xref: /openbmc/openbmc-test-automation/redfish/account_service/test_user_account.robot (revision a68c5ae4f846262b438d77e44b64a3faefa84a91)
1*** Settings ***
2Documentation    Test Redfish user account.
3
4Resource         ../../lib/resource.robot
5Resource         ../../lib/bmc_redfish_resource.robot
6Resource         ../../lib/openbmc_ffdc.robot
7Resource         ../../lib/bmc_redfish_utils.robot
8
9Library          SSHLibrary
10
11Test Setup       Redfish.Login
12Test Teardown    Test Teardown Execution
13
14*** Variables ***
15
16${account_lockout_duration}   ${30}
17${account_lockout_threshold}  ${3}
18
19${ssh_status}                 ${True}
20
21** Test Cases **
22
23Verify AccountService Available
24    [Documentation]  Verify Redfish account service is available.
25    [Tags]  Verify_AccountService_Available
26
27    ${resp} =  Redfish_utils.Get Attribute  /redfish/v1/AccountService  ServiceEnabled
28    Should Be Equal As Strings  ${resp}  ${True}
29
30
31Verify Redfish Admin User Persistence After Reboot
32    [Documentation]  Verify Redfish admin user persistence after reboot.
33    [Tags]  Verify_Redfish_Admin_User_Persistence_After_Reboot
34    [Setup]  Run Keywords  Redfish.Login  AND
35    ...  Redfish Create User  admin_user  TestPwd123  Administrator  ${True}
36    [Teardown]  Run Keywords  Redfish.Delete  /redfish/v1/AccountService/Accounts/admin_user
37    ...  AND  Test Teardown Execution
38
39    # Reboot BMC.
40    Redfish OBMC Reboot (off)  stack_mode=normal
41
42    # Verify users after reboot.
43    Redfish Verify User  admin_user     TestPwd123  Administrator   ${True}
44
45
46Verify Redfish Operator User Persistence After Reboot
47    [Documentation]  Verify Redfish operator user persistence after reboot.
48    [Tags]  Verify_Redfish_Operator_User_Persistence_After_Reboot
49    [Setup]  Run Keywords  Redfish.Login  AND
50    ...  Redfish Create User  operator_user  TestPwd123  Operator  ${True}
51    [Teardown]  Run Keywords  Redfish.Delete  /redfish/v1/AccountService/Accounts/operator_user
52    ...  AND  Test Teardown Execution
53
54    # Reboot BMC.
55    Redfish OBMC Reboot (off)  stack_mode=normal
56
57    # Verify users after reboot.
58    Redfish Verify User  operator_user  TestPwd123  Operator        ${True}
59
60
61Verify Redfish Readonly User Persistence After Reboot
62    [Documentation]  Verify Redfish readonly user persistence after reboot.
63    [Tags]  Verify_Redfish_Readonly_User_Persistence_After_Reboot
64    [Setup]  Run Keywords  Redfish.Login  AND
65    ...  Redfish Create User  readonly_user  TestPwd123  ReadOnly  ${True}
66    [Teardown]  Run Keywords  Redfish.Delete  /redfish/v1/AccountService/Accounts/readonly_user
67    ...  AND  Test Teardown Execution
68
69    # Reboot BMC.
70    Redfish OBMC Reboot (off)  stack_mode=normal
71
72    # Verify users after reboot.
73    Redfish Verify User  readonly_user  TestPwd123  ReadOnly        ${True}
74
75
76Redfish Create and Verify Admin User
77    [Documentation]  Create a Redfish user with administrator role and verify.
78    [Tags]  Redfish_Create_and_Verify_Admin_User
79    [Template]  Redfish Create And Verify User
80
81    #username      password    role_id         enabled
82    admin_user     TestPwd123  Administrator   ${True}
83
84
85Redfish Create and Verify Operator User
86    [Documentation]  Create a Redfish user with operator role and verify.
87    [Tags]  Redfish_Create_and_Verify_Operator_User
88    [Template]  Redfish Create And Verify User
89
90    #username      password    role_id         enabled
91    operator_user  TestPwd123  Operator        ${True}
92
93
94Redfish Create and Verify Readonly User
95    [Documentation]  Create a Redfish user with readonly role and verify.
96    [Tags]  Redfish_Create_and_Verify_Readonly_User
97    [Template]  Redfish Create And Verify User
98
99    #username      password    role_id         enabled
100    readonly_user  TestPwd123  ReadOnly        ${True}
101
102
103Verify Redfish Admin User With Wrong Password
104    [Documentation]  Verify Redfish admin user with wrong password.
105    [Tags]  Verify_Redfish_Admin_User_With_Wrong_Password
106    [Template]  Verify Redfish User with Wrong Password
107
108    #username      password    role_id         enabled  wrong_password
109    admin_user     TestPwd123  Administrator   ${True}  alskjhfwurh
110
111
112Verify Redfish Operator User with Wrong Password
113    [Documentation]  Verify Redfish operator user with wrong password.
