1*** Settings ***
2Documentation    Test Redfish user account.
3
4Resource         ../../lib/resource.robot
5Resource         ../../lib/bmc_redfish_resource.robot
6Resource         ../../lib/openbmc_ffdc.robot
7Resource         ../../lib/bmc_redfish_utils.robot
8
9Library          SSHLibrary
10
11Test Setup       Redfish.Login
12Test Teardown    Test Teardown Execution
13
14*** Variables ***
15
16${account_lockout_duration}   ${30}
17${account_lockout_threshold}  ${3}
18
19** Test Cases **
20
21Verify AccountService Available
22    [Documentation]  Verify Redfish account service is available.
23    [Tags]  Verify_AccountService_Available
24
25    ${resp} =  Redfish_utils.Get Attribute  /redfish/v1/AccountService  ServiceEnabled
26    Should Be Equal As Strings  ${resp}  ${True}
27
28
29Verify Redfish Admin User Persistence After Reboot
30    [Documentation]  Verify Redfish admin user persistence after reboot.
31    [Tags]  Verify_Redfish_Admin_User_Persistence_After_Reboot
32    [Setup]  Run Keywords  Redfish.Login  AND
33    ...  Redfish Create User  admin_user  TestPwd123  Administrator  ${True}
34    [Teardown]  Run Keywords  Redfish.Delete  /redfish/v1/AccountService/Accounts/admin_user
35    ...  AND  Test Teardown Execution
36
37    # Reboot BMC.
38    Redfish OBMC Reboot (off)  stack_mode=normal
39
40    # Verify users after reboot.
41    Redfish Verify User  admin_user     TestPwd123  Administrator   ${True}
42
43
44Verify Redfish Operator User Persistence After Reboot
45    [Documentation]  Verify Redfish operator user persistence after reboot.
46    [Tags]  Verify_Redfish_Operator_User_Persistence_After_Reboot
47    [Setup]  Run Keywords  Redfish.Login  AND
48    ...  Redfish Create User  operator_user  TestPwd123  Operator  ${True}
49    [Teardown]  Run Keywords  Redfish.Delete  /redfish/v1/AccountService/Accounts/operator_user
50    ...  AND  Test Teardown Execution
51
52    # Reboot BMC.
53    Redfish OBMC Reboot (off)  stack_mode=normal
54
55    # Verify users after reboot.
56    Redfish Verify User  operator_user  TestPwd123  Operator        ${True}
57
58
59Verify Redfish Readonly User Persistence After Reboot
60    [Documentation]  Verify Redfish readonly user persistence after reboot.
61    [Tags]  Verify_Redfish_Readonly_User_Persistence_After_Reboot
62    [Setup]  Run Keywords  Redfish.Login  AND
63    ...  Redfish Create User  readonly_user  TestPwd123  ReadOnly  ${True}
64    [Teardown]  Run Keywords  Redfish.Delete  /redfish/v1/AccountService/Accounts/readonly_user
65    ...  AND  Test Teardown Execution
66
67    # Reboot BMC.
68    Redfish OBMC Reboot (off)  stack_mode=normal
69
70    # Verify users after reboot.
71    Redfish Verify User  readonly_user  TestPwd123  ReadOnly        ${True}
72
73
74Redfish Create and Verify Admin User
75    [Documentation]  Create a Redfish user with administrator role and verify.
76    [Tags]  Redfish_Create_and_Verify_Admin_User
77    [Template]  Redfish Create And Verify User
78
79    #username      password    role_id         enabled
80    admin_user     TestPwd123  Administrator   ${True}
81
82
83Redfish Create and Verify Operator User
84    [Documentation]  Create a Redfish user with operator role and verify.
85    [Tags]  Redfish_Create_and_Verify_Operator_User
86    [Template]  Redfish Create And Verify User
87
88    #username      password    role_id         enabled
89    operator_user  TestPwd123  Operator        ${True}
90
91
92Redfish Create and Verify Readonly User
93    [Documentation]  Create a Redfish user with readonly role and verify.
94    [Tags]  Redfish_Create_and_Verify_Readonly_User
95    [Template]  Redfish Create And Verify User
96
97    #username      password    role_id         enabled
98    readonly_user  TestPwd123  ReadOnly        ${True}
99
100
101Verify Redfish Admin User With Wrong Password
102    [Documentation]  Verify Redfish admin user with wrong password.
