1*** Settings ***
2Documentation    Test Redfish user account.
3
4Resource         ../../lib/resource.robot
5Resource         ../../lib/bmc_redfish_resource.robot
6Resource         ../../lib/openbmc_ffdc.robot
7Resource         ../../lib/bmc_redfish_utils.robot
8
9Library          SSHLibrary
10
11Test Setup       Redfish.Login
12Test Teardown    Test Teardown Execution
13
14*** Variables ***
15
16${account_lockout_duration}   ${30}
17${account_lockout_threshold}  ${3}
18
19** Test Cases **
20
21Verify AccountService Available
22    [Documentation]  Verify Redfish account service is available.
23    [Tags]  Verify_AccountService_Available
24
25    ${resp} =  Redfish_utils.Get Attribute  /redfish/v1/AccountService  ServiceEnabled
26    Should Be Equal As Strings  ${resp}  ${True}
27
28
29Verify Redfish Admin User Persistence After Reboot
30    [Documentation]  Verify Redfish admin user persistence after reboot.
31    [Tags]  Verify_Redfish_Admin_User_Persistence_After_Reboot
32    [Setup]  Run Keywords  Redfish.Login  AND
33    ...  Redfish Create User  admin_user  TestPwd123  Administrator  ${True}
34    [Teardown]  Run Keywords  Redfish.Delete  /redfish/v1/AccountService/Accounts/admin_user
35    ...  AND  Test Teardown Execution
36
37    # Reboot BMC.
38    Redfish OBMC Reboot (off)  stack_mode=normal
39
40    # Verify users after reboot.
41    Redfish Verify User  admin_user     TestPwd123  Administrator   ${True}
42
43
44Verify Redfish Operator User Persistence After Reboot
45    [Documentation]  Verify Redfish operator user persistence after reboot.
46    [Tags]  Verify_Redfish_Operator_User_Persistence_After_Reboot
47    [Setup]  Run Keywords  Redfish.Login  AND
48    ...  Redfish Create User  operator_user  TestPwd123  Operator  ${True}
49    [Teardown]  Run Keywords  Redfish.Delete  /redfish/v1/AccountService/Accounts/operator_user
50    ...  AND  Test Teardown Execution
51
52    # Reboot BMC.
53    Redfish OBMC Reboot (off)  stack_mode=normal
54
55    # Verify users after reboot.
56    Redfish Verify User  operator_user  TestPwd123  Operator        ${True}
57
58
59Verify Redfish Readonly User Persistence After Reboot
60    [Documentation]  Verify Redfish readonly user persistence after reboot.
61    [Tags]  Verify_Redfish_Readonly_User_Persistence_After_Reboot
62    [Setup]  Run Keywords  Redfish.Login  AND
63    ...  Redfish Create User  readonly_user  TestPwd123  ReadOnly  ${True}
64    [Teardown]  Run Keywords  Redfish.Delete  /redfish/v1/AccountService/Accounts/readonly_user
65    ...  AND  Test Teardown Execution
66
67    # Reboot BMC.
68    Redfish OBMC Reboot (off)  stack_mode=normal
69
70    # Verify users after reboot.
71    Redfish Verify User  readonly_user  TestPwd123  ReadOnly        ${True}
72
73
74Redfish Create and Verify Admin User
75    [Documentation]  Create a Redfish user with administrator role and verify.
76    [Tags]  Redfish_Create_and_Verify_Admin_User
77    [Template]  Redfish Create And Verify User
78
79    #username      password    role_id         enabled
80    admin_user     TestPwd123  Administrator   ${True}
81
82
83Redfish Create and Verify Operator User
84    [Documentation]  Create a Redfish user with operator role and verify.
85    [Tags]  Redfish_Create_and_Verify_Operator_User
86    [Template]  Redfish Create And Verify User
87
88    #username      password    role_id         enabled
89    operator_user  TestPwd123  Operator        ${True}
90
91
92Redfish Create and Verify Readonly User
93    [Documentation]  Create a Redfish user with readonly role and verify.