114    [Tags]  Verify_Redfish_Operator_User_with_Wrong_Password
115    [Template]  Verify Redfish User with Wrong Password
116
117    #username      password    role_id         enabled  wrong_password
118    operator_user  TestPwd123  Operator        ${True}  12j8a8uakjhdaosiruf024
119
120
121Verify Redfish Readonly User With Wrong Password
122    [Documentation]  Verify Redfish readonly user with wrong password.
123    [Tags]  Verify_Redfish_Readonly_User_With_Wrong_Password
124    [Template]  Verify Redfish User with Wrong Password
125
126    #username      password    role_id         enabled  wrong_password
127    readonly_user  TestPwd123  ReadOnly        ${True}  12
128
129
130Verify Login with Deleted Redfish Admin User
131    [Documentation]  Verify login with deleted Redfish admin user.
132    [Tags]  Verify_Login_with_Deleted_Redfish_Admin_User
133    [Template]  Verify Login with Deleted Redfish User
134
135    #username     password    role_id         enabled
136    admin_user     TestPwd123  Administrator   ${True}
137
138
139Verify Login with Deleted Redfish Operator User
140    [Documentation]  Verify login with deleted Redfish operator user.
141    [Tags]  Verify_Login_with_Deleted_Redfish_Operator_User
142    [Template]  Verify Login with Deleted Redfish User
143
144    #username     password    role_id         enabled
145    operator_user  TestPwd123  Operator        ${True}
146
147
148Verify Login with Deleted Redfish Readonly User
149    [Documentation]  Verify login with deleted Redfish readonly user.
150    [Tags]  Verify_Login_with_Deleted_Redfish_Readonly_User
151    [Template]  Verify Login with Deleted Redfish User
152
153    #username     password    role_id         enabled
154    readonly_user  TestPwd123  ReadOnly        ${True}
155
156
157Verify Admin User Creation Without Enabling It
158    [Documentation]  Verify admin user creation without enabling it.
159    [Tags]  Verify_Admin_User_Creation_Without_Enabling_It
160    [Template]  Verify Create User Without Enabling
161
162    #username      password    role_id         enabled
163    admin_user     TestPwd123  Administrator   ${False}
164
165
166Verify Operator User Creation Without Enabling It
167    [Documentation]  Verify operator user creation without enabling it.
168    [Tags]  Verify_Operator_User_Creation_Without_Enabling_It
169    [Template]  Verify Create User Without Enabling
170
171    #username      password    role_id         enabled
172    operator_user  TestPwd123  Operator        ${False}
173
174
175Verify Readonly User Creation Without Enabling It
176    [Documentation]  Verify readonly user creation without enabling it.
177    [Tags]  Verify_Readonly_User_Creation_Without_Enabling_It
178    [Template]  Verify Create User Without Enabling
179
180    #username      password    role_id         enabled
181    readonly_user  TestPwd123  ReadOnly        ${False}
182
183
184Verify User Creation With Invalid Role Id
185    [Documentation]  Verify user creation with invalid role ID.
186    [Tags]  Verify_User_Creation_With_Invalid_Role_Id
187
188    # Make sure the user account in question does not already exist.
189    Redfish.Delete  /redfish/v1/AccountService/Accounts/test_user
190    ...  valid_status_codes=[${HTTP_OK}, ${HTTP_NOT_FOUND}]
191
192    # Create specified user.
193    ${payload}=  Create Dictionary
194    ...  UserName=test_user  Password=TestPwd123  RoleId=wrongroleid  Enabled=${True}
195    Redfish.Post  /redfish/v1/AccountService/Accounts/  body=&{payload}
196    ...  valid_status_codes=[${HTTP_BAD_REQUEST}]
197
198Verify Error Upon Creating Same Users With Different Privileges
199    [Documentation]  Verify error upon creating same users with different privileges.
200    [Tags]  Verify_Error_Upon_Creating_Same_Users_With_Different_Privileges
201
202    Redfish Create User  test_user  TestPwd123  Administrator  ${True}
203
204    # Create specified user.
205    ${payload}=  Create Dictionary
206    ...  UserName=test_user  Password=TestPwd123  RoleId=ReadOnly  Enabled=${True}
207    Redfish.Post  /redfish/v1/AccountService/Accounts/  body=&{payload}
208    ...  valid_status_codes=[${HTTP_BAD_REQUEST}]
209
210    Redfish.Delete  /redfish/v1/AccountService/Accounts/test_user
211
212
213Verify Modifying User Attributes
214    [Documentation]  Verify modifying user attributes.
215    [Tags]  Verify_Modifying_User_Attributes
216
217    # Create Redfish users.
