xref: /openbmc/openbmc-test-automation/redfish/account_service/test_user_account.robot (revision 68fc419d84d0564c86cd6bb0278f9420680f07bf) 
1*** Settings ***
2Documentation    Test suite for verifying Redfish admin, readonly operation user accounts.
3
4Resource         ../../lib/resource.robot
5Resource         ../../lib/bmc_redfish_resource.robot
6Resource         ../../lib/openbmc_ffdc.robot
7Resource         ../../lib/bmc_redfish_utils.robot
8
9Library          SSHLibrary
10
11Test Setup       Redfish.Login
12Test Teardown    Test Teardown Execution
13
14Test Tags        User_Account
15
16*** Variables ***
17
18${account_lockout_duration}   ${30}
19${account_lockout_threshold}  ${3}
20${ssh_status}                 ${True}
21
22*** Test Cases ***
23
24Verify AccountService Available
25    [Documentation]  Verify Redfish account service is available.
26    [Tags]  Verify_AccountService_Available
27
28    ${resp} =  Redfish_utils.Get Attribute  /redfish/v1/AccountService  ServiceEnabled
29    Should Be Equal As Strings  ${resp}  ${True}
30
31
32Verify Redfish Admin And ReadOnly Users Persistence After Reboot
33    [Documentation]  Verify Redfish admin user persistence after reboot.
34    [Tags]  Verify_Redfish_Admin_And_ReadOnly_Users_Persistence_After_Reboot
35    [Setup]  Run Keywords  Redfish.Login  AND
36    ...  Redfish Create User  admin_user  TestPwd123  Administrator  ${True}
37    ...  AND  Redfish Create User  readonly_user  TestPwd123  ReadOnly  ${True}
38    [Teardown]  Run Keywords  Redfish.Delete  /redfish/v1/AccountService/Accounts/admin_user
39    ...  AND  Redfish.Delete  /redfish/v1/AccountService/Accounts/readonly_user
40    ...  AND  Test Teardown Execution
41
42    # Reboot BMC.
43    Redfish OBMC Reboot (off)  stack_mode=normal
44
45    # Verify users after reboot.
46    Redfish Verify User  admin_user     TestPwd123  Administrator   ${True}
47    Redfish Verify User  readonly_user  TestPwd123  ReadOnly        ${True}
48
49
50Verify Redfish Operator User Persistence After Reboot
51    [Documentation]  Verify Redfish operator user persistence after reboot.
52    [Tags]  Verify_Redfish_Operator_User_Persistence_After_Reboot
53    [Setup]  Run Keywords  Redfish.Login  AND
54    ...  Redfish Create User  operator_user  TestPwd123  Operator  ${True}
55    [Teardown]  Run Keywords  Redfish.Delete  /redfish/v1/AccountService/Accounts/operator_user
56    ...  AND  Test Teardown Execution
57
58    # Reboot BMC.
59    Redfish OBMC Reboot (off)  stack_mode=normal
60
61    # Verify users after reboot.
62     Redfish Verify User  operator_user  TestPwd123  Operator        ${True}
63
64
65Redfish Create and Verify Admin User
66    [Documentation]  Create a Redfish user with administrator role and verify.
67    [Tags]  Redfish_Create_and_Verify_Admin_User
68    [Template]  Redfish Create And Verify User
69
70    #username      password    role_id         enabled
71    admin_user     TestPwd123  Administrator   ${True}
72
73
74Redfish Create and Verify Operator User
75    [Documentation]  Create a Redfish user with operator role and verify.
76    [Tags]  Redfish_Create_and_Verify_Operator_User
77    [Template]  Redfish Create And Verify User
78
79    #username      password    role_id         enabled
80    operator_user  TestPwd123  Operator        ${True}
81
82
83Redfish Create and Verify Readonly User
84    [Documentation]  Create a Redfish user with readonly role and verify.
85    [Tags]  Redfish_Create_and_Verify_Readonly_User
86    [Template]  Redfish Create And Verify User
87
88    #username      password    role_id         enabled
89    readonly_user  TestPwd123  ReadOnly        ${True}
90
91
92Verify Redfish Admin User Login With Wrong Password
93    [Documentation]  Verify Redfish create admin user with valid password and make sure
94    ...  admin user failed to login with wrong password.
95    [Tags]  Verify_Redfish_Admin_User_Login_With_Wrong_Password
96    [Template]  Verify Redfish User Login With Wrong Password
97
98    #username      password    role_id         enabled  wrong_password
99    admin_user     TestPwd123  Administrator   ${True}  alskjhfwurh
100
101
102Verify Redfish Operator User Login With Wrong Password
103    [Documentation]  Verify Redfish create operator user with valid password and make sure
104    ...  operator user failed to login with wrong password.
105    [Tags]  Verify_Redfish_Operator_User_Login_With_Wrong_Password
106    [Template]  Verify Redfish User Login With Wrong Password
107
108    #username      password    role_id         enabled  wrong_password
109    operator_user  TestPwd123  Operator        ${True}  12j8a8uakjhdaosiruf024
110
111
112Verify Redfish Readonly User Login With Wrong Password
113    [Documentation]  Verify Redfish create readonly user with valid password and make sure
114    ...  readonly user failed to login with wrong password.
115    [Tags]  Verify_Redfish_Readonly_User_Login_With_Wrong_Password
116    [Template]  Verify Redfish User Login With Wrong Password
117
118    #username      password    role_id         enabled  wrong_password
119    readonly_user  TestPwd123  ReadOnly        ${True}  12
120
121
122Verify Login with Deleted Redfish Admin User
123    [Documentation]  Verify login with deleted Redfish admin user.
124    [Tags]  Verify_Login_with_Deleted_Redfish_Admin_User
125    [Template]  Verify Login with Deleted Redfish User
126
127    #username     password    role_id         enabled
128    admin_user     TestPwd123  Administrator   ${True}
129
130
131Verify Login with Deleted Redfish Operator User
132    [Documentation]  Verify login with deleted Redfish operator user.
133    [Tags]  Verify_Login_with_Deleted_Redfish_Operator_User
134    [Template]  Verify Login with Deleted Redfish User
135
136    #username     password    role_id         enabled
137    operator_user  TestPwd123  Operator        ${True}
138
139
140Verify Login with Deleted Redfish Readonly User
141    [Documentation]  Verify login with deleted Redfish readonly user.
