1*** Settings *** 2Documentation Test Redfish user account. 3 4Resource ../../lib/resource.robot 5Resource ../../lib/bmc_redfish_resource.robot 6Resource ../../lib/openbmc_ffdc.robot 7 8Suite Setup Suite Setup Execution 9Test Setup Test Setup Execution 10Test Teardown Test Teardown Execution 11 12*** Variables *** 13 14${account_lockout_duration} ${30} 15${account_lockout_threshold} ${3} 16 17** Test Cases ** 18 19Verify AccountService Available 20 [Documentation] Verify Redfish account service is available. 21 [Tags] Verify_AccountService_Available 22 23 ${resp} = Redfish_utils.Get Attribute /redfish/v1/AccountService ServiceEnabled 24 Should Be Equal As Strings ${resp} ${True} 25 26Verify Redfish User Persistence After Reboot 27 [Documentation] Verify Redfish user persistence after reboot. 28 [Tags] Verify_Redfish_User_Persistence_After_Reboot 29 30 # Create Redfish users. 31 Redfish Create User admin_user TestPwd123 Administrator ${True} 32 Redfish Create User operator_user TestPwd123 Operator ${True} 33 Redfish Create User readonly_user TestPwd123 ReadOnly ${True} 34 35 # Reboot BMC. 36 Redfish OBMC Reboot (off) stack_mode=normal 37 38 # Verify users after reboot. 39 Redfish Verify User admin_user TestPwd123 Administrator ${True} 40 Redfish Verify User operator_user TestPwd123 Operator ${True} 41 Redfish Verify User readonly_user TestPwd123 ReadOnly ${True} 42 43 # Delete created users. 44 Redfish.Delete /redfish/v1/AccountService/Accounts/admin_user 45 Redfish.Delete /redfish/v1/AccountService/Accounts/operator_user 46 Redfish.Delete /redfish/v1/AccountService/Accounts/readonly_user 47 48Redfish Create and Verify Users 49 [Documentation] Create Redfish users with various roles. 50 [Tags] Redfish_Create_and_Verify_Users 51 [Template] Redfish Create And Verify User 52 53 #username password role_id enabled 54 admin_user TestPwd123 Administrator ${True} 55 operator_user TestPwd123 Operator ${True} 56 readonly_user TestPwd123 ReadOnly ${True} 57 58Verify Redfish User with Wrong Password 59 [Documentation] Verify Redfish User with Wrong Password. 60 [Tags] Verify_Redfish_User_with_Wrong_Password 61 [Template] Verify Redfish User with Wrong Password 62 63 #username password role_id enabled wrong_password 64 admin_user TestPwd123 Administrator ${True} alskjhfwurh 65 operator_user TestPwd123 Operator ${True} 12j8a8uakjhdaosiruf024 66 readonly_user TestPwd123 ReadOnly ${True} 12 67 68Verify Login with Deleted Redfish Users 69 [Documentation] Verify login with deleted Redfish Users. 70 [Tags] Verify_Login_with_Deleted_Redfish_Users 71 [Template] Verify Login with Deleted Redfish User 72 73 #username password role_id enabled 74 admin_user TestPwd123 Administrator ${True} 75 operator_user TestPwd123 Operator ${True} 76 readonly_user TestPwd123 ReadOnly ${True} 77 78Verify User Creation Without Enabling It 79 [Documentation] Verify User Creation Without Enabling it. 80 [Tags] Verify_User_Creation_Without_Enabling_It 81 [Template] Verify Create User Without Enabling 82 83 #username password role_id enabled 84 admin_user TestPwd123 Administrator ${False} 85 operator_user TestPwd123 Operator ${False} 86 readonly_user TestPwd123 ReadOnly ${False} 87 88Verify User Creation With Invalid Role Id 89 [Documentation] Verify user creation with invalid role ID. 90 [Tags] Verify_User_Creation_With_Invalid_Role_Id 91 92 # Make sure the user account in question does not already exist. 