1*** Settings ***
2Documentation    Test Redfish user account.
3
4Resource         ../../lib/resource.robot
5Resource         ../../lib/bmc_redfish_resource.robot
6Resource         ../../lib/openbmc_ffdc.robot
7
8Test Setup       Test Setup Execution
9Test Teardown    Test Teardown Execution
10
11
12** Test Cases **
13
14Verify AccountService Available
15    [Documentation]  Verify Redfish account service is available.
16    [Tags]  Verify_AccountService_Available
17
18    ${resp} =  Redfish_utils.Get Attribute  /redfish/v1/AccountService  ServiceEnabled
19    Should Be Equal As Strings  ${resp}  ${True}
20
21Redfish Create and Verify Users
22    [Documentation]  Create Redfish users with various roles.
23    [Tags]  Redfish_Create_and_Verify_Users
24    [Template]  Redfish Create And Verify User
25
26    #username      password    role_id         enabled
27    admin_user     TestPwd123  Administrator   ${True}
28    operator_user  TestPwd123  Operator        ${True}
29    user_user      TestPwd123  User            ${True}
30    callback_user  TestPwd123  Callback        ${True}
31
32Verify Redfish User with Wrong Password
33    [Documentation]  Verify Redfish User with Wrong Password.
34    [Tags]  Verify_Redfish_User_with_Wrong_Password
35    [Template]  Verify Redfish User with Wrong Password
36
37    #username      password    role_id         enabled  wrong_password
38    admin_user     TestPwd123  Administrator   ${True}  alskjhfwurh
39    operator_user  TestPwd123  Operator        ${True}  12j8a8uakjhdaosiruf024
40    user_user      TestPwd123  User            ${True}  12
41    callback_user  TestPwd123  Callback        ${True}  !#@D#RF#@!D
42
43Verify Login with Deleted Redfish Users
44    [Documentation]  Verify login with deleted Redfish Users.
45    [Tags]  Verify_Login_with_Deleted_Redfish_Users
46    [Template]  Verify Login with Deleted Redfish User
47
48    #username     password    role_id         enabled
49    admin_user     TestPwd123  Administrator   ${True}
50    operator_user  TestPwd123  Operator        ${True}
51    user_user      TestPwd123  User            ${True}
52    callback_user  TestPwd123  Callback        ${True}
53
54Verify User Creation Without Enabling It
55    [Documentation]  Verify User Creation Without Enabling it.
56    [Tags]  Verify_User_Creation_Without_Enabling_It
57    [Template]  Verify Create User Without Enabling
58
59    #username      password    role_id         enabled
60    admin_user     TestPwd123  Administrator   ${False}
61    operator_user  TestPwd123  Operator        ${False}
62    user_user      TestPwd123  User            ${False}
63    callback_user  TestPwd123  Callback        ${False}
64
65Verify Redfish User Persistence After Reboot
66    [Documentation]  Verify Redfish user persistence after reboot.
67    [Tags]  Verify_Redfish_User_Persistence_After_Reboot
68
69    # Create Redfish users.
70    Redfish Create User  admin_user     TestPwd123  Administrator   ${True}
71    Redfish Create User  operator_user  TestPwd123  Operator        ${True}
72    Redfish Create User  user_user      TestPwd123  User            ${True}
73    Redfish Create User  callback_user  TestPwd123  Callback        ${True}
74
75    # Reboot BMC.
76    Redfish OBMC Reboot (off)  stack_mode=normal
77
78    # Verify users after reboot.
79    Redfish Verify User  admin_user     TestPwd123  Administrator   ${True}
80    Redfish Verify User  operator_user  TestPwd123  Operator        ${True}
81    Redfish Verify User  user_user      TestPwd123  User            ${True}
82    Redfish Verify User  callback_user  TestPwd123  Callback        ${True}
83
84    # Delete created users.
