xref: /openbmc/openbmc-test-automation/redfish/account_service/test_user_account.robot (revision cb61ff0fd22543473630ba5a6e6d5714718efee0) 
1*** Settings ***
2Documentation    Test Redfish user account.
3
4Resource         ../../lib/resource.robot
5Resource         ../../lib/bmc_redfish_resource.robot
6Resource         ../../lib/openbmc_ffdc.robot
7Resource         ../../lib/bmc_redfish_utils.robot
8
9Library          SSHLibrary
10
11Test Setup       Redfish.Login
12Test Teardown    Test Teardown Execution
13
14*** Variables ***
15
16${account_lockout_duration}   ${30}
17${account_lockout_threshold}  ${3}
18
19${ssh_status}                 ${True}
20
21** Test Cases **
22
23Verify AccountService Available
24    [Documentation]  Verify Redfish account service is available.
25    [Tags]  Verify_AccountService_Available
26
27    ${resp} =  Redfish_utils.Get Attribute  /redfish/v1/AccountService  ServiceEnabled
28    Should Be Equal As Strings  ${resp}  ${True}
29
30
31Verify Redfish Admin User Persistence After Reboot
32    [Documentation]  Verify Redfish admin user persistence after reboot.
33    [Tags]  Verify_Redfish_Admin_User_Persistence_After_Reboot
34    [Setup]  Run Keywords  Redfish.Login  AND
35    ...  Redfish Create User  admin_user  TestPwd123  Administrator  ${True}
36    [Teardown]  Run Keywords  Redfish.Delete  /redfish/v1/AccountService/Accounts/admin_user
37    ...  AND  Test Teardown Execution
38
39    # Reboot BMC.
40    Redfish OBMC Reboot (off)  stack_mode=normal
41
42    # Verify users after reboot.
43    Redfish Verify User  admin_user     TestPwd123  Administrator   ${True}
44
45
46Verify Redfish Operator User Persistence After Reboot
47    [Documentation]  Verify Redfish operator user persistence after reboot.
48    [Tags]  Verify_Redfish_Operator_User_Persistence_After_Reboot
49    [Setup]  Run Keywords  Redfish.Login  AND
50    ...  Redfish Create User  operator_user  TestPwd123  Operator  ${True}
51    [Teardown]  Run Keywords  Redfish.Delete  /redfish/v1/AccountService/Accounts/operator_user
52    ...  AND  Test Teardown Execution
53
54    # Reboot BMC.
55    Redfish OBMC Reboot (off)  stack_mode=normal
56
57    # Verify users after reboot.
58    Redfish Verify User  operator_user  TestPwd123  Operator        ${True}
59
60
61Verify Redfish Readonly User Persistence After Reboot
62    [Documentation]  Verify Redfish readonly user persistence after reboot.
63    [Tags]  Verify_Redfish_Readonly_User_Persistence_After_Reboot
64    [Setup]  Run Keywords  Redfish.Login  AND
65    ...  Redfish Create User  readonly_user  TestPwd123  ReadOnly  ${True}
66    [Teardown]  Run Keywords  Redfish.Delete  /redfish/v1/AccountService/Accounts/readonly_user
67    ...  AND  Test Teardown Execution
68
69    # Reboot BMC.
70    Redfish OBMC Reboot (off)  stack_mode=normal
71
72    # Verify users after reboot.
73    Redfish Verify User  readonly_user  TestPwd123  ReadOnly        ${True}
74
75
76Redfish Create and Verify Admin User
77    [Documentation]  Create a Redfish user with administrator role and verify.
78    [Tags]  Redfish_Create_and_Verify_Admin_User
79    [Template]  Redfish Create And Verify User
80
81    #username      password    role_id         enabled
82    admin_user     TestPwd123  Administrator   ${True}
83
84
85Redfish Create and Verify Operator User
86    [Documentation]  Create a Redfish user with operator role and verify.
87    [Tags]  Redfish_Create_and_Verify_Operator_User
88    [Template]  Redfish Create And Verify User
89
90    #username      password    role_id         enabled
91    operator_user  TestPwd123  Operator        ${True}
92
93
94Redfish Create and Verify Readonly User
95    [Documentation]  Create a Redfish user with readonly role and verify.
96    [Tags]  Redfish_Create_and_Verify_Readonly_User
97    [Template]  Redfish Create And Verify User
98
99    #username      password    role_id         enabled
100    readonly_user  TestPwd123  ReadOnly        ${True}
101
102
103Verify Redfish Admin User With Wrong Password
104    [Documentation]  Verify Redfish admin user with wrong password.
105    [Tags]  Verify_Redfish_Admin_User_With_Wrong_Password
106    [Template]  Verify Redfish User with Wrong Password
107
108    #username      password    role_id         enabled  wrong_password
109    admin_user     TestPwd123  Administrator   ${True}  alskjhfwurh
110
111
112Verify Redfish Operator User with Wrong Password
113    [Documentation]  Verify Redfish operator user with wrong password.
