1*** Settings ***
2Documentation    Script to test Redfish privilege registry with various users
3...  such as test, admin, operator, readonly, patched.
4
5Resource         ../../lib/resource.robot
6Resource         ../../lib/bmc_redfish_resource.robot
7Resource         ../../lib/openbmc_ffdc.robot
8Resource         ../../lib/bmc_redfish_utils.robot
9
10Suite Setup      Create And Verify Various Privilege Users
11Suite Teardown   Delete Created Redfish Users Except Default Admin
12Test Teardown    Redfish.Logout
13
14Test Tags        Redfish_Privilege_Registry
15
16*** Variables ***
17
18${test_user}           testuser
19${test_password}       testpassword
20${admin_user}          testadmin
21${admin_password}      adminpassword
22${operator_user}       testoperator
23${operator_password}   operatorpassword
24${readonly_user}       testreadonly
25${readonly_password}   readonlypassword
26${patched_user}        patchuser
27${post_user}           postuser
28${post_password}       postpassword
29${account_service}     ${2}
30
31*** Test Cases ***
32
33Verify Redfish Privilege Registry Properties
34    [Documentation]  Verify the Redfish Privilege Registry properties.
35    [Tags]  Verify_Redfish_Privilege_Registry_Properties
36
37    Redfish.Login
38
39    # Get the complete Privilege Registry URL
40    ${url}=   Get Redfish Privilege Registry json URL
41    ${resp}=   Redfish.Get  ${url}
42    Should Be Equal As Strings  ${resp.status}  ${HTTP_OK}
43
44    # Verify the Privilege Registry Resource.
45    # Example:
46    #  "Id": "Redfish_1.1.0_PrivilegeRegistry",
47    #  "Name": "Privilege Mapping array collection",
48    #  "PrivilegesUsed": [
49    #     "Login",
50    #     "ConfigureManager",
51    #     "ConfigureUsers",
52    #     "ConfigureComponents",
53    #     "ConfigureSelf"
54    #  ],
55
56    Should Be Equal As Strings  ${resp.dict["Id"]}  Redfish_1.1.0_PrivilegeRegistry
57    Should Be Equal As Strings  ${resp.dict["Name"]}  Privilege Mapping array collection
58    Should Be Equal As Strings  ${resp.dict["PrivilegesUsed"][0]}  Login
59    Should Be Equal As Strings  ${resp.dict["PrivilegesUsed"][1]}  ConfigureManager
60    Should Be Equal As Strings  ${resp.dict["PrivilegesUsed"][2]}  ConfigureUsers
61    Should Be Equal As Strings  ${resp.dict["PrivilegesUsed"][3]}  ConfigureComponents
62    Should Be Equal As Strings  ${resp.dict["PrivilegesUsed"][4]}  ConfigureSelf
63
64Verify Redfish Privilege Registry Mappings Properties For Account Service
65    [Documentation]  Verify Privilege Registry Account Service Mappings resource properties.
66    [Tags]  Verify_Redfish_Privilege_Registry_Mappings_Properties_For_Account_Service
67
68    # Below is the mapping for Redfish Privilege Registry property for
69    # Account Service.
70
71    # "Mappings": [
72    #    {
73    #        "Entity": "AccountService",
74    #        "OperationMap": {
75    #            "GET": [{
76    #                    "Privilege": [
77    #                        "Login"
78    #                    ]}],
79    #            "HEAD": [{
80    #                    "Privilege": [
81    #                        "Login"
82    #                    ]}],
83    #            "PATCH": [{
84    #                    "Privilege": [
85    #                        "ConfigureUsers"
86    #                    ]}],
87    #            "PUT": [{
88    #                    "Privilege": [
89    #                        "ConfigureUsers"
90    #                    ]}],
91    #            "DELETE": [{
92    #                    "Privilege": [
93    #                        "ConfigureUsers"
94    #                    ]}],
95    #            "POST": [{
96    #                    "Privilege": [
97    #                        "ConfigureUsers"
98    #                    ]}]}
99    #    }
100
101    # | ROLE NAME     | ASSIGNED PRIVILEGES
102    # |---------------|--------------------
103    # | Administrator | Login, ConfigureManager, ConfigureUsers, ConfigureComponents, ConfigureSelf.
