1*** Settings ***
2Documentation    Test Redfish user account.
3
4Resource         ../../lib/resource.robot
5Resource         ../../lib/bmc_redfish_resource.robot
6Resource         ../../lib/openbmc_ffdc.robot
7Resource         ../../lib/bmc_redfish_utils.robot
8
9Library          SSHLibrary
10
11Test Setup       Redfish.Login
12Test Teardown    Test Teardown Execution
13
14*** Variables ***
15
16${account_lockout_duration}   ${30}
17${account_lockout_threshold}  ${3}
18
19** Test Cases **
20
21Verify AccountService Available
22    [Documentation]  Verify Redfish account service is available.
23    [Tags]  Verify_AccountService_Available
24
25    ${resp} =  Redfish_utils.Get Attribute  /redfish/v1/AccountService  ServiceEnabled
26    Should Be Equal As Strings  ${resp}  ${True}
27
28
29Verify Redfish Admin User Persistence After Reboot
30    [Documentation]  Verify Redfish admin user persistence after reboot.
31    [Tags]  Verify_Redfish_Admin_User_Persistence_After_Reboot
32    [Setup]  Run Keywords  Redfish.Login  AND
33    ...  Redfish Create User  admin_user  TestPwd123  Administrator  ${True}
34    [Teardown]  Run Keywords  Redfish.Delete  /redfish/v1/AccountService/Accounts/admin_user
35    ...  AND  Test Teardown Execution
36
37    # Reboot BMC.
38    Redfish OBMC Reboot (off)  stack_mode=normal
39
40    # Verify users after reboot.
41    Redfish Verify User  admin_user     TestPwd123  Administrator   ${True}
42
43
44Verify Redfish Operator User Persistence After Reboot
45    [Documentation]  Verify Redfish operator user persistence after reboot.
46    [Tags]  Verify_Redfish_Operator_User_Persistence_After_Reboot
47    [Setup]  Run Keywords  Redfish.Login  AND
48    ...  Redfish Create User  operator_user  TestPwd123  Operator  ${True}
49    [Teardown]  Run Keywords  Redfish.Delete  /redfish/v1/AccountService/Accounts/operator_user
50    ...  AND  Test Teardown Execution
51
52    # Reboot BMC.
53    Redfish OBMC Reboot (off)  stack_mode=normal
54
55    # Verify users after reboot.
56    Redfish Verify User  operator_user  TestPwd123  Operator        ${True}
57
58
59Verify Redfish Readonly User Persistence After Reboot
60    [Documentation]  Verify Redfish readonly user persistence after reboot.
61    [Tags]  Verify_Redfish_Readonly_User_Persistence_After_Reboot
62    [Setup]  Run Keywords  Redfish.Login  AND
63    ...  Redfish Create User  readonly_user  TestPwd123  ReadOnly  ${True}
64    [Teardown]  Run Keywords  Redfish.Delete  /redfish/v1/AccountService/Accounts/readonly_user
65    ...  AND  Test Teardown Execution
66
67    # Reboot BMC.
68    Redfish OBMC Reboot (off)  stack_mode=normal
69
70    # Verify users after reboot.
71    Redfish Verify User  readonly_user  TestPwd123  ReadOnly        ${True}
72
73
74Redfish Create and Verify Admin User
75    [Documentation]  Create a Redfish user with administrator role and verify.
76    [Tags]  Redfish_Create_and_Verify_Admin_User
77    [Template]  Redfish Create And Verify User
78
79    #username      password    role_id         enabled
80    admin_user     TestPwd123  Administrator   ${True}
81
82
83Redfish Create and Verify Operator User
84    [Documentation]  Create a Redfish user with operator role and verify.
85    [Tags]  Redfish_Create_and_Verify_Operator_User
86    [Template]  Redfish Create And Verify User
87
88    #username      password    role_id         enabled
89    operator_user  TestPwd123  Operator        ${True}
90
91
92Redfish Create and Verify Readonly User
93    [Documentation]  Create a Redfish user with readonly role and verify.
94    [Tags]  Redfish_Create_and_Verify_Readonly_User
95    [Template]  Redfish Create And Verify User
96
97    #username      password    role_id         enabled
98    readonly_user  TestPwd123  ReadOnly        ${True}
99
100
101Verify Redfish Admin User With Wrong Password
102    [Documentation]  Verify Redfish admin user with wrong password.
