1*** Settings ***
2Documentation    Script to test Redfish privilege registry with various users
3...  such as test, admin, operator, readonly, patched.
4
5Resource         ../../lib/resource.robot
6Resource         ../../lib/bmc_redfish_resource.robot
7Resource         ../../lib/openbmc_ffdc.robot
8Resource         ../../lib/bmc_redfish_utils.robot
9
10Suite Setup      Create And Verify Various Privilege Users
11Suite Teardown   Delete Created Redfish Users Except Default Admin
12Test Teardown    Redfish.Logout
13
14*** Variables ***
15
16${test_user}           testuser
17${test_password}       testpassword
18${admin_user}          testadmin
19${admin_password}      adminpassword
20${operator_user}       testoperator
21${operator_password}   operatorpassword
22${readonly_user}       testreadonly
23${readonly_password}   readonlypassword
24${patched_user}        patchuser
25${post_user}           postuser
26${post_password}       postpassword
27${account_service}     ${2}
28
29** Test Cases **
30
31Verify Redfish Privilege Registry Properties
32    [Documentation]  Verify the Redfish Privilege Registry properties.
33    [Tags]  Verify_Redfish_Privilege_Registry_Properties
34
35    Redfish.Login
36
37    # Get the complete Privilege Registry URL
38    ${url}=   Get Redfish Privilege Registry json URL
39    ${resp}=   Redfish.Get  ${url}
40    Should Be Equal As Strings  ${resp.status}  ${HTTP_OK}
41
42    # Verify the Privilege Registry Resource.
43    # Example:
44    #  "Id": "Redfish_1.1.0_PrivilegeRegistry",
45    #  "Name": "Privilege Mapping array collection",
46    #  "PrivilegesUsed": [
47    #     "Login",
48    #     "ConfigureManager",
49    #     "ConfigureUsers",
50    #     "ConfigureComponents",
51    #     "ConfigureSelf"
52    #  ],
53
54    Should Be Equal As Strings  ${resp.dict["Id"]}  Redfish_1.1.0_PrivilegeRegistry
55    Should Be Equal As Strings  ${resp.dict["Name"]}  Privilege Mapping array collection
56    Should Be Equal As Strings  ${resp.dict["PrivilegesUsed"][0]}  Login
57    Should Be Equal As Strings  ${resp.dict["PrivilegesUsed"][1]}  ConfigureManager
58    Should Be Equal As Strings  ${resp.dict["PrivilegesUsed"][2]}  ConfigureUsers
59    Should Be Equal As Strings  ${resp.dict["PrivilegesUsed"][3]}  ConfigureComponents
60    Should Be Equal As Strings  ${resp.dict["PrivilegesUsed"][4]}  ConfigureSelf
61
62Verify Redfish Privilege Registry Mappings Properties For Account Service
63    [Documentation]  Verify Privilege Registry Account Service Mappings resource properties.
64    [Tags]  Verify_Redfish_Privilege_Registry_Mappings_Properties_For_Account_Service
65
66    # Below is the mapping for Redfish Privilege Registry property for
67    # Account Service.
68
69    # "Mappings": [
70    #    {
71    #        "Entity": "AccountService",
72    #        "OperationMap": {
73    #            "GET": [{
74    #                    "Privilege": [
75    #                        "Login"
76    #                    ]}],
77    #            "HEAD": [{
78    #                    "Privilege": [
79    #                        "Login"
80    #                    ]}],
81    #            "PATCH": [{
82    #                    "Privilege": [
83    #                        "ConfigureUsers"
84    #                    ]}],
85    #            "PUT": [{
86    #                    "Privilege": [
87    #                        "ConfigureUsers"
88    #                    ]}],
89    #            "DELETE": [{
90    #                    "Privilege": [
91    #                        "ConfigureUsers"
92    #                    ]}],
93    #            "POST": [{
94    #                    "Privilege": [
95    #                        "ConfigureUsers"
96    #                    ]}]}
97    #    }
98
99    # | ROLE NAME     | ASSIGNED PRIVILEGES
100    # |---------------|--------------------
101    # | Administrator | Login, ConfigureManager, ConfigureUsers, ConfigureComponents, ConfigureSelf.
