xref: /openbmc/openbmc-test-automation/redfish/account_service/test_user_account.robot (revision e54be14763346d82a359e67dae7237973bd1acfa) 
1*** Settings ***
2Documentation    Test Redfish user account.
3
4Resource         ../../lib/resource.robot
5Resource         ../../lib/bmc_redfish_resource.robot
6Resource         ../../lib/openbmc_ffdc.robot
7Resource         ../../lib/bmc_redfish_utils.robot
8
9Library          SSHLibrary
10
11Test Setup       Redfish.Login
12Test Teardown    Test Teardown Execution
13
14*** Variables ***
15
16${account_lockout_duration}   ${30}
17${account_lockout_threshold}  ${3}
18
19${ssh_status}                 ${True}
20
21** Test Cases **
22
23Verify AccountService Available
24    [Documentation]  Verify Redfish account service is available.
25    [Tags]  Verify_AccountService_Available
26
27    ${resp} =  Redfish_utils.Get Attribute  /redfish/v1/AccountService  ServiceEnabled
28    Should Be Equal As Strings  ${resp}  ${True}
29
30
31Verify Redfish Admin User Persistence After Reboot
32    [Documentation]  Verify Redfish admin user persistence after reboot.
33    [Tags]  Verify_Redfish_Admin_User_Persistence_After_Reboot
34    [Setup]  Run Keywords  Redfish.Login  AND
35    ...  Redfish Create User  admin_user  TestPwd123  Administrator  ${True}
36    [Teardown]  Run Keywords  Redfish.Delete  /redfish/v1/AccountService/Accounts/admin_user
37    ...  AND  Test Teardown Execution
38
39    # Reboot BMC.
40    Redfish OBMC Reboot (off)  stack_mode=normal
41
42    # Verify users after reboot.
43    Redfish Verify User  admin_user     TestPwd123  Administrator   ${True}
44
45
46Verify Redfish Operator User Persistence After Reboot
47    [Documentation]  Verify Redfish operator user persistence after reboot.
48    [Tags]  Verify_Redfish_Operator_User_Persistence_After_Reboot
49    [Setup]  Run Keywords  Redfish.Login  AND
50    ...  Redfish Create User  operator_user  TestPwd123  Operator  ${True}
51    [Teardown]  Run Keywords  Redfish.Delete  /redfish/v1/AccountService/Accounts/operator_user
52    ...  AND  Test Teardown Execution
53
54    # Reboot BMC.
55    Redfish OBMC Reboot (off)  stack_mode=normal
56
57    # Verify users after reboot.
58    Redfish Verify User  operator_user  TestPwd123  Operator        ${True}
59
60
61Verify Redfish Readonly User Persistence After Reboot
62    [Documentation]  Verify Redfish readonly user persistence after reboot.
63    [Tags]  Verify_Redfish_Readonly_User_Persistence_After_Reboot
64    [Setup]  Run Keywords  Redfish.Login  AND
65    ...  Redfish Create User  readonly_user  TestPwd123  ReadOnly  ${True}
66    [Teardown]  Run Keywords  Redfish.Delete  /redfish/v1/AccountService/Accounts/readonly_user
67    ...  AND  Test Teardown Execution
68
69    # Reboot BMC.
70    Redfish OBMC Reboot (off)  stack_mode=normal
71
72    # Verify users after reboot.
73    Redfish Verify User  readonly_user  TestPwd123  ReadOnly        ${True}
74
75
76Redfish Create and Verify Admin User
77    [Documentation]  Create a Redfish user with administrator role and verify.
78    [Tags]  Redfish_Create_and_Verify_Admin_User
79    [Template]  Redfish Create And Verify User
80
81    #username      password    role_id         enabled
82    admin_user     TestPwd123  Administrator   ${True}
83
84
85Redfish Create and Verify Operator User
86    [Documentation]  Create a Redfish user with operator role and verify.
87    [Tags]  Redfish_Create_and_Verify_Operator_User
88    [Template]  Redfish Create And Verify User
89
90    #username      password    role_id         enabled
91    operator_user  TestPwd123  Operator        ${True}
92
93
94Redfish Create and Verify Readonly User
95    [Documentation]  Create a Redfish user with readonly role and verify.
96    [Tags]  Redfish_Create_and_Verify_Readonly_User
97    [Template]  Redfish Create And Verify User
98
99    #username      password    role_id         enabled
100    readonly_user  TestPwd123  ReadOnly        ${True}
101
102
103Verify Redfish Admin User With Wrong Password
104    [Documentation]  Verify Redfish admin user with wrong password.
105    [Tags]  Verify_Redfish_Admin_User_With_Wrong_Password
106    [Template]  Verify Redfish User with Wrong Password
107
108    #username      password    role_id         enabled  wrong_password
109    admin_user     TestPwd123  Administrator   ${True}  alskjhfwurh
110
111
112Verify Redfish Operator User with Wrong Password
113    [Documentation]  Verify Redfish operator user with wrong password.