142    [Tags]  Verify_Login_with_Deleted_Redfish_Readonly_User
143    [Template]  Verify Login with Deleted Redfish User
144
145    #username     password    role_id         enabled
146    readonly_user  TestPwd123  ReadOnly        ${True}
147
148
149Verify Admin User Creation Without Enabling It
150    [Documentation]  Verify admin user creation without enabling it.
151    [Tags]  Verify_Admin_User_Creation_Without_Enabling_It
152    [Template]  Verify Create User Without Enabling
153
154    #username      password    role_id         enabled
155    admin_user     TestPwd123  Administrator   ${False}
156
157
158Verify Operator User Creation Without Enabling It
159    [Documentation]  Verify operator user creation without enabling it.
160    [Tags]  Verify_Operator_User_Creation_Without_Enabling_It
161    [Template]  Verify Create User Without Enabling
162
163    #username      password    role_id         enabled
164    operator_user  TestPwd123  Operator        ${False}
165
166
167Verify Readonly User Creation Without Enabling It
168    [Documentation]  Verify readonly user creation without enabling it.
169    [Tags]  Verify_Readonly_User_Creation_Without_Enabling_It
170    [Template]  Verify Create User Without Enabling
171
172    #username      password    role_id         enabled
173    readonly_user  TestPwd123  ReadOnly        ${False}
174
175
176Verify User Creation With Invalid Role Id
177    [Documentation]  Verify user creation with invalid role ID.
178    [Tags]  Verify_User_Creation_With_Invalid_Role_Id
179
180    # Make sure the user account in question does not already exist.
181    Redfish.Delete  /redfish/v1/AccountService/Accounts/test_user
182    ...  valid_status_codes=[${HTTP_OK}, ${HTTP_NOT_FOUND}]
183
184    # Create specified user.
185    ${payload}=  Create Dictionary
186    ...  UserName=test_user  Password=TestPwd123  RoleId=wrongroleid  Enabled=${True}
187    Redfish.Post  /redfish/v1/AccountService/Accounts/  body=&{payload}
188    ...  valid_status_codes=[${HTTP_BAD_REQUEST}]
189
190Verify Error Upon Creating Same Users With Different Privileges
191    [Documentation]  Verify error upon creating same users with different privileges.
192    [Tags]  Verify_Error_Upon_Creating_Same_Users_With_Different_Privileges
193
194    Redfish Create User  test_user  TestPwd123  Administrator  ${True}
195
196    # Create specified user.
197    ${payload}=  Create Dictionary
198    ...  UserName=test_user  Password=TestPwd123  RoleId=ReadOnly  Enabled=${True}
199    Redfish.Post  /redfish/v1/AccountService/Accounts/  body=&{payload}
200    ...  valid_status_codes=[${HTTP_BAD_REQUEST}]
201
202    Redfish.Delete  /redfish/v1/AccountService/Accounts/test_user
203
204
205Verify Modifying User Attributes
206    [Documentation]  Verify modifying user attributes.
207    [Tags]  Verify_Modifying_User_Attributes
208
209    # Create Redfish users.
210    Redfish Create User  admin_user     TestPwd123  Administrator   ${True}
211    Redfish Create User  readonly_user  TestPwd123  ReadOnly        ${True}
212
213    # Make sure the new user account does not already exist.
214    Redfish.Delete  /redfish/v1/AccountService/Accounts/newadmin_user
215    ...  valid_status_codes=[${HTTP_OK}, ${HTTP_NOT_FOUND}]
216
217    # Update admin_user username using Redfish.
218    ${payload}=  Create Dictionary  UserName=newadmin_user
219    Redfish.Patch  /redfish/v1/AccountService/Accounts/admin_user  body=&{payload}
220    ...  valid_status_codes=[${HTTP_OK}, ${HTTP_NO_CONTENT}]
221
222    # Update readonly_user role using Redfish.
223    ${payload}=  Create Dictionary  RoleId=Administrator
224    Redfish.Patch  /redfish/v1/AccountService/Accounts/readonly_user  body=&{payload}
225    ...  valid_status_codes=[${HTTP_OK}, ${HTTP_NO_CONTENT}]
226
227    # Verify users after updating
228    Redfish Verify User  newadmin_user  TestPwd123     Administrator   ${True}
229    Redfish Verify User  readonly_user  TestPwd123     Administrator   ${True}
230
231    # Delete created users.
232    Redfish.Delete  /redfish/v1/AccountService/Accounts/newadmin_user
233    Redfish.Delete  /redfish/v1/AccountService/Accounts/readonly_user
234
235
236Verify Modifying Operator User Attributes
237    [Documentation]  Verify modifying operator user attributes.
238    [Tags]  Verify_Modifying_Operator_User_Attributes
239    [Setup]  Run Keywords  Redfish.Login  AND
240    ...  Redfish Create User  operator_user  TestPwd123  Operator  ${True}
241    [Teardown]  Run Keywords  Redfish.Delete  /redfish/v1/AccountService/Accounts/operator_user
242    ...  AND  Test Teardown Execution
243
244    # Update operator_user password using Redfish.
245    ${payload}=  Create Dictionary  Password=NewTestPwd123
246    Redfish.Patch  /redfish/v1/AccountService/Accounts/operator_user  body=&{payload}
247    ...  valid_status_codes=[${HTTP_OK}, ${HTTP_NO_CONTENT}]
248
249    # Verify users after updating
250    Redfish Verify User  operator_user  NewTestPwd123  Operator        ${True}
251
252
253Verify User Account Locked
254    [Documentation]  Verify user account locked upon trying with invalid password.
255    [Tags]  Verify_User_Account_Locked
256
257    Redfish Create User  admin_user  TestPwd123  Administrator   ${True}
258
259    ${payload}=  Create Dictionary  AccountLockoutThreshold=${account_lockout_threshold}
260    ...  AccountLockoutDuration=${account_lockout_duration}
261    Redfish.Patch  ${REDFISH_ACCOUNTS_SERVICE_URI}  body=${payload}
262    ...  valid_status_codes=[${HTTP_OK}, ${HTTP_NO_CONTENT}]
263
264    Redfish.Logout
265
266    # Make ${account_lockout_threshold} failed login attempts.
267    Repeat Keyword  ${account_lockout_threshold} times
268    ...  Run Keyword And Expect Error  *InvalidCredentialsError*  Redfish.Login  admin_user  abcd1234
269
270    # Verify that legitimate login fails due to lockout.
