1*** Settings *** 2Documentation Test Redfish user account. 3 4Resource ../../lib/resource.robot 5Resource ../../lib/bmc_redfish_resource.robot 6Resource ../../lib/openbmc_ffdc.robot 7 8Test Setup Test Setup Execution 9Test Teardown Test Teardown Execution 10 11*** Variables *** 12 13${account_lockout_duration} ${30} 14${account_lockout_threshold} ${3} 15 16** Test Cases ** 17 18Verify AccountService Available 19 [Documentation] Verify Redfish account service is available. 20 [Tags] Verify_AccountService_Available 21 22 ${resp} = Redfish_utils.Get Attribute /redfish/v1/AccountService ServiceEnabled 23 Should Be Equal As Strings ${resp} ${True} 24 25Verify Redfish User Persistence After Reboot 26 [Documentation] Verify Redfish user persistence after reboot. 27 [Tags] Verify_Redfish_User_Persistence_After_Reboot 28 29 # Create Redfish users. 30 Redfish Create User admin_user TestPwd123 Administrator ${True} 31 Redfish Create User operator_user TestPwd123 Operator ${True} 32 Redfish Create User readonly_user TestPwd123 ReadOnly ${True} 33 34 # Reboot BMC. 35 Redfish OBMC Reboot (off) stack_mode=normal 36 Redfish.Login 37 38 # Verify users after reboot. 39 Redfish Verify User admin_user TestPwd123 Administrator ${True} 40 Redfish Verify User operator_user TestPwd123 Operator ${True} 41 Redfish Verify User readonly_user TestPwd123 ReadOnly ${True} 42 43 # Delete created users. 44 Redfish.Delete /redfish/v1/AccountService/Accounts/admin_user 45 Redfish.Delete /redfish/v1/AccountService/Accounts/operator_user 46 Redfish.Delete /redfish/v1/AccountService/Accounts/readonly_user 47 48Redfish Create and Verify Users 49 [Documentation] Create Redfish users with various roles. 50 [Tags] Redfish_Create_and_Verify_Users 51 [Template] Redfish Create And Verify User 52 53 #username password role_id enabled 54 admin_user TestPwd123 Administrator ${True} 55 operator_user TestPwd123 Operator ${True} 56 readonly_user TestPwd123 ReadOnly ${True} 57 58Verify Redfish User with Wrong Password 59 [Documentation] Verify Redfish User with Wrong Password. 60 [Tags] Verify_Redfish_User_with_Wrong_Password 61 [Template] Verify Redfish User with Wrong Password 62 63 #username password role_id enabled wrong_password 64 admin_user TestPwd123 Administrator ${True} alskjhfwurh 65 operator_user TestPwd123 Operator ${True} 12j8a8uakjhdaosiruf024 66 readonly_user TestPwd123 ReadOnly ${True} 12 67 68Verify Login with Deleted Redfish Users 69 [Documentation] Verify login with deleted Redfish Users. 70 [Tags] Verify_Login_with_Deleted_Redfish_Users 71 [Template] Verify Login with Deleted Redfish User 72 73 #username password role_id enabled 74 admin_user TestPwd123 Administrator ${True} 75 operator_user TestPwd123 Operator ${True} 76 readonly_user TestPwd123 ReadOnly ${True} 77 78Verify User Creation Without Enabling It 79 [Documentation] Verify User Creation Without Enabling it. 80 [Tags] Verify_User_Creation_Without_Enabling_It 81 [Template] Verify Create User Without Enabling 82 83 #username password role_id enabled 84 admin_user TestPwd123 Administrator ${False} 85 operator_user TestPwd123 Operator ${False} 86 readonly_user TestPwd123 ReadOnly ${False} 87 88 89Verify User Creation With Invalid Role Id 90 [Documentation] Verify user creation with invalid role ID. 91 [Tags] Verify_User_Creation_With_Invalid_Role_Id 92 93 # Make sure the user account in question does not already exist. 