103    [Tags]  Verify_Redfish_Admin_User_With_Wrong_Password
104    [Template]  Verify Redfish User with Wrong Password
105
106    #username      password    role_id         enabled  wrong_password
107    admin_user     TestPwd123  Administrator   ${True}  alskjhfwurh
108
109
110Verify Redfish Operator User with Wrong Password
111    [Documentation]  Verify Redfish operator user with wrong password.
112    [Tags]  Verify_Redfish_Operator_User_with_Wrong_Password
113    [Template]  Verify Redfish User with Wrong Password
114
115    #username      password    role_id         enabled  wrong_password
116    operator_user  TestPwd123  Operator        ${True}  12j8a8uakjhdaosiruf024
117
118
119Verify Redfish Readonly User With Wrong Password
120    [Documentation]  Verify Redfish readonly user with wrong password.
121    [Tags]  Verify_Redfish_Readonly_User_With_Wrong_Password
122    [Template]  Verify Redfish User with Wrong Password
123
124    #username      password    role_id         enabled  wrong_password
125    readonly_user  TestPwd123  ReadOnly        ${True}  12
126
127
128Verify Login with Deleted Redfish Admin User
129    [Documentation]  Verify login with deleted Redfish admin user.
130    [Tags]  Verify_Login_with_Deleted_Redfish_Admin_User
131    [Template]  Verify Login with Deleted Redfish User
132
133    #username     password    role_id         enabled
134    admin_user     TestPwd123  Administrator   ${True}
135
136
137Verify Login with Deleted Redfish Operator User
138    [Documentation]  Verify login with deleted Redfish operator user.
139    [Tags]  Verify_Login_with_Deleted_Redfish_Operator_User
140    [Template]  Verify Login with Deleted Redfish User
141
142    #username     password    role_id         enabled
143    operator_user  TestPwd123  Operator        ${True}
144
145
146Verify Login with Deleted Redfish Readonly User
147    [Documentation]  Verify login with deleted Redfish readonly user.
148    [Tags]  Verify_Login_with_Deleted_Redfish_Readonly_User
149    [Template]  Verify Login with Deleted Redfish User
150
151    #username     password    role_id         enabled
152    readonly_user  TestPwd123  ReadOnly        ${True}
153
154
155Verify Admin User Creation Without Enabling It
156    [Documentation]  Verify admin user creation without enabling it.
157    [Tags]  Verify_Admin_User_Creation_Without_Enabling_It
158    [Template]  Verify Create User Without Enabling
159
160    #username      password    role_id         enabled
161    admin_user     TestPwd123  Administrator   ${False}
162
163
164Verify Operator User Creation Without Enabling It
165    [Documentation]  Verify operator user creation without enabling it.
166    [Tags]  Verify_Operator_User_Creation_Without_Enabling_It
167    [Template]  Verify Create User Without Enabling
168
169    #username      password    role_id         enabled
170    operator_user  TestPwd123  Operator        ${False}
171
172
173Verify Readonly User Creation Without Enabling It
174    [Documentation]  Verify readonly user creation without enabling it.
175    [Tags]  Verify_Readonly_User_Creation_Without_Enabling_It
176    [Template]  Verify Create User Without Enabling
177
178    #username      password    role_id         enabled
179    readonly_user  TestPwd123  ReadOnly        ${False}
180
181
182Verify User Creation With Invalid Role Id
183    [Documentation]  Verify user creation with invalid role ID.
184    [Tags]  Verify_User_Creation_With_Invalid_Role_Id
185
186    # Make sure the user account in question does not already exist.
187    Redfish.Delete  /redfish/v1/AccountService/Accounts/test_user
188    ...  valid_status_codes=[${HTTP_OK}, ${HTTP_NOT_FOUND}]
189
190    # Create specified user.
191    ${payload}=  Create Dictionary
192    ...  UserName=test_user  Password=TestPwd123  RoleId=wrongroleid  Enabled=${True}
193    Redfish.Post  /redfish/v1/AccountService/Accounts/  body=&{payload}
194    ...  valid_status_codes=[${HTTP_BAD_REQUEST}]
195
196Verify Error Upon Creating Same Users With Different Privileges
197    [Documentation]  Verify error upon creating same users with different privileges.
