1*** Settings *** 2Documentation Test Redfish user account. 3 4Resource ../../lib/resource.robot 5Resource ../../lib/bmc_redfish_resource.robot 6Resource ../../lib/openbmc_ffdc.robot 7Resource ../../lib/bmc_redfish_utils.robot 8 9Library SSHLibrary 10 11Test Setup Redfish.Login 12Test Teardown Test Teardown Execution 13 14*** Variables *** 15 16${account_lockout_duration} ${30} 17${account_lockout_threshold} ${3} 18 19** Test Cases ** 20 21Verify AccountService Available 22 [Documentation] Verify Redfish account service is available. 23 [Tags] Verify_AccountService_Available 24 25 ${resp} = Redfish_utils.Get Attribute /redfish/v1/AccountService ServiceEnabled 26 Should Be Equal As Strings ${resp} ${True} 27 28 29Verify Redfish Admin User Persistence After Reboot 30 [Documentation] Verify Redfish admin user persistence after reboot. 31 [Tags] Verify_Redfish_Admin_User_Persistence_After_Reboot 32 [Setup] Run Keywords Redfish.Login AND 33 ... Redfish Create User admin_user TestPwd123 Administrator ${True} 34 [Teardown] Run Keywords Redfish.Delete /redfish/v1/AccountService/Accounts/admin_user 35 ... AND Test Teardown Execution 36 37 # Reboot BMC. 38 Redfish OBMC Reboot (off) stack_mode=normal 39 40 # Verify users after reboot. 41 Redfish Verify User admin_user TestPwd123 Administrator ${True} 42 43 44Verify Redfish Operator User Persistence After Reboot 45 [Documentation] Verify Redfish operator user persistence after reboot. 46 [Tags] Verify_Redfish_Operator_User_Persistence_After_Reboot 47 [Setup] Run Keywords Redfish.Login AND 48 ... Redfish Create User operator_user TestPwd123 Operator ${True} 49 [Teardown] Run Keywords Redfish.Delete /redfish/v1/AccountService/Accounts/operator_user 50 ... AND Test Teardown Execution 51 52 # Reboot BMC. 53 Redfish OBMC Reboot (off) stack_mode=normal 54 55 # Verify users after reboot. 56 Redfish Verify User operator_user TestPwd123 Operator ${True} 57 58 59Verify Redfish Readonly User Persistence After Reboot 60 [Documentation] Verify Redfish readonly user persistence after reboot. 61 [Tags] Verify_Redfish_Readonly_User_Persistence_After_Reboot 62 [Setup] Run Keywords Redfish.Login AND 63 ... Redfish Create User readonly_user TestPwd123 ReadOnly ${True} 64 [Teardown] Run Keywords Redfish.Delete /redfish/v1/AccountService/Accounts/readonly_user 65 ... AND Test Teardown Execution 66 67 # Reboot BMC. 68 Redfish OBMC Reboot (off) stack_mode=normal 69 70 # Verify users after reboot. 71 Redfish Verify User readonly_user TestPwd123 ReadOnly ${True} 72 73 74Redfish Create and Verify Admin User 75 [Documentation] Create a Redfish user with administrator role and verify. 76 [Tags] Redfish_Create_and_Verify_Admin_User 77 [Template] Redfish Create And Verify User 78 79 #username password role_id enabled 80 admin_user TestPwd123 Administrator ${True} 81 82 83Redfish Create and Verify Operator User 84 [Documentation] Create a Redfish user with operator role and verify. 85 [Tags] Redfish_Create_and_Verify_Operator_User 86 [Template] Redfish Create And Verify User 87 88 #username password role_id enabled 89 operator_user TestPwd123 Operator ${True} 90 91 92Redfish Create and Verify Readonly User 93 [Documentation] Create a Redfish user with readonly role and verify. 94 [Tags] Redfish_Create_and_Verify_Readonly_User 95 [Template] Redfish Create And Verify User 96 97 #username password role_id enabled 98 readonly_user TestPwd123 ReadOnly ${True} 99 100 101Verify Redfish Admin User With Wrong Password 102 [Documentation] Verify Redfish admin user with wrong password. 103 [Tags] Verify_Redfish_Admin_User_With_Wrong_Password 104 [Template] Verify Redfish User with Wrong Password 105 106 #username password role_id enabled wrong_password 107 admin_user TestPwd123 Administrator ${True} alskjhfwurh 108 109 110Verify Redfish Operator User with Wrong Password 111 [Documentation] Verify Redfish operator user with wrong password. 