94    [Tags]  Redfish_Create_and_Verify_Readonly_User
95    [Template]  Redfish Create And Verify User
96
97    #username      password    role_id         enabled
98    readonly_user  TestPwd123  ReadOnly        ${True}
99
100
101Verify Redfish Admin User With Wrong Password
102    [Documentation]  Verify Redfish admin user with wrong password.
103    [Tags]  Verify_Redfish_Admin_User_With_Wrong_Password
104    [Template]  Verify Redfish User with Wrong Password
105
106    #username      password    role_id         enabled  wrong_password
107    admin_user     TestPwd123  Administrator   ${True}  alskjhfwurh
108
109
110Verify Redfish Operator User with Wrong Password
111    [Documentation]  Verify Redfish operator user with wrong password.
112    [Tags]  Verify_Redfish_Operator_User_with_Wrong_Password
113    [Template]  Verify Redfish User with Wrong Password
114
115    #username      password    role_id         enabled  wrong_password
116    operator_user  TestPwd123  Operator        ${True}  12j8a8uakjhdaosiruf024
117
118
119Verify Redfish Readonly User With Wrong Password
120    [Documentation]  Verify Redfish readonly user with wrong password.
121    [Tags]  Verify_Redfish_Readonly_User_With_Wrong_Password
122    [Template]  Verify Redfish User with Wrong Password
123
124    #username      password    role_id         enabled  wrong_password
125    readonly_user  TestPwd123  ReadOnly        ${True}  12
126
127
128Verify Login with Deleted Redfish Admin User
129    [Documentation]  Verify login with deleted Redfish admin user.
130    [Tags]  Verify_Login_with_Deleted_Redfish_Admin_User
131    [Template]  Verify Login with Deleted Redfish User
132
133    #username     password    role_id         enabled
134    admin_user     TestPwd123  Administrator   ${True}
135
136
137Verify Login with Deleted Redfish Operator User
138    [Documentation]  Verify login with deleted Redfish operator user.
139    [Tags]  Verify_Login_with_Deleted_Redfish_Operator_User
140    [Template]  Verify Login with Deleted Redfish User
141
142    #username     password    role_id         enabled
143    operator_user  TestPwd123  Operator        ${True}
144
145
146Verify Login with Deleted Redfish Readonly User
147    [Documentation]  Verify login with deleted Redfish readonly user.
148    [Tags]  Verify_Login_with_Deleted_Redfish_Readonly_User
149    [Template]  Verify Login with Deleted Redfish User
150
151    #username     password    role_id         enabled
152    readonly_user  TestPwd123  ReadOnly        ${True}
153
154
155Verify Admin User Creation Without Enabling It
156    [Documentation]  Verify admin user creation without enabling it.
157    [Tags]  Verify_Admin_User_Creation_Without_Enabling_It
158    [Template]  Verify Create User Without Enabling
159
160    #username      password    role_id         enabled
161    admin_user     TestPwd123  Administrator   ${False}
162
163
164Verify Operator User Creation Without Enabling It
165    [Documentation]  Verify operator user creation without enabling it.
166    [Tags]  Verify_Operator_User_Creation_Without_Enabling_It
167    [Template]  Verify Create User Without Enabling
168
169    #username      password    role_id         enabled
170    operator_user  TestPwd123  Operator        ${False}
171
172
173Verify Readonly User Creation Without Enabling It
174    [Documentation]  Verify readonly user creation without enabling it.
175    [Tags]  Verify_Readonly_User_Creation_Without_Enabling_It
176    [Template]  Verify Create User Without Enabling
177
178    #username      password    role_id         enabled
179    readonly_user  TestPwd123  ReadOnly        ${False}
180
181
182Verify User Creation With Invalid Role Id
183    [Documentation]  Verify user creation with invalid role ID.
184    [Tags]  Verify_User_Creation_With_Invalid_Role_Id
185
186    # Make sure the user account in question does not already exist.
187    Redfish.Delete  /redfish/v1/AccountService/Accounts/test_user
188    ...  valid_status_codes=[${HTTP_OK}, ${HTTP_NOT_FOUND}]
189
190    # Create specified user.
