1*** Settings *** 2Documentation Test Redfish user account. 3 4Resource ../../lib/resource.robot 5Resource ../../lib/bmc_redfish_resource.robot 6Resource ../../lib/openbmc_ffdc.robot 7Resource ../../lib/bmc_redfish_utils.robot 8 9Library SSHLibrary 10 11Test Setup Redfish.Login 12Test Teardown Test Teardown Execution 13 14*** Variables *** 15 16${account_lockout_duration} ${30} 17${account_lockout_threshold} ${3} 18 19${ssh_status} ${True} 20 21** Test Cases ** 22 23Verify AccountService Available 24 [Documentation] Verify Redfish account service is available. 25 [Tags] Verify_AccountService_Available 26 27 ${resp} = Redfish_utils.Get Attribute /redfish/v1/AccountService ServiceEnabled 28 Should Be Equal As Strings ${resp} ${True} 29 30 31Verify Redfish Admin User Persistence After Reboot 32 [Documentation] Verify Redfish admin user persistence after reboot. 33 [Tags] Verify_Redfish_Admin_User_Persistence_After_Reboot 34 [Setup] Run Keywords Redfish.Login AND 35 ... Redfish Create User admin_user TestPwd123 Administrator ${True} 36 [Teardown] Run Keywords Redfish.Delete /redfish/v1/AccountService/Accounts/admin_user 37 ... AND Test Teardown Execution 38 39 # Reboot BMC. 40 Redfish OBMC Reboot (off) stack_mode=normal 41 42 # Verify users after reboot. 43 Redfish Verify User admin_user TestPwd123 Administrator ${True} 44 45 46Verify Redfish Operator User Persistence After Reboot 47 [Documentation] Verify Redfish operator user persistence after reboot. 48 [Tags] Verify_Redfish_Operator_User_Persistence_After_Reboot 49 [Setup] Run Keywords Redfish.Login AND 50 ... Redfish Create User operator_user TestPwd123 Operator ${True} 51 [Teardown] Run Keywords Redfish.Delete /redfish/v1/AccountService/Accounts/operator_user 52 ... AND Test Teardown Execution 53 54 # Reboot BMC. 55 Redfish OBMC Reboot (off) stack_mode=normal 56 57 # Verify users after reboot. 58 Redfish Verify User operator_user TestPwd123 Operator ${True} 59 60 61Verify Redfish Readonly User Persistence After Reboot 62 [Documentation] Verify Redfish readonly user persistence after reboot. 63 [Tags] Verify_Redfish_Readonly_User_Persistence_After_Reboot 64 [Setup] Run Keywords Redfish.Login AND 65 ... Redfish Create User readonly_user TestPwd123 ReadOnly ${True} 66 [Teardown] Run Keywords Redfish.Delete /redfish/v1/AccountService/Accounts/readonly_user 67 ... AND Test Teardown Execution 68 69 # Reboot BMC. 70 Redfish OBMC Reboot (off) stack_mode=normal 71 72 # Verify users after reboot. 73 Redfish Verify User readonly_user TestPwd123 ReadOnly ${True} 74 75 76Redfish Create and Verify Admin User 77 [Documentation] Create a Redfish user with administrator role and verify. 78 [Tags] Redfish_Create_and_Verify_Admin_User 79 [Template] Redfish Create And Verify User 80 81 #username password role_id enabled 82 admin_user TestPwd123 Administrator ${True} 83 84 85Redfish Create and Verify Operator User 86 [Documentation] Create a Redfish user with operator role and verify. 87 [Tags] Redfish_Create_and_Verify_Operator_User 88 [Template] Redfish Create And Verify User 89 90 #username password role_id enabled 91 operator_user TestPwd123 Operator ${True} 92 93 94Redfish Create and Verify Readonly User 95 [Documentation] Create a Redfish user with readonly role and verify. 96 [Tags] Redfish_Create_and_Verify_Readonly_User 97 [Template] Redfish Create And Verify User 98 99 #username password role_id enabled 100 readonly_user TestPwd123 ReadOnly ${True} 101 102 103Verify Redfish Admin User With Wrong Password 104 [Documentation] Verify Redfish admin user with wrong password. 105 [Tags] Verify_Redfish_Admin_User_With_Wrong_Password 106 [Template] Verify Redfish User with Wrong Password 107 108 #username password role_id enabled wrong_password 109 admin_user TestPwd123 Administrator ${True} alskjhfwurh 110 111 112Verify Redfish Operator User with Wrong Password 113 [Documentation] Verify Redfish operator user with wrong password. 