94 Redfish.Delete /redfish/v1/AccountService/Accounts/test_user 95 ... valid_status_codes=[${HTTP_OK}, ${HTTP_NOT_FOUND}] 96 97 # Create specified user. 98 ${payload}= Create Dictionary 99 ... UserName=test_user Password=TestPwd123 RoleId=wrongroleid Enabled=${True} 100 Redfish.Post /redfish/v1/AccountService/Accounts/ body=&{payload} 101 ... valid_status_codes=[${HTTP_BAD_REQUEST}] 102 103Verify Error Upon Creating Same Users With Different Privileges 104 [Documentation] Verify error upon creating same users with different privileges. 105 [Tags] Verify_Error_Upon_Creating_Same_Users_With_Different_Privileges 106 107 Redfish Create User test_user TestPwd123 Administrator ${True} 108 109 # Create specified user. 110 ${payload}= Create Dictionary 111 ... UserName=test_user Password=TestPwd123 RoleId=Operator Enabled=${True} 112 Redfish.Post /redfish/v1/AccountService/Accounts/ body=&{payload} 113 ... valid_status_codes=[${HTTP_BAD_REQUEST}] 114 115 Redfish.Delete /redfish/v1/AccountService/Accounts/test_user 116 117Verify Modifying User Attributes 118 [Documentation] Verify modifying user attributes. 119 [Tags] Verify_Modifying_User_Attributes 120 121 # Create Redfish users. 122 Redfish Create User admin_user TestPwd123 Administrator ${True} 123 Redfish Create User operator_user TestPwd123 Operator ${True} 124 Redfish Create User readonly_user TestPwd123 ReadOnly ${True} 125 126 Redfish.Login 127 128 # Make sure the new user account does not already exist. 129 Redfish.Delete /redfish/v1/AccountService/Accounts/newadmin_user 130 ... valid_status_codes=[${HTTP_OK}, ${HTTP_NOT_FOUND}] 131 132 # Update admin_user username using Redfish. 133 ${payload}= Create Dictionary UserName=newadmin_user 134 Redfish.Patch /redfish/v1/AccountService/Accounts/admin_user body=&{payload} 135 136 # Update operator_user password using Redfish. 137 ${payload}= Create Dictionary Password=NewTestPwd123 138 Redfish.Patch /redfish/v1/AccountService/Accounts/operator_user body=&{payload} 139 140 # Update readonly_user role using Redfish. 141 ${payload}= Create Dictionary RoleId=Operator 142 Redfish.Patch /redfish/v1/AccountService/Accounts/readonly_user body=&{payload} 143 144 # Verify users after updating 145 Redfish Verify User newadmin_user TestPwd123 Administrator ${True} 146 Redfish Verify User operator_user NewTestPwd123 Operator ${True} 147 Redfish Verify User readonly_user TestPwd123 Operator ${True} 148 149 # Delete created users. 150 Redfish.Delete /redfish/v1/AccountService/Accounts/newadmin_user 151 Redfish.Delete /redfish/v1/AccountService/Accounts/operator_user 152 Redfish.Delete /redfish/v1/AccountService/Accounts/readonly_user 153 154Verify User Account Locked 155 [Documentation] Verify user account locked upon trying with invalid password. 156 [Tags] Verify_User_Account_Locked 157 158 Redfish Create User admin_user TestPwd123 Administrator ${True} 159 160 Redfish.Logout 161 162 Redfish.Login 163 164 ${payload}= Create Dictionary AccountLockoutThreshold=${account_lockout_threshold} 165 ... AccountLockoutDuration=${account_lockout_duration} 166 Redfish.Patch ${REDFISH_ACCOUNTS_SERVICE_URI} body=${payload} 167 168 # Make ${account_lockout_threshold} failed login attempts. 169 Repeat Keyword ${account_lockout_threshold} times 170 ... Run Keyword And Expect Error InvalidCredentialsError* Redfish.Login admin_user abc123 171 172 # Verify that legitimate login fails due to lockout. 173 Run Keyword And Expect Error InvalidCredentialsError* 174 ... Redfish.Login admin_user TestPwd123 175 176 # Wait for lockout duration to expire and then verify that login works. 