218    Redfish Create User  admin_user     TestPwd123  Administrator   ${True}
219    Redfish Create User  readonly_user  TestPwd123  ReadOnly        ${True}
220
221    # Make sure the new user account does not already exist.
222    Redfish.Delete  /redfish/v1/AccountService/Accounts/newadmin_user
223    ...  valid_status_codes=[${HTTP_OK}, ${HTTP_NOT_FOUND}]
224
225    # Update admin_user username using Redfish.
226    ${payload}=  Create Dictionary  UserName=newadmin_user
227    Redfish.Patch  /redfish/v1/AccountService/Accounts/admin_user  body=&{payload}
228    ...  valid_status_codes=[${HTTP_OK}, ${HTTP_NO_CONTENT}]
229
230    # Update readonly_user role using Redfish.
231    ${payload}=  Create Dictionary  RoleId=Administrator
232    Redfish.Patch  /redfish/v1/AccountService/Accounts/readonly_user  body=&{payload}
233    ...  valid_status_codes=[${HTTP_OK}, ${HTTP_NO_CONTENT}]
234
235    # Verify users after updating
236    Redfish Verify User  newadmin_user  TestPwd123     Administrator   ${True}
237    Redfish Verify User  readonly_user  TestPwd123     Administrator   ${True}
238
239    # Delete created users.
240    Redfish.Delete  /redfish/v1/AccountService/Accounts/newadmin_user
241    Redfish.Delete  /redfish/v1/AccountService/Accounts/readonly_user
242
243
244Verify Modifying Operator User Attributes
245    [Documentation]  Verify modifying operator user attributes.
246    [Tags]  Verify_Modifying_Operator_User_Attributes
247    [Setup]  Run Keywords  Redfish.Login  AND
248    ...  Redfish Create User  operator_user  TestPwd123  Operator  ${True}
249    [Teardown]  Run Keywords  Redfish.Delete  /redfish/v1/AccountService/Accounts/operator_user
250    ...  AND  Test Teardown Execution
251
252    # Update operator_user password using Redfish.
253    ${payload}=  Create Dictionary  Password=NewTestPwd123
254    Redfish.Patch  /redfish/v1/AccountService/Accounts/operator_user  body=&{payload}
255
256    # Verify users after updating
257    Redfish Verify User  operator_user  NewTestPwd123  Operator        ${True}
258
259
260Verify User Account Locked
261    [Documentation]  Verify user account locked upon trying with invalid password.
262    [Tags]  Verify_User_Account_Locked
263
264    Redfish Create User  admin_user  TestPwd123  Administrator   ${True}
265
266    ${payload}=  Create Dictionary  AccountLockoutThreshold=${account_lockout_threshold}
267    ...  AccountLockoutDuration=${account_lockout_duration}
268    Redfish.Patch  ${REDFISH_ACCOUNTS_SERVICE_URI}  body=${payload}
269
270    Redfish.Logout
271
272    # Make ${account_lockout_threshold} failed login attempts.
273    Repeat Keyword  ${account_lockout_threshold} times
274    ...  Run Keyword And Expect Error  InvalidCredentialsError*  Redfish.Login  admin_user  abc123
275
276    # Verify that legitimate login fails due to lockout.
277    Run Keyword And Expect Error  InvalidCredentialsError*
278    ...  Redfish.Login  admin_user  TestPwd123
279
280    # Wait for lockout duration to expire and then verify that login works.
281    Sleep  ${account_lockout_duration}s
282    Redfish.Login  admin_user  TestPwd123
283
284    Redfish.Logout
285
286    Redfish.Login
287
288    Redfish.Delete  /redfish/v1/AccountService/Accounts/admin_user
289
290
291Verify User Account Unlock
292    [Documentation]  Verify manually unlocking the account before lockout time
293    [Tags]  Verify_User_Account_Unlock
294    [Teardown]  Run Keywords  Redfish.Logout
295    ...  AND  Redfish.Login
296    ...  AND  Redfish.Delete  /redfish/v1/AccountService/Accounts/test_user
297    ...  AND  SSHLibrary.Close All Connections
298
299    Redfish Create User  test_user  TestPwd123  Administrator  ${True}
300
301    ${payload}=  Create Dictionary
302    ...  AccountLockoutThreshold=${account_lockout_threshold}
303    ...  AccountLockoutDuration=${account_lockout_duration}
304    Redfish.Patch  ${REDFISH_ACCOUNTS_SERVICE_URI}  body=${payload}
305
306    Redfish.Logout
307
308    # Make ${account_lockout_threshold} failed login attempts.
309    Repeat Keyword  ${account_lockout_threshold} times
310    ...  Run Keyword And Expect Error  InvalidCredentialsError*
311    ...  Redfish.Login  test_user  abc123
312
313    # Ensure SSH Login with locked account gets failed
314    SSHLibrary.Open Connection  ${OPENBMC_HOST}
315    Run Keyword And Expect Error  Authentication failed*
316    ...  SSHLibrary.Login  test_user  TestPwd123
317
318    # Verify that legitimate login fails due to lockout.
