xref: /openbmc/openbmc-test-automation/redfish/account_service/test_user_account.robot (revision 5d4b3eb34d5c71af92fd71bd5ef611578c57beaa) 
1*** Settings ***
2Documentation    Test Redfish user account.
3
4Resource         ../../lib/resource.robot
5Resource         ../../lib/bmc_redfish_resource.robot
6Resource         ../../lib/openbmc_ffdc.robot
7Resource         ../../lib/bmc_redfish_utils.robot
8
9Library          SSHLibrary
10
11Test Setup       Redfish.Login
12Test Teardown    Test Teardown Execution
13
14*** Variables ***
15
16${account_lockout_duration}   ${30}
17${account_lockout_threshold}  ${3}
18${ssh_status}                 ${True}
19
20** Test Cases **
21
22Verify AccountService Available
23    [Documentation]  Verify Redfish account service is available.
24    [Tags]  Verify_AccountService_Available
25
26    ${resp} =  Redfish_utils.Get Attribute  /redfish/v1/AccountService  ServiceEnabled
27    Should Be Equal As Strings  ${resp}  ${True}
28
29
30Verify Redfish Admin User Persistence After Reboot
31    [Documentation]  Verify Redfish admin user persistence after reboot.
32    [Tags]  Verify_Redfish_Admin_User_Persistence_After_Reboot
33    [Setup]  Run Keywords  Redfish.Login  AND
34    ...  Redfish Create User  admin_user  TestPwd123  Administrator  ${True}
35    [Teardown]  Run Keywords  Redfish.Delete  /redfish/v1/AccountService/Accounts/admin_user
36    ...  AND  Test Teardown Execution
37
38    # Reboot BMC.
39    Redfish OBMC Reboot (off)  stack_mode=normal
40
41    # Verify users after reboot.
42    Redfish Verify User  admin_user     TestPwd123  Administrator   ${True}
43
44
45Verify Redfish Operator User Persistence After Reboot
46    [Documentation]  Verify Redfish operator user persistence after reboot.
47    [Tags]  Verify_Redfish_Operator_User_Persistence_After_Reboot
48    [Setup]  Run Keywords  Redfish.Login  AND
49    ...  Redfish Create User  operator_user  TestPwd123  Operator  ${True}
50    [Teardown]  Run Keywords  Redfish.Delete  /redfish/v1/AccountService/Accounts/operator_user
51    ...  AND  Test Teardown Execution
52
53    # Reboot BMC.
54    Redfish OBMC Reboot (off)  stack_mode=normal
55
56    # Verify users after reboot.
57    Redfish Verify User  operator_user  TestPwd123  Operator        ${True}
58
59
60Verify Redfish Readonly User Persistence After Reboot
61    [Documentation]  Verify Redfish readonly user persistence after reboot.
62    [Tags]  Verify_Redfish_Readonly_User_Persistence_After_Reboot
63    [Setup]  Run Keywords  Redfish.Login  AND
64    ...  Redfish Create User  readonly_user  TestPwd123  ReadOnly  ${True}
65    [Teardown]  Run Keywords  Redfish.Delete  /redfish/v1/AccountService/Accounts/readonly_user
66    ...  AND  Test Teardown Execution
67
68    # Reboot BMC.
69    Redfish OBMC Reboot (off)  stack_mode=normal
70
71    # Verify users after reboot.
72    Redfish Verify User  readonly_user  TestPwd123  ReadOnly        ${True}
73
74
75Redfish Create and Verify Admin User
76    [Documentation]  Create a Redfish user with administrator role and verify.
77    [Tags]  Redfish_Create_and_Verify_Admin_User
78    [Template]  Redfish Create And Verify User
79
80    #username      password    role_id         enabled
81    admin_user     TestPwd123  Administrator   ${True}
82
83
84Redfish Create and Verify Operator User
85    [Documentation]  Create a Redfish user with operator role and verify.
86    [Tags]  Redfish_Create_and_Verify_Operator_User
87    [Template]  Redfish Create And Verify User
88
89    #username      password    role_id         enabled
90    operator_user  TestPwd123  Operator        ${True}
91
92
93Redfish Create and Verify Readonly User
94    [Documentation]  Create a Redfish user with readonly role and verify.
95    [Tags]  Redfish_Create_and_Verify_Readonly_User
96    [Template]  Redfish Create And Verify User
97
98    #username      password    role_id         enabled
99    readonly_user  TestPwd123  ReadOnly        ${True}
100
101
102Verify Redfish Admin User With Wrong Password
103    [Documentation]  Verify Redfish admin user with wrong password.
104    [Tags]  Verify_Redfish_Admin_User_With_Wrong_Password
105    [Template]  Verify Redfish User with Wrong Password
106
107    #username      password    role_id         enabled  wrong_password
108    admin_user     TestPwd123  Administrator   ${True}  alskjhfwurh
109
110
111Verify Redfish Operator User with Wrong Password
112    [Documentation]  Verify Redfish operator user with wrong password.
