1*** Settings *** 2Documentation Test Redfish user account. 3 4Resource ../../lib/resource.robot 5Resource ../../lib/bmc_redfish_resource.robot 6Resource ../../lib/openbmc_ffdc.robot 7Resource ../../lib/bmc_redfish_utils.robot 8 9Library SSHLibrary 10 11Test Setup Redfish.Login 12Test Teardown Test Teardown Execution 13 14*** Variables *** 15 16${account_lockout_duration} ${30} 17${account_lockout_threshold} ${3} 18 19** Test Cases ** 20 21Verify AccountService Available 22 [Documentation] Verify Redfish account service is available. 23 [Tags] Verify_AccountService_Available 24 25 ${resp} = Redfish_utils.Get Attribute /redfish/v1/AccountService ServiceEnabled 26 Should Be Equal As Strings ${resp} ${True} 27 28 29Verify Redfish Admin User Persistence After Reboot 30 [Documentation] Verify Redfish admin user persistence after reboot. 31 [Tags] Verify_Redfish_Admin_User_Persistence_After_Reboot 32 [Setup] Run Keywords Redfish.Login AND 33 ... Redfish Create User admin_user TestPwd123 Administrator ${True} 34 [Teardown] Run Keywords Redfish.Delete /redfish/v1/AccountService/Accounts/admin_user 35 ... AND Test Teardown Execution 36 37 # Reboot BMC. 38 Redfish OBMC Reboot (off) stack_mode=normal 39 40 # Verify users after reboot. 41 Redfish Verify User admin_user TestPwd123 Administrator ${True} 42 43 44Verify Redfish Operator User Persistence After Reboot 45 [Documentation] Verify Redfish operator user persistence after reboot. 46 [Tags] Verify_Redfish_Operator_User_Persistence_After_Reboot 47 [Setup] Run Keywords Redfish.Login AND 48 ... Redfish Create User operator_user TestPwd123 Operator ${True} 49 [Teardown] Run Keywords Redfish.Delete /redfish/v1/AccountService/Accounts/operator_user 50 ... AND Test Teardown Execution 51 52 # Reboot BMC. 53 Redfish OBMC Reboot (off) stack_mode=normal 54 55 # Verify users after reboot. 56 Redfish Verify User operator_user TestPwd123 Operator ${True} 57 58 59Verify Redfish Readonly User Persistence After Reboot 60 [Documentation] Verify Redfish readonly user persistence after reboot. 61 [Tags] Verify_Redfish_Readonly_User_Persistence_After_Reboot 62 [Setup] Run Keywords Redfish.Login AND 63 ... Redfish Create User readonly_user TestPwd123 ReadOnly ${True} 64 [Teardown] Run Keywords Redfish.Delete /redfish/v1/AccountService/Accounts/readonly_user 65 ... AND Test Teardown Execution 66 67 # Reboot BMC. 68 Redfish OBMC Reboot (off) stack_mode=normal 69 70 # Verify users after reboot. 71 Redfish Verify User readonly_user TestPwd123 ReadOnly ${True} 72 73 74Redfish Create and Verify Admin User 75 [Documentation] Create a Redfish user with administrator role and verify. 76 [Tags] Redfish_Create_and_Verify_Admin_User 77 [Template] Redfish Create And Verify User 78 79 #username password role_id enabled 80 admin_user TestPwd123 Administrator ${True} 81 82 83Redfish Create and Verify Operator User 84 [Documentation] Create a Redfish user with operator role and verify. 85 [Tags] Redfish_Create_and_Verify_Operator_User 86 [Template] Redfish Create And Verify User 87 88 #username password role_id enabled 89 operator_user TestPwd123 Operator ${True} 90 91 92Redfish Create and Verify Readonly User 93 [Documentation] Create a Redfish user with readonly role and verify. 94 [Tags] Redfish_Create_and_Verify_Readonly_User 95 [Template] Redfish Create And Verify User 96 97 #username password role_id enabled 98 readonly_user TestPwd123 ReadOnly ${True} 99 100 101Verify Redfish Admin User With Wrong Password 102 [Documentation] Verify Redfish admin user with wrong password. 103 [Tags] Verify_Redfish_Admin_User_With_Wrong_Password 104 [Template] Verify Redfish User with Wrong Password 105 106 #username password role_id enabled wrong_password 107 admin_user TestPwd123 Administrator ${True} alskjhfwurh 108 109 110Verify Redfish Operator User with Wrong Password 111 [Documentation] Verify Redfish operator user with wrong password. 