103    [Tags]  Verify_Redfish_Admin_User_With_Wrong_Password
104    [Template]  Verify Redfish User with Wrong Password
105
106    #username      password    role_id         enabled  wrong_password
107    admin_user     TestPwd123  Administrator   ${True}  alskjhfwurh
108
109
110Verify Redfish Operator User with Wrong Password
111    [Documentation]  Verify Redfish operator user with wrong password.
112    [Tags]  Verify_Redfish_Operator_User_with_Wrong_Password
113    [Template]  Verify Redfish User with Wrong Password
114
115    #username      password    role_id         enabled  wrong_password
116    operator_user  TestPwd123  Operator        ${True}  12j8a8uakjhdaosiruf024
117
118
119Verify Redfish Readonly User With Wrong Password
120    [Documentation]  Verify Redfish readonly user with wrong password.
121    [Tags]  Verify_Redfish_Readonly_User_With_Wrong_Password
122    [Template]  Verify Redfish User with Wrong Password
123
124    #username      password    role_id         enabled  wrong_password
125    readonly_user  TestPwd123  ReadOnly        ${True}  12
126
127
128Verify Login with Deleted Redfish Admin User
129    [Documentation]  Verify login with deleted Redfish admin user.
130    [Tags]  Verify_Login_with_Deleted_Redfish_Admin_User
131    [Template]  Verify Login with Deleted Redfish User
132
133    #username     password    role_id         enabled
134    admin_user     TestPwd123  Administrator   ${True}
135
136
137Verify Login with Deleted Redfish Operator User
138    [Documentation]  Verify login with deleted Redfish operator user.
139    [Tags]  Verify_Login_with_Deleted_Redfish_Operator_User
140    [Template]  Verify Login with Deleted Redfish User
141
142    #username     password    role_id         enabled
143    operator_user  TestPwd123  Operator        ${True}
144
145
146Verify Login with Deleted Redfish Readonly User
147    [Documentation]  Verify login with deleted Redfish readonly user.
148    [Tags]  Verify_Login_with_Deleted_Redfish_Readonly_User
149    [Template]  Verify Login with Deleted Redfish User
150
151    #username     password    role_id         enabled
152    readonly_user  TestPwd123  ReadOnly        ${True}
153
154
155Verify Admin User Creation Without Enabling It
156    [Documentation]  Verify admin user creation without enabling it.
157    [Tags]  Verify_Admin_User_Creation_Without_Enabling_It
158    [Template]  Verify Create User Without Enabling
159
160    #username      password    role_id         enabled
161    admin_user     TestPwd123  Administrator   ${False}
162
163
164Verify Operator User Creation Without Enabling It
165    [Documentation]  Verify operator user creation without enabling it.
166    [Tags]  Verify_Operator_User_Creation_Without_Enabling_It
167    [Template]  Verify Create User Without Enabling
168
169    #username      password    role_id         enabled
170    operator_user  TestPwd123  Operator        ${False}
171
172
173Verify Readonly User Creation Without Enabling It
174    [Documentation]  Verify readonly user creation without enabling it.
175    [Tags]  Verify_Readonly_User_Creation_Without_Enabling_It
176    [Template]  Verify Create User Without Enabling
177
178    #username      password    role_id         enabled
179    readonly_user  TestPwd123  ReadOnly        ${False}
180
181
182Verify User Creation With Invalid Role Id
183    [Documentation]  Verify user creation with invalid role ID.
184    [Tags]  Verify_User_Creation_With_Invalid_Role_Id
185
186    # Make sure the user account in question does not already exist.
187    Redfish.Delete  /redfish/v1/AccountService/Accounts/test_user
188    ...  valid_status_codes=[${HTTP_OK}, ${HTTP_NOT_FOUND}]
189
190    # Create specified user.
191    ${payload}=  Create Dictionary
192    ...  UserName=test_user  Password=TestPwd123  RoleId=wrongroleid  Enabled=${True}
193    Redfish.Post  /redfish/v1/AccountService/Accounts/  body=&{payload}
194    ...  valid_status_codes=[${HTTP_BAD_REQUEST}]
195
196Verify Error Upon Creating Same Users With Different Privileges
197    [Documentation]  Verify error upon creating same users with different privileges.