93 Redfish.Delete /redfish/v1/AccountService/Accounts/test_user 94 ... valid_status_codes=[${HTTP_OK}, ${HTTP_NOT_FOUND}] 95 96 # Create specified user. 97 ${payload}= Create Dictionary 98 ... UserName=test_user Password=TestPwd123 RoleId=wrongroleid Enabled=${True} 99 Redfish.Post /redfish/v1/AccountService/Accounts/ body=&{payload} 100 ... valid_status_codes=[${HTTP_BAD_REQUEST}] 101 102Verify Error Upon Creating Same Users With Different Privileges 103 [Documentation] Verify error upon creating same users with different privileges. 104 [Tags] Verify_Error_Upon_Creating_Same_Users_With_Different_Privileges 105 106 Redfish Create User test_user TestPwd123 Administrator ${True} 107 108 # Create specified user. 109 ${payload}= Create Dictionary 110 ... UserName=test_user Password=TestPwd123 RoleId=Operator Enabled=${True} 111 Redfish.Post /redfish/v1/AccountService/Accounts/ body=&{payload} 112 ... valid_status_codes=[${HTTP_BAD_REQUEST}] 113 114 Redfish.Delete /redfish/v1/AccountService/Accounts/test_user 115 116Verify Modifying User Attributes 117 [Documentation] Verify modifying user attributes. 118 [Tags] Verify_Modifying_User_Attributes 119 120 # Create Redfish users. 121 Redfish Create User admin_user TestPwd123 Administrator ${True} 122 Redfish Create User operator_user TestPwd123 Operator ${True} 123 Redfish Create User readonly_user TestPwd123 ReadOnly ${True} 124 125 Redfish.Login 126 127 # Make sure the new user account does not already exist. 128 Redfish.Delete /redfish/v1/AccountService/Accounts/newadmin_user 129 ... valid_status_codes=[${HTTP_OK}, ${HTTP_NOT_FOUND}] 130 131 # Update admin_user username using Redfish. 132 ${payload}= Create Dictionary UserName=newadmin_user 133 Redfish.Patch /redfish/v1/AccountService/Accounts/admin_user body=&{payload} 134 135 # Update operator_user password using Redfish. 136 ${payload}= Create Dictionary Password=NewTestPwd123 137 Redfish.Patch /redfish/v1/AccountService/Accounts/operator_user body=&{payload} 138 139 # Update readonly_user role using Redfish. 140 ${payload}= Create Dictionary RoleId=Operator 141 Redfish.Patch /redfish/v1/AccountService/Accounts/readonly_user body=&{payload} 142 143 # Verify users after updating 144 Redfish Verify User newadmin_user TestPwd123 Administrator ${True} 145 Redfish Verify User operator_user NewTestPwd123 Operator ${True} 146 Redfish Verify User readonly_user TestPwd123 Operator ${True} 147 148 # Delete created users. 149 Redfish.Delete /redfish/v1/AccountService/Accounts/newadmin_user 150 Redfish.Delete /redfish/v1/AccountService/Accounts/operator_user 151 Redfish.Delete /redfish/v1/AccountService/Accounts/readonly_user 152 153Verify User Account Locked 154 [Documentation] Verify user account locked upon trying with invalid password. 155 [Tags] Verify_User_Account_Locked 156 157 Redfish Create User admin_user TestPwd123 Administrator ${True} 158 159 Redfish.Logout 160 161 Redfish.Login 162 163 ${payload}= Create Dictionary AccountLockoutThreshold=${account_lockout_threshold} 164 ... AccountLockoutDuration=${account_lockout_duration} 165 Redfish.Patch ${REDFISH_ACCOUNTS_SERVICE_URI} body=${payload} 166 167 # Make ${account_lockout_threshold} failed login attempts. 168 Repeat Keyword ${account_lockout_threshold} times 169 ... Run Keyword And Expect Error InvalidCredentialsError* Redfish.Login admin_user abc123 170 171 # Verify that legitimate login fails due to lockout. 172 Run Keyword And Expect Error InvalidCredentialsError* 173 ... Redfish.Login admin_user TestPwd123 174 175 # Wait for lockout duration to expire and then verify that login works. 176 Sleep ${account_lockout_duration}s 177 Redfish.Login admin_user TestPwd123 178 179 Redfish.Logout 180 181 Redfish.Login 182 183 Redfish.Delete /redfish/v1/AccountService/Accounts/admin_user 184 185Verify Admin User Privilege 186 [Documentation] Verify admin user privilege. 