13d946efdSleet*** Settings *** 23d946efdSleetDocumentation Script to test Redfish privilege registry with various users 33d946efdSleet... such as test, admin, operator, readonly, patched. 43d946efdSleet 53d946efdSleetResource ../../lib/resource.robot 63d946efdSleetResource ../../lib/bmc_redfish_resource.robot 73d946efdSleetResource ../../lib/openbmc_ffdc.robot 83d946efdSleetResource ../../lib/bmc_redfish_utils.robot 93d946efdSleet 103d946efdSleetSuite Setup Create And Verify Various Privilege Users 113d946efdSleetSuite Teardown Delete Created Redfish Users Except Default Admin 123d946efdSleetTest Teardown Redfish.Logout 133d946efdSleet 143d946efdSleet*** Variables *** 153d946efdSleet 163d946efdSleet${test_user} testuser 173d946efdSleet${test_password} testpassword 183d946efdSleet${admin_user} testadmin 193d946efdSleet${admin_password} adminpassword 203d946efdSleet${operator_user} testoperator 213d946efdSleet${operator_password} operatorpassword 223d946efdSleet${readonly_user} testreadonly 233d946efdSleet${readonly_password} readonlypassword 243d946efdSleet${patched_user} patchuser 253d946efdSleet${post_user} postuser 263d946efdSleet${post_password} postpassword 273d946efdSleet${account_service} ${2} 283d946efdSleet 293d946efdSleet** Test Cases ** 303d946efdSleet 313d946efdSleetVerify Redfish Privilege Registry Properties 323d946efdSleet [Documentation] Verify the Redfish Privilege Registry properties. 333d946efdSleet [Tags] Verify_Redfish_Privilege_Registry_Properties 343d946efdSleet 353d946efdSleet Redfish.Login 363d946efdSleet 373d946efdSleet # Get the complete Privilege Registry URL 383d946efdSleet ${url}= Get Redfish Privilege Registry json URL 393d946efdSleet ${resp}= Redfish.Get ${url} 403d946efdSleet Should Be Equal As Strings ${resp.status} ${HTTP_OK} 413d946efdSleet 423d946efdSleet # Verify the Privilege Registry Resource. 433d946efdSleet # Example: 443d946efdSleet # "Id": "Redfish_1.1.0_PrivilegeRegistry", 453d946efdSleet # "Name": "Privilege Mapping array collection", 463d946efdSleet # "PrivilegesUsed": [ 473d946efdSleet # "Login", 483d946efdSleet # "ConfigureManager", 493d946efdSleet # "ConfigureUsers", 503d946efdSleet # "ConfigureComponents", 513d946efdSleet # "ConfigureSelf" 523d946efdSleet # ], 533d946efdSleet 543d946efdSleet Should Be Equal As Strings ${resp.dict["Id"]} Redfish_1.1.0_PrivilegeRegistry 553d946efdSleet Should Be Equal As Strings ${resp.dict["Name"]} Privilege Mapping array collection 563d946efdSleet Should Be Equal As Strings ${resp.dict["PrivilegesUsed"][0]} Login 573d946efdSleet Should Be Equal As Strings ${resp.dict["PrivilegesUsed"][1]} ConfigureManager 583d946efdSleet Should Be Equal As Strings ${resp.dict["PrivilegesUsed"][2]} ConfigureUsers 593d946efdSleet Should Be Equal As Strings ${resp.dict["PrivilegesUsed"][3]} ConfigureComponents 603d946efdSleet Should Be Equal As Strings ${resp.dict["PrivilegesUsed"][4]} ConfigureSelf 613d946efdSleet 623d946efdSleetVerify Redfish Privilege Registry Mappings Properties For Account Service 633d946efdSleet [Documentation] Verify Privilege Registry Account Service Mappings resource properties. 