1*** Settings *** 2 3Documentation VMI certificate exchange tests. 4 5Library ../../lib/jobs_processing.py 6Resource ../../lib/resource.robot 7Resource ../../lib/bmc_redfish_resource.robot 8Resource ../../lib/openbmc_ffdc.robot 9Resource ../../lib/bmc_redfish_utils.robot 10Resource ../../lib/utils.robot 11 12Suite Setup Suite Setup Execution 13Test Teardown FFDC On Test Case Fail 14Suite Teardown Run Keyword And Ignore Error Suite Teardown Execution 15 16Force Tags vmi_certificate_test 17 18 19*** Variables *** 20 21# users User Name password 22@{ADMIN} admin_user TestPwd123 23@{OPERATOR} operator_user TestPwd123 24@{ReadOnly} readonly_user TestPwd123 25@{NoAccess} noaccess_user TestPwd123 26# Removing Operator, need to add it back once support is given. 27&{USERS} Administrator=${ADMIN} ReadOnly=${ReadOnly} 28${VMI_BASE_URI} /ibm/v1/ 29 30 31*** Test Cases *** 32 33Get CSR Request Signed By VMI And Verify 34 [Documentation] Get CSR request signed by VMI using different user roles and verify. 35 [Tags] Get_CSR_Request_Signed_By_VMI_And_Verify 36 [Template] Get Certificate Signed By VMI 37 38 # username password force_create valid_csr valid_status_code 39 ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 40 41 # Send CSR request from operator user. 42 # operator_user TestPwd123 ${False} ${True} ${HTTP_FORBIDDEN} 43 44 # Send CSR request from ReadOnly user. 45 readonly_user TestPwd123 ${False} ${True} ${HTTP_FORBIDDEN} 46 47 # Send CSR request from NoAccess user. 48 # noaccess_user TestPwd123 ${False} ${True} ${HTTP_FORBIDDEN} 49 50 51Get Root Certificate Using Different Privilege Users Role 52 [Documentation] Get root certificate using different users. 53 [Tags] Get_Root_Certificate_Using_Different_Privilege_Users_Role 54 [Template] Get Root Certificate 55 56 # username password force_create valid_csr valid_status_code 57 # Request root certificate from admin user. 58 admin_user TestPwd123 ${True} ${True} ${HTTP_OK} 59 60 # Request root certificate from operator user. 61 # operator_user TestPwd123 ${False} ${True} ${HTTP_FORBIDDEN} 62 63 # Request root certificate from ReadOnly user. 64 readonly_user TestPwd123 ${False} ${True} ${HTTP_FORBIDDEN} 65 66 # Request root certificate from NoAccess user. 67 # noaccess_user TestPwd123 ${False} ${True} ${HTTP_FORBIDDEN} 68 69 70Send CSR Request When VMI Is Off And Verify 71 [Documentation] Send CSR signing request to VMI when it is off and expect an error. 72 [Tags] Send_CSR_Request_When_VMI_Is_Off_And_Verify 73 [Setup] Redfish Power Off 74 [Teardown] Run keywords Redfish Power On stack_mode=skip AND FFDC On Test Case Fail 75 [Template] Get Certificate Signed By VMI 76 77 # username password force_create valid_csr valid_status_code read_timeout 78 ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_SERVICE_UNAVAILABLE} 60 79 80 # Send CSR request from operator user. 81 # operator_user TestPwd123 ${False} ${True} ${HTTP_FORBIDDEN} 82 83 # Send CSR request from ReadOnly user. 84 readonly_user TestPwd123 ${False} ${True} ${HTTP_FORBIDDEN} 85 86 # Send CSR request from NoAccess user. 87 # noaccess_user TestPwd123 ${False} ${True} ${HTTP_FORBIDDEN} 88 89 90Get Corrupted CSR Request Signed By VMI And Verify 91 [Documentation] Send corrupted CSR for signing and expect an error. 92 [Tags] Get_Corrupted_CSR_Request_Signed_By_VMI_And_Verify 93 [Template] Get Certificate Signed By VMI 94 95 # username password force_create valid_csr valid_status_code read_timeout 96 ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_BAD_REQUEST} 60 97 98 # Send CSR request from operator user. 99 # operator_user TestPwd123 ${False} ${False} ${HTTP_FORBIDDEN} 100 101 # Send CSR request from ReadOnly user. 102 readonly_user TestPwd123 ${False} ${False} ${HTTP_FORBIDDEN} 103 104 # Send CSR request from NoAccess user. 105 # noaccess_user TestPwd123 ${False} ${False} ${HTTP_FORBIDDEN} 106 107 108Get Root Certificate When VMI Is Off And Verify 109 [Documentation] Get root certificate when vmi is off and verify. 