198    [Tags]  Verify_Error_Upon_Creating_Same_Users_With_Different_Privileges
199
200    Redfish Create User  test_user  TestPwd123  Administrator  ${True}
201
202    # Create specified user.
203    ${payload}=  Create Dictionary
204    ...  UserName=test_user  Password=TestPwd123  RoleId=Operator  Enabled=${True}
205    Redfish.Post  /redfish/v1/AccountService/Accounts/  body=&{payload}
206    ...  valid_status_codes=[${HTTP_BAD_REQUEST}]
207
208    Redfish.Delete  /redfish/v1/AccountService/Accounts/test_user
209
210
211Verify Modifying User Attributes
212    [Documentation]  Verify modifying user attributes.
213    [Tags]  Verify_Modifying_User_Attributes
214
215    # Create Redfish users.
216    Redfish Create User  admin_user     TestPwd123  Administrator   ${True}
217    Redfish Create User  readonly_user  TestPwd123  ReadOnly        ${True}
218
219    # Make sure the new user account does not already exist.
220    Redfish.Delete  /redfish/v1/AccountService/Accounts/newadmin_user
221    ...  valid_status_codes=[${HTTP_OK}, ${HTTP_NOT_FOUND}]
222
223    # Update admin_user username using Redfish.
224    ${payload}=  Create Dictionary  UserName=newadmin_user
225    Redfish.Patch  /redfish/v1/AccountService/Accounts/admin_user  body=&{payload}
226
227    # Update readonly_user role using Redfish.
228    ${payload}=  Create Dictionary  RoleId=Administrator
229    Redfish.Patch  /redfish/v1/AccountService/Accounts/readonly_user  body=&{payload}
230
231    # Verify users after updating
232    Redfish Verify User  newadmin_user  TestPwd123     Administrator   ${True}
233    Redfish Verify User  readonly_user  TestPwd123     Administrator   ${True}
234
235    # Delete created users.
236    Redfish.Delete  /redfish/v1/AccountService/Accounts/newadmin_user
237    Redfish.Delete  /redfish/v1/AccountService/Accounts/readonly_user
238
239
240Verify Modifying Operator User Attributes
241    [Documentation]  Verify modifying operator user attributes.
242    [Tags]  Verify_Modifying_Operator_User_Attributes
243    [Setup]  Run Keywords  Redfish.Login  AND
244    ...  Redfish Create User  operator_user  TestPwd123  Operator  ${True}
245    [Teardown]  Run Keywords  Redfish.Delete  /redfish/v1/AccountService/Accounts/operator_user
246    ...  AND  Test Teardown Execution
247
248    # Update operator_user password using Redfish.
249    ${payload}=  Create Dictionary  Password=NewTestPwd123
250    Redfish.Patch  /redfish/v1/AccountService/Accounts/operator_user  body=&{payload}
251
252    # Verify users after updating
253    Redfish Verify User  operator_user  NewTestPwd123  Operator        ${True}
254
255
256Verify User Account Locked
257    [Documentation]  Verify user account locked upon trying with invalid password.
258    [Tags]  Verify_User_Account_Locked
259
260    Redfish Create User  admin_user  TestPwd123  Administrator   ${True}
261
262    ${payload}=  Create Dictionary  AccountLockoutThreshold=${account_lockout_threshold}
263    ...  AccountLockoutDuration=${account_lockout_duration}
264    Redfish.Patch  ${REDFISH_ACCOUNTS_SERVICE_URI}  body=${payload}
265
266    Redfish.Logout
267
268    # Make ${account_lockout_threshold} failed login attempts.
269    Repeat Keyword  ${account_lockout_threshold} times
270    ...  Run Keyword And Expect Error  InvalidCredentialsError*  Redfish.Login  admin_user  abc123
271
272    # Verify that legitimate login fails due to lockout.
273    Run Keyword And Expect Error  InvalidCredentialsError*
274    ...  Redfish.Login  admin_user  TestPwd123
275
276    # Wait for lockout duration to expire and then verify that login works.