114    [Tags]  Verify_Redfish_Operator_User_with_Wrong_Password
115    [Template]  Verify Redfish User with Wrong Password
116
117    #username      password    role_id         enabled  wrong_password
118    operator_user  TestPwd123  Operator        ${True}  12j8a8uakjhdaosiruf024
119
120
121Verify Redfish Readonly User With Wrong Password
122    [Documentation]  Verify Redfish readonly user with wrong password.
123    [Tags]  Verify_Redfish_Readonly_User_With_Wrong_Password
124    [Template]  Verify Redfish User with Wrong Password
125
126    #username      password    role_id         enabled  wrong_password
127    readonly_user  TestPwd123  ReadOnly        ${True}  12
128
129
130Verify Login with Deleted Redfish Admin User
131    [Documentation]  Verify login with deleted Redfish admin user.
132    [Tags]  Verify_Login_with_Deleted_Redfish_Admin_User
133    [Template]  Verify Login with Deleted Redfish User
134
135    #username     password    role_id         enabled
136    admin_user     TestPwd123  Administrator   ${True}
137
138
139Verify Login with Deleted Redfish Operator User
140    [Documentation]  Verify login with deleted Redfish operator user.
141    [Tags]  Verify_Login_with_Deleted_Redfish_Operator_User
142    [Template]  Verify Login with Deleted Redfish User
143
144    #username     password    role_id         enabled
145    operator_user  TestPwd123  Operator        ${True}
146
147
148Verify Login with Deleted Redfish Readonly User
149    [Documentation]  Verify login with deleted Redfish readonly user.
150    [Tags]  Verify_Login_with_Deleted_Redfish_Readonly_User
151    [Template]  Verify Login with Deleted Redfish User
152
153    #username     password    role_id         enabled
154    readonly_user  TestPwd123  ReadOnly        ${True}
155
156
157Verify Admin User Creation Without Enabling It
158    [Documentation]  Verify admin user creation without enabling it.
159    [Tags]  Verify_Admin_User_Creation_Without_Enabling_It
160    [Template]  Verify Create User Without Enabling
161
162    #username      password    role_id         enabled
163    admin_user     TestPwd123  Administrator   ${False}
164
165
166Verify Operator User Creation Without Enabling It
167    [Documentation]  Verify operator user creation without enabling it.
168    [Tags]  Verify_Operator_User_Creation_Without_Enabling_It
169    [Template]  Verify Create User Without Enabling
170
171    #username      password    role_id         enabled
172    operator_user  TestPwd123  Operator        ${False}
173
174
175Verify Readonly User Creation Without Enabling It
176    [Documentation]  Verify readonly user creation without enabling it.
177    [Tags]  Verify_Readonly_User_Creation_Without_Enabling_It
178    [Template]  Verify Create User Without Enabling
179
180    #username      password    role_id         enabled
181    readonly_user  TestPwd123  ReadOnly        ${False}
182
183
184Verify User Creation With Invalid Role Id
185    [Documentation]  Verify user creation with invalid role ID.
186    [Tags]  Verify_User_Creation_With_Invalid_Role_Id
187
188    # Make sure the user account in question does not already exist.
189    Redfish.Delete  /redfish/v1/AccountService/Accounts/test_user
190    ...  valid_status_codes=[${HTTP_OK}, ${HTTP_NOT_FOUND}]
191
192    # Create specified user.
193    ${payload}=  Create Dictionary
194    ...  UserName=test_user  Password=TestPwd123  RoleId=wrongroleid  Enabled=${True}
195    Redfish.Post  /redfish/v1/AccountService/Accounts/  body=&{payload}
196    ...  valid_status_codes=[${HTTP_BAD_REQUEST}]
197
198Verify Error Upon Creating Same Users With Different Privileges
199    [Documentation]  Verify error upon creating same users with different privileges.
200    [Tags]  Verify_Error_Upon_Creating_Same_Users_With_Different_Privileges
201
202    Redfish Create User  test_user  TestPwd123  Administrator  ${True}
203
204    # Create specified user.
205    ${payload}=  Create Dictionary
206    ...  UserName=test_user  Password=TestPwd123  RoleId=ReadOnly  Enabled=${True}
207    Redfish.Post  /redfish/v1/AccountService/Accounts/  body=&{payload}
208    ...  valid_status_codes=[${HTTP_BAD_REQUEST}]
209
210    Redfish.Delete  /redfish/v1/AccountService/Accounts/test_user
211
212
213Verify Modifying User Attributes
214    [Documentation]  Verify modifying user attributes.
215    [Tags]  Verify_Modifying_User_Attributes
216
217    # Create Redfish users.