110 [Tags] Get_Root_Certificate_When_VMI_Is_Off_And_Verify 111 [Setup] Redfish Power Off 112 [Teardown] Run keywords Redfish Power On stack_mode=skip AND FFDC On Test Case Fail 113 [Template] Get Root Certificate 114 115 # username password force_create valid_csr valid_status_code 116 ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 117 118 # Request root certificate from operator user. 119 # operator_user TestPwd123 ${False} ${True} ${HTTP_FORBIDDEN} 120 121 # Request root certificate from ReadOnly user. 122 readonly_user TestPwd123 ${False} ${True} ${HTTP_FORBIDDEN} 123 124 # Request root certificate from NoAccess user. 125 # noaccess_user TestPwd123 ${False} ${True} ${HTTP_FORBIDDEN} 126 127 128Get Root Certificate After BMC Reboot And Verify 129 [Documentation] Get root certificate after bmc reboot and verify. 130 [Tags] Get_Root_Certificate_After_BMC_Reboot_And_Verify 131 [Setup] Run Keywords OBMC Reboot (off) stack_mode=skip AND Redfish Power On 132 [Template] Get Root Certificate 133 134 # username password force_create valid_csr valid_status_code 135 ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 136 137 # Request root certificate from operator user. 138 # operator_user TestPwd123 ${False} ${True} ${HTTP_FORBIDDEN} 139 140 # Request root certificate from ReadOnly user. 141 readonly_user TestPwd123 ${False} ${True} ${HTTP_FORBIDDEN} 142 143 # Request root certificate from NoAccess user. 144 # noaccess_user TestPwd123 ${False} ${True} ${HTTP_FORBIDDEN} 145 146 147Get Concurrent Root Certificate Requests From Multiple Admin Users 148 [Documentation] Get multiple concurrent root certificate requests from multiple admins 149 ... and verify no errors. 150 [Tags] Get_Concurrent_Root_Certificate_Requests_From_Multiple_Admin_Users 151 152 FOR ${i} IN RANGE ${5} 153 ${dict}= Execute Process Multi Keyword ${5} 154 ... Get Root Certificate ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 155 ... Get Root Certificate ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 156 ... Get Root Certificate ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 157 Dictionary Should Not Contain Value ${dict} False 158 ... msg=One or more operations has failed. 159 END 160 161 162Get Concurrent CSR Requests From Multiple Admin Users 163 [Documentation] Get multiple concurrent csr requests from multiple admins and verify no errors. 164 [Tags] Get_Concurrent_CSR_Requests_From_Multiple_Admin_Users 165 166 FOR ${i} IN RANGE ${5} 167 ${dict}= Execute Process Multi Keyword ${5} 168 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 169 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 170 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 171 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 172 Dictionary Should Not Contain Value ${dict} False 173 ... msg=One or more operations has failed. 174 END 175 176 177Get Concurrent Corrupted CSR Requests From Multiple Admin Users 178 [Documentation] Get multiple concurrent corrupted csr requests from multiple admins and verify no errors. 179 [Tags] Get_Concurrent_Corrupted_CSR_Requests_From_Multiple_Admin_Users 180 181 FOR ${i} IN RANGE ${5} 182 ${dict}= Execute Process Multi Keyword ${5} 183 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_BAD_REQUEST} 184 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_BAD_REQUEST} 185 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_BAD_REQUEST} 186 Dictionary Should Not Contain Value ${dict} False 187 ... msg=One or more operations has failed. 188 END 189 190 191*** Comment *** 192 193Get Concurrent Root Certificate Request From Operator Users 194 [Documentation] Get multiple concurrent root certificate from non admin users and verify no errors. 195 [Tags] Get_Concurrent_Root_Certificate_Request_From_Operator_Users 196 197 FOR ${i} IN RANGE ${5} 198 ${dict}= Execute Process Multi Keyword ${5} 199 ... Get Root Certificate operator_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN} 200 ... Get Root Certificate operator_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN} 201 ... Get Root Certificate operator_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN} 202 Dictionary Should Not Contain Value ${dict} False 203 ... msg=One or more operations has failed. 204 END 205 206 207*** Test Cases *** 208 209Get Concurrent Root Certificate Request From Admin And Non Admin Users 210 [Documentation] Get multiple concurrent root certificate from admin and non admin users 211 ... and verify no errors. 