1*** Settings *** 2Documentation Test Redfish user account. 3 4Resource ../../lib/resource.robot 5Resource ../../lib/bmc_redfish_resource.robot 6Resource ../../lib/openbmc_ffdc.robot 7Resource ../../lib/bmc_redfish_utils.robot 8 9Test Setup Redfish.Login 10Test Teardown Test Teardown Execution 11 12*** Variables *** 13 14${account_lockout_duration} ${30} 15${account_lockout_threshold} ${3} 16 17** Test Cases ** 18 19Verify AccountService Available 20 [Documentation] Verify Redfish account service is available. 21 [Tags] Verify_AccountService_Available 22 23 ${resp} = Redfish_utils.Get Attribute /redfish/v1/AccountService ServiceEnabled 24 Should Be Equal As Strings ${resp} ${True} 25 26Verify Redfish User Persistence After Reboot 27 [Documentation] Verify Redfish user persistence after reboot. 28 [Tags] Verify_Redfish_User_Persistence_After_Reboot 29 30 # Create Redfish users. 31 Redfish Create User admin_user TestPwd123 Administrator ${True} 32 Redfish Create User operator_user TestPwd123 Operator ${True} 33 Redfish Create User readonly_user TestPwd123 ReadOnly ${True} 34 35 # Reboot BMC. 36 Redfish OBMC Reboot (off) stack_mode=normal 37 38 # Verify users after reboot. 39 Redfish Verify User admin_user TestPwd123 Administrator ${True} 40 Redfish Verify User operator_user TestPwd123 Operator ${True} 41 Redfish Verify User readonly_user TestPwd123 ReadOnly ${True} 42 43 # Delete created users. 44 Redfish.Delete /redfish/v1/AccountService/Accounts/admin_user 45 Redfish.Delete /redfish/v1/AccountService/Accounts/operator_user 46 Redfish.Delete /redfish/v1/AccountService/Accounts/readonly_user 47 48Redfish Create and Verify Users 49 [Documentation] Create Redfish users with various roles. 50 [Tags] Redfish_Create_and_Verify_Users 51 [Template] Redfish Create And Verify User 52 53 #username password role_id enabled 54 admin_user TestPwd123 Administrator ${True} 55 operator_user TestPwd123 Operator ${True} 56 readonly_user TestPwd123 ReadOnly ${True} 57 58Verify Redfish User with Wrong Password 59 [Documentation] Verify Redfish User with Wrong Password. 60 [Tags] Verify_Redfish_User_with_Wrong_Password 61 [Template] Verify Redfish User with Wrong Password 62 63 #username password role_id enabled wrong_password 64 admin_user TestPwd123 Administrator ${True} alskjhfwurh 65 operator_user TestPwd123 Operator ${True} 12j8a8uakjhdaosiruf024 66 readonly_user TestPwd123 ReadOnly ${True} 12 67 68Verify Login with Deleted Redfish Users 69 [Documentation] Verify login with deleted Redfish Users. 70 [Tags] Verify_Login_with_Deleted_Redfish_Users 71 [Template] Verify Login with Deleted Redfish User 72 73 #username password role_id enabled 74 admin_user TestPwd123 Administrator ${True} 75 operator_user TestPwd123 Operator ${True} 76 readonly_user TestPwd123 ReadOnly ${True} 77 78Verify User Creation Without Enabling It 79 [Documentation] Verify User Creation Without Enabling it. 80 [Tags] Verify_User_Creation_Without_Enabling_It 81 [Template] Verify Create User Without Enabling 82 83 #username password role_id enabled 84 admin_user TestPwd123 Administrator ${False} 85 operator_user TestPwd123 Operator ${False} 86 readonly_user TestPwd123 ReadOnly ${False} 87 88Verify User Creation With Invalid Role Id 89 [Documentation] Verify user creation with invalid role ID. 90 [Tags] Verify_User_Creation_With_Invalid_Role_Id 91 92 # Make sure the user account in question does not already exist. 93 Redfish.Delete /redfish/v1/AccountService/Accounts/test_user 94 ... valid_status_codes=[${HTTP_OK}, ${HTTP_NOT_FOUND}] 95 96 # Create specified user. 97 ${payload}= Create Dictionary 98 ... UserName=test_user Password=TestPwd123 RoleId=wrongroleid Enabled=${True} 99 Redfish.Post /redfish/v1/AccountService/Accounts/ body=&{payload} 100 ... valid_status_codes=[${HTTP_BAD_REQUEST}] 101 102Verify Error Upon Creating Same Users With Different Privileges 103 [Documentation] Verify error upon creating same users with different privileges. 