319    Run Keyword And Expect Error  InvalidCredentialsError*
320    ...  Redfish.Login  test_user  TestPwd123
321
322    ${payload}=  Create Dictionary  Locked=${FALSE}
323
324    # Manually unlock the account before lockout threshold expires
325    Redfish.Login
326    Redfish.Patch  ${REDFISH_ACCOUNTS_URI}test_user  body=${payload}
327    Redfish.Logout
328
329    # Try redfish login with the recently unlocked account
330    Redfish.Login  test_user  TestPwd123
331
332    # Try SSH login with the unlocked account
333    SSHLibrary.Open Connection  ${OPENBMC_HOST}
334    SSHLibrary.Login  test_user  TestPwd123
335
336
337Verify Admin User Privilege
338    [Documentation]  Verify admin user privilege.
339    [Tags]  Verify_Admin_User_Privilege
340
341    Redfish Create User  admin_user  TestPwd123  Administrator  ${True}
342    Redfish Create User  readonly_user  TestPwd123  ReadOnly  ${True}
343
344    Redfish.Logout
345
346    Redfish.Login  admin_user  TestPwd123
347
348    # Change password of 'readonly' user with admin user.
349    Redfish.Patch  /redfish/v1/AccountService/Accounts/readonly_user  body={'Password': 'NewTestPwd123'}
350
351    # Verify modified user.
352    Redfish Verify User  readonly_user  NewTestPwd123  ReadOnly  ${True}
353
354    # Note: Delete user would work here because a root login is
355    # performed as part of "Redfish Verify User" keyword's teardown.
356    Redfish.Delete  /redfish/v1/AccountService/Accounts/admin_user
357    Redfish.Delete  /redfish/v1/AccountService/Accounts/readonly_user
358
359
360Verify Operator User Role Change Using Admin Privilege User
361    [Documentation]  Verify operator user role change using admin privilege user
362    [Tags]  Verify_Operator_User_Role_Change_Using_Admin_Privilege_User
363
364    Redfish Create User  admin_user  TestPwd123  Administrator  ${True}
365    Redfish Create User  operator_user  TestPwd123  Operator  ${True}
366
367    Redfish.Logout
368
369    # Change role ID of operator user with admin user.
370    # Login with admin user.
371    Redfish.Login  admin_user  TestPwd123
372
373    # Modify Role ID of Operator user.
374    Redfish.Patch  /redfish/v1/AccountService/Accounts/operator_user  body={'RoleId': 'Administrator'}
375
376    # Verify modified user.
377    Redfish Verify User  operator_user  TestPwd123  Administrator  ${True}
378
379    Redfish.Delete  /redfish/v1/AccountService/Accounts/admin_user
380    Redfish.Delete  /redfish/v1/AccountService/Accounts/operator_user
381
382
383Verify Operator User Privilege
384    [Documentation]  Verify operator user privilege.
385    [Tags]  Verify_Operator_User_Privilege
386
387    Redfish Create User  admin_user  TestPwd123  Administrator  ${True}
388    Redfish Create User  operator_user  TestPwd123  Operator  ${True}
389
390    Redfish.Logout
391    # Login with operator user.
392    Redfish.Login  operator_user  TestPwd123
393
394    # Verify BMC reset.
395    Run Keyword And Expect Error  ValueError*  Redfish BMC Reset Operation
396
397    # Attempt to change password of admin user with operator user.
398    Redfish.Patch  /redfish/v1/AccountService/Accounts/admin_user  body={'Password': 'NewTestPwd123'}
399    ...  valid_status_codes=[${HTTP_FORBIDDEN}]
400
401    Redfish.Logout
402
403    Redfish.Login
404
405    Redfish.Delete  /redfish/v1/AccountService/Accounts/admin_user
406    Redfish.Delete  /redfish/v1/AccountService/Accounts/operator_user
407
408
409Verify ReadOnly User Privilege
410    [Documentation]  Verify ReadOnly user privilege.
411    [Tags]  Verify_ReadOnly_User_Privilege
412
413    Redfish Create User  readonly_user  TestPwd123  ReadOnly  ${True}
414    Redfish.Logout
415
416    # Login with read_only user.
417    Redfish.Login  readonly_user  TestPwd123
418
419    # Read system level data.
420    ${system_model}=  Redfish_Utils.Get Attribute
421    ...  ${SYSTEM_BASE_URI}  Model
422
423    Redfish.Logout
424    Redfish.Login
425    Redfish.Delete  ${REDFISH_ACCOUNTS_URI}readonly_user
426
427
428Verify Minimum Password Length For Redfish User
429    [Documentation]  Verify minimum password length for new and existing user.