113    [Tags]  Verify_Redfish_Operator_User_with_Wrong_Password
114    [Template]  Verify Redfish User with Wrong Password
115
116    #username      password    role_id         enabled  wrong_password
117    operator_user  TestPwd123  Operator        ${True}  12j8a8uakjhdaosiruf024
118
119
120Verify Redfish Readonly User With Wrong Password
121    [Documentation]  Verify Redfish readonly user with wrong password.
122    [Tags]  Verify_Redfish_Readonly_User_With_Wrong_Password
123    [Template]  Verify Redfish User with Wrong Password
124
125    #username      password    role_id         enabled  wrong_password
126    readonly_user  TestPwd123  ReadOnly        ${True}  12
127
128
129Verify Login with Deleted Redfish Admin User
130    [Documentation]  Verify login with deleted Redfish admin user.
131    [Tags]  Verify_Login_with_Deleted_Redfish_Admin_User
132    [Template]  Verify Login with Deleted Redfish User
133
134    #username     password    role_id         enabled
135    admin_user     TestPwd123  Administrator   ${True}
136
137
138Verify Login with Deleted Redfish Operator User
139    [Documentation]  Verify login with deleted Redfish operator user.
140    [Tags]  Verify_Login_with_Deleted_Redfish_Operator_User
141    [Template]  Verify Login with Deleted Redfish User
142
143    #username     password    role_id         enabled
144    operator_user  TestPwd123  Operator        ${True}
145
146
147Verify Login with Deleted Redfish Readonly User
148    [Documentation]  Verify login with deleted Redfish readonly user.
149    [Tags]  Verify_Login_with_Deleted_Redfish_Readonly_User
150    [Template]  Verify Login with Deleted Redfish User
151
152    #username     password    role_id         enabled
153    readonly_user  TestPwd123  ReadOnly        ${True}
154
155
156Verify Admin User Creation Without Enabling It
157    [Documentation]  Verify admin user creation without enabling it.
158    [Tags]  Verify_Admin_User_Creation_Without_Enabling_It
159    [Template]  Verify Create User Without Enabling
160
161    #username      password    role_id         enabled
162    admin_user     TestPwd123  Administrator   ${False}
163
164
165Verify Operator User Creation Without Enabling It
166    [Documentation]  Verify operator user creation without enabling it.
167    [Tags]  Verify_Operator_User_Creation_Without_Enabling_It
168    [Template]  Verify Create User Without Enabling
169
170    #username      password    role_id         enabled
171    operator_user  TestPwd123  Operator        ${False}
172
173
174Verify Readonly User Creation Without Enabling It
175    [Documentation]  Verify readonly user creation without enabling it.
176    [Tags]  Verify_Readonly_User_Creation_Without_Enabling_It
177    [Template]  Verify Create User Without Enabling
178
179    #username      password    role_id         enabled
180    readonly_user  TestPwd123  ReadOnly        ${False}
181
182
183Verify User Creation With Invalid Role Id
184    [Documentation]  Verify user creation with invalid role ID.
185    [Tags]  Verify_User_Creation_With_Invalid_Role_Id
186
187    # Make sure the user account in question does not already exist.
188    Redfish.Delete  /redfish/v1/AccountService/Accounts/test_user
189    ...  valid_status_codes=[${HTTP_OK}, ${HTTP_NOT_FOUND}]
190
191    # Create specified user.
192    ${payload}=  Create Dictionary
193    ...  UserName=test_user  Password=TestPwd123  RoleId=wrongroleid  Enabled=${True}
194    Redfish.Post  /redfish/v1/AccountService/Accounts/  body=&{payload}
195    ...  valid_status_codes=[${HTTP_BAD_REQUEST}]
196
197Verify Error Upon Creating Same Users With Different Privileges
198    [Documentation]  Verify error upon creating same users with different privileges.
199    [Tags]  Verify_Error_Upon_Creating_Same_Users_With_Different_Privileges
200
201    Redfish Create User  test_user  TestPwd123  Administrator  ${True}
202
203    # Create specified user.
204    ${payload}=  Create Dictionary
205    ...  UserName=test_user  Password=TestPwd123  RoleId=ReadOnly  Enabled=${True}
206    Redfish.Post  /redfish/v1/AccountService/Accounts/  body=&{payload}
207    ...  valid_status_codes=[${HTTP_BAD_REQUEST}]
208
209    Redfish.Delete  /redfish/v1/AccountService/Accounts/test_user
210
211
212Verify Modifying User Attributes
213    [Documentation]  Verify modifying user attributes.
214    [Tags]  Verify_Modifying_User_Attributes
215
216    # Create Redfish users.
