13d946efdSleet*** Settings ***
23d946efdSleetDocumentation    Script to test Redfish privilege registry with various users
33d946efdSleet...  such as test, admin, operator, readonly, patched.
43d946efdSleet
53d946efdSleetResource         ../../lib/resource.robot
63d946efdSleetResource         ../../lib/bmc_redfish_resource.robot
73d946efdSleetResource         ../../lib/openbmc_ffdc.robot
83d946efdSleetResource         ../../lib/bmc_redfish_utils.robot
93d946efdSleet
103d946efdSleetSuite Setup      Create And Verify Various Privilege Users
113d946efdSleetSuite Teardown   Delete Created Redfish Users Except Default Admin
123d946efdSleetTest Teardown    Redfish.Logout
133d946efdSleet
143d946efdSleet*** Variables ***
153d946efdSleet
163d946efdSleet${test_user}           testuser
173d946efdSleet${test_password}       testpassword
183d946efdSleet${admin_user}          testadmin
193d946efdSleet${admin_password}      adminpassword
203d946efdSleet${operator_user}       testoperator
213d946efdSleet${operator_password}   operatorpassword
223d946efdSleet${readonly_user}       testreadonly
233d946efdSleet${readonly_password}   readonlypassword
243d946efdSleet${patched_user}        patchuser
253d946efdSleet${post_user}           postuser
263d946efdSleet${post_password}       postpassword
273d946efdSleet${account_service}     ${2}
283d946efdSleet
293d946efdSleet** Test Cases **
303d946efdSleet
313d946efdSleetVerify Redfish Privilege Registry Properties
323d946efdSleet    [Documentation]  Verify the Redfish Privilege Registry properties.
333d946efdSleet    [Tags]  Verify_Redfish_Privilege_Registry_Properties
343d946efdSleet
353d946efdSleet    Redfish.Login
363d946efdSleet
373d946efdSleet    # Get the complete Privilege Registry URL
383d946efdSleet    ${url}=   Get Redfish Privilege Registry json URL
393d946efdSleet    ${resp}=   Redfish.Get  ${url}
403d946efdSleet    Should Be Equal As Strings  ${resp.status}  ${HTTP_OK}
413d946efdSleet
423d946efdSleet    # Verify the Privilege Registry Resource.
433d946efdSleet    # Example:
443d946efdSleet    #  "Id": "Redfish_1.1.0_PrivilegeRegistry",
453d946efdSleet    #  "Name": "Privilege Mapping array collection",
463d946efdSleet    #  "PrivilegesUsed": [
473d946efdSleet    #     "Login",
483d946efdSleet    #     "ConfigureManager",
493d946efdSleet    #     "ConfigureUsers",
503d946efdSleet    #     "ConfigureComponents",
513d946efdSleet    #     "ConfigureSelf"
523d946efdSleet    #  ],
533d946efdSleet
543d946efdSleet    Should Be Equal As Strings  ${resp.dict["Id"]}  Redfish_1.1.0_PrivilegeRegistry
553d946efdSleet    Should Be Equal As Strings  ${resp.dict["Name"]}  Privilege Mapping array collection
563d946efdSleet    Should Be Equal As Strings  ${resp.dict["PrivilegesUsed"][0]}  Login
573d946efdSleet    Should Be Equal As Strings  ${resp.dict["PrivilegesUsed"][1]}  ConfigureManager
583d946efdSleet    Should Be Equal As Strings  ${resp.dict["PrivilegesUsed"][2]}  ConfigureUsers
593d946efdSleet    Should Be Equal As Strings  ${resp.dict["PrivilegesUsed"][3]}  ConfigureComponents
603d946efdSleet    Should Be Equal As Strings  ${resp.dict["PrivilegesUsed"][4]}  ConfigureSelf
613d946efdSleet
623d946efdSleetVerify Redfish Privilege Registry Mappings Properties For Account Service
633d946efdSleet    [Documentation]  Verify Privilege Registry Account Service Mappings resource properties.
643d946efdSleet    [Tags]  Verify_Redfish_Privilege_Registry_Mappings_Properties_For_Account_Service
653d946efdSleet
663d946efdSleet    # Below is the mapping for Redfish Privilege Registry property for
673d946efdSleet    # Account Service.