191    ${payload}=  Create Dictionary
192    ...  UserName=test_user  Password=TestPwd123  RoleId=wrongroleid  Enabled=${True}
193    Redfish.Post  /redfish/v1/AccountService/Accounts/  body=&{payload}
194    ...  valid_status_codes=[${HTTP_BAD_REQUEST}]
195
196Verify Error Upon Creating Same Users With Different Privileges
197    [Documentation]  Verify error upon creating same users with different privileges.
198    [Tags]  Verify_Error_Upon_Creating_Same_Users_With_Different_Privileges
199
200    Redfish Create User  test_user  TestPwd123  Administrator  ${True}
201
202    # Create specified user.
203    ${payload}=  Create Dictionary
204    ...  UserName=test_user  Password=TestPwd123  RoleId=Operator  Enabled=${True}
205    Redfish.Post  /redfish/v1/AccountService/Accounts/  body=&{payload}
206    ...  valid_status_codes=[${HTTP_BAD_REQUEST}]
207
208    Redfish.Delete  /redfish/v1/AccountService/Accounts/test_user
209
210
211Verify Modifying User Attributes
212    [Documentation]  Verify modifying user attributes.
213    [Tags]  Verify_Modifying_User_Attributes
214
215    # Create Redfish users.
216    Redfish Create User  admin_user     TestPwd123  Administrator   ${True}
217    Redfish Create User  readonly_user  TestPwd123  ReadOnly        ${True}
218
219    # Make sure the new user account does not already exist.
220    Redfish.Delete  /redfish/v1/AccountService/Accounts/newadmin_user
221    ...  valid_status_codes=[${HTTP_OK}, ${HTTP_NOT_FOUND}]
222
223    # Update admin_user username using Redfish.
224    ${payload}=  Create Dictionary  UserName=newadmin_user
225    Redfish.Patch  /redfish/v1/AccountService/Accounts/admin_user  body=&{payload}
226
227    # Update readonly_user role using Redfish.
228    ${payload}=  Create Dictionary  RoleId=Administrator
229    Redfish.Patch  /redfish/v1/AccountService/Accounts/readonly_user  body=&{payload}
230
231    # Verify users after updating
232    Redfish Verify User  newadmin_user  TestPwd123     Administrator   ${True}
233    Redfish Verify User  readonly_user  TestPwd123     Administrator   ${True}
234
235    # Delete created users.
236    Redfish.Delete  /redfish/v1/AccountService/Accounts/newadmin_user
237    Redfish.Delete  /redfish/v1/AccountService/Accounts/readonly_user
238
239
240Verify Modifying Operator User Attributes
241    [Documentation]  Verify modifying operator user attributes.
242    [Tags]  Verify_Modifying_Operator_User_Attributes
243    [Setup]  Run Keywords  Redfish.Login  AND
244    ...  Redfish Create User  operator_user  TestPwd123  Operator  ${True}
245    [Teardown]  Run Keywords  Redfish.Delete  /redfish/v1/AccountService/Accounts/operator_user
246    ...  AND  Test Teardown Execution
247
248    # Update operator_user password using Redfish.
249    ${payload}=  Create Dictionary  Password=NewTestPwd123
250    Redfish.Patch  /redfish/v1/AccountService/Accounts/operator_user  body=&{payload}
251
252    # Verify users after updating
253    Redfish Verify User  operator_user  NewTestPwd123  Operator        ${True}
254
255
256Verify User Account Locked
257    [Documentation]  Verify user account locked upon trying with invalid password.
258    [Tags]  Verify_User_Account_Locked
259
260    Redfish Create User  admin_user  TestPwd123  Administrator   ${True}
261
262    ${payload}=  Create Dictionary  AccountLockoutThreshold=${account_lockout_threshold}
263    ...  AccountLockoutDuration=${account_lockout_duration}
264    Redfish.Patch  ${REDFISH_ACCOUNTS_SERVICE_URI}  body=${payload}
265
266    Redfish.Logout
267
268    # Make ${account_lockout_threshold} failed login attempts.
269    Repeat Keyword  ${account_lockout_threshold} times
270    ...  Run Keyword And Expect Error  InvalidCredentialsError*  Redfish.Login  admin_user  abc123
271
272    # Verify that legitimate login fails due to lockout.