114 [Tags] Verify_Redfish_Operator_User_with_Wrong_Password 115 [Template] Verify Redfish User with Wrong Password 116 117 #username password role_id enabled wrong_password 118 operator_user TestPwd123 Operator ${True} 12j8a8uakjhdaosiruf024 119 120 121Verify Redfish Readonly User With Wrong Password 122 [Documentation] Verify Redfish readonly user with wrong password. 123 [Tags] Verify_Redfish_Readonly_User_With_Wrong_Password 124 [Template] Verify Redfish User with Wrong Password 125 126 #username password role_id enabled wrong_password 127 readonly_user TestPwd123 ReadOnly ${True} 12 128 129 130Verify Login with Deleted Redfish Admin User 131 [Documentation] Verify login with deleted Redfish admin user. 132 [Tags] Verify_Login_with_Deleted_Redfish_Admin_User 133 [Template] Verify Login with Deleted Redfish User 134 135 #username password role_id enabled 136 admin_user TestPwd123 Administrator ${True} 137 138 139Verify Login with Deleted Redfish Operator User 140 [Documentation] Verify login with deleted Redfish operator user. 141 [Tags] Verify_Login_with_Deleted_Redfish_Operator_User 142 [Template] Verify Login with Deleted Redfish User 143 144 #username password role_id enabled 145 operator_user TestPwd123 Operator ${True} 146 147 148Verify Login with Deleted Redfish Readonly User 149 [Documentation] Verify login with deleted Redfish readonly user. 150 [Tags] Verify_Login_with_Deleted_Redfish_Readonly_User 151 [Template] Verify Login with Deleted Redfish User 152 153 #username password role_id enabled 154 readonly_user TestPwd123 ReadOnly ${True} 155 156 157Verify Admin User Creation Without Enabling It 158 [Documentation] Verify admin user creation without enabling it. 159 [Tags] Verify_Admin_User_Creation_Without_Enabling_It 160 [Template] Verify Create User Without Enabling 161 162 #username password role_id enabled 163 admin_user TestPwd123 Administrator ${False} 164 165 166Verify Operator User Creation Without Enabling It 167 [Documentation] Verify operator user creation without enabling it. 168 [Tags] Verify_Operator_User_Creation_Without_Enabling_It 169 [Template] Verify Create User Without Enabling 170 171 #username password role_id enabled 172 operator_user TestPwd123 Operator ${False} 173 174 175Verify Readonly User Creation Without Enabling It 176 [Documentation] Verify readonly user creation without enabling it. 177 [Tags] Verify_Readonly_User_Creation_Without_Enabling_It 178 [Template] Verify Create User Without Enabling 179 180 #username password role_id enabled 181 readonly_user TestPwd123 ReadOnly ${False} 182 183 184Verify User Creation With Invalid Role Id 185 [Documentation] Verify user creation with invalid role ID. 186 [Tags] Verify_User_Creation_With_Invalid_Role_Id 187 188 # Make sure the user account in question does not already exist. 189 Redfish.Delete /redfish/v1/AccountService/Accounts/test_user 190 ... valid_status_codes=[${HTTP_OK}, ${HTTP_NOT_FOUND}] 191 192 # Create specified user. 193 ${payload}= Create Dictionary 194 ... UserName=test_user Password=TestPwd123 RoleId=wrongroleid Enabled=${True} 195 Redfish.Post /redfish/v1/AccountService/Accounts/ body=&{payload} 196 ... valid_status_codes=[${HTTP_BAD_REQUEST}] 197 198Verify Error Upon Creating Same Users With Different Privileges 199 [Documentation] Verify error upon creating same users with different privileges. 200 [Tags] Verify_Error_Upon_Creating_Same_Users_With_Different_Privileges 201 202 Redfish Create User test_user TestPwd123 Administrator ${True} 203 204 # Create specified user. 205 ${payload}= Create Dictionary 206 ... UserName=test_user Password=TestPwd123 RoleId=ReadOnly Enabled=${True} 207 Redfish.Post /redfish/v1/AccountService/Accounts/ body=&{payload} 208 ... valid_status_codes=[${HTTP_BAD_REQUEST}] 209 210 Redfish.Delete /redfish/v1/AccountService/Accounts/test_user 211 212 213Verify Modifying User Attributes 214 [Documentation] Verify modifying user attributes. 215 [Tags] Verify_Modifying_User_Attributes 216 217 # Create Redfish users. 