271    Run Keyword And Expect Error  *InvalidCredentialsError*
272    ...  Redfish.Login  admin_user  TestPwd123
273
274    # Wait for lockout duration to expire and adding 5 sec delay to the account lock timeout
275    # ... then verify that login works.
276    ${total_wait_duartion}=  Evaluate  ${account_lockout_duration} + 5
277    Sleep  ${total_wait_duartion}s
278
279    Redfish.Login  admin_user  TestPwd123
280
281    Redfish.Logout
282
283    Redfish.Login
284
285    Redfish.Delete  /redfish/v1/AccountService/Accounts/admin_user
286
287
288Verify User Account Unlock
289    [Documentation]  Verify manually unlocking the account before lockout time
290    [Tags]  Verify_User_Account_Unlock
291    [Teardown]  Run Keywords  SSHLibrary.Close All Connections
292    ...  AND  Redfish.Logout
293    ...  AND  Redfish.Login
294    ...  AND  Redfish.Delete  /redfish/v1/AccountService/Accounts/test_user
295
296    Redfish Create User  test_user  TestPwd123  Administrator  ${True}
297
298    ${payload}=  Create Dictionary
299    ...  AccountLockoutThreshold=${account_lockout_threshold}
300    ...  AccountLockoutDuration=${account_lockout_duration}
301    Redfish.Patch  ${REDFISH_ACCOUNTS_SERVICE_URI}  body=${payload}
302    ...  valid_status_codes=[${HTTP_OK},${HTTP_NO_CONTENT}]
303
304    Redfish.Logout
305
306    # Make ${account_lockout_threshold} failed login attempts.
307    Repeat Keyword  ${account_lockout_threshold} times
308    ...  Run Keyword And Expect Error  InvalidCredentialsError*
309    ...  Redfish.Login  test_user  abc123
310
311    # Ensure SSH Login with locked account gets failed
312    SSHLibrary.Open Connection  ${OPENBMC_HOST}  port=${SSH_PORT}
313    Run Keyword And Expect Error  Authentication failed*
314    ...  SSHLibrary.Login  test_user  TestPwd123
315
316    # Verify that legitimate login fails due to lockout.
317    Run Keyword And Expect Error  InvalidCredentialsError*
318    ...  Redfish.Login  test_user  TestPwd123
319
320    ${payload}=  Create Dictionary  Locked=${FALSE}
321
322    # Manually unlock the account before lockout threshold expires
323    Redfish.Login
324    Redfish.Patch  ${REDFISH_ACCOUNTS_URI}test_user  body=${payload}
325    ...  valid_status_codes=[${HTTP_OK}, ${HTTP_NO_CONTENT}]
326    Redfish.Logout
327
328    # Try redfish login with the recently unlocked account
329    Redfish.Login  test_user  TestPwd123
330
331    # Try SSH login with the unlocked account
332    SSHLibrary.Open Connection  ${OPENBMC_HOST}  port=${SSH_PORT}
333    SSHLibrary.Login  test_user  TestPwd123
334
335
336Verify Admin User Privilege
337    [Documentation]  Verify admin user privilege.
338    [Tags]  Verify_Admin_User_Privilege
339
340    Redfish Create User  admin_user  TestPwd123  Administrator  ${True}
341    Redfish Create User  readonly_user  TestPwd123  ReadOnly  ${True}
342
343    Redfish.Logout
344
345    Redfish.Login  admin_user  TestPwd123
346
347    # Change password of 'readonly' user with admin user.
348    Redfish.Patch  /redfish/v1/AccountService/Accounts/readonly_user  body={'Password': 'NewTestPwd123'}
349    ...  valid_status_codes=[${HTTP_OK}, ${HTTP_NO_CONTENT}]
350
351    # Verify modified user.
352    Redfish Verify User  readonly_user  NewTestPwd123  ReadOnly  ${True}
353
354    # Note: Delete user would work here because a root login is
355    # performed as part of "Redfish Verify User" keyword's teardown.
356    Redfish.Delete  /redfish/v1/AccountService/Accounts/admin_user
357    Redfish.Delete  /redfish/v1/AccountService/Accounts/readonly_user
358
359
360Verify Operator User Role Change Using Admin Privilege User
361    [Documentation]  Verify operator user role change using admin privilege user
362    [Tags]  Verify_Operator_User_Role_Change_Using_Admin_Privilege_User
363
364    Redfish Create User  admin_user  TestPwd123  Administrator  ${True}
365    Redfish Create User  operator_user  TestPwd123  Operator  ${True}
366
367    Redfish.Logout
368
369    # Change role ID of operator user with admin user.
370    # Login with admin user.
371    Redfish.Login  admin_user  TestPwd123
372
373    # Modify Role ID of Operator user.
374    Redfish.Patch  /redfish/v1/AccountService/Accounts/operator_user  body={'RoleId': 'Administrator'}
375    ...  valid_status_codes=[${HTTP_OK},${HTTP_NO_CONTENT}]
376
377    # Verify modified user.
378    Redfish Verify User  operator_user  TestPwd123  Administrator  ${True}
379
380    Redfish.Delete  /redfish/v1/AccountService/Accounts/admin_user
381    Redfish.Delete  /redfish/v1/AccountService/Accounts/operator_user
382
383
384Verify Operator User Privilege
385    [Documentation]  Verify operator user privilege.
386    [Tags]  Verify_Operator_User_Privilege
387
388    Redfish Create User  admin_user  TestPwd123  Administrator  ${True}
389    Redfish Create User  operator_user  TestPwd123  Operator  ${True}
390
391    Redfish.Logout
392    # Login with operator user.
393    Redfish.Login  operator_user  TestPwd123
394
395    # Verify BMC reset.
396    Run Keyword And Expect Error  ValueError*  Redfish BMC Reset Operation
397
398    # Attempt to change password of admin user with operator user.
399    Redfish.Patch  /redfish/v1/AccountService/Accounts/admin_user  body={'Password': 'NewTestPwd123'}
400    ...  valid_status_codes=[${HTTP_FORBIDDEN}]
401
402    Redfish.Logout
403
404    Redfish.Login
405
406    Redfish.Delete  /redfish/v1/AccountService/Accounts/admin_user
407    Redfish.Delete  /redfish/v1/AccountService/Accounts/operator_user
408
409
410Verify ReadOnly User Privilege
411    [Documentation]  Verify ReadOnly user privilege.
412    [Tags]  Verify_ReadOnly_User_Privilege
413
414    Redfish Create User  readonly_user  TestPwd123  ReadOnly  ${True}
415    Redfish.Logout
416
417    # Login with read_only user.