114    [Tags]  Verify_Redfish_Operator_User_with_Wrong_Password
115    [Template]  Verify Redfish User with Wrong Password
116
117    #username      password    role_id         enabled  wrong_password
118    operator_user  TestPwd123  Operator        ${True}  12j8a8uakjhdaosiruf024
119
120
121Verify Redfish Readonly User With Wrong Password
122    [Documentation]  Verify Redfish readonly user with wrong password.
123    [Tags]  Verify_Redfish_Readonly_User_With_Wrong_Password
124    [Template]  Verify Redfish User with Wrong Password
125
126    #username      password    role_id         enabled  wrong_password
127    readonly_user  TestPwd123  ReadOnly        ${True}  12
128
129
130Verify Login with Deleted Redfish Admin User
131    [Documentation]  Verify login with deleted Redfish admin user.
132    [Tags]  Verify_Login_with_Deleted_Redfish_Admin_User
133    [Template]  Verify Login with Deleted Redfish User
134
135    #username     password    role_id         enabled
136    admin_user     TestPwd123  Administrator   ${True}
137
138
139Verify Login with Deleted Redfish Operator User
140    [Documentation]  Verify login with deleted Redfish operator user.
141    [Tags]  Verify_Login_with_Deleted_Redfish_Operator_User
142    [Template]  Verify Login with Deleted Redfish User
143
144    #username     password    role_id         enabled
145    operator_user  TestPwd123  Operator        ${True}
146
147
148Verify Login with Deleted Redfish Readonly User
149    [Documentation]  Verify login with deleted Redfish readonly user.
150    [Tags]  Verify_Login_with_Deleted_Redfish_Readonly_User
151    [Template]  Verify Login with Deleted Redfish User
152
153    #username     password    role_id         enabled
154    readonly_user  TestPwd123  ReadOnly        ${True}
155
156
157Verify Admin User Creation Without Enabling It
158    [Documentation]  Verify admin user creation without enabling it.
159    [Tags]  Verify_Admin_User_Creation_Without_Enabling_It
160    [Template]  Verify Create User Without Enabling
161
162    #username      password    role_id         enabled
163    admin_user     TestPwd123  Administrator   ${False}
164
165
166Verify Operator User Creation Without Enabling It
167    [Documentation]  Verify operator user creation without enabling it.
168    [Tags]  Verify_Operator_User_Creation_Without_Enabling_It
169    [Template]  Verify Create User Without Enabling
170
171    #username      password    role_id         enabled
172    operator_user  TestPwd123  Operator        ${False}
173
174
175Verify Readonly User Creation Without Enabling It
176    [Documentation]  Verify readonly user creation without enabling it.
177    [Tags]  Verify_Readonly_User_Creation_Without_Enabling_It
178    [Template]  Verify Create User Without Enabling
179
180    #username      password    role_id         enabled
181    readonly_user  TestPwd123  ReadOnly        ${False}
182
183
184Verify User Creation With Invalid Role Id
185    [Documentation]  Verify user creation with invalid role ID.
186    [Tags]  Verify_User_Creation_With_Invalid_Role_Id
187
188    # Make sure the user account in question does not already exist.
189    Redfish.Delete  /redfish/v1/AccountService/Accounts/test_user
190    ...  valid_status_codes=[${HTTP_OK}, ${HTTP_NOT_FOUND}]
191
192    # Create specified user.
193    ${payload}=  Create Dictionary
194    ...  UserName=test_user  Password=TestPwd123  RoleId=wrongroleid  Enabled=${True}
195    Redfish.Post  /redfish/v1/AccountService/Accounts/  body=&{payload}
196    ...  valid_status_codes=[${HTTP_BAD_REQUEST}]
197
198Verify Error Upon Creating Same Users With Different Privileges
199    [Documentation]  Verify error upon creating same users with different privileges.
200    [Tags]  Verify_Error_Upon_Creating_Same_Users_With_Different_Privileges
201
202    Redfish Create User  test_user  TestPwd123  Administrator  ${True}
203
204    # Create specified user.
205    ${payload}=  Create Dictionary
206    ...  UserName=test_user  Password=TestPwd123  RoleId=ReadOnly  Enabled=${True}
207    Redfish.Post  /redfish/v1/AccountService/Accounts/  body=&{payload}
208    ...  valid_status_codes=[${HTTP_BAD_REQUEST}]
209
210    Redfish.Delete  /redfish/v1/AccountService/Accounts/test_user
211
212
213Verify Modifying User Attributes
214    [Documentation]  Verify modifying user attributes.
215    [Tags]  Verify_Modifying_User_Attributes
216
217    # Create Redfish users.