102    # | Operator      | Login, ConfigureComponents, ConfigureSelf.
103    # | ReadOnly      | Login, ConfigureSelf.
104
105    # Get the complete Privilege Registry URL.
106    ${url}=   Get Redfish Privilege Registry json URL
107    ${resp}=   Redfish.Get  ${url}
108
109    # Get mappings properties for Entity: Account Service.
110    @{mappings}=  Get From Dictionary  ${resp.dict}  Mappings
111
112    Should Be Equal   ${mappings[${account_service}]['OperationMap']['GET'][0]['Privilege'][0]}
113    ...   Login
114    Should Be Equal   ${mappings[${account_service}]['OperationMap']['HEAD'][0]['Privilege'][0]}
115    ...   Login
116    Should Be Equal   ${mappings[${account_service}]['OperationMap']['PATCH'][0]['Privilege'][0]}
117    ...   ConfigureUsers
118    Should Be Equal   ${mappings[${account_service}]['OperationMap']['PUT'][0]['Privilege'][0]}
119    ...   ConfigureUsers
120    Should Be Equal   ${mappings[${account_service}]['OperationMap']['DELETE'][0]['Privilege'][0]}
121    ...   ConfigureUsers
122    Should Be Equal   ${mappings[${account_service}]['OperationMap']['POST'][0]['Privilege'][0]}
123    ...   ConfigureUsers
124
125Verify Admin User Privileges Via Redfish
126    [Documentation]  Verify Admin user privileges via Redfish.
127    [Tags]  Verify_Admin_User_Privileges_Via_Redfish
128
129    Redfish.Login   ${admin_user}   ${admin_password}
130
131    ${payload}=  Create Dictionary
132    ...  UserName=${post_user}  Password=${post_password}  RoleId=Operator  Enabled=${true}
133    Redfish.Post  ${REDFISH_ACCOUNTS_URI}  body=&{payload}
134    ...  valid_status_codes=[${HTTP_CREATED}]
135
136    ${data}=  Create Dictionary  UserName=${patched_user}
137    Redfish.patch  ${REDFISH_ACCOUNTS_URI}${test_user}  body=&{data}
138    ...  valid_status_codes=[${HTTP_OK}, ${HTTP_NO_CONTENT}]
139
140    ${patched_user_name}=   Redfish.Get Attribute  ${REDFISH_ACCOUNTS_URI}${patched_user}  UserName
141    Should Be Equal  ${patched_user_name}  ${patched_user}
142
143Verify Operator User Privileges Via Redfish
144    [Documentation]  Verify Operator user privileges via Redfish.
145    [Tags]  Verify_Operator_User_Privileges_Via_Redfish
146
147    Redfish.Login   ${operator_user}   ${operator_password}
148
149    ${payload}=  Create Dictionary
150    ...  UserName=${post_user}  Password=${post_password}  RoleId=Operator  Enabled=${true}
151    Redfish.Post  ${REDFISH_ACCOUNTS_URI}  body=&{payload}
152    ...  valid_status_codes=[${HTTP_FORBIDDEN}]
153
154    ${data}=  Create Dictionary  UserName=${patched_user}
155    Redfish.patch  ${REDFISH_ACCOUNTS_URI}${test_user}  body=&{data}
156    ...  valid_status_codes=[${HTTP_FORBIDDEN}]
157
158    Redfish.Get   ${REDFISH_ACCOUNTS_URI}${patched_user}
159    ...  valid_status_codes=[${HTTP_FORBIDDEN}]
160
161    Redfish.Delete  ${REDFISH_ACCOUNTS_URI}${patched_user}
162    ...  valid_status_codes=[${HTTP_FORBIDDEN}]
163
164Verify ReadOnly User Privileges Via Redfish
165    [Documentation]  Verify ReadOnly user privileges via Redfish.