643d946efdSleet [Tags] Verify_Redfish_Privilege_Registry_Mappings_Properties_For_Account_Service 653d946efdSleet 663d946efdSleet # Below is the mapping for Redfish Privilege Registry property for 673d946efdSleet # Account Service. 683d946efdSleet 693d946efdSleet # "Mappings": [ 703d946efdSleet # { 713d946efdSleet # "Entity": "AccountService", 723d946efdSleet # "OperationMap": { 733d946efdSleet # "GET": [{ 743d946efdSleet # "Privilege": [ 753d946efdSleet # "Login" 763d946efdSleet # ]}], 773d946efdSleet # "HEAD": [{ 783d946efdSleet # "Privilege": [ 793d946efdSleet # "Login" 803d946efdSleet # ]}], 813d946efdSleet # "PATCH": [{ 823d946efdSleet # "Privilege": [ 833d946efdSleet # "ConfigureUsers" 843d946efdSleet # ]}], 853d946efdSleet # "PUT": [{ 863d946efdSleet # "Privilege": [ 873d946efdSleet # "ConfigureUsers" 883d946efdSleet # ]}], 893d946efdSleet # "DELETE": [{ 903d946efdSleet # "Privilege": [ 913d946efdSleet # "ConfigureUsers" 923d946efdSleet # ]}], 933d946efdSleet # "POST": [{ 943d946efdSleet # "Privilege": [ 953d946efdSleet # "ConfigureUsers" 963d946efdSleet # ]}]} 973d946efdSleet # } 983d946efdSleet 993d946efdSleet # | ROLE NAME | ASSIGNED PRIVILEGES 1003d946efdSleet # |---------------|-------------------- 1013d946efdSleet # | Administrator | Login, ConfigureManager, ConfigureUsers, ConfigureComponents, ConfigureSelf. 1023d946efdSleet # | Operator | Login, ConfigureComponents, ConfigureSelf. 1033d946efdSleet # | ReadOnly | Login, ConfigureSelf. 1043d946efdSleet 1053d946efdSleet # Get the complete Privilege Registry URL. 1063d946efdSleet ${url}= Get Redfish Privilege Registry json URL 1073d946efdSleet ${resp}= Redfish.Get ${url} 1083d946efdSleet 1093d946efdSleet # Get mappings properties for Entity: Account Service. 1103d946efdSleet @{mappings}= Get From Dictionary ${resp.dict} Mappings 1113d946efdSleet 1123d946efdSleet Should Be Equal ${mappings[${account_service}]['OperationMap']['GET'][0]['Privilege'][0]} 1133d946efdSleet ... Login 1143d946efdSleet Should Be Equal ${mappings[${account_service}]['OperationMap']['HEAD'][0]['Privilege'][0]} 1153d946efdSleet ... Login 1163d946efdSleet Should Be Equal ${mappings[${account_service}]['OperationMap']['PATCH'][0]['Privilege'][0]} 1173d946efdSleet ... ConfigureUsers 1183d946efdSleet Should Be Equal ${mappings[${account_service}]['OperationMap']['PUT'][0]['Privilege'][0]} 1193d946efdSleet ... ConfigureUsers 1203d946efdSleet Should Be Equal ${mappings[${account_service}]['OperationMap']['DELETE'][0]['Privilege'][0]} 1213d946efdSleet ... ConfigureUsers 1223d946efdSleet Should Be Equal ${mappings[${account_service}]['OperationMap']['POST'][0]['Privilege'][0]} 1233d946efdSleet ... ConfigureUsers 1243d946efdSleet 1253d946efdSleetVerify Admin User Privileges Via Redfish 1263d946efdSleet [Documentation] Verify Admin user privileges via Redfish. 