273    Run Keyword And Expect Error  InvalidCredentialsError*
274    ...  Redfish.Login  admin_user  TestPwd123
275
276    # Wait for lockout duration to expire and then verify that login works.
277    Sleep  ${account_lockout_duration}s
278    Redfish.Login  admin_user  TestPwd123
279
280    Redfish.Logout
281
282    Redfish.Login
283
284    Redfish.Delete  /redfish/v1/AccountService/Accounts/admin_user
285
286Verify Admin User Privilege
287    [Documentation]  Verify admin user privilege.
288    [Tags]  Verify_Admin_User_Privilege
289
290    Redfish Create User  admin_user  TestPwd123  Administrator  ${True}
291    Redfish Create User  operator_user  TestPwd123  Operator  ${True}
292    Redfish Create User  readonly_user  TestPwd123  ReadOnly  ${True}
293
294    Redfish.Logout
295
296    # Change role ID of operator user with admin user.
297    # Login with admin user.
298    Redfish.Login  admin_user  TestPwd123
299
300    # Modify Role ID of Operator user.
301    Redfish.Patch  /redfish/v1/AccountService/Accounts/operator_user  body={'RoleId': 'Administrator'}
302
303    # Verify modified user.
304    Redfish Verify User  operator_user  TestPwd123  Administrator  ${True}
305
306    Redfish.Logout
307    Redfish.Login  admin_user  TestPwd123
308
309    # Change password of 'user' user with admin user.
310    Redfish.Patch  /redfish/v1/AccountService/Accounts/readonly_user  body={'Password': 'NewTestPwd123'}
311
312    # Verify modified user.
313    Redfish Verify User  readonly_user  NewTestPwd123  ReadOnly  ${True}
314
315    Redfish.Delete  /redfish/v1/AccountService/Accounts/admin_user
316    Redfish.Delete  /redfish/v1/AccountService/Accounts/operator_user
317    Redfish.Delete  /redfish/v1/AccountService/Accounts/readonly_user
318
319Verify Operator User Privilege
320    [Documentation]  Verify operator user privilege.
321    [Tags]  Verify_Operator_User_Privilege
322
323    Redfish Create User  admin_user  TestPwd123  Administrator  ${True}
324    Redfish Create User  operator_user  TestPwd123  Operator  ${True}
325
326    Redfish.Logout
327    # Login with operator user.
328    Redfish.Login  operator_user  TestPwd123
329
330    # Verify BMC reset.
331    Run Keyword And Expect Error  ValueError*  Redfish BMC Reset Operation
332
333    # Attempt to change password of admin user with operator user.
334    Redfish.Patch  /redfish/v1/AccountService/Accounts/admin_user  body={'Password': 'NewTestPwd123'}
335    ...  valid_status_codes=[${HTTP_FORBIDDEN}]
336
337    Redfish.Logout
338
339    Redfish.Login
340
341    Redfish.Delete  /redfish/v1/AccountService/Accounts/admin_user
342    Redfish.Delete  /redfish/v1/AccountService/Accounts/operator_user
343
344
345Verify ReadOnly User Privilege
346    [Documentation]  Verify ReadOnly user privilege.
347    [Tags]  Verify_ReadOnly_User_Privilege
348
349    Redfish Create User  readonly_user  TestPwd123  ReadOnly  ${True}
350    Redfish.Logout
351
352    # Login with read_only user.
353    Redfish.Login  readonly_user  TestPwd123
354
355    # Read system level data.
356    ${system_model}=  Redfish_Utils.Get Attribute
357    ...  ${SYSTEM_BASE_URI}  Model
358
359    Redfish.Logout
360    Redfish.Login
361    Redfish.Delete  ${REDFISH_ACCOUNTS_URI}readonly_user
362
363
364Verify Minimum Password Length For Redfish User
365    [Documentation]  Verify minimum password length for new and existing user.
366    [Tags]  Verify_Minimum_Password_Length_For_Redfish_User
367
368    ${user_name}=  Set Variable  testUser
369
370    # Make sure the user account in question does not already exist.
371    Redfish.Delete  /redfish/v1/AccountService/Accounts/${user_name}
372    ...  valid_status_codes=[${HTTP_OK}, ${HTTP_NOT_FOUND}]
373
374    # Try to create a user with invalid length password.