104 [Tags] Verify_Error_Upon_Creating_Same_Users_With_Different_Privileges 105 106 Redfish Create User test_user TestPwd123 Administrator ${True} 107 108 # Create specified user. 109 ${payload}= Create Dictionary 110 ... UserName=test_user Password=TestPwd123 RoleId=Operator Enabled=${True} 111 Redfish.Post /redfish/v1/AccountService/Accounts/ body=&{payload} 112 ... valid_status_codes=[${HTTP_BAD_REQUEST}] 113 114 Redfish.Delete /redfish/v1/AccountService/Accounts/test_user 115 116Verify Modifying User Attributes 117 [Documentation] Verify modifying user attributes. 118 [Tags] Verify_Modifying_User_Attributes 119 120 # Create Redfish users. 121 Redfish Create User admin_user TestPwd123 Administrator ${True} 122 Redfish Create User operator_user TestPwd123 Operator ${True} 123 Redfish Create User readonly_user TestPwd123 ReadOnly ${True} 124 125 # Make sure the new user account does not already exist. 126 Redfish.Delete /redfish/v1/AccountService/Accounts/newadmin_user 127 ... valid_status_codes=[${HTTP_OK}, ${HTTP_NOT_FOUND}] 128 129 # Update admin_user username using Redfish. 130 ${payload}= Create Dictionary UserName=newadmin_user 131 Redfish.Patch /redfish/v1/AccountService/Accounts/admin_user body=&{payload} 132 133 # Update operator_user password using Redfish. 134 ${payload}= Create Dictionary Password=NewTestPwd123 135 Redfish.Patch /redfish/v1/AccountService/Accounts/operator_user body=&{payload} 136 137 # Update readonly_user role using Redfish. 138 ${payload}= Create Dictionary RoleId=Operator 139 Redfish.Patch /redfish/v1/AccountService/Accounts/readonly_user body=&{payload} 140 141 # Verify users after updating 142 Redfish Verify User newadmin_user TestPwd123 Administrator ${True} 143 Redfish Verify User operator_user NewTestPwd123 Operator ${True} 144 Redfish Verify User readonly_user TestPwd123 Operator ${True} 145 146 # Delete created users. 147 Redfish.Delete /redfish/v1/AccountService/Accounts/newadmin_user 148 Redfish.Delete /redfish/v1/AccountService/Accounts/operator_user 149 Redfish.Delete /redfish/v1/AccountService/Accounts/readonly_user 150 151Verify User Account Locked 152 [Documentation] Verify user account locked upon trying with invalid password. 153 [Tags] Verify_User_Account_Locked 154 155 Redfish Create User admin_user TestPwd123 Administrator ${True} 156 157 ${payload}= Create Dictionary AccountLockoutThreshold=${account_lockout_threshold} 158 ... AccountLockoutDuration=${account_lockout_duration} 159 Redfish.Patch ${REDFISH_ACCOUNTS_SERVICE_URI} body=${payload} 160 161 Redfish.Logout 162 163 # Make ${account_lockout_threshold} failed login attempts. 164 Repeat Keyword ${account_lockout_threshold} times 165 ... Run Keyword And Expect Error InvalidCredentialsError* Redfish.Login admin_user abc123 166 167 # Verify that legitimate login fails due to lockout. 168 Run Keyword And Expect Error InvalidCredentialsError* 169 ... Redfish.Login admin_user TestPwd123 170 171 # Wait for lockout duration to expire and then verify that login works. 172 Sleep ${account_lockout_duration}s 173 Redfish.Login admin_user TestPwd123 174 175 Redfish.Logout 176 177 Redfish.Login 178 179 Redfish.Delete /redfish/v1/AccountService/Accounts/admin_user 180 181Verify Admin User Privilege 182 [Documentation] Verify admin user privilege. 183 [Tags] Verify_Admin_User_Privilege 184 185 Redfish Create User admin_user TestPwd123 Administrator ${True} 186 Redfish Create User operator_user TestPwd123 Operator ${True} 187 Redfish Create User readonly_user TestPwd123 ReadOnly ${True} 188 189 Redfish.Logout 190 191 # Change role ID of operator user with admin user. 192 # Login with admin user. 193 Redfish.Login admin_user TestPwd123 194 195 # Modify Role ID of Operator user. 196 Redfish.Patch /redfish/v1/AccountService/Accounts/operator_user body={'RoleId': 'Administrator'} 197 198 # Verify modified user. 199 Redfish Verify User operator_user TestPwd123 Administrator ${True} 200 201 Redfish.Logout 202 Redfish.Login admin_user TestPwd123 203 204 # Change password of 'user' user with admin user. 205 Redfish.Patch /redfish/v1/AccountService/Accounts/readonly_user body={'Password': 'NewTestPwd123'} 206 207 # Verify modified user. 208 Redfish Verify User readonly_user NewTestPwd123 ReadOnly ${True} 209 210 Redfish.Delete /redfish/v1/AccountService/Accounts/admin_user 211 Redfish.Delete /redfish/v1/AccountService/Accounts/operator_user 212 Redfish.Delete /redfish/v1/AccountService/Accounts/readonly_user 213 214Verify Operator User Privilege 215 [Documentation] Verify operator user privilege. 