112 [Tags] Verify_Redfish_Operator_User_with_Wrong_Password 113 [Template] Verify Redfish User with Wrong Password 114 115 #username password role_id enabled wrong_password 116 operator_user TestPwd123 Operator ${True} 12j8a8uakjhdaosiruf024 117 118 119Verify Redfish Readonly User With Wrong Password 120 [Documentation] Verify Redfish readonly user with wrong password. 121 [Tags] Verify_Redfish_Readonly_User_With_Wrong_Password 122 [Template] Verify Redfish User with Wrong Password 123 124 #username password role_id enabled wrong_password 125 readonly_user TestPwd123 ReadOnly ${True} 12 126 127 128Verify Login with Deleted Redfish Admin User 129 [Documentation] Verify login with deleted Redfish admin user. 130 [Tags] Verify_Login_with_Deleted_Redfish_Admin_User 131 [Template] Verify Login with Deleted Redfish User 132 133 #username password role_id enabled 134 admin_user TestPwd123 Administrator ${True} 135 136 137Verify Login with Deleted Redfish Operator User 138 [Documentation] Verify login with deleted Redfish operator user. 139 [Tags] Verify_Login_with_Deleted_Redfish_Operator_User 140 [Template] Verify Login with Deleted Redfish User 141 142 #username password role_id enabled 143 operator_user TestPwd123 Operator ${True} 144 145 146Verify Login with Deleted Redfish Readonly User 147 [Documentation] Verify login with deleted Redfish readonly user. 148 [Tags] Verify_Login_with_Deleted_Redfish_Readonly_User 149 [Template] Verify Login with Deleted Redfish User 150 151 #username password role_id enabled 152 readonly_user TestPwd123 ReadOnly ${True} 153 154 155Verify Admin User Creation Without Enabling It 156 [Documentation] Verify admin user creation without enabling it. 157 [Tags] Verify_Admin_User_Creation_Without_Enabling_It 158 [Template] Verify Create User Without Enabling 159 160 #username password role_id enabled 161 admin_user TestPwd123 Administrator ${False} 162 163 164Verify Operator User Creation Without Enabling It 165 [Documentation] Verify operator user creation without enabling it. 166 [Tags] Verify_Operator_User_Creation_Without_Enabling_It 167 [Template] Verify Create User Without Enabling 168 169 #username password role_id enabled 170 operator_user TestPwd123 Operator ${False} 171 172 173Verify Readonly User Creation Without Enabling It 174 [Documentation] Verify readonly user creation without enabling it. 175 [Tags] Verify_Readonly_User_Creation_Without_Enabling_It 176 [Template] Verify Create User Without Enabling 177 178 #username password role_id enabled 179 readonly_user TestPwd123 ReadOnly ${False} 180 181 182Verify User Creation With Invalid Role Id 183 [Documentation] Verify user creation with invalid role ID. 184 [Tags] Verify_User_Creation_With_Invalid_Role_Id 185 186 # Make sure the user account in question does not already exist. 187 Redfish.Delete /redfish/v1/AccountService/Accounts/test_user 188 ... valid_status_codes=[${HTTP_OK}, ${HTTP_NOT_FOUND}] 189 190 # Create specified user. 191 ${payload}= Create Dictionary 192 ... UserName=test_user Password=TestPwd123 RoleId=wrongroleid Enabled=${True} 193 Redfish.Post /redfish/v1/AccountService/Accounts/ body=&{payload} 194 ... valid_status_codes=[${HTTP_BAD_REQUEST}] 195 196Verify Error Upon Creating Same Users With Different Privileges 197 [Documentation] Verify error upon creating same users with different privileges. 198 [Tags] Verify_Error_Upon_Creating_Same_Users_With_Different_Privileges 199 200 Redfish Create User test_user TestPwd123 Administrator ${True} 201 202 # Create specified user. 203 ${payload}= Create Dictionary 204 ... UserName=test_user Password=TestPwd123 RoleId=ReadOnly Enabled=${True} 205 Redfish.Post /redfish/v1/AccountService/Accounts/ body=&{payload} 206 ... valid_status_codes=[${HTTP_BAD_REQUEST}] 207 208 Redfish.Delete /redfish/v1/AccountService/Accounts/test_user 209 210 211Verify Modifying User Attributes 212 [Documentation] Verify modifying user attributes. 213 [Tags] Verify_Modifying_User_Attributes 214 215 # Create Redfish users. 