1*** Settings *** 2Documentation Test Redfish user account. 3 4Resource ../../lib/resource.robot 5Resource ../../lib/bmc_redfish_resource.robot 6Resource ../../lib/openbmc_ffdc.robot 7Resource ../../lib/bmc_redfish_utils.robot 8 9Library SSHLibrary 10 11Test Setup Redfish.Login 12Test Teardown Test Teardown Execution 13 14*** Variables *** 15 16${account_lockout_duration} ${30} 17${account_lockout_threshold} ${3} 18 19${ssh_status} ${True} 20 21** Test Cases ** 22 23Verify AccountService Available 24 [Documentation] Verify Redfish account service is available. 25 [Tags] Verify_AccountService_Available 26 27 ${resp} = Redfish_utils.Get Attribute /redfish/v1/AccountService ServiceEnabled 28 Should Be Equal As Strings ${resp} ${True} 29 30 31Verify Redfish Admin User Persistence After Reboot 32 [Documentation] Verify Redfish admin user persistence after reboot. 33 [Tags] Verify_Redfish_Admin_User_Persistence_After_Reboot 34 [Setup] Run Keywords Redfish.Login AND 35 ... Redfish Create User admin_user TestPwd123 Administrator ${True} 36 [Teardown] Run Keywords Redfish.Delete /redfish/v1/AccountService/Accounts/admin_user 37 ... AND Test Teardown Execution 38 39 # Reboot BMC. 40 Redfish OBMC Reboot (off) stack_mode=normal 41 42 # Verify users after reboot. 43 Redfish Verify User admin_user TestPwd123 Administrator ${True} 44 45 46Verify Redfish Operator User Persistence After Reboot 47 [Documentation] Verify Redfish operator user persistence after reboot. 48 [Tags] Verify_Redfish_Operator_User_Persistence_After_Reboot 49 [Setup] Run Keywords Redfish.Login AND 50 ... Redfish Create User operator_user TestPwd123 Operator ${True} 51 [Teardown] Run Keywords Redfish.Delete /redfish/v1/AccountService/Accounts/operator_user 52 ... AND Test Teardown Execution 53 54 # Reboot BMC. 55 Redfish OBMC Reboot (off) stack_mode=normal 56 57 # Verify users after reboot. 58 Redfish Verify User operator_user TestPwd123 Operator ${True} 59 60 61Verify Redfish Readonly User Persistence After Reboot 62 [Documentation] Verify Redfish readonly user persistence after reboot. 63 [Tags] Verify_Redfish_Readonly_User_Persistence_After_Reboot 64 [Setup] Run Keywords Redfish.Login AND 65 ... Redfish Create User readonly_user TestPwd123 ReadOnly ${True} 66 [Teardown] Run Keywords Redfish.Delete /redfish/v1/AccountService/Accounts/readonly_user 67 ... AND Test Teardown Execution 68 69 # Reboot BMC. 70 Redfish OBMC Reboot (off) stack_mode=normal 71 72 # Verify users after reboot. 73 Redfish Verify User readonly_user TestPwd123 ReadOnly ${True} 74 75 76Redfish Create and Verify Admin User 77 [Documentation] Create a Redfish user with administrator role and verify. 78 [Tags] Redfish_Create_and_Verify_Admin_User 79 [Template] Redfish Create And Verify User 80 81 #username password role_id enabled 82 admin_user TestPwd123 Administrator ${True} 83 84 85Redfish Create and Verify Operator User 86 [Documentation] Create a Redfish user with operator role and verify. 87 [Tags] Redfish_Create_and_Verify_Operator_User 88 [Template] Redfish Create And Verify User 89 90 #username password role_id enabled 91 operator_user TestPwd123 Operator ${True} 92 93 94Redfish Create and Verify Readonly User 95 [Documentation] Create a Redfish user with readonly role and verify. 96 [Tags] Redfish_Create_and_Verify_Readonly_User 97 [Template] Redfish Create And Verify User 98 99 #username password role_id enabled 100 readonly_user TestPwd123 ReadOnly ${True} 101 102 103Verify Redfish Admin User With Wrong Password 104 [Documentation] Verify Redfish admin user with wrong password. 105 [Tags] Verify_Redfish_Admin_User_With_Wrong_Password 106 [Template] Verify Redfish User with Wrong Password 107 108 #username password role_id enabled wrong_password 109 admin_user TestPwd123 Administrator ${True} alskjhfwurh 110 111 112Verify Redfish Operator User with Wrong Password 113 [Documentation] Verify Redfish operator user with wrong password. 