1*** Settings ***
2Documentation    Test Redfish user account.
3
4Resource         ../../lib/resource.robot
5Resource         ../../lib/bmc_redfish_resource.robot
6Resource         ../../lib/openbmc_ffdc.robot
7
8Test Setup       Test Setup Execution
9Test Teardown    Test Teardown Execution
10
11*** Variables ***
12
13${account_lockout_duration}   ${30}
14${account_lockout_threshold}  ${3}
15
16
17** Test Cases **
18
19Verify AccountService Available
20    [Documentation]  Verify Redfish account service is available.
21    [Tags]  Verify_AccountService_Available
22
23    ${resp} =  Redfish_utils.Get Attribute  /redfish/v1/AccountService  ServiceEnabled
24    Should Be Equal As Strings  ${resp}  ${True}
25
26Redfish Create and Verify Users
27    [Documentation]  Create Redfish users with various roles.
28    [Tags]  Redfish_Create_and_Verify_Users
29    [Template]  Redfish Create And Verify User
30
31    #username      password    role_id         enabled
32    admin_user     TestPwd123  Administrator   ${True}
33    operator_user  TestPwd123  Operator        ${True}
34    user_user      TestPwd123  User            ${True}
35    callback_user  TestPwd123  Callback        ${True}
36
37Verify Redfish User with Wrong Password
38    [Documentation]  Verify Redfish User with Wrong Password.
39    [Tags]  Verify_Redfish_User_with_Wrong_Password
40    [Template]  Verify Redfish User with Wrong Password
41
42    #username      password    role_id         enabled  wrong_password
43    admin_user     TestPwd123  Administrator   ${True}  alskjhfwurh
44    operator_user  TestPwd123  Operator        ${True}  12j8a8uakjhdaosiruf024
45    user_user      TestPwd123  User            ${True}  12
46    callback_user  TestPwd123  Callback        ${True}  !#@D#RF#@!D
47
48Verify Login with Deleted Redfish Users
49    [Documentation]  Verify login with deleted Redfish Users.
50    [Tags]  Verify_Login_with_Deleted_Redfish_Users
51    [Template]  Verify Login with Deleted Redfish User
52
53    #username     password    role_id         enabled
54    admin_user     TestPwd123  Administrator   ${True}
55    operator_user  TestPwd123  Operator        ${True}
56    user_user      TestPwd123  User            ${True}
57    callback_user  TestPwd123  Callback        ${True}
58
59Verify User Creation Without Enabling It
60    [Documentation]  Verify User Creation Without Enabling it.
61    [Tags]  Verify_User_Creation_Without_Enabling_It
62    [Template]  Verify Create User Without Enabling
63
64    #username      password    role_id         enabled
65    admin_user     TestPwd123  Administrator   ${False}
66    operator_user  TestPwd123  Operator        ${False}
67    user_user      TestPwd123  User            ${False}
68    callback_user  TestPwd123  Callback        ${False}
69
70Verify Redfish User Persistence After Reboot
71    [Documentation]  Verify Redfish user persistence after reboot.
72    [Tags]  Verify_Redfish_User_Persistence_After_Reboot
73
74    # Create Redfish users.
75    Redfish Create User  admin_user     TestPwd123  Administrator   ${True}
76    Redfish Create User  operator_user  TestPwd123  Operator        ${True}
77    Redfish Create User  user_user      TestPwd123  User            ${True}
78    Redfish Create User  callback_user  TestPwd123  Callback        ${True}
79
80    # Reboot BMC.
81    Redfish OBMC Reboot (off)  stack_mode=normal
82
83    # Verify users after reboot.
84    Redfish Verify User  admin_user     TestPwd123  Administrator   ${True}
85    Redfish Verify User  operator_user  TestPwd123  Operator        ${True}
86    Redfish Verify User  user_user      TestPwd123  User            ${True}
87    Redfish Verify User  callback_user  TestPwd123  Callback        ${True}
88
89    # Delete created users.