112 [Tags] Verify_Redfish_Operator_User_with_Wrong_Password 113 [Template] Verify Redfish User with Wrong Password 114 115 #username password role_id enabled wrong_password 116 operator_user TestPwd123 Operator ${True} 12j8a8uakjhdaosiruf024 117 118 119Verify Redfish Readonly User With Wrong Password 120 [Documentation] Verify Redfish readonly user with wrong password. 121 [Tags] Verify_Redfish_Readonly_User_With_Wrong_Password 122 [Template] Verify Redfish User with Wrong Password 123 124 #username password role_id enabled wrong_password 125 readonly_user TestPwd123 ReadOnly ${True} 12 126 127 128Verify Login with Deleted Redfish Admin User 129 [Documentation] Verify login with deleted Redfish admin user. 130 [Tags] Verify_Login_with_Deleted_Redfish_Admin_User 131 [Template] Verify Login with Deleted Redfish User 132 133 #username password role_id enabled 134 admin_user TestPwd123 Administrator ${True} 135 136 137Verify Login with Deleted Redfish Operator User 138 [Documentation] Verify login with deleted Redfish operator user. 139 [Tags] Verify_Login_with_Deleted_Redfish_Operator_User 140 [Template] Verify Login with Deleted Redfish User 141 142 #username password role_id enabled 143 operator_user TestPwd123 Operator ${True} 144 145 146Verify Login with Deleted Redfish Readonly User 147 [Documentation] Verify login with deleted Redfish readonly user. 148 [Tags] Verify_Login_with_Deleted_Redfish_Readonly_User 149 [Template] Verify Login with Deleted Redfish User 150 151 #username password role_id enabled 152 readonly_user TestPwd123 ReadOnly ${True} 153 154 155Verify Admin User Creation Without Enabling It 156 [Documentation] Verify admin user creation without enabling it. 157 [Tags] Verify_Admin_User_Creation_Without_Enabling_It 158 [Template] Verify Create User Without Enabling 159 160 #username password role_id enabled 161 admin_user TestPwd123 Administrator ${False} 162 163 164Verify Operator User Creation Without Enabling It 165 [Documentation] Verify operator user creation without enabling it. 166 [Tags] Verify_Operator_User_Creation_Without_Enabling_It 167 [Template] Verify Create User Without Enabling 168 169 #username password role_id enabled 170 operator_user TestPwd123 Operator ${False} 171 172 173Verify Readonly User Creation Without Enabling It 174 [Documentation] Verify readonly user creation without enabling it. 175 [Tags] Verify_Readonly_User_Creation_Without_Enabling_It 176 [Template] Verify Create User Without Enabling 177 178 #username password role_id enabled 179 readonly_user TestPwd123 ReadOnly ${False} 180 181 182Verify User Creation With Invalid Role Id 183 [Documentation] Verify user creation with invalid role ID. 184 [Tags] Verify_User_Creation_With_Invalid_Role_Id 185 186 # Make sure the user account in question does not already exist. 187 Redfish.Delete /redfish/v1/AccountService/Accounts/test_user 188 ... valid_status_codes=[${HTTP_OK}, ${HTTP_NOT_FOUND}] 189 190 # Create specified user. 191 ${payload}= Create Dictionary 192 ... UserName=test_user Password=TestPwd123 RoleId=wrongroleid Enabled=${True} 193 Redfish.Post /redfish/v1/AccountService/Accounts/ body=&{payload} 194 ... valid_status_codes=[${HTTP_BAD_REQUEST}] 195 196Verify Error Upon Creating Same Users With Different Privileges 197 [Documentation] Verify error upon creating same users with different privileges. 198 [Tags] Verify_Error_Upon_Creating_Same_Users_With_Different_Privileges 199 200 Redfish Create User test_user TestPwd123 Administrator ${True} 201 202 # Create specified user. 203 ${payload}= Create Dictionary 204 ... UserName=test_user Password=TestPwd123 RoleId=ReadOnly Enabled=${True} 205 Redfish.Post /redfish/v1/AccountService/Accounts/ body=&{payload} 206 ... valid_status_codes=[${HTTP_BAD_REQUEST}] 207 208 Redfish.Delete /redfish/v1/AccountService/Accounts/test_user 209 210 211Verify Modifying User Attributes 212 [Documentation] Verify modifying user attributes. 213 [Tags] Verify_Modifying_User_Attributes 214 215 # Create Redfish users. 