198    [Tags]  Verify_Error_Upon_Creating_Same_Users_With_Different_Privileges
199
200    Redfish Create User  test_user  TestPwd123  Administrator  ${True}
201
202    # Create specified user.
203    ${payload}=  Create Dictionary
204    ...  UserName=test_user  Password=TestPwd123  RoleId=Operator  Enabled=${True}
205    Redfish.Post  /redfish/v1/AccountService/Accounts/  body=&{payload}
206    ...  valid_status_codes=[${HTTP_BAD_REQUEST}]
207
208    Redfish.Delete  /redfish/v1/AccountService/Accounts/test_user
209
210
211Verify Modifying User Attributes
212    [Documentation]  Verify modifying user attributes.
213    [Tags]  Verify_Modifying_User_Attributes
214
215    # Create Redfish users.
216    Redfish Create User  admin_user     TestPwd123  Administrator   ${True}
217    Redfish Create User  readonly_user  TestPwd123  ReadOnly        ${True}
218
219    # Make sure the new user account does not already exist.
220    Redfish.Delete  /redfish/v1/AccountService/Accounts/newadmin_user
221    ...  valid_status_codes=[${HTTP_OK}, ${HTTP_NOT_FOUND}]
222
223    # Update admin_user username using Redfish.
224    ${payload}=  Create Dictionary  UserName=newadmin_user
225    Redfish.Patch  /redfish/v1/AccountService/Accounts/admin_user  body=&{payload}
226
227    # Update readonly_user role using Redfish.
228    ${payload}=  Create Dictionary  RoleId=Administrator
229    Redfish.Patch  /redfish/v1/AccountService/Accounts/readonly_user  body=&{payload}
230
231    # Verify users after updating
232    Redfish Verify User  newadmin_user  TestPwd123     Administrator   ${True}
233    Redfish Verify User  readonly_user  TestPwd123     Administrator   ${True}
234
235    # Delete created users.
236    Redfish.Delete  /redfish/v1/AccountService/Accounts/newadmin_user
237    Redfish.Delete  /redfish/v1/AccountService/Accounts/readonly_user
238
239
240Verify Modifying Operator User Attributes
241    [Documentation]  Verify modifying operator user attributes.
242    [Tags]  Verify_Modifying_Operator_User_Attributes
243    [Setup]  Run Keywords  Redfish.Login  AND
244    ...  Redfish Create User  operator_user  TestPwd123  Operator  ${True}
245    [Teardown]  Run Keywords  Redfish.Delete  /redfish/v1/AccountService/Accounts/operator_user
246    ...  AND  Test Teardown Execution
247
248    # Update operator_user password using Redfish.
249    ${payload}=  Create Dictionary  Password=NewTestPwd123
250    Redfish.Patch  /redfish/v1/AccountService/Accounts/operator_user  body=&{payload}
251
252    # Verify users after updating
253    Redfish Verify User  operator_user  NewTestPwd123  Operator        ${True}
254
255
256Verify User Account Locked
257    [Documentation]  Verify user account locked upon trying with invalid password.
258    [Tags]  Verify_User_Account_Locked
259
260    Redfish Create User  admin_user  TestPwd123  Administrator   ${True}
261
262    ${payload}=  Create Dictionary  AccountLockoutThreshold=${account_lockout_threshold}
263    ...  AccountLockoutDuration=${account_lockout_duration}
264    Redfish.Patch  ${REDFISH_ACCOUNTS_SERVICE_URI}  body=${payload}
265
266    Redfish.Logout
267
268    # Make ${account_lockout_threshold} failed login attempts.
269    Repeat Keyword  ${account_lockout_threshold} times
270    ...  Run Keyword And Expect Error  InvalidCredentialsError*  Redfish.Login  admin_user  abc123
271
272    # Verify that legitimate login fails due to lockout.
273    Run Keyword And Expect Error  InvalidCredentialsError*
274    ...  Redfish.Login  admin_user  TestPwd123
275
276    # Wait for lockout duration to expire and then verify that login works.