217    Redfish Create User  admin_user     TestPwd123  Administrator   ${True}
218    Redfish Create User  readonly_user  TestPwd123  ReadOnly        ${True}
219
220    # Make sure the new user account does not already exist.
221    Redfish.Delete  /redfish/v1/AccountService/Accounts/newadmin_user
222    ...  valid_status_codes=[${HTTP_OK}, ${HTTP_NOT_FOUND}]
223
224    # Update admin_user username using Redfish.
225    ${payload}=  Create Dictionary  UserName=newadmin_user
226    Redfish.Patch  /redfish/v1/AccountService/Accounts/admin_user  body=&{payload}
227    ...  valid_status_codes=[${HTTP_OK}, ${HTTP_NO_CONTENT}]
228
229    # Update readonly_user role using Redfish.
230    ${payload}=  Create Dictionary  RoleId=Administrator
231    Redfish.Patch  /redfish/v1/AccountService/Accounts/readonly_user  body=&{payload}
232    ...  valid_status_codes=[${HTTP_OK}, ${HTTP_NO_CONTENT}]
233
234    # Verify users after updating
235    Redfish Verify User  newadmin_user  TestPwd123     Administrator   ${True}
236    Redfish Verify User  readonly_user  TestPwd123     Administrator   ${True}
237
238    # Delete created users.
239    Redfish.Delete  /redfish/v1/AccountService/Accounts/newadmin_user
240    Redfish.Delete  /redfish/v1/AccountService/Accounts/readonly_user
241
242
243Verify Modifying Operator User Attributes
244    [Documentation]  Verify modifying operator user attributes.
245    [Tags]  Verify_Modifying_Operator_User_Attributes
246    [Setup]  Run Keywords  Redfish.Login  AND
247    ...  Redfish Create User  operator_user  TestPwd123  Operator  ${True}
248    [Teardown]  Run Keywords  Redfish.Delete  /redfish/v1/AccountService/Accounts/operator_user
249    ...  AND  Test Teardown Execution
250
251    # Update operator_user password using Redfish.
252    ${payload}=  Create Dictionary  Password=NewTestPwd123
253    Redfish.Patch  /redfish/v1/AccountService/Accounts/operator_user  body=&{payload}
254
255    # Verify users after updating
256    Redfish Verify User  operator_user  NewTestPwd123  Operator        ${True}
257
258
259Verify User Account Locked
260    [Documentation]  Verify user account locked upon trying with invalid password.
261    [Tags]  Verify_User_Account_Locked
262
263    Redfish Create User  admin_user  TestPwd123  Administrator   ${True}
264
265    ${payload}=  Create Dictionary  AccountLockoutThreshold=${account_lockout_threshold}
266    ...  AccountLockoutDuration=${account_lockout_duration}
267    Redfish.Patch  ${REDFISH_ACCOUNTS_SERVICE_URI}  body=${payload}
268    ...  valid_status_codes=[${HTTP_OK}, ${HTTP_NO_CONTENT}]
269
270    Redfish.Logout
271
272    # Make ${account_lockout_threshold} failed login attempts.
273    Repeat Keyword  ${account_lockout_threshold} times
274    ...  Run Keyword And Expect Error  *InvalidCredentialsError*  Redfish.Login  admin_user  abcd1234
275
276    # Verify that legitimate login fails due to lockout.
277    Run Keyword And Expect Error  *InvalidCredentialsError*
278    ...  Redfish.Login  admin_user  TestPwd123
279
280    # Wait for lockout duration to expire and adding 5 sec delay to the account lock timeout
281    # ... then verify that login works.
282    ${total_wait_duartion}=  Evaluate  ${account_lockout_duration} + 5
283    Sleep  ${total_wait_duartion}s
284
285    Redfish.Login  admin_user  TestPwd123
286
287    Redfish.Logout
288
289    Redfish.Login
290
291    Redfish.Delete  /redfish/v1/AccountService/Accounts/admin_user
292
293
294Verify User Account Unlock
295    [Documentation]  Verify manually unlocking the account before lockout time
296    [Tags]  Verify_User_Account_Unlock
297    [Teardown]  Run Keywords  Redfish.Logout
298    ...  AND  Redfish.Login
299    ...  AND  Redfish.Delete  /redfish/v1/AccountService/Accounts/test_user
300    ...  AND  SSHLibrary.Close All Connections
301
302    Redfish Create User  test_user  TestPwd123  Administrator  ${True}
303
304    ${payload}=  Create Dictionary
305    ...  AccountLockoutThreshold=${account_lockout_threshold}
306    ...  AccountLockoutDuration=${account_lockout_duration}
307    Redfish.Patch  ${REDFISH_ACCOUNTS_SERVICE_URI}  body=${payload}
308
309    Redfish.Logout
310
311    # Make ${account_lockout_threshold} failed login attempts.