216 Redfish Create User admin_user TestPwd123 Administrator ${True} 217 Redfish Create User readonly_user TestPwd123 ReadOnly ${True} 218 219 # Make sure the new user account does not already exist. 220 Redfish.Delete /redfish/v1/AccountService/Accounts/newadmin_user 221 ... valid_status_codes=[${HTTP_OK}, ${HTTP_NOT_FOUND}] 222 223 # Update admin_user username using Redfish. 224 ${payload}= Create Dictionary UserName=newadmin_user 225 Redfish.Patch /redfish/v1/AccountService/Accounts/admin_user body=&{payload} 226 227 # Update readonly_user role using Redfish. 228 ${payload}= Create Dictionary RoleId=Administrator 229 Redfish.Patch /redfish/v1/AccountService/Accounts/readonly_user body=&{payload} 230 231 # Verify users after updating 232 Redfish Verify User newadmin_user TestPwd123 Administrator ${True} 233 Redfish Verify User readonly_user TestPwd123 Administrator ${True} 234 235 # Delete created users. 236 Redfish.Delete /redfish/v1/AccountService/Accounts/newadmin_user 237 Redfish.Delete /redfish/v1/AccountService/Accounts/readonly_user 238 239 240Verify Modifying Operator User Attributes 241 [Documentation] Verify modifying operator user attributes. 242 [Tags] Verify_Modifying_Operator_User_Attributes 243 [Setup] Run Keywords Redfish.Login AND 244 ... Redfish Create User operator_user TestPwd123 Operator ${True} 245 [Teardown] Run Keywords Redfish.Delete /redfish/v1/AccountService/Accounts/operator_user 246 ... AND Test Teardown Execution 247 248 # Update operator_user password using Redfish. 249 ${payload}= Create Dictionary Password=NewTestPwd123 250 Redfish.Patch /redfish/v1/AccountService/Accounts/operator_user body=&{payload} 251 252 # Verify users after updating 253 Redfish Verify User operator_user NewTestPwd123 Operator ${True} 254 255 256Verify User Account Locked 257 [Documentation] Verify user account locked upon trying with invalid password. 258 [Tags] Verify_User_Account_Locked 259 260 Redfish Create User admin_user TestPwd123 Administrator ${True} 261 262 ${payload}= Create Dictionary AccountLockoutThreshold=${account_lockout_threshold} 263 ... AccountLockoutDuration=${account_lockout_duration} 264 Redfish.Patch ${REDFISH_ACCOUNTS_SERVICE_URI} body=${payload} 265 266 Redfish.Logout 267 268 # Make ${account_lockout_threshold} failed login attempts. 269 Repeat Keyword ${account_lockout_threshold} times 270 ... Run Keyword And Expect Error InvalidCredentialsError* Redfish.Login admin_user abc123 271 272 # Verify that legitimate login fails due to lockout. 273 Run Keyword And Expect Error InvalidCredentialsError* 274 ... Redfish.Login admin_user TestPwd123 275 276 # Wait for lockout duration to expire and then verify that login works. 277 Sleep ${account_lockout_duration}s 278 Redfish.Login admin_user TestPwd123 279 280 Redfish.Logout 281 282 Redfish.Login 283 284 Redfish.Delete /redfish/v1/AccountService/Accounts/admin_user 285 286 287Verify User Account Unlock 288 [Documentation] Verify manually unlocking the account before lockout time 289 [Tags] Verify_User_Account_Unlock 290 [Teardown] Run Keywords Redfish.Logout 291 ... AND Redfish.Login 292 ... AND Redfish.Delete /redfish/v1/AccountService/Accounts/test_user 293 ... AND SSHLibrary.Close All Connections 294 295 Redfish Create User test_user TestPwd123 Administrator ${True} 296 297 ${payload}= Create Dictionary 298 ... AccountLockoutThreshold=${account_lockout_threshold} 299 ... AccountLockoutDuration=${account_lockout_duration} 300 Redfish.Patch ${REDFISH_ACCOUNTS_SERVICE_URI} body=${payload} 301 302 Redfish.Logout 303 304 # Make ${account_lockout_threshold} failed login attempts. 305 Repeat Keyword ${account_lockout_threshold} times 306 ... Run Keyword And Expect Error InvalidCredentialsError* 307 ... Redfish.Login test_user abc123 308 309 # Ensure SSH Login with locked account gets failed 310 SSHLibrary.Open Connection ${OPENBMC_HOST} 311 Run Keyword And Expect Error Authentication failed* 312 ... SSHLibrary.Login test_user TestPwd123 313 314 # Verify that legitimate login fails due to lockout. 