212 [Tags] Get_Concurrent_Root_Certificate_Request_From_Admin_And_Non_Admin_Users 213 214 FOR ${i} IN RANGE ${5} 215 ${dict}= Execute Process Multi Keyword ${5} 216 ... Get Root Certificate ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 217 ... Get Root Certificate readonly_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN} 218 Dictionary Should Not Contain Value ${dict} False 219 ... msg=One or more operations has failed. 220 END 221 222 223*** Comment *** 224 225Get Concurrent Root Certificate Request From Different Non Admin Users 226 [Documentation] Get multiple concurrent root certificate from different non admin users 227 ... and verify no errors. 228 [Tags] Get_Concurrent_Root_Certificate_Request_From_Different_Non_Admin_Users 229 230 FOR ${i} IN RANGE ${5} 231 ${dict}= Execute Process Multi Keyword ${5} 232 ... Get Root Certificate operator_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN} 233 ... Get Root Certificate readonly_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN} 234 ... Get Root Certificate noaccess_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN} 235 Dictionary Should Not Contain Value ${dict} False 236 ... msg=One or more operations has failed. 237 END 238 239 240Get Concurrent CSR Request From Operator Users 241 [Documentation] Get multiple concurrent csr request from non admin users and verify no errors. 242 [Tags] Get_Concurrent_CSR_Request_From_Operator_Users 243 244 FOR ${i} IN RANGE ${5} 245 ${dict}= Execute Process Multi Keyword ${5} 246 ... Get Certificate Signed By VMI operator_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN} 247 ... Get Certificate Signed By VMI operator_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN} 248 ... Get Certificate Signed By VMI operator_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN} 249 Dictionary Should Not Contain Value ${dict} False 250 ... msg=One or more operations has failed. 251 END 252 253 254*** Test Cases *** 255 256Get Root Certificate And Send CSR Request Concurrently And Verify 257 [Documentation] Get root certificate and send csr request concurrently and 258 ... verify gets root and signed certificate. 259 [Tags] Get_Root_Certificate_And_Send_CSR_Request_Concurrently_And_Verify 260 261 FOR ${i} IN RANGE ${5} 262 ${dict}= Execute Process Multi Keyword ${5} 263 ... Get Root Certificate ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 264 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 265 Dictionary Should Not Contain Value ${dict} False 266 ... msg=One or more operations has failed. 267 END 268 269 270Get Concurrent Root Certificate And Send CSR Request And Verify 271 [Documentation] Get concurrent root certificate and send csr request 272 ... and verify gets root certificate and signed certificate. 273 [Tags] Get_Concurrent_Root_Certificate_And_Send_CSR_Request_And_Verify 274 275 FOR ${i} IN RANGE ${5} 276 ${dict}= Execute Process Multi Keyword ${5} 277 ... Get Root Certificate ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 278 ... Get Root Certificate ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 279 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 280 Dictionary Should Not Contain Value ${dict} False 281 ... msg=One or more operations has failed. 282 END 283 284 285Get Root Certificate And Send Multiple CSR Requests Concurrently And Verify 286 [Documentation] Get root certificate and send multiple csr requests concurrently and 287 ... verify gets root certificate and signed certificates. 288 [Tags] Get_Root_Certificate_And_Send_Multiple_CSR_Requests_Concurrently_And_Verify 289 290 FOR ${i} IN RANGE ${5} 291 ${dict}= Execute Process Multi Keyword ${5} 292 ... Get Root Certificate ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 293 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 294 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 295 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 296 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 297 Dictionary Should Not Contain Value ${dict} False 298 ... msg=One or more operations has failed. 