277    Sleep  ${account_lockout_duration}s
278    Redfish.Login  admin_user  TestPwd123
279
280    Redfish.Logout
281
282    Redfish.Login
283
284    Redfish.Delete  /redfish/v1/AccountService/Accounts/admin_user
285
286Verify Admin User Privilege
287    [Documentation]  Verify admin user privilege.
288    [Tags]  Verify_Admin_User_Privilege
289
290    Redfish Create User  admin_user  TestPwd123  Administrator  ${True}
291    Redfish Create User  readonly_user  TestPwd123  ReadOnly  ${True}
292
293    Redfish.Logout
294
295    Redfish.Login  admin_user  TestPwd123
296
297    # Change password of 'readonly' user with admin user.
298    Redfish.Patch  /redfish/v1/AccountService/Accounts/readonly_user  body={'Password': 'NewTestPwd123'}
299
300    # Verify modified user.
301    Redfish Verify User  readonly_user  NewTestPwd123  ReadOnly  ${True}
302
303    # Note: Delete user would work here because a root login is
304    # performed as part of "Redfish Verify User" keyword's teardown.
305    Redfish.Delete  /redfish/v1/AccountService/Accounts/admin_user
306    Redfish.Delete  /redfish/v1/AccountService/Accounts/readonly_user
307
308
309Verify Operator User Role Change Using Admin Privilege User
310    [Documentation]  Verify operator user role change using admin privilege user
311    [Tags]  Verify_Operator_User_Role_Change_Using_Admin_Privilege_User
312
313    Redfish Create User  admin_user  TestPwd123  Administrator  ${True}
314    Redfish Create User  operator_user  TestPwd123  Operator  ${True}
315
316    Redfish.Logout
317
318    # Change role ID of operator user with admin user.
319    # Login with admin user.
320    Redfish.Login  admin_user  TestPwd123
321
322    # Modify Role ID of Operator user.
323    Redfish.Patch  /redfish/v1/AccountService/Accounts/operator_user  body={'RoleId': 'Administrator'}
324
325    # Verify modified user.
326    Redfish Verify User  operator_user  TestPwd123  Administrator  ${True}
327
328    Redfish.Delete  /redfish/v1/AccountService/Accounts/admin_user
329    Redfish.Delete  /redfish/v1/AccountService/Accounts/operator_user
330
331
332Verify Operator User Privilege
333    [Documentation]  Verify operator user privilege.
334    [Tags]  Verify_Operator_User_Privilege
335
336    Redfish Create User  admin_user  TestPwd123  Administrator  ${True}
337    Redfish Create User  operator_user  TestPwd123  Operator  ${True}
338
339    Redfish.Logout
340    # Login with operator user.
341    Redfish.Login  operator_user  TestPwd123
342
343    # Verify BMC reset.
344    Run Keyword And Expect Error  ValueError*  Redfish BMC Reset Operation
345
346    # Attempt to change password of admin user with operator user.
347    Redfish.Patch  /redfish/v1/AccountService/Accounts/admin_user  body={'Password': 'NewTestPwd123'}
348    ...  valid_status_codes=[${HTTP_FORBIDDEN}]
349
350    Redfish.Logout
351
352    Redfish.Login
353
354    Redfish.Delete  /redfish/v1/AccountService/Accounts/admin_user
355    Redfish.Delete  /redfish/v1/AccountService/Accounts/operator_user
356
357
358Verify ReadOnly User Privilege
359    [Documentation]  Verify ReadOnly user privilege.
360    [Tags]  Verify_ReadOnly_User_Privilege
361
362    Redfish Create User  readonly_user  TestPwd123  ReadOnly  ${True}
363    Redfish.Logout
364
365    # Login with read_only user.
366    Redfish.Login  readonly_user  TestPwd123
367
368    # Read system level data.
369    ${system_model}=  Redfish_Utils.Get Attribute
370    ...  ${SYSTEM_BASE_URI}  Model
371
372    Redfish.Logout
373    Redfish.Login
374    Redfish.Delete  ${REDFISH_ACCOUNTS_URI}readonly_user
375
376
377Verify Minimum Password Length For Redfish User
378    [Documentation]  Verify minimum password length for new and existing user.
379    [Tags]  Verify_Minimum_Password_Length_For_Redfish_User
380
381    ${user_name}=  Set Variable  testUser
382
383    # Make sure the user account in question does not already exist.