315 Run Keyword And Expect Error InvalidCredentialsError* 316 ... Redfish.Login test_user TestPwd123 317 318 ${payload}= Create Dictionary Locked=${FALSE} 319 320 # Manually unlock the account before lockout threshold expires 321 Redfish.Login 322 Redfish.Patch ${REDFISH_ACCOUNTS_URI}test_user body=${payload} 323 Redfish.Logout 324 325 # Try redfish login with the recently unlocked account 326 Redfish.Login test_user TestPwd123 327 328 # Try SSH login with the unlocked account 329 SSHLibrary.Open Connection ${OPENBMC_HOST} 330 SSHLibrary.Login test_user TestPwd123 331 332 333Verify Admin User Privilege 334 [Documentation] Verify admin user privilege. 335 [Tags] Verify_Admin_User_Privilege 336 337 Redfish Create User admin_user TestPwd123 Administrator ${True} 338 Redfish Create User readonly_user TestPwd123 ReadOnly ${True} 339 340 Redfish.Logout 341 342 Redfish.Login admin_user TestPwd123 343 344 # Change password of 'readonly' user with admin user. 345 Redfish.Patch /redfish/v1/AccountService/Accounts/readonly_user body={'Password': 'NewTestPwd123'} 346 347 # Verify modified user. 348 Redfish Verify User readonly_user NewTestPwd123 ReadOnly ${True} 349 350 # Note: Delete user would work here because a root login is 351 # performed as part of "Redfish Verify User" keyword's teardown. 352 Redfish.Delete /redfish/v1/AccountService/Accounts/admin_user 353 Redfish.Delete /redfish/v1/AccountService/Accounts/readonly_user 354 355 356Verify Operator User Role Change Using Admin Privilege User 357 [Documentation] Verify operator user role change using admin privilege user 358 [Tags] Verify_Operator_User_Role_Change_Using_Admin_Privilege_User 359 360 Redfish Create User admin_user TestPwd123 Administrator ${True} 361 Redfish Create User operator_user TestPwd123 Operator ${True} 362 363 Redfish.Logout 364 365 # Change role ID of operator user with admin user. 366 # Login with admin user. 367 Redfish.Login admin_user TestPwd123 368 369 # Modify Role ID of Operator user. 370 Redfish.Patch /redfish/v1/AccountService/Accounts/operator_user body={'RoleId': 'Administrator'} 371 372 # Verify modified user. 373 Redfish Verify User operator_user TestPwd123 Administrator ${True} 374 375 Redfish.Delete /redfish/v1/AccountService/Accounts/admin_user 376 Redfish.Delete /redfish/v1/AccountService/Accounts/operator_user 377 378 379Verify Operator User Privilege 380 [Documentation] Verify operator user privilege. 381 [Tags] Verify_Operator_User_Privilege 382 383 Redfish Create User admin_user TestPwd123 Administrator ${True} 384 Redfish Create User operator_user TestPwd123 Operator ${True} 385 386 Redfish.Logout 387 # Login with operator user. 388 Redfish.Login operator_user TestPwd123 389 390 # Verify BMC reset. 391 Run Keyword And Expect Error ValueError* Redfish BMC Reset Operation 392 393 # Attempt to change password of admin user with operator user. 394 Redfish.Patch /redfish/v1/AccountService/Accounts/admin_user body={'Password': 'NewTestPwd123'} 395 ... valid_status_codes=[${HTTP_FORBIDDEN}] 396 397 Redfish.Logout 398 399 Redfish.Login 400 401 Redfish.Delete /redfish/v1/AccountService/Accounts/admin_user 402 Redfish.Delete /redfish/v1/AccountService/Accounts/operator_user 403 404 405Verify ReadOnly User Privilege 406 [Documentation] Verify ReadOnly user privilege. 407 [Tags] Verify_ReadOnly_User_Privilege 408 409 Redfish Create User readonly_user TestPwd123 ReadOnly ${True} 410 Redfish.Logout 411 412 # Login with read_only user. 413 Redfish.Login readonly_user TestPwd123 414 415 # Read system level data. 416 ${system_model}= Redfish_Utils.Get Attribute 417 ... ${SYSTEM_BASE_URI} Model 418 419 Redfish.Logout 420 Redfish.Login 421 Redfish.Delete ${REDFISH_ACCOUNTS_URI}readonly_user 422 423 424Verify Minimum Password Length For Redfish User 425 [Documentation] Verify minimum password length for new and existing user. 426 [Tags] Verify_Minimum_Password_Length_For_Redfish_User 427 428 ${user_name}= Set Variable testUser 429 430 # Make sure the user account in question does not already exist. 