contain Value ${dict} False 392 ... msg=One or more operations has failed. 393 END 394 395 396Get Root Certificate From Operator And Send Corrupted CSR Request And CSR Request From Admin Concurrently 397 [Documentation] Get root certificate from operator and send corrupted csr request 398 ... and csr from admin and verify errors for operator and corrupted csr and signed certificate 399 ... for valid csr. 400 [Tags] Get_Root_Certificate_From_Operator_And_Send_Corrupted_CSR_Request_And_CSR_Request_From_Admin_Concurrently 401 402 FOR ${i} IN RANGE ${5} 403 ${dict}= Execute Process Multi Keyword ${5} 404 ... Get Root Certificate operator_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN} 405 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_BAD_REQUEST} 406 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_BAD_REQUEST} 407 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 408 Dictionary Should Not Contain Value ${dict} False 409 ... msg=One or more operations has failed. 410 END 411 412 413Get Root Certificate From Operator And Admin Send CSR Request From Admin Concurrently 414 [Documentation] Get root certificate from operator and admin and 415 ... and send csr request from admin concurrently and verify error for operator 416 ... and admin gets root and signed certificate. 417 [Tags] Get_Root_Certificate_From_Operator_And_Admin_Send_CSR_Request_From_Admin_Concurrently 418 419 FOR ${i} IN RANGE ${5} 420 ${dict}= Execute Process Multi Keyword ${5} 421 ... Get Root Certificate operator_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN} 422 ... Get Root Certificate ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 423 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 424 Dictionary Should Not Contain Value ${dict} False 425 ... msg=One or more operations has failed. 426 END 427 428 429Send CSR Request From Admin And Operator And Corrupted CSR From Admin Concurrently And Verify 430 [Documentation] Send csr request from admin and operator and corrupted 431 ... csr request from admin and verify gets signed certificate for valid csr for admin 432 ... gets error for operator and error for corrupted csr. 433 [Tags] Send_CSR_Request_From_Admin_And_Operator_And_Corrupted_CSR_From_Admin_Concurrently_And_Verify 434 435 FOR ${i} IN RANGE ${5} 436 ${dict}= Execute Process Multi Keyword ${5} 437 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 438 ... Get Certificate Signed By VMI operator_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN} 439 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_BAD_REQUEST} 440 Dictionary Should Not Contain Value ${dict} False 441 ... msg=One or more operations has failed. 442 END 443 444 445Send Corrupted CSR Requests From Admin And Operator And CSR Request From Admin Concurrently And Verify 446 [Documentation] Send corrupted csr request from admin and operator and csr request 447 ... from admin concurrently and verify errors for corrupted csr and gets signed certificate 448 ... for valid csr from admin. 449 [Tags] Send_Corrupted_CSR_Requests_From_Admin_And_Operator_And_CSR_Request_From_Admin_Concurrently_And_Verify 450 451 FOR ${i} IN RANGE ${5} 452 ${dict}= Execute Process Multi Keyword ${5} 453 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_BAD_REQUEST} 454 ... Get Certificate Signed By VMI operator_user TestPwd123 ${True} ${False} ${HTTP_FORBIDDEN} 455 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 456 Dictionary Should Not Contain Value ${dict} False 457 ... msg=One or more operations has failed. 458 END 459 460 461Send Corrupted CSR Requests From Admin And Operator User Concurrently And Verify 462 [Documentation] Send corrupted csr requests from admin and operator and 463 ... verify gets error. 464 [Tags] Send_Corrupted_CSR_Requests_From_Admin_And_Operator_User_Concurrently_And_Verify 465 466 FOR ${i} IN RANGE ${5} 467 ${dict}= Execute Process Multi Keyword ${5} 468 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_BAD_REQUEST} 469 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_BAD_REQUEST} 470 ... Get Certificate Signed By VMI operator_user TestPwd123 ${True} ${False} ${HTTP_FORBIDDEN} 471 Dictionary Should Not Contain Value ${dict} False 472 ... msg=One or more operations has failed. 