312    Repeat Keyword  ${account_lockout_threshold} times
313    ...  Run Keyword And Expect Error  InvalidCredentialsError*
314    ...  Redfish.Login  test_user  abc123
315
316    # Ensure SSH Login with locked account gets failed
317    SSHLibrary.Open Connection  ${OPENBMC_HOST}
318    Run Keyword And Expect Error  Authentication failed*
319    ...  SSHLibrary.Login  test_user  TestPwd123
320
321    # Verify that legitimate login fails due to lockout.
322    Run Keyword And Expect Error  InvalidCredentialsError*
323    ...  Redfish.Login  test_user  TestPwd123
324
325    ${payload}=  Create Dictionary  Locked=${FALSE}
326
327    # Manually unlock the account before lockout threshold expires
328    Redfish.Login
329    Redfish.Patch  ${REDFISH_ACCOUNTS_URI}test_user  body=${payload}
330    Redfish.Logout
331
332    # Try redfish login with the recently unlocked account
333    Redfish.Login  test_user  TestPwd123
334
335    # Try SSH login with the unlocked account
336    SSHLibrary.Open Connection  ${OPENBMC_HOST}
337    SSHLibrary.Login  test_user  TestPwd123
338
339
340Verify Admin User Privilege
341    [Documentation]  Verify admin user privilege.
342    [Tags]  Verify_Admin_User_Privilege
343
344    Redfish Create User  admin_user  TestPwd123  Administrator  ${True}
345    Redfish Create User  readonly_user  TestPwd123  ReadOnly  ${True}
346
347    Redfish.Logout
348
349    Redfish.Login  admin_user  TestPwd123
350
351    # Change password of 'readonly' user with admin user.
352    Redfish.Patch  /redfish/v1/AccountService/Accounts/readonly_user  body={'Password': 'NewTestPwd123'}
353
354    # Verify modified user.
355    Redfish Verify User  readonly_user  NewTestPwd123  ReadOnly  ${True}
356
357    # Note: Delete user would work here because a root login is
358    # performed as part of "Redfish Verify User" keyword's teardown.
359    Redfish.Delete  /redfish/v1/AccountService/Accounts/admin_user
360    Redfish.Delete  /redfish/v1/AccountService/Accounts/readonly_user
361
362
363Verify Operator User Role Change Using Admin Privilege User
364    [Documentation]  Verify operator user role change using admin privilege user
365    [Tags]  Verify_Operator_User_Role_Change_Using_Admin_Privilege_User
366
367    Redfish Create User  admin_user  TestPwd123  Administrator  ${True}
368    Redfish Create User  operator_user  TestPwd123  Operator  ${True}
369
370    Redfish.Logout
371
372    # Change role ID of operator user with admin user.
373    # Login with admin user.
374    Redfish.Login  admin_user  TestPwd123
375
376    # Modify Role ID of Operator user.
377    Redfish.Patch  /redfish/v1/AccountService/Accounts/operator_user  body={'RoleId': 'Administrator'}
378
379    # Verify modified user.
380    Redfish Verify User  operator_user  TestPwd123  Administrator  ${True}
381
382    Redfish.Delete  /redfish/v1/AccountService/Accounts/admin_user
383    Redfish.Delete  /redfish/v1/AccountService/Accounts/operator_user
384
385
386Verify Operator User Privilege
387    [Documentation]  Verify operator user privilege.
388    [Tags]  Verify_Operator_User_Privilege
389
390    Redfish Create User  admin_user  TestPwd123  Administrator  ${True}
391    Redfish Create User  operator_user  TestPwd123  Operator  ${True}
392
393    Redfish.Logout
394    # Login with operator user.
395    Redfish.Login  operator_user  TestPwd123
396
397    # Verify BMC reset.
398    Run Keyword And Expect Error  ValueError*  Redfish BMC Reset Operation
399
400    # Attempt to change password of admin user with operator user.
401    Redfish.Patch  /redfish/v1/AccountService/Accounts/admin_user  body={'Password': 'NewTestPwd123'}
402    ...  valid_status_codes=[${HTTP_FORBIDDEN}]
403
404    Redfish.Logout
405
406    Redfish.Login
407
408    Redfish.Delete  /redfish/v1/AccountService/Accounts/admin_user
409    Redfish.Delete  /redfish/v1/AccountService/Accounts/operator_user
410
411
412Verify ReadOnly User Privilege
413    [Documentation]  Verify ReadOnly user privilege.
414    [Tags]  Verify_ReadOnly_User_Privilege
415
416    Redfish Create User  readonly_user  TestPwd123  ReadOnly  ${True}
417    Redfish.Logout
418
419    # Login with read_only user.
420    Redfish.Login  readonly_user  TestPwd123
421
422    # Read system level data.
423    ${system_model}=  Redfish_Utils.Get Attribute
424    ...  ${SYSTEM_BASE_URI}  Model
425
426    Redfish.Logout
427    Redfish.Login
428    Redfish.Delete  ${REDFISH_ACCOUNTS_URI}readonly_user
429
430
431Verify Minimum Password Length For Redfish User
432    [Documentation]  Verify minimum password length for new and existing user.