299 END 300 301 302Get Root Certificate And Send Multiple Corrupted CSR Requests Concurrently And Verify 303 [Documentation] Get root certificate and send multiple corrupted csr requests concurrently and 304 ... verify gets root certificate and error for corrupted csr requests. 305 [Tags] Get_Root_Certificate_And_Send_Multiple_Corrupted_CSR_Requests_Concurrently_And_Verify 306 307 FOR ${i} IN RANGE ${5} 308 ${dict}= Execute Process Multi Keyword ${5} 309 ... Get Root Certificate ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 310 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_BAD_REQUEST} 311 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_BAD_REQUEST} 312 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_BAD_REQUEST} 313 Dictionary Should Not Contain Value ${dict} False 314 ... msg=One or more operations has failed. 315 END 316 317 318Send Concurrent CSR Request And Corrupted CSR Request And Verify 319 [Documentation] Send concurrent csr request and corrupted csr request 320 ... and verify gets certificate for valid csr and error for corrupted csr. 321 [Tags] Send_Concurrent_CSR_Request_And_Corrupted_CSR_Request_And_Verify 322 323 FOR ${i} IN RANGE ${5} 324 ${dict}= Execute Process Multi Keyword ${5} 325 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 326 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 327 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_BAD_REQUEST} 328 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_BAD_REQUEST} 329 Dictionary Should Not Contain Value ${dict} False 330 ... msg=One or more operations has failed. 331 END 332 333 334Get Root Certificate Send CSR And Corrupted CSR Request Concurrently And Verify 335 [Documentation] Get root certificate send csr and corrupted csr requests concurrently and 336 ... verify gets root certificate and certificate for valid csr and error for corrupted csr. 337 [Tags] Get_Root_Certificate_Send_CSR_And_Corrupted_CSR_Request_Concurrently_And_Verify 338 339 FOR ${i} IN RANGE ${5} 340 ${dict}= Execute Process Multi Keyword ${5} 341 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 342 ... Get Root Certificate ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 343 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_BAD_REQUEST} 344 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_BAD_REQUEST} 345 Dictionary Should Not Contain Value ${dict} False 346 ... msg=One or more operations has failed. 347 END 348 349 350Send Concurrent CSR Request From Admin And Non Admin Users And Verify 351 [Documentation] Send concurrent csr requests from admin and non-admin users and verify 352 ... admin gets certificate and non-admin gets error. 353 [Tags] Send_Concurrent_CSR_Request_From_Admin_And_Non_Admin_Users_And_Verify 354 355 FOR ${i} IN RANGE ${5} 356 ${dict}= Execute Process Multi Keyword ${5} 357 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 358 ... Get Certificate Signed By VMI readonly_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN} 359 Dictionary Should Not Contain Value ${dict} False 360 ... msg=One or more operations has failed. 361 END 362 363 364*** Comment *** 365 366Send Concurrent CSR Request From Non Admin Users And Verify 367 [Documentation] Send concurrent csr request from non admin users 368 ... and verify gets error. 369 [Tags] Send_Concurrent_CSR_Request_From_Non_Admin_Users_And_Verify 370 371 FOR ${i} IN RANGE ${5} 372 ${dict}= Execute Process Multi Keyword ${5} 373 ... Get Certificate Signed By VMI operator_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN} 374 ... Get Certificate Signed By VMI readonly_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN} 375 ... Get Certificate Signed By VMI noaccess_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN} 376 Dictionary Should Not Contain Value ${dict} False 377 ... msg=One or more operations has failed. 378 END 379 380 381Get Root Certificate And Send Corrupted CSR From Admin CSR Request From Operator Concurrently 382 [Documentation] Get root certificate and send corrupted csr request from admin and 383 ... csr from operator concurrently and verify gets root certificate and errors for corrupted 384 ... and for operator. 