375    ${payload}=  Create Dictionary
376    ...  UserName=${user_name}  Password=UserPwd  RoleId=Administrator  Enabled=${True}
377    Redfish.Post  /redfish/v1/AccountService/Accounts/  body=&{payload}
378    ...  valid_status_codes=[${HTTP_BAD_REQUEST}]
379
380    # Create specified user with valid length password.
381    Set To Dictionary  ${payload}  Password  UserPwd1
382    Redfish.Post  /redfish/v1/AccountService/Accounts/  body=&{payload}
383    ...  valid_status_codes=[${HTTP_CREATED}]
384
385    # Try to change to an invalid password.
386    Redfish.Patch  /redfish/v1/AccountService/Accounts/${user_name}  body={'Password': 'UserPwd'}
387    ...  valid_status_codes=[${HTTP_BAD_REQUEST}]
388
389    # Change to a valid password.
390    Redfish.Patch  /redfish/v1/AccountService/Accounts/${user_name}  body={'Password': 'UserPwd1'}
391
392    # Verify login.
393    Redfish.Logout
394    Redfish.Login  ${user_name}  UserPwd1
395    Redfish.Logout
396    Redfish.Login
397    Redfish.Delete  /redfish/v1/AccountService/Accounts/${user_name}
398
399
400Verify Standard User Roles Defined By Redfish
401    [Documentation]  Verify standard user roles defined by Redfish.
402    [Tags]  Verify_Standard_User_Roles_Defined_By_Redfish
403
404    ${member_list}=  Redfish_Utils.Get Member List
405    ...  /redfish/v1/AccountService/Roles
406
407    @{roles}=  Create List
408    ...  /redfish/v1/AccountService/Roles/Administrator
409    ...  /redfish/v1/AccountService/Roles/Operator
410    ...  /redfish/v1/AccountService/Roles/ReadOnly
411
412    List Should Contain Sub List  ${member_list}  ${roles}
413
414    # The standard roles are:
415
416    # | Role name | Assigned privileges |
417    # | Administrator | Login, ConfigureManager, ConfigureUsers, ConfigureComponents, ConfigureSelf |
418    # | Operator | Login, ConfigureComponents, ConfigureSelf |
419    # | ReadOnly | Login, ConfigureSelf |
420
421    @{admin}=  Create List  Login  ConfigureManager  ConfigureUsers  ConfigureComponents  ConfigureSelf
422    @{operator}=  Create List  Login  ConfigureComponents  ConfigureSelf
423    @{readOnly}=  Create List  Login  ConfigureSelf
424
425    ${roles_dict}=  create dictionary  admin_privileges=${admin}  operator_privileges=${operator}
426    ...  readOnly_privileges=${readOnly}
427
428    ${resp}=  redfish.Get  /redfish/v1/AccountService/Roles/Administrator
429    List Should Contain Sub List  ${resp.dict['AssignedPrivileges']}  ${roles_dict['admin_privileges']}
430
431    ${resp}=  redfish.Get  /redfish/v1/AccountService/Roles/Operator
432    List Should Contain Sub List  ${resp.dict['AssignedPrivileges']}  ${roles_dict['operator_privileges']}
433
434    ${resp}=  redfish.Get  /redfish/v1/AccountService/Roles/ReadOnly
435    List Should Contain Sub List  ${resp.dict['AssignedPrivileges']}  ${roles_dict['readOnly_privileges']}
436
437
438Verify Error While Deleting Root User
439    [Documentation]  Verify error while deleting root user.
440    [Tags]  Verify_Error_While_Deleting_Root_User
441
442    Redfish.Delete  /redfish/v1/AccountService/Accounts/root  valid_status_codes=[${HTTP_FORBIDDEN}]
443
444
445Verify SSH Login Access With Admin User
446    [Documentation]  Verify that admin user does not have SSH login access.
447    [Tags]  Verify_SSH_Login_Access_With_Admin_User
448
449    # Create an admin User.
450    Redfish Create User  new_admin  TestPwd1  Administrator  ${True}
451
452    # Attempt SSH login with admin user.