384    Redfish.Delete  /redfish/v1/AccountService/Accounts/${user_name}
385    ...  valid_status_codes=[${HTTP_OK}, ${HTTP_NOT_FOUND}]
386
387    # Try to create a user with invalid length password.
388    ${payload}=  Create Dictionary
389    ...  UserName=${user_name}  Password=UserPwd  RoleId=Administrator  Enabled=${True}
390    Redfish.Post  /redfish/v1/AccountService/Accounts/  body=&{payload}
391    ...  valid_status_codes=[${HTTP_BAD_REQUEST}]
392
393    # Create specified user with valid length password.
394    Set To Dictionary  ${payload}  Password  UserPwd1
395    Redfish.Post  /redfish/v1/AccountService/Accounts/  body=&{payload}
396    ...  valid_status_codes=[${HTTP_CREATED}]
397
398    # Try to change to an invalid password.
399    Redfish.Patch  /redfish/v1/AccountService/Accounts/${user_name}  body={'Password': 'UserPwd'}
400    ...  valid_status_codes=[${HTTP_BAD_REQUEST}]
401
402    # Change to a valid password.
403    Redfish.Patch  /redfish/v1/AccountService/Accounts/${user_name}  body={'Password': 'UserPwd1'}
404
405    # Verify login.
406    Redfish.Logout
407    Redfish.Login  ${user_name}  UserPwd1
408    Redfish.Logout
409    Redfish.Login
410    Redfish.Delete  /redfish/v1/AccountService/Accounts/${user_name}
411
412
413Verify Standard User Roles Defined By Redfish
414    [Documentation]  Verify standard user roles defined by Redfish.
415    [Tags]  Verify_Standard_User_Roles_Defined_By_Redfish
416
417    ${member_list}=  Redfish_Utils.Get Member List
418    ...  /redfish/v1/AccountService/Roles
419
420    @{roles}=  Create List
421    ...  /redfish/v1/AccountService/Roles/Administrator
422    ...  /redfish/v1/AccountService/Roles/Operator
423    ...  /redfish/v1/AccountService/Roles/ReadOnly
424
425    List Should Contain Sub List  ${member_list}  ${roles}
426
427    # The standard roles are:
428
429    # | Role name | Assigned privileges |
430    # | Administrator | Login, ConfigureManager, ConfigureUsers, ConfigureComponents, ConfigureSelf |
431    # | Operator | Login, ConfigureComponents, ConfigureSelf |
432    # | ReadOnly | Login, ConfigureSelf |
433
434    @{admin}=  Create List  Login  ConfigureManager  ConfigureUsers  ConfigureComponents  ConfigureSelf
435    @{operator}=  Create List  Login  ConfigureComponents  ConfigureSelf
436    @{readOnly}=  Create List  Login  ConfigureSelf
437
438    ${roles_dict}=  create dictionary  admin_privileges=${admin}  operator_privileges=${operator}
439    ...  readOnly_privileges=${readOnly}
440
441    ${resp}=  redfish.Get  /redfish/v1/AccountService/Roles/Administrator
442    List Should Contain Sub List  ${resp.dict['AssignedPrivileges']}  ${roles_dict['admin_privileges']}
443
444    ${resp}=  redfish.Get  /redfish/v1/AccountService/Roles/Operator
445    List Should Contain Sub List  ${resp.dict['AssignedPrivileges']}  ${roles_dict['operator_privileges']}
446
447    ${resp}=  redfish.Get  /redfish/v1/AccountService/Roles/ReadOnly
448    List Should Contain Sub List  ${resp.dict['AssignedPrivileges']}  ${roles_dict['readOnly_privileges']}
449
450
451Verify Error While Deleting Root User
452    [Documentation]  Verify error while deleting root user.
453    [Tags]  Verify_Error_While_Deleting_Root_User
454
455    Redfish.Delete  /redfish/v1/AccountService/Accounts/root  valid_status_codes=[${HTTP_FORBIDDEN}]
456
457
458Verify SSH Login Access With Admin User
459    [Documentation]  Verify that admin user does not have SSH login access.
460    [Tags]  Verify_SSH_Login_Access_With_Admin_User
461
462    # Create an admin User.
463    Redfish Create User  new_admin  TestPwd1  Administrator  ${True}
464
465    # Attempt SSH login with admin user.