385 [Tags] Get_Root_Certificate_And_Send_Corrupted_CSR_From_Admin_CSR_Request_From_Operator_Concurrently 386 387 FOR ${i} IN RANGE ${5} 388 ${dict}= Execute Process Multi Keyword ${5} 389 ... Get Root Certificate ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 390 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_BAD_REQUEST} 391 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_BAD_REQUEST} 392 ... Get Certificate Signed By VMI operator_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN} 393 Dictionary Should Not Contain Value ${dict} False 394 ... msg=One or more operations has failed. 395 END 396 397 398Get Root Certificate From Operator And Send Corrupted CSR Request And CSR Request From Admin Concurrently 399 [Documentation] Get root certificate from operator and send corrupted csr request 400 ... and csr from admin and verify errors for operator and corrupted csr and signed certificate 401 ... for valid csr. 402 [Tags] Get_Root_Certificate_From_Operator_And_Send_Corrupted_CSR_Request_And_CSR_Request_From_Admin_Concurrently 403 404 FOR ${i} IN RANGE ${5} 405 ${dict}= Execute Process Multi Keyword ${5} 406 ... Get Root Certificate operator_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN} 407 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_BAD_REQUEST} 408 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_BAD_REQUEST} 409 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 410 Dictionary Should Not Contain Value ${dict} False 411 ... msg=One or more operations has failed. 412 END 413 414 415Get Root Certificate From Operator And Admin Send CSR Request From Admin Concurrently 416 [Documentation] Get root certificate from operator and admin and 417 ... and send csr request from admin concurrently and verify error for operator 418 ... and admin gets root and signed certificate. 419 [Tags] Get_Root_Certificate_From_Operator_And_Admin_Send_CSR_Request_From_Admin_Concurrently 420 421 FOR ${i} IN RANGE ${5} 422 ${dict}= Execute Process Multi Keyword ${5} 423 ... Get Root Certificate operator_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN} 424 ... Get Root Certificate ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 425 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 426 Dictionary Should Not Contain Value ${dict} False 427 ... msg=One or more operations has failed. 428 END 429 430 431Send CSR Request From Admin And Operator And Corrupted CSR From Admin Concurrently And Verify 432 [Documentation] Send csr request from admin and operator and corrupted 433 ... csr request from admin and verify gets signed certificate for valid csr for admin 434 ... gets error for operator and error for corrupted csr. 435 [Tags] Send_CSR_Request_From_Admin_And_Operator_And_Corrupted_CSR_From_Admin_Concurrently_And_Verify 436 437 FOR ${i} IN RANGE ${5} 438 ${dict}= Execute Process Multi Keyword ${5} 439 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 440 ... Get Certificate Signed By VMI operator_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN} 441 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_BAD_REQUEST} 442 Dictionary Should Not Contain Value ${dict} False 443 ... msg=One or more operations has failed. 444 END 445 446 447Send Corrupted CSR Requests From Admin And Operator And CSR Request From Admin Concurrently And Verify 448 [Documentation] Send corrupted csr request from admin and operator and csr request 449 ... from admin concurrently and verify errors for corrupted csr and gets signed certificate 450 ... for valid csr from admin. 451 [Tags] Send_Corrupted_CSR_Requests_From_Admin_And_Operator_And_CSR_Request_From_Admin_Concurrently_And_Verify 452 453 FOR ${i} IN RANGE ${5} 454 ${dict}= Execute Process Multi Keyword ${5} 455 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_BAD_REQUEST} 456 ... Get Certificate Signed By VMI operator_user TestPwd123 ${True} ${False} ${HTTP_FORBIDDEN} 457 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 458 Dictionary Should Not Contain Value ${dict} False 459 ... msg=One or more operations has failed. 460 END 461 462 463Send Corrupted CSR Requests From Admin And Operator User Concurrently And Verify 464 [Documentation] Send corrupted csr requests from admin and operator and 465 ... verify gets error. 