114 [Tags] Verify_Redfish_Operator_User_with_Wrong_Password 115 [Template] Verify Redfish User with Wrong Password 116 117 #username password role_id enabled wrong_password 118 operator_user TestPwd123 Operator ${True} 12j8a8uakjhdaosiruf024 119 120 121Verify Redfish Readonly User With Wrong Password 122 [Documentation] Verify Redfish readonly user with wrong password. 123 [Tags] Verify_Redfish_Readonly_User_With_Wrong_Password 124 [Template] Verify Redfish User with Wrong Password 125 126 #username password role_id enabled wrong_password 127 readonly_user TestPwd123 ReadOnly ${True} 12 128 129 130Verify Login with Deleted Redfish Admin User 131 [Documentation] Verify login with deleted Redfish admin user. 132 [Tags] Verify_Login_with_Deleted_Redfish_Admin_User 133 [Template] Verify Login with Deleted Redfish User 134 135 #username password role_id enabled 136 admin_user TestPwd123 Administrator ${True} 137 138 139Verify Login with Deleted Redfish Operator User 140 [Documentation] Verify login with deleted Redfish operator user. 141 [Tags] Verify_Login_with_Deleted_Redfish_Operator_User 142 [Template] Verify Login with Deleted Redfish User 143 144 #username password role_id enabled 145 operator_user TestPwd123 Operator ${True} 146 147 148Verify Login with Deleted Redfish Readonly User 149 [Documentation] Verify login with deleted Redfish readonly user. 150 [Tags] Verify_Login_with_Deleted_Redfish_Readonly_User 151 [Template] Verify Login with Deleted Redfish User 152 153 #username password role_id enabled 154 readonly_user TestPwd123 ReadOnly ${True} 155 156 157Verify Admin User Creation Without Enabling It 158 [Documentation] Verify admin user creation without enabling it. 159 [Tags] Verify_Admin_User_Creation_Without_Enabling_It 160 [Template] Verify Create User Without Enabling 161 162 #username password role_id enabled 163 admin_user TestPwd123 Administrator ${False} 164 165 166Verify Operator User Creation Without Enabling It 167 [Documentation] Verify operator user creation without enabling it. 168 [Tags] Verify_Operator_User_Creation_Without_Enabling_It 169 [Template] Verify Create User Without Enabling 170 171 #username password role_id enabled 172 operator_user TestPwd123 Operator ${False} 173 174 175Verify Readonly User Creation Without Enabling It 176 [Documentation] Verify readonly user creation without enabling it. 177 [Tags] Verify_Readonly_User_Creation_Without_Enabling_It 178 [Template] Verify Create User Without Enabling 179 180 #username password role_id enabled 181 readonly_user TestPwd123 ReadOnly ${False} 182 183 184Verify User Creation With Invalid Role Id 185 [Documentation] Verify user creation with invalid role ID. 186 [Tags] Verify_User_Creation_With_Invalid_Role_Id 187 188 # Make sure the user account in question does not already exist. 189 Redfish.Delete /redfish/v1/AccountService/Accounts/test_user 190 ... valid_status_codes=[${HTTP_OK}, ${HTTP_NOT_FOUND}] 191 192 # Create specified user. 193 ${payload}= Create Dictionary 194 ... UserName=test_user Password=TestPwd123 RoleId=wrongroleid Enabled=${True} 195 Redfish.Post /redfish/v1/AccountService/Accounts/ body=&{payload} 196 ... valid_status_codes=[${HTTP_BAD_REQUEST}] 197 198Verify Error Upon Creating Same Users With Different Privileges 199 [Documentation] Verify error upon creating same users with different privileges. 200 [Tags] Verify_Error_Upon_Creating_Same_Users_With_Different_Privileges 201 202 Redfish Create User test_user TestPwd123 Administrator ${True} 203 204 # Create specified user. 205 ${payload}= Create Dictionary 206 ... UserName=test_user Password=TestPwd123 RoleId=ReadOnly Enabled=${True} 207 Redfish.Post /redfish/v1/AccountService/Accounts/ body=&{payload} 208 ... valid_status_codes=[${HTTP_BAD_REQUEST}] 209 210 Redfish.Delete /redfish/v1/AccountService/Accounts/test_user 211 212 213Verify Modifying User Attributes 214 [Documentation] Verify modifying user attributes. 215 [Tags] Verify_Modifying_User_Attributes 216 217 # Create Redfish users. 