1*** Settings *** 2Documentation Test Redfish user account. 3 4Resource ../../lib/resource.robot 5Resource ../../lib/bmc_redfish_resource.robot 6Resource ../../lib/openbmc_ffdc.robot 7 8Test Setup Test Setup Execution 9Test Teardown Test Teardown Execution 10 11*** Variables *** 12 13${account_lockout_duration} ${30} 14${account_lockout_threshold} ${3} 15 16 17** Test Cases ** 18 19Verify AccountService Available 20 [Documentation] Verify Redfish account service is available. 21 [Tags] Verify_AccountService_Available 22 23 ${resp} = Redfish_utils.Get Attribute /redfish/v1/AccountService ServiceEnabled 24 Should Be Equal As Strings ${resp} ${True} 25 26Verify Redfish User Persistence After Reboot 27 [Documentation] Verify Redfish user persistence after reboot. 28 [Tags] Verify_Redfish_User_Persistence_After_Reboot 29 30 # Create Redfish users. 31 Redfish Create User admin_user TestPwd123 Administrator ${True} 32 Redfish Create User operator_user TestPwd123 Operator ${True} 33 Redfish Create User user_user TestPwd123 User ${True} 34 Redfish Create User callback_user TestPwd123 Callback ${True} 35 36 # Reboot BMC. 37 Redfish OBMC Reboot (off) stack_mode=normal 38 Redfish.Login 39 40 # Verify users after reboot. 41 Redfish Verify User admin_user TestPwd123 Administrator ${True} 42 Redfish Verify User operator_user TestPwd123 Operator ${True} 43 Redfish Verify User user_user TestPwd123 User ${True} 44 Redfish Verify User callback_user TestPwd123 Callback ${True} 45 46 # Delete created users. 47 Redfish.Delete ${REDFISH_ACCOUNTS_URI}admin_user 48 Redfish.Delete ${REDFISH_ACCOUNTS_URI}operator_user 49 Redfish.Delete ${REDFISH_ACCOUNTS_URI}user_user 50 Redfish.Delete ${REDFISH_ACCOUNTS_URI}callback_user 51 52Redfish Create and Verify Users 53 [Documentation] Create Redfish users with various roles. 54 [Tags] Redfish_Create_and_Verify_Users 55 [Template] Redfish Create And Verify User 56 57 #username password role_id enabled 58 admin_user TestPwd123 Administrator ${True} 59 operator_user TestPwd123 Operator ${True} 60 user_user TestPwd123 User ${True} 61 callback_user TestPwd123 Callback ${True} 62 63Verify Redfish User with Wrong Password 64 [Documentation] Verify Redfish User with Wrong Password. 65 [Tags] Verify_Redfish_User_with_Wrong_Password 66 [Template] Verify Redfish User with Wrong Password 67 68 #username password role_id enabled wrong_password 69 admin_user TestPwd123 Administrator ${True} alskjhfwurh 70 operator_user TestPwd123 Operator ${True} 12j8a8uakjhdaosiruf024 71 user_user TestPwd123 User ${True} 12 72 callback_user TestPwd123 Callback ${True} !#@D#RF#@!D 73 74Verify Login with Deleted Redfish Users 75 [Documentation] Verify login with deleted Redfish Users. 76 [Tags] Verify_Login_with_Deleted_Redfish_Users 77 [Template] Verify Login with Deleted Redfish User 78 79 #username password role_id enabled 80 admin_user TestPwd123 Administrator ${True} 81 operator_user TestPwd123 Operator ${True} 82 user_user TestPwd123 User ${True} 83 callback_user TestPwd123 Callback ${True} 84 85Verify User Creation Without Enabling It 86 [Documentation] Verify User Creation Without Enabling it. 87 [Tags] Verify_User_Creation_Without_Enabling_It 88 [Template] Verify Create User Without Enabling 89 90 #username password role_id enabled 91 admin_user TestPwd123 Administrator ${False} 92 operator_user TestPwd123 Operator ${False} 93 user_user TestPwd123 User ${False} 94 callback_user TestPwd123 Callback ${False} 95 96 97Verify User Creation With Invalid Role Id 98 [Documentation] Verify user creation with invalid role ID. 99 [Tags] Verify_User_Creation_With_Invalid_Role_Id 100 101 # Make sure the user account in question does not already exist. 102 Redfish.Delete ${REDFISH_ACCOUNTS_URI}test_user 103 ... valid_status_codes=[${HTTP_OK}, ${HTTP_NOT_FOUND}] 104 105 # Create specified user. 106 ${payload}= Create Dictionary 107 ... UserName=test_user Password=TestPwd123 RoleId=wrongroleid Enabled=${True} 108 Redfish.Post ${REDFISH_ACCOUNTS_URI} body=&{payload} 109 ... valid_status_codes=[${HTTP_BAD_REQUEST}] 110 111Verify Error Upon Creating Same Users With Different Privileges 112 [Documentation] Verify error upon creating same users with different privileges. 