166    [Tags]  Verify_ReadOnly_User_Privileges_Via_Redfish
167
168    Redfish.Login   ${readonly_user}   ${readonly_password}
169
170    ${payload}=  Create Dictionary
171    ...  UserName=${post_user}  Password=${post_password}  RoleId=Operator  Enabled=${true}
172    Redfish.Post  ${REDFISH_ACCOUNTS_URI}  body=&{payload}
173    ...  valid_status_codes=[${HTTP_FORBIDDEN}]
174
175    ${data}=  Create Dictionary  UserName=${patched_user}
176    Redfish.patch  ${REDFISH_ACCOUNTS_URI}${test_user}  body=&{data}
177    ...  valid_status_codes=[${HTTP_FORBIDDEN}]
178
179    Redfish.Get  ${REDFISH_ACCOUNTS_URI}${patched_user}
180    ...  valid_status_codes=[${HTTP_FORBIDDEN}]
181
182    Redfish.Delete  ${REDFISH_ACCOUNTS_URI}${patched_user}
183    ...  valid_status_codes=[${HTTP_FORBIDDEN}]
184
185
186*** Keywords ***
187
188Get Redfish Privilege Registry Json URL
189    [Documentation]  Return the complete Privilege Registry Json URL.
190
191    # Get Privilege Registry version Json path in redfish.
192    # Example: Redfish_1.1.0_PrivilegeRegistry.json
193
194    ${resp}=  Redfish.Get
195    ...  /redfish/v1/Registries/PrivilegeRegistry/
196    @{location}=  Get From Dictionary  ${resp.dict}  Location
197    ${uri}=   Set Variable   ${location[0]['Uri']}
198    RETURN   ${uri}
199
200Create And Verify Various Privilege Users
201    [Documentation]  Create and verify admin, test, operator, and readonly users.
202
203    Redfish Create User   ${test_user}  ${test_password}  Operator  ${true}
204    Redfish Create User   ${admin_user}  ${admin_password}  Administrator  ${true}
205    Redfish Create User   ${operator_user}  ${operator_password}  Operator  ${true}
206    Redfish Create User   ${readonly_user}  ${readonly_password}  ReadOnly  ${true}
207
208    Redfish Verify User   ${test_user}  ${test_password}  Operator
209    Redfish Verify User   ${admin_user}  ${admin_password}  Administrator
210    Redfish Verify User   ${operator_user}  ${operator_password}  Operator
211    Redfish Verify User   ${readonly_user}  ${readonly_password}  ReadOnly
212
213Redfish Verify User
214    [Documentation]  Verify Redfish user with given credentials.
215    [Arguments]   ${username}  ${password}  ${role_id}
216
217    # Description of argument(s):
218    # username            The username to be created.
219    # password            The password to be assigned.
220    # role_id             The role ID of the user to be created
221    #                     (e.g. "Administrator", "Operator", etc.).
222
223    Run Keyword And Ignore Error  Redfish.Logout
224    Redfish.Login  ${username}  ${password}
225
226    # Validate Role Id of user.
227    ${role_config}=  Redfish_Utils.Get Attribute
228    ...  /redfish/v1/AccountService/Accounts/${username}  RoleId
229    Should Be Equal  ${role_id}  ${role_config}
230    Redfish.Logout
231
232Delete Created Redfish Users Except Default Admin
233    [Documentation]  Delete the admin, patched, operator, readonly, and post users.
234
235    Redfish.Login
236    Run Keyword And Ignore Error  Redfish.Delete  ${REDFISH_ACCOUNTS_URI}${admin_user}
237    ...  valid_status_codes=[${HTTP_OK}]
238    Run Keyword And Ignore Error  Redfish.Delete  ${REDFISH_ACCOUNTS_URI}${patched_user}
239    ...  valid_status_codes=[${HTTP_OK}]
240    Run Keyword And Ignore Error  Redfish.Delete  ${REDFISH_ACCOUNTS_URI}${operator_user}
241    ...  valid_status_codes=[${HTTP_OK}]
242    Run Keyword And Ignore Error  Redfish.Delete  ${REDFISH_ACCOUNTS_URI}${readonly_user}
243    ...  valid_status_codes=[${HTTP_OK}]
244    Run Keyword And Ignore Error  Redfish.Delete  ${REDFISH_ACCOUNTS_URI}${post_user}
245    ...  valid_status_codes=[${HTTP_OK}]
246    Redfish.Logout
247