433    [Tags]  Verify_Minimum_Password_Length_For_Redfish_User
434
435    ${user_name}=  Set Variable  testUser
436
437    # Make sure the user account in question does not already exist.
438    Redfish.Delete  /redfish/v1/AccountService/Accounts/${user_name}
439    ...  valid_status_codes=[${HTTP_OK}, ${HTTP_NOT_FOUND}]
440
441    # Try to create a user with invalid length password.
442    ${payload}=  Create Dictionary
443    ...  UserName=${user_name}  Password=UserPwd  RoleId=Administrator  Enabled=${True}
444    Redfish.Post  /redfish/v1/AccountService/Accounts/  body=&{payload}
445    ...  valid_status_codes=[${HTTP_BAD_REQUEST}]
446
447    # Create specified user with valid length password.
448    Set To Dictionary  ${payload}  Password  UserPwd1
449    Redfish.Post  /redfish/v1/AccountService/Accounts/  body=&{payload}
450    ...  valid_status_codes=[${HTTP_CREATED}]
451
452    # Try to change to an invalid password.
453    Redfish.Patch  /redfish/v1/AccountService/Accounts/${user_name}  body={'Password': 'UserPwd'}
454    ...  valid_status_codes=[${HTTP_BAD_REQUEST}]
455
456    # Change to a valid password.
457    Redfish.Patch  /redfish/v1/AccountService/Accounts/${user_name}  body={'Password': 'UserPwd1'}
458
459    # Verify login.
460    Redfish.Logout
461    Redfish.Login  ${user_name}  UserPwd1
462    Redfish.Logout
463    Redfish.Login
464    Redfish.Delete  /redfish/v1/AccountService/Accounts/${user_name}
465
466
467Verify Standard User Roles Defined By Redfish
468    [Documentation]  Verify standard user roles defined by Redfish.
469    [Tags]  Verify_Standard_User_Roles_Defined_By_Redfish
470
471    ${member_list}=  Redfish_Utils.Get Member List
472    ...  /redfish/v1/AccountService/Roles
473
474    @{roles}=  Create List
475    ...  /redfish/v1/AccountService/Roles/Administrator
476    ...  /redfish/v1/AccountService/Roles/Operator
477    ...  /redfish/v1/AccountService/Roles/ReadOnly
478
479    List Should Contain Sub List  ${member_list}  ${roles}
480
481    # The standard roles are:
482
483    # | Role name | Assigned privileges |
484    # | Administrator | Login, ConfigureManager, ConfigureUsers, ConfigureComponents, ConfigureSelf |
485    # | Operator | Login, ConfigureComponents, ConfigureSelf |
486    # | ReadOnly | Login, ConfigureSelf |
487
488    @{admin}=  Create List  Login  ConfigureManager  ConfigureUsers  ConfigureComponents  ConfigureSelf
489    @{operator}=  Create List  Login  ConfigureComponents  ConfigureSelf
490    @{readOnly}=  Create List  Login  ConfigureSelf
491
492    ${roles_dict}=  create dictionary  admin_privileges=${admin}  operator_privileges=${operator}
493    ...  readOnly_privileges=${readOnly}
494
495    ${resp}=  redfish.Get  /redfish/v1/AccountService/Roles/Administrator
496    List Should Contain Sub List  ${resp.dict['AssignedPrivileges']}  ${roles_dict['admin_privileges']}
497
498    ${resp}=  redfish.Get  /redfish/v1/AccountService/Roles/Operator
499    List Should Contain Sub List  ${resp.dict['AssignedPrivileges']}  ${roles_dict['operator_privileges']}
500
501    ${resp}=  redfish.Get  /redfish/v1/AccountService/Roles/ReadOnly
502    List Should Contain Sub List  ${resp.dict['AssignedPrivileges']}  ${roles_dict['readOnly_privileges']}
503
504
505Verify Error While Deleting Root User
506    [Documentation]  Verify error while deleting root user.
507    [Tags]  Verify_Error_While_Deleting_Root_User
508
509    Redfish.Delete  /redfish/v1/AccountService/Accounts/root  valid_status_codes=[${HTTP_FORBIDDEN}]
510
511
512Verify SSH Login Access With Admin User
513    [Documentation]  Verify that admin user have SSH login access.
514    ...              By default, admin should have access but there could be
515    ...              case where admin user shell access is restricted by design
516    ...              in the community sphere..
517    [Tags]  Verify_SSH_Login_Access_With_Admin_User
518
519    # Create an admin User.
520    Redfish Create User  new_admin  TestPwd1  Administrator  ${True}
521
522    # Attempt SSH login with admin user.