187 [Tags] Verify_Admin_User_Privilege 188 189 Redfish Create User admin_user TestPwd123 Administrator ${True} 190 Redfish Create User operator_user TestPwd123 Operator ${True} 191 Redfish Create User readonly_user TestPwd123 ReadOnly ${True} 192 193 # Change role ID of operator user with admin user. 194 # Login with admin user. 195 Redfish.Login admin_user TestPwd123 196 197 # Modify Role ID of Operator user. 198 Redfish.Patch /redfish/v1/AccountService/Accounts/operator_user body={'RoleId': 'Administrator'} 199 200 # Verify modified user. 201 Redfish Verify User operator_user TestPwd123 Administrator ${True} 202 203 # Change password of 'user' user with admin user. 204 Redfish.Patch /redfish/v1/AccountService/Accounts/readonly_user body={'Password': 'NewTestPwd123'} 205 206 # Verify modified user. 207 Redfish Verify User readonly_user NewTestPwd123 ReadOnly ${True} 208 209 Redfish.Login 210 211 Redfish.Delete /redfish/v1/AccountService/Accounts/admin_user 212 Redfish.Delete /redfish/v1/AccountService/Accounts/operator_user 213 Redfish.Delete /redfish/v1/AccountService/Accounts/readonly_user 214 215Verify Operator User Privilege 216 [Documentation] Verify operator user privilege. 217 [Tags] Verify_operator_User_Privilege 218 219 Redfish Create User admin_user TestPwd123 Administrator ${True} 220 Redfish Create User operator_user TestPwd123 Operator ${True} 221 222 # Login with operator user. 223 Redfish.Login operator_user TestPwd123 224 225 # Verify BMC reset. 226 Redfish OBMC Reboot (off) stack_mode=normal 227 228 # Attempt to change password of admin user with operator user. 229 Redfish.Patch /redfish/v1/AccountService/Accounts/admin_user body={'Password': 'NewTestPwd123'} 230 ... valid_status_codes=[${HTTP_UNAUTHORIZED}] 231 232 Redfish.Login 233 234 Redfish.Delete /redfish/v1/AccountService/Accounts/admin_user 235 Redfish.Delete /redfish/v1/AccountService/Accounts/operator_user 236 237 238Verify ReadOnly User Privilege 239 [Documentation] Verify ReadOnly user privilege. 240 [Tags] Verify_ReadOnly_User_Privilege 241 242 Redfish Create User readonly_user TestPwd123 ReadOnly ${True} 243 244 # Read system level data. 245 ${system_model}= Redfish_Utils.Get Attribute 246 ... ${SYSTEM_BASE_URI} Model 247 248 Redfish.Login 249 250 Redfish.Delete ${REDFISH_ACCOUNTS_URI}readonly_user 251 252 253Verify Minimum Password Length For Redfish User 254 [Documentation] Verify minimum password length for new and existing user. 255 [Tags] Verify_Minimum_Password_Length_For_Redfish_User 256 257 ${user_name}= Set Variable testUser 258 259 # Make sure the user account in question does not already exist. 260 Redfish.Delete /redfish/v1/AccountService/Accounts/${user_name} 261 ... valid_status_codes=[${HTTP_OK}, ${HTTP_NOT_FOUND}] 262 263 # Try to create a user with invalid length password. 264 ${payload}= Create Dictionary 265 ... UserName=${user_name} Password=UserPwd RoleId=Administrator Enabled=${True} 266 Redfish.Post /redfish/v1/AccountService/Accounts/ body=&{payload} 267 ... valid_status_codes=[${HTTP_BAD_REQUEST}] 268 269 # Create specified user with valid length password. 270 Set To Dictionary ${payload} Password UserPwd1 271 Redfish.Post /redfish/v1/AccountService/Accounts/ body=&{payload} 272 ... valid_status_codes=[${HTTP_CREATED}] 273 274 # Try to change to an invalid password. 275 Redfish.Patch /redfish/v1/AccountService/Accounts/${user_name} body={'Password': 'UserPwd'} 276 ... valid_status_codes=[${HTTP_BAD_REQUEST}] 277 278 # Change to a valid password. 279 Redfish.Patch /redfish/v1/AccountService/Accounts/${user_name} body={'Password': 'UserPwd1'} 280 281 # Verify login. 