90    Redfish.Delete  ${REDFISH_ACCOUNTS_URI}admin_user
91    Redfish.Delete  ${REDFISH_ACCOUNTS_URI}operator_user
92    Redfish.Delete  ${REDFISH_ACCOUNTS_URI}user_user
93    Redfish.Delete  ${REDFISH_ACCOUNTS_URI}callback_user
94
95Verify User Creation With Invalid Role Id
96    [Documentation]  Verify user creation with invalid role ID.
97    [Tags]  Verify_User_Creation_With_Invalid_Role_Id
98
99    # Make sure the user account in question does not already exist.
100    Redfish.Delete  ${REDFISH_ACCOUNTS_URI}test_user
101    ...  valid_status_codes=[${HTTP_OK}, ${HTTP_NOT_FOUND}]
102
103    # Create specified user.
104    ${payload}=  Create Dictionary
105    ...  UserName=test_user  Password=TestPwd123  RoleId=wrongroleid  Enabled=${True}
106    Redfish.Post  ${REDFISH_ACCOUNTS_URI}  body=&{payload}
107    ...  valid_status_codes=[${HTTP_BAD_REQUEST}]
108
109Verify Error Upon Creating Same Users With Different Privileges
110    [Documentation]  Verify error upon creating same users with different privileges.
111    [Tags]  Verify_Error_Upon_Creating_Same_Users_With_Different_Privileges
112
113    Redfish Create User  test_user  TestPwd123  Administrator  ${True}
114
115    # Create specified user.
116    ${payload}=  Create Dictionary
117    ...  UserName=test_user  Password=TestPwd123  RoleId=Operator  Enabled=${True}
118    Redfish.Post  ${REDFISH_ACCOUNTS_URI}  body=&{payload}
119    ...  valid_status_codes=[${HTTP_BAD_REQUEST}]
120
121    Redfish.Delete  ${REDFISH_ACCOUNTS_URI}test_user
122
123Verify Modifying User Attributes
124    [Documentation]  Verify modifying user attributes.
125    [Tags]  Verify_Modifying_User_Attributes
126
127    # Create Redfish users.
128    Redfish Create User  admin_user     TestPwd123  Administrator   ${True}
129    Redfish Create User  operator_user  TestPwd123  Operator        ${True}
130    Redfish Create User  user_user      TestPwd123  User            ${True}
131    Redfish Create User  callback_user  TestPwd123  Callback        ${True}
132
133    Redfish.Login
134
135    # Make sure the new user account does not already exist.
136    Redfish.Delete  ${REDFISH_ACCOUNTS_URI}newadmin_user
137    ...  valid_status_codes=[${HTTP_OK}, ${HTTP_NOT_FOUND}]
138
139    # Update admin_user username using Redfish.
140    ${payload}=  Create Dictionary  UserName=newadmin_user
141    Redfish.Patch  ${REDFISH_ACCOUNTS_URI}admin_user  body=&{payload}
142
143    # Update operator_user password using Redfish.
144    ${payload}=  Create Dictionary  Password=NewTestPwd123
145    Redfish.Patch  ${REDFISH_ACCOUNTS_URI}operator_user  body=&{payload}
146
147    # Update user_user role using Redfish.
148    ${payload}=  Create Dictionary  RoleId=Operator
149    Redfish.Patch  ${REDFISH_ACCOUNTS_URI}user_user  body=&{payload}
150
151    # Update callback_user to disable using Redfish.
152    ${payload}=  Create Dictionary  Enabled=${False}
153    Redfish.Patch  ${REDFISH_ACCOUNTS_URI}callback_user  body=&{payload}
154
155    # Verify users after updating
156    Redfish Verify User  newadmin_user  TestPwd123     Administrator   ${True}
157    Redfish Verify User  operator_user  NewTestPwd123  Operator        ${True}
158    Redfish Verify User  user_user      TestPwd123     Operator        ${True}
159    Redfish Verify User  callback_user  TestPwd123     Callback        ${False}
160
161    # Delete created users.