104    # | Operator      | Login, ConfigureComponents, ConfigureSelf.
105    # | ReadOnly      | Login, ConfigureSelf.
106
107    # Get the complete Privilege Registry URL.
108    ${url}=   Get Redfish Privilege Registry json URL
109    ${resp}=   Redfish.Get  ${url}
110
111    # Get mappings properties for Entity: Account Service.
112    @{mappings}=  Get From Dictionary  ${resp.dict}  Mappings
113
114    Should Be Equal   ${mappings[${account_service}]['OperationMap']['GET'][0]['Privilege'][0]}
115    ...   Login
116    Should Be Equal   ${mappings[${account_service}]['OperationMap']['HEAD'][0]['Privilege'][0]}
117    ...   Login
118    Should Be Equal   ${mappings[${account_service}]['OperationMap']['PATCH'][0]['Privilege'][0]}
119    ...   ConfigureUsers
120    Should Be Equal   ${mappings[${account_service}]['OperationMap']['PUT'][0]['Privilege'][0]}
121    ...   ConfigureUsers
122    Should Be Equal   ${mappings[${account_service}]['OperationMap']['DELETE'][0]['Privilege'][0]}
123    ...   ConfigureUsers
124    Should Be Equal   ${mappings[${account_service}]['OperationMap']['POST'][0]['Privilege'][0]}
125    ...   ConfigureUsers
126
127Verify Admin User Privileges Via Redfish
128    [Documentation]  Verify Admin user privileges via Redfish.
129    [Tags]  Verify_Admin_User_Privileges_Via_Redfish
130
131    Redfish.Login   ${admin_user}   ${admin_password}
132
133    ${payload}=  Create Dictionary
134    ...  UserName=${post_user}  Password=${post_password}  RoleId=Operator  Enabled=${true}
135    Redfish.Post  ${REDFISH_ACCOUNTS_URI}  body=&{payload}
136    ...  valid_status_codes=[${HTTP_CREATED}]
137
138    ${data}=  Create Dictionary  UserName=${patched_user}
139    Redfish.patch  ${REDFISH_ACCOUNTS_URI}${test_user}  body=&{data}
140    ...  valid_status_codes=[${HTTP_OK}, ${HTTP_NO_CONTENT}]
141
142    ${patched_user_name}=   Redfish.Get Attribute  ${REDFISH_ACCOUNTS_URI}${patched_user}  UserName
143    Should Be Equal  ${patched_user_name}  ${patched_user}
144
145Verify Operator User Privileges Via Redfish
146    [Documentation]  Verify Operator user privileges via Redfish.
147    [Tags]  Verify_Operator_User_Privileges_Via_Redfish
148
149    Redfish.Login   ${operator_user}   ${operator_password}
150
151    ${payload}=  Create Dictionary
152    ...  UserName=${post_user}  Password=${post_password}  RoleId=Operator  Enabled=${true}
153    Redfish.Post  ${REDFISH_ACCOUNTS_URI}  body=&{payload}
154    ...  valid_status_codes=[${HTTP_FORBIDDEN}]
155
156    ${data}=  Create Dictionary  UserName=${patched_user}
157    Redfish.patch  ${REDFISH_ACCOUNTS_URI}${test_user}  body=&{data}
158    ...  valid_status_codes=[${HTTP_FORBIDDEN}]
159
160    Redfish.Get   ${REDFISH_ACCOUNTS_URI}${patched_user}
161    ...  valid_status_codes=[${HTTP_FORBIDDEN}]
162
163    Redfish.Delete  ${REDFISH_ACCOUNTS_URI}${patched_user}
164    ...  valid_status_codes=[${HTTP_FORBIDDEN}]
165
166Verify ReadOnly User Privileges Via Redfish
167    [Documentation]  Verify ReadOnly user privileges via Redfish.