277    Sleep  ${account_lockout_duration}s
278    Redfish.Login  admin_user  TestPwd123
279
280    Redfish.Logout
281
282    Redfish.Login
283
284    Redfish.Delete  /redfish/v1/AccountService/Accounts/admin_user
285
286Verify Admin User Privilege
287    [Documentation]  Verify admin user privilege.
288    [Tags]  Verify_Admin_User_Privilege
289
290    Redfish Create User  admin_user  TestPwd123  Administrator  ${True}
291    Redfish Create User  readonly_user  TestPwd123  ReadOnly  ${True}
292
293    Redfish.Logout
294
295    Redfish.Login  admin_user  TestPwd123
296
297    # Change password of 'readonly' user with admin user.
298    Redfish.Patch  /redfish/v1/AccountService/Accounts/readonly_user  body={'Password': 'NewTestPwd123'}
299
300    # Verify modified user.
301    Redfish Verify User  readonly_user  NewTestPwd123  ReadOnly  ${True}
302
303    # Note: Delete user would work here because a root login is
304    # performed as part of "Redfish Verify User" keyword's teardown.
305    Redfish.Delete  /redfish/v1/AccountService/Accounts/admin_user
306    Redfish.Delete  /redfish/v1/AccountService/Accounts/readonly_user
307
308
309Verify Operator User Role Change Using Admin Privilege User
310    [Documentation]  Verify operator user role change using admin privilege user
311    [Tags]  Verify_Operator_User_Role_Change_Using_Admin_Privilege_User
312
313    Redfish Create User  admin_user  TestPwd123  Administrator  ${True}
314    Redfish Create User  operator_user  TestPwd123  Operator  ${True}
315
316    Redfish.Logout
317
318    # Change role ID of operator user with admin user.
319    # Login with admin user.
320    Redfish.Login  admin_user  TestPwd123
321
322    # Modify Role ID of Operator user.
323    Redfish.Patch  /redfish/v1/AccountService/Accounts/operator_user  body={'RoleId': 'Administrator'}
324
325    # Verify modified user.
326    Redfish Verify User  operator_user  TestPwd123  Administrator  ${True}
327
328    Redfish.Delete  /redfish/v1/AccountService/Accounts/admin_user
329    Redfish.Delete  /redfish/v1/AccountService/Accounts/operator_user
330
331
332Verify Operator User Privilege
333    [Documentation]  Verify operator user privilege.
334    [Tags]  Verify_Operator_User_Privilege
335
336    Redfish Create User  admin_user  TestPwd123  Administrator  ${True}
337    Redfish Create User  operator_user  TestPwd123  Operator  ${True}
338
339    Redfish.Logout
340    # Login with operator user.
341    Redfish.Login  operator_user  TestPwd123
342
343    # Verify BMC reset.
344    Run Keyword And Expect Error  ValueError*  Redfish BMC Reset Operation
345
346    # Attempt to change password of admin user with operator user.
347    Redfish.Patch  /redfish/v1/AccountService/Accounts/admin_user  body={'Password': 'NewTestPwd123'}
348    ...  valid_status_codes=[${HTTP_FORBIDDEN}]
349
350    Redfish.Logout
351
352    Redfish.Login
353
354    Redfish.Delete  /redfish/v1/AccountService/Accounts/admin_user
355    Redfish.Delete  /redfish/v1/AccountService/Accounts/operator_user
356
357
358Verify ReadOnly User Privilege
359    [Documentation]  Verify ReadOnly user privilege.
360    [Tags]  Verify_ReadOnly_User_Privilege
361
362    Redfish Create User  readonly_user  TestPwd123  ReadOnly  ${True}
363    Redfish.Logout
364
365    # Login with read_only user.
366    Redfish.Login  readonly_user  TestPwd123
367
368    # Read system level data.
369    ${system_model}=  Redfish_Utils.Get Attribute
370    ...  ${SYSTEM_BASE_URI}  Model
371
372    Redfish.Logout
373    Redfish.Login
374    Redfish.Delete  ${REDFISH_ACCOUNTS_URI}readonly_user
375
376
377Verify Minimum Password Length For Redfish User
378    [Documentation]  Verify minimum password length for new and existing user.
379    [Tags]  Verify_Minimum_Password_Length_For_Redfish_User
380
381    ${user_name}=  Set Variable  testUser
382
383    # Make sure the user account in question does not already exist.