218 Redfish Create User admin_user TestPwd123 Administrator ${True} 219 Redfish Create User readonly_user TestPwd123 ReadOnly ${True} 220 221 # Make sure the new user account does not already exist. 222 Redfish.Delete /redfish/v1/AccountService/Accounts/newadmin_user 223 ... valid_status_codes=[${HTTP_OK}, ${HTTP_NOT_FOUND}] 224 225 # Update admin_user username using Redfish. 226 ${payload}= Create Dictionary UserName=newadmin_user 227 Redfish.Patch /redfish/v1/AccountService/Accounts/admin_user body=&{payload} 228 ... valid_status_codes=[${HTTP_OK}, ${HTTP_NO_CONTENT}] 229 230 # Update readonly_user role using Redfish. 231 ${payload}= Create Dictionary RoleId=Administrator 232 Redfish.Patch /redfish/v1/AccountService/Accounts/readonly_user body=&{payload} 233 ... valid_status_codes=[${HTTP_OK}, ${HTTP_NO_CONTENT}] 234 235 # Verify users after updating 236 Redfish Verify User newadmin_user TestPwd123 Administrator ${True} 237 Redfish Verify User readonly_user TestPwd123 Administrator ${True} 238 239 # Delete created users. 240 Redfish.Delete /redfish/v1/AccountService/Accounts/newadmin_user 241 Redfish.Delete /redfish/v1/AccountService/Accounts/readonly_user 242 243 244Verify Modifying Operator User Attributes 245 [Documentation] Verify modifying operator user attributes. 246 [Tags] Verify_Modifying_Operator_User_Attributes 247 [Setup] Run Keywords Redfish.Login AND 248 ... Redfish Create User operator_user TestPwd123 Operator ${True} 249 [Teardown] Run Keywords Redfish.Delete /redfish/v1/AccountService/Accounts/operator_user 250 ... AND Test Teardown Execution 251 252 # Update operator_user password using Redfish. 253 ${payload}= Create Dictionary Password=NewTestPwd123 254 Redfish.Patch /redfish/v1/AccountService/Accounts/operator_user body=&{payload} 255 256 # Verify users after updating 257 Redfish Verify User operator_user NewTestPwd123 Operator ${True} 258 259 260Verify User Account Locked 261 [Documentation] Verify user account locked upon trying with invalid password. 262 [Tags] Verify_User_Account_Locked 263 264 Redfish Create User admin_user TestPwd123 Administrator ${True} 265 266 ${payload}= Create Dictionary AccountLockoutThreshold=${account_lockout_threshold} 267 ... AccountLockoutDuration=${account_lockout_duration} 268 Redfish.Patch ${REDFISH_ACCOUNTS_SERVICE_URI} body=${payload} 269 270 Redfish.Logout 271 272 # Make ${account_lockout_threshold} failed login attempts. 273 Repeat Keyword ${account_lockout_threshold} times 274 ... Run Keyword And Expect Error InvalidCredentialsError* Redfish.Login admin_user abc123 275 276 # Verify that legitimate login fails due to lockout. 277 Run Keyword And Expect Error InvalidCredentialsError* 278 ... Redfish.Login admin_user TestPwd123 279 280 # Wait for lockout duration to expire and then verify that login works. 281 Sleep ${account_lockout_duration}s 282 Redfish.Login admin_user TestPwd123 283 284 Redfish.Logout 285 286 Redfish.Login 287 288 Redfish.Delete /redfish/v1/AccountService/Accounts/admin_user 289 290 291Verify User Account Unlock 292 [Documentation] Verify manually unlocking the account before lockout time 293 [Tags] Verify_User_Account_Unlock 294 [Teardown] Run Keywords Redfish.Logout 295 ... AND Redfish.Login 296 ... AND Redfish.Delete /redfish/v1/AccountService/Accounts/test_user 297 ... AND SSHLibrary.Close All Connections 298 299 Redfish Create User test_user TestPwd123 Administrator ${True} 300 301 ${payload}= Create Dictionary 302 ... AccountLockoutThreshold=${account_lockout_threshold} 303 ... AccountLockoutDuration=${account_lockout_duration} 304 Redfish.Patch ${REDFISH_ACCOUNTS_SERVICE_URI} body=${payload} 305 306 Redfish.Logout 307 308 # Make ${account_lockout_threshold} failed login attempts. 309 Repeat Keyword ${account_lockout_threshold} times 310 ... Run Keyword And Expect Error InvalidCredentialsError* 311 ... Redfish.Login test_user abc123 312 313 # Ensure SSH Login with locked account gets failed 314 SSHLibrary.Open Connection ${OPENBMC_HOST} 315 Run Keyword And Expect Error Authentication failed* 316 ... SSHLibrary.Login test_user TestPwd123 317 318 # Verify that legitimate login fails due to lockout. 