218    Redfish Create User  admin_user     TestPwd123  Administrator   ${True}
219    Redfish Create User  readonly_user  TestPwd123  ReadOnly        ${True}
220
221    # Make sure the new user account does not already exist.
222    Redfish.Delete  /redfish/v1/AccountService/Accounts/newadmin_user
223    ...  valid_status_codes=[${HTTP_OK}, ${HTTP_NOT_FOUND}]
224
225    # Update admin_user username using Redfish.
226    ${payload}=  Create Dictionary  UserName=newadmin_user
227    Redfish.Patch  /redfish/v1/AccountService/Accounts/admin_user  body=&{payload}
228    ...  valid_status_codes=[${HTTP_OK}, ${HTTP_NO_CONTENT}]
229
230    # Update readonly_user role using Redfish.
231    ${payload}=  Create Dictionary  RoleId=Administrator
232    Redfish.Patch  /redfish/v1/AccountService/Accounts/readonly_user  body=&{payload}
233    ...  valid_status_codes=[${HTTP_OK}, ${HTTP_NO_CONTENT}]
234
235    # Verify users after updating
236    Redfish Verify User  newadmin_user  TestPwd123     Administrator   ${True}
237    Redfish Verify User  readonly_user  TestPwd123     Administrator   ${True}
238
239    # Delete created users.
240    Redfish.Delete  /redfish/v1/AccountService/Accounts/newadmin_user
241    Redfish.Delete  /redfish/v1/AccountService/Accounts/readonly_user
242
243
244Verify Modifying Operator User Attributes
245    [Documentation]  Verify modifying operator user attributes.
246    [Tags]  Verify_Modifying_Operator_User_Attributes
247    [Setup]  Run Keywords  Redfish.Login  AND
248    ...  Redfish Create User  operator_user  TestPwd123  Operator  ${True}
249    [Teardown]  Run Keywords  Redfish.Delete  /redfish/v1/AccountService/Accounts/operator_user
250    ...  AND  Test Teardown Execution
251
252    # Update operator_user password using Redfish.
253    ${payload}=  Create Dictionary  Password=NewTestPwd123
254    Redfish.Patch  /redfish/v1/AccountService/Accounts/operator_user  body=&{payload}
255
256    # Verify users after updating
257    Redfish Verify User  operator_user  NewTestPwd123  Operator        ${True}
258
259
260Verify User Account Locked
261    [Documentation]  Verify user account locked upon trying with invalid password.
262    [Tags]  Verify_User_Account_Locked
263
264    Redfish Create User  admin_user  TestPwd123  Administrator   ${True}
265
266    ${payload}=  Create Dictionary  AccountLockoutThreshold=${account_lockout_threshold}
267    ...  AccountLockoutDuration=${account_lockout_duration}
268    Redfish.Patch  ${REDFISH_ACCOUNTS_SERVICE_URI}  body=${payload}
269    ...  valid_status_codes=[${HTTP_OK}, ${HTTP_NO_CONTENT}]
270
271    Redfish.Logout
272
273    # Make ${account_lockout_threshold} failed login attempts.
274    Repeat Keyword  ${account_lockout_threshold} times
275    ...  Run Keyword And Expect Error  *InvalidCredentialsError*  Redfish.Login  admin_user  abcd1234
276
277    # Verify that legitimate login fails due to lockout.
278    Run Keyword And Expect Error  *InvalidCredentialsError*
279    ...  Redfish.Login  admin_user  TestPwd123
280
281    # Wait for lockout duration to expire and then verify that login works.
282    Sleep  ${account_lockout_duration}s
283    Redfish.Login  admin_user  TestPwd123
284
285    Redfish.Logout
286
287    Redfish.Login
288
289    Redfish.Delete  /redfish/v1/AccountService/Accounts/admin_user
290
291
292Verify User Account Unlock
293    [Documentation]  Verify manually unlocking the account before lockout time
294    [Tags]  Verify_User_Account_Unlock
295    [Teardown]  Run Keywords  Redfish.Logout
296    ...  AND  Redfish.Login
297    ...  AND  Redfish.Delete  /redfish/v1/AccountService/Accounts/test_user
298    ...  AND  SSHLibrary.Close All Connections
299
300    Redfish Create User  test_user  TestPwd123  Administrator  ${True}
301
302    ${payload}=  Create Dictionary
303    ...  AccountLockoutThreshold=${account_lockout_threshold}
304    ...  AccountLockoutDuration=${account_lockout_duration}
305    Redfish.Patch  ${REDFISH_ACCOUNTS_SERVICE_URI}  body=${payload}
306
307    Redfish.Logout
308
309    # Make ${account_lockout_threshold} failed login attempts.