218    Redfish Create User  admin_user     TestPwd123  Administrator   ${True}
219    Redfish Create User  readonly_user  TestPwd123  ReadOnly        ${True}
220
221    # Make sure the new user account does not already exist.
222    Redfish.Delete  /redfish/v1/AccountService/Accounts/newadmin_user
223    ...  valid_status_codes=[${HTTP_OK}, ${HTTP_NOT_FOUND}]
224
225    # Update admin_user username using Redfish.
226    ${payload}=  Create Dictionary  UserName=newadmin_user
227    Redfish.Patch  /redfish/v1/AccountService/Accounts/admin_user  body=&{payload}
228    ...  valid_status_codes=[${HTTP_OK}, ${HTTP_NO_CONTENT}]
229
230    # Update readonly_user role using Redfish.
231    ${payload}=  Create Dictionary  RoleId=Administrator
232    Redfish.Patch  /redfish/v1/AccountService/Accounts/readonly_user  body=&{payload}
233    ...  valid_status_codes=[${HTTP_OK}, ${HTTP_NO_CONTENT}]
234
235    # Verify users after updating
236    Redfish Verify User  newadmin_user  TestPwd123     Administrator   ${True}
237    Redfish Verify User  readonly_user  TestPwd123     Administrator   ${True}
238
239    # Delete created users.
240    Redfish.Delete  /redfish/v1/AccountService/Accounts/newadmin_user
241    Redfish.Delete  /redfish/v1/AccountService/Accounts/readonly_user
242
243
244Verify Modifying Operator User Attributes
245    [Documentation]  Verify modifying operator user attributes.
246    [Tags]  Verify_Modifying_Operator_User_Attributes
247    [Setup]  Run Keywords  Redfish.Login  AND
248    ...  Redfish Create User  operator_user  TestPwd123  Operator  ${True}
249    [Teardown]  Run Keywords  Redfish.Delete  /redfish/v1/AccountService/Accounts/operator_user
250    ...  AND  Test Teardown Execution
251
252    # Update operator_user password using Redfish.
253    ${payload}=  Create Dictionary  Password=NewTestPwd123
254    Redfish.Patch  /redfish/v1/AccountService/Accounts/operator_user  body=&{payload}
255
256    # Verify users after updating
257    Redfish Verify User  operator_user  NewTestPwd123  Operator        ${True}
258
259
260Verify User Account Locked
261    [Documentation]  Verify user account locked upon trying with invalid password.
262    [Tags]  Verify_User_Account_Locked
263
264    Redfish Create User  admin_user  TestPwd123  Administrator   ${True}
265
266    ${payload}=  Create Dictionary  AccountLockoutThreshold=${account_lockout_threshold}
267    ...  AccountLockoutDuration=${account_lockout_duration}
268    Redfish.Patch  ${REDFISH_ACCOUNTS_SERVICE_URI}  body=${payload}
269    ...  valid_status_codes=[${HTTP_OK}, ${HTTP_NO_CONTENT}]
270
271    Redfish.Logout
272
273    # Make ${account_lockout_threshold} failed login attempts.
274    Repeat Keyword  ${account_lockout_threshold} times
275    ...  Run Keyword And Expect Error  InvalidCredentialsError*  Redfish.Login  admin_user  abc123
276
277    # Verify that legitimate login fails due to lockout.
278    Run Keyword And Expect Error  InvalidCredentialsError*
279    ...  Redfish.Login  admin_user  TestPwd123
280
281    # Wait for lockout duration to expire and then verify that login works.
282    Sleep  ${account_lockout_duration}s
283    Redfish.Login  admin_user  TestPwd123
284
285    Redfish.Logout
286
287    Redfish.Login
288
289    Redfish.Delete  /redfish/v1/AccountService/Accounts/admin_user
290
291
292Verify User Account Unlock
293    [Documentation]  Verify manually unlocking the account before lockout time
294    [Tags]  Verify_User_Account_Unlock
295    [Teardown]  Run Keywords  Redfish.Logout
296    ...  AND  Redfish.Login
297    ...  AND  Redfish.Delete  /redfish/v1/AccountService/Accounts/test_user
298    ...  AND  SSHLibrary.Close All Connections
299
300    Redfish Create User  test_user  TestPwd123  Administrator  ${True}
301
302    ${payload}=  Create Dictionary
303    ...  AccountLockoutThreshold=${account_lockout_threshold}
304    ...  AccountLockoutDuration=${account_lockout_duration}
305    Redfish.Patch  ${REDFISH_ACCOUNTS_SERVICE_URI}  body=${payload}
306
307    Redfish.Logout
308
309    # Make ${account_lockout_threshold} failed login attempts.