177 Sleep ${account_lockout_duration}s 178 Redfish.Login admin_user TestPwd123 179 180 Redfish.Logout 181 182 Redfish.Login 183 184 Redfish.Delete /redfish/v1/AccountService/Accounts/admin_user 185 186Verify Admin User Privilege 187 [Documentation] Verify admin user privilege. 188 [Tags] Verify_Admin_User_Privilege 189 190 Redfish Create User admin_user TestPwd123 Administrator ${True} 191 Redfish Create User operator_user TestPwd123 Operator ${True} 192 Redfish Create User readonly_user TestPwd123 ReadOnly ${True} 193 194 # Change role ID of operator user with admin user. 195 # Login with admin user. 196 Redfish.Login admin_user TestPwd123 197 198 # Modify Role ID of Operator user. 199 Redfish.Patch /redfish/v1/AccountService/Accounts/operator_user body={'RoleId': 'Administrator'} 200 201 # Verify modified user. 202 Redfish Verify User operator_user TestPwd123 Administrator ${True} 203 204 # Change password of 'user' user with admin user. 205 Redfish.Patch /redfish/v1/AccountService/Accounts/readonly_user body={'Password': 'NewTestPwd123'} 206 207 # Verify modified user. 208 Redfish Verify User readonly_user NewTestPwd123 ReadOnly ${True} 209 210 Redfish.Login 211 212 Redfish.Delete /redfish/v1/AccountService/Accounts/admin_user 213 Redfish.Delete /redfish/v1/AccountService/Accounts/operator_user 214 Redfish.Delete /redfish/v1/AccountService/Accounts/readonly_user 215 216Verify Operator User Privilege 217 [Documentation] Verify operator user privilege. 218 [Tags] Verify_operator_User_Privilege 219 220 Redfish Create User admin_user TestPwd123 Administrator ${True} 221 Redfish Create User operator_user TestPwd123 Operator ${True} 222 223 # Login with operator user. 224 Redfish.Login operator_user TestPwd123 225 226 # Verify power on system. 227 Redfish OBMC Reboot (off) stack_mode=normal 228 229 # Attempt to change password of admin user with operator user. 230 Redfish.Patch /redfish/v1/AccountService/Accounts/admin_user body={'Password': 'NewTestPwd123'} 231 ... valid_status_codes=[${HTTP_UNAUTHORIZED}] 232 233 Redfish.Login 234 235 Redfish.Delete /redfish/v1/AccountService/Accounts/admin_user 236 Redfish.Delete /redfish/v1/AccountService/Accounts/operator_user 237 238 239Verify ReadOnly User Privilege 240 [Documentation] Verify ReadOnly user privilege. 241 [Tags] Verify_ReadOnly_User_Privilege 242 243 Redfish Create User readonly_user TestPwd123 ReadOnly ${True} 244 245 # Read system level data. 246 ${system_model}= Redfish_Utils.Get Attribute 247 ... ${SYSTEM_BASE_URI} Model 248 249 Redfish.Login 250 251 Redfish.Delete ${REDFISH_ACCOUNTS_URI}readonly_user 252 253 254Verify Minimum Password Length For Redfish User 255 [Documentation] Verify minimum password length for new and existing user. 256 [Tags] Verify_Minimum_Password_Length_For_Redfish_User 257 258 ${user_name}= Set Variable testUser 259 260 # Make sure the user account in question does not already exist. 261 Redfish.Delete /redfish/v1/AccountService/Accounts/${user_name} 262 ... valid_status_codes=[${HTTP_OK}, ${HTTP_NOT_FOUND}] 263 264 # Try to create a user with invalid length password. 265 ${payload}= Create Dictionary 266 ... UserName=${user_name} Password=UserPwd RoleId=Administrator Enabled=${True} 267 Redfish.Post /redfish/v1/AccountService/Accounts/ body=&{payload} 268 ... valid_status_codes=[${HTTP_BAD_REQUEST}] 269 270 # Create specified user with valid length password. 271 Set To Dictionary ${payload} Password UserPwd1 272 Redfish.Post /redfish/v1/AccountService/Accounts/ body=&{payload} 273 ... valid_status_codes=[${HTTP_CREATED}] 274 275 # Try to change to an invalid password. 276 Redfish.Patch /redfish/v1/AccountService/Accounts/${user_name} body={'Password': 'UserPwd'} 277 ... valid_status_codes=[${HTTP_BAD_REQUEST}] 278 279 # Change to a valid password. 