85    Redfish.Delete  ${REDFISH_ACCOUNTS_URI}admin_user
86    Redfish.Delete  ${REDFISH_ACCOUNTS_URI}operator_user
87    Redfish.Delete  ${REDFISH_ACCOUNTS_URI}user_user
88    Redfish.Delete  ${REDFISH_ACCOUNTS_URI}callback_user
89
90Verify User Creation With Invalid Role Id
91    [Documentation]  Verify user creation with invalid role id.
92    [Tags]  Verify_User_Creation_With_Invalid_Role_Id
93
94    # Make sure the user account in question does not already exist.
95    Redfish.Delete  ${REDFISH_ACCOUNTS_URI}test_user
96    ...  valid_status_codes=[${HTTP_OK}, ${HTTP_NOT_FOUND}]
97
98    # Create specified user.
99    ${payload}=  Create Dictionary
100    ...  UserName=test_user  Password=TestPwd123  RoleId=wrongroleid  Enabled=${True}
101    Redfish.Post  ${REDFISH_ACCOUNTS_URI}  body=&{payload}
102    ...  valid_status_codes=[${HTTP_BAD_REQUEST}]
103
104Verify Error Upon Creating Same Users With Different Privileges
105    [Documentation]  Verify error upon creating same users with different privileges.
106    [Tags]  Verify_Error_Upon_Creating_Same_Users_With_Different_Privileges
107
108    Redfish Create User  test_user  TestPwd123  Administrator  ${True}
109
110    # Create specified user.
111    ${payload}=  Create Dictionary
112    ...  UserName=test_user  Password=TestPwd123  RoleId=Operator  Enabled=${True}
113    Redfish.Post  ${REDFISH_ACCOUNTS_URI}  body=&{payload}
114    ...  valid_status_codes=[${HTTP_BAD_REQUEST}]
115
116
117Verify Modifying User Attributes
118    [Documentation]  Verify modifying user attributes.
119    [Tags]  Verify_Modifying_User_Attributes
120
121    # Create Redfish users.
122    Redfish Create User  admin_user     TestPwd123  Administrator   ${True}
123    Redfish Create User  operator_user  TestPwd123  Operator        ${True}
124    Redfish Create User  user_user      TestPwd123  User            ${True}
125    Redfish Create User  callback_user  TestPwd123  Callback        ${True}
126
127    Redfish.Login
128
129    # Make sure the new user account does not already exist.
130    Redfish.Delete  ${REDFISH_ACCOUNTS_URI}newadmin_user
131    ...  valid_status_codes=[${HTTP_OK}, ${HTTP_NOT_FOUND}]
132
133    # Update admin_user username using Redfish.
134    ${payload}=  Create Dictionary  UserName=newadmin_user
135    Redfish.Patch  ${REDFISH_ACCOUNTS_URI}admin_user  body=&{payload}
136
137    # Update operator_user password using Redfish.
138    ${payload}=  Create Dictionary  Password=NewTestPwd123
139    Redfish.Patch  ${REDFISH_ACCOUNTS_URI}operator_user  body=&{payload}
140
141    # Update user_user role using Redfish.
142    ${payload}=  Create Dictionary  RoleId=Operator
143    Redfish.Patch  ${REDFISH_ACCOUNTS_URI}user_user  body=&{payload}
144
145    # Update callback_user to disable using Redfish.
146    ${payload}=  Create Dictionary  Enabled=${False}
147    Redfish.Patch  ${REDFISH_ACCOUNTS_URI}callback_user  body=&{payload}
148
149    # Verify users after updating
150    Redfish Verify User  newadmin_user  TestPwd123     Administrator   ${True}
151    Redfish Verify User  operator_user  NewTestPwd123  Operator        ${True}
152    Redfish Verify User  user_user      TestPwd123     Operator        ${True}
153    Redfish Verify User  callback_user  TestPwd123     Callback        ${False}
154
155    # Delete created users.