683d946efdSleet
693d946efdSleet    # "Mappings": [
703d946efdSleet    #    {
713d946efdSleet    #        "Entity": "AccountService",
723d946efdSleet    #        "OperationMap": {
733d946efdSleet    #            "GET": [{
743d946efdSleet    #                    "Privilege": [
753d946efdSleet    #                        "Login"
763d946efdSleet    #                    ]}],
773d946efdSleet    #            "HEAD": [{
783d946efdSleet    #                    "Privilege": [
793d946efdSleet    #                        "Login"
803d946efdSleet    #                    ]}],
813d946efdSleet    #            "PATCH": [{
823d946efdSleet    #                    "Privilege": [
833d946efdSleet    #                        "ConfigureUsers"
843d946efdSleet    #                    ]}],
853d946efdSleet    #            "PUT": [{
863d946efdSleet    #                    "Privilege": [
873d946efdSleet    #                        "ConfigureUsers"
883d946efdSleet    #                    ]}],
893d946efdSleet    #            "DELETE": [{
903d946efdSleet    #                    "Privilege": [
913d946efdSleet    #                        "ConfigureUsers"
923d946efdSleet    #                    ]}],
933d946efdSleet    #            "POST": [{
943d946efdSleet    #                    "Privilege": [
953d946efdSleet    #                        "ConfigureUsers"
963d946efdSleet    #                    ]}]}
973d946efdSleet    #    }
983d946efdSleet
993d946efdSleet    # | ROLE NAME     | ASSIGNED PRIVILEGES
1003d946efdSleet    # |---------------|--------------------
1013d946efdSleet    # | Administrator | Login, ConfigureManager, ConfigureUsers, ConfigureComponents, ConfigureSelf.
1023d946efdSleet    # | Operator      | Login, ConfigureComponents, ConfigureSelf.
1033d946efdSleet    # | ReadOnly      | Login, ConfigureSelf.
1043d946efdSleet
1053d946efdSleet    # Get the complete Privilege Registry URL.
1063d946efdSleet    ${url}=   Get Redfish Privilege Registry json URL
1073d946efdSleet    ${resp}=   Redfish.Get  ${url}
1083d946efdSleet
1093d946efdSleet    # Get mappings properties for Entity: Account Service.
1103d946efdSleet    @{mappings}=  Get From Dictionary  ${resp.dict}  Mappings
1113d946efdSleet
1123d946efdSleet    Should Be Equal   ${mappings[${account_service}]['OperationMap']['GET'][0]['Privilege'][0]}
1133d946efdSleet    ...   Login
1143d946efdSleet    Should Be Equal   ${mappings[${account_service}]['OperationMap']['HEAD'][0]['Privilege'][0]}
1153d946efdSleet    ...   Login
1163d946efdSleet    Should Be Equal   ${mappings[${account_service}]['OperationMap']['PATCH'][0]['Privilege'][0]}
1173d946efdSleet    ...   ConfigureUsers
1183d946efdSleet    Should Be Equal   ${mappings[${account_service}]['OperationMap']['PUT'][0]['Privilege'][0]}
1193d946efdSleet    ...   ConfigureUsers
1203d946efdSleet    Should Be Equal   ${mappings[${account_service}]['OperationMap']['DELETE'][0]['Privilege'][0]}
1213d946efdSleet    ...   ConfigureUsers
1223d946efdSleet    Should Be Equal   ${mappings[${account_service}]['OperationMap']['POST'][0]['Privilege'][0]}
1233d946efdSleet    ...   ConfigureUsers
1243d946efdSleet
1253d946efdSleetVerify Admin User Privileges Via Redfish
1263d946efdSleet    [Documentation]  Verify Admin user privileges via Redfish.