430    [Tags]  Verify_Minimum_Password_Length_For_Redfish_User
431
432    ${user_name}=  Set Variable  testUser
433
434    # Make sure the user account in question does not already exist.
435    Redfish.Delete  /redfish/v1/AccountService/Accounts/${user_name}
436    ...  valid_status_codes=[${HTTP_OK}, ${HTTP_NOT_FOUND}]
437
438    # Try to create a user with invalid length password.
439    ${payload}=  Create Dictionary
440    ...  UserName=${user_name}  Password=UserPwd  RoleId=Administrator  Enabled=${True}
441    Redfish.Post  /redfish/v1/AccountService/Accounts/  body=&{payload}
442    ...  valid_status_codes=[${HTTP_BAD_REQUEST}]
443
444    # Create specified user with valid length password.
445    Set To Dictionary  ${payload}  Password  UserPwd1
446    Redfish.Post  /redfish/v1/AccountService/Accounts/  body=&{payload}
447    ...  valid_status_codes=[${HTTP_CREATED}]
448
449    # Try to change to an invalid password.
450    Redfish.Patch  /redfish/v1/AccountService/Accounts/${user_name}  body={'Password': 'UserPwd'}
451    ...  valid_status_codes=[${HTTP_BAD_REQUEST}]
452
453    # Change to a valid password.
454    Redfish.Patch  /redfish/v1/AccountService/Accounts/${user_name}  body={'Password': 'UserPwd1'}
455
456    # Verify login.
457    Redfish.Logout
458    Redfish.Login  ${user_name}  UserPwd1
459    Redfish.Logout
460    Redfish.Login
461    Redfish.Delete  /redfish/v1/AccountService/Accounts/${user_name}
462
463
464Verify Standard User Roles Defined By Redfish
465    [Documentation]  Verify standard user roles defined by Redfish.
466    [Tags]  Verify_Standard_User_Roles_Defined_By_Redfish
467
468    ${member_list}=  Redfish_Utils.Get Member List
469    ...  /redfish/v1/AccountService/Roles
470
471    @{roles}=  Create List
472    ...  /redfish/v1/AccountService/Roles/Administrator
473    ...  /redfish/v1/AccountService/Roles/Operator
474    ...  /redfish/v1/AccountService/Roles/ReadOnly
475
476    List Should Contain Sub List  ${member_list}  ${roles}
477
478    # The standard roles are:
479
480    # | Role name | Assigned privileges |
481    # | Administrator | Login, ConfigureManager, ConfigureUsers, ConfigureComponents, ConfigureSelf |
482    # | Operator | Login, ConfigureComponents, ConfigureSelf |
483    # | ReadOnly | Login, ConfigureSelf |
484
485    @{admin}=  Create List  Login  ConfigureManager  ConfigureUsers  ConfigureComponents  ConfigureSelf
486    @{operator}=  Create List  Login  ConfigureComponents  ConfigureSelf
487    @{readOnly}=  Create List  Login  ConfigureSelf
488
489    ${roles_dict}=  create dictionary  admin_privileges=${admin}  operator_privileges=${operator}
490    ...  readOnly_privileges=${readOnly}
491
492    ${resp}=  redfish.Get  /redfish/v1/AccountService/Roles/Administrator
493    List Should Contain Sub List  ${resp.dict['AssignedPrivileges']}  ${roles_dict['admin_privileges']}
494
495    ${resp}=  redfish.Get  /redfish/v1/AccountService/Roles/Operator
496    List Should Contain Sub List  ${resp.dict['AssignedPrivileges']}  ${roles_dict['operator_privileges']}
497
498    ${resp}=  redfish.Get  /redfish/v1/AccountService/Roles/ReadOnly
499    List Should Contain Sub List  ${resp.dict['AssignedPrivileges']}  ${roles_dict['readOnly_privileges']}
500
501
502Verify Error While Deleting Root User
503    [Documentation]  Verify error while deleting root user.
504    [Tags]  Verify_Error_While_Deleting_Root_User
505
506    Redfish.Delete  /redfish/v1/AccountService/Accounts/root  valid_status_codes=[${HTTP_FORBIDDEN}]
507
508
509Verify SSH Login Access With Admin User
510    [Documentation]  Verify that admin user have SSH login access.
511    ...              By default, admin should have access but there could be
512    ...              case where admin user shell access is restricted by design
513    ...              in the community sphere..
514    [Tags]  Verify_SSH_Login_Access_With_Admin_User
515
516    # Create an admin User.
517    Redfish Create User  new_admin  TestPwd1  Administrator  ${True}
518
519    # Attempt SSH login with admin user.