218 Redfish Create User admin_user TestPwd123 Administrator ${True} 219 Redfish Create User readonly_user TestPwd123 ReadOnly ${True} 220 221 # Make sure the new user account does not already exist. 222 Redfish.Delete /redfish/v1/AccountService/Accounts/newadmin_user 223 ... valid_status_codes=[${HTTP_OK}, ${HTTP_NOT_FOUND}] 224 225 # Update admin_user username using Redfish. 226 ${payload}= Create Dictionary UserName=newadmin_user 227 Redfish.Patch /redfish/v1/AccountService/Accounts/admin_user body=&{payload} 228 229 # Update readonly_user role using Redfish. 230 ${payload}= Create Dictionary RoleId=Administrator 231 Redfish.Patch /redfish/v1/AccountService/Accounts/readonly_user body=&{payload} 232 233 # Verify users after updating 234 Redfish Verify User newadmin_user TestPwd123 Administrator ${True} 235 Redfish Verify User readonly_user TestPwd123 Administrator ${True} 236 237 # Delete created users. 238 Redfish.Delete /redfish/v1/AccountService/Accounts/newadmin_user 239 Redfish.Delete /redfish/v1/AccountService/Accounts/readonly_user 240 241 242Verify Modifying Operator User Attributes 243 [Documentation] Verify modifying operator user attributes. 244 [Tags] Verify_Modifying_Operator_User_Attributes 245 [Setup] Run Keywords Redfish.Login AND 246 ... Redfish Create User operator_user TestPwd123 Operator ${True} 247 [Teardown] Run Keywords Redfish.Delete /redfish/v1/AccountService/Accounts/operator_user 248 ... AND Test Teardown Execution 249 250 # Update operator_user password using Redfish. 251 ${payload}= Create Dictionary Password=NewTestPwd123 252 Redfish.Patch /redfish/v1/AccountService/Accounts/operator_user body=&{payload} 253 254 # Verify users after updating 255 Redfish Verify User operator_user NewTestPwd123 Operator ${True} 256 257 258Verify User Account Locked 259 [Documentation] Verify user account locked upon trying with invalid password. 260 [Tags] Verify_User_Account_Locked 261 262 Redfish Create User admin_user TestPwd123 Administrator ${True} 263 264 ${payload}= Create Dictionary AccountLockoutThreshold=${account_lockout_threshold} 265 ... AccountLockoutDuration=${account_lockout_duration} 266 Redfish.Patch ${REDFISH_ACCOUNTS_SERVICE_URI} body=${payload} 267 268 Redfish.Logout 269 270 # Make ${account_lockout_threshold} failed login attempts. 271 Repeat Keyword ${account_lockout_threshold} times 272 ... Run Keyword And Expect Error InvalidCredentialsError* Redfish.Login admin_user abc123 273 274 # Verify that legitimate login fails due to lockout. 275 Run Keyword And Expect Error InvalidCredentialsError* 276 ... Redfish.Login admin_user TestPwd123 277 278 # Wait for lockout duration to expire and then verify that login works. 279 Sleep ${account_lockout_duration}s 280 Redfish.Login admin_user TestPwd123 281 282 Redfish.Logout 283 284 Redfish.Login 285 286 Redfish.Delete /redfish/v1/AccountService/Accounts/admin_user 287 288 289Verify User Account Unlock 290 [Documentation] Verify manually unlocking the account before lockout time 291 [Tags] Verify_User_Account_Unlock 292 [Teardown] Run Keywords Redfish.Logout 293 ... AND Redfish.Login 294 ... AND Redfish.Delete /redfish/v1/AccountService/Accounts/test_user 295 ... AND SSHLibrary.Close All Connections 296 297 Redfish Create User test_user TestPwd123 Administrator ${True} 298 299 ${payload}= Create Dictionary 300 ... AccountLockoutThreshold=${account_lockout_threshold} 301 ... AccountLockoutDuration=${account_lockout_duration} 302 Redfish.Patch ${REDFISH_ACCOUNTS_SERVICE_URI} body=${payload} 303 304 Redfish.Logout 305 306 # Make ${account_lockout_threshold} failed login attempts. 307 Repeat Keyword ${account_lockout_threshold} times 308 ... Run Keyword And Expect Error InvalidCredentialsError* 309 ... Redfish.Login test_user abc123 310 311 # Ensure SSH Login with locked account gets failed 312 SSHLibrary.Open Connection ${OPENBMC_HOST} 313 Run Keyword And Expect Error Authentication failed* 314 ... SSHLibrary.Login test_user TestPwd123 315 316 # Verify that legitimate login fails due to lockout. 