216 Redfish Create User admin_user TestPwd123 Administrator ${True} 217 Redfish Create User readonly_user TestPwd123 ReadOnly ${True} 218 219 # Make sure the new user account does not already exist. 220 Redfish.Delete /redfish/v1/AccountService/Accounts/newadmin_user 221 ... valid_status_codes=[${HTTP_OK}, ${HTTP_NOT_FOUND}] 222 223 # Update admin_user username using Redfish. 224 ${payload}= Create Dictionary UserName=newadmin_user 225 Redfish.Patch /redfish/v1/AccountService/Accounts/admin_user body=&{payload} 226 227 # Update readonly_user role using Redfish. 228 ${payload}= Create Dictionary RoleId=Administrator 229 Redfish.Patch /redfish/v1/AccountService/Accounts/readonly_user body=&{payload} 230 231 # Verify users after updating 232 Redfish Verify User newadmin_user TestPwd123 Administrator ${True} 233 Redfish Verify User readonly_user TestPwd123 Administrator ${True} 234 235 # Delete created users. 236 Redfish.Delete /redfish/v1/AccountService/Accounts/newadmin_user 237 Redfish.Delete /redfish/v1/AccountService/Accounts/readonly_user 238 239 240Verify Modifying Operator User Attributes 241 [Documentation] Verify modifying operator user attributes. 242 [Tags] Verify_Modifying_Operator_User_Attributes 243 [Setup] Run Keywords Redfish.Login AND 244 ... Redfish Create User operator_user TestPwd123 Operator ${True} 245 [Teardown] Run Keywords Redfish.Delete /redfish/v1/AccountService/Accounts/operator_user 246 ... AND Test Teardown Execution 247 248 # Update operator_user password using Redfish. 249 ${payload}= Create Dictionary Password=NewTestPwd123 250 Redfish.Patch /redfish/v1/AccountService/Accounts/operator_user body=&{payload} 251 252 # Verify users after updating 253 Redfish Verify User operator_user NewTestPwd123 Operator ${True} 254 255 256Verify User Account Locked 257 [Documentation] Verify user account locked upon trying with invalid password. 258 [Tags] Verify_User_Account_Locked 259 260 Redfish Create User admin_user TestPwd123 Administrator ${True} 261 262 ${payload}= Create Dictionary AccountLockoutThreshold=${account_lockout_threshold} 263 ... AccountLockoutDuration=${account_lockout_duration} 264 Redfish.Patch ${REDFISH_ACCOUNTS_SERVICE_URI} body=${payload} 265 266 Redfish.Logout 267 268 # Make ${account_lockout_threshold} failed login attempts. 269 Repeat Keyword ${account_lockout_threshold} times 270 ... Run Keyword And Expect Error InvalidCredentialsError* Redfish.Login admin_user abc123 271 272 # Verify that legitimate login fails due to lockout. 273 Run Keyword And Expect Error InvalidCredentialsError* 274 ... Redfish.Login admin_user TestPwd123 275 276 # Wait for lockout duration to expire and then verify that login works. 277 Sleep ${account_lockout_duration}s 278 Redfish.Login admin_user TestPwd123 279 280 Redfish.Logout 281 282 Redfish.Login 283 284 Redfish.Delete /redfish/v1/AccountService/Accounts/admin_user 285 286 287Verify User Account Unlock 288 [Documentation] Verify manually unlocking the account before lockout time 289 [Tags] Verify_User_Account_Unlock 290 [Teardown] Run Keywords Redfish.Logout AND Redfish.Login AND 291 ... AND Redfish.Delete /redfish/v1/AccountService/Accounts/test_user 292 ... AND SSHLibrary.Close All Connections 293 294 Redfish Create User test_user TestPwd123 Administrator ${True} 295 296 ${payload}= Create Dictionary 297 ... AccountLockoutThreshold=${account_lockout_threshold} 298 ... AccountLockoutDuration=${account_lockout_duration} 299 Redfish.Patch ${REDFISH_ACCOUNTS_SERVICE_URI} body=${payload} 300 301 Redfish.Logout 302 303 # Make ${account_lockout_threshold} failed login attempts. 304 Repeat Keyword ${account_lockout_threshold} times 305 ... Run Keyword And Expect Error InvalidCredentialsError* 306 ... Redfish.Login test_user abc123 307 308 # Ensure SSH Login with locked account gets failed 309 SSHLibrary.Open Connection ${OPENBMC_HOST} 310 Run Keyword And Expect Error Authentication failed* 311 ... SSHLibrary.Login test_user TestPwd123 312 313 # Verify that legitimate login fails due to lockout. 