168    [Tags]  Verify_ReadOnly_User_Privileges_Via_Redfish
169
170    Redfish.Login   ${readonly_user}   ${readonly_password}
171
172    ${payload}=  Create Dictionary
173    ...  UserName=${post_user}  Password=${post_password}  RoleId=Operator  Enabled=${true}
174    Redfish.Post  ${REDFISH_ACCOUNTS_URI}  body=&{payload}
175    ...  valid_status_codes=[${HTTP_FORBIDDEN}]
176
177    ${data}=  Create Dictionary  UserName=${patched_user}
178    Redfish.patch  ${REDFISH_ACCOUNTS_URI}${test_user}  body=&{data}
179    ...  valid_status_codes=[${HTTP_FORBIDDEN}]
180
181    Redfish.Get  ${REDFISH_ACCOUNTS_URI}${patched_user}
182    ...  valid_status_codes=[${HTTP_FORBIDDEN}]
183
184    Redfish.Delete  ${REDFISH_ACCOUNTS_URI}${patched_user}
185    ...  valid_status_codes=[${HTTP_FORBIDDEN}]
186
187
188*** Keywords ***
189
190Get Redfish Privilege Registry Json URL
191    [Documentation]  Return the complete Privilege Registry Json URL.
192
193    # Get Privilege Registry version Json path in redfish.
194    # Example: Redfish_1.1.0_PrivilegeRegistry.json
195
196    ${resp}=  Redfish.Get
197    ...  /redfish/v1/Registries/PrivilegeRegistry/
198    @{location}=  Get From Dictionary  ${resp.dict}  Location
199    ${uri}=   Set Variable   ${location[0]['Uri']}
200    RETURN   ${uri}
201
202Create And Verify Various Privilege Users
203    [Documentation]  Create and verify admin, test, operator, and readonly users.
204
205    Redfish Create User   ${test_user}  ${test_password}  Operator  ${true}
206    Redfish Create User   ${admin_user}  ${admin_password}  Administrator  ${true}
207    Redfish Create User   ${operator_user}  ${operator_password}  Operator  ${true}
208    Redfish Create User   ${readonly_user}  ${readonly_password}  ReadOnly  ${true}
209
210    Redfish Verify User   ${test_user}  ${test_password}  Operator
211    Redfish Verify User   ${admin_user}  ${admin_password}  Administrator
212    Redfish Verify User   ${operator_user}  ${operator_password}  Operator
213    Redfish Verify User   ${readonly_user}  ${readonly_password}  ReadOnly
214
215Redfish Verify User
216    [Documentation]  Verify Redfish user with given credentials.
217    [Arguments]   ${username}  ${password}  ${role_id}
218
219    # Description of argument(s):
220    # username            The username to be created.
221    # password            The password to be assigned.
222    # role_id             The role ID of the user to be created
223    #                     (e.g. "Administrator", "Operator", etc.).
224
225    Run Keyword And Ignore Error  Redfish.Logout
226    Redfish.Login  ${username}  ${password}
227
228    # Validate Role Id of user.
229    ${role_config}=  Redfish_Utils.Get Attribute
230    ...  /redfish/v1/AccountService/Accounts/${username}  RoleId
231    Should Be Equal  ${role_id}  ${role_config}
232    Redfish.Logout
233
234Delete Created Redfish Users Except Default Admin
235    [Documentation]  Delete the admin, patched, operator, readonly, and post users.
236
237    Redfish.Login
238    Run Keyword And Ignore Error  Redfish.Delete  ${REDFISH_ACCOUNTS_URI}${admin_user}
239    ...  valid_status_codes=[${HTTP_OK}]
240    Run Keyword And Ignore Error  Redfish.Delete  ${REDFISH_ACCOUNTS_URI}${patched_user}
241    ...  valid_status_codes=[${HTTP_OK}]
242    Run Keyword And Ignore Error  Redfish.Delete  ${REDFISH_ACCOUNTS_URI}${operator_user}
243    ...  valid_status_codes=[${HTTP_OK}]
244    Run Keyword And Ignore Error  Redfish.Delete  ${REDFISH_ACCOUNTS_URI}${readonly_user}
245    ...  valid_status_codes=[${HTTP_OK}]
246    Run Keyword And Ignore Error  Redfish.Delete  ${REDFISH_ACCOUNTS_URI}${post_user}
247    ...  valid_status_codes=[${HTTP_OK}]
248    Redfish.Logout
249