317 Run Keyword And Expect Error InvalidCredentialsError* 318 ... Redfish.Login test_user TestPwd123 319 320 ${payload}= Create Dictionary Locked=${FALSE} 321 322 # Manually unlock the account before lockout threshold expires 323 Redfish.Login 324 Redfish.Patch ${REDFISH_ACCOUNTS_URI}test_user body=${payload} 325 Redfish.Logout 326 327 # Try redfish login with the recently unlocked account 328 Redfish.Login test_user TestPwd123 329 330 # Try SSH login with the unlocked account 331 SSHLibrary.Open Connection ${OPENBMC_HOST} 332 SSHLibrary.Login test_user TestPwd123 333 334 335Verify Admin User Privilege 336 [Documentation] Verify admin user privilege. 337 [Tags] Verify_Admin_User_Privilege 338 339 Redfish Create User admin_user TestPwd123 Administrator ${True} 340 Redfish Create User readonly_user TestPwd123 ReadOnly ${True} 341 342 Redfish.Logout 343 344 Redfish.Login admin_user TestPwd123 345 346 # Change password of 'readonly' user with admin user. 347 Redfish.Patch /redfish/v1/AccountService/Accounts/readonly_user body={'Password': 'NewTestPwd123'} 348 349 # Verify modified user. 350 Redfish Verify User readonly_user NewTestPwd123 ReadOnly ${True} 351 352 # Note: Delete user would work here because a root login is 353 # performed as part of "Redfish Verify User" keyword's teardown. 354 Redfish.Delete /redfish/v1/AccountService/Accounts/admin_user 355 Redfish.Delete /redfish/v1/AccountService/Accounts/readonly_user 356 357 358Verify Operator User Role Change Using Admin Privilege User 359 [Documentation] Verify operator user role change using admin privilege user 360 [Tags] Verify_Operator_User_Role_Change_Using_Admin_Privilege_User 361 362 Redfish Create User admin_user TestPwd123 Administrator ${True} 363 Redfish Create User operator_user TestPwd123 Operator ${True} 364 365 Redfish.Logout 366 367 # Change role ID of operator user with admin user. 368 # Login with admin user. 369 Redfish.Login admin_user TestPwd123 370 371 # Modify Role ID of Operator user. 372 Redfish.Patch /redfish/v1/AccountService/Accounts/operator_user body={'RoleId': 'Administrator'} 373 374 # Verify modified user. 375 Redfish Verify User operator_user TestPwd123 Administrator ${True} 376 377 Redfish.Delete /redfish/v1/AccountService/Accounts/admin_user 378 Redfish.Delete /redfish/v1/AccountService/Accounts/operator_user 379 380 381Verify Operator User Privilege 382 [Documentation] Verify operator user privilege. 383 [Tags] Verify_Operator_User_Privilege 384 385 Redfish Create User admin_user TestPwd123 Administrator ${True} 386 Redfish Create User operator_user TestPwd123 Operator ${True} 387 388 Redfish.Logout 389 # Login with operator user. 390 Redfish.Login operator_user TestPwd123 391 392 # Verify BMC reset. 393 Run Keyword And Expect Error ValueError* Redfish BMC Reset Operation 394 395 # Attempt to change password of admin user with operator user. 396 Redfish.Patch /redfish/v1/AccountService/Accounts/admin_user body={'Password': 'NewTestPwd123'} 397 ... valid_status_codes=[${HTTP_FORBIDDEN}] 398 399 Redfish.Logout 400 401 Redfish.Login 402 403 Redfish.Delete /redfish/v1/AccountService/Accounts/admin_user 404 Redfish.Delete /redfish/v1/AccountService/Accounts/operator_user 405 406 407Verify ReadOnly User Privilege 408 [Documentation] Verify ReadOnly user privilege. 409 [Tags] Verify_ReadOnly_User_Privilege 410 411 Redfish Create User readonly_user TestPwd123 ReadOnly ${True} 412 Redfish.Logout 413 414 # Login with read_only user. 415 Redfish.Login readonly_user TestPwd123 416 417 # Read system level data. 418 ${system_model}= Redfish_Utils.Get Attribute 419 ... ${SYSTEM_BASE_URI} Model 420 421 Redfish.Logout 422 Redfish.Login 423 Redfish.Delete ${REDFISH_ACCOUNTS_URI}readonly_user 424 425 426Verify Minimum Password Length For Redfish User 427 [Documentation] Verify minimum password length for new and existing user. 428 [Tags] Verify_Minimum_Password_Length_For_Redfish_User 429 430 ${user_name}= Set Variable testUser 431 432 # Make sure the user account in question does not already exist. 