1*** Settings *** 2Documentation Script to test Redfish privilege registry with various users 3... such as test, admin, operator, readonly, patched. 4 5Resource ../../lib/resource.robot 6Resource ../../lib/bmc_redfish_resource.robot 7Resource ../../lib/openbmc_ffdc.robot 8Resource ../../lib/bmc_redfish_utils.robot 9 10Suite Setup Create And Verify Various Privilege Users 11Suite Teardown Delete Created Redfish Users Except Default Admin 12Test Teardown Redfish.Logout 13 14*** Variables *** 15 16${test_user} testuser 17${test_password} testpassword 18${admin_user} testadmin 19${admin_password} adminpassword 20${operator_user} testoperator 21${operator_password} operatorpassword 22${readonly_user} testreadonly 23${readonly_password} readonlypassword 24${patched_user} patchuser 25${post_user} postuser 26${post_password} postpassword 27${account_service} ${2} 28 29** Test Cases ** 30 31Verify Redfish Privilege Registry Properties 32 [Documentation] Verify the Redfish Privilege Registry properties. 33 [Tags] Verify_Redfish_Privilege_Registry_Properties 34 35 Redfish.Login 36 37 # Get the complete Privilege Registry URL 38 ${url}= Get Redfish Privilege Registry json URL 39 ${resp}= Redfish.Get ${url} 40 Should Be Equal As Strings ${resp.status} ${HTTP_OK} 41 42 # Verify the Privilege Registry Resource. 43 # Example: 44 # "Id": "Redfish_1.1.0_PrivilegeRegistry", 45 # "Name": "Privilege Mapping array collection", 46 # "PrivilegesUsed": [ 47 # "Login", 48 # "ConfigureManager", 49 # "ConfigureUsers", 50 # "ConfigureComponents", 51 # "ConfigureSelf" 52 # ], 53 54 Should Be Equal As Strings ${resp.dict["Id"]} Redfish_1.1.0_PrivilegeRegistry 55 Should Be Equal As Strings ${resp.dict["Name"]} Privilege Mapping array collection 56 Should Be Equal As Strings ${resp.dict["PrivilegesUsed"][0]} Login 57 Should Be Equal As Strings ${resp.dict["PrivilegesUsed"][1]} ConfigureManager 58 Should Be Equal As Strings ${resp.dict["PrivilegesUsed"][2]} ConfigureUsers 59 Should Be Equal As Strings ${resp.dict["PrivilegesUsed"][3]} ConfigureComponents 60 Should Be Equal As Strings ${resp.dict["PrivilegesUsed"][4]} ConfigureSelf 61 62Verify Redfish Privilege Registry Mappings Properties For Account Service 63 [Documentation] Verify Privilege Registry Account Service Mappings resource properties. 64 [Tags] Verify_Redfish_Privilege_Registry_Mappings_Properties_For_Account_Service 65 66 # Below is the mapping for Redfish Privilege Registry property for 67 # Account Service. 68 69 # "Mappings": [ 70 # { 71 # "Entity": "AccountService", 72 # "OperationMap": { 73 # "GET": [{ 74 # "Privilege": [ 75 # "Login" 76 # ]}], 77 # "HEAD": [{ 78 # "Privilege": [ 79 # "Login" 80 # ]}], 81 # "PATCH": [{ 82 # "Privilege": [ 83 # "ConfigureUsers" 84 # ]}], 85 # "PUT": [{ 86 # "Privilege": [ 87 # "ConfigureUsers" 88 # ]}], 89 # "DELETE": [{ 90 # "Privilege": [ 91 # "ConfigureUsers" 92 # ]}], 93 # "POST": [{ 94 # "Privilege": [ 95 # "ConfigureUsers" 96 # ]}]} 97 # } 98 99 # | ROLE NAME | ASSIGNED PRIVILEGES 100 # |---------------|-------------------- 101 # | Administrator | Login, ConfigureManager, ConfigureUsers, ConfigureComponents, ConfigureSelf. 