310    Repeat Keyword  ${account_lockout_threshold} times
311    ...  Run Keyword And Expect Error  InvalidCredentialsError*
312    ...  Redfish.Login  test_user  abc123
313
314    # Ensure SSH Login with locked account gets failed
315    SSHLibrary.Open Connection  ${OPENBMC_HOST}
316    Run Keyword And Expect Error  Authentication failed*
317    ...  SSHLibrary.Login  test_user  TestPwd123
318
319    # Verify that legitimate login fails due to lockout.
320    Run Keyword And Expect Error  InvalidCredentialsError*
321    ...  Redfish.Login  test_user  TestPwd123
322
323    ${payload}=  Create Dictionary  Locked=${FALSE}
324
325    # Manually unlock the account before lockout threshold expires
326    Redfish.Login
327    Redfish.Patch  ${REDFISH_ACCOUNTS_URI}test_user  body=${payload}
328    Redfish.Logout
329
330    # Try redfish login with the recently unlocked account
331    Redfish.Login  test_user  TestPwd123
332
333    # Try SSH login with the unlocked account
334    SSHLibrary.Open Connection  ${OPENBMC_HOST}
335    SSHLibrary.Login  test_user  TestPwd123
336
337
338Verify Admin User Privilege
339    [Documentation]  Verify admin user privilege.
340    [Tags]  Verify_Admin_User_Privilege
341
342    Redfish Create User  admin_user  TestPwd123  Administrator  ${True}
343    Redfish Create User  readonly_user  TestPwd123  ReadOnly  ${True}
344
345    Redfish.Logout
346
347    Redfish.Login  admin_user  TestPwd123
348
349    # Change password of 'readonly' user with admin user.
350    Redfish.Patch  /redfish/v1/AccountService/Accounts/readonly_user  body={'Password': 'NewTestPwd123'}
351
352    # Verify modified user.
353    Redfish Verify User  readonly_user  NewTestPwd123  ReadOnly  ${True}
354
355    # Note: Delete user would work here because a root login is
356    # performed as part of "Redfish Verify User" keyword's teardown.
357    Redfish.Delete  /redfish/v1/AccountService/Accounts/admin_user
358    Redfish.Delete  /redfish/v1/AccountService/Accounts/readonly_user
359
360
361Verify Operator User Role Change Using Admin Privilege User
362    [Documentation]  Verify operator user role change using admin privilege user
363    [Tags]  Verify_Operator_User_Role_Change_Using_Admin_Privilege_User
364
365    Redfish Create User  admin_user  TestPwd123  Administrator  ${True}
366    Redfish Create User  operator_user  TestPwd123  Operator  ${True}
367
368    Redfish.Logout
369
370    # Change role ID of operator user with admin user.
371    # Login with admin user.
372    Redfish.Login  admin_user  TestPwd123
373
374    # Modify Role ID of Operator user.
375    Redfish.Patch  /redfish/v1/AccountService/Accounts/operator_user  body={'RoleId': 'Administrator'}
376
377    # Verify modified user.
378    Redfish Verify User  operator_user  TestPwd123  Administrator  ${True}
379
380    Redfish.Delete  /redfish/v1/AccountService/Accounts/admin_user
381    Redfish.Delete  /redfish/v1/AccountService/Accounts/operator_user
382
383
384Verify Operator User Privilege
385    [Documentation]  Verify operator user privilege.
386    [Tags]  Verify_Operator_User_Privilege
387
388    Redfish Create User  admin_user  TestPwd123  Administrator  ${True}
389    Redfish Create User  operator_user  TestPwd123  Operator  ${True}
390
391    Redfish.Logout
392    # Login with operator user.
393    Redfish.Login  operator_user  TestPwd123
394
395    # Verify BMC reset.
396    Run Keyword And Expect Error  ValueError*  Redfish BMC Reset Operation
397
398    # Attempt to change password of admin user with operator user.
399    Redfish.Patch  /redfish/v1/AccountService/Accounts/admin_user  body={'Password': 'NewTestPwd123'}
400    ...  valid_status_codes=[${HTTP_FORBIDDEN}]
401
402    Redfish.Logout
403
404    Redfish.Login
405
406    Redfish.Delete  /redfish/v1/AccountService/Accounts/admin_user
407    Redfish.Delete  /redfish/v1/AccountService/Accounts/operator_user
408
409
410Verify ReadOnly User Privilege
411    [Documentation]  Verify ReadOnly user privilege.
412    [Tags]  Verify_ReadOnly_User_Privilege
413
414    Redfish Create User  readonly_user  TestPwd123  ReadOnly  ${True}
415    Redfish.Logout
416
417    # Login with read_only user.
418    Redfish.Login  readonly_user  TestPwd123
419
420    # Read system level data.
421    ${system_model}=  Redfish_Utils.Get Attribute
422    ...  ${SYSTEM_BASE_URI}  Model
423
424    Redfish.Logout
425    Redfish.Login
426    Redfish.Delete  ${REDFISH_ACCOUNTS_URI}readonly_user
427
428
429Verify Minimum Password Length For Redfish User
430    [Documentation]  Verify minimum password length for new and existing user.