280 Redfish.Patch /redfish/v1/AccountService/Accounts/${user_name} body={'Password': 'UserPwd1'} 281 282 # Verify login. 283 Redfish.Logout 284 Redfish.Login ${user_name} UserPwd1 285 Redfish.Logout 286 Redfish.Login 287 Redfish.Delete /redfish/v1/AccountService/Accounts/${user_name} 288 289 290*** Keywords *** 291 292Test Setup Execution 293 [Documentation] Do test case setup tasks. 294 295 Redfish.Login 296 297 298Test Teardown Execution 299 [Documentation] Do the post test teardown. 300 301 FFDC On Test Case Fail 302 Run Keyword And Ignore Error Redfish.Logout 303 304Redfish Create User 305 [Documentation] Redfish create user. 306 [Arguments] ${username} ${password} ${role_id} ${enabled} 307 308 # Description of argument(s): 309 # username The username to be created. 310 # password The password to be assigned. 311 # role_id The role ID of the user to be created 312 # (e.g. "Administrator", "Operator", etc.). 313 # enabled Indicates whether the username being created 314 # should be enabled (${True}, ${False}). 315 316 Redfish.Login 317 318 # Make sure the user account in question does not already exist. 319 Redfish.Delete /redfish/v1/AccountService/Accounts/${userName} 320 ... valid_status_codes=[${HTTP_OK}, ${HTTP_NOT_FOUND}] 321 322 # Create specified user. 323 ${payload}= Create Dictionary 324 ... UserName=${username} Password=${password} RoleId=${role_id} Enabled=${enabled} 325 Redfish.Post /redfish/v1/AccountService/Accounts/ body=&{payload} 326 ... valid_status_codes=[${HTTP_CREATED}] 327 328 Redfish.Logout 329 330 # Login with created user. 331 Run Keyword If ${enabled} == ${False} 332 ... Run Keyword And Expect Error InvalidCredentialsError* 333 ... Redfish.Login ${username} ${password} 334 ... ELSE 335 ... Redfish.Login ${username} ${password} 336 337 Run Keyword If ${enabled} == ${False} 338 ... Redfish.Login 339 340 # Validate Role ID of created user. 341 ${role_config}= Redfish_Utils.Get Attribute 342 ... /redfish/v1/AccountService/Accounts/${username} RoleId 343 Should Be Equal ${role_id} ${role_config} 344 345 346Redfish Verify User 347 [Documentation] Redfish user verification. 348 [Arguments] ${username} ${password} ${role_id} ${enabled} 349 350 # Description of argument(s): 351 # username The username to be created. 352 # password The password to be assigned. 353 # role_id The role ID of the user to be created 354 # (e.g. "Administrator", "Operator", etc.). 355 # enabled Indicates whether the username being created 356 # should be enabled (${True}, ${False}). 357 358 # Trying to do a login with created user. 359 ${status}= Run Keyword And Return Status Redfish.Login ${username} ${password} 360 361 # Doing a check of the returned status. 362 Should Be Equal ${status} ${enabled} 363 364 # We do not need to login with created user (user could be in disabled status). 365 Redfish.Login 366 367 # Validate Role Id of user. 368 ${role_config}= Redfish_Utils.Get Attribute 369 ... /redfish/v1/AccountService/Accounts/${username} RoleId 370 Should Be Equal ${role_id} ${role_config} 371 372 373Redfish Create And Verify User 374 [Documentation] Redfish create and verify user. 375 [Arguments] ${username} ${password} ${role_id} ${enabled} 376 377 # Description of argument(s): 378 # username The username to be created. 379 # password The password to be assigned. 380 # role_id The role ID of the user to be created 381 # (e.g. "Administrator", "Operator", etc.). 382 # enabled Indicates whether the username being created 383 # should be enabled (${True}, ${False}). 