1273d946efdSleet    [Tags]  Verify_Admin_User_Privileges_Via_Redfish
1283d946efdSleet
1293d946efdSleet    Redfish.Login   ${admin_user}   ${admin_password}
1303d946efdSleet
1313d946efdSleet    ${payload}=  Create Dictionary
1323d946efdSleet    ...  UserName=${post_user}  Password=${post_password}  RoleId=Operator  Enabled=${true}
1333d946efdSleet    Redfish.Post  ${REDFISH_ACCOUNTS_URI}  body=&{payload}
1343d946efdSleet    ...  valid_status_codes=[${HTTP_CREATED}]
1353d946efdSleet
1363d946efdSleet    ${data}=  Create Dictionary  UserName=${patched_user}
1373d946efdSleet    Redfish.patch  ${REDFISH_ACCOUNTS_URI}${test_user}  body=&{data}
1383d946efdSleet    ...  valid_status_codes=[${HTTP_OK}, ${HTTP_NO_CONTENT}]
1393d946efdSleet
1403d946efdSleet    ${patched_user_name}=   Redfish.Get Attribute  ${REDFISH_ACCOUNTS_URI}${patched_user}  UserName
1413d946efdSleet    Should Be Equal  ${patched_user_name}  ${patched_user}
1423d946efdSleet
1433d946efdSleetVerify Operator User Privileges Via Redfish
1443d946efdSleet    [Documentation]  Verify Operator user privileges via Redfish.
1453d946efdSleet    [Tags]  Verify_Operator_User_Privileges_Via_Redfish
1463d946efdSleet
1473d946efdSleet    Redfish.Login   ${operator_user}   ${operator_password}
1483d946efdSleet
1493d946efdSleet    ${payload}=  Create Dictionary
1503d946efdSleet    ...  UserName=${post_user}  Password=${post_password}  RoleId=Operator  Enabled=${true}
1513d946efdSleet    Redfish.Post  ${REDFISH_ACCOUNTS_URI}  body=&{payload}
1523d946efdSleet    ...  valid_status_codes=[${HTTP_FORBIDDEN}]
1533d946efdSleet
1543d946efdSleet    ${data}=  Create Dictionary  UserName=${patched_user}
1553d946efdSleet    Redfish.patch  ${REDFISH_ACCOUNTS_URI}${test_user}  body=&{data}
1563d946efdSleet    ...  valid_status_codes=[${HTTP_FORBIDDEN}]
1573d946efdSleet
1583d946efdSleet    Redfish.Get   ${REDFISH_ACCOUNTS_URI}${patched_user}
1593d946efdSleet    ...  valid_status_codes=[${HTTP_FORBIDDEN}]
1603d946efdSleet
1613d946efdSleet    Redfish.Delete  ${REDFISH_ACCOUNTS_URI}${patched_user}
1623d946efdSleet    ...  valid_status_codes=[${HTTP_FORBIDDEN}]
1633d946efdSleet
1643d946efdSleetVerify ReadOnly User Privileges Via Redfish
1653d946efdSleet    [Documentation]  Verify ReadOnly user privileges via Redfish.
1663d946efdSleet    [Tags]  Verify_ReadOnly_User_Privileges_Via_Redfish
1673d946efdSleet
1683d946efdSleet    Redfish.Login   ${readonly_user}   ${readonly_password}
1693d946efdSleet
1703d946efdSleet    ${payload}=  Create Dictionary
1713d946efdSleet    ...  UserName=${post_user}  Password=${post_password}  RoleId=Operator  Enabled=${true}
1723d946efdSleet    Redfish.Post  ${REDFISH_ACCOUNTS_URI}  body=&{payload}
1733d946efdSleet    ...  valid_status_codes=[${HTTP_FORBIDDEN}]
1743d946efdSleet
1753d946efdSleet    ${data}=  Create Dictionary  UserName=${patched_user}
1763d946efdSleet    Redfish.patch  ${REDFISH_ACCOUNTS_URI}${test_user}  body=&{data}
1773d946efdSleet    ...  valid_status_codes=[${HTTP_FORBIDDEN}]
1783d946efdSleet
1793d946efdSleet    Redfish.Get  ${REDFISH_ACCOUNTS_URI}${patched_user}
1803d946efdSleet    ...  valid_status_codes=[${HTTP_FORBIDDEN}]
1813d946efdSleet
1823d946efdSleet    Redfish.Delete  ${REDFISH_ACCOUNTS_URI}${patched_user}
1833d946efdSleet    ...  valid_status_codes=[${HTTP_FORBIDDEN}]
1843d946efdSleet
1853d946efdSleet
1863d946efdSleet*** Keywords ***
1873d946efdSleet
1883d946efdSleetGet Redfish Privilege Registry Json URL
1893d946efdSleet    [Documentation]  Return the complete Privilege Registry Json URL.
1903d946efdSleet
1913d946efdSleet    # Get Privilege Registry version Json path in redfish.