466    SSHLibrary.Open Connection  ${OPENBMC_HOST}
467    ${status}=  Run Keyword And Return Status  SSHLibrary.Login  new_admin  TestPwd1
468    Should Be Equal  ${status}  ${False}
469
470    Redfish.Login
471    Redfish.Delete  /redfish/v1/AccountService/Accounts/new_admin
472
473
474*** Keywords ***
475
476Test Teardown Execution
477    [Documentation]  Do the post test teardown.
478
479    Run Keyword And Ignore Error  Redfish.Logout
480    FFDC On Test Case Fail
481
482
483Redfish Create User
484    [Documentation]  Redfish create user.
485    [Arguments]   ${username}  ${password}  ${role_id}  ${enabled}  ${login_check}=${True}
486
487    # Description of argument(s):
488    # username            The username to be created.
489    # password            The password to be assigned.
490    # role_id             The role ID of the user to be created
491    #                     (e.g. "Administrator", "Operator", etc.).
492    # enabled             Indicates whether the username being created
493    #                     should be enabled (${True}, ${False}).
494    # login_check         Checks user login for created user.
495    #                     (e.g. ${True}, ${False}).
496
497    # Make sure the user account in question does not already exist.
498    Redfish.Delete  /redfish/v1/AccountService/Accounts/${userName}
499    ...  valid_status_codes=[${HTTP_OK}, ${HTTP_NOT_FOUND}]
500
501    # Create specified user.
502    ${payload}=  Create Dictionary
503    ...  UserName=${username}  Password=${password}  RoleId=${role_id}  Enabled=${enabled}
504    Redfish.Post  /redfish/v1/AccountService/Accounts/  body=&{payload}
505    ...  valid_status_codes=[${HTTP_CREATED}]
506
507    # Resetting faillock count as a workaround for issue
508    # openbmc/phosphor-user-manager#4
509    ${cmd}=  Catenate  test -f /usr/sbin/faillock && /usr/sbin/faillock --user USER --reset
510    ...  || /usr/sbin/pam_tally2 -u ${username} --reset
511    Bmc Execute Command  ${cmd}
512
513    # Verify login with created user.
514    ${status}=  Run Keyword If  '${login_check}' == '${True}'
515    ...  Verify Redfish User Login  ${username}  ${password}
516    Run Keyword If  '${login_check}' == '${True}'  Should Be Equal  ${status}  ${enabled}
517
518    # Validate Role ID of created user.
519    ${role_config}=  Redfish_Utils.Get Attribute
520    ...  /redfish/v1/AccountService/Accounts/${username}  RoleId
521    Should Be Equal  ${role_id}  ${role_config}
522
523
524Redfish Verify User
525    [Documentation]  Redfish user verification.
526    [Arguments]   ${username}  ${password}  ${role_id}  ${enabled}
527
528    # Description of argument(s):
529    # username            The username to be created.
530    # password            The password to be assigned.
531    # role_id             The role ID of the user to be created
532    #                     (e.g. "Administrator", "Operator", etc.).
533    # enabled             Indicates whether the username being created
534    #                     should be enabled (${True}, ${False}).
535
536    ${status}=  Verify Redfish User Login  ${username}  ${password}
537    # Doing a check of the returned status.
538    Should Be Equal  ${status}  ${enabled}
539
540    # Validate Role Id of user.
541    ${role_config}=  Redfish_Utils.Get Attribute
542    ...  /redfish/v1/AccountService/Accounts/${username}  RoleId
543    Should Be Equal  ${role_id}  ${role_config}
544
545
546Verify Redfish User Login
547    [Documentation]  Verify Redfish login with given user id.
548    [Teardown]  Run Keywords  Run Keyword And Ignore Error  Redfish.Logout  AND  Redfish.Login
549    [Arguments]   ${username}  ${password}
550
551    # Description of argument(s):
552    # username            Login username.
553    # password            Login password.
554
555    # Logout from current Redfish session.
556    # We don't really care if the current session is flushed out since we are going to login
557    # with new credential in next.
558    Run Keyword And Ignore Error  Redfish.Logout
559
560    ${status}=  Run Keyword And Return Status  Redfish.Login  ${username}  ${password}
561    [Return]  ${status}
562
563
564Redfish Create And Verify User
565    [Documentation]  Redfish create and verify user.