216 [Tags] Verify_operator_User_Privilege 217 218 Redfish Create User admin_user TestPwd123 Administrator ${True} 219 Redfish Create User operator_user TestPwd123 Operator ${True} 220 221 Redfish.Logout 222 # Login with operator user. 223 Redfish.Login operator_user TestPwd123 224 225 # Verify BMC reset. 226 Run Keyword And Expect Error ValueError* Redfish BMC Reset Operation 227 228 # Attempt to change password of admin user with operator user. 229 Redfish.Patch /redfish/v1/AccountService/Accounts/admin_user body={'Password': 'NewTestPwd123'} 230 ... valid_status_codes=[${HTTP_FORBIDDEN}] 231 232 Redfish.Logout 233 234 Redfish.Login 235 236 Redfish.Delete /redfish/v1/AccountService/Accounts/admin_user 237 Redfish.Delete /redfish/v1/AccountService/Accounts/operator_user 238 239 240Verify ReadOnly User Privilege 241 [Documentation] Verify ReadOnly user privilege. 242 [Tags] Verify_ReadOnly_User_Privilege 243 244 Redfish Create User readonly_user TestPwd123 ReadOnly ${True} 245 Redfish.Logout 246 247 # Login with read_only user. 248 Redfish.Login readonly_user TestPwd123 249 250 # Read system level data. 251 ${system_model}= Redfish_Utils.Get Attribute 252 ... ${SYSTEM_BASE_URI} Model 253 254 Redfish.Logout 255 Redfish.Login 256 Redfish.Delete ${REDFISH_ACCOUNTS_URI}readonly_user 257 258 259Verify Minimum Password Length For Redfish User 260 [Documentation] Verify minimum password length for new and existing user. 261 [Tags] Verify_Minimum_Password_Length_For_Redfish_User 262 263 ${user_name}= Set Variable testUser 264 265 # Make sure the user account in question does not already exist. 266 Redfish.Delete /redfish/v1/AccountService/Accounts/${user_name} 267 ... valid_status_codes=[${HTTP_OK}, ${HTTP_NOT_FOUND}] 268 269 # Try to create a user with invalid length password. 270 ${payload}= Create Dictionary 271 ... UserName=${user_name} Password=UserPwd RoleId=Administrator Enabled=${True} 272 Redfish.Post /redfish/v1/AccountService/Accounts/ body=&{payload} 273 ... valid_status_codes=[${HTTP_BAD_REQUEST}] 274 275 # Create specified user with valid length password. 276 Set To Dictionary ${payload} Password UserPwd1 277 Redfish.Post /redfish/v1/AccountService/Accounts/ body=&{payload} 278 ... valid_status_codes=[${HTTP_CREATED}] 279 280 # Try to change to an invalid password. 281 Redfish.Patch /redfish/v1/AccountService/Accounts/${user_name} body={'Password': 'UserPwd'} 282 ... valid_status_codes=[${HTTP_BAD_REQUEST}] 283 284 # Change to a valid password. 285 Redfish.Patch /redfish/v1/AccountService/Accounts/${user_name} body={'Password': 'UserPwd1'} 286 287 # Verify login. 288 Redfish.Logout 289 Redfish.Login ${user_name} UserPwd1 290 Redfish.Logout 291 Redfish.Login 292 Redfish.Delete /redfish/v1/AccountService/Accounts/${user_name} 293 294 295Verify Standard User Roles Defined By Redfish 296 [Documentation] Verify standard user roles defined by Redfish. 297 [Tags] Verify_Standard_User_Roles_Defined_By_Redfish 298 299 ${member_list}= Redfish_Utils.Get Member List 300 ... /redfish/v1/AccountService/Roles 301 302 @{roles}= Create List 303 ... /redfish/v1/AccountService/Roles/Administrator 304 ... /redfish/v1/AccountService/Roles/Operator 305 ... /redfish/v1/AccountService/Roles/ReadOnly 306 307 List Should Contain Sub List ${member_list} ${roles} 308 309 # The standard roles are: 310 311 # | Role name | Assigned privileges | 312 # | Administrator | Login, ConfigureManager, ConfigureUsers, ConfigureComponents, ConfigureSelf | 313 # | Operator | Login, ConfigureComponents, ConfigureSelf | 314 # | ReadOnly | Login, ConfigureSelf | 315 316 @{admin}= Create List Login ConfigureManager ConfigureUsers ConfigureComponents ConfigureSelf 317 @{operator}= Create List Login ConfigureComponents ConfigureSelf 318 @{readOnly}= Create List Login ConfigureSelf 319 320 ${roles_dict}= create dictionary admin_privileges=${admin} operator_privileges=${operator} 321 ... readOnly_privileges=${readOnly} 322 323 ${resp}= redfish.Get /redfish/v1/AccountService/Roles/Administrator 324 List Should Contain Sub List ${resp.dict['AssignedPrivileges']} ${roles_dict['admin_privileges']} 325 326 ${resp}= redfish.Get /redfish/v1/AccountService/Roles/Operator 327 List Should Contain Sub List ${resp.dict['AssignedPrivileges']} ${roles_dict['operator_privileges']} 328 329 ${resp}= redfish.Get /redfish/v1/AccountService/Roles/ReadOnly 330 List Should Contain Sub List ${resp.dict['AssignedPrivileges']} ${roles_dict['readOnly_privileges']} 331 332 333*** Keywords *** 334 335Test Teardown Execution 336 [Documentation] Do the post test teardown. 337 338 Run Keyword And Ignore Error Redfish.Logout 339 FFDC On Test Case Fail 340 341 342Redfish Create User 343 [Documentation] Redfish create user. 344 [Arguments] ${username} ${password} ${role_id} ${enabled} ${login_check}=${True} 345 346 # Description of argument(s): 347 # username The username to be created. 348 # password The password to be assigned. 349 # role_id The role ID of the user to be created 350 # (e.g. "Administrator", "Operator", etc.). 351 # enabled Indicates whether the username being created 352 # should be enabled (${True}, ${False}). 353 # login_check Checks user login for created user. 354 # (e.g. ${True}, ${False}). 355 356 # Make sure the user account in question does not already exist. 357 Redfish.Delete /redfish/v1/AccountService/Accounts/${userName} 358 ... valid_status_codes=[${HTTP_OK}, ${HTTP_NOT_FOUND}] 359 360 # Create specified user. 361 ${payload}= Create Dictionary 362 ... UserName=${username} Password=${password} RoleId=${role_id} Enabled=${enabled} 363 Redfish.Post /redfish/v1/AccountService/Accounts/ body=&{payload} 364 ... valid_status_codes=[${HTTP_CREATED}] 365 366 # Resetting pam tally count as a workaround for issue 367 # openbmc/phosphor-user-manager#4 368 ${cmd}= Catenate /usr/sbin/pam_tally2 -u ${username} --reset 369 Bmc Execute Command ${cmd} 370 371 # Verify login with created user. 372 ${status}= Run Keyword If '${login_check}' == '${True}' 373 ... Verify Redfish User Login ${username} ${password} 374 Run Keyword If '${login_check}' == '${True}' Should Be Equal ${status} ${enabled} 375 376 # Validate Role ID of created user. 377 ${role_config}= Redfish_Utils.Get Attribute 378 ... /redfish/v1/AccountService/Accounts/${username} RoleId 379 Should Be Equal ${role_id} ${role_config} 380 381 382Redfish Verify User 383 [Documentation] Redfish user verification. 384 [Arguments] ${username} ${password} ${role_id} ${enabled} 385 386 # Description of argument(s): 387 # username The username to be created. 388 # password The password to be assigned. 389 # role_id The role ID of the user to be created 390 # (e.g. "Administrator", "Operator", etc.). 391 # enabled Indicates whether the username being created 392 # should be enabled (${True}, ${False}). 393 394 ${status}= Verify Redfish User Login ${username} ${password} 395 # Doing a check of the returned status. 396 Should Be Equal ${status} ${enabled} 397 398 # Validate Role Id of user. 399 ${role_config}= Redfish_Utils.Get Attribute 400 ... /redfish/v1/AccountService/Accounts/${username} RoleId 401 Should Be Equal ${role_id} ${role_config} 402 403 404Verify Redfish User Login 405 [Documentation] Verify Redfish login with given user id. 406 [Teardown] Run Keywords Run Keyword And Ignore Error Redfish.Logout AND Redfish.Login 407 [Arguments] ${username} ${password} 408 409 # Description of argument(s): 410 # username Login username. 411 # password Login password. 412 413 # Logout from current Redfish session. 