384    Redfish.Delete  /redfish/v1/AccountService/Accounts/${user_name}
385    ...  valid_status_codes=[${HTTP_OK}, ${HTTP_NOT_FOUND}]
386
387    # Try to create a user with invalid length password.
388    ${payload}=  Create Dictionary
389    ...  UserName=${user_name}  Password=UserPwd  RoleId=Administrator  Enabled=${True}
390    Redfish.Post  /redfish/v1/AccountService/Accounts/  body=&{payload}
391    ...  valid_status_codes=[${HTTP_BAD_REQUEST}]
392
393    # Create specified user with valid length password.
394    Set To Dictionary  ${payload}  Password  UserPwd1
395    Redfish.Post  /redfish/v1/AccountService/Accounts/  body=&{payload}
396    ...  valid_status_codes=[${HTTP_CREATED}]
397
398    # Try to change to an invalid password.
399    Redfish.Patch  /redfish/v1/AccountService/Accounts/${user_name}  body={'Password': 'UserPwd'}
400    ...  valid_status_codes=[${HTTP_BAD_REQUEST}]
401
402    # Change to a valid password.
403    Redfish.Patch  /redfish/v1/AccountService/Accounts/${user_name}  body={'Password': 'UserPwd1'}
404
405    # Verify login.
406    Redfish.Logout
407    Redfish.Login  ${user_name}  UserPwd1
408    Redfish.Logout
409    Redfish.Login
410    Redfish.Delete  /redfish/v1/AccountService/Accounts/${user_name}
411
412
413Verify Standard User Roles Defined By Redfish
414    [Documentation]  Verify standard user roles defined by Redfish.
415    [Tags]  Verify_Standard_User_Roles_Defined_By_Redfish
416
417    ${member_list}=  Redfish_Utils.Get Member List
418    ...  /redfish/v1/AccountService/Roles
419
420    @{roles}=  Create List
421    ...  /redfish/v1/AccountService/Roles/Administrator
422    ...  /redfish/v1/AccountService/Roles/Operator
423    ...  /redfish/v1/AccountService/Roles/ReadOnly
424
425    List Should Contain Sub List  ${member_list}  ${roles}
426
427    # The standard roles are:
428
429    # | Role name | Assigned privileges |
430    # | Administrator | Login, ConfigureManager, ConfigureUsers, ConfigureComponents, ConfigureSelf |
431    # | Operator | Login, ConfigureComponents, ConfigureSelf |
432    # | ReadOnly | Login, ConfigureSelf |
433
434    @{admin}=  Create List  Login  ConfigureManager  ConfigureUsers  ConfigureComponents  ConfigureSelf
435    @{operator}=  Create List  Login  ConfigureComponents  ConfigureSelf
436    @{readOnly}=  Create List  Login  ConfigureSelf
437
438    ${roles_dict}=  create dictionary  admin_privileges=${admin}  operator_privileges=${operator}
439    ...  readOnly_privileges=${readOnly}
440
441    ${resp}=  redfish.Get  /redfish/v1/AccountService/Roles/Administrator
442    List Should Contain Sub List  ${resp.dict['AssignedPrivileges']}  ${roles_dict['admin_privileges']}
443
444    ${resp}=  redfish.Get  /redfish/v1/AccountService/Roles/Operator
445    List Should Contain Sub List  ${resp.dict['AssignedPrivileges']}  ${roles_dict['operator_privileges']}
446
447    ${resp}=  redfish.Get  /redfish/v1/AccountService/Roles/ReadOnly
448    List Should Contain Sub List  ${resp.dict['AssignedPrivileges']}  ${roles_dict['readOnly_privileges']}
449
450
451Verify Error While Deleting Root User
452    [Documentation]  Verify error while deleting root user.
453    [Tags]  Verify_Error_While_Deleting_Root_User
454
455    Redfish.Delete  /redfish/v1/AccountService/Accounts/root  valid_status_codes=[${HTTP_FORBIDDEN}]
456
457
458Verify SSH Login Access With Admin User
459    [Documentation]  Verify that admin user does not have SSH login access.
460    [Tags]  Verify_SSH_Login_Access_With_Admin_User
461
462    # Create an admin User.