523    SSHLibrary.Open Connection  ${OPENBMC_HOST}
524    ${status}=  Run Keyword And Return Status  SSHLibrary.Login  new_admin  TestPwd1
525
526    # By default ssh_status is True, user can change the status via CLI
527    # -v ssh_status:False
528    Should Be Equal As Strings  "${status}"  "${ssh_status}"
529
530    Redfish.Login
531    Redfish.Delete  /redfish/v1/AccountService/Accounts/new_admin
532
533
534Verify Configure BasicAuth Enable And Disable
535    [Documentation]  Verify configure basicauth enable and disable
536    [Tags]  Verify_Configure_BasicAuth_Enable_And_Disable
537    [Template]  Template For Configure Auth Methods
538
539    # auth_method
540    BasicAuth
541    XToken
542
543*** Keywords ***
544
545Test Teardown Execution
546    [Documentation]  Do the post test teardown.
547
548    Run Keyword And Ignore Error  Redfish.Logout
549    FFDC On Test Case Fail
550
551
552Redfish Create User
553    [Documentation]  Redfish create user.
554    [Arguments]   ${username}  ${password}  ${role_id}  ${enabled}  ${login_check}=${True}
555
556    # Description of argument(s):
557    # username            The username to be created.
558    # password            The password to be assigned.
559    # role_id             The role ID of the user to be created
560    #                     (e.g. "Administrator", "Operator", etc.).
561    # enabled             Indicates whether the username being created
562    #                     should be enabled (${True}, ${False}).
563    # login_check         Checks user login for created user.
564    #                     (e.g. ${True}, ${False}).
565
566    # Make sure the user account in question does not already exist.
567    Redfish.Delete  /redfish/v1/AccountService/Accounts/${userName}
568    ...  valid_status_codes=[${HTTP_OK}, ${HTTP_NOT_FOUND}]
569
570    # Create specified user.
571    ${payload}=  Create Dictionary
572    ...  UserName=${username}  Password=${password}  RoleId=${role_id}  Enabled=${enabled}
573    Redfish.Post  /redfish/v1/AccountService/Accounts/  body=&{payload}
574    ...  valid_status_codes=[${HTTP_CREATED}]
575
576    # Resetting faillock count as a workaround for issue
577    # openbmc/phosphor-user-manager#4
578    ${cmd}=  Catenate  /usr/sbin/faillock --user ${username} --reset
579
580    Bmc Execute Command  ${cmd}
581
582    # Verify login with created user.
583    IF  '${login_check}' == '${True}'
584        ${status}=  Run Keyword And Return Status
585        ...  Verify Redfish User Login  ${username}  ${password}
586    ELSE
587        ${status}=  Set Variable  ${False}
588    END
589
590    IF  '${login_check}' == '${True}'  Should Be Equal  ${status}  ${enabled}
591
592    # Validate Role ID of created user.
593    ${role_config}=  Redfish_Utils.Get Attribute
594    ...  /redfish/v1/AccountService/Accounts/${username}  RoleId
595    Should Be Equal  ${role_id}  ${role_config}
596
597
598Redfish Verify User
599    [Documentation]  Redfish user verification.
600    [Arguments]   ${username}  ${password}  ${role_id}  ${enabled}
601
602    # Description of argument(s):
603    # username            The username to be created.
604    # password            The password to be assigned.
605    # role_id             The role ID of the user to be created
606    #                     (e.g. "Administrator", "Operator", etc.).
607    # enabled             Indicates whether the username being created
608    #                     should be enabled (${True}, ${False}).
609
610    ${status}=  Verify Redfish User Login  ${username}  ${password}
611    # Doing a check of the returned status.
612    Should Be Equal  ${status}  ${enabled}
613
614    # Validate Role Id of user.
615    ${role_config}=  Redfish_Utils.Get Attribute
616    ...  /redfish/v1/AccountService/Accounts/${username}  RoleId
617    Should Be Equal  ${role_id}  ${role_config}
618
619
620Verify Redfish User Login
621    [Documentation]  Verify Redfish login with given user id.
622    [Teardown]  Run Keywords  Run Keyword And Ignore Error  Redfish.Logout  AND  Redfish.Login
623    [Arguments]   ${username}  ${password}
624
625    # Description of argument(s):
626    # username            Login username.
627    # password            Login password.
628
629    # Logout from current Redfish session.
630    # We don't really care if the current session is flushed out since we are going to login
631    # with new credential in next.
632    Run Keyword And Ignore Error  Redfish.Logout
633
634    ${status}=  Run Keyword And Return Status  Redfish.Login  ${username}  ${password}
635    RETURN  ${status}
636
637
638Redfish Create And Verify User
639    [Documentation]  Redfish create and verify user.
640    [Arguments]   ${username}  ${password}  ${role_id}  ${enabled}
641
642    # Description of argument(s):
643    # username            The username to be created.
644    # password            The password to be assigned.
645    # role_id             The role ID of the user to be created
646    #                     (e.g. "Administrator", "Operator", etc.).