314 Run Keyword And Expect Error InvalidCredentialsError* 315 ... Redfish.Login test_user TestPwd123 316 317 ${payload}= Create Dictionary Locked=${FALSE} 318 319 # Manually unlock the account before lockout threshold expires 320 Redfish.Login 321 Redfish.Patch ${REDFISH_ACCOUNTS_URI}test_user body=${payload} 322 Redfish.Logout 323 324 # Try redfish login with the recently unlocked account 325 Redfish.Login test_user TestPwd123 326 327 # Try SSH login with the unlocked account 328 SSHLibrary.Open Connection ${OPENBMC_HOST} 329 SSHLibrary.Login test_user TestPwd123 330 331 332Verify Admin User Privilege 333 [Documentation] Verify admin user privilege. 334 [Tags] Verify_Admin_User_Privilege 335 336 Redfish Create User admin_user TestPwd123 Administrator ${True} 337 Redfish Create User readonly_user TestPwd123 ReadOnly ${True} 338 339 Redfish.Logout 340 341 Redfish.Login admin_user TestPwd123 342 343 # Change password of 'readonly' user with admin user. 344 Redfish.Patch /redfish/v1/AccountService/Accounts/readonly_user body={'Password': 'NewTestPwd123'} 345 346 # Verify modified user. 347 Redfish Verify User readonly_user NewTestPwd123 ReadOnly ${True} 348 349 # Note: Delete user would work here because a root login is 350 # performed as part of "Redfish Verify User" keyword's teardown. 351 Redfish.Delete /redfish/v1/AccountService/Accounts/admin_user 352 Redfish.Delete /redfish/v1/AccountService/Accounts/readonly_user 353 354 355Verify Operator User Role Change Using Admin Privilege User 356 [Documentation] Verify operator user role change using admin privilege user 357 [Tags] Verify_Operator_User_Role_Change_Using_Admin_Privilege_User 358 359 Redfish Create User admin_user TestPwd123 Administrator ${True} 360 Redfish Create User operator_user TestPwd123 Operator ${True} 361 362 Redfish.Logout 363 364 # Change role ID of operator user with admin user. 365 # Login with admin user. 366 Redfish.Login admin_user TestPwd123 367 368 # Modify Role ID of Operator user. 369 Redfish.Patch /redfish/v1/AccountService/Accounts/operator_user body={'RoleId': 'Administrator'} 370 371 # Verify modified user. 372 Redfish Verify User operator_user TestPwd123 Administrator ${True} 373 374 Redfish.Delete /redfish/v1/AccountService/Accounts/admin_user 375 Redfish.Delete /redfish/v1/AccountService/Accounts/operator_user 376 377 378Verify Operator User Privilege 379 [Documentation] Verify operator user privilege. 380 [Tags] Verify_Operator_User_Privilege 381 382 Redfish Create User admin_user TestPwd123 Administrator ${True} 383 Redfish Create User operator_user TestPwd123 Operator ${True} 384 385 Redfish.Logout 386 # Login with operator user. 387 Redfish.Login operator_user TestPwd123 388 389 # Verify BMC reset. 390 Run Keyword And Expect Error ValueError* Redfish BMC Reset Operation 391 392 # Attempt to change password of admin user with operator user. 393 Redfish.Patch /redfish/v1/AccountService/Accounts/admin_user body={'Password': 'NewTestPwd123'} 394 ... valid_status_codes=[${HTTP_FORBIDDEN}] 395 396 Redfish.Logout 397 398 Redfish.Login 399 400 Redfish.Delete /redfish/v1/AccountService/Accounts/admin_user 401 Redfish.Delete /redfish/v1/AccountService/Accounts/operator_user 402 403 404Verify ReadOnly User Privilege 405 [Documentation] Verify ReadOnly user privilege. 406 [Tags] Verify_ReadOnly_User_Privilege 407 408 Redfish Create User readonly_user TestPwd123 ReadOnly ${True} 409 Redfish.Logout 410 411 # Login with read_only user. 412 Redfish.Login readonly_user TestPwd123 413 414 # Read system level data. 415 ${system_model}= Redfish_Utils.Get Attribute 416 ... ${SYSTEM_BASE_URI} Model 417 418 Redfish.Logout 419 Redfish.Login 420 Redfish.Delete ${REDFISH_ACCOUNTS_URI}readonly_user 421 422 423Verify Minimum Password Length For Redfish User 424 [Documentation] Verify minimum password length for new and existing user. 425 [Tags] Verify_Minimum_Password_Length_For_Redfish_User 426 427 ${user_name}= Set Variable testUser 428 429 # Make sure the user account in question does not already exist. 