431    [Tags]  Verify_Minimum_Password_Length_For_Redfish_User
432
433    ${user_name}=  Set Variable  testUser
434
435    # Make sure the user account in question does not already exist.
436    Redfish.Delete  /redfish/v1/AccountService/Accounts/${user_name}
437    ...  valid_status_codes=[${HTTP_OK}, ${HTTP_NOT_FOUND}]
438
439    # Try to create a user with invalid length password.
440    ${payload}=  Create Dictionary
441    ...  UserName=${user_name}  Password=UserPwd  RoleId=Administrator  Enabled=${True}
442    Redfish.Post  /redfish/v1/AccountService/Accounts/  body=&{payload}
443    ...  valid_status_codes=[${HTTP_BAD_REQUEST}]
444
445    # Create specified user with valid length password.
446    Set To Dictionary  ${payload}  Password  UserPwd1
447    Redfish.Post  /redfish/v1/AccountService/Accounts/  body=&{payload}
448    ...  valid_status_codes=[${HTTP_CREATED}]
449
450    # Try to change to an invalid password.
451    Redfish.Patch  /redfish/v1/AccountService/Accounts/${user_name}  body={'Password': 'UserPwd'}
452    ...  valid_status_codes=[${HTTP_BAD_REQUEST}]
453
454    # Change to a valid password.
455    Redfish.Patch  /redfish/v1/AccountService/Accounts/${user_name}  body={'Password': 'UserPwd1'}
456
457    # Verify login.
458    Redfish.Logout
459    Redfish.Login  ${user_name}  UserPwd1
460    Redfish.Logout
461    Redfish.Login
462    Redfish.Delete  /redfish/v1/AccountService/Accounts/${user_name}
463
464
465Verify Standard User Roles Defined By Redfish
466    [Documentation]  Verify standard user roles defined by Redfish.
467    [Tags]  Verify_Standard_User_Roles_Defined_By_Redfish
468
469    ${member_list}=  Redfish_Utils.Get Member List
470    ...  /redfish/v1/AccountService/Roles
471
472    @{roles}=  Create List
473    ...  /redfish/v1/AccountService/Roles/Administrator
474    ...  /redfish/v1/AccountService/Roles/Operator
475    ...  /redfish/v1/AccountService/Roles/ReadOnly
476
477    List Should Contain Sub List  ${member_list}  ${roles}
478
479    # The standard roles are:
480
481    # | Role name | Assigned privileges |
482    # | Administrator | Login, ConfigureManager, ConfigureUsers, ConfigureComponents, ConfigureSelf |
483    # | Operator | Login, ConfigureComponents, ConfigureSelf |
484    # | ReadOnly | Login, ConfigureSelf |
485
486    @{admin}=  Create List  Login  ConfigureManager  ConfigureUsers  ConfigureComponents  ConfigureSelf
487    @{operator}=  Create List  Login  ConfigureComponents  ConfigureSelf
488    @{readOnly}=  Create List  Login  ConfigureSelf
489
490    ${roles_dict}=  create dictionary  admin_privileges=${admin}  operator_privileges=${operator}
491    ...  readOnly_privileges=${readOnly}
492
493    ${resp}=  redfish.Get  /redfish/v1/AccountService/Roles/Administrator
494    List Should Contain Sub List  ${resp.dict['AssignedPrivileges']}  ${roles_dict['admin_privileges']}
495
496    ${resp}=  redfish.Get  /redfish/v1/AccountService/Roles/Operator
497    List Should Contain Sub List  ${resp.dict['AssignedPrivileges']}  ${roles_dict['operator_privileges']}
498
499    ${resp}=  redfish.Get  /redfish/v1/AccountService/Roles/ReadOnly
500    List Should Contain Sub List  ${resp.dict['AssignedPrivileges']}  ${roles_dict['readOnly_privileges']}
501
502
503Verify Error While Deleting Root User
504    [Documentation]  Verify error while deleting root user.
505    [Tags]  Verify_Error_While_Deleting_Root_User
506
507    Redfish.Delete  /redfish/v1/AccountService/Accounts/root  valid_status_codes=[${HTTP_FORBIDDEN}]
508
509
510Verify SSH Login Access With Admin User
511    [Documentation]  Verify that admin user have SSH login access.
512    ...              By default, admin should have access but there could be
513    ...              case where admin user shell access is restricted by design
514    ...              in the community sphere..
515    [Tags]  Verify_SSH_Login_Access_With_Admin_User
516
517    # Create an admin User.
518    Redfish Create User  new_admin  TestPwd1  Administrator  ${True}
519
520    # Attempt SSH login with admin user.