310    Repeat Keyword  ${account_lockout_threshold} times
311    ...  Run Keyword And Expect Error  InvalidCredentialsError*
312    ...  Redfish.Login  test_user  abc123
313
314    # Ensure SSH Login with locked account gets failed
315    SSHLibrary.Open Connection  ${OPENBMC_HOST}
316    Run Keyword And Expect Error  Authentication failed*
317    ...  SSHLibrary.Login  test_user  TestPwd123
318
319    # Verify that legitimate login fails due to lockout.
320    Run Keyword And Expect Error  InvalidCredentialsError*
321    ...  Redfish.Login  test_user  TestPwd123
322
323    ${payload}=  Create Dictionary  Locked=${FALSE}
324
325    # Manually unlock the account before lockout threshold expires
326    Redfish.Login
327    Redfish.Patch  ${REDFISH_ACCOUNTS_URI}test_user  body=${payload}
328    Redfish.Logout
329
330    # Try redfish login with the recently unlocked account
331    Redfish.Login  test_user  TestPwd123
332
333    # Try SSH login with the unlocked account
334    SSHLibrary.Open Connection  ${OPENBMC_HOST}
335    SSHLibrary.Login  test_user  TestPwd123
336
337
338Verify Admin User Privilege
339    [Documentation]  Verify admin user privilege.
340    [Tags]  Verify_Admin_User_Privilege
341
342    Redfish Create User  admin_user  TestPwd123  Administrator  ${True}
343    Redfish Create User  readonly_user  TestPwd123  ReadOnly  ${True}
344
345    Redfish.Logout
346
347    Redfish.Login  admin_user  TestPwd123
348
349    # Change password of 'readonly' user with admin user.
350    Redfish.Patch  /redfish/v1/AccountService/Accounts/readonly_user  body={'Password': 'NewTestPwd123'}
351
352    # Verify modified user.
353    Redfish Verify User  readonly_user  NewTestPwd123  ReadOnly  ${True}
354
355    # Note: Delete user would work here because a root login is
356    # performed as part of "Redfish Verify User" keyword's teardown.
357    Redfish.Delete  /redfish/v1/AccountService/Accounts/admin_user
358    Redfish.Delete  /redfish/v1/AccountService/Accounts/readonly_user
359
360
361Verify Operator User Role Change Using Admin Privilege User
362    [Documentation]  Verify operator user role change using admin privilege user
363    [Tags]  Verify_Operator_User_Role_Change_Using_Admin_Privilege_User
364
365    Redfish Create User  admin_user  TestPwd123  Administrator  ${True}
366    Redfish Create User  operator_user  TestPwd123  Operator  ${True}
367
368    Redfish.Logout
369
370    # Change role ID of operator user with admin user.
371    # Login with admin user.
372    Redfish.Login  admin_user  TestPwd123
373
374    # Modify Role ID of Operator user.
375    Redfish.Patch  /redfish/v1/AccountService/Accounts/operator_user  body={'RoleId': 'Administrator'}
376
377    # Verify modified user.
378    Redfish Verify User  operator_user  TestPwd123  Administrator  ${True}
379
380    Redfish.Delete  /redfish/v1/AccountService/Accounts/admin_user
381    Redfish.Delete  /redfish/v1/AccountService/Accounts/operator_user
382
383
384Verify Operator User Privilege
385    [Documentation]  Verify operator user privilege.
386    [Tags]  Verify_Operator_User_Privilege
387
388    Redfish Create User  admin_user  TestPwd123  Administrator  ${True}
389    Redfish Create User  operator_user  TestPwd123  Operator  ${True}
390
391    Redfish.Logout
392    # Login with operator user.
393    Redfish.Login  operator_user  TestPwd123
394
395    # Verify BMC reset.
396    Run Keyword And Expect Error  ValueError*  Redfish BMC Reset Operation
397
398    # Attempt to change password of admin user with operator user.
399    Redfish.Patch  /redfish/v1/AccountService/Accounts/admin_user  body={'Password': 'NewTestPwd123'}
400    ...  valid_status_codes=[${HTTP_FORBIDDEN}]
401
402    Redfish.Logout
403
404    Redfish.Login
405
406    Redfish.Delete  /redfish/v1/AccountService/Accounts/admin_user
407    Redfish.Delete  /redfish/v1/AccountService/Accounts/operator_user
408
409
410Verify ReadOnly User Privilege
411    [Documentation]  Verify ReadOnly user privilege.
412    [Tags]  Verify_ReadOnly_User_Privilege
413
414    Redfish Create User  readonly_user  TestPwd123  ReadOnly  ${True}
415    Redfish.Logout
416
417    # Login with read_only user.
418    Redfish.Login  readonly_user  TestPwd123
419
420    # Read system level data.
421    ${system_model}=  Redfish_Utils.Get Attribute
422    ...  ${SYSTEM_BASE_URI}  Model
423
424    Redfish.Logout
425    Redfish.Login
426    Redfish.Delete  ${REDFISH_ACCOUNTS_URI}readonly_user
427
428
429Verify Minimum Password Length For Redfish User
430    [Documentation]  Verify minimum password length for new and existing user.