102 # | Operator | Login, ConfigureComponents, ConfigureSelf. 103 # | ReadOnly | Login, ConfigureSelf. 104 105 # Get the complete Privilege Registry URL. 106 ${url}= Get Redfish Privilege Registry json URL 107 ${resp}= Redfish.Get ${url} 108 109 # Get mappings properties for Entity: Account Service. 110 @{mappings}= Get From Dictionary ${resp.dict} Mappings 111 112 Should Be Equal ${mappings[${account_service}]['OperationMap']['GET'][0]['Privilege'][0]} 113 ... Login 114 Should Be Equal ${mappings[${account_service}]['OperationMap']['HEAD'][0]['Privilege'][0]} 115 ... Login 116 Should Be Equal ${mappings[${account_service}]['OperationMap']['PATCH'][0]['Privilege'][0]} 117 ... ConfigureUsers 118 Should Be Equal ${mappings[${account_service}]['OperationMap']['PUT'][0]['Privilege'][0]} 119 ... ConfigureUsers 120 Should Be Equal ${mappings[${account_service}]['OperationMap']['DELETE'][0]['Privilege'][0]} 121 ... ConfigureUsers 122 Should Be Equal ${mappings[${account_service}]['OperationMap']['POST'][0]['Privilege'][0]} 123 ... ConfigureUsers 124 125Verify Admin User Privileges Via Redfish 126 [Documentation] Verify Admin user privileges via Redfish. 127 [Tags] Verify_Admin_User_Privileges_Via_Redfish 128 129 Redfish.Login ${admin_user} ${admin_password} 130 131 ${payload}= Create Dictionary 132 ... UserName=${post_user} Password=${post_password} RoleId=Operator Enabled=${true} 133 Redfish.Post ${REDFISH_ACCOUNTS_URI} body=&{payload} 134 ... valid_status_codes=[${HTTP_CREATED}] 135 136 ${data}= Create Dictionary UserName=${patched_user} 137 Redfish.patch ${REDFISH_ACCOUNTS_URI}${test_user} body=&{data} 138 ... valid_status_codes=[${HTTP_OK}, ${HTTP_NO_CONTENT}] 139 140 ${patched_user_name}= Redfish.Get Attribute ${REDFISH_ACCOUNTS_URI}${patched_user} UserName 141 Should Be Equal ${patched_user_name} ${patched_user} 142 143Verify Operator User Privileges Via Redfish 144 [Documentation] Verify Operator user privileges via Redfish. 145 [Tags] Verify_Operator_User_Privileges_Via_Redfish 146 147 Redfish.Login ${operator_user} ${operator_password} 148 149 ${payload}= Create Dictionary 150 ... UserName=${post_user} Password=${post_password} RoleId=Operator Enabled=${true} 151 Redfish.Post ${REDFISH_ACCOUNTS_URI} body=&{payload} 152 ... valid_status_codes=[${HTTP_FORBIDDEN}] 153 154 ${data}= Create Dictionary UserName=${patched_user} 155 Redfish.patch ${REDFISH_ACCOUNTS_URI}${test_user} body=&{data} 156 ... valid_status_codes=[${HTTP_FORBIDDEN}] 157 158 Redfish.Get ${REDFISH_ACCOUNTS_URI}${patched_user} 159 ... valid_status_codes=[${HTTP_FORBIDDEN}] 160 161 Redfish.Delete ${REDFISH_ACCOUNTS_URI}${patched_user} 162 ... valid_status_codes=[${HTTP_FORBIDDEN}] 163 164Verify ReadOnly User Privileges Via Redfish 165 [Documentation] Verify ReadOnly user privileges via Redfish. 