521    SSHLibrary.Open Connection  ${OPENBMC_HOST}
522    ${status}=  Run Keyword And Return Status  SSHLibrary.Login  new_admin  TestPwd1
523
524    # By default ssh_status is True, user can change the status via CLI
525    # -v ssh_status:False
526    Should Be Equal As Strings  "${status}"  "${ssh_status}"
527
528    Redfish.Login
529    Redfish.Delete  /redfish/v1/AccountService/Accounts/new_admin
530
531
532Verify Configure BasicAuth Enable And Disable
533    [Documentation]  Verify configure basicauth enable and disable
534    [Tags]  Verify_Configure_BasicAuth_Enable_And_Disable
535    [Template]  Template For Configure Auth Methods
536
537    # auth_method
538    BasicAuth
539    XToken
540
541*** Keywords ***
542
543Test Teardown Execution
544    [Documentation]  Do the post test teardown.
545
546    Run Keyword And Ignore Error  Redfish.Logout
547    FFDC On Test Case Fail
548
549
550Redfish Create User
551    [Documentation]  Redfish create user.
552    [Arguments]   ${username}  ${password}  ${role_id}  ${enabled}  ${login_check}=${True}
553
554    # Description of argument(s):
555    # username            The username to be created.
556    # password            The password to be assigned.
557    # role_id             The role ID of the user to be created
558    #                     (e.g. "Administrator", "Operator", etc.).
559    # enabled             Indicates whether the username being created
560    #                     should be enabled (${True}, ${False}).
561    # login_check         Checks user login for created user.
562    #                     (e.g. ${True}, ${False}).
563
564    # Make sure the user account in question does not already exist.
565    Redfish.Delete  /redfish/v1/AccountService/Accounts/${userName}
566    ...  valid_status_codes=[${HTTP_OK}, ${HTTP_NOT_FOUND}]
567
568    # Create specified user.
569    ${payload}=  Create Dictionary
570    ...  UserName=${username}  Password=${password}  RoleId=${role_id}  Enabled=${enabled}
571    Redfish.Post  /redfish/v1/AccountService/Accounts/  body=&{payload}
572    ...  valid_status_codes=[${HTTP_CREATED}]
573
574    # Resetting faillock count as a workaround for issue
575    # openbmc/phosphor-user-manager#4
576    ${cmd}=  Catenate  /usr/sbin/faillock --user ${username} --reset
577
578    Bmc Execute Command  ${cmd}
579
580    # Verify login with created user.
581    IF  '${login_check}' == '${True}'
582        ${status}=  Run Keyword And Return Status
583        ...  Verify Redfish User Login  ${username}  ${password}
584    ELSE
585        ${status}=  Set Variable  ${False}
586    END
587
588    IF  '${login_check}' == '${True}'  Should Be Equal  ${status}  ${enabled}
589
590    # Validate Role ID of created user.
591    ${role_config}=  Redfish_Utils.Get Attribute
592    ...  /redfish/v1/AccountService/Accounts/${username}  RoleId
593    Should Be Equal  ${role_id}  ${role_config}
594
595
596Redfish Verify User
597    [Documentation]  Redfish user verification.
598    [Arguments]   ${username}  ${password}  ${role_id}  ${enabled}
599
600    # Description of argument(s):
601    # username            The username to be created.
602    # password            The password to be assigned.
603    # role_id             The role ID of the user to be created
604    #                     (e.g. "Administrator", "Operator", etc.).
605    # enabled             Indicates whether the username being created
606    #                     should be enabled (${True}, ${False}).
607
608    ${status}=  Verify Redfish User Login  ${username}  ${password}
609    # Doing a check of the returned status.
610    Should Be Equal  ${status}  ${enabled}
611
612    # Validate Role Id of user.
613    ${role_config}=  Redfish_Utils.Get Attribute
614    ...  /redfish/v1/AccountService/Accounts/${username}  RoleId
615    Should Be Equal  ${role_id}  ${role_config}
616
617
618Verify Redfish User Login
619    [Documentation]  Verify Redfish login with given user id.
620    [Teardown]  Run Keywords  Run Keyword And Ignore Error  Redfish.Logout  AND  Redfish.Login
621    [Arguments]   ${username}  ${password}
622
623    # Description of argument(s):
624    # username            Login username.
625    # password            Login password.
626
627    # Logout from current Redfish session.
628    # We don't really care if the current session is flushed out since we are going to login
629    # with new credential in next.
630    Run Keyword And Ignore Error  Redfish.Logout
631
632    ${status}=  Run Keyword And Return Status  Redfish.Login  ${username}  ${password}
633    RETURN  ${status}
634
635
636Redfish Create And Verify User
637    [Documentation]  Redfish create and verify user.
638    [Arguments]   ${username}  ${password}  ${role_id}  ${enabled}
639
640    # Description of argument(s):
641    # username            The username to be created.
642    # password            The password to be assigned.
643    # role_id             The role ID of the user to be created
644    #                     (e.g. "Administrator", "Operator", etc.).