113 [Tags] Verify_Error_Upon_Creating_Same_Users_With_Different_Privileges 114 115 Redfish Create User test_user TestPwd123 Administrator ${True} 116 117 # Create specified user. 118 ${payload}= Create Dictionary 119 ... UserName=test_user Password=TestPwd123 RoleId=Operator Enabled=${True} 120 Redfish.Post ${REDFISH_ACCOUNTS_URI} body=&{payload} 121 ... valid_status_codes=[${HTTP_BAD_REQUEST}] 122 123 Redfish.Delete ${REDFISH_ACCOUNTS_URI}test_user 124 125Verify Modifying User Attributes 126 [Documentation] Verify modifying user attributes. 127 [Tags] Verify_Modifying_User_Attributes 128 129 # Create Redfish users. 130 Redfish Create User admin_user TestPwd123 Administrator ${True} 131 Redfish Create User operator_user TestPwd123 Operator ${True} 132 Redfish Create User user_user TestPwd123 User ${True} 133 Redfish Create User callback_user TestPwd123 Callback ${True} 134 135 Redfish.Login 136 137 # Make sure the new user account does not already exist. 138 Redfish.Delete ${REDFISH_ACCOUNTS_URI}newadmin_user 139 ... valid_status_codes=[${HTTP_OK}, ${HTTP_NOT_FOUND}] 140 141 # Update admin_user username using Redfish. 142 ${payload}= Create Dictionary UserName=newadmin_user 143 Redfish.Patch ${REDFISH_ACCOUNTS_URI}admin_user body=&{payload} 144 145 # Update operator_user password using Redfish. 146 ${payload}= Create Dictionary Password=NewTestPwd123 147 Redfish.Patch ${REDFISH_ACCOUNTS_URI}operator_user body=&{payload} 148 149 # Update user_user role using Redfish. 150 ${payload}= Create Dictionary RoleId=Operator 151 Redfish.Patch ${REDFISH_ACCOUNTS_URI}user_user body=&{payload} 152 153 # Update callback_user to disable using Redfish. 154 ${payload}= Create Dictionary Enabled=${False} 155 Redfish.Patch ${REDFISH_ACCOUNTS_URI}callback_user body=&{payload} 156 157 # Verify users after updating 158 Redfish Verify User newadmin_user TestPwd123 Administrator ${True} 159 Redfish Verify User operator_user NewTestPwd123 Operator ${True} 160 Redfish Verify User user_user TestPwd123 Operator ${True} 161 Redfish Verify User callback_user TestPwd123 Callback ${False} 162 163 # Delete created users. 164 Redfish.Delete ${REDFISH_ACCOUNTS_URI}newadmin_user 165 Redfish.Delete ${REDFISH_ACCOUNTS_URI}operator_user 166 Redfish.Delete ${REDFISH_ACCOUNTS_URI}user_user 167 Redfish.Delete ${REDFISH_ACCOUNTS_URI}callback_user 168 169Verify User Account Locked 170 [Documentation] Verify user account locked upon trying with invalid password. 171 [Tags] Verify_User_Account_Locked 172 173 Redfish Create User admin_user TestPwd123 Administrator ${True} 174 175 Redfish.Logout 176 177 Redfish.Login 178 179 ${payload}= Create Dictionary AccountLockoutThreshold=${account_lockout_threshold} 180 ... AccountLockoutDuration=${account_lockout_duration} 181 Redfish.Patch ${REDFISH_ACCOUNTS_SERVICE_URI} body=${payload} 182 183 # Make ${account_lockout_threshold} failed login attempts. 184 Repeat Keyword ${account_lockout_threshold} times 185 ... Run Keyword And Expect Error InvalidCredentialsError* Redfish.Login admin_user abc123 186 187 # Verify that legitimate login fails due to lockout. 188 Run Keyword And Expect Error InvalidCredentialsError* 189 ... Redfish.Login admin_user TestPwd123 190 191 # Wait for lockout duration to expire and then verify that login works. 192 Sleep ${account_lockout_duration}s 193 Redfish.Login admin_user TestPwd123 194 195 Redfish.Logout 196 197 Redfish.Login 198 199 Redfish.Delete ${REDFISH_ACCOUNTS_URI}admin_user 200 201Verify Admin User Privilege 202 [Documentation] Verify admin user privilege. 