282 Redfish.Logout 283 Redfish.Login ${user_name} UserPwd1 284 Redfish.Logout 285 Redfish.Login 286 Redfish.Delete /redfish/v1/AccountService/Accounts/${user_name} 287 288 289*** Keywords *** 290 291Test Setup Execution 292 [Documentation] Do test case setup tasks. 293 294 Redfish.Login 295 296 297Test Teardown Execution 298 [Documentation] Do the post test teardown. 299 300 FFDC On Test Case Fail 301 Run Keyword And Ignore Error Redfish.Logout 302 303Redfish Create User 304 [Documentation] Redfish create user. 305 [Arguments] ${username} ${password} ${role_id} ${enabled} 306 307 # Description of argument(s): 308 # username The username to be created. 309 # password The password to be assigned. 310 # role_id The role ID of the user to be created 311 # (e.g. "Administrator", "Operator", etc.). 312 # enabled Indicates whether the username being created 313 # should be enabled (${True}, ${False}). 314 315 Redfish.Login 316 317 # Make sure the user account in question does not already exist. 318 Redfish.Delete /redfish/v1/AccountService/Accounts/${userName} 319 ... valid_status_codes=[${HTTP_OK}, ${HTTP_NOT_FOUND}] 320 321 # Create specified user. 322 ${payload}= Create Dictionary 323 ... UserName=${username} Password=${password} RoleId=${role_id} Enabled=${enabled} 324 Redfish.Post /redfish/v1/AccountService/Accounts/ body=&{payload} 325 ... valid_status_codes=[${HTTP_CREATED}] 326 327 # Resetting pam tally count as a workaround for issue 328 # openbmc/phosphor-user-manager#4 329 ${cmd}= Catenate /usr/sbin/pam_tally2 -u ${username} --reset 330 Bmc Execute Command ${cmd} 331 332 Redfish.Logout 333 334 # Login with created user. 335 Run Keyword If ${enabled} == ${False} 336 ... Run Keyword And Expect Error InvalidCredentialsError* 337 ... Redfish.Login ${username} ${password} 338 ... ELSE 339 ... Redfish.Login ${username} ${password} 340 341 Run Keyword If ${enabled} == ${False} 342 ... Redfish.Login 343 344 # Validate Role ID of created user. 345 ${role_config}= Redfish_Utils.Get Attribute 346 ... /redfish/v1/AccountService/Accounts/${username} RoleId 347 Should Be Equal ${role_id} ${role_config} 348 349 350Redfish Verify User 351 [Documentation] Redfish user verification. 352 [Arguments] ${username} ${password} ${role_id} ${enabled} 353 354 # Description of argument(s): 355 # username The username to be created. 356 # password The password to be assigned. 357 # role_id The role ID of the user to be created 358 # (e.g. "Administrator", "Operator", etc.). 359 # enabled Indicates whether the username being created 360 # should be enabled (${True}, ${False}). 361 362 # Trying to do a login with created user. 363 ${status}= Run Keyword And Return Status Redfish.Login ${username} ${password} 364 365 # Doing a check of the returned status. 366 Should Be Equal ${status} ${enabled} 367 368 # We do not need to login with created user (user could be in disabled status). 369 Redfish.Login 370 371 # Validate Role Id of user. 372 ${role_config}= Redfish_Utils.Get Attribute 373 ... /redfish/v1/AccountService/Accounts/${username} RoleId 374 Should Be Equal ${role_id} ${role_config} 375 376 377Redfish Create And Verify User 378 [Documentation] Redfish create and verify user. 379 [Arguments] ${username} ${password} ${role_id} ${enabled} 380 381 # Description of argument(s): 382 # username The username to be created. 383 # password The password to be assigned. 384 # role_id The role ID of the user to be created 385 # (e.g. "Administrator", "Operator", etc.). 386 # enabled Indicates whether the username being created 387 # should be enabled (${True}, ${False}). 