430 Redfish.Delete /redfish/v1/AccountService/Accounts/${user_name} 431 ... valid_status_codes=[${HTTP_OK}, ${HTTP_NOT_FOUND}] 432 433 # Try to create a user with invalid length password. 434 ${payload}= Create Dictionary 435 ... UserName=${user_name} Password=UserPwd RoleId=Administrator Enabled=${True} 436 Redfish.Post /redfish/v1/AccountService/Accounts/ body=&{payload} 437 ... valid_status_codes=[${HTTP_BAD_REQUEST}] 438 439 # Create specified user with valid length password. 440 Set To Dictionary ${payload} Password UserPwd1 441 Redfish.Post /redfish/v1/AccountService/Accounts/ body=&{payload} 442 ... valid_status_codes=[${HTTP_CREATED}] 443 444 # Try to change to an invalid password. 445 Redfish.Patch /redfish/v1/AccountService/Accounts/${user_name} body={'Password': 'UserPwd'} 446 ... valid_status_codes=[${HTTP_BAD_REQUEST}] 447 448 # Change to a valid password. 449 Redfish.Patch /redfish/v1/AccountService/Accounts/${user_name} body={'Password': 'UserPwd1'} 450 451 # Verify login. 452 Redfish.Logout 453 Redfish.Login ${user_name} UserPwd1 454 Redfish.Logout 455 Redfish.Login 456 Redfish.Delete /redfish/v1/AccountService/Accounts/${user_name} 457 458 459Verify Standard User Roles Defined By Redfish 460 [Documentation] Verify standard user roles defined by Redfish. 461 [Tags] Verify_Standard_User_Roles_Defined_By_Redfish 462 463 ${member_list}= Redfish_Utils.Get Member List 464 ... /redfish/v1/AccountService/Roles 465 466 @{roles}= Create List 467 ... /redfish/v1/AccountService/Roles/Administrator 468 ... /redfish/v1/AccountService/Roles/Operator 469 ... /redfish/v1/AccountService/Roles/ReadOnly 470 471 List Should Contain Sub List ${member_list} ${roles} 472 473 # The standard roles are: 474 475 # | Role name | Assigned privileges | 476 # | Administrator | Login, ConfigureManager, ConfigureUsers, ConfigureComponents, ConfigureSelf | 477 # | Operator | Login, ConfigureComponents, ConfigureSelf | 478 # | ReadOnly | Login, ConfigureSelf | 479 480 @{admin}= Create List Login ConfigureManager ConfigureUsers ConfigureComponents ConfigureSelf 481 @{operator}= Create List Login ConfigureComponents ConfigureSelf 482 @{readOnly}= Create List Login ConfigureSelf 483 484 ${roles_dict}= create dictionary admin_privileges=${admin} operator_privileges=${operator} 485 ... readOnly_privileges=${readOnly} 486 487 ${resp}= redfish.Get /redfish/v1/AccountService/Roles/Administrator 488 List Should Contain Sub List ${resp.dict['AssignedPrivileges']} ${roles_dict['admin_privileges']} 489 490 ${resp}= redfish.Get /redfish/v1/AccountService/Roles/Operator 491 List Should Contain Sub List ${resp.dict['AssignedPrivileges']} ${roles_dict['operator_privileges']} 492 493 ${resp}= redfish.Get /redfish/v1/AccountService/Roles/ReadOnly 494 List Should Contain Sub List ${resp.dict['AssignedPrivileges']} ${roles_dict['readOnly_privileges']} 495 496 497Verify Error While Deleting Root User 498 [Documentation] Verify error while deleting root user. 499 [Tags] Verify_Error_While_Deleting_Root_User 500 501 Redfish.Delete /redfish/v1/AccountService/Accounts/root valid_status_codes=[${HTTP_FORBIDDEN}] 502 503 504Verify SSH Login Access With Admin User 505 [Documentation] Verify that admin user does not have SSH login access. 506 [Tags] Verify_SSH_Login_Access_With_Admin_User 507 508 # Create an admin User. 509 Redfish Create User new_admin TestPwd1 Administrator ${True} 510 511 # Attempt SSH login with admin user. 512 SSHLibrary.Open Connection ${OPENBMC_HOST} 513 ${status}= Run Keyword And Return Status SSHLibrary.Login new_admin TestPwd1 514 Should Be Equal ${status} ${False} 515 516 Redfish.Login 517 Redfish.Delete /redfish/v1/AccountService/Accounts/new_admin 518 519 520Verify Configure BasicAuth Enable And Disable 521 [Documentation] Verify configure basicauth enable and disable 522 [Tags] Verify_Configure_BasicAuth_Enable_And_Disable 523 [Template] Template For Configure Auth Methods 524 525 # auth_method 526 BasicAuth 527 XToken 528 529*** Keywords *** 530 531Test Teardown Execution 532 [Documentation] Do the post test teardown. 