319 Run Keyword And Expect Error InvalidCredentialsError* 320 ... Redfish.Login test_user TestPwd123 321 322 ${payload}= Create Dictionary Locked=${FALSE} 323 324 # Manually unlock the account before lockout threshold expires 325 Redfish.Login 326 Redfish.Patch ${REDFISH_ACCOUNTS_URI}test_user body=${payload} 327 Redfish.Logout 328 329 # Try redfish login with the recently unlocked account 330 Redfish.Login test_user TestPwd123 331 332 # Try SSH login with the unlocked account 333 SSHLibrary.Open Connection ${OPENBMC_HOST} 334 SSHLibrary.Login test_user TestPwd123 335 336 337Verify Admin User Privilege 338 [Documentation] Verify admin user privilege. 339 [Tags] Verify_Admin_User_Privilege 340 341 Redfish Create User admin_user TestPwd123 Administrator ${True} 342 Redfish Create User readonly_user TestPwd123 ReadOnly ${True} 343 344 Redfish.Logout 345 346 Redfish.Login admin_user TestPwd123 347 348 # Change password of 'readonly' user with admin user. 349 Redfish.Patch /redfish/v1/AccountService/Accounts/readonly_user body={'Password': 'NewTestPwd123'} 350 351 # Verify modified user. 352 Redfish Verify User readonly_user NewTestPwd123 ReadOnly ${True} 353 354 # Note: Delete user would work here because a root login is 355 # performed as part of "Redfish Verify User" keyword's teardown. 356 Redfish.Delete /redfish/v1/AccountService/Accounts/admin_user 357 Redfish.Delete /redfish/v1/AccountService/Accounts/readonly_user 358 359 360Verify Operator User Role Change Using Admin Privilege User 361 [Documentation] Verify operator user role change using admin privilege user 362 [Tags] Verify_Operator_User_Role_Change_Using_Admin_Privilege_User 363 364 Redfish Create User admin_user TestPwd123 Administrator ${True} 365 Redfish Create User operator_user TestPwd123 Operator ${True} 366 367 Redfish.Logout 368 369 # Change role ID of operator user with admin user. 370 # Login with admin user. 371 Redfish.Login admin_user TestPwd123 372 373 # Modify Role ID of Operator user. 374 Redfish.Patch /redfish/v1/AccountService/Accounts/operator_user body={'RoleId': 'Administrator'} 375 376 # Verify modified user. 377 Redfish Verify User operator_user TestPwd123 Administrator ${True} 378 379 Redfish.Delete /redfish/v1/AccountService/Accounts/admin_user 380 Redfish.Delete /redfish/v1/AccountService/Accounts/operator_user 381 382 383Verify Operator User Privilege 384 [Documentation] Verify operator user privilege. 385 [Tags] Verify_Operator_User_Privilege 386 387 Redfish Create User admin_user TestPwd123 Administrator ${True} 388 Redfish Create User operator_user TestPwd123 Operator ${True} 389 390 Redfish.Logout 391 # Login with operator user. 392 Redfish.Login operator_user TestPwd123 393 394 # Verify BMC reset. 395 Run Keyword And Expect Error ValueError* Redfish BMC Reset Operation 396 397 # Attempt to change password of admin user with operator user. 398 Redfish.Patch /redfish/v1/AccountService/Accounts/admin_user body={'Password': 'NewTestPwd123'} 399 ... valid_status_codes=[${HTTP_FORBIDDEN}] 400 401 Redfish.Logout 402 403 Redfish.Login 404 405 Redfish.Delete /redfish/v1/AccountService/Accounts/admin_user 406 Redfish.Delete /redfish/v1/AccountService/Accounts/operator_user 407 408 409Verify ReadOnly User Privilege 410 [Documentation] Verify ReadOnly user privilege. 411 [Tags] Verify_ReadOnly_User_Privilege 412 413 Redfish Create User readonly_user TestPwd123 ReadOnly ${True} 414 Redfish.Logout 415 416 # Login with read_only user. 417 Redfish.Login readonly_user TestPwd123 418 419 # Read system level data. 420 ${system_model}= Redfish_Utils.Get Attribute 421 ... ${SYSTEM_BASE_URI} Model 422 423 Redfish.Logout 424 Redfish.Login 425 Redfish.Delete ${REDFISH_ACCOUNTS_URI}readonly_user 426 427 428Verify Minimum Password Length For Redfish User 429 [Documentation] Verify minimum password length for new and existing user. 430 [Tags] Verify_Minimum_Password_Length_For_Redfish_User 431 432 ${user_name}= Set Variable testUser 433 434 # Make sure the user account in question does not already exist. 