520    SSHLibrary.Open Connection  ${OPENBMC_HOST}
521    ${status}=  Run Keyword And Return Status  SSHLibrary.Login  new_admin  TestPwd1
522
523    # By default ssh_status is True, user can change the status via CLI
524    # -v ssh_status:False
525    Should Be Equal As Strings  "${status}"  "${ssh_status}"
526
527    Redfish.Login
528    Redfish.Delete  /redfish/v1/AccountService/Accounts/new_admin
529
530
531Verify Configure BasicAuth Enable And Disable
532    [Documentation]  Verify configure basicauth enable and disable
533    [Tags]  Verify_Configure_BasicAuth_Enable_And_Disable
534    [Template]  Template For Configure Auth Methods
535
536    # auth_method
537    BasicAuth
538    XToken
539
540*** Keywords ***
541
542Test Teardown Execution
543    [Documentation]  Do the post test teardown.
544
545    Run Keyword And Ignore Error  Redfish.Logout
546    FFDC On Test Case Fail
547
548
549Redfish Create User
550    [Documentation]  Redfish create user.
551    [Arguments]   ${username}  ${password}  ${role_id}  ${enabled}  ${login_check}=${True}
552
553    # Description of argument(s):
554    # username            The username to be created.
555    # password            The password to be assigned.
556    # role_id             The role ID of the user to be created
557    #                     (e.g. "Administrator", "Operator", etc.).
558    # enabled             Indicates whether the username being created
559    #                     should be enabled (${True}, ${False}).
560    # login_check         Checks user login for created user.
561    #                     (e.g. ${True}, ${False}).
562
563    # Make sure the user account in question does not already exist.
564    Redfish.Delete  /redfish/v1/AccountService/Accounts/${userName}
565    ...  valid_status_codes=[${HTTP_OK}, ${HTTP_NOT_FOUND}]
566
567    # Create specified user.
568    ${payload}=  Create Dictionary
569    ...  UserName=${username}  Password=${password}  RoleId=${role_id}  Enabled=${enabled}
570    Redfish.Post  /redfish/v1/AccountService/Accounts/  body=&{payload}
571    ...  valid_status_codes=[${HTTP_CREATED}]
572
573    # Resetting faillock count as a workaround for issue
574    # openbmc/phosphor-user-manager#4
575    ${cmd}=  Catenate  /usr/sbin/faillock --user ${username} --reset
576
577    Bmc Execute Command  ${cmd}
578
579    # Verify login with created user.
580    ${status}=  Run Keyword If  '${login_check}' == '${True}'
581    ...  Verify Redfish User Login  ${username}  ${password}
582    Run Keyword If  '${login_check}' == '${True}'  Should Be Equal  ${status}  ${enabled}
583
584    # Validate Role ID of created user.
585    ${role_config}=  Redfish_Utils.Get Attribute
586    ...  /redfish/v1/AccountService/Accounts/${username}  RoleId
587    Should Be Equal  ${role_id}  ${role_config}
588
589
590Redfish Verify User
591    [Documentation]  Redfish user verification.
592    [Arguments]   ${username}  ${password}  ${role_id}  ${enabled}
593
594    # Description of argument(s):
595    # username            The username to be created.
596    # password            The password to be assigned.
597    # role_id             The role ID of the user to be created
598    #                     (e.g. "Administrator", "Operator", etc.).
599    # enabled             Indicates whether the username being created
600    #                     should be enabled (${True}, ${False}).
601
602    ${status}=  Verify Redfish User Login  ${username}  ${password}
603    # Doing a check of the returned status.
604    Should Be Equal  ${status}  ${enabled}
605
606    # Validate Role Id of user.
607    ${role_config}=  Redfish_Utils.Get Attribute
608    ...  /redfish/v1/AccountService/Accounts/${username}  RoleId
609    Should Be Equal  ${role_id}  ${role_config}
610
611
612Verify Redfish User Login
613    [Documentation]  Verify Redfish login with given user id.
614    [Teardown]  Run Keywords  Run Keyword And Ignore Error  Redfish.Logout  AND  Redfish.Login
615    [Arguments]   ${username}  ${password}
616
617    # Description of argument(s):
618    # username            Login username.
619    # password            Login password.
620
621    # Logout from current Redfish session.
622    # We don't really care if the current session is flushed out since we are going to login
623    # with new credential in next.
624    Run Keyword And Ignore Error  Redfish.Logout
625
626    ${status}=  Run Keyword And Return Status  Redfish.Login  ${username}  ${password}
627    RETURN  ${status}
628
629
630Redfish Create And Verify User
631    [Documentation]  Redfish create and verify user.
632    [Arguments]   ${username}  ${password}  ${role_id}  ${enabled}
633
634    # Description of argument(s):
635    # username            The username to be created.
636    # password            The password to be assigned.
637    # role_id             The role ID of the user to be created
638    #                     (e.g. "Administrator", "Operator", etc.).
639    # enabled             Indicates whether the username being created
640    #                     should be enabled (${True}, ${False}).