463    Redfish Create User  new_admin  TestPwd1  Administrator  ${True}
464
465    # Attempt SSH login with admin user.
466    SSHLibrary.Open Connection  ${OPENBMC_HOST}
467    ${status}=  Run Keyword And Return Status  SSHLibrary.Login  new_admin  TestPwd1
468    Should Be Equal  ${status}  ${False}
469
470
471*** Keywords ***
472
473Test Teardown Execution
474    [Documentation]  Do the post test teardown.
475
476    Run Keyword And Ignore Error  Redfish.Logout
477    FFDC On Test Case Fail
478
479
480Redfish Create User
481    [Documentation]  Redfish create user.
482    [Arguments]   ${username}  ${password}  ${role_id}  ${enabled}  ${login_check}=${True}
483
484    # Description of argument(s):
485    # username            The username to be created.
486    # password            The password to be assigned.
487    # role_id             The role ID of the user to be created
488    #                     (e.g. "Administrator", "Operator", etc.).
489    # enabled             Indicates whether the username being created
490    #                     should be enabled (${True}, ${False}).
491    # login_check         Checks user login for created user.
492    #                     (e.g. ${True}, ${False}).
493
494    # Make sure the user account in question does not already exist.
495    Redfish.Delete  /redfish/v1/AccountService/Accounts/${userName}
496    ...  valid_status_codes=[${HTTP_OK}, ${HTTP_NOT_FOUND}]
497
498    # Create specified user.
499    ${payload}=  Create Dictionary
500    ...  UserName=${username}  Password=${password}  RoleId=${role_id}  Enabled=${enabled}
501    Redfish.Post  /redfish/v1/AccountService/Accounts/  body=&{payload}
502    ...  valid_status_codes=[${HTTP_CREATED}]
503
504    # Resetting faillock count as a workaround for issue
505    # openbmc/phosphor-user-manager#4
506    ${cmd}=  Catenate  test -f /usr/sbin/faillock && /usr/sbin/faillock --user USER --reset
507    ...  || /usr/sbin/pam_tally2 -u ${username} --reset
508    Bmc Execute Command  ${cmd}
509
510    # Verify login with created user.
511    ${status}=  Run Keyword If  '${login_check}' == '${True}'
512    ...  Verify Redfish User Login  ${username}  ${password}
513    Run Keyword If  '${login_check}' == '${True}'  Should Be Equal  ${status}  ${enabled}
514
515    # Validate Role ID of created user.
516    ${role_config}=  Redfish_Utils.Get Attribute
517    ...  /redfish/v1/AccountService/Accounts/${username}  RoleId
518    Should Be Equal  ${role_id}  ${role_config}
519
520
521Redfish Verify User
522    [Documentation]  Redfish user verification.
523    [Arguments]   ${username}  ${password}  ${role_id}  ${enabled}
524
525    # Description of argument(s):
526    # username            The username to be created.
527    # password            The password to be assigned.
528    # role_id             The role ID of the user to be created
529    #                     (e.g. "Administrator", "Operator", etc.).
530    # enabled             Indicates whether the username being created
531    #                     should be enabled (${True}, ${False}).
532
533    ${status}=  Verify Redfish User Login  ${username}  ${password}
534    # Doing a check of the returned status.
535    Should Be Equal  ${status}  ${enabled}
536
537    # Validate Role Id of user.
538    ${role_config}=  Redfish_Utils.Get Attribute
539    ...  /redfish/v1/AccountService/Accounts/${username}  RoleId
540    Should Be Equal  ${role_id}  ${role_config}
541
542
543Verify Redfish User Login
544    [Documentation]  Verify Redfish login with given user id.
545    [Teardown]  Run Keywords  Run Keyword And Ignore Error  Redfish.Logout  AND  Redfish.Login
546    [Arguments]   ${username}  ${password}
547
548    # Description of argument(s):
549    # username            Login username.
550    # password            Login password.
551
552    # Logout from current Redfish session.
553    # We don't really care if the current session is flushed out since we are going to login
554    # with new credential in next.
555    Run Keyword And Ignore Error  Redfish.Logout
556
557    ${status}=  Run Keyword And Return Status  Redfish.Login  ${username}  ${password}
558    [Return]  ${status}
559
560
561Redfish Create And Verify User
562    [Documentation]  Redfish create and verify user.