1273d946efdSleet [Tags] Verify_Admin_User_Privileges_Via_Redfish 1283d946efdSleet 1293d946efdSleet Redfish.Login ${admin_user} ${admin_password} 1303d946efdSleet 1313d946efdSleet ${payload}= Create Dictionary 1323d946efdSleet ... UserName=${post_user} Password=${post_password} RoleId=Operator Enabled=${true} 1333d946efdSleet Redfish.Post ${REDFISH_ACCOUNTS_URI} body=&{payload} 1343d946efdSleet ... valid_status_codes=[${HTTP_CREATED}] 1353d946efdSleet 1363d946efdSleet ${data}= Create Dictionary UserName=${patched_user} 1373d946efdSleet Redfish.patch ${REDFISH_ACCOUNTS_URI}${test_user} body=&{data} 1383d946efdSleet ... valid_status_codes=[${HTTP_OK}, ${HTTP_NO_CONTENT}] 1393d946efdSleet 1403d946efdSleet ${patched_user_name}= Redfish.Get Attribute ${REDFISH_ACCOUNTS_URI}${patched_user} UserName 1413d946efdSleet Should Be Equal ${patched_user_name} ${patched_user} 1423d946efdSleet 1433d946efdSleetVerify Operator User Privileges Via Redfish 1443d946efdSleet [Documentation] Verify Operator user privileges via Redfish. 1453d946efdSleet [Tags] Verify_Operator_User_Privileges_Via_Redfish 1463d946efdSleet 1473d946efdSleet Redfish.Login ${operator_user} ${operator_password} 1483d946efdSleet 1493d946efdSleet ${payload}= Create Dictionary 1503d946efdSleet ... UserName=${post_user} Password=${post_password} RoleId=Operator Enabled=${true} 1513d946efdSleet Redfish.Post ${REDFISH_ACCOUNTS_URI} body=&{payload} 1523d946efdSleet ... valid_status_codes=[${HTTP_FORBIDDEN}] 1533d946efdSleet 1543d946efdSleet ${data}= Create Dictionary UserName=${patched_user} 1553d946efdSleet Redfish.patch ${REDFISH_ACCOUNTS_URI}${test_user} body=&{data} 1563d946efdSleet ... valid_status_codes=[${HTTP_FORBIDDEN}] 1573d946efdSleet 1583d946efdSleet Redfish.Get ${REDFISH_ACCOUNTS_URI}${patched_user} 1593d946efdSleet ... valid_status_codes=[${HTTP_FORBIDDEN}] 1603d946efdSleet 1613d946efdSleet Redfish.Delete ${REDFISH_ACCOUNTS_URI}${patched_user} 1623d946efdSleet ... valid_status_codes=[${HTTP_FORBIDDEN}] 1633d946efdSleet 1643d946efdSleetVerify ReadOnly User Privileges Via Redfish 1653d946efdSleet [Documentation] Verify ReadOnly user privileges via Redfish. 1663d946efdSleet [Tags] Verify_ReadOnly_User_Privileges_Via_Redfish 1673d946efdSleet 1683d946efdSleet Redfish.Login ${readonly_user} ${readonly_password} 1693d946efdSleet 1703d946efdSleet ${payload}= Create Dictionary 1713d946efdSleet ... UserName=${post_user} Password=${post_password} RoleId=Operator Enabled=${true} 1723d946efdSleet Redfish.Post ${REDFISH_ACCOUNTS_URI} body=&{payload} 1733d946efdSleet ... valid_status_codes=[${HTTP_FORBIDDEN}] 1743d946efdSleet 1753d946efdSleet ${data}= Create Dictionary UserName=${patched_user} 1763d946efdSleet Redfish.patch ${REDFISH_ACCOUNTS_URI}${test_user} body=&{data} 1773d946efdSleet ... valid_status_codes=[${HTTP_FORBIDDEN}] 1783d946efdSleet 1793d946efdSleet Redfish.Get ${REDFISH_ACCOUNTS_URI}${patched_user} 1803d946efdSleet ... valid_status_codes=[${HTTP_FORBIDDEN}] 1813d946efdSleet 1823d946efdSleet Redfish.Delete ${REDFISH_ACCOUNTS_URI}${patched_user} 1833d946efdSleet ... valid_status_codes=[${HTTP_FORBIDDEN}] 1843d946efdSleet 1853d946efdSleet 1863d946efdSleet*** Keywords *** 1873d946efdSleet 1883d946efdSleetGet Redfish Privilege Registry Json URL 1893d946efdSleet [Documentation] Return the complete Privilege Registry Json URL. 1903d946efdSleet 1913d946efdSleet # Get Privilege Registry version Json path in redfish. 