162    Redfish.Delete  ${REDFISH_ACCOUNTS_URI}newadmin_user
163    Redfish.Delete  ${REDFISH_ACCOUNTS_URI}operator_user
164    Redfish.Delete  ${REDFISH_ACCOUNTS_URI}user_user
165    Redfish.Delete  ${REDFISH_ACCOUNTS_URI}callback_user
166
167Verify User Account Locked
168    [Documentation]  Verify user account locked upon trying with invalid password.
169    [Tags]  Verify_User_Account_Locked
170
171    Redfish Create User  admin_user  TestPwd123  Administrator   ${True}
172
173    Redfish.Logout
174
175    Redfish.Login
176
177    ${payload}=  Create Dictionary  AccountLockoutThreshold=${account_lockout_threshold}
178    ...  AccountLockoutDuration=${account_lockout_duration}
179    Redfish.Patch  ${REDFISH_ACCOUNTS_SERVICE_URI}  body=${payload}
180
181    # Make ${account_lockout_threshold} failed login attempts.
182    Repeat Keyword  ${account_lockout_threshold} times
183    ...  Run Keyword And Expect Error  InvalidCredentialsError*  Redfish.Login  admin_user  abc123
184
185    # Verify that legitimate login fails due to lockout.
186    Run Keyword And Expect Error  InvalidCredentialsError*
187    ...  Redfish.Login  admin_user  TestPwd123
188
189    # Wait for lockout duration to expire and then verify that login works.
190    Sleep  ${account_lockout_duration}s
191    Redfish.Login  admin_user  TestPwd123
192
193    Redfish.Logout
194
195    Redfish.Login
196
197    Redfish.Delete  ${REDFISH_ACCOUNTS_URI}admin_user
198
199Verify Admin User Privilege
200    [Documentation]  Verify admin user privilege.
201    [Tags]  Verify_Admin_User_Privilege
202
203    Redfish Create User  admin_user  TestPwd123  Administrator  ${True}
204    Redfish Create User  operator_user  TestPwd123  Operator  ${True}
205    Redfish Create User  user_user  TestPwd123  User  ${True}
206
207    # Change role ID of operator user with admin user.
208    # Login with admin user.
209    Redfish.Login  admin_user  TestPwd123
210
211    # Modify Role ID of Operator user.
212    Redfish.Patch  ${REDFISH_ACCOUNTS_URI}operator_user  body={'RoleId': 'Administrator'}
213
214    # Verify modified user.
215    Redfish Verify User  operator_user  TestPwd123  Administrator  ${True}
216
217    # Change password of 'user' user with admin user.
218    Redfish.Patch  ${REDFISH_ACCOUNTS_URI}user_user  body={'Password': 'NewTestPwd123'}
219
220    # Verify modified user.
221    Redfish Verify User  user_user  NewTestPwd123  User  ${True}
222
223    Redfish.Login
224
225    Redfish.Delete  ${REDFISH_ACCOUNTS_URI}admin_user
226    Redfish.Delete  ${REDFISH_ACCOUNTS_URI}operator_user
227    Redfish.Delete  ${REDFISH_ACCOUNTS_URI}user_user
228
229Verify Operator User Privilege
230    [Documentation]  Verify operator user privilege.
231    [Tags]  Verify_operator_User_Privilege
232
233    Redfish Create User  admin_user  TestPwd123  Administrator  ${True}
234    Redfish Create User  operator_user  TestPwd123  Operator  ${True}
235
236    # Login with operator user.
237    Redfish.Login  operator_user  TestPwd123
238
239    # Verify power on system.
240    Redfish OBMC Reboot (off)  stack_mode=normal
241
242    # Attempt to change password of admin user with operator user.
243    Redfish.Patch  ${REDFISH_ACCOUNTS_URI}admin_user  body={'Password': 'NewTestPwd123'}
244    ...  valid_status_codes=[${HTTP_UNAUTHORIZED}]
245
246    Redfish.Login
247
248    Redfish.Delete  ${REDFISH_ACCOUNTS_URI}admin_user
249    Redfish.Delete  ${REDFISH_ACCOUNTS_URI}operator_user
250
251
252Verify 'User' User Privilege
253    [Documentation]  Verify 'user' user privilege.