466 [Tags] Send_Corrupted_CSR_Requests_From_Admin_And_Operator_User_Concurrently_And_Verify 467 468 FOR ${i} IN RANGE ${5} 469 ${dict}= Execute Process Multi Keyword ${5} 470 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_BAD_REQUEST} 471 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_BAD_REQUEST} 472 ... Get Certificate Signed By VMI operator_user TestPwd123 ${True} ${False} ${HTTP_FORBIDDEN} 473 Dictionary Should Not Contain Value ${dict} False 474 ... msg=One or more operations has failed. 475 END 476 477 478*** Test Cases *** 479 480Get Root Certificate From Admin And Send CSR Requests From Non Admin Concurrently And Verify 481 [Documentation] Get root certificate from admin and csr requests from 482 ... non admin users concurrently and verify gets root certificate for admin and 483 ... errors for non-admins. 484 [Tags] Get_Root_Certificate_From_Admin_And_Send_CSR_Requests_From_Non_Admin_Concurrently_And_Verify 485 486 FOR ${i} IN RANGE ${5} 487 ${dict}= Execute Process Multi Keyword ${5} 488 ... Get Root Certificate ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 489 ... Get Certificate Signed By VMI readonly_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN} 490 Dictionary Should Not Contain Value ${dict} False 491 ... msg=One or more operations has failed. 492 END 493 494 495Get Root Certificate And Send CSR Requests From Non Admin Users Concurrently And Verify 496 [Documentation] Get root certificate and send csr requests from non admin 497 ... users and verify gets errors. 498 [Tags] Get_Root_Certificate_And_Send_CSR_Requests_From_Non_Admin_Users_Concurrently_And_Verify 499 500 FOR ${i} IN RANGE ${5} 501 ${dict}= Execute Process Multi Keyword ${5} 502 ... Get Root Certificate readonly_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN} 503 ... Get Certificate Signed By VMI readonly_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN} 504 Dictionary Should Not Contain Value ${dict} False 505 ... msg=One or more operations has failed. 506 END 507 508 509Send Corrupted CSR Request From Admin And CSR Requests From Non Admin Concurrently And Verify 510 [Documentation] Send corrupted csr request from admin and csr request from non admin 511 ... users concurrently and verify gets errors. 512 [Tags] Send_Corrupted_CSR_Request_From_Admin_And_CSR_Requests_From_Non_Admin_Concurrently_And_Verify 513 514 FOR ${i} IN RANGE ${5} 515 ${dict}= Execute Process Multi Keyword ${5} 516 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_BAD_REQUEST} 517 ... Get Certificate Signed By VMI readonly_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN} 518 Dictionary Should Not Contain Value ${dict} False 519 ... msg=One or more operations has failed. 520 END 521 522 523Send CSR Request And Corrupted CSR Requests From Non Admin Users Concurrently And Verify 524 [Documentation] Send csr and corrupted csr request from non admin users 525 ... and verify gets errors. 526 [Tags] Send_CSR_Request_And_Corrupted_CSR_Requests_From_Non_Admin_Users_Concurrently_And_Verify 527 528 FOR ${i} IN RANGE ${5} 529 ${dict}= Execute Process Multi Keyword ${5} 530 ... Get Certificate Signed By VMI readonly_user TestPwd123 ${True} ${False} ${HTTP_FORBIDDEN} 531 ... Get Certificate Signed By VMI readonly_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN} 532 Dictionary Should Not Contain Value ${dict} False 533 ... msg=One or more operations has failed. 534 END 535 536 537*** Comment *** 538 539Get Root Certificate And Send CSR Requests From Admin And Operator Concurrently And Verify 540 [Documentation] Get root certificate from admin and send csr requests 541 ... from admin and operator concurrently and verify gets root certificate 542 ... and signed certificate and gets error for operator. 543 [Tags] Get_Root_Certificate_And_Send_CSR_Requests_From_Admin_And_Operator_Concurrently_And_Verify 544 545 FOR ${i} IN RANGE ${5} 546 ${dict}= Execute Process Multi Keyword ${5} 547 ... Get Root Certificate ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 548 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 549 ... Get Certificate Signed By VMI operator_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN} 550 Dictionary Should Not Contain Value ${dict} False 551 ... msg=One or more operations has failed. 