431    [Tags]  Verify_Minimum_Password_Length_For_Redfish_User
432
433    ${user_name}=  Set Variable  testUser
434
435    # Make sure the user account in question does not already exist.
436    Redfish.Delete  /redfish/v1/AccountService/Accounts/${user_name}
437    ...  valid_status_codes=[${HTTP_OK}, ${HTTP_NOT_FOUND}]
438
439    # Try to create a user with invalid length password.
440    ${payload}=  Create Dictionary
441    ...  UserName=${user_name}  Password=UserPwd  RoleId=Administrator  Enabled=${True}
442    Redfish.Post  /redfish/v1/AccountService/Accounts/  body=&{payload}
443    ...  valid_status_codes=[${HTTP_BAD_REQUEST}]
444
445    # Create specified user with valid length password.
446    Set To Dictionary  ${payload}  Password  UserPwd1
447    Redfish.Post  /redfish/v1/AccountService/Accounts/  body=&{payload}
448    ...  valid_status_codes=[${HTTP_CREATED}]
449
450    # Try to change to an invalid password.
451    Redfish.Patch  /redfish/v1/AccountService/Accounts/${user_name}  body={'Password': 'UserPwd'}
452    ...  valid_status_codes=[${HTTP_BAD_REQUEST}]
453
454    # Change to a valid password.
455    Redfish.Patch  /redfish/v1/AccountService/Accounts/${user_name}  body={'Password': 'UserPwd1'}
456
457    # Verify login.
458    Redfish.Logout
459    Redfish.Login  ${user_name}  UserPwd1
460    Redfish.Logout
461    Redfish.Login
462    Redfish.Delete  /redfish/v1/AccountService/Accounts/${user_name}
463
464
465Verify Standard User Roles Defined By Redfish
466    [Documentation]  Verify standard user roles defined by Redfish.
467    [Tags]  Verify_Standard_User_Roles_Defined_By_Redfish
468
469    ${member_list}=  Redfish_Utils.Get Member List
470    ...  /redfish/v1/AccountService/Roles
471
472    @{roles}=  Create List
473    ...  /redfish/v1/AccountService/Roles/Administrator
474    ...  /redfish/v1/AccountService/Roles/Operator
475    ...  /redfish/v1/AccountService/Roles/ReadOnly
476
477    List Should Contain Sub List  ${member_list}  ${roles}
478
479    # The standard roles are:
480
481    # | Role name | Assigned privileges |
482    # | Administrator | Login, ConfigureManager, ConfigureUsers, ConfigureComponents, ConfigureSelf |
483    # | Operator | Login, ConfigureComponents, ConfigureSelf |
484    # | ReadOnly | Login, ConfigureSelf |
485
486    @{admin}=  Create List  Login  ConfigureManager  ConfigureUsers  ConfigureComponents  ConfigureSelf
487    @{operator}=  Create List  Login  ConfigureComponents  ConfigureSelf
488    @{readOnly}=  Create List  Login  ConfigureSelf
489
490    ${roles_dict}=  create dictionary  admin_privileges=${admin}  operator_privileges=${operator}
491    ...  readOnly_privileges=${readOnly}
492
493    ${resp}=  redfish.Get  /redfish/v1/AccountService/Roles/Administrator
494    List Should Contain Sub List  ${resp.dict['AssignedPrivileges']}  ${roles_dict['admin_privileges']}
495
496    ${resp}=  redfish.Get  /redfish/v1/AccountService/Roles/Operator
497    List Should Contain Sub List  ${resp.dict['AssignedPrivileges']}  ${roles_dict['operator_privileges']}
498
499    ${resp}=  redfish.Get  /redfish/v1/AccountService/Roles/ReadOnly
500    List Should Contain Sub List  ${resp.dict['AssignedPrivileges']}  ${roles_dict['readOnly_privileges']}
501
502
503Verify Error While Deleting Root User
504    [Documentation]  Verify error while deleting root user.
505    [Tags]  Verify_Error_While_Deleting_Root_User
506
507    Redfish.Delete  /redfish/v1/AccountService/Accounts/root  valid_status_codes=[${HTTP_FORBIDDEN}]
508
509
510Verify SSH Login Access With Admin User
511    [Documentation]  Verify that admin user have SSH login access.
512    ...              By default, admin should have access but there could be
513    ...              case where admin user shell access is restricted by design
514    ...              in the community sphere..
515    [Tags]  Verify_SSH_Login_Access_With_Admin_User
516
517    # Create an admin User.
518    Redfish Create User  new_admin  TestPwd1  Administrator  ${True}
519
520    # Attempt SSH login with admin user.