647    # enabled             Indicates whether the username being created
648    #                     should be enabled (${True}, ${False}).
649
650    # Example:
651    #{
652    #"@odata.context": "/redfish/v1/$metadata#ManagerAccount.ManagerAccount",
653    #"@odata.id": "/redfish/v1/AccountService/Accounts/test1",
654    #"@odata.type": "#ManagerAccount.v1_0_3.ManagerAccount",
655    #"Description": "User Account",
656    #"Enabled": true,
657    #"Id": "test1",
658    #"Links": {
659    #  "Role": {
660    #    "@odata.id": "/redfish/v1/AccountService/Roles/Administrator"
661    #  }
662    #},
663
664    Redfish Create User  ${username}  ${password}  ${role_id}  ${enabled}
665
666    Redfish Verify User  ${username}  ${password}  ${role_id}  ${enabled}
667
668    # Delete Specified User
669    Redfish.Delete  /redfish/v1/AccountService/Accounts/${username}
670
671Verify Redfish User with Wrong Password
672    [Documentation]  Verify Redfish User with Wrong Password.
673    [Arguments]   ${username}  ${password}  ${role_id}  ${enabled}  ${wrong_password}
674
675    # Description of argument(s):
676    # username            The username to be created.
677    # password            The password to be assigned.
678    # role_id             The role ID of the user to be created
679    #                     (e.g. "Administrator", "Operator", etc.).
680    # enabled             Indicates whether the username being created
681    #                     should be enabled (${True}, ${False}).
682    # wrong_password      Any invalid password.
683
684    Redfish Create User  ${username}  ${password}  ${role_id}  ${enabled}
685
686    Redfish.Logout
687
688    # Attempt to login with created user with invalid password.
689    Run Keyword And Expect Error  InvalidCredentialsError*
690    ...  Redfish.Login  ${username}  ${wrong_password}
691
692    Redfish.Login
693
694    # Delete newly created user.
695    Redfish.Delete  /redfish/v1/AccountService/Accounts/${username}
696
697
698Verify Login with Deleted Redfish User
699    [Documentation]  Verify Login with Deleted Redfish User.
700    [Arguments]   ${username}  ${password}  ${role_id}  ${enabled}
701
702    # Description of argument(s):
703    # username            The username to be created.
704    # password            The password to be assigned.
705    # role_id             The role ID of the user to be created
706    #                     (e.g. "Administrator", "Operator", etc.).
707    # enabled             Indicates whether the username being created
708    #                     should be enabled (${True}, ${False}).
709
710    Redfish Create User  ${username}  ${password}  ${role_id}  ${enabled}
711
712    # Delete newly created user.
713    Redfish.Delete  /redfish/v1/AccountService/Accounts/${userName}
714
715    Redfish.Logout
716
717    # Attempt to login with deleted user account.
718    Run Keyword And Expect Error  InvalidCredentialsError*
719    ...  Redfish.Login  ${username}  ${password}
720
721    Redfish.Login
722
723
724Verify Create User Without Enabling
725    [Documentation]  Verify Create User Without Enabling.
726    [Arguments]   ${username}  ${password}  ${role_id}  ${enabled}
727
728    # Description of argument(s):
729    # username            The username to be created.
730    # password            The password to be assigned.
731    # role_id             The role ID of the user to be created
732    #                     (e.g. "Administrator", "Operator", etc.).
733    # enabled             Indicates whether the username being created
734    #                     should be enabled (${True}, ${False}).
735
736    Redfish Create User  ${username}  ${password}  ${role_id}  ${enabled}  ${False}
737
738    Redfish.Logout
739
740    # Login with created user.
741    Run Keyword And Expect Error  InvalidCredentialsError*
742    ...  Redfish.Login  ${username}  ${password}
743
744    Redfish.Login
745
746    # Delete newly created user.
747    Redfish.Delete  /redfish/v1/AccountService/Accounts/${username}
748
749Template For Configure Auth Methods
750    [Documentation]  Template to configure auth methods.
751    [Arguments]  ${auth_method}
752    [Teardown]  Configure AuthMethods  ${auth_method}=${initial_value}
753
754    # Description of Argument(s):
755    # authmethods   The authmethod setting which needs to be
756    #               set in account service URI.
757    # valid values  BasicAuth, XToken.
758
759    Get AuthMethods Default Values  ${auth_method}
760
761    # Patch basicauth to TRUE
762    Configure AuthMethods  ${auth_method}=${TRUE}
763
764    IF  "${auth_method}" == "XToken"
765        Check XToken Works Fine  ${HTTP_OK}
766    ELSE
767        Check BasicAuth Works Fine  ${HTTP_OK}
768    END
769
770    # Patch basicauth to FALSE
771    Configure AuthMethods  ${auth_method}=${FALSE}
772
773    IF  "${auth_method}" == "BasicAuth"
774        Check BasicAuth Works Fine  ${HTTP_UNAUTHORIZED}
775    ELSE
776        Check XToken Works Fine  ${HTTP_UNAUTHORIZED}
777    END
778
779Configure AuthMethods
780    [Documentation]  Enable/disable authmethod types.