433 Redfish.Delete /redfish/v1/AccountService/Accounts/${user_name} 434 ... valid_status_codes=[${HTTP_OK}, ${HTTP_NOT_FOUND}] 435 436 # Try to create a user with invalid length password. 437 ${payload}= Create Dictionary 438 ... UserName=${user_name} Password=UserPwd RoleId=Administrator Enabled=${True} 439 Redfish.Post /redfish/v1/AccountService/Accounts/ body=&{payload} 440 ... valid_status_codes=[${HTTP_BAD_REQUEST}] 441 442 # Create specified user with valid length password. 443 Set To Dictionary ${payload} Password UserPwd1 444 Redfish.Post /redfish/v1/AccountService/Accounts/ body=&{payload} 445 ... valid_status_codes=[${HTTP_CREATED}] 446 447 # Try to change to an invalid password. 448 Redfish.Patch /redfish/v1/AccountService/Accounts/${user_name} body={'Password': 'UserPwd'} 449 ... valid_status_codes=[${HTTP_BAD_REQUEST}] 450 451 # Change to a valid password. 452 Redfish.Patch /redfish/v1/AccountService/Accounts/${user_name} body={'Password': 'UserPwd1'} 453 454 # Verify login. 455 Redfish.Logout 456 Redfish.Login ${user_name} UserPwd1 457 Redfish.Logout 458 Redfish.Login 459 Redfish.Delete /redfish/v1/AccountService/Accounts/${user_name} 460 461 462Verify Standard User Roles Defined By Redfish 463 [Documentation] Verify standard user roles defined by Redfish. 464 [Tags] Verify_Standard_User_Roles_Defined_By_Redfish 465 466 ${member_list}= Redfish_Utils.Get Member List 467 ... /redfish/v1/AccountService/Roles 468 469 @{roles}= Create List 470 ... /redfish/v1/AccountService/Roles/Administrator 471 ... /redfish/v1/AccountService/Roles/Operator 472 ... /redfish/v1/AccountService/Roles/ReadOnly 473 474 List Should Contain Sub List ${member_list} ${roles} 475 476 # The standard roles are: 477 478 # | Role name | Assigned privileges | 479 # | Administrator | Login, ConfigureManager, ConfigureUsers, ConfigureComponents, ConfigureSelf | 480 # | Operator | Login, ConfigureComponents, ConfigureSelf | 481 # | ReadOnly | Login, ConfigureSelf | 482 483 @{admin}= Create List Login ConfigureManager ConfigureUsers ConfigureComponents ConfigureSelf 484 @{operator}= Create List Login ConfigureComponents ConfigureSelf 485 @{readOnly}= Create List Login ConfigureSelf 486 487 ${roles_dict}= create dictionary admin_privileges=${admin} operator_privileges=${operator} 488 ... readOnly_privileges=${readOnly} 489 490 ${resp}= redfish.Get /redfish/v1/AccountService/Roles/Administrator 491 List Should Contain Sub List ${resp.dict['AssignedPrivileges']} ${roles_dict['admin_privileges']} 492 493 ${resp}= redfish.Get /redfish/v1/AccountService/Roles/Operator 494 List Should Contain Sub List ${resp.dict['AssignedPrivileges']} ${roles_dict['operator_privileges']} 495 496 ${resp}= redfish.Get /redfish/v1/AccountService/Roles/ReadOnly 497 List Should Contain Sub List ${resp.dict['AssignedPrivileges']} ${roles_dict['readOnly_privileges']} 498 499 500Verify Error While Deleting Root User 501 [Documentation] Verify error while deleting root user. 502 [Tags] Verify_Error_While_Deleting_Root_User 503 504 Redfish.Delete /redfish/v1/AccountService/Accounts/root valid_status_codes=[${HTTP_FORBIDDEN}] 505 506 507Verify SSH Login Access With Admin User 508 [Documentation] Verify that admin user have SSH login access. 509 ... By default, admin should have access but there could be 510 ... case where admin user shell access is restricted by design 511 ... in the community sphere.. 512 [Tags] Verify_SSH_Login_Access_With_Admin_User 513 514 # Create an admin User. 515 Redfish Create User new_admin TestPwd1 Administrator ${True} 516 517 # Attempt SSH login with admin user. 518 SSHLibrary.Open Connection ${OPENBMC_HOST} 519 ${status}= Run Keyword And Return Status SSHLibrary.Login new_admin TestPwd1 520 521 # By default ssh_status is True, user can change the status via CLI 522 # -v ssh_status:False 523 Should Be Equal As Strings "${status}" "${ssh_status}" 524 525 Redfish.Login 526 Redfish.Delete /redfish/v1/AccountService/Accounts/new_admin 527 528 529Verify Configure BasicAuth Enable And Disable 530 [Documentation] Verify configure basicauth enable and disable 531 [Tags] Verify_Configure_BasicAuth_Enable_And_Disable 532 [Template] Template For Configure Auth Methods 533 534 # auth_method 535 BasicAuth 536 XToken 537 538*** Keywords *** 539 540Test Teardown Execution 541 [Documentation] Do the post test teardown. 