552 END 553 554 555Get Root Certificate And Send Corrupted CSR Requests From Admin And Operator Concurrently And Verify 556 [Documentation] Get root certificate from admin and send corrupted csr requests 557 ... from admin and operator concurrently and verify gets root certificate and errors 558 ... for corrupted csr. 559 [Tags] Get_Root_Certificate_And_Send_Corrupted_CSR_Requests_From_Admin_And_Operator_Concurrently_And_Verify 560 561 FOR ${i} IN RANGE ${5} 562 ${dict}= Execute Process Multi Keyword ${5} 563 ... Get Root Certificate ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK} 564 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_BAD_REQUEST} 565 ... Get Certificate Signed By VMI operator_user TestPwd123 ${True} ${False} ${HTTP_FORBIDDEN} 566 Dictionary Should Not Contain Value ${dict} False 567 ... msg=One or more operations has failed. 568 END 569 570 571*** Keywords *** 572 573Generate CSR String 574 [Documentation] Generate a csr string. 575 576 # Note: Generates and returns csr string. 577 ${csr_gen_time} = Get Current Date Time 578 ${CSR_FILE}= Catenate SEPARATOR=_ ${csr_gen_time} csr_server.csr 579 ${CSR_KEY}= Catenate SEPARATOR=_ ${csr_gen_time} csr_server.key 580 Set Test Variable ${CSR_FILE} 581 Set Test Variable ${CSR_KEY} 582 ${ssl_cmd}= Set Variable openssl req -new -newkey rsa:2048 -nodes -keyout ${CSR_KEY} -out ${CSR_FILE} 583 ${ssl_sub}= Set Variable 584 ... -subj "/C=XY/ST=Abcd/L=Efgh/O=ABC/OU=Systems/CN=abc.com/emailAddress=xyz@xx.ABC.com" 585 586 # Run openssl command to create a new private key and use that to generate a CSR string 587 # in server.csr file. 588 ${output}= Run ${ssl_cmd} ${ssl_sub} 589 ${csr}= OperatingSystem.Get File ${CSR_FILE} 590 591 [Return] ${csr} 592 593 594Send CSR To VMI And Get Signed 595 [Documentation] Upload CSR to VMI and get signed. 596 [Arguments] ${csr} ${force_create} ${username} ${password} ${read_timeout} 597 598 # Description of argument(s): 599 # csr Certificate request from client to VMI. 600 # force_create Create a new REST session if True. 601 # username Username to create a REST session. 602 # password Password to create a REST session. 603 604 Run Keyword If "${XAUTH_TOKEN}" != "${EMPTY}" or ${force_create} == ${True} 605 ... Initialize OpenBMC rest_username=${username} rest_password=${password} 606 607 ${data}= Create Dictionary 608 ${headers}= Create Dictionary X-Auth-Token=${XAUTH_TOKEN} 609 ... Content-Type=application/json 610 611 ${cert_uri}= Set Variable ${VMI_BASE_URI}Host/Actions/SignCSR 612 613 # For SignCSR request, we need to pass CSR string generated by openssl command. 614 ${csr_data}= Create Dictionary CsrString ${csr} 615 Set To Dictionary ${data} data ${csr_data} 616 617 ${resp}= POST On Session openbmc ${cert_uri} &{data} headers=${headers} 618 ... timeout=${read_timeout} expected_status=any 619 Log to console ${resp.content} 620 621 [Return] ${resp} 622 623 624Get Root Certificate 625 [Documentation] Get root certificate from VMI. 626 [Arguments] ${username}=${OPENBMC_USERNAME} ${password}=${OPENBMC_PASSWORD} 627 ... ${force_create}=${False} ${valid_csr}=${True} ${valid_status_code}=${HTTP_OK} 628 629 # Description of argument(s): 630 # cert_type Type of the certificate requesting. eg. root or SignCSR. 631 # username Username to create a REST session. 632 # password Password to create a REST session. 633 # force_create Create a new REST session if True. 634 # valid_csr Uses valid CSR string in the REST request if True. 635 # This is not applicable for root certificate. 636 # valid_status_code Expected status code from REST request. 