254    [Tags]  Verify_User_User_Privilege
255
256    Redfish Create User  user_user  TestPwd123  User  ${True}
257
258    # Read system level data.
259    ${system_model}=  Redfish_Utils.Get Attribute
260    ...  ${SYSTEM_BASE_URI}  Model
261
262    Redfish.Login
263
264    Redfish.Delete  ${REDFISH_ACCOUNTS_URI}user_user
265
266
267*** Keywords ***
268
269Test Setup Execution
270    [Documentation]  Do test case setup tasks.
271
272    Redfish.Login
273
274
275Test Teardown Execution
276    [Documentation]  Do the post test teardown.
277
278    FFDC On Test Case Fail
279    Redfish.Logout
280
281Redfish Create User
282    [Documentation]  Redfish create user.
283    [Arguments]   ${username}  ${password}  ${role_id}  ${enabled}
284
285    # Description of argument(s):
286    # username            The username to be created.
287    # password            The password to be assigned.
288    # role_id             The role ID of the user to be created
289    #                     (e.g. "Administrator", "Operator", etc.).
290    # enabled             Indicates whether the username being created
291    #                     should be enabled (${True}, ${False}).
292
293    Redfish.Login
294
295    # Make sure the user account in question does not already exist.
296    Redfish.Delete  ${REDFISH_ACCOUNTS_URI}${userName}
297    ...  valid_status_codes=[${HTTP_OK}, ${HTTP_NOT_FOUND}]
298
299    # Create specified user.
300    ${payload}=  Create Dictionary
301    ...  UserName=${username}  Password=${password}  RoleId=${role_id}  Enabled=${enabled}
302    Redfish.Post  ${REDFISH_ACCOUNTS_URI}  body=&{payload}
303    ...  valid_status_codes=[${HTTP_CREATED}]
304
305    Redfish.Logout
306
307    # Login with created user.
308    Run Keyword If  ${enabled} == False
309    ...    Run Keyword And Expect Error  InvalidCredentialsError*
310    ...    Redfish.Login  ${username}  ${password}
311    ...  ELSE
312    ...    Redfish.Login  ${username}  ${password}
313
314    Run Keyword If  ${enabled} == False
315    ...  Redfish.Login
316
317    # Validate Role ID of created user.
318    ${role_config}=  Redfish_Utils.Get Attribute
319    ...  ${REDFISH_ACCOUNTS_URI}${username}  RoleId
320    Should Be Equal  ${role_id}  ${role_config}
321
322
323Redfish Verify User
324    [Documentation]  Redfish user verification.
325    [Arguments]   ${username}  ${password}  ${role_id}  ${enabled}
326
327    # Description of argument(s):
328    # username            The username to be created.
329    # password            The password to be assigned.
330    # role_id             The role ID of the user to be created
331    #                     (e.g. "Administrator", "Operator", etc.).
332    # enabled             Indicates whether the username being created
333    #                     should be enabled (${True}, ${False}).
334
335    # Trying to do a login with created user.
336    ${status}=  Run Keyword And Return Status  Redfish.Login  ${username}  ${password}
337
338    # Doing a check of the returned status.
339    Should Be Equal  ${status}  ${enabled}
340
341    # We do not need to login with created user (user could be in disabled status).
342    Redfish.Login
343
344    # Validate Role Id of user.
345    ${role_config}=  Redfish_Utils.Get Attribute
346    ...  ${REDFISH_ACCOUNTS_URI}${username}  RoleId
347    Should Be Equal  ${role_id}  ${role_config}
348
349
350Redfish Create And Verify User
351    [Documentation]  Redfish create and verify user.
352    [Arguments]   ${username}  ${password}  ${role_id}  ${enabled}
353
354    # Description of argument(s):
355    # username            The username to be created.
356    # password            The password to be assigned.
357    # role_id             The role ID of the user to be created
358    #                     (e.g. "Administrator", "Operator", etc.).
359    # enabled             Indicates whether the username being created
360    #                     should be enabled (${True}, ${False}).