435 Redfish.Delete /redfish/v1/AccountService/Accounts/${user_name} 436 ... valid_status_codes=[${HTTP_OK}, ${HTTP_NOT_FOUND}] 437 438 # Try to create a user with invalid length password. 439 ${payload}= Create Dictionary 440 ... UserName=${user_name} Password=UserPwd RoleId=Administrator Enabled=${True} 441 Redfish.Post /redfish/v1/AccountService/Accounts/ body=&{payload} 442 ... valid_status_codes=[${HTTP_BAD_REQUEST}] 443 444 # Create specified user with valid length password. 445 Set To Dictionary ${payload} Password UserPwd1 446 Redfish.Post /redfish/v1/AccountService/Accounts/ body=&{payload} 447 ... valid_status_codes=[${HTTP_CREATED}] 448 449 # Try to change to an invalid password. 450 Redfish.Patch /redfish/v1/AccountService/Accounts/${user_name} body={'Password': 'UserPwd'} 451 ... valid_status_codes=[${HTTP_BAD_REQUEST}] 452 453 # Change to a valid password. 454 Redfish.Patch /redfish/v1/AccountService/Accounts/${user_name} body={'Password': 'UserPwd1'} 455 456 # Verify login. 457 Redfish.Logout 458 Redfish.Login ${user_name} UserPwd1 459 Redfish.Logout 460 Redfish.Login 461 Redfish.Delete /redfish/v1/AccountService/Accounts/${user_name} 462 463 464Verify Standard User Roles Defined By Redfish 465 [Documentation] Verify standard user roles defined by Redfish. 466 [Tags] Verify_Standard_User_Roles_Defined_By_Redfish 467 468 ${member_list}= Redfish_Utils.Get Member List 469 ... /redfish/v1/AccountService/Roles 470 471 @{roles}= Create List 472 ... /redfish/v1/AccountService/Roles/Administrator 473 ... /redfish/v1/AccountService/Roles/Operator 474 ... /redfish/v1/AccountService/Roles/ReadOnly 475 476 List Should Contain Sub List ${member_list} ${roles} 477 478 # The standard roles are: 479 480 # | Role name | Assigned privileges | 481 # | Administrator | Login, ConfigureManager, ConfigureUsers, ConfigureComponents, ConfigureSelf | 482 # | Operator | Login, ConfigureComponents, ConfigureSelf | 483 # | ReadOnly | Login, ConfigureSelf | 484 485 @{admin}= Create List Login ConfigureManager ConfigureUsers ConfigureComponents ConfigureSelf 486 @{operator}= Create List Login ConfigureComponents ConfigureSelf 487 @{readOnly}= Create List Login ConfigureSelf 488 489 ${roles_dict}= create dictionary admin_privileges=${admin} operator_privileges=${operator} 490 ... readOnly_privileges=${readOnly} 491 492 ${resp}= redfish.Get /redfish/v1/AccountService/Roles/Administrator 493 List Should Contain Sub List ${resp.dict['AssignedPrivileges']} ${roles_dict['admin_privileges']} 494 495 ${resp}= redfish.Get /redfish/v1/AccountService/Roles/Operator 496 List Should Contain Sub List ${resp.dict['AssignedPrivileges']} ${roles_dict['operator_privileges']} 497 498 ${resp}= redfish.Get /redfish/v1/AccountService/Roles/ReadOnly 499 List Should Contain Sub List ${resp.dict['AssignedPrivileges']} ${roles_dict['readOnly_privileges']} 500 501 502Verify Error While Deleting Root User 503 [Documentation] Verify error while deleting root user. 504 [Tags] Verify_Error_While_Deleting_Root_User 505 506 Redfish.Delete /redfish/v1/AccountService/Accounts/root valid_status_codes=[${HTTP_FORBIDDEN}] 507 508 509Verify SSH Login Access With Admin User 510 [Documentation] Verify that admin user have SSH login access. 511 ... By default, admin should have access but there could be 512 ... case where admin user shell access is restricted by design 513 ... in the community sphere.. 514 [Tags] Verify_SSH_Login_Access_With_Admin_User 515 516 # Create an admin User. 517 Redfish Create User new_admin TestPwd1 Administrator ${True} 518 519 # Attempt SSH login with admin user. 520 SSHLibrary.Open Connection ${OPENBMC_HOST} 521 ${status}= Run Keyword And Return Status SSHLibrary.Login new_admin TestPwd1 522 523 # By default ssh_status is True, user can change the status via CLI 524 # -v ssh_status:False 525 Should Be Equal As Strings "${status}" "${ssh_status}" 526 527 Redfish.Login 528 Redfish.Delete /redfish/v1/AccountService/Accounts/new_admin 529 530 531Verify Configure BasicAuth Enable And Disable 532 [Documentation] Verify configure basicauth enable and disable 533 [Tags] Verify_Configure_BasicAuth_Enable_And_Disable 534 [Template] Template For Configure Auth Methods 535 536 # auth_method 537 BasicAuth 538 XToken 539 540*** Keywords *** 541 542Test Teardown Execution 543 [Documentation] Do the post test teardown. 