533 534 Run Keyword And Ignore Error Redfish.Logout 535 FFDC On Test Case Fail 536 537 538Redfish Create User 539 [Documentation] Redfish create user. 540 [Arguments] ${username} ${password} ${role_id} ${enabled} ${login_check}=${True} 541 542 # Description of argument(s): 543 # username The username to be created. 544 # password The password to be assigned. 545 # role_id The role ID of the user to be created 546 # (e.g. "Administrator", "Operator", etc.). 547 # enabled Indicates whether the username being created 548 # should be enabled (${True}, ${False}). 549 # login_check Checks user login for created user. 550 # (e.g. ${True}, ${False}). 551 552 # Make sure the user account in question does not already exist. 553 Redfish.Delete /redfish/v1/AccountService/Accounts/${userName} 554 ... valid_status_codes=[${HTTP_OK}, ${HTTP_NOT_FOUND}] 555 556 # Create specified user. 557 ${payload}= Create Dictionary 558 ... UserName=${username} Password=${password} RoleId=${role_id} Enabled=${enabled} 559 Redfish.Post /redfish/v1/AccountService/Accounts/ body=&{payload} 560 ... valid_status_codes=[${HTTP_CREATED}] 561 562 # Resetting faillock count as a workaround for issue 563 # openbmc/phosphor-user-manager#4 564 ${cmd}= Catenate test -f /usr/sbin/faillock && /usr/sbin/faillock --user USER --reset 565 ... || /usr/sbin/pam_tally2 -u ${username} --reset 566 Bmc Execute Command ${cmd} 567 568 # Verify login with created user. 569 ${status}= Run Keyword If '${login_check}' == '${True}' 570 ... Verify Redfish User Login ${username} ${password} 571 Run Keyword If '${login_check}' == '${True}' Should Be Equal ${status} ${enabled} 572 573 # Validate Role ID of created user. 574 ${role_config}= Redfish_Utils.Get Attribute 575 ... /redfish/v1/AccountService/Accounts/${username} RoleId 576 Should Be Equal ${role_id} ${role_config} 577 578 579Redfish Verify User 580 [Documentation] Redfish user verification. 581 [Arguments] ${username} ${password} ${role_id} ${enabled} 582 583 # Description of argument(s): 584 # username The username to be created. 585 # password The password to be assigned. 586 # role_id The role ID of the user to be created 587 # (e.g. "Administrator", "Operator", etc.). 588 # enabled Indicates whether the username being created 589 # should be enabled (${True}, ${False}). 590 591 ${status}= Verify Redfish User Login ${username} ${password} 592 # Doing a check of the returned status. 593 Should Be Equal ${status} ${enabled} 594 595 # Validate Role Id of user. 596 ${role_config}= Redfish_Utils.Get Attribute 597 ... /redfish/v1/AccountService/Accounts/${username} RoleId 598 Should Be Equal ${role_id} ${role_config} 599 600 601Verify Redfish User Login 602 [Documentation] Verify Redfish login with given user id. 603 [Teardown] Run Keywords Run Keyword And Ignore Error Redfish.Logout AND Redfish.Login 604 [Arguments] ${username} ${password} 605 606 # Description of argument(s): 607 # username Login username. 608 # password Login password. 609 610 # Logout from current Redfish session. 611 # We don't really care if the current session is flushed out since we are going to login 612 # with new credential in next. 613 Run Keyword And Ignore Error Redfish.Logout 614 615 ${status}= Run Keyword And Return Status Redfish.Login ${username} ${password} 616 [Return] ${status} 617 618 619Redfish Create And Verify User 620 [Documentation] Redfish create and verify user. 621 [Arguments] ${username} ${password} ${role_id} ${enabled} 622 623 # Description of argument(s): 624 # username The username to be created. 625 # password The password to be assigned. 626 # role_id The role ID of the user to be created 627 # (e.g. "Administrator", "Operator", etc.). 628 # enabled Indicates whether the username being created 629 # should be enabled (${True}, ${False}). 