166 [Tags] Verify_ReadOnly_User_Privileges_Via_Redfish 167 168 Redfish.Login ${readonly_user} ${readonly_password} 169 170 ${payload}= Create Dictionary 171 ... UserName=${post_user} Password=${post_password} RoleId=Operator Enabled=${true} 172 Redfish.Post ${REDFISH_ACCOUNTS_URI} body=&{payload} 173 ... valid_status_codes=[${HTTP_FORBIDDEN}] 174 175 ${data}= Create Dictionary UserName=${patched_user} 176 Redfish.patch ${REDFISH_ACCOUNTS_URI}${test_user} body=&{data} 177 ... valid_status_codes=[${HTTP_FORBIDDEN}] 178 179 Redfish.Get ${REDFISH_ACCOUNTS_URI}${patched_user} 180 ... valid_status_codes=[${HTTP_FORBIDDEN}] 181 182 Redfish.Delete ${REDFISH_ACCOUNTS_URI}${patched_user} 183 ... valid_status_codes=[${HTTP_FORBIDDEN}] 184 185 186*** Keywords *** 187 188Get Redfish Privilege Registry Json URL 189 [Documentation] Return the complete Privilege Registry Json URL. 190 191 # Get Privilege Registry version Json path in redfish. 192 # Example: Redfish_1.1.0_PrivilegeRegistry.json 193 194 ${resp}= Redfish.Get 195 ... /redfish/v1/Registries/PrivilegeRegistry/ 196 @{location}= Get From Dictionary ${resp.dict} Location 197 ${uri}= Set Variable ${location[0]['Uri']} 198 RETURN ${uri} 199 200Create And Verify Various Privilege Users 201 [Documentation] Create and verify admin, test, operator, and readonly users. 202 203 Redfish Create User ${test_user} ${test_password} Operator ${true} 204 Redfish Create User ${admin_user} ${admin_password} Administrator ${true} 205 Redfish Create User ${operator_user} ${operator_password} Operator ${true} 206 Redfish Create User ${readonly_user} ${readonly_password} ReadOnly ${true} 207 208 Redfish Verify User ${test_user} ${test_password} Operator 209 Redfish Verify User ${admin_user} ${admin_password} Administrator 210 Redfish Verify User ${operator_user} ${operator_password} Operator 211 Redfish Verify User ${readonly_user} ${readonly_password} ReadOnly 212 213Redfish Verify User 214 [Documentation] Verify Redfish user with given credentials. 215 [Arguments] ${username} ${password} ${role_id} 216 217 # Description of argument(s): 218 # username The username to be created. 219 # password The password to be assigned. 220 # role_id The role ID of the user to be created 221 # (e.g. "Administrator", "Operator", etc.). 222 223 Run Keyword And Ignore Error Redfish.Logout 224 Redfish.Login ${username} ${password} 225 226 # Validate Role Id of user. 227 ${role_config}= Redfish_Utils.Get Attribute 228 ... /redfish/v1/AccountService/Accounts/${username} RoleId 229 Should Be Equal ${role_id} ${role_config} 230 Redfish.Logout 231 232Delete Created Redfish Users Except Default Admin 233 [Documentation] Delete the admin, patched, operator, readonly, and post users. 234 235 Redfish.Login 236 Run Keyword And Ignore Error Redfish.Delete ${REDFISH_ACCOUNTS_URI}${admin_user} 237 ... valid_status_codes=[${HTTP_OK}] 238 Run Keyword And Ignore Error Redfish.Delete ${REDFISH_ACCOUNTS_URI}${patched_user} 239 ... valid_status_codes=[${HTTP_OK}] 240 Run Keyword And Ignore Error Redfish.Delete ${REDFISH_ACCOUNTS_URI}${operator_user} 241 ... valid_status_codes=[${HTTP_OK}] 242 Run Keyword And Ignore Error Redfish.Delete ${REDFISH_ACCOUNTS_URI}${readonly_user} 243 ... valid_status_codes=[${HTTP_OK}] 244 Run Keyword And Ignore Error Redfish.Delete ${REDFISH_ACCOUNTS_URI}${post_user} 245 ... valid_status_codes=[${HTTP_OK}] 246 Redfish.Logout 247