1923d946efdSleet # Example: Redfish_1.1.0_PrivilegeRegistry.json 1933d946efdSleet 1943d946efdSleet ${resp}= Redfish.Get 1953d946efdSleet ... /redfish/v1/Registries/PrivilegeRegistry/ 1963d946efdSleet @{location}= Get From Dictionary ${resp.dict} Location 1973d946efdSleet ${uri}= Set Variable ${location[0]['Uri']} 198*409df05dSGeorge Keishing RETURN ${uri} 1993d946efdSleet 2003d946efdSleetCreate And Verify Various Privilege Users 2013d946efdSleet [Documentation] Create and verify admin, test, operator, and readonly users. 2023d946efdSleet 2033d946efdSleet Redfish Create User ${test_user} ${test_password} Operator ${true} 2043d946efdSleet Redfish Create User ${admin_user} ${admin_password} Administrator ${true} 2053d946efdSleet Redfish Create User ${operator_user} ${operator_password} Operator ${true} 2063d946efdSleet Redfish Create User ${readonly_user} ${readonly_password} ReadOnly ${true} 2073d946efdSleet 2083d946efdSleet Redfish Verify User ${test_user} ${test_password} Operator 2093d946efdSleet Redfish Verify User ${admin_user} ${admin_password} Administrator 2103d946efdSleet Redfish Verify User ${operator_user} ${operator_password} Operator 2113d946efdSleet Redfish Verify User ${readonly_user} ${readonly_password} ReadOnly 2123d946efdSleet 2133d946efdSleetRedfish Verify User 2143d946efdSleet [Documentation] Verify Redfish user with given credentials. 2153d946efdSleet [Arguments] ${username} ${password} ${role_id} 2163d946efdSleet 2173d946efdSleet # Description of argument(s): 2183d946efdSleet # username The username to be created. 2193d946efdSleet # password The password to be assigned. 2203d946efdSleet # role_id The role ID of the user to be created 2213d946efdSleet # (e.g. "Administrator", "Operator", etc.). 2223d946efdSleet 2233d946efdSleet Run Keyword And Ignore Error Redfish.Logout 2243d946efdSleet Redfish.Login ${username} ${password} 2253d946efdSleet 2263d946efdSleet # Validate Role Id of user. 2273d946efdSleet ${role_config}= Redfish_Utils.Get Attribute 2283d946efdSleet ... /redfish/v1/AccountService/Accounts/${username} RoleId 2293d946efdSleet Should Be Equal ${role_id} ${role_config} 2303d946efdSleet Redfish.Logout 2313d946efdSleet 2323d946efdSleetDelete Created Redfish Users Except Default Admin 2333d946efdSleet [Documentation] Delete the admin, patched, operator, readonly, and post users. 2343d946efdSleet 2353d946efdSleet Redfish.Login 2363d946efdSleet Run Keyword And Ignore Error Redfish.Delete ${REDFISH_ACCOUNTS_URI}${admin_user} 2373d946efdSleet ... valid_status_codes=[${HTTP_OK}] 2383d946efdSleet Run Keyword And Ignore Error Redfish.Delete ${REDFISH_ACCOUNTS_URI}${patched_user} 2393d946efdSleet ... valid_status_codes=[${HTTP_OK}] 2403d946efdSleet Run Keyword And Ignore Error Redfish.Delete ${REDFISH_ACCOUNTS_URI}${operator_user} 2413d946efdSleet ... valid_status_codes=[${HTTP_OK}] 2423d946efdSleet Run Keyword And Ignore Error Redfish.Delete ${REDFISH_ACCOUNTS_URI}${readonly_user} 2433d946efdSleet ... valid_status_codes=[${HTTP_OK}] 2443d946efdSleet Run Keyword And Ignore Error Redfish.Delete ${REDFISH_ACCOUNTS_URI}${post_user} 2453d946efdSleet ... valid_status_codes=[${HTTP_OK}] 2463d946efdSleet Redfish.Logout 247