156    Redfish.Delete  ${REDFISH_ACCOUNTS_URI}newadmin_user
157    Redfish.Delete  ${REDFISH_ACCOUNTS_URI}operator_user
158    Redfish.Delete  ${REDFISH_ACCOUNTS_URI}user_user
159    Redfish.Delete  ${REDFISH_ACCOUNTS_URI}callback_user
160
161
162
163*** Keywords ***
164
165Test Setup Execution
166    [Documentation]  Do test case setup tasks.
167
168    Redfish.Login
169
170
171Test Teardown Execution
172    [Documentation]  Do the post test teardown.
173
174    #FFDC On Test Case Fail
175    Redfish.Logout
176
177Redfish Create User
178    [Documentation]  Redfish create user.
179    [Arguments]   ${username}  ${password}  ${role_id}  ${enabled}
180
181    # Description of argument(s):
182    # username            The username to be created.
183    # password            The password to be assigned.
184    # role_id             The role id of the user to be created
185    #                     (e.g. "Administrator", "Operator", etc.).
186    # enabled             Indicates whether the username being created
187    #                     should be enabled (${True}, ${False}).
188
189    Redfish.Login
190
191    # Make sure the user account in question does not already exist.
192    Redfish.Delete  ${REDFISH_ACCOUNTS_URI}${userName}
193    ...  valid_status_codes=[${HTTP_OK}, ${HTTP_NOT_FOUND}]
194
195    # Create specified user.
196    ${payload}=  Create Dictionary
197    ...  UserName=${username}  Password=${password}  RoleId=${role_id}  Enabled=${enabled}
198    Redfish.Post  ${REDFISH_ACCOUNTS_URI}  body=&{payload}
199    ...  valid_status_codes=[${HTTP_CREATED}]
200
201    Redfish.Logout
202
203    # Login with created user.
204    Run Keyword If  ${enabled} == False
205    ...    Run Keyword And Expect Error  InvalidCredentialsError*
206    ...    Redfish.Login  ${username}  ${password}
207    ...  ELSE
208    ...    Redfish.Login  ${username}  ${password}
209
210    Run Keyword If  ${enabled} == False
211    ...  Redfish.Login
212
213    # Validate Role Id of created user.
214    ${role_config}=  Redfish_Utils.Get Attribute
215    ...  ${REDFISH_ACCOUNTS_URI}${username}  RoleId
216    Should Be Equal  ${role_id}  ${role_config}
217
218
219Redfish Verify User
220    [Documentation]  Redfish user verification.
221    [Arguments]   ${username}  ${password}  ${role_id}  ${enabled}
222
223    # Description of argument(s):
224    # username            The username to be created.
225    # password            The password to be assigned.
226    # role_id             The role id of the user to be created
227    #                     (e.g. "Administrator", "Operator", etc.).
228    # enabled             Indicates whether the username being created
229    #                     should be enabled (${True}, ${False}).
230
231    # Trying to do a login with created user.
232    ${status}=  Run Keyword And Return Status  Redfish.Login  ${username}  ${password}
233
234    # Doing a check of the returned status.
235    Should Be Equal  ${status}  ${enabled}
236
237    # We do not need to login with created user (user could be in disabled status).
238    Redfish.Login
239
240    # Validate Role Id of user.
241    ${role_config}=  Redfish_Utils.Get Attribute
242    ...  ${REDFISH_ACCOUNTS_URI}${username}  RoleId
243    Should Be Equal  ${role_id}  ${role_config}
244
245
246Redfish Create And Verify User
247    [Documentation]  Redfish create and verify user.
248    [Arguments]   ${username}  ${password}  ${role_id}  ${enabled}
249
250    # Description of argument(s):
251    # username            The username to be created.
252    # password            The password to be assigned.
253    # role_id             The role id of the user to be created
254    #                     (e.g. "Administrator", "Operator", etc.).
255    # enabled             Indicates whether the username being created
256    #                     should be enabled (${True}, ${False}).