431 Redfish.Delete /redfish/v1/AccountService/Accounts/${user_name} 432 ... valid_status_codes=[${HTTP_OK}, ${HTTP_NOT_FOUND}] 433 434 # Try to create a user with invalid length password. 435 ${payload}= Create Dictionary 436 ... UserName=${user_name} Password=UserPwd RoleId=Administrator Enabled=${True} 437 Redfish.Post /redfish/v1/AccountService/Accounts/ body=&{payload} 438 ... valid_status_codes=[${HTTP_BAD_REQUEST}] 439 440 # Create specified user with valid length password. 441 Set To Dictionary ${payload} Password UserPwd1 442 Redfish.Post /redfish/v1/AccountService/Accounts/ body=&{payload} 443 ... valid_status_codes=[${HTTP_CREATED}] 444 445 # Try to change to an invalid password. 446 Redfish.Patch /redfish/v1/AccountService/Accounts/${user_name} body={'Password': 'UserPwd'} 447 ... valid_status_codes=[${HTTP_BAD_REQUEST}] 448 449 # Change to a valid password. 450 Redfish.Patch /redfish/v1/AccountService/Accounts/${user_name} body={'Password': 'UserPwd1'} 451 452 # Verify login. 453 Redfish.Logout 454 Redfish.Login ${user_name} UserPwd1 455 Redfish.Logout 456 Redfish.Login 457 Redfish.Delete /redfish/v1/AccountService/Accounts/${user_name} 458 459 460Verify Standard User Roles Defined By Redfish 461 [Documentation] Verify standard user roles defined by Redfish. 462 [Tags] Verify_Standard_User_Roles_Defined_By_Redfish 463 464 ${member_list}= Redfish_Utils.Get Member List 465 ... /redfish/v1/AccountService/Roles 466 467 @{roles}= Create List 468 ... /redfish/v1/AccountService/Roles/Administrator 469 ... /redfish/v1/AccountService/Roles/Operator 470 ... /redfish/v1/AccountService/Roles/ReadOnly 471 472 List Should Contain Sub List ${member_list} ${roles} 473 474 # The standard roles are: 475 476 # | Role name | Assigned privileges | 477 # | Administrator | Login, ConfigureManager, ConfigureUsers, ConfigureComponents, ConfigureSelf | 478 # | Operator | Login, ConfigureComponents, ConfigureSelf | 479 # | ReadOnly | Login, ConfigureSelf | 480 481 @{admin}= Create List Login ConfigureManager ConfigureUsers ConfigureComponents ConfigureSelf 482 @{operator}= Create List Login ConfigureComponents ConfigureSelf 483 @{readOnly}= Create List Login ConfigureSelf 484 485 ${roles_dict}= create dictionary admin_privileges=${admin} operator_privileges=${operator} 486 ... readOnly_privileges=${readOnly} 487 488 ${resp}= redfish.Get /redfish/v1/AccountService/Roles/Administrator 489 List Should Contain Sub List ${resp.dict['AssignedPrivileges']} ${roles_dict['admin_privileges']} 490 491 ${resp}= redfish.Get /redfish/v1/AccountService/Roles/Operator 492 List Should Contain Sub List ${resp.dict['AssignedPrivileges']} ${roles_dict['operator_privileges']} 493 494 ${resp}= redfish.Get /redfish/v1/AccountService/Roles/ReadOnly 495 List Should Contain Sub List ${resp.dict['AssignedPrivileges']} ${roles_dict['readOnly_privileges']} 496 497 498Verify Error While Deleting Root User 499 [Documentation] Verify error while deleting root user. 500 [Tags] Verify_Error_While_Deleting_Root_User 501 502 Redfish.Delete /redfish/v1/AccountService/Accounts/root valid_status_codes=[${HTTP_FORBIDDEN}] 503 504 505Verify SSH Login Access With Admin User 506 [Documentation] Verify that admin user does not have SSH login access. 507 [Tags] Verify_SSH_Login_Access_With_Admin_User 508 509 # Create an admin User. 510 Redfish Create User new_admin TestPwd1 Administrator ${True} 511 512 # Attempt SSH login with admin user. 513 SSHLibrary.Open Connection ${OPENBMC_HOST} 514 ${status}= Run Keyword And Return Status SSHLibrary.Login new_admin TestPwd1 515 Should Be Equal ${status} ${False} 516 517 Redfish.Login 518 Redfish.Delete /redfish/v1/AccountService/Accounts/new_admin 519 520 521Verify Configure BasicAuth Enable And Disable 522 [Documentation] Verify configure basicauth enable and disable 523 [Tags] Verify_Configure_BasicAuth_Enable_And_Disable 524 [Template] Template For Configure Auth Methods 525 526 # auth_method 527 BasicAuth 528 XToken 529 530*** Keywords *** 531 532Test Teardown Execution 533 [Documentation] Do the post test teardown. 