203 [Tags] Verify_Admin_User_Privilege 204 205 Redfish Create User admin_user TestPwd123 Administrator ${True} 206 Redfish Create User operator_user TestPwd123 Operator ${True} 207 Redfish Create User user_user TestPwd123 User ${True} 208 209 # Change role ID of operator user with admin user. 210 # Login with admin user. 211 Redfish.Login admin_user TestPwd123 212 213 # Modify Role ID of Operator user. 214 Redfish.Patch ${REDFISH_ACCOUNTS_URI}operator_user body={'RoleId': 'Administrator'} 215 216 # Verify modified user. 217 Redfish Verify User operator_user TestPwd123 Administrator ${True} 218 219 # Change password of 'user' user with admin user. 220 Redfish.Patch ${REDFISH_ACCOUNTS_URI}user_user body={'Password': 'NewTestPwd123'} 221 222 # Verify modified user. 223 Redfish Verify User user_user NewTestPwd123 User ${True} 224 225 Redfish.Login 226 227 Redfish.Delete ${REDFISH_ACCOUNTS_URI}admin_user 228 Redfish.Delete ${REDFISH_ACCOUNTS_URI}operator_user 229 Redfish.Delete ${REDFISH_ACCOUNTS_URI}user_user 230 231Verify Operator User Privilege 232 [Documentation] Verify operator user privilege. 233 [Tags] Verify_operator_User_Privilege 234 235 Redfish Create User admin_user TestPwd123 Administrator ${True} 236 Redfish Create User operator_user TestPwd123 Operator ${True} 237 238 # Login with operator user. 239 Redfish.Login operator_user TestPwd123 240 241 # Verify power on system. 242 Redfish OBMC Reboot (off) stack_mode=normal 243 244 # Attempt to change password of admin user with operator user. 245 Redfish.Patch ${REDFISH_ACCOUNTS_URI}admin_user body={'Password': 'NewTestPwd123'} 246 ... valid_status_codes=[${HTTP_UNAUTHORIZED}] 247 248 Redfish.Login 249 250 Redfish.Delete ${REDFISH_ACCOUNTS_URI}admin_user 251 Redfish.Delete ${REDFISH_ACCOUNTS_URI}operator_user 252 253 254Verify 'User' User Privilege 255 [Documentation] Verify 'user' user privilege. 256 [Tags] Verify_User_User_Privilege 257 258 Redfish Create User user_user TestPwd123 User ${True} 259 260 # Read system level data. 261 ${system_model}= Redfish_Utils.Get Attribute 262 ... ${SYSTEM_BASE_URI} Model 263 264 Redfish.Login 265 266 Redfish.Delete ${REDFISH_ACCOUNTS_URI}user_user 267 268 269*** Keywords *** 270 271Test Setup Execution 272 [Documentation] Do test case setup tasks. 273 274 Redfish.Login 275 276 277Test Teardown Execution 278 [Documentation] Do the post test teardown. 279 280 FFDC On Test Case Fail 281 Redfish.Logout 282 283Redfish Create User 284 [Documentation] Redfish create user. 285 [Arguments] ${username} ${password} ${role_id} ${enabled} 286 287 # Description of argument(s): 288 # username The username to be created. 289 # password The password to be assigned. 290 # role_id The role ID of the user to be created 291 # (e.g. "Administrator", "Operator", etc.). 292 # enabled Indicates whether the username being created 293 # should be enabled (${True}, ${False}). 294 295 Redfish.Login 296 297 # Make sure the user account in question does not already exist. 298 Redfish.Delete ${REDFISH_ACCOUNTS_URI}${userName} 299 ... valid_status_codes=[${HTTP_OK}, ${HTTP_NOT_FOUND}] 300 301 # Create specified user. 302 ${payload}= Create Dictionary 303 ... UserName=${username} Password=${password} RoleId=${role_id} Enabled=${enabled} 304 Redfish.Post ${REDFISH_ACCOUNTS_URI} body=&{payload} 305 ... valid_status_codes=[${HTTP_CREATED}] 306 307 Redfish.Logout 308 309 # Login with created user. 310 Run Keyword If ${enabled} == ${False} 311 ... Run Keyword And Expect Error InvalidCredentialsError* 312 ... Redfish.Login ${username} ${password} 313 ... ELSE 314 ... Redfish.Login ${username} ${password} 315 316 Run Keyword If ${enabled} == ${False} 317 ... Redfish.Login 318 319 # Validate Role ID of created user. 320 ${role_config}= Redfish_Utils.Get Attribute 321 ... ${REDFISH_ACCOUNTS_URI}${username} RoleId 322 Should Be Equal ${role_id} ${role_config} 323 324 325Redfish Verify User 326 [Documentation] Redfish user verification. 327 [Arguments] ${username} ${password} ${role_id} ${enabled} 328 329 # Description of argument(s): 330 # username The username to be created. 331 # password The password to be assigned. 332 # role_id The role ID of the user to be created 333 # (e.g. "Administrator", "Operator", etc.). 334 # enabled Indicates whether the username being created 335 # should be enabled (${True}, ${False}). 336 337 # Trying to do a login with created user. 338 ${status}= Run Keyword And Return Status Redfish.Login ${username} ${password} 339 340 # Doing a check of the returned status. 341 Should Be Equal ${status} ${enabled} 342 343 # We do not need to login with created user (user could be in disabled status). 