544 545 Run Keyword And Ignore Error Redfish.Logout 546 FFDC On Test Case Fail 547 548 549Redfish Create User 550 [Documentation] Redfish create user. 551 [Arguments] ${username} ${password} ${role_id} ${enabled} ${login_check}=${True} 552 553 # Description of argument(s): 554 # username The username to be created. 555 # password The password to be assigned. 556 # role_id The role ID of the user to be created 557 # (e.g. "Administrator", "Operator", etc.). 558 # enabled Indicates whether the username being created 559 # should be enabled (${True}, ${False}). 560 # login_check Checks user login for created user. 561 # (e.g. ${True}, ${False}). 562 563 # Make sure the user account in question does not already exist. 564 Redfish.Delete /redfish/v1/AccountService/Accounts/${userName} 565 ... valid_status_codes=[${HTTP_OK}, ${HTTP_NOT_FOUND}] 566 567 # Create specified user. 568 ${payload}= Create Dictionary 569 ... UserName=${username} Password=${password} RoleId=${role_id} Enabled=${enabled} 570 Redfish.Post /redfish/v1/AccountService/Accounts/ body=&{payload} 571 ... valid_status_codes=[${HTTP_CREATED}] 572 573 # Resetting faillock count as a workaround for issue 574 # openbmc/phosphor-user-manager#4 575 ${cmd}= Catenate /usr/sbin/faillock --user ${username} --reset 576 577 Bmc Execute Command ${cmd} 578 579 # Verify login with created user. 580 ${status}= Run Keyword If '${login_check}' == '${True}' 581 ... Verify Redfish User Login ${username} ${password} 582 Run Keyword If '${login_check}' == '${True}' Should Be Equal ${status} ${enabled} 583 584 # Validate Role ID of created user. 585 ${role_config}= Redfish_Utils.Get Attribute 586 ... /redfish/v1/AccountService/Accounts/${username} RoleId 587 Should Be Equal ${role_id} ${role_config} 588 589 590Redfish Verify User 591 [Documentation] Redfish user verification. 592 [Arguments] ${username} ${password} ${role_id} ${enabled} 593 594 # Description of argument(s): 595 # username The username to be created. 596 # password The password to be assigned. 597 # role_id The role ID of the user to be created 598 # (e.g. "Administrator", "Operator", etc.). 599 # enabled Indicates whether the username being created 600 # should be enabled (${True}, ${False}). 601 602 ${status}= Verify Redfish User Login ${username} ${password} 603 # Doing a check of the returned status. 604 Should Be Equal ${status} ${enabled} 605 606 # Validate Role Id of user. 607 ${role_config}= Redfish_Utils.Get Attribute 608 ... /redfish/v1/AccountService/Accounts/${username} RoleId 609 Should Be Equal ${role_id} ${role_config} 610 611 612Verify Redfish User Login 613 [Documentation] Verify Redfish login with given user id. 614 [Teardown] Run Keywords Run Keyword And Ignore Error Redfish.Logout AND Redfish.Login 615 [Arguments] ${username} ${password} 616 617 # Description of argument(s): 618 # username Login username. 619 # password Login password. 620 621 # Logout from current Redfish session. 622 # We don't really care if the current session is flushed out since we are going to login 623 # with new credential in next. 624 Run Keyword And Ignore Error Redfish.Logout 625 626 ${status}= Run Keyword And Return Status Redfish.Login ${username} ${password} 627 RETURN ${status} 628 629 630Redfish Create And Verify User 631 [Documentation] Redfish create and verify user. 632 [Arguments] ${username} ${password} ${role_id} ${enabled} 633 634 # Description of argument(s): 635 # username The username to be created. 636 # password The password to be assigned. 637 # role_id The role ID of the user to be created 638 # (e.g. "Administrator", "Operator", etc.). 