542 543 Run Keyword And Ignore Error Redfish.Logout 544 FFDC On Test Case Fail 545 546 547Redfish Create User 548 [Documentation] Redfish create user. 549 [Arguments] ${username} ${password} ${role_id} ${enabled} ${login_check}=${True} 550 551 # Description of argument(s): 552 # username The username to be created. 553 # password The password to be assigned. 554 # role_id The role ID of the user to be created 555 # (e.g. "Administrator", "Operator", etc.). 556 # enabled Indicates whether the username being created 557 # should be enabled (${True}, ${False}). 558 # login_check Checks user login for created user. 559 # (e.g. ${True}, ${False}). 560 561 # Make sure the user account in question does not already exist. 562 Redfish.Delete /redfish/v1/AccountService/Accounts/${userName} 563 ... valid_status_codes=[${HTTP_OK}, ${HTTP_NOT_FOUND}] 564 565 # Create specified user. 566 ${payload}= Create Dictionary 567 ... UserName=${username} Password=${password} RoleId=${role_id} Enabled=${enabled} 568 Redfish.Post /redfish/v1/AccountService/Accounts/ body=&{payload} 569 ... valid_status_codes=[${HTTP_CREATED}] 570 571 # Resetting faillock count as a workaround for issue 572 # openbmc/phosphor-user-manager#4 573 ${cmd}= Catenate test -f /usr/sbin/faillock && /usr/sbin/faillock --user ${username} --reset 574 575 Bmc Execute Command ${cmd} 576 577 # Verify login with created user. 578 ${status}= Run Keyword If '${login_check}' == '${True}' 579 ... Verify Redfish User Login ${username} ${password} 580 Run Keyword If '${login_check}' == '${True}' Should Be Equal ${status} ${enabled} 581 582 # Validate Role ID of created user. 583 ${role_config}= Redfish_Utils.Get Attribute 584 ... /redfish/v1/AccountService/Accounts/${username} RoleId 585 Should Be Equal ${role_id} ${role_config} 586 587 588Redfish Verify User 589 [Documentation] Redfish user verification. 590 [Arguments] ${username} ${password} ${role_id} ${enabled} 591 592 # Description of argument(s): 593 # username The username to be created. 594 # password The password to be assigned. 595 # role_id The role ID of the user to be created 596 # (e.g. "Administrator", "Operator", etc.). 597 # enabled Indicates whether the username being created 598 # should be enabled (${True}, ${False}). 599 600 ${status}= Verify Redfish User Login ${username} ${password} 601 # Doing a check of the returned status. 602 Should Be Equal ${status} ${enabled} 603 604 # Validate Role Id of user. 605 ${role_config}= Redfish_Utils.Get Attribute 606 ... /redfish/v1/AccountService/Accounts/${username} RoleId 607 Should Be Equal ${role_id} ${role_config} 608 609 610Verify Redfish User Login 611 [Documentation] Verify Redfish login with given user id. 612 [Teardown] Run Keywords Run Keyword And Ignore Error Redfish.Logout AND Redfish.Login 613 [Arguments] ${username} ${password} 614 615 # Description of argument(s): 616 # username Login username. 617 # password Login password. 618 619 # Logout from current Redfish session. 620 # We don't really care if the current session is flushed out since we are going to login 621 # with new credential in next. 622 Run Keyword And Ignore Error Redfish.Logout 623 624 ${status}= Run Keyword And Return Status Redfish.Login ${username} ${password} 625 [Return] ${status} 626 627 628Redfish Create And Verify User 629 [Documentation] Redfish create and verify user. 630 [Arguments] ${username} ${password} ${role_id} ${enabled} 631 632 # Description of argument(s): 633 # username The username to be created. 634 # password The password to be assigned. 635 # role_id The role ID of the user to be created 636 # (e.g. "Administrator", "Operator", etc.). 