641
642    # Example:
643    #{
644    #"@odata.context": "/redfish/v1/$metadata#ManagerAccount.ManagerAccount",
645    #"@odata.id": "/redfish/v1/AccountService/Accounts/test1",
646    #"@odata.type": "#ManagerAccount.v1_0_3.ManagerAccount",
647    #"Description": "User Account",
648    #"Enabled": true,
649    #"Id": "test1",
650    #"Links": {
651    #  "Role": {
652    #    "@odata.id": "/redfish/v1/AccountService/Roles/Administrator"
653    #  }
654    #},
655
656    Redfish Create User  ${username}  ${password}  ${role_id}  ${enabled}
657
658    Redfish Verify User  ${username}  ${password}  ${role_id}  ${enabled}
659
660    # Delete Specified User
661    Redfish.Delete  /redfish/v1/AccountService/Accounts/${username}
662
663Verify Redfish User with Wrong Password
664    [Documentation]  Verify Redfish User with Wrong Password.
665    [Arguments]   ${username}  ${password}  ${role_id}  ${enabled}  ${wrong_password}
666
667    # Description of argument(s):
668    # username            The username to be created.
669    # password            The password to be assigned.
670    # role_id             The role ID of the user to be created
671    #                     (e.g. "Administrator", "Operator", etc.).
672    # enabled             Indicates whether the username being created
673    #                     should be enabled (${True}, ${False}).
674    # wrong_password      Any invalid password.
675
676    Redfish Create User  ${username}  ${password}  ${role_id}  ${enabled}
677
678    Redfish.Logout
679
680    # Attempt to login with created user with invalid password.
681    Run Keyword And Expect Error  InvalidCredentialsError*
682    ...  Redfish.Login  ${username}  ${wrong_password}
683
684    Redfish.Login
685
686    # Delete newly created user.
687    Redfish.Delete  /redfish/v1/AccountService/Accounts/${username}
688
689
690Verify Login with Deleted Redfish User
691    [Documentation]  Verify Login with Deleted Redfish User.
692    [Arguments]   ${username}  ${password}  ${role_id}  ${enabled}
693
694    # Description of argument(s):
695    # username            The username to be created.
696    # password            The password to be assigned.
697    # role_id             The role ID of the user to be created
698    #                     (e.g. "Administrator", "Operator", etc.).
699    # enabled             Indicates whether the username being created
700    #                     should be enabled (${True}, ${False}).
701
702    Redfish Create User  ${username}  ${password}  ${role_id}  ${enabled}
703
704    # Delete newly created user.
705    Redfish.Delete  /redfish/v1/AccountService/Accounts/${userName}
706
707    Redfish.Logout
708
709    # Attempt to login with deleted user account.
710    Run Keyword And Expect Error  InvalidCredentialsError*
711    ...  Redfish.Login  ${username}  ${password}
712
713    Redfish.Login
714
715
716Verify Create User Without Enabling
717    [Documentation]  Verify Create User Without Enabling.
718    [Arguments]   ${username}  ${password}  ${role_id}  ${enabled}
719
720    # Description of argument(s):
721    # username            The username to be created.
722    # password            The password to be assigned.
723    # role_id             The role ID of the user to be created
724    #                     (e.g. "Administrator", "Operator", etc.).
725    # enabled             Indicates whether the username being created
726    #                     should be enabled (${True}, ${False}).
727
728    Redfish Create User  ${username}  ${password}  ${role_id}  ${enabled}  ${False}
729
730    Redfish.Logout
731
732    # Login with created user.
733    Run Keyword And Expect Error  InvalidCredentialsError*
734    ...  Redfish.Login  ${username}  ${password}
735
736    Redfish.Login
737
738    # Delete newly created user.
739    Redfish.Delete  /redfish/v1/AccountService/Accounts/${username}
740
741Template For Configure Auth Methods
742    [Documentation]  Template to configure auth methods.
743    [Arguments]  ${auth_method}
744    [Teardown]  Configure AuthMethods  ${auth_method}=${initial_value}
745
746    # Description of Argument(s):
747    # authmethods   The authmethod setting which needs to be
748    #               set in account service URI.
749    # valid values  BasicAuth, XToken.
750
751    Get AuthMethods Default Values  ${auth_method}
752
753    # Patch basicauth to TRUE
754    Configure AuthMethods  ${auth_method}=${TRUE}
755
756    Run Keyword IF  "${auth_method}" == "XToken"
757    ...    Check XToken Works Fine  ${HTTP_OK}
758    ...  ELSE
759    ...    Check BasicAuth Works Fine  ${HTTP_OK}
760
761    # Patch basicauth to FALSE
762    Configure AuthMethods  ${auth_method}=${FALSE}
763
764    Run Keyword IF  "${auth_method}" == "BasicAuth"
765    ...    Check BasicAuth Works Fine  ${HTTP_UNAUTHORIZED}
766    ...  ELSE
767    ...    Check XToken Works Fine  ${HTTP_UNAUTHORIZED}
768
769Configure AuthMethods
770    [Documentation]  Enable/disable authmethod types.