534 535 Run Keyword And Ignore Error Redfish.Logout 536 FFDC On Test Case Fail 537 538 539Redfish Create User 540 [Documentation] Redfish create user. 541 [Arguments] ${username} ${password} ${role_id} ${enabled} ${login_check}=${True} 542 543 # Description of argument(s): 544 # username The username to be created. 545 # password The password to be assigned. 546 # role_id The role ID of the user to be created 547 # (e.g. "Administrator", "Operator", etc.). 548 # enabled Indicates whether the username being created 549 # should be enabled (${True}, ${False}). 550 # login_check Checks user login for created user. 551 # (e.g. ${True}, ${False}). 552 553 # Make sure the user account in question does not already exist. 554 Redfish.Delete /redfish/v1/AccountService/Accounts/${userName} 555 ... valid_status_codes=[${HTTP_OK}, ${HTTP_NOT_FOUND}] 556 557 # Create specified user. 558 ${payload}= Create Dictionary 559 ... UserName=${username} Password=${password} RoleId=${role_id} Enabled=${enabled} 560 Redfish.Post /redfish/v1/AccountService/Accounts/ body=&{payload} 561 ... valid_status_codes=[${HTTP_CREATED}] 562 563 # Resetting faillock count as a workaround for issue 564 # openbmc/phosphor-user-manager#4 565 ${cmd}= Catenate test -f /usr/sbin/faillock && /usr/sbin/faillock --user USER --reset 566 ... || /usr/sbin/pam_tally2 -u ${username} --reset 567 Bmc Execute Command ${cmd} 568 569 # Verify login with created user. 570 ${status}= Run Keyword If '${login_check}' == '${True}' 571 ... Verify Redfish User Login ${username} ${password} 572 Run Keyword If '${login_check}' == '${True}' Should Be Equal ${status} ${enabled} 573 574 # Validate Role ID of created user. 575 ${role_config}= Redfish_Utils.Get Attribute 576 ... /redfish/v1/AccountService/Accounts/${username} RoleId 577 Should Be Equal ${role_id} ${role_config} 578 579 580Redfish Verify User 581 [Documentation] Redfish user verification. 582 [Arguments] ${username} ${password} ${role_id} ${enabled} 583 584 # Description of argument(s): 585 # username The username to be created. 586 # password The password to be assigned. 587 # role_id The role ID of the user to be created 588 # (e.g. "Administrator", "Operator", etc.). 589 # enabled Indicates whether the username being created 590 # should be enabled (${True}, ${False}). 591 592 ${status}= Verify Redfish User Login ${username} ${password} 593 # Doing a check of the returned status. 594 Should Be Equal ${status} ${enabled} 595 596 # Validate Role Id of user. 597 ${role_config}= Redfish_Utils.Get Attribute 598 ... /redfish/v1/AccountService/Accounts/${username} RoleId 599 Should Be Equal ${role_id} ${role_config} 600 601 602Verify Redfish User Login 603 [Documentation] Verify Redfish login with given user id. 604 [Teardown] Run Keywords Run Keyword And Ignore Error Redfish.Logout AND Redfish.Login 605 [Arguments] ${username} ${password} 606 607 # Description of argument(s): 608 # username Login username. 609 # password Login password. 610 611 # Logout from current Redfish session. 612 # We don't really care if the current session is flushed out since we are going to login 613 # with new credential in next. 614 Run Keyword And Ignore Error Redfish.Logout 615 616 ${status}= Run Keyword And Return Status Redfish.Login ${username} ${password} 617 [Return] ${status} 618 619 620Redfish Create And Verify User 621 [Documentation] Redfish create and verify user. 622 [Arguments] ${username} ${password} ${role_id} ${enabled} 623 624 # Description of argument(s): 625 # username The username to be created. 626 # password The password to be assigned. 627 # role_id The role ID of the user to be created 628 # (e.g. "Administrator", "Operator", etc.). 629 # enabled Indicates whether the username being created 630 # should be enabled (${True}, ${False}). 