781    [Arguments]  &{authmethods}
782
783    # Description of argument(s):
784    # authmethods            The authmethod setting which needs to be
785    #                        set in account service URI.
786    # Usage Example          Configure AuthMethods  XToken=${TRUE}  BasicAuth=${TRUE}
787    #                        This will set the value of "XToken" and "BasicAuth"
788    #                        property in accountservice uri to TRUE.
789
790    ${openbmc}=  Create Dictionary  AuthMethods=${authmethods}
791    ${oem}=  Create Dictionary  OpenBMC=${openbmc}
792    ${payload}=  Create Dictionary  Oem=${oem}
793
794    # Setting authmethod properties using Redfish session based auth
795    ${status}=  Run Keyword And Return Status
796    ...  Redfish.Patch  ${REDFISH_BASE_URI}AccountService
797    ...  body=${payload}  valid_status_codes=[${HTTP_OK},${HTTP_NO_CONTENT}]
798
799    # Setting authmethod properties using basic auth in case the former fails
800    IF  ${status}==${FALSE}
801        # Payload dictionary pre-process to match json formatting
802        ${payload}=  Convert To String  ${payload}
803        ${payload}=  Replace String  ${payload}  '  "
804        ${payload}=  Replace String  ${payload}  False  false
805        ${payload}=  Replace String  ${payload}  True  true
806
807        # Curl Command Framing for PATCH authmethod
808        ${cmd}=  Catenate  curl -k -i -u ${OPENBMC_USERNAME}:${OPENBMC_PASSWORD}
809        ...  -X PATCH '${AUTH_URI}${REDFISH_ACCOUNTS_SERVICE_URI}'
810        ...  -H 'content-type:application/json' -H 'If-Match:*'
811        ...  -d '${payload}'
812        ${rc}  ${out}=  Run And Return Rc And Output  ${cmd}
813
814        #  Check the response of curl command is 200 or 204
815        ${check_no_content}=
816        ...  Run Keyword and Return Status  Should Contain  ${out}  204
817        ${check_ok}=
818        ...  Run Keyword and Return Status  Should Contain  ${out}  200
819        Pass Execution If  ${check_no_content}==${TRUE}
820        ...  OR  ${check_ok}==${TRUE}
821    END
822
823
824Get AuthMethods Default Values
825    [Documentation]  Get enabled/disabled status of all authmethods
826    ...  from Redfish account service URI
827    [Arguments]  ${authmethod}
828
829    # Description of argument(s):
830    # authmethod            The authmethod property whose value needs to be
831    #                       retrieved from account service URI.
832    # Usage Example         Get AuthMethods Default Values  BasicAuth
833    #                       returns >> ${TRUE}
834    # Example:
835    # {
836    #     "@odata.id": "/redfish/v1/AccountService",
837    #     (...)
838    #     "Oem": {
839    #         "OpenBMC": {
840    #             "AuthMethods": {
841    #                 "BasicAuth": true,
842    #                 "Cookie": true,
843    #                 "SessionToken": true,
844    #                 "TLS": true,
845    #                 "XToken": true
846    #             }
847    #         }
848    #     }
849    # }
850
851    ${resp}=  Redfish.Get Attribute  ${REDFISH_ACCOUNTS_SERVICE_URI}  Oem
852    ${authmethods}=  Set Variable  ${resp['OpenBMC']['AuthMethods']}
853    ${initial_value}=  Get From Dictionary  ${authmethods}  ${authmethod}
854    Set Test Variable  ${initial_value}
855
856Check XToken Works Fine
857    [Documentation]  Verify Xtoken works fine.
858    [Arguments]  ${status_code}
859
860    # Description of Argument(s):
861    # status_code : 200, 401.
862
863    # Verify xtoken auth works for xtoken
864    Redfish.Get  ${REDFISH_ACCOUNTS_SERVICE_URI}
865    ...  valid_status_codes=[${status_code}]
866
867Check BasicAuth Works Fine
868    [Documentation]  Verify Basic Auth works fine.
869    [Arguments]  ${status_code}
870
871    # Description of Argument(s):
872    # status_code : 200, 401.
873
874    # Verify basic auth works based on basic auth.
875    ${cmd}=  Catenate  curl -k -i -u ${OPENBMC_USERNAME}:${OPENBMC_PASSWORD}
876    ...  ${AUTH_URI}/redfish/v1/AccountService
877    ${rc}  ${out}=  Run And Return Rc And Output  ${cmd}
878
879    #  Check the response of curl command is 200/401
880    Should Contain  ${out}  ${status_code}
881