257
258    # Example:
259    #{
260    #"@odata.context": "/redfish/v1/$metadata#ManagerAccount.ManagerAccount",
261    #"@odata.id": "/redfish/v1/AccountService/Accounts/test1",
262    #"@odata.type": "#ManagerAccount.v1_0_3.ManagerAccount",
263    #"Description": "User Account",
264    #"Enabled": true,
265    #"Id": "test1",
266    #"Links": {
267    #  "Role": {
268    #    "@odata.id": "/redfish/v1/AccountService/Roles/Administrator"
269    #  }
270    #},
271
272    Redfish Create User  ${username}  ${password}  ${role_id}  ${enabled}
273
274    Redfish Verify User  ${username}  ${password}  ${role_id}  ${enabled}
275
276    # Delete Specified User
277    Redfish.Delete  ${REDFISH_ACCOUNTS_URI}${username}
278
279Verify Redfish User with Wrong Password
280    [Documentation]  Verify Redfish User with Wrong Password.
281    [Arguments]   ${username}  ${password}  ${role_id}  ${enabled}  ${wrong_password}
282
283    # Description of argument(s):
284    # username            The username to be created.
285    # password            The password to be assigned.
286    # role_id             The role id of the user to be created
287    #                     (e.g. "Administrator", "Operator", etc.).
288    # enabled             Indicates whether the username being created
289    #                     should be enabled (${True}, ${False}).
290    # wrong_password      Any invalid password.
291
292    Redfish Create User  ${username}  ${password}  ${role_id}  ${enabled}
293
294    # Attempt to login with created user with invalid password.
295    Run Keyword And Expect Error  InvalidCredentialsError*
296    ...  Redfish.Login  ${username}  ${wrong_password}
297
298    Redfish.Login
299
300    # Delete newly created user.
301    Redfish.Delete  ${REDFISH_ACCOUNTS_URI}${username}
302
303
304Verify Login with Deleted Redfish User
305    [Documentation]  Verify Login with Deleted Redfish User.
306    [Arguments]   ${username}  ${password}  ${role_id}  ${enabled}
307
308    # Description of argument(s):
309    # username            The username to be created.
310    # password            The password to be assigned.
311    # role_id             The role id of the user to be created
312    #                     (e.g. "Administrator", "Operator", etc.).
313    # enabled             Indicates whether the username being created
314    #                     should be enabled (${True}, ${False}).
315
316    Redfish Create User  ${username}  ${password}  ${role_id}  ${enabled}
317    ${status}=  Run Keyword And Return Status  Redfish.Login  ${username}  ${password}
318
319    # Doing a check of the rerurned status
320    Should Be Equal  ${status}  ${True}
321
322    Redfish.Login
323
324    # Delete newly created user.
325    Redfish.Delete  ${REDFISH_ACCOUNTS_URI}${userName}
326
327    # Attempt to login with deleted user account.
328    Run Keyword And Expect Error  InvalidCredentialsError*
329    ...  Redfish.Login  ${username}  ${password}
330
331    Redfish.Login
332
333Verify Create User Without Enabling
334    [Documentation]  Verify Create User Without Enabling.
335    [Arguments]   ${username}  ${password}  ${role_id}  ${enabled}
336
337    # Description of argument(s):
338    # username            The username to be created.
339    # password            The password to be assigned.
340    # role_id             The role id of the user to be created
341    #                     (e.g. "Administrator", "Operator", etc.).
342    # enabled             Indicates whether the username being created
343    #                     should be enabled (${True}, ${False}).
344
345    Redfish.Login
346
347    Redfish Create User  ${username}  ${password}  ${role_id}  ${enabled}
348
349    Redfish.Logout
350
351    # Login with created user.
352    Run Keyword And Expect Error  InvalidCredentialsError*
353    ...  Redfish.Login  ${username}  ${password}
354
355    Redfish.Login
356
357    # Delete newly created user.
358    Redfish.Delete  ${REDFISH_ACCOUNTS_URI}${username}
359