563    [Arguments]   ${username}  ${password}  ${role_id}  ${enabled}
564
565    # Description of argument(s):
566    # username            The username to be created.
567    # password            The password to be assigned.
568    # role_id             The role ID of the user to be created
569    #                     (e.g. "Administrator", "Operator", etc.).
570    # enabled             Indicates whether the username being created
571    #                     should be enabled (${True}, ${False}).
572
573    # Example:
574    #{
575    #"@odata.context": "/redfish/v1/$metadata#ManagerAccount.ManagerAccount",
576    #"@odata.id": "/redfish/v1/AccountService/Accounts/test1",
577    #"@odata.type": "#ManagerAccount.v1_0_3.ManagerAccount",
578    #"Description": "User Account",
579    #"Enabled": true,
580    #"Id": "test1",
581    #"Links": {
582    #  "Role": {
583    #    "@odata.id": "/redfish/v1/AccountService/Roles/Administrator"
584    #  }
585    #},
586
587    Redfish Create User  ${username}  ${password}  ${role_id}  ${enabled}
588
589    Redfish Verify User  ${username}  ${password}  ${role_id}  ${enabled}
590
591    # Delete Specified User
592    Redfish.Delete  /redfish/v1/AccountService/Accounts/${username}
593
594Verify Redfish User with Wrong Password
595    [Documentation]  Verify Redfish User with Wrong Password.
596    [Arguments]   ${username}  ${password}  ${role_id}  ${enabled}  ${wrong_password}
597
598    # Description of argument(s):
599    # username            The username to be created.
600    # password            The password to be assigned.
601    # role_id             The role ID of the user to be created
602    #                     (e.g. "Administrator", "Operator", etc.).
603    # enabled             Indicates whether the username being created
604    #                     should be enabled (${True}, ${False}).
605    # wrong_password      Any invalid password.
606
607    Redfish Create User  ${username}  ${password}  ${role_id}  ${enabled}
608
609    Redfish.Logout
610
611    # Attempt to login with created user with invalid password.
612    Run Keyword And Expect Error  InvalidCredentialsError*
613    ...  Redfish.Login  ${username}  ${wrong_password}
614
615    Redfish.Login
616
617    # Delete newly created user.
618    Redfish.Delete  /redfish/v1/AccountService/Accounts/${username}
619
620
621Verify Login with Deleted Redfish User
622    [Documentation]  Verify Login with Deleted Redfish User.
623    [Arguments]   ${username}  ${password}  ${role_id}  ${enabled}
624
625    # Description of argument(s):
626    # username            The username to be created.
627    # password            The password to be assigned.
628    # role_id             The role ID of the user to be created
629    #                     (e.g. "Administrator", "Operator", etc.).
630    # enabled             Indicates whether the username being created
631    #                     should be enabled (${True}, ${False}).
632
633    Redfish Create User  ${username}  ${password}  ${role_id}  ${enabled}
634
635    # Delete newly created user.
636    Redfish.Delete  /redfish/v1/AccountService/Accounts/${userName}
637
638    Redfish.Logout
639
640    # Attempt to login with deleted user account.
641    Run Keyword And Expect Error  InvalidCredentialsError*
642    ...  Redfish.Login  ${username}  ${password}
643
644    Redfish.Login
645
646
647Verify Create User Without Enabling
648    [Documentation]  Verify Create User Without Enabling.
649    [Arguments]   ${username}  ${password}  ${role_id}  ${enabled}
650
651    # Description of argument(s):
652    # username            The username to be created.
653    # password            The password to be assigned.
654    # role_id             The role ID of the user to be created
655    #                     (e.g. "Administrator", "Operator", etc.).
656    # enabled             Indicates whether the username being created
657    #                     should be enabled (${True}, ${False}).
658
659    Redfish Create User  ${username}  ${password}  ${role_id}  ${enabled}  ${False}
660
661    Redfish.Logout
662
663    # Login with created user.
664    Run Keyword And Expect Error  InvalidCredentialsError*
665    ...  Redfish.Login  ${username}  ${password}
666
667    Redfish.Login
668
669    # Delete newly created user.
670    Redfish.Delete  /redfish/v1/AccountService/Accounts/${username}
671
672