521    SSHLibrary.Open Connection  ${OPENBMC_HOST}
522    ${status}=  Run Keyword And Return Status  SSHLibrary.Login  new_admin  TestPwd1
523
524    # By default ssh_status is True, user can change the status via CLI
525    # -v ssh_status:False
526    Should Be Equal As Strings  "${status}"  "${ssh_status}"
527
528    Redfish.Login
529    Redfish.Delete  /redfish/v1/AccountService/Accounts/new_admin
530
531
532Verify Configure BasicAuth Enable And Disable
533    [Documentation]  Verify configure basicauth enable and disable
534    [Tags]  Verify_Configure_BasicAuth_Enable_And_Disable
535    [Template]  Template For Configure Auth Methods
536
537    # auth_method
538    BasicAuth
539    XToken
540
541*** Keywords ***
542
543Test Teardown Execution
544    [Documentation]  Do the post test teardown.
545
546    Run Keyword And Ignore Error  Redfish.Logout
547    FFDC On Test Case Fail
548
549
550Redfish Create User
551    [Documentation]  Redfish create user.
552    [Arguments]   ${username}  ${password}  ${role_id}  ${enabled}  ${login_check}=${True}
553
554    # Description of argument(s):
555    # username            The username to be created.
556    # password            The password to be assigned.
557    # role_id             The role ID of the user to be created
558    #                     (e.g. "Administrator", "Operator", etc.).
559    # enabled             Indicates whether the username being created
560    #                     should be enabled (${True}, ${False}).
561    # login_check         Checks user login for created user.
562    #                     (e.g. ${True}, ${False}).
563
564    # Make sure the user account in question does not already exist.
565    Redfish.Delete  /redfish/v1/AccountService/Accounts/${userName}
566    ...  valid_status_codes=[${HTTP_OK}, ${HTTP_NOT_FOUND}]
567
568    # Create specified user.
569    ${payload}=  Create Dictionary
570    ...  UserName=${username}  Password=${password}  RoleId=${role_id}  Enabled=${enabled}
571    Redfish.Post  /redfish/v1/AccountService/Accounts/  body=&{payload}
572    ...  valid_status_codes=[${HTTP_CREATED}]
573
574    # Resetting faillock count as a workaround for issue
575    # openbmc/phosphor-user-manager#4
576    ${cmd}=  Catenate  /usr/sbin/faillock --user ${username} --reset
577
578    Bmc Execute Command  ${cmd}
579
580    # Verify login with created user.
581    ${status}=  Run Keyword If  '${login_check}' == '${True}'
582    ...  Verify Redfish User Login  ${username}  ${password}
583    Run Keyword If  '${login_check}' == '${True}'  Should Be Equal  ${status}  ${enabled}
584
585    # Validate Role ID of created user.
586    ${role_config}=  Redfish_Utils.Get Attribute
587    ...  /redfish/v1/AccountService/Accounts/${username}  RoleId
588    Should Be Equal  ${role_id}  ${role_config}
589
590
591Redfish Verify User
592    [Documentation]  Redfish user verification.
593    [Arguments]   ${username}  ${password}  ${role_id}  ${enabled}
594
595    # Description of argument(s):
596    # username            The username to be created.
597    # password            The password to be assigned.
598    # role_id             The role ID of the user to be created
599    #                     (e.g. "Administrator", "Operator", etc.).
600    # enabled             Indicates whether the username being created
601    #                     should be enabled (${True}, ${False}).
602
603    ${status}=  Verify Redfish User Login  ${username}  ${password}
604    # Doing a check of the returned status.
605    Should Be Equal  ${status}  ${enabled}
606
607    # Validate Role Id of user.
608    ${role_config}=  Redfish_Utils.Get Attribute
609    ...  /redfish/v1/AccountService/Accounts/${username}  RoleId
610    Should Be Equal  ${role_id}  ${role_config}
611
612
613Verify Redfish User Login
614    [Documentation]  Verify Redfish login with given user id.
615    [Teardown]  Run Keywords  Run Keyword And Ignore Error  Redfish.Logout  AND  Redfish.Login
616    [Arguments]   ${username}  ${password}
617
618    # Description of argument(s):
619    # username            Login username.
620    # password            Login password.
621
622    # Logout from current Redfish session.
623    # We don't really care if the current session is flushed out since we are going to login
624    # with new credential in next.
625    Run Keyword And Ignore Error  Redfish.Logout
626
627    ${status}=  Run Keyword And Return Status  Redfish.Login  ${username}  ${password}
628    RETURN  ${status}
629
630
631Redfish Create And Verify User
632    [Documentation]  Redfish create and verify user.
633    [Arguments]   ${username}  ${password}  ${role_id}  ${enabled}
634
635    # Description of argument(s):
636    # username            The username to be created.
637    # password            The password to be assigned.
638    # role_id             The role ID of the user to be created
639    #                     (e.g. "Administrator", "Operator", etc.).
640    # enabled             Indicates whether the username being created
641    #                     should be enabled (${True}, ${False}).