361
362    # Example:
363    #{
364    #"@odata.context": "/redfish/v1/$metadata#ManagerAccount.ManagerAccount",
365    #"@odata.id": "/redfish/v1/AccountService/Accounts/test1",
366    #"@odata.type": "#ManagerAccount.v1_0_3.ManagerAccount",
367    #"Description": "User Account",
368    #"Enabled": true,
369    #"Id": "test1",
370    #"Links": {
371    #  "Role": {
372    #    "@odata.id": "/redfish/v1/AccountService/Roles/Administrator"
373    #  }
374    #},
375
376    Redfish Create User  ${username}  ${password}  ${role_id}  ${enabled}
377
378    Redfish Verify User  ${username}  ${password}  ${role_id}  ${enabled}
379
380    # Delete Specified User
381    Redfish.Delete  ${REDFISH_ACCOUNTS_URI}${username}
382
383Verify Redfish User with Wrong Password
384    [Documentation]  Verify Redfish User with Wrong Password.
385    [Arguments]   ${username}  ${password}  ${role_id}  ${enabled}  ${wrong_password}
386
387    # Description of argument(s):
388    # username            The username to be created.
389    # password            The password to be assigned.
390    # role_id             The role ID of the user to be created
391    #                     (e.g. "Administrator", "Operator", etc.).
392    # enabled             Indicates whether the username being created
393    #                     should be enabled (${True}, ${False}).
394    # wrong_password      Any invalid password.
395
396    Redfish Create User  ${username}  ${password}  ${role_id}  ${enabled}
397
398    # Attempt to login with created user with invalid password.
399    Run Keyword And Expect Error  InvalidCredentialsError*
400    ...  Redfish.Login  ${username}  ${wrong_password}
401
402    Redfish.Login
403
404    # Delete newly created user.
405    Redfish.Delete  ${REDFISH_ACCOUNTS_URI}${username}
406
407
408Verify Login with Deleted Redfish User
409    [Documentation]  Verify Login with Deleted Redfish User.
410    [Arguments]   ${username}  ${password}  ${role_id}  ${enabled}
411
412    # Description of argument(s):
413    # username            The username to be created.
414    # password            The password to be assigned.
415    # role_id             The role ID of the user to be created
416    #                     (e.g. "Administrator", "Operator", etc.).
417    # enabled             Indicates whether the username being created
418    #                     should be enabled (${True}, ${False}).
419
420    Redfish Create User  ${username}  ${password}  ${role_id}  ${enabled}
421    ${status}=  Run Keyword And Return Status  Redfish.Login  ${username}  ${password}
422
423    # Doing a check of the rerurned status
424    Should Be Equal  ${status}  ${True}
425
426    Redfish.Login
427
428    # Delete newly created user.
429    Redfish.Delete  ${REDFISH_ACCOUNTS_URI}${userName}
430
431    # Attempt to login with deleted user account.
432    Run Keyword And Expect Error  InvalidCredentialsError*
433    ...  Redfish.Login  ${username}  ${password}
434
435    Redfish.Login
436
437Verify Create User Without Enabling
438    [Documentation]  Verify Create User Without Enabling.
439    [Arguments]   ${username}  ${password}  ${role_id}  ${enabled}
440
441    # Description of argument(s):
442    # username            The username to be created.
443    # password            The password to be assigned.
444    # role_id             The role ID of the user to be created
445    #                     (e.g. "Administrator", "Operator", etc.).
446    # enabled             Indicates whether the username being created
447    #                     should be enabled (${True}, ${False}).
448
449    Redfish.Login
450
451    Redfish Create User  ${username}  ${password}  ${role_id}  ${enabled}
452
453    Redfish.Logout
454
455    # Login with created user.
456    Run Keyword And Expect Error  InvalidCredentialsError*
457    ...  Redfish.Login  ${username}  ${password}
458
459    Redfish.Login
460
461    # Delete newly created user.
462    Redfish.Delete  ${REDFISH_ACCOUNTS_URI}${username}
463