639 # enabled Indicates whether the username being created 640 # should be enabled (${True}, ${False}). 641 642 # Example: 643 #{ 644 #"@odata.context": "/redfish/v1/$metadata#ManagerAccount.ManagerAccount", 645 #"@odata.id": "/redfish/v1/AccountService/Accounts/test1", 646 #"@odata.type": "#ManagerAccount.v1_0_3.ManagerAccount", 647 #"Description": "User Account", 648 #"Enabled": true, 649 #"Id": "test1", 650 #"Links": { 651 # "Role": { 652 # "@odata.id": "/redfish/v1/AccountService/Roles/Administrator" 653 # } 654 #}, 655 656 Redfish Create User ${username} ${password} ${role_id} ${enabled} 657 658 Redfish Verify User ${username} ${password} ${role_id} ${enabled} 659 660 # Delete Specified User 661 Redfish.Delete /redfish/v1/AccountService/Accounts/${username} 662 663Verify Redfish User with Wrong Password 664 [Documentation] Verify Redfish User with Wrong Password. 665 [Arguments] ${username} ${password} ${role_id} ${enabled} ${wrong_password} 666 667 # Description of argument(s): 668 # username The username to be created. 669 # password The password to be assigned. 670 # role_id The role ID of the user to be created 671 # (e.g. "Administrator", "Operator", etc.). 672 # enabled Indicates whether the username being created 673 # should be enabled (${True}, ${False}). 674 # wrong_password Any invalid password. 675 676 Redfish Create User ${username} ${password} ${role_id} ${enabled} 677 678 Redfish.Logout 679 680 # Attempt to login with created user with invalid password. 681 Run Keyword And Expect Error InvalidCredentialsError* 682 ... Redfish.Login ${username} ${wrong_password} 683 684 Redfish.Login 685 686 # Delete newly created user. 687 Redfish.Delete /redfish/v1/AccountService/Accounts/${username} 688 689 690Verify Login with Deleted Redfish User 691 [Documentation] Verify Login with Deleted Redfish User. 692 [Arguments] ${username} ${password} ${role_id} ${enabled} 693 694 # Description of argument(s): 695 # username The username to be created. 696 # password The password to be assigned. 697 # role_id The role ID of the user to be created 698 # (e.g. "Administrator", "Operator", etc.). 699 # enabled Indicates whether the username being created 700 # should be enabled (${True}, ${False}). 701 702 Redfish Create User ${username} ${password} ${role_id} ${enabled} 703 704 # Delete newly created user. 705 Redfish.Delete /redfish/v1/AccountService/Accounts/${userName} 706 707 Redfish.Logout 708 709 # Attempt to login with deleted user account. 710 Run Keyword And Expect Error InvalidCredentialsError* 711 ... Redfish.Login ${username} ${password} 712 713 Redfish.Login 714 715 716Verify Create User Without Enabling 717 [Documentation] Verify Create User Without Enabling. 718 [Arguments] ${username} ${password} ${role_id} ${enabled} 719 720 # Description of argument(s): 721 # username The username to be created. 722 # password The password to be assigned. 723 # role_id The role ID of the user to be created 724 # (e.g. "Administrator", "Operator", etc.). 725 # enabled Indicates whether the username being created 726 # should be enabled (${True}, ${False}). 727 728 Redfish Create User ${username} ${password} ${role_id} ${enabled} ${False} 729 730 Redfish.Logout 731 732 # Login with created user. 733 Run Keyword And Expect Error InvalidCredentialsError* 734 ... Redfish.Login ${username} ${password} 735 736 Redfish.Login 737 738 # Delete newly created user. 739 Redfish.Delete /redfish/v1/AccountService/Accounts/${username} 740 741Template For Configure Auth Methods 742 [Documentation] Template to configure auth methods. 743 [Arguments] ${auth_method} 744 [Teardown] Configure AuthMethods ${auth_method}=${initial_value} 745 746 # Description of Argument(s): 747 # authmethods The authmethod setting which needs to be 748 # set in account service URI. 749 # valid values BasicAuth, XToken. 