642
643    # Example:
644    #{
645    #"@odata.context": "/redfish/v1/$metadata#ManagerAccount.ManagerAccount",
646    #"@odata.id": "/redfish/v1/AccountService/Accounts/test1",
647    #"@odata.type": "#ManagerAccount.v1_0_3.ManagerAccount",
648    #"Description": "User Account",
649    #"Enabled": true,
650    #"Id": "test1",
651    #"Links": {
652    #  "Role": {
653    #    "@odata.id": "/redfish/v1/AccountService/Roles/Administrator"
654    #  }
655    #},
656
657    Redfish Create User  ${username}  ${password}  ${role_id}  ${enabled}
658
659    Redfish Verify User  ${username}  ${password}  ${role_id}  ${enabled}
660
661    # Delete Specified User
662    Redfish.Delete  /redfish/v1/AccountService/Accounts/${username}
663
664Verify Redfish User with Wrong Password
665    [Documentation]  Verify Redfish User with Wrong Password.
666    [Arguments]   ${username}  ${password}  ${role_id}  ${enabled}  ${wrong_password}
667
668    # Description of argument(s):
669    # username            The username to be created.
670    # password            The password to be assigned.
671    # role_id             The role ID of the user to be created
672    #                     (e.g. "Administrator", "Operator", etc.).
673    # enabled             Indicates whether the username being created
674    #                     should be enabled (${True}, ${False}).
675    # wrong_password      Any invalid password.
676
677    Redfish Create User  ${username}  ${password}  ${role_id}  ${enabled}
678
679    Redfish.Logout
680
681    # Attempt to login with created user with invalid password.
682    Run Keyword And Expect Error  InvalidCredentialsError*
683    ...  Redfish.Login  ${username}  ${wrong_password}
684
685    Redfish.Login
686
687    # Delete newly created user.
688    Redfish.Delete  /redfish/v1/AccountService/Accounts/${username}
689
690
691Verify Login with Deleted Redfish User
692    [Documentation]  Verify Login with Deleted Redfish User.
693    [Arguments]   ${username}  ${password}  ${role_id}  ${enabled}
694
695    # Description of argument(s):
696    # username            The username to be created.
697    # password            The password to be assigned.
698    # role_id             The role ID of the user to be created
699    #                     (e.g. "Administrator", "Operator", etc.).
700    # enabled             Indicates whether the username being created
701    #                     should be enabled (${True}, ${False}).
702
703    Redfish Create User  ${username}  ${password}  ${role_id}  ${enabled}
704
705    # Delete newly created user.
706    Redfish.Delete  /redfish/v1/AccountService/Accounts/${userName}
707
708    Redfish.Logout
709
710    # Attempt to login with deleted user account.
711    Run Keyword And Expect Error  InvalidCredentialsError*
712    ...  Redfish.Login  ${username}  ${password}
713
714    Redfish.Login
715
716
717Verify Create User Without Enabling
718    [Documentation]  Verify Create User Without Enabling.
719    [Arguments]   ${username}  ${password}  ${role_id}  ${enabled}
720
721    # Description of argument(s):
722    # username            The username to be created.
723    # password            The password to be assigned.
724    # role_id             The role ID of the user to be created
725    #                     (e.g. "Administrator", "Operator", etc.).
726    # enabled             Indicates whether the username being created
727    #                     should be enabled (${True}, ${False}).
728
729    Redfish Create User  ${username}  ${password}  ${role_id}  ${enabled}  ${False}
730
731    Redfish.Logout
732
733    # Login with created user.
734    Run Keyword And Expect Error  InvalidCredentialsError*
735    ...  Redfish.Login  ${username}  ${password}
736
737    Redfish.Login
738
739    # Delete newly created user.
740    Redfish.Delete  /redfish/v1/AccountService/Accounts/${username}
741
742Template For Configure Auth Methods
743    [Documentation]  Template to configure auth methods.
744    [Arguments]  ${auth_method}
745    [Teardown]  Configure AuthMethods  ${auth_method}=${initial_value}
746
747    # Description of Argument(s):
748    # authmethods   The authmethod setting which needs to be
749    #               set in account service URI.
750    # valid values  BasicAuth, XToken.
751
752    Get AuthMethods Default Values  ${auth_method}
753
754    # Patch basicauth to TRUE
755    Configure AuthMethods  ${auth_method}=${TRUE}
756
757    Run Keyword IF  "${auth_method}" == "XToken"
758    ...    Check XToken Works Fine  ${HTTP_OK}
759    ...  ELSE
760    ...    Check BasicAuth Works Fine  ${HTTP_OK}
761
762    # Patch basicauth to FALSE
763    Configure AuthMethods  ${auth_method}=${FALSE}
764
765    Run Keyword IF  "${auth_method}" == "BasicAuth"
766    ...    Check BasicAuth Works Fine  ${HTTP_UNAUTHORIZED}
767    ...  ELSE
768    ...    Check XToken Works Fine  ${HTTP_UNAUTHORIZED}
769
770Configure AuthMethods
771    [Documentation]  Enable/disable authmethod types.