637 # enabled Indicates whether the username being created 638 # should be enabled (${True}, ${False}). 639 640 # Example: 641 #{ 642 #"@odata.context": "/redfish/v1/$metadata#ManagerAccount.ManagerAccount", 643 #"@odata.id": "/redfish/v1/AccountService/Accounts/test1", 644 #"@odata.type": "#ManagerAccount.v1_0_3.ManagerAccount", 645 #"Description": "User Account", 646 #"Enabled": true, 647 #"Id": "test1", 648 #"Links": { 649 # "Role": { 650 # "@odata.id": "/redfish/v1/AccountService/Roles/Administrator" 651 # } 652 #}, 653 654 Redfish Create User ${username} ${password} ${role_id} ${enabled} 655 656 Redfish Verify User ${username} ${password} ${role_id} ${enabled} 657 658 # Delete Specified User 659 Redfish.Delete /redfish/v1/AccountService/Accounts/${username} 660 661Verify Redfish User with Wrong Password 662 [Documentation] Verify Redfish User with Wrong Password. 663 [Arguments] ${username} ${password} ${role_id} ${enabled} ${wrong_password} 664 665 # Description of argument(s): 666 # username The username to be created. 667 # password The password to be assigned. 668 # role_id The role ID of the user to be created 669 # (e.g. "Administrator", "Operator", etc.). 670 # enabled Indicates whether the username being created 671 # should be enabled (${True}, ${False}). 672 # wrong_password Any invalid password. 673 674 Redfish Create User ${username} ${password} ${role_id} ${enabled} 675 676 Redfish.Logout 677 678 # Attempt to login with created user with invalid password. 679 Run Keyword And Expect Error InvalidCredentialsError* 680 ... Redfish.Login ${username} ${wrong_password} 681 682 Redfish.Login 683 684 # Delete newly created user. 685 Redfish.Delete /redfish/v1/AccountService/Accounts/${username} 686 687 688Verify Login with Deleted Redfish User 689 [Documentation] Verify Login with Deleted Redfish User. 690 [Arguments] ${username} ${password} ${role_id} ${enabled} 691 692 # Description of argument(s): 693 # username The username to be created. 694 # password The password to be assigned. 695 # role_id The role ID of the user to be created 696 # (e.g. "Administrator", "Operator", etc.). 697 # enabled Indicates whether the username being created 698 # should be enabled (${True}, ${False}). 699 700 Redfish Create User ${username} ${password} ${role_id} ${enabled} 701 702 # Delete newly created user. 703 Redfish.Delete /redfish/v1/AccountService/Accounts/${userName} 704 705 Redfish.Logout 706 707 # Attempt to login with deleted user account. 708 Run Keyword And Expect Error InvalidCredentialsError* 709 ... Redfish.Login ${username} ${password} 710 711 Redfish.Login 712 713 714Verify Create User Without Enabling 715 [Documentation] Verify Create User Without Enabling. 716 [Arguments] ${username} ${password} ${role_id} ${enabled} 717 718 # Description of argument(s): 719 # username The username to be created. 720 # password The password to be assigned. 721 # role_id The role ID of the user to be created 722 # (e.g. "Administrator", "Operator", etc.). 723 # enabled Indicates whether the username being created 724 # should be enabled (${True}, ${False}). 725 726 Redfish Create User ${username} ${password} ${role_id} ${enabled} ${False} 727 728 Redfish.Logout 729 730 # Login with created user. 731 Run Keyword And Expect Error InvalidCredentialsError* 732 ... Redfish.Login ${username} ${password} 733 734 Redfish.Login 735 736 # Delete newly created user. 737 Redfish.Delete /redfish/v1/AccountService/Accounts/${username} 738 739Template For Configure Auth Methods 740 [Documentation] Template to configure auth methods. 741 [Arguments] ${auth_method} 742 [Teardown] Configure AuthMethods ${auth_method}=${initial_value} 743 744 # Description of Argument(s): 745 # authmethods The authmethod setting which needs to be 746 # set in account service URI. 747 # valid values BasicAuth, XToken. 