388 389 # Example: 390 #{ 391 #"@odata.context": "/redfish/v1/$metadata#ManagerAccount.ManagerAccount", 392 #"@odata.id": "/redfish/v1/AccountService/Accounts/test1", 393 #"@odata.type": "#ManagerAccount.v1_0_3.ManagerAccount", 394 #"Description": "User Account", 395 #"Enabled": true, 396 #"Id": "test1", 397 #"Links": { 398 # "Role": { 399 # "@odata.id": "/redfish/v1/AccountService/Roles/Administrator" 400 # } 401 #}, 402 403 Redfish Create User ${username} ${password} ${role_id} ${enabled} 404 405 Redfish Verify User ${username} ${password} ${role_id} ${enabled} 406 407 # Delete Specified User 408 Redfish.Delete /redfish/v1/AccountService/Accounts/${username} 409 410Verify Redfish User with Wrong Password 411 [Documentation] Verify Redfish User with Wrong Password. 412 [Arguments] ${username} ${password} ${role_id} ${enabled} ${wrong_password} 413 414 # Description of argument(s): 415 # username The username to be created. 416 # password The password to be assigned. 417 # role_id The role ID of the user to be created 418 # (e.g. "Administrator", "Operator", etc.). 419 # enabled Indicates whether the username being created 420 # should be enabled (${True}, ${False}). 421 # wrong_password Any invalid password. 422 423 Redfish Create User ${username} ${password} ${role_id} ${enabled} 424 425 # Attempt to login with created user with invalid password. 426 Run Keyword And Expect Error InvalidCredentialsError* 427 ... Redfish.Login ${username} ${wrong_password} 428 429 Redfish.Login 430 431 # Delete newly created user. 432 Redfish.Delete /redfish/v1/AccountService/Accounts/${username} 433 434 435Verify Login with Deleted Redfish User 436 [Documentation] Verify Login with Deleted Redfish User. 437 [Arguments] ${username} ${password} ${role_id} ${enabled} 438 439 # Description of argument(s): 440 # username The username to be created. 441 # password The password to be assigned. 442 # role_id The role ID of the user to be created 443 # (e.g. "Administrator", "Operator", etc.). 444 # enabled Indicates whether the username being created 445 # should be enabled (${True}, ${False}). 446 447 Redfish Create User ${username} ${password} ${role_id} ${enabled} 448 ${status}= Run Keyword And Return Status Redfish.Login ${username} ${password} 449 450 # Doing a check of the rerurned status 451 Should Be Equal ${status} ${True} 452 453 Redfish.Login 454 455 # Delete newly created user. 456 Redfish.Delete /redfish/v1/AccountService/Accounts/${userName} 457 458 # Attempt to login with deleted user account. 459 Run Keyword And Expect Error InvalidCredentialsError* 460 ... Redfish.Login ${username} ${password} 461 462 Redfish.Login 463 464Verify Create User Without Enabling 465 [Documentation] Verify Create User Without Enabling. 466 [Arguments] ${username} ${password} ${role_id} ${enabled} 467 468 # Description of argument(s): 469 # username The username to be created. 470 # password The password to be assigned. 471 # role_id The role ID of the user to be created 472 # (e.g. "Administrator", "Operator", etc.). 473 # enabled Indicates whether the username being created 474 # should be enabled (${True}, ${False}). 475 476 Redfish.Login 477 478 Redfish Create User ${username} ${password} ${role_id} ${enabled} 479 480 Redfish.Logout 481 482 # Login with created user. 483 Run Keyword And Expect Error InvalidCredentialsError* 484 ... Redfish.Login ${username} ${password} 485 486 Redfish.Login 487 488 # Delete newly created user. 489 Redfish.Delete /redfish/v1/AccountService/Accounts/${username} 490 491 492Suite Setup Execution 493 [Documentation] Do test case setup tasks. 494 495 Redfish.Login 496