344 Redfish.Login 345 346 # Validate Role Id of user. 347 ${role_config}= Redfish_Utils.Get Attribute 348 ... ${REDFISH_ACCOUNTS_URI}${username} RoleId 349 Should Be Equal ${role_id} ${role_config} 350 351 352Redfish Create And Verify User 353 [Documentation] Redfish create and verify user. 354 [Arguments] ${username} ${password} ${role_id} ${enabled} 355 356 # Description of argument(s): 357 # username The username to be created. 358 # password The password to be assigned. 359 # role_id The role ID of the user to be created 360 # (e.g. "Administrator", "Operator", etc.). 361 # enabled Indicates whether the username being created 362 # should be enabled (${True}, ${False}). 363 364 # Example: 365 #{ 366 #"@odata.context": "/redfish/v1/$metadata#ManagerAccount.ManagerAccount", 367 #"@odata.id": "/redfish/v1/AccountService/Accounts/test1", 368 #"@odata.type": "#ManagerAccount.v1_0_3.ManagerAccount", 369 #"Description": "User Account", 370 #"Enabled": true, 371 #"Id": "test1", 372 #"Links": { 373 # "Role": { 374 # "@odata.id": "/redfish/v1/AccountService/Roles/Administrator" 375 # } 376 #}, 377 378 Redfish Create User ${username} ${password} ${role_id} ${enabled} 379 380 Redfish Verify User ${username} ${password} ${role_id} ${enabled} 381 382 # Delete Specified User 383 Redfish.Delete ${REDFISH_ACCOUNTS_URI}${username} 384 385Verify Redfish User with Wrong Password 386 [Documentation] Verify Redfish User with Wrong Password. 387 [Arguments] ${username} ${password} ${role_id} ${enabled} ${wrong_password} 388 389 # Description of argument(s): 390 # username The username to be created. 391 # password The password to be assigned. 392 # role_id The role ID of the user to be created 393 # (e.g. "Administrator", "Operator", etc.). 394 # enabled Indicates whether the username being created 395 # should be enabled (${True}, ${False}). 396 # wrong_password Any invalid password. 397 398 Redfish Create User ${username} ${password} ${role_id} ${enabled} 399 400 # Attempt to login with created user with invalid password. 401 Run Keyword And Expect Error InvalidCredentialsError* 402 ... Redfish.Login ${username} ${wrong_password} 403 404 Redfish.Login 405 406 # Delete newly created user. 407 Redfish.Delete ${REDFISH_ACCOUNTS_URI}${username} 408 409 410Verify Login with Deleted Redfish User 411 [Documentation] Verify Login with Deleted Redfish User. 412 [Arguments] ${username} ${password} ${role_id} ${enabled} 413 414 # Description of argument(s): 415 # username The username to be created. 416 # password The password to be assigned. 417 # role_id The role ID of the user to be created 418 # (e.g. "Administrator", "Operator", etc.). 419 # enabled Indicates whether the username being created 420 # should be enabled (${True}, ${False}). 421 422 Redfish Create User ${username} ${password} ${role_id} ${enabled} 423 ${status}= Run Keyword And Return Status Redfish.Login ${username} ${password} 424 425 # Doing a check of the rerurned status 426 Should Be Equal ${status} ${True} 427 428 Redfish.Login 429 430 # Delete newly created user. 431 Redfish.Delete ${REDFISH_ACCOUNTS_URI}${userName} 432 433 # Attempt to login with deleted user account. 434 Run Keyword And Expect Error InvalidCredentialsError* 435 ... Redfish.Login ${username} ${password} 436 437 Redfish.Login 438 439Verify Create User Without Enabling 440 [Documentation] Verify Create User Without Enabling. 441 [Arguments] ${username} ${password} ${role_id} ${enabled} 442 443 # Description of argument(s): 444 # username The username to be created. 445 # password The password to be assigned. 446 # role_id The role ID of the user to be created 447 # (e.g. "Administrator", "Operator", etc.). 448 # enabled Indicates whether the username being created 449 # should be enabled (${True}, ${False}). 450 451 Redfish.Login 452 453 Redfish Create User ${username} ${password} ${role_id} ${enabled} 454 455 Redfish.Logout 456 457 # Login with created user. 458 Run Keyword And Expect Error InvalidCredentialsError* 459 ... Redfish.Login ${username} ${password} 460 461 Redfish.Login 462 463 # Delete newly created user. 464 Redfish.Delete ${REDFISH_ACCOUNTS_URI}${username} 465