631 632 # Example: 633 #{ 634 #"@odata.context": "/redfish/v1/$metadata#ManagerAccount.ManagerAccount", 635 #"@odata.id": "/redfish/v1/AccountService/Accounts/test1", 636 #"@odata.type": "#ManagerAccount.v1_0_3.ManagerAccount", 637 #"Description": "User Account", 638 #"Enabled": true, 639 #"Id": "test1", 640 #"Links": { 641 # "Role": { 642 # "@odata.id": "/redfish/v1/AccountService/Roles/Administrator" 643 # } 644 #}, 645 646 Redfish Create User ${username} ${password} ${role_id} ${enabled} 647 648 Redfish Verify User ${username} ${password} ${role_id} ${enabled} 649 650 # Delete Specified User 651 Redfish.Delete /redfish/v1/AccountService/Accounts/${username} 652 653Verify Redfish User with Wrong Password 654 [Documentation] Verify Redfish User with Wrong Password. 655 [Arguments] ${username} ${password} ${role_id} ${enabled} ${wrong_password} 656 657 # Description of argument(s): 658 # username The username to be created. 659 # password The password to be assigned. 660 # role_id The role ID of the user to be created 661 # (e.g. "Administrator", "Operator", etc.). 662 # enabled Indicates whether the username being created 663 # should be enabled (${True}, ${False}). 664 # wrong_password Any invalid password. 665 666 Redfish Create User ${username} ${password} ${role_id} ${enabled} 667 668 Redfish.Logout 669 670 # Attempt to login with created user with invalid password. 671 Run Keyword And Expect Error InvalidCredentialsError* 672 ... Redfish.Login ${username} ${wrong_password} 673 674 Redfish.Login 675 676 # Delete newly created user. 677 Redfish.Delete /redfish/v1/AccountService/Accounts/${username} 678 679 680Verify Login with Deleted Redfish User 681 [Documentation] Verify Login with Deleted Redfish User. 682 [Arguments] ${username} ${password} ${role_id} ${enabled} 683 684 # Description of argument(s): 685 # username The username to be created. 686 # password The password to be assigned. 687 # role_id The role ID of the user to be created 688 # (e.g. "Administrator", "Operator", etc.). 689 # enabled Indicates whether the username being created 690 # should be enabled (${True}, ${False}). 691 692 Redfish Create User ${username} ${password} ${role_id} ${enabled} 693 694 # Delete newly created user. 695 Redfish.Delete /redfish/v1/AccountService/Accounts/${userName} 696 697 Redfish.Logout 698 699 # Attempt to login with deleted user account. 700 Run Keyword And Expect Error InvalidCredentialsError* 701 ... Redfish.Login ${username} ${password} 702 703 Redfish.Login 704 705 706Verify Create User Without Enabling 707 [Documentation] Verify Create User Without Enabling. 708 [Arguments] ${username} ${password} ${role_id} ${enabled} 709 710 # Description of argument(s): 711 # username The username to be created. 712 # password The password to be assigned. 713 # role_id The role ID of the user to be created 714 # (e.g. "Administrator", "Operator", etc.). 715 # enabled Indicates whether the username being created 716 # should be enabled (${True}, ${False}). 717 718 Redfish Create User ${username} ${password} ${role_id} ${enabled} ${False} 719 720 Redfish.Logout 721 722 # Login with created user. 723 Run Keyword And Expect Error InvalidCredentialsError* 724 ... Redfish.Login ${username} ${password} 725 726 Redfish.Login 727 728 # Delete newly created user. 729 Redfish.Delete /redfish/v1/AccountService/Accounts/${username} 730 731Template For Configure Auth Methods 732 [Documentation] Template to configure auth methods. 733 [Arguments] ${auth_method} 734 [Teardown] Configure AuthMethods ${auth_method}=${initial_value} 735 736 # Description of Argument(s): 737 # authmethods The authmethod setting which needs to be 738 # set in account service URI. 739 # valid values BasicAuth, XToken. 