750 751 Get AuthMethods Default Values ${auth_method} 752 753 # Patch basicauth to TRUE 754 Configure AuthMethods ${auth_method}=${TRUE} 755 756 Run Keyword IF "${auth_method}" == "XToken" 757 ... Check XToken Works Fine ${HTTP_OK} 758 ... ELSE 759 ... Check BasicAuth Works Fine ${HTTP_OK} 760 761 # Patch basicauth to FALSE 762 Configure AuthMethods ${auth_method}=${FALSE} 763 764 Run Keyword IF "${auth_method}" == "BasicAuth" 765 ... Check BasicAuth Works Fine ${HTTP_UNAUTHORIZED} 766 ... ELSE 767 ... Check XToken Works Fine ${HTTP_UNAUTHORIZED} 768 769Configure AuthMethods 770 [Documentation] Enable/disable authmethod types. 771 [Arguments] &{authmethods} 772 773 # Description of argument(s): 774 # authmethods The authmethod setting which needs to be 775 # set in account service URI. 776 # Usage Example Configure AuthMethods XToken=${TRUE} BasicAuth=${TRUE} 777 # This will set the value of "XToken" and "BasicAuth" 778 # property in accountservice uri to TRUE. 779 780 ${openbmc}= Create Dictionary AuthMethods=${authmethods} 781 ${oem}= Create Dictionary OpenBMC=${openbmc} 782 ${payload}= Create Dictionary Oem=${oem} 783 784 # Setting authmethod properties using Redfish session based auth 785 ${status}= Run Keyword And Return Status 786 ... Redfish.Patch ${REDFISH_BASE_URI}AccountService 787 ... body=${payload} valid_status_codes=[${HTTP_OK},${HTTP_NO_CONTENT}] 788 789 # Setting authmethod properties using basic auth in case the former fails 790 IF ${status}==${FALSE} 791 # Payload dictionary pre-process to match json formatting 792 ${payload}= Convert To String ${payload} 793 ${payload}= Replace String ${payload} ' " 794 ${payload}= Replace String ${payload} False false 795 ${payload}= Replace String ${payload} True true 796 797 # Curl Command Framing for PATCH authmethod 798 ${cmd}= Catenate curl -k -i -u ${OPENBMC_USERNAME}:${OPENBMC_PASSWORD} 799 ... -X PATCH '${AUTH_URI}${REDFISH_ACCOUNTS_SERVICE_URI}' 800 ... -H 'content-type:application/json' -H 'If-Match:*' 801 ... -d '${payload}' 802 ${rc} ${out}= Run And Return Rc And Output ${cmd} 803 804 # Check the response of curl command is 200 or 204 805 ${check_no_content}= 806 ... Run Keyword and Return Status Should Contain ${out} 204 807 ${check_ok}= 808 ... Run Keyword and Return Status Should Contain ${out} 200 809 Pass Execution If ${check_no_content}==${TRUE} 810 ... OR ${check_ok}==${TRUE} 811 END 812 813 814Get AuthMethods Default Values 815 [Documentation] Get enabled/disabled status of all authmethods 816 ... from Redfish account service URI 817 [Arguments] ${authmethod} 818 819 # Description of argument(s): 820 # authmethod The authmethod property whose value needs to be 821 # retrieved from account service URI. 822 # Usage Example Get AuthMethods Default Values BasicAuth 823 # returns >> ${TRUE} 824 # Example: 825 # { 826 # "@odata.id": "/redfish/v1/AccountService", 827 # (...) 828 # "Oem": { 829 # "OpenBMC": { 830 # "AuthMethods": { 831 # "BasicAuth": true, 832 # "Cookie": true, 833 # "SessionToken": true, 834 # "TLS": true, 835 # "XToken": true 836 # } 837 # } 838 # } 839 # } 840 841 ${resp}= Redfish.Get Attribute ${REDFISH_ACCOUNTS_SERVICE_URI} Oem 842 ${authmethods}= Set Variable ${resp['OpenBMC']['AuthMethods']} 843 ${initial_value}= Get From Dictionary ${authmethods} ${authmethod} 844 Set Test Variable ${initial_value} 845 846Check XToken Works Fine 847 [Documentation] Verify Xtoken works fine. 848 [Arguments] ${status_code} 849 850 # Description of Argument(s): 851 # status_code : 200, 401. 852 853 # Verify xtoken auth works for xtoken 854 Redfish.Get ${REDFISH_ACCOUNTS_SERVICE_URI} 855 ... valid_status_codes=[${status_code}] 856 857Check BasicAuth Works Fine 858 [Documentation] Verify Basic Auth works fine. 859 [Arguments] ${status_code} 860 861 # Description of Argument(s): 862 # status_code : 200, 401. 863 864 # Verify basic auth works based on basic auth. 865 ${cmd}= Catenate curl -k -i -u ${OPENBMC_USERNAME}:${OPENBMC_PASSWORD} 866 ... ${AUTH_URI}/redfish/v1/AccountService 867 ${rc} ${out}= Run And Return Rc And Output ${cmd} 868 869 # Check the response of curl command is 200/401 870 Should Contain ${out} ${status_code} 871