630 631 # Example: 632 #{ 633 #"@odata.context": "/redfish/v1/$metadata#ManagerAccount.ManagerAccount", 634 #"@odata.id": "/redfish/v1/AccountService/Accounts/test1", 635 #"@odata.type": "#ManagerAccount.v1_0_3.ManagerAccount", 636 #"Description": "User Account", 637 #"Enabled": true, 638 #"Id": "test1", 639 #"Links": { 640 # "Role": { 641 # "@odata.id": "/redfish/v1/AccountService/Roles/Administrator" 642 # } 643 #}, 644 645 Redfish Create User ${username} ${password} ${role_id} ${enabled} 646 647 Redfish Verify User ${username} ${password} ${role_id} ${enabled} 648 649 # Delete Specified User 650 Redfish.Delete /redfish/v1/AccountService/Accounts/${username} 651 652Verify Redfish User with Wrong Password 653 [Documentation] Verify Redfish User with Wrong Password. 654 [Arguments] ${username} ${password} ${role_id} ${enabled} ${wrong_password} 655 656 # Description of argument(s): 657 # username The username to be created. 658 # password The password to be assigned. 659 # role_id The role ID of the user to be created 660 # (e.g. "Administrator", "Operator", etc.). 661 # enabled Indicates whether the username being created 662 # should be enabled (${True}, ${False}). 663 # wrong_password Any invalid password. 664 665 Redfish Create User ${username} ${password} ${role_id} ${enabled} 666 667 Redfish.Logout 668 669 # Attempt to login with created user with invalid password. 670 Run Keyword And Expect Error InvalidCredentialsError* 671 ... Redfish.Login ${username} ${wrong_password} 672 673 Redfish.Login 674 675 # Delete newly created user. 676 Redfish.Delete /redfish/v1/AccountService/Accounts/${username} 677 678 679Verify Login with Deleted Redfish User 680 [Documentation] Verify Login with Deleted Redfish User. 681 [Arguments] ${username} ${password} ${role_id} ${enabled} 682 683 # Description of argument(s): 684 # username The username to be created. 685 # password The password to be assigned. 686 # role_id The role ID of the user to be created 687 # (e.g. "Administrator", "Operator", etc.). 688 # enabled Indicates whether the username being created 689 # should be enabled (${True}, ${False}). 690 691 Redfish Create User ${username} ${password} ${role_id} ${enabled} 692 693 # Delete newly created user. 694 Redfish.Delete /redfish/v1/AccountService/Accounts/${userName} 695 696 Redfish.Logout 697 698 # Attempt to login with deleted user account. 699 Run Keyword And Expect Error InvalidCredentialsError* 700 ... Redfish.Login ${username} ${password} 701 702 Redfish.Login 703 704 705Verify Create User Without Enabling 706 [Documentation] Verify Create User Without Enabling. 707 [Arguments] ${username} ${password} ${role_id} ${enabled} 708 709 # Description of argument(s): 710 # username The username to be created. 711 # password The password to be assigned. 712 # role_id The role ID of the user to be created 713 # (e.g. "Administrator", "Operator", etc.). 714 # enabled Indicates whether the username being created 715 # should be enabled (${True}, ${False}). 716 717 Redfish Create User ${username} ${password} ${role_id} ${enabled} ${False} 718 719 Redfish.Logout 720 721 # Login with created user. 722 Run Keyword And Expect Error InvalidCredentialsError* 723 ... Redfish.Login ${username} ${password} 724 725 Redfish.Login 726 727 # Delete newly created user. 728 Redfish.Delete /redfish/v1/AccountService/Accounts/${username} 729 730Template For Configure Auth Methods 731 [Documentation] Template to configure auth methods. 732 [Arguments] ${auth_method} 733 [Teardown] Configure AuthMethods ${auth_method}=${initial_value} 734 735 # Description of Argument(s): 736 # authmethods The authmethod setting which needs to be 737 # set in account service URI. 738 # valid values BasicAuth, XToken. 