645    # enabled             Indicates whether the username being created
646    #                     should be enabled (${True}, ${False}).
647
648    # Example:
649    #{
650    #"@odata.context": "/redfish/v1/$metadata#ManagerAccount.ManagerAccount",
651    #"@odata.id": "/redfish/v1/AccountService/Accounts/test1",
652    #"@odata.type": "#ManagerAccount.v1_0_3.ManagerAccount",
653    #"Description": "User Account",
654    #"Enabled": true,
655    #"Id": "test1",
656    #"Links": {
657    #  "Role": {
658    #    "@odata.id": "/redfish/v1/AccountService/Roles/Administrator"
659    #  }
660    #},
661
662    Redfish Create User  ${username}  ${password}  ${role_id}  ${enabled}
663
664    Redfish Verify User  ${username}  ${password}  ${role_id}  ${enabled}
665
666    # Delete Specified User
667    Redfish.Delete  /redfish/v1/AccountService/Accounts/${username}
668
669Verify Redfish User with Wrong Password
670    [Documentation]  Verify Redfish User with Wrong Password.
671    [Arguments]   ${username}  ${password}  ${role_id}  ${enabled}  ${wrong_password}
672
673    # Description of argument(s):
674    # username            The username to be created.
675    # password            The password to be assigned.
676    # role_id             The role ID of the user to be created
677    #                     (e.g. "Administrator", "Operator", etc.).
678    # enabled             Indicates whether the username being created
679    #                     should be enabled (${True}, ${False}).
680    # wrong_password      Any invalid password.
681
682    Redfish Create User  ${username}  ${password}  ${role_id}  ${enabled}
683
684    Redfish.Logout
685
686    # Attempt to login with created user with invalid password.
687    Run Keyword And Expect Error  InvalidCredentialsError*
688    ...  Redfish.Login  ${username}  ${wrong_password}
689
690    Redfish.Login
691
692    # Delete newly created user.
693    Redfish.Delete  /redfish/v1/AccountService/Accounts/${username}
694
695
696Verify Login with Deleted Redfish User
697    [Documentation]  Verify Login with Deleted Redfish User.
698    [Arguments]   ${username}  ${password}  ${role_id}  ${enabled}
699
700    # Description of argument(s):
701    # username            The username to be created.
702    # password            The password to be assigned.
703    # role_id             The role ID of the user to be created
704    #                     (e.g. "Administrator", "Operator", etc.).
705    # enabled             Indicates whether the username being created
706    #                     should be enabled (${True}, ${False}).
707
708    Redfish Create User  ${username}  ${password}  ${role_id}  ${enabled}
709
710    # Delete newly created user.
711    Redfish.Delete  /redfish/v1/AccountService/Accounts/${userName}
712
713    Redfish.Logout
714
715    # Attempt to login with deleted user account.
716    Run Keyword And Expect Error  InvalidCredentialsError*
717    ...  Redfish.Login  ${username}  ${password}
718
719    Redfish.Login
720
721
722Verify Create User Without Enabling
723    [Documentation]  Verify Create User Without Enabling.
724    [Arguments]   ${username}  ${password}  ${role_id}  ${enabled}
725
726    # Description of argument(s):
727    # username            The username to be created.
728    # password            The password to be assigned.
729    # role_id             The role ID of the user to be created
730    #                     (e.g. "Administrator", "Operator", etc.).
731    # enabled             Indicates whether the username being created
732    #                     should be enabled (${True}, ${False}).
733
734    Redfish Create User  ${username}  ${password}  ${role_id}  ${enabled}  ${False}
735
736    Redfish.Logout
737
738    # Login with created user.
739    Run Keyword And Expect Error  InvalidCredentialsError*
740    ...  Redfish.Login  ${username}  ${password}
741
742    Redfish.Login
743
744    # Delete newly created user.
745    Redfish.Delete  /redfish/v1/AccountService/Accounts/${username}
746
747Template For Configure Auth Methods
748    [Documentation]  Template to configure auth methods.
749    [Arguments]  ${auth_method}
750    [Teardown]  Configure AuthMethods  ${auth_method}=${initial_value}
751
752    # Description of Argument(s):
753    # authmethods   The authmethod setting which needs to be
754    #               set in account service URI.
755    # valid values  BasicAuth, XToken.
756
757    Get AuthMethods Default Values  ${auth_method}
758
759    # Patch basicauth to TRUE
760    Configure AuthMethods  ${auth_method}=${TRUE}
761
762    IF  "${auth_method}" == "XToken"
763        Check XToken Works Fine  ${HTTP_OK}
764    ELSE
765        Check BasicAuth Works Fine  ${HTTP_OK}
766    END
767
768    # Patch basicauth to FALSE
769    Configure AuthMethods  ${auth_method}=${FALSE}
770
771    IF  "${auth_method}" == "BasicAuth"
772        Check BasicAuth Works Fine  ${HTTP_UNAUTHORIZED}
773    ELSE
774        Check XToken Works Fine  ${HTTP_UNAUTHORIZED}
775    END
776
777Configure AuthMethods
778    [Documentation]  Enable/disable authmethod types.