566    [Arguments]   ${username}  ${password}  ${role_id}  ${enabled}
567
568    # Description of argument(s):
569    # username            The username to be created.
570    # password            The password to be assigned.
571    # role_id             The role ID of the user to be created
572    #                     (e.g. "Administrator", "Operator", etc.).
573    # enabled             Indicates whether the username being created
574    #                     should be enabled (${True}, ${False}).
575
576    # Example:
577    #{
578    #"@odata.context": "/redfish/v1/$metadata#ManagerAccount.ManagerAccount",
579    #"@odata.id": "/redfish/v1/AccountService/Accounts/test1",
580    #"@odata.type": "#ManagerAccount.v1_0_3.ManagerAccount",
581    #"Description": "User Account",
582    #"Enabled": true,
583    #"Id": "test1",
584    #"Links": {
585    #  "Role": {
586    #    "@odata.id": "/redfish/v1/AccountService/Roles/Administrator"
587    #  }
588    #},
589
590    Redfish Create User  ${username}  ${password}  ${role_id}  ${enabled}
591
592    Redfish Verify User  ${username}  ${password}  ${role_id}  ${enabled}
593
594    # Delete Specified User
595    Redfish.Delete  /redfish/v1/AccountService/Accounts/${username}
596
597Verify Redfish User with Wrong Password
598    [Documentation]  Verify Redfish User with Wrong Password.
599    [Arguments]   ${username}  ${password}  ${role_id}  ${enabled}  ${wrong_password}
600
601    # Description of argument(s):
602    # username            The username to be created.
603    # password            The password to be assigned.
604    # role_id             The role ID of the user to be created
605    #                     (e.g. "Administrator", "Operator", etc.).
606    # enabled             Indicates whether the username being created
607    #                     should be enabled (${True}, ${False}).
608    # wrong_password      Any invalid password.
609
610    Redfish Create User  ${username}  ${password}  ${role_id}  ${enabled}
611
612    Redfish.Logout
613
614    # Attempt to login with created user with invalid password.
615    Run Keyword And Expect Error  InvalidCredentialsError*
616    ...  Redfish.Login  ${username}  ${wrong_password}
617
618    Redfish.Login
619
620    # Delete newly created user.
621    Redfish.Delete  /redfish/v1/AccountService/Accounts/${username}
622
623
624Verify Login with Deleted Redfish User
625    [Documentation]  Verify Login with Deleted Redfish User.
626    [Arguments]   ${username}  ${password}  ${role_id}  ${enabled}
627
628    # Description of argument(s):
629    # username            The username to be created.
630    # password            The password to be assigned.
631    # role_id             The role ID of the user to be created
632    #                     (e.g. "Administrator", "Operator", etc.).
633    # enabled             Indicates whether the username being created
634    #                     should be enabled (${True}, ${False}).
635
636    Redfish Create User  ${username}  ${password}  ${role_id}  ${enabled}
637
638    # Delete newly created user.
639    Redfish.Delete  /redfish/v1/AccountService/Accounts/${userName}
640
641    Redfish.Logout
642
643    # Attempt to login with deleted user account.
644    Run Keyword And Expect Error  InvalidCredentialsError*
645    ...  Redfish.Login  ${username}  ${password}
646
647    Redfish.Login
648
649
650Verify Create User Without Enabling
651    [Documentation]  Verify Create User Without Enabling.
652    [Arguments]   ${username}  ${password}  ${role_id}  ${enabled}
653
654    # Description of argument(s):
655    # username            The username to be created.
656    # password            The password to be assigned.
657    # role_id             The role ID of the user to be created
658    #                     (e.g. "Administrator", "Operator", etc.).
659    # enabled             Indicates whether the username being created
660    #                     should be enabled (${True}, ${False}).
661
662    Redfish Create User  ${username}  ${password}  ${role_id}  ${enabled}  ${False}
663
664    Redfish.Logout
665
666    # Login with created user.
667    Run Keyword And Expect Error  InvalidCredentialsError*
668    ...  Redfish.Login  ${username}  ${password}
669
670    Redfish.Login
671
672    # Delete newly created user.
673    Redfish.Delete  /redfish/v1/AccountService/Accounts/${username}
674
675