637 638 Run Keyword If "${XAUTH_TOKEN}" != "${EMPTY}" or ${force_create} == ${True} 639 ... Initialize OpenBMC rest_username=${username} rest_password=${password} 640 641 ${data}= Create Dictionary 642 ${headers}= Create Dictionary X-Auth-Token=${XAUTH_TOKEN} 643 ... Content-Type=application/json 644 645 ${cert_uri}= Set Variable ${VMI_BASE_URI}Host/Certificate/root 646 647 ${resp}= GET On Session openbmc ${cert_uri} &{data} headers=${headers} 648 ... expected_status=any 649 650 Should Be Equal As Strings ${resp.status_code} ${valid_status_code} 651 Return From Keyword If ${resp.status_code} != ${HTTP_OK} 652 653 ${cert}= Evaluate json.loads('''${resp.text}''', strict=False) json 654 Should Contain ${cert["Certificate"]} BEGIN CERTIFICATE 655 Should Contain ${cert["Certificate"]} END CERTIFICATE 656 657 658Get Subject 659 [Documentation] Generate a csr string. 660 [Arguments] ${file_name} ${is_csr_file} 661 662 # Description of argument(s): 663 # file_name Name of CSR or signed CERT file. 664 # is_csr_file A True value means a CSR while a False is for signed CERT file. 665 666 ${subject}= Run Keyword If ${is_csr_file} 667 ... Run openssl req -in ${file_name} -text -noout | grep Subject: 668 ... ELSE 669 ... Run openssl x509 -in ${file_name} -text -noout | grep Subject: 670 671 [Return] ${subject} 672 673 674Get Public Key 675 [Documentation] Generate a csr string. 676 [Arguments] ${file_name} ${is_csr_file} 677 678 # Description of argument(s): 679 # file_name Name of CSR or CERT file. 680 # is_csr_file A True value means a CSR while a False is for signed CERT file. 681 682 ${PublicKey}= Run Keyword If ${is_csr_file} Run openssl req -in ${file_name} -noout -pubkey 683 ... ELSE Run openssl x509 -in ${file_name} -noout -pubkey 684 685 [Return] ${PublicKey} 686 687 688Get Certificate Signed By VMI 689 [Documentation] Get signed certificate from VMI. 690 [Arguments] ${username}=${OPENBMC_USERNAME} ${password}=${OPENBMC_PASSWORD} 691 ... ${force_create}=${False} ${valid_csr}=${True} ${valid_status_code}=${HTTP_OK} 692 ... ${read_timeout}=20 693 694 # Description of argument(s): 695 # cert_type Type of the certificate requesting. eg. root or SignCSR. 696 # username Username to create a REST session. 697 # password Password to create a REST session. 698 # force_create Create a new REST session if True. 699 # valid_csr Uses valid CSR string in the REST request if True. 700 # This is not applicable for root certificate. 701 # valid_status_code Expected status code from REST request. 702 703 Set Test Variable ${CSR} CSR 704 Set Test Variable ${CORRUPTED_CSR} CORRUPTED_CSR 705 706 ${CSR}= Generate CSR String 707 ${csr_left} ${csr_right}= Split String From Right ${CSR} == 1 708 ${CORRUPTED_CSR}= Catenate SEPARATOR= ${csr_left} \N ${csr_right} 709 710 # For SignCSR request, we need to pass CSR string generated by openssl command 711 ${csr_str}= Set Variable If ${valid_csr} == ${True} ${CSR} ${CORRUPTED_CSR} 712 713 ${resp}= Send CSR To VMI And Get Signed ${csr_str} ${force_create} ${username} ${password} 714 ... ${read_timeout} 715 716 Should Be Equal As Strings ${resp.status_code} ${valid_status_code} 717 Return From Keyword If ${resp.status_code} != ${HTTP_OK} 718 719 ${cert}= Evaluate json.loads('''${resp.text}''', strict=False) json 720 Should Contain ${cert["Certificate"]} BEGIN CERTIFICATE 721 Should Contain ${cert["Certificate"]} END CERTIFICATE 722 723 # Now do subject and public key verification 724 ${subject_csr}= Get Subject ${CSR_FILE} True 725 ${pubKey_csr}= Get Public Key ${CSR_FILE} True 726 727 # create a crt file with certificate string 728 ${signed_cert}= Set Variable ${cert["Certificate"]} 729 ${testcert_gen_time} = Get Current Date Time 730 ${test_cert_file}= Catenate SEPARATOR=_ ${testcert_gen_time} test_certificate.cert 731 732 Create File ${test_cert_file} ${signed_cert} 733 ${subject_signed_csr}= Get Subject ${test_cert_file} False 734 ${pubKey_signed_csr}= Get Public Key ${test_cert_file} False 735 736 Should be equal as strings ${subject_signed_csr} ${subject_csr} 737 Should be equal as strings ${pubKey_signed_csr} ${pubKey_csr} 738 739 740Suite Setup Execution 741 [Documentation] Suite setup execution. 742 743 Remove Files *.csr *.key *.cert 744 # Create different user accounts. 745 Redfish.Login 746 Redfish Power On 747 Create Users With Different Roles users=${USERS} force=${True} 748 749 750Suite Teardown Execution 751 [Documentation] Suite teardown execution. 752 753 Remove Files *.csr *.key *.cert 754 Delete BMC Users Via Redfish users=${USERS} 755 Delete All Sessions 756 Redfish.Logout 757