779    [Arguments]  &{authmethods}
780
781    # Description of argument(s):
782    # authmethods            The authmethod setting which needs to be
783    #                        set in account service URI.
784    # Usage Example          Configure AuthMethods  XToken=${TRUE}  BasicAuth=${TRUE}
785    #                        This will set the value of "XToken" and "BasicAuth"
786    #                        property in accountservice uri to TRUE.
787
788    ${openbmc}=  Create Dictionary  AuthMethods=${authmethods}
789    ${oem}=  Create Dictionary  OpenBMC=${openbmc}
790    ${payload}=  Create Dictionary  Oem=${oem}
791
792    # Setting authmethod properties using Redfish session based auth
793    ${status}=  Run Keyword And Return Status
794    ...  Redfish.Patch  ${REDFISH_BASE_URI}AccountService
795    ...  body=${payload}  valid_status_codes=[${HTTP_OK},${HTTP_NO_CONTENT}]
796
797    # Setting authmethod properties using basic auth in case the former fails
798    IF  ${status}==${FALSE}
799        # Payload dictionary pre-process to match json formatting
800        ${payload}=  Convert To String  ${payload}
801        ${payload}=  Replace String  ${payload}  '  "
802        ${payload}=  Replace String  ${payload}  False  false
803        ${payload}=  Replace String  ${payload}  True  true
804
805        # Curl Command Framing for PATCH authmethod
806        ${cmd}=  Catenate  curl -k -i -u ${OPENBMC_USERNAME}:${OPENBMC_PASSWORD}
807        ...  -X PATCH '${AUTH_URI}${REDFISH_ACCOUNTS_SERVICE_URI}'
808        ...  -H 'content-type:application/json' -H 'If-Match:*'
809        ...  -d '${payload}'
810        ${rc}  ${out}=  Run And Return Rc And Output  ${cmd}
811
812        #  Check the response of curl command is 200 or 204
813        ${check_no_content}=
814        ...  Run Keyword and Return Status  Should Contain  ${out}  204
815        ${check_ok}=
816        ...  Run Keyword and Return Status  Should Contain  ${out}  200
817        Pass Execution If  ${check_no_content}==${TRUE}
818        ...  OR  ${check_ok}==${TRUE}
819    END
820
821
822Get AuthMethods Default Values
823    [Documentation]  Get enabled/disabled status of all authmethods
824    ...  from Redfish account service URI
825    [Arguments]  ${authmethod}
826
827    # Description of argument(s):
828    # authmethod            The authmethod property whose value needs to be
829    #                       retrieved from account service URI.
830    # Usage Example         Get AuthMethods Default Values  BasicAuth
831    #                       returns >> ${TRUE}
832    # Example:
833    # {
834    #     "@odata.id": "/redfish/v1/AccountService",
835    #     (...)
836    #     "Oem": {
837    #         "OpenBMC": {
838    #             "AuthMethods": {
839    #                 "BasicAuth": true,
840    #                 "Cookie": true,
841    #                 "SessionToken": true,
842    #                 "TLS": true,
843    #                 "XToken": true
844    #             }
845    #         }
846    #     }
847    # }
848
849    ${resp}=  Redfish.Get Attribute  ${REDFISH_ACCOUNTS_SERVICE_URI}  Oem
850    ${authmethods}=  Set Variable  ${resp['OpenBMC']['AuthMethods']}
851    ${initial_value}=  Get From Dictionary  ${authmethods}  ${authmethod}
852    Set Test Variable  ${initial_value}
853
854Check XToken Works Fine
855    [Documentation]  Verify Xtoken works fine.
856    [Arguments]  ${status_code}
857
858    # Description of Argument(s):
859    # status_code : 200, 401.
860
861    # Verify xtoken auth works for xtoken
862    Redfish.Get  ${REDFISH_ACCOUNTS_SERVICE_URI}
863    ...  valid_status_codes=[${status_code}]
864
865Check BasicAuth Works Fine
866    [Documentation]  Verify Basic Auth works fine.
867    [Arguments]  ${status_code}
868
869    # Description of Argument(s):
870    # status_code : 200, 401.
871
872    # Verify basic auth works based on basic auth.
873    ${cmd}=  Catenate  curl -k -i -u ${OPENBMC_USERNAME}:${OPENBMC_PASSWORD}
874    ...  ${AUTH_URI}/redfish/v1/AccountService
875    ${rc}  ${out}=  Run And Return Rc And Output  ${cmd}
876
877    #  Check the response of curl command is 200/401
878    Should Contain  ${out}  ${status_code}
879