473 END 474 475 476*** Test Cases *** 477 478Get Root Certificate From Admin And Send CSR Requests From Non Admin Concurrently And Verify 479 [Documentation] Get root certificate from admin and csr requests from 480 ... non admin users concurrently and verify gets root certificate for admin and 481 ... errors for non-admins. 482 [Tags] Get_Root_Certificate_From_Admin_And_Send_CSR_Requests_From_Non_Admin_Concurrently_And_Verify 483 484 FOR ${i} IN RANGE ${5} 485 ${dict}= Execute Process Multi Keyword ${5} 486 ... Get Root Certificate ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 487 ... Get Certificate Signed By VMI readonly_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN} 488 Dictionary Should Not Contain Value ${dict} False 489 ... msg=One or more operations has failed. 490 END 491 492 493Get Root Certificate And Send CSR Requests From Non Admin Users Concurrently And Verify 494 [Documentation] Get root certificate and send csr requests from non admin 495 ... users and verify gets errors. 496 [Tags] Get_Root_Certificate_And_Send_CSR_Requests_From_Non_Admin_Users_Concurrently_And_Verify 497 498 FOR ${i} IN RANGE ${5} 499 ${dict}= Execute Process Multi Keyword ${5} 500 ... Get Root Certificate readonly_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN} 501 ... Get Certificate Signed By VMI readonly_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN} 502 Dictionary Should Not Contain Value ${dict} False 503 ... msg=One or more operations has failed. 504 END 505 506 507Send Corrupted CSR Request From Admin And CSR Requests From Non Admin Concurrently And Verify 508 [Documentation] Send corrupted csr request from admin and csr request from non admin 509 ... users concurrently and verify gets errors. 510 [Tags] Send_Corrupted_CSR_Request_From_Admin_And_CSR_Requests_From_Non_Admin_Concurrently_And_Verify 511 512 FOR ${i} IN RANGE ${5} 513 ${dict}= Execute Process Multi Keyword ${5} 514 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_BAD_REQUEST} 515 ... Get Certificate Signed By VMI readonly_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN} 516 Dictionary Should Not Contain Value ${dict} False 517 ... msg=One or more operations has failed. 518 END 519 520 521Send CSR Request And Corrupted CSR Requests From Non Admin Users Concurrently And Verify 522 [Documentation] Send csr and corrupted csr request from non admin users 523 ... and verify gets errors. 524 [Tags] Send_CSR_Request_And_Corrupted_CSR_Requests_From_Non_Admin_Users_Concurrently_And_Verify 525 526 FOR ${i} IN RANGE ${5} 527 ${dict}= Execute Process Multi Keyword ${5} 528 ... Get Certificate Signed By VMI readonly_user TestPwd123 ${True} ${False} ${HTTP_FORBIDDEN} 529 ... Get Certificate Signed By VMI readonly_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN} 530 Dictionary Should Not Contain Value ${dict} False 531 ... msg=One or more operations has failed. 532 END 533 534 535*** Comment *** 536 537Get Root Certificate And Send CSR Requests From Admin And Operator Concurrently And Verify 538 [Documentation] Get root certificate from admin and send csr requests 539 ... from admin and operator concurrently and verify gets root certificate 540 ... and signed certificate and gets error for operator. 541 [Tags] Get_Root_Certificate_And_Send_CSR_Requests_From_Admin_And_Operator_Concurrently_And_Verify 542 543 FOR ${i} IN RANGE ${5} 544 ${dict}= Execute Process Multi Keyword ${5} 545 ... Get Root Certificate ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 546 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 547 ... Get Certificate Signed By VMI operator_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN} 548 Dictionary Should Not Contain Value ${dict} False 549 ... msg=One or more operations has failed. 