xref: /openbmc/openbmc-test-automation/redfish/dmtf_tools/test_redfishtool_local_user.robot (revision 069b266e40a93fda3992c888062745b1ac920473) 
1*** Settings ***
2
3
4Documentation     Suite to test local user management.
5
6Library           OperatingSystem
7Library           String
8Library           Collections
9
10Resource          ../../lib/resource.robot
11Resource          ../../lib/bmc_redfish_resource.robot
12Resource          ../../lib/openbmc_ffdc.robot
13Resource          ../../lib/certificate_utils.robot
14Resource          ../../lib/dmtf_redfishtool_utils.robot
15
16Suite Setup       Suite Setup Execution
17
18Test Tags        Redfishtool_Local_User
19
20*** Variables ***
21
22${root_cmd_args} =  SEPARATOR=
23...  redfishtool raw -r ${OPENBMC_HOST}:${HTTPS_PORT} -u ${OPENBMC_USERNAME} -p ${OPENBMC_PASSWORD} -S Always
24
25
26*** Test Cases ***
27
28Verify Redfishtool Create Users
29    [Documentation]  Create user via Redfishtool and verify.
30    [Tags]  Verify_Redfishtool_Create_Users
31    [Teardown]  Redfishtool Delete User  "UserT100"
32
33    Redfishtool Create User  "UserT100"  "TestPwd123"  "ReadOnly"  true
34    Redfishtool Verify User  "UserT100"  "ReadOnly"
35
36
37Verify Redfishtool Modify Users
38    [Documentation]  Modify user via Redfishtool and verify.
39    [Tags]  Verify_Redfishtool_Modify_Users
40    [Teardown]  Redfishtool Delete User  "UserT100"
41
42    Redfishtool Create User  "UserT100"  "TestPwd123"  "ReadOnly"  true
43    Redfishtool Update User Role  "UserT100"  "Administrator"
44    Redfishtool Verify User  "UserT100"  "Administrator"
45
46
47Verify Redfishtool Delete Users
48    [Documentation]  Delete user via Redfishtool and verify.
49    [Tags]  Verify_Redfishtool_Delete_Users
50
51    Redfishtool Create User  "UserT100"  "TestPwd123"  "ReadOnly"  true
52    Redfishtool Delete User  "UserT100"
53    ${status}=  Redfishtool Verify User Name Exists  "UserT100"
54    Should Be True  ${status} == False
55
56
57Verify Redfishtool Login With Deleted Redfish Users
58    [Documentation]  Verify login with deleted user via Redfishtool.
59    [Tags]  Verify_Redfishtool_Login_With_Deleted_Redfish_Users
60
61    Redfishtool Create User  "UserT100"  "TestPwd123"  "ReadOnly"  true
62    Redfishtool Delete User  "UserT100"
63    Redfishtool Access Resource  /redfish/v1/AccountService/Accounts  "UserT100"  "TestPwd123"
64    ...  ${HTTP_UNAUTHORIZED}
65
66
67Verify Redfishtool Error Upon Creating Same Users With Different Privileges
68    [Documentation]  Verify error upon creating same users with different privileges.
69    [Tags]  Verify_Redfishtool_Error_Upon_Creating_Same_Users_With_Different_Privileges
70    [Teardown]  Redfishtool Delete User  "UserT100"
71
72    Redfishtool Create User  "UserT100"  "TestPwd123"  "ReadOnly"  true
73    Redfishtool Create User  "UserT100"  "TestPwd123"  "Administrator"  true
74    ...  expected_error=${HTTP_BAD_REQUEST}
75
76
77Verify Redfishtool Admin User Privilege
78    [Documentation]  Verify privilege of admin user.
79    [Tags]  Verify_Redfishtool_Admin_User_Privilege
80    [Teardown]  Run Keywords  Redfishtool Delete User  "UserT100"  AND
81    ...  Redfishtool Delete User  "UserT101"
82
83    Redfishtool Create User  "UserT100"  "TestPwd123"  "Administrator"  true
84
85    # Verify if a user can be added by admin
86    Redfishtool Create User  "UserT101"  "TestPwd123"  "ReadOnly"  true  "UserT100"  "TestPwd123"
87
88
89Verify Redfishtool ReadOnly User Privilege
90    [Documentation]  Verify Redfishtool ReadOnly user privilege works.