418    Redfish.Login  readonly_user  TestPwd123
419
420    # Read system level data.
421    ${system_model}=  Redfish_Utils.Get Attribute
422    ...  ${SYSTEM_BASE_URI}  Model
423
424    Redfish.Logout
425    Redfish.Login
426    Redfish.Delete  ${REDFISH_ACCOUNTS_URI}readonly_user
427
428
429Verify History Password For Redfish Admin And Readonly User
430    [Documentation]  Verify previously used password can be set
431    [Tags]  Verify_History_Password_For_Redfish_Admin_And_Readonly_User
432    [Template]  Verify History Password for Redfish User
433
434    #username        role_id
435    admin_user       Administrator
436    readonly_user    ReadOnly
437
438
439Verify Minimum Password Length For Redfish Admin And Readonly User
440    [Documentation]  Verify minimum password length for new and existing admin or
441    ...  readonly user.
442    [Tags]  Verify_Minimum_Password_Length_For_Redfish_Admin_And_Readonly_User
443    [Template]  Verify Minimum Password Length For Redfish User
444
445    #username        role_id
446    admin_user       Administrator
447    readonly_user    ReadOnly
448
449
450Verify Standard User Roles Defined By Redfish
451    [Documentation]  Verify standard user roles defined by Redfish.
452    [Tags]  Verify_Standard_User_Roles_Defined_By_Redfish
453
454    ${member_list}=  Redfish_Utils.Get Member List
455    ...  /redfish/v1/AccountService/Roles
456
457    @{roles}=  Create List
458    ...  /redfish/v1/AccountService/Roles/Administrator
459    ...  /redfish/v1/AccountService/Roles/Operator
460    ...  /redfish/v1/AccountService/Roles/ReadOnly
461
462    List Should Contain Sub List  ${member_list}  ${roles}
463
464    # The standard roles are:
465
466    # | Role name | Assigned privileges |
467    # | Administrator | Login, ConfigureManager, ConfigureUsers, ConfigureComponents, ConfigureSelf |
468    # | Operator | Login, ConfigureComponents, ConfigureSelf |
469    # | ReadOnly | Login, ConfigureSelf |
470
471    @{admin}=  Create List  Login  ConfigureManager  ConfigureUsers  ConfigureComponents  ConfigureSelf
472    @{operator}=  Create List  Login  ConfigureComponents  ConfigureSelf
473    @{readOnly}=  Create List  Login  ConfigureSelf
474
475    ${roles_dict}=  create dictionary  admin_privileges=${admin}  operator_privileges=${operator}
476    ...  readOnly_privileges=${readOnly}
477
478    ${resp}=  redfish.Get  /redfish/v1/AccountService/Roles/Administrator
479    List Should Contain Sub List  ${resp.dict['AssignedPrivileges']}  ${roles_dict['admin_privileges']}
480
481    ${resp}=  redfish.Get  /redfish/v1/AccountService/Roles/Operator
482    List Should Contain Sub List  ${resp.dict['AssignedPrivileges']}  ${roles_dict['operator_privileges']}
483
484    ${resp}=  redfish.Get  /redfish/v1/AccountService/Roles/ReadOnly
485    List Should Contain Sub List  ${resp.dict['AssignedPrivileges']}  ${roles_dict['readOnly_privileges']}
486
487
488Verify Error While Deleting Root User
489    [Documentation]  Verify error while deleting root user.
490    [Tags]  Verify_Error_While_Deleting_Root_User
491
492    Redfish.Delete  /redfish/v1/AccountService/Accounts/root  valid_status_codes=[${HTTP_FORBIDDEN}]
493
494
495Verify SSH Login Access With Admin User
496    [Documentation]  Verify that admin user have SSH login access.
497    ...              By default, admin should have access but there could be
498    ...              case where admin user shell access is restricted by design
499    ...              in the community sphere..
500    [Tags]  Verify_SSH_Login_Access_With_Admin_User
501
502    #Create an admin user and verify SSH login.
503    Create Admin User And Verify SSH Login
504
505    Redfish.Login
506    Redfish.Delete  /redfish/v1/AccountService/Accounts/new_admin
507
508Verify SSH Login Is Revoked For Deleted User
509    [Documentation]  Verify SSH login access is revoked for deleted User.
510    [Tags]    Verify_SSH_Login_Is_Revoked_For_Deleted_User
511
512    #Create an admin user and verify SSH login.
513    Create Admin User And Verify SSH Login
514
515    #Login with root user.
516    Redfish.Login
517
518    # Delete the admin user.
519    Redfish.Delete  /redfish/v1/AccountService/Accounts/new_admin
520    ...  valid_status_codes=[${HTTP_OK}]
521
522    # Attempt SSH login with Deleted user.
523    SSHLibrary.Open Connection  ${OPENBMC_HOST}  port=${SSH_PORT}
524    Run Keyword And Expect Error  Authentication failed*
525    ...  SSHLibrary.Login  new_admin  TestPwd1
526
527Verify Configure BasicAuth Enable And Disable
528    [Documentation]  Verify configure basicauth enable and disable
529    [Tags]  Verify_Configure_BasicAuth_Enable_And_Disable
530    [Template]  Template For Configure Auth Methods
531
532    # auth_method
533    BasicAuth
534    XToken
535
536
537Redfish Create and Verify Admin User With Invalid Password Format
538    [Documentation]  Create a admin user with invalid password format and verify.
539    [Template]  Create User With Unsupported Password Format And Verify
540    [Tags]  Redfish_Create_and_Verify_Admin_User_With_Invalid_Password_Format
541
542    #username       role_id        password
543    admin_user      Administrator  snellens
544    admin_user      Administrator  10000001
545    admin_user      Administrator  12345678
546    admin_user      Administrator  abcdefgh
547    admin_user      Administrator  abf12345
548    admin_user      Administrator  helloworld
549    admin_user      Administrator  HELLOWORLD
550    admin_user      Administrator  &$%**!*@
551    admin_user      Administrator  Dictation
552
553
554Redfish Create and Verify Readonly User With Invalid Password Format
555    [Documentation]  Create a readonly user with invalid password format and verify.