550 END 551 552 553Get Root Certificate And Send Corrupted CSR Requests From Admin And Operator Concurrently And Verify 554 [Documentation] Get root certificate from admin and send corrupted csr requests 555 ... from admin and operator concurrently and verify gets root certificate and errors 556 ... for corrupted csr. 557 [Tags] Get_Root_Certificate_And_Send_Corrupted_CSR_Requests_From_Admin_And_Operator_Concurrently_And_Verify 558 559 FOR ${i} IN RANGE ${5} 560 ${dict}= Execute Process Multi Keyword ${5} 561 ... Get Root Certificate ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 562 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_BAD_REQUEST} 563 ... Get Certificate Signed By VMI operator_user TestPwd123 ${True} ${False} ${HTTP_FORBIDDEN} 564 Dictionary Should Not Contain Value ${dict} False 565 ... msg=One or more operations has failed. 566 END 567 568 569*** Keywords *** 570 571Generate CSR String 572 [Documentation] Generate a csr string. 573 574 # Note: Generates and returns csr string. 575 ${csr_gen_time} = Get Current Date Time 576 ${CSR_FILE}= Catenate SEPARATOR=_ ${csr_gen_time} csr_server.csr 577 ${CSR_KEY}= Catenate SEPARATOR=_ ${csr_gen_time} csr_server.key 578 Set Test Variable ${CSR_FILE} 579 Set Test Variable ${CSR_KEY} 580 ${ssl_cmd}= Set Variable openssl req -new -newkey rsa:2048 -nodes -keyout ${CSR_KEY} -out ${CSR_FILE} 581 ${ssl_sub}= Set Variable 582 ... -subj "/C=XY/ST=Abcd/L=Efgh/O=ABC/OU=Systems/CN=abc.com/emailAddress=xyz@xx.ABC.com" 583 584 # Run openssl command to create a new private key and use that to generate a CSR string 585 # in server.csr file. 586 ${output}= Run ${ssl_cmd} ${ssl_sub} 587 ${csr}= OperatingSystem.Get File ${CSR_FILE} 588 589 [Return] ${csr} 590 591 592Send CSR To VMI And Get Signed 593 [Documentation] Upload CSR to VMI and get signed. 594 [Arguments] ${csr} ${force_create} ${username} ${password} ${read_timeout} 595 596 # Description of argument(s): 597 # csr Certificate request from client to VMI. 598 # force_create Create a new REST session if True. 599 # username Username to create a REST session. 600 # password Password to create a REST session. 601 602 Run Keyword If "${XAUTH_TOKEN}" != "${EMPTY}" or ${force_create} == ${True} 603 ... Initialize OpenBMC rest_username=${username} rest_password=${password} 604 605 ${data}= Create Dictionary 606 ${headers}= Create Dictionary X-Auth-Token=${XAUTH_TOKEN} 607 ... Content-Type=application/json 608 609 ${cert_uri}= Set Variable ${VMI_BASE_URI}Host/Actions/SignCSR 610 611 # For SignCSR request, we need to pass CSR string generated by openssl command. 612 ${csr_data}= Create Dictionary CsrString ${csr} 613 Set To Dictionary ${data} data ${csr_data} 614 615 ${resp}= Post Request openbmc ${cert_uri} &{data} headers=${headers} timeout=${read_timeout} 616 Log to console ${resp.content} 617 618 [Return] ${resp} 619 620 621Get Root Certificate 622 [Documentation] Get root certificate from VMI. 623 [Arguments] ${username}=${OPENBMC_USERNAME} ${password}=${OPENBMC_PASSWORD} 624 ... ${force_create}=${False} ${valid_csr}=${True} ${valid_status_code}=${HTTP_OK} 625 626 # Description of argument(s): 627 # cert_type Type of the certificate requesting. eg. root or SignCSR. 628 # username Username to create a REST session. 629 # password Password to create a REST session. 630 # force_create Create a new REST session if True. 631 # valid_csr Uses valid CSR string in the REST request if True. 632 # This is not applicable for root certificate. 633 # valid_status_code Expected status code from REST request. 634 635 Run Keyword If "${XAUTH_TOKEN}" != "${EMPTY}" or ${force_create} == ${True} 636 ... Initialize OpenBMC rest_username=${username} rest_password=${password} 637 638 ${data}= Create Dictionary 639 ${headers}= Create Dictionary X-Auth-Token=${XAUTH_TOKEN} 640 ... Content-Type=application/json 641 642 ${cert_uri}= Set Variable ${VMI_BASE_URI}Host/Certificate/root 643 644 ${resp}= Get Request openbmc ${cert_uri} &{data} headers=${headers} 645 646 Should Be Equal As Strings ${resp.status_code} ${valid_status_code} 647 Return From Keyword If ${resp.status_code} != ${HTTP_OK} 648 649 ${cert}= Evaluate json.loads('''${resp.text}''', strict=False) json 650 Should Contain ${cert["Certificate"]} BEGIN CERTIFICATE 651 Should Contain ${cert["Certificate"]} END CERTIFICATE 652 653 654Get Subject 655 [Documentation] Generate a csr string. 