91    [Tags]  Verify_Redfishtool_ReadOnly_User_Privilege
92    [Teardown]  Redfishtool Delete User  "UserT100"
93
94    Redfishtool Create User  "UserT100"  "TestPwd123"  "ReadOnly"  true
95    Redfishtool Access Resource  /redfish/v1/Systems/  "UserT100"  "TestPwd123"
96
97    Redfishtool Create User
98    ...  "UserT101"  "TestPwd123"  "Operator"  true  "UserT100"  "TestPwd123"  ${HTTP_FORBIDDEN}
99
100
101Verify Redfishtool Operator User Privilege
102    [Documentation]  Verify that an operator user is able to perform operator privilege
103    ...  task(e.g. create user, delete user).
104    [Tags]  Verify_Redfishtool_Operator_User_Privilege
105    [Teardown]  Redfishtool Delete User  "UserT100"
106
107    Redfishtool Create User  "UserT100"  "TestPwd123"  "ReadOnly"  true
108    Redfishtool Access Resource  /redfish/v1/Systems/  "UserT100"  "TestPwd123"
109
110    Redfishtool Create User
111    ...  "UserT101"  "TestPwd123"  "Operator"  true  "UserT100"  "TestPwd123"  ${HTTP_FORBIDDEN}
112
113
114Verify Error While Creating User With Invalid Role
115    [Documentation]  Verify error while creating a user with invalid role using Redfishtool.
116    [Tags]  Verify_Error_While_Creating_User_With_Invalid_Role
117    [Teardown]  Redfishtool Delete User  "UserT100"  ${HTTP_NOT_FOUND}
118
119    Redfishtool Create User  "UserT100"  "TestPwd123"  "wrongroleid"  true  expected_error=${HTTP_BAD_REQUEST}
120
121
122Verify Minimum Password Length For Redfish User Using Redfishtool
123    [Documentation]  Verify minimum password length of eight characters for new and existing user.
124    [Tags]  Verify_Minimum_Password_Length_For_Redfish_User_Using_Redfishtool
125    [Teardown]  Redfishtool Delete User  "UserT100"
126
127    Redfishtool Create User  "UserT100"  "TestPwd"  "ReadOnly"  true  expected_error=${HTTP_BAD_REQUEST}
128    Redfishtool Create User  "UserT100"  "TestPwd1"  "ReadOnly"  true
129
130
131Verify Create User Without Enabling
132    [Documentation]  Create a user without enabling it and verify that it does not have access.
133    [Tags]  Verify_Create_User_Without_Enabling
134    [Teardown]  Redfishtool Delete User  "UserT100"
135
136    Redfishtool Create User  "UserT100"  "TestPwd123"  "ReadOnly"  false
137    Redfishtool Access Resource  /redfish/v1/AccountService/Accounts  "UserT100"  "TestPwd123"
138    ...  ${HTTP_UNAUTHORIZED}
139
140
141Verify Error While Running Redfishtool With Incorrect Password
142    [Documentation]  Verify error while running redfishtool with incorrect Password.
143    [Tags]  Verify_Error_While_Running_Redfishtool_With_Incorrect_Password
144    [Teardown]  Redfishtool Delete User  "UserT100"
145
146    Redfishtool Create User  "UserT100"  "TestPwd123"  "Administrator"  true
147    Redfishtool Access Resource  /redfish/v1/Systems/  "UserT100"  "TestPwd234"  ${HTTP_UNAUTHORIZED}
148
149*** Keywords ***
150
151
152Redfishtool Access Resource
153    [Documentation]  Access resource.
154    [Arguments]  ${uri}   ${login_user}  ${login_pasword}  ${expected_error}=200
155
156    # Description of argument(s):
157    # uri            URI for resource access.
158    # login_user     The login user name used other than default root user.
159    # login_pasword  The login password.
160    # expected_error Expected error optionally provided in testcase (e.g. 401 /
161    #                authentication error, etc. )
162
163    ${user_cmd_args}=  Set Variable
164    ...  redfishtool raw -r ${OPENBMC_HOST} -u ${login_user} -p ${login_pasword} -S Always
165    Redfishtool Get  ${uri}  ${user_cmd_args}  ${expected_error}
166
167
168Redfishtool Create User
169    [Documentation]  Create new user.