453    SSHLibrary.Open Connection  ${OPENBMC_HOST}
454    ${status}=  Run Keyword And Return Status  SSHLibrary.Login  new_admin  TestPwd1
455    Should Be Equal  ${status}  ${False}
456
457
458*** Keywords ***
459
460Test Teardown Execution
461    [Documentation]  Do the post test teardown.
462
463    Run Keyword And Ignore Error  Redfish.Logout
464    FFDC On Test Case Fail
465
466
467Redfish Create User
468    [Documentation]  Redfish create user.
469    [Arguments]   ${username}  ${password}  ${role_id}  ${enabled}  ${login_check}=${True}
470
471    # Description of argument(s):
472    # username            The username to be created.
473    # password            The password to be assigned.
474    # role_id             The role ID of the user to be created
475    #                     (e.g. "Administrator", "Operator", etc.).
476    # enabled             Indicates whether the username being created
477    #                     should be enabled (${True}, ${False}).
478    # login_check         Checks user login for created user.
479    #                     (e.g. ${True}, ${False}).
480
481    # Make sure the user account in question does not already exist.
482    Redfish.Delete  /redfish/v1/AccountService/Accounts/${userName}
483    ...  valid_status_codes=[${HTTP_OK}, ${HTTP_NOT_FOUND}]
484
485    # Create specified user.
486    ${payload}=  Create Dictionary
487    ...  UserName=${username}  Password=${password}  RoleId=${role_id}  Enabled=${enabled}
488    Redfish.Post  /redfish/v1/AccountService/Accounts/  body=&{payload}
489    ...  valid_status_codes=[${HTTP_CREATED}]
490
491    # Resetting faillock count as a workaround for issue
492    # openbmc/phosphor-user-manager#4
493    ${cmd}=  Catenate  test -f /usr/sbin/faillock && /usr/sbin/faillock --user USER --reset
494    ...  || /usr/sbin/pam_tally2 -u ${username} --reset
495    Bmc Execute Command  ${cmd}
496
497    # Verify login with created user.
498    ${status}=  Run Keyword If  '${login_check}' == '${True}'
499    ...  Verify Redfish User Login  ${username}  ${password}
500    Run Keyword If  '${login_check}' == '${True}'  Should Be Equal  ${status}  ${enabled}
501
502    # Validate Role ID of created user.
503    ${role_config}=  Redfish_Utils.Get Attribute
504    ...  /redfish/v1/AccountService/Accounts/${username}  RoleId
505    Should Be Equal  ${role_id}  ${role_config}
506
507
508Redfish Verify User
509    [Documentation]  Redfish user verification.
510    [Arguments]   ${username}  ${password}  ${role_id}  ${enabled}
511
512    # Description of argument(s):
513    # username            The username to be created.
514    # password            The password to be assigned.
515    # role_id             The role ID of the user to be created
516    #                     (e.g. "Administrator", "Operator", etc.).
517    # enabled             Indicates whether the username being created
518    #                     should be enabled (${True}, ${False}).
519
520    ${status}=  Verify Redfish User Login  ${username}  ${password}
521    # Doing a check of the returned status.
522    Should Be Equal  ${status}  ${enabled}
523
524    # Validate Role Id of user.
525    ${role_config}=  Redfish_Utils.Get Attribute
526    ...  /redfish/v1/AccountService/Accounts/${username}  RoleId
527    Should Be Equal  ${role_id}  ${role_config}
528
529
530Verify Redfish User Login
531    [Documentation]  Verify Redfish login with given user id.
532    [Teardown]  Run Keywords  Run Keyword And Ignore Error  Redfish.Logout  AND  Redfish.Login
533    [Arguments]   ${username}  ${password}
534
535    # Description of argument(s):
536    # username            Login username.
537    # password            Login password.
538
539    # Logout from current Redfish session.
540    # We don't really care if the current session is flushed out since we are going to login
541    # with new credential in next.
542    Run Keyword And Ignore Error  Redfish.Logout
543
544    ${status}=  Run Keyword And Return Status  Redfish.Login  ${username}  ${password}
545    [Return]  ${status}
546
547
548Redfish Create And Verify User
549    [Documentation]  Redfish create and verify user.