771    [Arguments]  &{authmethods}
772
773    # Description of argument(s):
774    # authmethods            The authmethod setting which needs to be
775    #                        set in account service URI.
776    # Usage Example          Configure AuthMethods  XToken=${TRUE}  BasicAuth=${TRUE}
777    #                        This will set the value of "XToken" and "BasicAuth"
778    #                        property in accountservice uri to TRUE.
779
780    ${openbmc}=  Create Dictionary  AuthMethods=${authmethods}
781    ${oem}=  Create Dictionary  OpenBMC=${openbmc}
782    ${payload}=  Create Dictionary  Oem=${oem}
783
784    # Setting authmethod properties using Redfish session based auth
785    ${status}=  Run Keyword And Return Status
786    ...  Redfish.Patch  ${REDFISH_BASE_URI}AccountService
787    ...  body=${payload}  valid_status_codes=[${HTTP_OK},${HTTP_NO_CONTENT}]
788
789    # Setting authmethod properties using basic auth in case the former fails
790    IF  ${status}==${FALSE}
791        # Payload dictionary pre-process to match json formatting
792        ${payload}=  Convert To String  ${payload}
793        ${payload}=  Replace String  ${payload}  '  "
794        ${payload}=  Replace String  ${payload}  False  false
795        ${payload}=  Replace String  ${payload}  True  true
796
797        # Curl Command Framing for PATCH authmethod
798        ${cmd}=  Catenate  curl -k -i -u ${OPENBMC_USERNAME}:${OPENBMC_PASSWORD}
799        ...  -X PATCH '${AUTH_URI}${REDFISH_ACCOUNTS_SERVICE_URI}'
800        ...  -H 'content-type:application/json' -H 'If-Match:*'
801        ...  -d '${payload}'
802        ${rc}  ${out}=  Run And Return Rc And Output  ${cmd}
803
804        #  Check the response of curl command is 200 or 204
805        ${check_no_content}=
806        ...  Run Keyword and Return Status  Should Contain  ${out}  204
807        ${check_ok}=
808        ...  Run Keyword and Return Status  Should Contain  ${out}  200
809        Pass Execution If  ${check_no_content}==${TRUE}
810        ...  OR  ${check_ok}==${TRUE}
811    END
812
813
814Get AuthMethods Default Values
815    [Documentation]  Get enabled/disabled status of all authmethods
816    ...  from Redfish account service URI
817    [Arguments]  ${authmethod}
818
819    # Description of argument(s):
820    # authmethod            The authmethod property whose value needs to be
821    #                       retrieved from account service URI.
822    # Usage Example         Get AuthMethods Default Values  BasicAuth
823    #                       returns >> ${TRUE}
824    # Example:
825    # {
826    #     "@odata.id": "/redfish/v1/AccountService",
827    #     (...)
828    #     "Oem": {
829    #         "OpenBMC": {
830    #             "AuthMethods": {
831    #                 "BasicAuth": true,
832    #                 "Cookie": true,
833    #                 "SessionToken": true,
834    #                 "TLS": true,
835    #                 "XToken": true
836    #             }
837    #         }
838    #     }
839    # }
840
841    ${resp}=  Redfish.Get Attribute  ${REDFISH_ACCOUNTS_SERVICE_URI}  Oem
842    ${authmethods}=  Set Variable  ${resp['OpenBMC']['AuthMethods']}
843    ${initial_value}=  Get From Dictionary  ${authmethods}  ${authmethod}
844    Set Test Variable  ${initial_value}
845
846Check XToken Works Fine
847    [Documentation]  Verify Xtoken works fine.
848    [Arguments]  ${status_code}
849
850    # Description of Argument(s):
851    # status_code : 200, 401.
852
853    # Verify xtoken auth works for xtoken
854    Redfish.Get  ${REDFISH_ACCOUNTS_SERVICE_URI}
855    ...  valid_status_codes=[${status_code}]
856
857Check BasicAuth Works Fine
858    [Documentation]  Verify Basic Auth works fine.
859    [Arguments]  ${status_code}
860
861    # Description of Argument(s):
862    # status_code : 200, 401.
863
864    # Verify basic auth works based on basic auth.
865    ${cmd}=  Catenate  curl -k -i -u ${OPENBMC_USERNAME}:${OPENBMC_PASSWORD}
866    ...  ${AUTH_URI}/redfish/v1/AccountService
867    ${rc}  ${out}=  Run And Return Rc And Output  ${cmd}
868
869    #  Check the response of curl command is 200/401
870    Should Contain  ${out}  ${status_code}
871