772    [Arguments]  &{authmethods}
773
774    # Description of argument(s):
775    # authmethods            The authmethod setting which needs to be
776    #                        set in account service URI.
777    # Usage Example          Configure AuthMethods  XToken=${TRUE}  BasicAuth=${TRUE}
778    #                        This will set the value of "XToken" and "BasicAuth"
779    #                        property in accountservice uri to TRUE.
780
781    ${openbmc}=  Create Dictionary  AuthMethods=${authmethods}
782    ${oem}=  Create Dictionary  OpenBMC=${openbmc}
783    ${payload}=  Create Dictionary  Oem=${oem}
784
785    # Setting authmethod properties using Redfish session based auth
786    ${status}=  Run Keyword And Return Status
787    ...  Redfish.Patch  ${REDFISH_BASE_URI}AccountService
788    ...  body=${payload}  valid_status_codes=[${HTTP_OK},${HTTP_NO_CONTENT}]
789
790    # Setting authmethod properties using basic auth in case the former fails
791    IF  ${status}==${FALSE}
792        # Payload dictionary pre-process to match json formatting
793        ${payload}=  Convert To String  ${payload}
794        ${payload}=  Replace String  ${payload}  '  "
795        ${payload}=  Replace String  ${payload}  False  false
796        ${payload}=  Replace String  ${payload}  True  true
797
798        # Curl Command Framing for PATCH authmethod
799        ${cmd}=  Catenate  curl -k -i -u ${OPENBMC_USERNAME}:${OPENBMC_PASSWORD}
800        ...  -X PATCH '${AUTH_URI}${REDFISH_ACCOUNTS_SERVICE_URI}'
801        ...  -H 'content-type:application/json' -H 'If-Match:*'
802        ...  -d '${payload}'
803        ${rc}  ${out}=  Run And Return Rc And Output  ${cmd}
804
805        #  Check the response of curl command is 200 or 204
806        ${check_no_content}=
807        ...  Run Keyword and Return Status  Should Contain  ${out}  204
808        ${check_ok}=
809        ...  Run Keyword and Return Status  Should Contain  ${out}  200
810        Pass Execution If  ${check_no_content}==${TRUE}
811        ...  OR  ${check_ok}==${TRUE}
812    END
813
814
815Get AuthMethods Default Values
816    [Documentation]  Get enabled/disabled status of all authmethods
817    ...  from Redfish account service URI
818    [Arguments]  ${authmethod}
819
820    # Description of argument(s):
821    # authmethod            The authmethod property whose value needs to be
822    #                       retrieved from account service URI.
823    # Usage Example         Get AuthMethods Default Values  BasicAuth
824    #                       returns >> ${TRUE}
825    # Example:
826    # {
827    #     "@odata.id": "/redfish/v1/AccountService",
828    #     (...)
829    #     "Oem": {
830    #         "OpenBMC": {
831    #             "AuthMethods": {
832    #                 "BasicAuth": true,
833    #                 "Cookie": true,
834    #                 "SessionToken": true,
835    #                 "TLS": true,
836    #                 "XToken": true
837    #             }
838    #         }
839    #     }
840    # }
841
842    ${resp}=  Redfish.Get Attribute  ${REDFISH_ACCOUNTS_SERVICE_URI}  Oem
843    ${authmethods}=  Set Variable  ${resp['OpenBMC']['AuthMethods']}
844    ${initial_value}=  Get From Dictionary  ${authmethods}  ${authmethod}
845    Set Test Variable  ${initial_value}
846
847Check XToken Works Fine
848    [Documentation]  Verify Xtoken works fine.
849    [Arguments]  ${status_code}
850
851    # Description of Argument(s):
852    # status_code : 200, 401.
853
854    # Verify xtoken auth works for xtoken
855    Redfish.Get  ${REDFISH_ACCOUNTS_SERVICE_URI}
856    ...  valid_status_codes=[${status_code}]
857
858Check BasicAuth Works Fine
859    [Documentation]  Verify Basic Auth works fine.
860    [Arguments]  ${status_code}
861
862    # Description of Argument(s):
863    # status_code : 200, 401.
864
865    # Verify basic auth works based on basic auth.
866    ${cmd}=  Catenate  curl -k -i -u ${OPENBMC_USERNAME}:${OPENBMC_PASSWORD}
867    ...  ${AUTH_URI}/redfish/v1/AccountService
868    ${rc}  ${out}=  Run And Return Rc And Output  ${cmd}
869
870    #  Check the response of curl command is 200/401
871    Should Contain  ${out}  ${status_code}
872