556    [Template]  Create User With Unsupported Password Format And Verify
557    [Tags]  Redfish_Create_and_Verify_Readonly_User_With_Invalid_Password_Format
558
559    #username       role_id        password
560    readonly_user   ReadOnly       snellens
561    readonly_user   ReadOnly       10000001
562    readonly_user   ReadOnly       12345678
563    readonly_user   ReadOnly       abcdefgh
564    readonly_user   ReadOnly       abf12345
565    readonly_user   ReadOnly       helloworld
566    readonly_user   ReadOnly       HELLOWORLD
567    readonly_user   ReadOnly       &$%**!*@
568    readonly_user   ReadOnly       Dictation
569
570
571Verify Admin And Readonly User Password Is Not Same As Username
572    [Documentation]  Verify that admin and readonly user creation is failed if
573    ...  password is same as username.
574    [Template]  Create User With Unsupported Password Format And Verify
575    [Tags]      Verify_Admin_And_Readonly_User_Password_Is_Not_Same_As_Username
576
577    #username        role_id             password
578    AdminUser1       Administrator       AdminUser1
579    ReadOnlyUser1    ReadOnly            ReadOnlyUser1
580
581Verify AccountService Unsupported Methods
582    [Documentation]  Verify Unsupported methods of AccountService
583    [Tags]  Verify_AccountService_Unsupported_Methods
584
585    # Put operation on Account Services
586    Redfish.Put  /redfish/v1/AccountService
587    ...    valid_status_codes=[${HTTP_METHOD_NOT_ALLOWED}]
588
589    # Post operation on Account Services
590    Redfish.Post  /redfish/v1/AccountService
591    ...  valid_status_codes=[${HTTP_METHOD_NOT_ALLOWED}]
592
593    # Delete operation on Account Services
594    Redfish.Delete  /redfish/v1/AccountService
595    ...  valid_status_codes=[${HTTP_METHOD_NOT_ALLOWED}]
596
597Verify AccountService Roles Unsupported Methods
598    [Documentation]  Verify Unsupported methods of AccountService/Roles
599    [Tags]  Verify_AccountService_Roles_Unsupported_Methods
600
601    # Put operation on Account Services Roles
602    Redfish.Put  /redfish/v1/AccountService/Roles
603    ...  valid_status_codes=[${HTTP_METHOD_NOT_ALLOWED}]
604
605    # Post operation on Account Services Roles
606    Redfish.Post  /redfish/v1/AccountService/Roles
607    ...  valid_status_codes=[${HTTP_METHOD_NOT_ALLOWED}]
608
609    # Delete operation on Account Services Roles
610    Redfish.Delete  /redfish/v1/AccountService/Roles
611    ...  valid_status_codes=[${HTTP_METHOD_NOT_ALLOWED}]
612
613    # Patch operation on Account Services Roles
614    Redfish.Patch  /redfish/v1/AccountService/Roles
615    ...  valid_status_codes=[${HTTP_METHOD_NOT_ALLOWED}]
616
617Verify AccountService Roles Instance With Unsupported Methods
618    [Documentation]  Verify Instance Roles for AccountService and Unsupported Methods
619    [Tags]    Verify_AccountService_Roles_Instance_With_Unsupported_Methods
620
621    # GET Administrator Role Instance
622    Redfish.Get    /redfish/v1/AccountService/Roles/Administrator
623    ...    valid_status_codes=[${HTTP_OK}]
624
625    # GET Operator Role Instance
626    Redfish.Get    /redfish/v1/AccountService/Roles/Operator
627    ...    valid_status_codes=[${HTTP_OK}]
628
629    # GET ReadOnly RoleInstance
630    Redfish.Get    /redfish/v1/AccountService/Roles/ReadOnly
631    ...    valid_status_codes=[${HTTP_OK}]
632
633    # Post operation on Account Service Roles Instance
634    Redfish.Post    /redfish/v1/AccountService/Roles/Administrator
635    ...    valid_status_codes=[${HTTP_METHOD_NOT_ALLOWED}]
636
637    # Put operation on Account Service Roles Instance
638    Redfish.Put    /redfish/v1/AccountService/Roles/Administrator
639    ...    valid_status_codes=[${HTTP_METHOD_NOT_ALLOWED}]
640
641    # Patch operation on Account Service Roles Instance
642    Redfish.Patch    /redfish/v1/AccountService/Roles/Administrator
643    ...    valid_status_codes=[${HTTP_METHOD_NOT_ALLOWED}]
644
645    #Delete operation on Account Service Roles Instance
646    Redfish.Delete    /redfish/v1/AccountService/Roles/Administrator
647    ...    valid_status_codes=[${HTTP_METHOD_NOT_ALLOWED}]
648
649Verify Account Lockout With Invalid Configuration
650    [Documentation]  Verify Account Lockout configuration with invalid values.
651    [Tags]  Verify_Account_Lockout_With_Invalid_Configuration
652
653    @{invalid_values_list}=  Create List  -1  abc  3.5  ${EMPTY}
654
655    FOR  ${invalid_value}  IN  @{invalid_values_list}
656        ${payload}=  Create Dictionary  AccountLockoutThreshold=${invalid_value}
657        Redfish.Patch  ${REDFISH_ACCOUNTS_SERVICE_URI}  body=${payload}
658        ...  valid_status_codes=[${HTTP_BAD_REQUEST}]
659
660        ${payload}=  Create Dictionary  AccountLockoutDuration=${invalid_value}
661        Redfish.Patch  ${REDFISH_ACCOUNTS_SERVICE_URI}  body=${payload}
662        ...  valid_status_codes=[${HTTP_BAD_REQUEST}]
663
664        ${payload}=  Create Dictionary  AccountLockoutThreshold=${account_lockout_threshold}
665        ...  AccountLockoutDuration=${invalid_value}
666        Redfish.Patch  ${REDFISH_ACCOUNTS_SERVICE_URI}  body=${payload}
667        ...  valid_status_codes=[${HTTP_BAD_REQUEST}]
668
669        ${payload}=  Create Dictionary  AccountLockoutThreshold=${invalid_value}
670        ...  AccountLockoutDuration=${account_lockout_duration}
671        Redfish.Patch  ${REDFISH_ACCOUNTS_SERVICE_URI}  body=${payload}
672        ...  valid_status_codes=[${HTTP_BAD_REQUEST}]
673    END
674
675*** Keywords ***
676
677Test Teardown Execution
678    [Documentation]  Do the post test teardown.
679
680    Run Keyword And Ignore Error  Redfish.Logout
681    FFDC On Test Case Fail
682
683
684Redfish Create User
685    [Documentation]  Redfish create user.
686    [Arguments]   ${username}  ${password}  ${role_id}  ${enabled}  ${login_check}=${True}
687
688    # Description of argument(s):
689    # username            The username to be created.