384 385 # Example: 386 #{ 387 #"@odata.context": "/redfish/v1/$metadata#ManagerAccount.ManagerAccount", 388 #"@odata.id": "/redfish/v1/AccountService/Accounts/test1", 389 #"@odata.type": "#ManagerAccount.v1_0_3.ManagerAccount", 390 #"Description": "User Account", 391 #"Enabled": true, 392 #"Id": "test1", 393 #"Links": { 394 # "Role": { 395 # "@odata.id": "/redfish/v1/AccountService/Roles/Administrator" 396 # } 397 #}, 398 399 Redfish Create User ${username} ${password} ${role_id} ${enabled} 400 401 Redfish Verify User ${username} ${password} ${role_id} ${enabled} 402 403 # Delete Specified User 404 Redfish.Delete /redfish/v1/AccountService/Accounts/${username} 405 406Verify Redfish User with Wrong Password 407 [Documentation] Verify Redfish User with Wrong Password. 408 [Arguments] ${username} ${password} ${role_id} ${enabled} ${wrong_password} 409 410 # Description of argument(s): 411 # username The username to be created. 412 # password The password to be assigned. 413 # role_id The role ID of the user to be created 414 # (e.g. "Administrator", "Operator", etc.). 415 # enabled Indicates whether the username being created 416 # should be enabled (${True}, ${False}). 417 # wrong_password Any invalid password. 418 419 Redfish Create User ${username} ${password} ${role_id} ${enabled} 420 421 # Attempt to login with created user with invalid password. 422 Run Keyword And Expect Error InvalidCredentialsError* 423 ... Redfish.Login ${username} ${wrong_password} 424 425 Redfish.Login 426 427 # Delete newly created user. 428 Redfish.Delete /redfish/v1/AccountService/Accounts/${username} 429 430 431Verify Login with Deleted Redfish User 432 [Documentation] Verify Login with Deleted Redfish User. 433 [Arguments] ${username} ${password} ${role_id} ${enabled} 434 435 # Description of argument(s): 436 # username The username to be created. 437 # password The password to be assigned. 438 # role_id The role ID of the user to be created 439 # (e.g. "Administrator", "Operator", etc.). 440 # enabled Indicates whether the username being created 441 # should be enabled (${True}, ${False}). 442 443 Redfish Create User ${username} ${password} ${role_id} ${enabled} 444 ${status}= Run Keyword And Return Status Redfish.Login ${username} ${password} 445 446 # Doing a check of the rerurned status 447 Should Be Equal ${status} ${True} 448 449 Redfish.Login 450 451 # Delete newly created user. 452 Redfish.Delete /redfish/v1/AccountService/Accounts/${userName} 453 454 # Attempt to login with deleted user account. 455 Run Keyword And Expect Error InvalidCredentialsError* 456 ... Redfish.Login ${username} ${password} 457 458 Redfish.Login 459 460Verify Create User Without Enabling 461 [Documentation] Verify Create User Without Enabling. 462 [Arguments] ${username} ${password} ${role_id} ${enabled} 463 464 # Description of argument(s): 465 # username The username to be created. 466 # password The password to be assigned. 467 # role_id The role ID of the user to be created 468 # (e.g. "Administrator", "Operator", etc.). 469 # enabled Indicates whether the username being created 470 # should be enabled (${True}, ${False}). 471 472 Redfish.Login 473 474 Redfish Create User ${username} ${password} ${role_id} ${enabled} 475 476 Redfish.Logout 477 478 # Login with created user. 479 Run Keyword And Expect Error InvalidCredentialsError* 480 ... Redfish.Login ${username} ${password} 481 482 Redfish.Login 483 484 # Delete newly created user. 485 Redfish.Delete /redfish/v1/AccountService/Accounts/${username} 486