656 [Arguments] ${file_name} ${is_csr_file} 657 658 # Description of argument(s): 659 # file_name Name of CSR or signed CERT file. 660 # is_csr_file A True value means a CSR while a False is for signed CERT file. 661 662 ${subject}= Run Keyword If ${is_csr_file} 663 ... Run openssl req -in ${file_name} -text -noout | grep Subject: 664 ... ELSE 665 ... Run openssl x509 -in ${file_name} -text -noout | grep Subject: 666 667 [Return] ${subject} 668 669 670Get Public Key 671 [Documentation] Generate a csr string. 672 [Arguments] ${file_name} ${is_csr_file} 673 674 # Description of argument(s): 675 # file_name Name of CSR or CERT file. 676 # is_csr_file A True value means a CSR while a False is for signed CERT file. 677 678 ${PublicKey}= Run Keyword If ${is_csr_file} Run openssl req -in ${file_name} -noout -pubkey 679 ... ELSE Run openssl x509 -in ${file_name} -noout -pubkey 680 681 [Return] ${PublicKey} 682 683 684Get Certificate Signed By VMI 685 [Documentation] Get signed certificate from VMI. 686 [Arguments] ${username}=${OPENBMC_USERNAME} ${password}=${OPENBMC_PASSWORD} 687 ... ${force_create}=${False} ${valid_csr}=${True} ${valid_status_code}=${HTTP_OK} 688 ... ${read_timeout}=20 689 690 # Description of argument(s): 691 # cert_type Type of the certificate requesting. eg. root or SignCSR. 692 # username Username to create a REST session. 693 # password Password to create a REST session. 694 # force_create Create a new REST session if True. 695 # valid_csr Uses valid CSR string in the REST request if True. 696 # This is not applicable for root certificate. 697 # valid_status_code Expected status code from REST request. 698 699 Set Test Variable ${CSR} CSR 700 Set Test Variable ${CORRUPTED_CSR} CORRUPTED_CSR 701 702 ${CSR}= Generate CSR String 703 ${csr_left} ${csr_right}= Split String From Right ${CSR} == 1 704 ${CORRUPTED_CSR}= Catenate SEPARATOR= ${csr_left} \N ${csr_right} 705 706 # For SignCSR request, we need to pass CSR string generated by openssl command 707 ${csr_str}= Set Variable If ${valid_csr} == ${True} ${CSR} ${CORRUPTED_CSR} 708 709 ${resp}= Send CSR To VMI And Get Signed ${csr_str} ${force_create} ${username} ${password} 710 ... ${read_timeout} 711 712 Should Be Equal As Strings ${resp.status_code} ${valid_status_code} 713 Return From Keyword If ${resp.status_code} != ${HTTP_OK} 714 715 ${cert}= Evaluate json.loads('''${resp.text}''', strict=False) json 716 Should Contain ${cert["Certificate"]} BEGIN CERTIFICATE 717 Should Contain ${cert["Certificate"]} END CERTIFICATE 718 719 # Now do subject and public key verification 720 ${subject_csr}= Get Subject ${CSR_FILE} True 721 ${pubKey_csr}= Get Public Key ${CSR_FILE} True 722 723 # create a crt file with certificate string 724 ${signed_cert}= Set Variable ${cert["Certificate"]} 725 ${testcert_gen_time} = Get Current Date Time 726 ${test_cert_file}= Catenate SEPARATOR=_ ${testcert_gen_time} test_certificate.cert 727 728 Create File ${test_cert_file} ${signed_cert} 729 ${subject_signed_csr}= Get Subject ${test_cert_file} False 730 ${pubKey_signed_csr}= Get Public Key ${test_cert_file} False 731 732 Should be equal as strings ${subject_signed_csr} ${subject_csr} 733 Should be equal as strings ${pubKey_signed_csr} ${pubKey_csr} 734 735 736Suite Setup Execution 737 [Documentation] Suite setup execution. 738 739 Remove Files *.csr *.key *.cert 740 # Create different user accounts. 741 Redfish.Login 742 Redfish Power On 743 Create Users With Different Roles users=${USERS} force=${True} 744 745 746Suite Teardown Execution 747 [Documentation] Suite teardown execution. 748 749 Remove Files *.csr *.key *.cert 750 Delete BMC Users Via Redfish users=${USERS} 751 Delete All Sessions 752 Redfish.Logout 753