690    # password            The password to be assigned.
691    # role_id             The role ID of the user to be created
692    #                     (e.g. "Administrator", "Operator", etc.).
693    # enabled             Indicates whether the username being created
694    #                     should be enabled (${True}, ${False}).
695    # login_check         Checks user login for created user.
696    #                     (e.g. ${True}, ${False}).
697
698    # Make sure the user account in question does not already exist.
699    Redfish.Delete  /redfish/v1/AccountService/Accounts/${userName}
700    ...  valid_status_codes=[${HTTP_OK}, ${HTTP_NOT_FOUND}]
701
702    # Create specified user.
703    ${payload}=  Create Dictionary
704    ...  UserName=${username}  Password=${password}  RoleId=${role_id}  Enabled=${enabled}
705    Redfish.Post  /redfish/v1/AccountService/Accounts/  body=&{payload}
706    ...  valid_status_codes=[${HTTP_CREATED}]
707
708    # Resetting faillock count as a workaround for issue
709    # openbmc/phosphor-user-manager#4
710    ${cmd}=  Catenate  /usr/sbin/faillock --user ${username} --reset
711
712    Bmc Execute Command  ${cmd}
713
714    # Verify login with created user.
715    IF  '${login_check}' == '${True}'
716        ${status}=  Run Keyword And Return Status
717        ...  Verify Redfish User Login  ${username}  ${password}
718    ELSE
719        ${status}=  Set Variable  ${False}
720    END
721
722    IF  '${login_check}' == '${True}'  Should Be Equal  ${status}  ${enabled}
723
724    # Validate Role ID of created user.
725    ${role_config}=  Redfish_Utils.Get Attribute
726    ...  /redfish/v1/AccountService/Accounts/${username}  RoleId
727    Should Be Equal  ${role_id}  ${role_config}
728
729
730Redfish Verify User
731    [Documentation]  Redfish user verification.
732    [Arguments]   ${username}  ${password}  ${role_id}  ${enabled}
733
734    # Description of argument(s):
735    # username            The username to be created.
736    # password            The password to be assigned.
737    # role_id             The role ID of the user to be created
738    #                     (e.g. "Administrator", "Operator", etc.).
739    # enabled             Indicates whether the username being created
740    #                     should be enabled (${True}, ${False}).
741
742    ${status}=  Verify Redfish User Login  ${username}  ${password}
743    # Doing a check of the returned status.
744    Should Be Equal  ${status}  ${enabled}
745
746    # Validate Role Id of user.
747    ${role_config}=  Redfish_Utils.Get Attribute
748    ...  /redfish/v1/AccountService/Accounts/${username}  RoleId
749    Should Be Equal  ${role_id}  ${role_config}
750
751
752Verify Redfish User Login
753    [Documentation]  Verify Redfish login with given user id.
754    [Teardown]  Run Keywords  Run Keyword And Ignore Error  Redfish.Logout  AND  Redfish.Login
755    [Arguments]   ${username}  ${password}
756
757    # Description of argument(s):
758    # username            Login username.
759    # password            Login password.
760
761    # Logout from current Redfish session.
762    # We don't really care if the current session is flushed out since we are going to login
763    # with new credential in next.
764    Run Keyword And Ignore Error  Redfish.Logout
765
766    ${status}=  Run Keyword And Return Status  Redfish.Login  ${username}  ${password}
767    RETURN  ${status}
768
769
770Redfish Create And Verify User
771    [Documentation]  Redfish create and verify user.
772    [Arguments]   ${username}  ${password}  ${role_id}  ${enabled}
773
774    # Description of argument(s):
775    # username            The username to be created.
776    # password            The password to be assigned.
777    # role_id             The role ID of the user to be created
778    #                     (e.g. "Administrator", "Operator", etc.).
779    # enabled             Indicates whether the username being created
780    #                     should be enabled (${True}, ${False}).
781
782    # Example:
783    #{
784    #"@odata.context": "/redfish/v1/$metadata#ManagerAccount.ManagerAccount",
785    #"@odata.id": "/redfish/v1/AccountService/Accounts/test1",
786    #"@odata.type": "#ManagerAccount.v1_0_3.ManagerAccount",
787    #"Description": "User Account",
788    #"Enabled": true,
789    #"Id": "test1",
790    #"Links": {
791    #  "Role": {
792    #    "@odata.id": "/redfish/v1/AccountService/Roles/Administrator"
793    #  }
794    #},
795
796    Redfish Create User  ${username}  ${password}  ${role_id}  ${enabled}
797
798    Redfish Verify User  ${username}  ${password}  ${role_id}  ${enabled}
799
800    # Delete Specified User
801    Redfish.Delete  /redfish/v1/AccountService/Accounts/${username}
802
803Verify Redfish User Login With Wrong Password
804    [Documentation]  Verify Redfish User failed to login with wrong password.
805    [Arguments]   ${username}  ${password}  ${role_id}  ${enabled}  ${wrong_password}
806
807    # Description of argument(s):
808    # username            The username to be created.
809    # password            The password to be assigned.
810    # role_id             The role ID of the user to be created
811    #                     (e.g. "Administrator", "Operator", etc.).
812    # enabled             Indicates whether the username being created
813    #                     should be enabled (${True}, ${False}).
814    # wrong_password      Any invalid password.
815
816    Redfish Create User  ${username}  ${password}  ${role_id}  ${enabled}
817
818    Redfish.Logout
819
820    # Attempt to login with created user with invalid password.
821    Run Keyword And Expect Error  InvalidCredentialsError*
822    ...  Redfish.Login  ${username}  ${wrong_password}
823
824    Redfish.Login
825
826    # Delete newly created user.
827    Redfish.Delete  /redfish/v1/AccountService/Accounts/${username}
828
829
830Verify Login with Deleted Redfish User
831    [Documentation]  Verify Login with Deleted Redfish User.
832    [Arguments]   ${username}  ${password}  ${role_id}  ${enabled}
833
834    # Description of argument(s):
835    # username            The username to be created.
836    # password            The password to be assigned.
837    # role_id             The role ID of the user to be created
838    #                     (e.g. "Administrator", "Operator", etc.).
839    # enabled             Indicates whether the username being created
840    #                     should be enabled (${True}, ${False}).
841
842    Redfish Create User  ${username}  ${password}  ${role_id}  ${enabled}
843
844    # Delete newly created user.