748 749 Get AuthMethods Default Values ${auth_method} 750 751 # Patch basicauth to TRUE 752 Configure AuthMethods ${auth_method}=${TRUE} 753 754 Run Keyword IF "${auth_method}" == "XToken" 755 ... Check XToken Works Fine ${HTTP_OK} 756 ... ELSE 757 ... Check BasicAuth Works Fine ${HTTP_OK} 758 759 # Patch basicauth to FALSE 760 Configure AuthMethods ${auth_method}=${FALSE} 761 762 Run Keyword IF "${auth_method}" == "BasicAuth" 763 ... Check BasicAuth Works Fine ${HTTP_UNAUTHORIZED} 764 ... ELSE 765 ... Check XToken Works Fine ${HTTP_UNAUTHORIZED} 766 767Configure AuthMethods 768 [Documentation] Enable/disable authmethod types. 769 [Arguments] &{authmethods} 770 771 # Description of argument(s): 772 # authmethods The authmethod setting which needs to be 773 # set in account service URI. 774 # Usage Example Configure AuthMethods XToken=${TRUE} BasicAuth=${TRUE} 775 # This will set the value of "XToken" and "BasicAuth" 776 # property in accountservice uri to TRUE. 777 778 ${openbmc}= Create Dictionary AuthMethods=${authmethods} 779 ${oem}= Create Dictionary OpenBMC=${openbmc} 780 ${payload}= Create Dictionary Oem=${oem} 781 782 # Setting authmethod properties using Redfish session based auth 783 ${status}= Run Keyword And Return Status 784 ... Redfish.Patch ${REDFISH_BASE_URI}AccountService 785 ... body=${payload} valid_status_codes=[${HTTP_OK},${HTTP_NO_CONTENT}] 786 787 # Setting authmethod properties using basic auth in case the former fails 788 IF ${status}==${FALSE} 789 # Payload dictionary pre-process to match json formatting 790 ${payload}= Convert To String ${payload} 791 ${payload}= Replace String ${payload} ' " 792 ${payload}= Replace String ${payload} False false 793 ${payload}= Replace String ${payload} True true 794 795 # Curl Command Framing for PATCH authmethod 796 ${cmd}= Catenate curl -k -i -u ${OPENBMC_USERNAME}:${OPENBMC_PASSWORD} 797 ... -X PATCH '${AUTH_URI}${REDFISH_ACCOUNTS_SERVICE_URI}' 798 ... -H 'content-type:application/json' -H 'If-Match:*' 799 ... -d '${payload}' 800 ${rc} ${out}= Run And Return Rc And Output ${cmd} 801 802 # Check the response of curl command is 200 or 204 803 ${check_no_content}= 804 ... Run Keyword and Return Status Should Contain ${out} 204 805 ${check_ok}= 806 ... Run Keyword and Return Status Should Contain ${out} 200 807 Pass Execution If ${check_no_content}==${TRUE} 808 ... OR ${check_ok}==${TRUE} 809 END 810 811 812Get AuthMethods Default Values 813 [Documentation] Get enabled/disabled status of all authmethods 814 ... from Redfish account service URI 815 [Arguments] ${authmethod} 816 817 # Description of argument(s): 818 # authmethod The authmethod property whose value needs to be 819 # retrieved from account service URI. 820 # Usage Example Get AuthMethods Default Values BasicAuth 821 # returns >> ${TRUE} 822 # Example: 823 # { 824 # "@odata.id": "/redfish/v1/AccountService", 825 # (...) 826 # "Oem": { 827 # "OpenBMC": { 828 # "AuthMethods": { 829 # "BasicAuth": true, 830 # "Cookie": true, 831 # "SessionToken": true, 832 # "TLS": true, 833 # "XToken": true 834 # } 835 # } 836 # } 837 # } 838 839 ${resp}= Redfish.Get Attribute ${REDFISH_ACCOUNTS_SERVICE_URI} Oem 840 ${authmethods}= Set Variable ${resp['OpenBMC']['AuthMethods']} 841 ${initial_value}= Get From Dictionary ${authmethods} ${authmethod} 842 Set Test Variable ${initial_value} 843 844Check XToken Works Fine 845 [Documentation] Verify Xtoken works fine. 846 [Arguments] ${status_code} 847 848 # Description of Argument(s): 849 # status_code : 200, 401. 850 851 # Verify xtoken auth works for xtoken 852 Redfish.Get ${REDFISH_ACCOUNTS_SERVICE_URI} 853 ... valid_status_codes=[${status_code}] 854 855Check BasicAuth Works Fine 856 [Documentation] Verify Basic Auth works fine. 857 [Arguments] ${status_code} 858 859 # Description of Argument(s): 860 # status_code : 200, 401. 861 862 # Verify basic auth works based on basic auth. 863 ${cmd}= Catenate curl -k -i -u ${OPENBMC_USERNAME}:${OPENBMC_PASSWORD} 864 ... ${AUTH_URI}/redfish/v1/AccountService 865 ${rc} ${out}= Run And Return Rc And Output ${cmd} 866 867 # Check the response of curl command is 200/401 868 Should Contain ${out} ${status_code} 869