414 # We don't really care if the current session is flushed out since we are going to login 415 # with new credential in next. 416 Run Keyword And Ignore Error Redfish.Logout 417 418 ${status}= Run Keyword And Return Status Redfish.Login ${username} ${password} 419 [Return] ${status} 420 421 422Redfish Create And Verify User 423 [Documentation] Redfish create and verify user. 424 [Arguments] ${username} ${password} ${role_id} ${enabled} 425 426 # Description of argument(s): 427 # username The username to be created. 428 # password The password to be assigned. 429 # role_id The role ID of the user to be created 430 # (e.g. "Administrator", "Operator", etc.). 431 # enabled Indicates whether the username being created 432 # should be enabled (${True}, ${False}). 433 434 # Example: 435 #{ 436 #"@odata.context": "/redfish/v1/$metadata#ManagerAccount.ManagerAccount", 437 #"@odata.id": "/redfish/v1/AccountService/Accounts/test1", 438 #"@odata.type": "#ManagerAccount.v1_0_3.ManagerAccount", 439 #"Description": "User Account", 440 #"Enabled": true, 441 #"Id": "test1", 442 #"Links": { 443 # "Role": { 444 # "@odata.id": "/redfish/v1/AccountService/Roles/Administrator" 445 # } 446 #}, 447 448 Redfish Create User ${username} ${password} ${role_id} ${enabled} 449 450 Redfish Verify User ${username} ${password} ${role_id} ${enabled} 451 452 # Delete Specified User 453 Redfish.Delete /redfish/v1/AccountService/Accounts/${username} 454 455Verify Redfish User with Wrong Password 456 [Documentation] Verify Redfish User with Wrong Password. 457 [Arguments] ${username} ${password} ${role_id} ${enabled} ${wrong_password} 458 459 # Description of argument(s): 460 # username The username to be created. 461 # password The password to be assigned. 462 # role_id The role ID of the user to be created 463 # (e.g. "Administrator", "Operator", etc.). 464 # enabled Indicates whether the username being created 465 # should be enabled (${True}, ${False}). 466 # wrong_password Any invalid password. 467 468 Redfish Create User ${username} ${password} ${role_id} ${enabled} 469 470 Redfish.Logout 471 472 # Attempt to login with created user with invalid password. 473 Run Keyword And Expect Error InvalidCredentialsError* 474 ... Redfish.Login ${username} ${wrong_password} 475 476 Redfish.Login 477 478 # Delete newly created user. 479 Redfish.Delete /redfish/v1/AccountService/Accounts/${username} 480 481 482Verify Login with Deleted Redfish User 483 [Documentation] Verify Login with Deleted Redfish User. 484 [Arguments] ${username} ${password} ${role_id} ${enabled} 485 486 # Description of argument(s): 487 # username The username to be created. 488 # password The password to be assigned. 489 # role_id The role ID of the user to be created 490 # (e.g. "Administrator", "Operator", etc.). 491 # enabled Indicates whether the username being created 492 # should be enabled (${True}, ${False}). 493 494 Redfish Create User ${username} ${password} ${role_id} ${enabled} 495 496 # Delete newly created user. 497 Redfish.Delete /redfish/v1/AccountService/Accounts/${userName} 498 499 Redfish.Logout 500 501 # Attempt to login with deleted user account. 502 Run Keyword And Expect Error InvalidCredentialsError* 503 ... Redfish.Login ${username} ${password} 504 505 Redfish.Login 506 507 508Verify Create User Without Enabling 509 [Documentation] Verify Create User Without Enabling. 510 [Arguments] ${username} ${password} ${role_id} ${enabled} 511 512 # Description of argument(s): 513 # username The username to be created. 514 # password The password to be assigned. 515 # role_id The role ID of the user to be created 516 # (e.g. "Administrator", "Operator", etc.). 517 # enabled Indicates whether the username being created 518 # should be enabled (${True}, ${False}). 519 520 Redfish Create User ${username} ${password} ${role_id} ${enabled} ${False} 521 522 Redfish.Logout 523 524 # Login with created user. 525 Run Keyword And Expect Error InvalidCredentialsError* 526 ... Redfish.Login ${username} ${password} 527 528 Redfish.Login 529 530 # Delete newly created user. 531 Redfish.Delete /redfish/v1/AccountService/Accounts/${username} 532 533