845    Redfish.Delete  /redfish/v1/AccountService/Accounts/${userName}
846
847    Redfish.Logout
848
849    # Attempt to login with deleted user account.
850    Run Keyword And Expect Error  InvalidCredentialsError*
851    ...  Redfish.Login  ${username}  ${password}
852
853    Redfish.Login
854
855
856Verify Create User Without Enabling
857    [Documentation]  Verify Create User Without Enabling.
858    [Arguments]   ${username}  ${password}  ${role_id}  ${enabled}
859
860    # Description of argument(s):
861    # username            The username to be created.
862    # password            The password to be assigned.
863    # role_id             The role ID of the user to be created
864    #                     (e.g. "Administrator", "Operator", etc.).
865    # enabled             Indicates whether the username being created
866    #                     should be enabled (${True}, ${False}).
867
868    Redfish Create User  ${username}  ${password}  ${role_id}  ${enabled}  ${False}
869
870    Redfish.Logout
871
872    # Login with created user.
873    Run Keyword And Expect Error  InvalidCredentialsError*
874    ...  Redfish.Login  ${username}  ${password}
875
876    Redfish.Login
877
878    # Delete newly created user.
879    Redfish.Delete  /redfish/v1/AccountService/Accounts/${username}
880
881Template For Configure Auth Methods
882    [Documentation]  Template to configure auth methods.
883    [Arguments]  ${auth_method}
884    [Teardown]  Configure AuthMethods  ${auth_method}=${initial_value}
885
886    # Description of Argument(s):
887    # authmethods   The authmethod setting which needs to be
888    #               set in account service URI.
889    # valid values  BasicAuth, XToken.
890
891    Get AuthMethods Default Values  ${auth_method}
892
893    # Patch basicauth to TRUE
894    Configure AuthMethods  ${auth_method}=${TRUE}
895
896    IF  "${auth_method}" == "XToken"
897        Check XToken Works Fine  ${HTTP_OK}
898    ELSE
899        Check BasicAuth Works Fine  ${HTTP_OK}
900    END
901
902    # Patch basicauth to FALSE
903    Configure AuthMethods  ${auth_method}=${FALSE}
904
905    IF  "${auth_method}" == "BasicAuth"
906        Check BasicAuth Works Fine  ${HTTP_UNAUTHORIZED}
907    ELSE
908        Check XToken Works Fine  ${HTTP_UNAUTHORIZED}
909    END
910
911Configure AuthMethods
912    [Documentation]  Enable/disable authmethod types.
913    [Arguments]  &{authmethods}
914
915    # Description of argument(s):
916    # authmethods            The authmethod setting which needs to be
917    #                        set in account service URI.
918    # Usage Example          Configure AuthMethods  XToken=${TRUE}  BasicAuth=${TRUE}
919    #                        This will set the value of "XToken" and "BasicAuth"
920    #                        property in accountservice uri to TRUE.
921
922    ${openbmc}=  Create Dictionary  AuthMethods=${authmethods}
923    ${oem}=  Create Dictionary  OpenBMC=${openbmc}
924    ${payload}=  Create Dictionary  Oem=${oem}
925
926    # Setting authmethod properties using Redfish session based auth
927    ${status}=  Run Keyword And Return Status
928    ...  Redfish.Patch  ${REDFISH_BASE_URI}AccountService
929    ...  body=${payload}  valid_status_codes=[${HTTP_OK},${HTTP_NO_CONTENT}]
930
931    # Setting authmethod properties using basic auth in case the former fails
932    IF  ${status}==${FALSE}
933        # Payload dictionary pre-process to match json formatting
934        ${payload}=  Convert To String  ${payload}
935        ${payload}=  Replace String  ${payload}  '  "
936        ${payload}=  Replace String  ${payload}  False  false
937        ${payload}=  Replace String  ${payload}  True  true
938
939        # Curl Command Framing for PATCH authmethod
940        ${cmd}=  Catenate  curl -k -i -u ${OPENBMC_USERNAME}:${OPENBMC_PASSWORD}
941        ...  -X PATCH '${AUTH_URI}${REDFISH_ACCOUNTS_SERVICE_URI}'
942        ...  -H 'content-type:application/json' -H 'If-Match:*'
943        ...  -d '${payload}'
944        ${rc}  ${out}=  Run And Return Rc And Output  ${cmd}
945
946        #  Check the response of curl command is 200 or 204
947        ${check_no_content}=
948        ...  Run Keyword and Return Status  Should Contain  ${out}  204
949        ${check_ok}=
950        ...  Run Keyword and Return Status  Should Contain  ${out}  200
951        Pass Execution If  ${check_no_content}==${TRUE}
952        ...  OR  ${check_ok}==${TRUE}
953    END
954
955
956Get AuthMethods Default Values
957    [Documentation]  Get enabled/disabled status of all authmethods
958    ...  from Redfish account service URI
959    [Arguments]  ${authmethod}
960
961    # Description of argument(s):
962    # authmethod            The authmethod property whose value needs to be
963    #                       retrieved from account service URI.
964    # Usage Example         Get AuthMethods Default Values  BasicAuth
965    #                       returns >> ${TRUE}
966    # Example:
967    # {
968    #     "@odata.id": "/redfish/v1/AccountService",
969    #     (...)
970    #     "Oem": {
971    #         "OpenBMC": {
972    #             "AuthMethods": {
973    #                 "BasicAuth": true,
974    #                 "Cookie": true,
975    #                 "SessionToken": true,
976    #                 "TLS": true,
977    #                 "XToken": true
978    #             }
979    #         }
980    #     }
981    # }
982
983    ${resp}=  Redfish.Get Attribute  ${REDFISH_ACCOUNTS_SERVICE_URI}  Oem
984    ${authmethods}=  Set Variable  ${resp['OpenBMC']['AuthMethods']}
985    ${initial_value}=  Get From Dictionary  ${authmethods}  ${authmethod}
986    Set Test Variable  ${initial_value}
987
988Check XToken Works Fine
989    [Documentation]  Verify Xtoken works fine.
990    [Arguments]  ${status_code}
991
992    # Description of Argument(s):
993    # status_code : 200, 401.
994
995    # Verify xtoken auth works for xtoken
996    Redfish.Get  ${REDFISH_ACCOUNTS_SERVICE_URI}
997    ...  valid_status_codes=[${status_code}]
998
999Check BasicAuth Works Fine
1000    [Documentation]  Verify Basic Auth works fine.
1001    [Arguments]  ${status_code}
1002
1003    # Description of Argument(s):
1004    # status_code : 200, 401.