170    [Arguments]  ${user_name}  ${password}  ${roleId}  ${enable}  ${login_user}=""  ${login_pasword}=""
171    ...  ${expected_error}=200
172
173    # Description of argument(s):
174    # user_name      The user name (e.g. "test", "robert", etc.).
175    # password       The user password (e.g. "0penBmc", "0penBmc1", etc.).
176    # roleId         The role of user (e.g. "Administrator", "Operator", etc.).
177    # enable         Enabled attribute of (e.g. true or false).
178    # expected_error Expected error optionally provided in testcase (e.g. 401 /
179    #                authentication error, etc. )
180
181    ${user_cmd_args}=  Set Variable
182    ...  redfishtool raw -r ${OPENBMC_HOST} -u ${login_user} -p ${login_pasword} -S Always
183    ${data}=  Set Variable
184    ...  '{"UserName":${user_name},"Password":${password},"RoleId":${roleId},"Enabled":${enable}}'
185    IF  ${login_user} == ""
186        Redfishtool Post  ${data}  /redfish/v1/AccountService/Accounts  ${root_cmd_args}  ${expected_error}
187    ELSE
188        Redfishtool Post  ${data}  /redfish/v1/AccountService/Accounts  ${user_cmd_args}  ${expected_error}
189    END
190
191
192Redfishtool Update User Role
193    [Documentation]  Update user role.
194    [Arguments]  ${user_name}  ${newRole}  ${login_user}=""  ${login_pasword}=""
195    ...  ${expected_error}=200
196
197    # Description of argument(s):
198    # user_name      The user name (e.g. "test", "robert", etc.).
199    # newRole        The new role of user (e.g. "Administrator", "Operator", etc.).
200    # login_user     The login user name used other than default root user.
201    # login_pasword  The login password.
202    # expected_error Expected error optionally provided in testcase (e.g. 401 /
203    #                authentication error, etc. )
204
205    ${user_cmd_args}=  Set Variable
206    ...  redfishtool raw -r ${OPENBMC_HOST} -u ${login_user} -p ${login_pasword} -S Always
207    IF  ${login_user} == ""
208        Redfishtool Patch  '{"RoleId":${newRole}}'
209        ...  /redfish/v1/AccountService/Accounts/${user_name}  ${root_cmd_args}  ${expected_error}
210    ELSE
211        Redfishtool Patch  '{"RoleId":${newRole}}'
212        ...  /redfish/v1/AccountService/Accounts/${user_name}  ${user_cmd_args}  ${expected_error}
213    END
214
215
216Redfishtool Delete User
217    [Documentation]  Delete a user.
218    [Arguments]  ${user_name}  ${expected_error}=200
219
220    # Description of argument(s):
221    # user_name       The user name (e.g. "test", "robert", etc.).
222    # expected_error  Expected error optionally provided in testcase (e.g. 401 /
223    #                 authentication error, etc. ).
224
225    Redfishtool Delete  /redfish/v1/AccountService/Accounts/${user_name}
226    ...  ${root_cmd_args}  ${expected_error}
227
228
229Redfishtool Verify User
230    [Documentation]  Verify role of the user.
231    [Arguments]  ${user_name}  ${role}
232
233    # Description of argument(s):
234    # user_name  The user name (e.g. "test", "robert", etc.).
235    # role       The new role of user (e.g. "Administrator", "Operator", etc.).
236
237    ${user_account}=  Redfishtool Get  /redfish/v1/AccountService/Accounts/${user_name}
238    ${json_obj}=   Evaluate  json.loads('''${user_account}''')  json
239    Should Be Equal  "${json_obj["RoleId"]}"  ${role}
240
241
242Redfishtool Verify User Name Exists
243    [Documentation]  Verify user name exists.
244    [Arguments]  ${user_name}
245
246    # Description of argument(s):
247    # user_name  The user name (e.g. "test", "robert", etc.).
248
249    ${status}=  Run Keyword And Return Status  redfishtool Get
250    ...  /redfish/v1/AccountService/Accounts/${user_name}
251
252    RETURN  ${status}
253
254
255Suite Setup Execution
256    [Documentation]  Do suite setup execution.
257
258    ${tool_exist}=  Run  which redfishtool
259    Should Not Be Empty  ${tool_exist}
260