739 740 Get AuthMethods Default Values ${auth_method} 741 742 # Patch basicauth to TRUE 743 Configure AuthMethods ${auth_method}=${TRUE} 744 745 Run Keyword IF "${auth_method}" == "XToken" 746 ... Check XToken Works Fine ${HTTP_OK} 747 ... ELSE 748 ... Check BasicAuth Works Fine ${HTTP_OK} 749 750 # Patch basicauth to FALSE 751 Configure AuthMethods ${auth_method}=${FALSE} 752 753 Run Keyword IF "${auth_method}" == "BasicAuth" 754 ... Check BasicAuth Works Fine ${HTTP_UNAUTHORIZED} 755 ... ELSE 756 ... Check XToken Works Fine ${HTTP_UNAUTHORIZED} 757 758Configure AuthMethods 759 [Documentation] Enable/disable authmethod types. 760 [Arguments] &{authmethods} 761 762 # Description of argument(s): 763 # authmethods The authmethod setting which needs to be 764 # set in account service URI. 765 # Usage Example Configure AuthMethods XToken=${TRUE} BasicAuth=${TRUE} 766 # This will set the value of "XToken" and "BasicAuth" 767 # property in accountservice uri to TRUE. 768 769 ${openbmc}= Create Dictionary AuthMethods=${authmethods} 770 ${oem}= Create Dictionary OpenBMC=${openbmc} 771 ${payload}= Create Dictionary Oem=${oem} 772 773 # Setting authmethod properties using Redfish session based auth 774 ${status}= Run Keyword And Return Status 775 ... Redfish.Patch ${REDFISH_BASE_URI}AccountService 776 ... body=${payload} valid_status_codes=[${HTTP_OK},${HTTP_NO_CONTENT}] 777 778 # Setting authmethod properties using basic auth incase the former fails 779 IF ${status}==${FALSE} 780 # Payload dictionary pre-process to match json formatting 781 ${payload}= Convert To String ${payload} 782 ${payload}= Replace String ${payload} ' " 783 ${payload}= Replace String ${payload} False false 784 ${payload}= Replace String ${payload} True true 785 786 # Curl Command Framing for PATCH authmethod 787 ${cmd}= Catenate curl -k -i -u ${OPENBMC_USERNAME}:${OPENBMC_PASSWORD} 788 ... -X PATCH '${AUTH_URI}${REDFISH_ACCOUNTS_SERVICE_URI}' 789 ... -H 'content-type:application/json' -H 'If-Match:*' 790 ... -d '${payload}' 791 ${rc} ${out}= Run And Return Rc And Output ${cmd} 792 793 # Check the response of curl command is 200 or 204 794 ${check_no_content}= 795 ... Run Keyword and Return Status Should Contain ${out} 204 796 ${check_ok}= 797 ... Run Keyword and Return Status Should Contain ${out} 200 798 Pass Execution If ${check_no_content}==${TRUE} 799 ... OR ${check_ok}==${TRUE} 800 END 801 802 803Get AuthMethods Default Values 804 [Documentation] Get enabled/disabled status of all authmethods 805 ... from Redfish account service URI 806 [Arguments] ${authmethod} 807 808 # Description of argument(s): 809 # authmethod The authmethod property whose value needs to be 810 # retrieved from account service URI. 811 # Usage Example Get AuthMethods Default Values BasicAuth 812 # returns >> ${TRUE} 813 # Example: 814 # { 815 # "@odata.id": "/redfish/v1/AccountService", 816 # (...) 817 # "Oem": { 818 # "OpenBMC": { 819 # "AuthMethods": { 820 # "BasicAuth": true, 821 # "Cookie": true, 822 # "SessionToken": true, 823 # "TLS": true, 824 # "XToken": true 825 # } 826 # } 827 # } 828 # } 829 830 ${resp}= Redfish.Get Attribute ${REDFISH_ACCOUNTS_SERVICE_URI} Oem 831 ${authmethods}= Set Variable ${resp['OpenBMC']['AuthMethods']} 832 ${initial_value}= Get From Dictionary ${authmethods} ${authmethod} 833 Set Test Variable ${initial_value} 834 835Check XToken Works Fine 836 [Documentation] Verify Xtoken works fine. 837 [Arguments] ${status_code} 838 839 # Description of Argument(s): 840 # status_code : 200, 401. 841 842 # Verify xtoken auth works for xtoken 843 Redfish.Get ${REDFISH_ACCOUNTS_SERVICE_URI} 844 ... valid_status_codes=[${status_code}] 845 846Check BasicAuth Works Fine 847 [Documentation] Verify Basic Auth works fine. 848 [Arguments] ${status_code} 849 850 # Description of Argument(s): 851 # status_code : 200, 401. 852 853 # Verify basic auth works based on basic auth. 854 ${cmd}= Catenate curl -k -i -u ${OPENBMC_USERNAME}:${OPENBMC_PASSWORD} 855 ... ${AUTH_URI}/redfish/v1/AccountService 856 ${rc} ${out}= Run And Return Rc And Output ${cmd} 857 858 # Check the response of curl command is 200/401 859 Should Contain ${out} ${status_code} 860