1005
1006    # Verify basic auth works based on basic auth.
1007    ${cmd}=  Catenate  curl -k -i -u ${OPENBMC_USERNAME}:${OPENBMC_PASSWORD}
1008    ...  ${AUTH_URI}/redfish/v1/AccountService
1009    ${rc}  ${out}=  Run And Return Rc And Output  ${cmd}
1010
1011    #  Check the response of curl command is 200/401
1012    Should Contain  ${out}  ${status_code}
1013
1014
1015Create User With Unsupported Password Format And Verify
1016   [Documentation]  Create admin or readonly user with unsupported password format
1017   ...  and verify.
1018   [Arguments]   ${username}  ${role_id}  ${password}
1019
1020   # Description of argument(s):
1021   # username            The username to be created.
1022   # role_id             The role ID of the user to be created
1023   #                     (e.g. "Administrator", "ReadOnly").
1024   # password            The password to be assigned.
1025   #                     Unsupported password format are sequential characters,
1026   #                     sequential digits, palindrome digits, palindrome characters,
1027   #                     only uppercase letters, only lowercase letters, only digits,
1028   #                     only characters, not a dictionary word, username and password
1029   #                     should not be same.
1030
1031   # Make sure the user account in question does not already exist.
1032    Redfish.Delete  /redfish/v1/AccountService/Accounts/${userName}
1033    ...  valid_status_codes=[${HTTP_OK}, ${HTTP_NOT_FOUND}]
1034
1035   # Create specified user with invalid password format.
1036   ${payload}=  Create Dictionary
1037   ...  UserName=${username}  Password=${password}  RoleId=${role_id}  Enabled=${True}
1038   Redfish.Post  /redfish/v1/AccountService/Accounts/  body=&{payload}
1039   ...  valid_status_codes=[${HTTP_BAD_REQUEST}]
1040
1041
1042Verify History Password for Redfish User
1043    [Documentation]  Verify that previous password can be used
1044    [Arguments]  ${user_name}  ${role_id}
1045
1046    # Description of argument(s):
1047    # user_name           The username to be created.
1048    # role_id             The role ID of the user to be created.
1049
1050    # Make sure the user account in question does not already exist.
1051    Redfish.Delete  /redfish/v1/AccountService/Accounts/${user_name}
1052    ...  valid_status_codes=[${HTTP_OK}, ${HTTP_NOT_FOUND}]
1053
1054    # Create specified user with valid password.
1055    ${payload}=  Create Dictionary
1056    ...  UserName=${user_name}  Password=HistUserPwd1  RoleId=${role_id}  Enabled=${True}
1057    Redfish.Post  /redfish/v1/AccountService/Accounts/  body=&{payload}
1058    ...  valid_status_codes=[${HTTP_CREATED}]
1059
1060    # Change password
1061    Redfish.Patch  /redfish/v1/AccountService/Accounts/${user_name}  body={'Password': 'HistUserPwd2'}
1062    ...  valid_status_codes=[${HTTP_OK}, ${HTTP_NO_CONTENT}]
1063
1064    # Try to change password to previous one
1065    Redfish.Patch  /redfish/v1/AccountService/Accounts/${user_name}  body={'Password': 'HistUserPwd1'}
1066    ...  valid_status_codes=[${HTTP_OK}, ${HTTP_NO_CONTENT}]
1067
1068    # Verify login.
1069    Redfish.Logout
1070    Redfish.Login  ${user_name}  HistUserPwd1
1071    Redfish.Logout
1072    Redfish.Login
1073    Redfish.Delete  /redfish/v1/AccountService/Accounts/${user_name}
1074
1075
1076Verify Minimum Password Length For Redfish User
1077    [Documentation]  Verify minimum password length for new and existing admin or
1078    ...  readonly user.
1079    [Arguments]  ${user_name}  ${role_id}
1080
1081    # Description of argument(s):
1082    # user_name           The username to be created.
1083    # role_id             The role ID of the user to be created.
1084
1085    # Make sure the user account in question does not already exist.
1086    Redfish.Delete  /redfish/v1/AccountService/Accounts/${user_name}
1087    ...  valid_status_codes=[${HTTP_OK}, ${HTTP_NOT_FOUND}]
1088
1089    # Try to create a user with invalid length password.
1090    ${payload}=  Create Dictionary
1091    ...  UserName=${user_name}  Password=UserPwd  RoleId=${role_id}  Enabled=${True}
1092    Redfish.Post  /redfish/v1/AccountService/Accounts/  body=&{payload}
1093    ...  valid_status_codes=[${HTTP_BAD_REQUEST}]
1094
1095    # Create specified user with valid length password.
1096    Set To Dictionary  ${payload}  Password  UserPwd1
1097    Redfish.Post  /redfish/v1/AccountService/Accounts/  body=&{payload}
1098    ...  valid_status_codes=[${HTTP_CREATED}]
1099
1100    # Try to change to an invalid password.
1101    Redfish.Patch  /redfish/v1/AccountService/Accounts/${user_name}  body={'Password': 'UserPwd'}
1102    ...  valid_status_codes=[${HTTP_BAD_REQUEST}]
1103
1104    # Change to a valid password.
1105    Redfish.Patch  /redfish/v1/AccountService/Accounts/${user_name}  body={'Password': 'UserPwd1'}
1106    ...  valid_status_codes=[${HTTP_OK}, ${HTTP_NO_CONTENT}]
1107
1108    # Verify login.
1109    Redfish.Logout
1110    Redfish.Login  ${user_name}  UserPwd1
1111    Redfish.Logout
1112    Redfish.Login
1113    Redfish.Delete  /redfish/v1/AccountService/Accounts/${user_name}
1114
1115Create Admin User And Verify SSH Login
1116    [Documentation]  Create admin user and verify SSH login & logout.
1117
1118    # Create an admin User.
1119    Redfish Create User  new_admin  TestPwd1  Administrator  ${True}
1120
1121    # Attempt SSH login with admin user.
1122    SSHLibrary.Open Connection  ${OPENBMC_HOST}  port=${SSH_PORT}
1123    ${status}=  Run Keyword And Return Status  SSHLibrary.Login  new_admin  TestPwd1
1124
1125    # By default ssh_status is True, user can change the status via CLI
1126    # -v ssh_status:False
1127    Should Be Equal As Strings  "${status}"  "${ssh_status}"
1128
1129    # Close SSH connection for admin user.
1130    SSHLibrary.Close Connection
1131