550    [Arguments]   ${username}  ${password}  ${role_id}  ${enabled}
551
552    # Description of argument(s):
553    # username            The username to be created.
554    # password            The password to be assigned.
555    # role_id             The role ID of the user to be created
556    #                     (e.g. "Administrator", "Operator", etc.).
557    # enabled             Indicates whether the username being created
558    #                     should be enabled (${True}, ${False}).
559
560    # Example:
561    #{
562    #"@odata.context": "/redfish/v1/$metadata#ManagerAccount.ManagerAccount",
563    #"@odata.id": "/redfish/v1/AccountService/Accounts/test1",
564    #"@odata.type": "#ManagerAccount.v1_0_3.ManagerAccount",
565    #"Description": "User Account",
566    #"Enabled": true,
567    #"Id": "test1",
568    #"Links": {
569    #  "Role": {
570    #    "@odata.id": "/redfish/v1/AccountService/Roles/Administrator"
571    #  }
572    #},
573
574    Redfish Create User  ${username}  ${password}  ${role_id}  ${enabled}
575
576    Redfish Verify User  ${username}  ${password}  ${role_id}  ${enabled}
577
578    # Delete Specified User
579    Redfish.Delete  /redfish/v1/AccountService/Accounts/${username}
580
581Verify Redfish User with Wrong Password
582    [Documentation]  Verify Redfish User with Wrong Password.
583    [Arguments]   ${username}  ${password}  ${role_id}  ${enabled}  ${wrong_password}
584
585    # Description of argument(s):
586    # username            The username to be created.
587    # password            The password to be assigned.
588    # role_id             The role ID of the user to be created
589    #                     (e.g. "Administrator", "Operator", etc.).
590    # enabled             Indicates whether the username being created
591    #                     should be enabled (${True}, ${False}).
592    # wrong_password      Any invalid password.
593
594    Redfish Create User  ${username}  ${password}  ${role_id}  ${enabled}
595
596    Redfish.Logout
597
598    # Attempt to login with created user with invalid password.
599    Run Keyword And Expect Error  InvalidCredentialsError*
600    ...  Redfish.Login  ${username}  ${wrong_password}
601
602    Redfish.Login
603
604    # Delete newly created user.
605    Redfish.Delete  /redfish/v1/AccountService/Accounts/${username}
606
607
608Verify Login with Deleted Redfish User
609    [Documentation]  Verify Login with Deleted Redfish User.
610    [Arguments]   ${username}  ${password}  ${role_id}  ${enabled}
611
612    # Description of argument(s):
613    # username            The username to be created.
614    # password            The password to be assigned.
615    # role_id             The role ID of the user to be created
616    #                     (e.g. "Administrator", "Operator", etc.).
617    # enabled             Indicates whether the username being created
618    #                     should be enabled (${True}, ${False}).
619
620    Redfish Create User  ${username}  ${password}  ${role_id}  ${enabled}
621
622    # Delete newly created user.
623    Redfish.Delete  /redfish/v1/AccountService/Accounts/${userName}
624
625    Redfish.Logout
626
627    # Attempt to login with deleted user account.
628    Run Keyword And Expect Error  InvalidCredentialsError*
629    ...  Redfish.Login  ${username}  ${password}
630
631    Redfish.Login
632
633
634Verify Create User Without Enabling
635    [Documentation]  Verify Create User Without Enabling.
636    [Arguments]   ${username}  ${password}  ${role_id}  ${enabled}
637
638    # Description of argument(s):
639    # username            The username to be created.
640    # password            The password to be assigned.
641    # role_id             The role ID of the user to be created
642    #                     (e.g. "Administrator", "Operator", etc.).
643    # enabled             Indicates whether the username being created
644    #                     should be enabled (${True}, ${False}).
645
646    Redfish Create User  ${username}  ${password}  ${role_id}  ${enabled}  ${False}
647
648    Redfish.Logout
649
650    # Login with created user.
651    Run Keyword And Expect Error  InvalidCredentialsError*
652    ...  Redfish.Login  ${username}  ${password}
653
654    Redfish.Login
655
656    # Delete newly created user.
657    Redfish.Delete  /redfish/v1/AccountService/Accounts/${username}
658
659