1923d946efdSleet    # Example: Redfish_1.1.0_PrivilegeRegistry.json
1933d946efdSleet
1943d946efdSleet    ${resp}=  Redfish.Get
1953d946efdSleet    ...  /redfish/v1/Registries/PrivilegeRegistry/
1963d946efdSleet    @{location}=  Get From Dictionary  ${resp.dict}  Location
1973d946efdSleet    ${uri}=   Set Variable   ${location[0]['Uri']}
198*409df05dSGeorge Keishing    RETURN   ${uri}
1993d946efdSleet
2003d946efdSleetCreate And Verify Various Privilege Users
2013d946efdSleet    [Documentation]  Create and verify admin, test, operator, and readonly users.
2023d946efdSleet
2033d946efdSleet    Redfish Create User   ${test_user}  ${test_password}  Operator  ${true}
2043d946efdSleet    Redfish Create User   ${admin_user}  ${admin_password}  Administrator  ${true}
2053d946efdSleet    Redfish Create User   ${operator_user}  ${operator_password}  Operator  ${true}
2063d946efdSleet    Redfish Create User   ${readonly_user}  ${readonly_password}  ReadOnly  ${true}
2073d946efdSleet
2083d946efdSleet    Redfish Verify User   ${test_user}  ${test_password}  Operator
2093d946efdSleet    Redfish Verify User   ${admin_user}  ${admin_password}  Administrator
2103d946efdSleet    Redfish Verify User   ${operator_user}  ${operator_password}  Operator
2113d946efdSleet    Redfish Verify User   ${readonly_user}  ${readonly_password}  ReadOnly
2123d946efdSleet
2133d946efdSleetRedfish Verify User
2143d946efdSleet    [Documentation]  Verify Redfish user with given credentials.
2153d946efdSleet    [Arguments]   ${username}  ${password}  ${role_id}
2163d946efdSleet
2173d946efdSleet    # Description of argument(s):
2183d946efdSleet    # username            The username to be created.
2193d946efdSleet    # password            The password to be assigned.
2203d946efdSleet    # role_id             The role ID of the user to be created
2213d946efdSleet    #                     (e.g. "Administrator", "Operator", etc.).
2223d946efdSleet
2233d946efdSleet    Run Keyword And Ignore Error  Redfish.Logout
2243d946efdSleet    Redfish.Login  ${username}  ${password}
2253d946efdSleet
2263d946efdSleet    # Validate Role Id of user.
2273d946efdSleet    ${role_config}=  Redfish_Utils.Get Attribute
2283d946efdSleet    ...  /redfish/v1/AccountService/Accounts/${username}  RoleId
2293d946efdSleet    Should Be Equal  ${role_id}  ${role_config}
2303d946efdSleet    Redfish.Logout
2313d946efdSleet
2323d946efdSleetDelete Created Redfish Users Except Default Admin
2333d946efdSleet    [Documentation]  Delete the admin, patched, operator, readonly, and post users.
2343d946efdSleet
2353d946efdSleet    Redfish.Login
2363d946efdSleet    Run Keyword And Ignore Error  Redfish.Delete  ${REDFISH_ACCOUNTS_URI}${admin_user}
2373d946efdSleet    ...  valid_status_codes=[${HTTP_OK}]
2383d946efdSleet    Run Keyword And Ignore Error  Redfish.Delete  ${REDFISH_ACCOUNTS_URI}${patched_user}
2393d946efdSleet    ...  valid_status_codes=[${HTTP_OK}]
2403d946efdSleet    Run Keyword And Ignore Error  Redfish.Delete  ${REDFISH_ACCOUNTS_URI}${operator_user}
2413d946efdSleet    ...  valid_status_codes=[${HTTP_OK}]
2423d946efdSleet    Run Keyword And Ignore Error  Redfish.Delete  ${REDFISH_ACCOUNTS_URI}${readonly_user}
2433d946efdSleet    ...  valid_status_codes=[${HTTP_OK}]
2443d946efdSleet    Run Keyword And Ignore Error  Redfish.Delete  ${REDFISH_ACCOUNTS_URI}${post_user}
2453d946efdSleet    ...  valid_status_codes=[${HTTP_OK}]
2463d946efdSleet    Redfish.Logout
247