740 741 Get AuthMethods Default Values ${auth_method} 742 743 # Patch basicauth to TRUE 744 Configure AuthMethods ${auth_method}=${TRUE} 745 746 Run Keyword IF "${auth_method}" == "XToken" 747 ... Check XToken Works Fine ${HTTP_OK} 748 ... ELSE 749 ... Check BasicAuth Works Fine ${HTTP_OK} 750 751 # Patch basicauth to FALSE 752 Configure AuthMethods ${auth_method}=${FALSE} 753 754 Run Keyword IF "${auth_method}" == "BasicAuth" 755 ... Check BasicAuth Works Fine ${HTTP_UNAUTHORIZED} 756 ... ELSE 757 ... Check XToken Works Fine ${HTTP_UNAUTHORIZED} 758 759Configure AuthMethods 760 [Documentation] Enable/disable authmethod types. 761 [Arguments] &{authmethods} 762 763 # Description of argument(s): 764 # authmethods The authmethod setting which needs to be 765 # set in account service URI. 766 # Usage Example Configure AuthMethods XToken=${TRUE} BasicAuth=${TRUE} 767 # This will set the value of "XToken" and "BasicAuth" 768 # property in accountservice uri to TRUE. 769 770 ${openbmc}= Create Dictionary AuthMethods=${authmethods} 771 ${oem}= Create Dictionary OpenBMC=${openbmc} 772 ${payload}= Create Dictionary Oem=${oem} 773 774 # Setting authmethod properties using Redfish session based auth 775 ${status}= Run Keyword And Return Status 776 ... Redfish.Patch ${REDFISH_BASE_URI}AccountService 777 ... body=${payload} valid_status_codes=[${HTTP_OK},${HTTP_NO_CONTENT}] 778 779 # Setting authmethod properties using basic auth incase the former fails 780 IF ${status}==${FALSE} 781 # Payload dictionary pre-process to match json formatting 782 ${payload}= Convert To String ${payload} 783 ${payload}= Replace String ${payload} ' " 784 ${payload}= Replace String ${payload} False false 785 ${payload}= Replace String ${payload} True true 786 787 # Curl Command Framing for PATCH authmethod 788 ${cmd}= Catenate curl -k -i -u ${OPENBMC_USERNAME}:${OPENBMC_PASSWORD} 789 ... -X PATCH '${AUTH_URI}${REDFISH_ACCOUNTS_SERVICE_URI}' 790 ... -H 'content-type:application/json' -H 'If-Match:*' 791 ... -d '${payload}' 792 ${rc} ${out}= Run And Return Rc And Output ${cmd} 793 794 # Check the response of curl command is 200 or 204 795 ${check_no_content}= 796 ... Run Keyword and Return Status Should Contain ${out} 204 797 ${check_ok}= 798 ... Run Keyword and Return Status Should Contain ${out} 200 799 Pass Execution If ${check_no_content}==${TRUE} 800 ... OR ${check_ok}==${TRUE} 801 END 802 803 804Get AuthMethods Default Values 805 [Documentation] Get enabled/disabled status of all authmethods 806 ... from Redfish account service URI 807 [Arguments] ${authmethod} 808 809 # Description of argument(s): 810 # authmethod The authmethod property whose value needs to be 811 # retrieved from account service URI. 812 # Usage Example Get AuthMethods Default Values BasicAuth 813 # returns >> ${TRUE} 814 # Example: 815 # { 816 # "@odata.id": "/redfish/v1/AccountService", 817 # (...) 818 # "Oem": { 819 # "OpenBMC": { 820 # "AuthMethods": { 821 # "BasicAuth": true, 822 # "Cookie": true, 823 # "SessionToken": true, 824 # "TLS": true, 825 # "XToken": true 826 # } 827 # } 828 # } 829 # } 830 831 ${resp}= Redfish.Get Attribute ${REDFISH_ACCOUNTS_SERVICE_URI} Oem 832 ${authmethods}= Set Variable ${resp['OpenBMC']['AuthMethods']} 833 ${initial_value}= Get From Dictionary ${authmethods} ${authmethod} 834 Set Test Variable ${initial_value} 835 836Check XToken Works Fine 837 [Documentation] Verify Xtoken works fine. 838 [Arguments] ${status_code} 839 840 # Description of Argument(s): 841 # status_code : 200, 401. 842 843 # Verify xtoken auth works for xtoken 844 Redfish.Get ${REDFISH_ACCOUNTS_SERVICE_URI} 845 ... valid_status_codes=[${status_code}] 846 847Check BasicAuth Works Fine 848 [Documentation] Verify Basic Auth works fine. 849 [Arguments] ${status_code} 850 851 # Description of Argument(s): 852 # status_code : 200, 401. 853 854 # Verify basic auth works based on basic auth. 855 ${cmd}= Catenate curl -k -i -u ${OPENBMC_USERNAME}:${OPENBMC_PASSWORD} 856 ... ${AUTH_URI}/redfish/v1/AccountService 857 ${rc} ${out}= Run And Return Rc And Output ${cmd} 858 859 # Check the response of curl command is 200/401 860 Should Contain ${out} ${status_code} 861