1*** Settings ***
2
3
4Documentation     Suite to test local user management.
5
6Library           OperatingSystem
7Library           String
8Library           Collections
9
10Resource          ../../lib/resource.robot
11Resource          ../../lib/bmc_redfish_resource.robot
12Resource          ../../lib/openbmc_ffdc.robot
13Resource          ../../lib/certificate_utils.robot
14Resource          ../../lib/dmtf_redfishtool_utils.robot
15
16Suite Setup       Suite Setup Execution
17
18
19*** Variables ***
20
21${root_cmd_args} =  SEPARATOR=
22...  redfishtool raw -r ${OPENBMC_HOST}:${HTTPS_PORT} -u ${OPENBMC_USERNAME} -p ${OPENBMC_PASSWORD} -S Always
23
24
25*** Test Cases ***
26
27Verify Redfishtool Create Users
28    [Documentation]  Create user via Redfishtool and verify.
29    [Tags]  Verify_Redfishtool_Create_Users
30    [Teardown]  Redfishtool Delete User  "UserT100"
31
32    Redfishtool Create User  "UserT100"  "TestPwd123"  "ReadOnly"  true
33    Redfishtool Verify User  "UserT100"  "ReadOnly"
34
35
36Verify Redfishtool Modify Users
37    [Documentation]  Modify user via Redfishtool and verify.
38    [Tags]  Verify_Redfishtool_Modify_Users
39    [Teardown]  Redfishtool Delete User  "UserT100"
40
41    Redfishtool Create User  "UserT100"  "TestPwd123"  "ReadOnly"  true
42    Redfishtool Update User Role  "UserT100"  "Administrator"
43    Redfishtool Verify User  "UserT100"  "Administrator"
44
45
46Verify Redfishtool Delete Users
47    [Documentation]  Delete user via Redfishtool and verify.
48    [Tags]  Verify_Redfishtool_Delete_Users
49
50    Redfishtool Create User  "UserT100"  "TestPwd123"  "ReadOnly"  true
51    Redfishtool Delete User  "UserT100"
52    ${status}=  Redfishtool Verify User Name Exists  "UserT100"
53    Should Be True  ${status} == False
54
55
56Verify Redfishtool Login With Deleted Redfish Users
57    [Documentation]  Verify login with deleted user via Redfishtool.
58    [Tags]  Verify_Redfishtool_Login_With_Deleted_Redfish_Users
59
60    Redfishtool Create User  "UserT100"  "TestPwd123"  "ReadOnly"  true
61    Redfishtool Delete User  "UserT100"
62    Redfishtool Access Resource  /redfish/v1/AccountService/Accounts  "UserT100"  "TestPwd123"
63    ...  ${HTTP_UNAUTHORIZED}
64
65
66Verify Redfishtool Error Upon Creating Same Users With Different Privileges
67    [Documentation]  Verify error upon creating same users with different privileges.
68    [Tags]  Verify_Redfishtool_Error_Upon_Creating_Same_Users_With_Different_Privileges
69    [Teardown]  Redfishtool Delete User  "UserT100"
70
71    Redfishtool Create User  "UserT100"  "TestPwd123"  "ReadOnly"  true
72    Redfishtool Create User  "UserT100"  "TestPwd123"  "Administrator"  true
73    ...  expected_error=${HTTP_BAD_REQUEST}
74
75
76Verify Redfishtool Admin User Privilege
77    [Documentation]  Verify privilege of admin user.
78    [Tags]  Verify_Redfishtool_Admin_User_Privilege
79    [Teardown]  Run Keywords  Redfishtool Delete User  "UserT100"  AND
80    ...  Redfishtool Delete User  "UserT101"
81
82    Redfishtool Create User  "UserT100"  "TestPwd123"  "Administrator"  true
83
84    # Verify if a user can be added by admin
85    Redfishtool Create User  "UserT101"  "TestPwd123"  "ReadOnly"  true  "UserT100"  "TestPwd123"
86
87
88Verify Redfishtool ReadOnly User Privilege
89    [Documentation]  Verify Redfishtool ReadOnly user privilege works.
90    [Tags]  Verify_Redfishtool_ReadOnly_User_Privilege
91    [Teardown]  Redfishtool Delete User  "UserT100"
92
93    Redfishtool Create User  "UserT100"  "TestPwd123"  "ReadOnly"  true
94    Redfishtool Access Resource  /redfish/v1/Systems/  "UserT100"  "TestPwd123"
95
96    Redfishtool Create User
97    ...  "UserT101"  "TestPwd123"  "Operator"  true  "UserT100"  "TestPwd123"  ${HTTP_FORBIDDEN}
98
99
100Verify Redfishtool Operator User Privilege
101    [Documentation]  Verify that an operator user is able to perform operator privilege
102    ...  task(e.g. create user, delete user).
103    [Tags]  Verify_Redfishtool_Operator_User_Privilege
104    [Teardown]  Redfishtool Delete User  "UserT100"
105
106    Redfishtool Create User  "UserT100"  "TestPwd123"  "ReadOnly"  true
107    Redfishtool Access Resource  /redfish/v1/Systems/  "UserT100"  "TestPwd123"
108
109    Redfishtool Create User
110    ...  "UserT101"  "TestPwd123"  "Operator"  true  "UserT100"  "TestPwd123"  ${HTTP_FORBIDDEN}
111
112
113Verify Error While Creating User With Invalid Role
114    [Documentation]  Verify error while creating a user with invalid role using Redfishtool.
115    [Tags]  Verify_Error_While_Creating_User_With_Invalid_Role
116    [Teardown]  Redfishtool Delete User  "UserT100"  ${HTTP_NOT_FOUND}
117
118    Redfishtool Create User  "UserT100"  "TestPwd123"  "wrongroleid"  true  expected_error=${HTTP_BAD_REQUEST}
119
120
121Verify Minimum Password Length For Redfish User
122    [Documentation]  Verify minimum password length of eight characters for new and existing user.
123    [Tags]  Verify_Minimum_Password_Length_For_Redfish_User
124    [Teardown]  Redfishtool Delete User  "UserT100"
125
126    Redfishtool Create User  "UserT100"  "TestPwd"  "ReadOnly"  true  expected_error=${HTTP_BAD_REQUEST}
127    Redfishtool Create User  "UserT100"  "TestPwd1"  "ReadOnly"  true
128
129
130Verify Create User Without Enabling
131    [Documentation]  Create a user without enabling it and verify that it does not have access.
132    [Tags]  Verify_Create_User_Without_Enabling
133    [Teardown]  Redfishtool Delete User  "UserT100"
134
135    Redfishtool Create User  "UserT100"  "TestPwd123"  "ReadOnly"  false
136    Redfishtool Access Resource  /redfish/v1/AccountService/Accounts  "UserT100"  "TestPwd123"
137    ...  ${HTTP_UNAUTHORIZED}
138
139
140Verify Error While Running Redfishtool With Incorrect Password
141    [Documentation]  Verify error while running redfishtool with incorrect Password.
142    [Tags]  Verify_Error_While_Running_Redfishtool_With_Incorrect_Password
143    [Teardown]  Redfishtool Delete User  "UserT100"
144
145    Redfishtool Create User  "UserT100"  "TestPwd123"  "Administrator"  true
146    Redfishtool Access Resource  /redfish/v1/Systems/  "UserT100"  "TestPwd234"  ${HTTP_UNAUTHORIZED}
147
148*** Keywords ***
149
150
151Redfishtool Access Resource
152    [Documentation]  Access resource.
153    [Arguments]  ${uri}   ${login_user}  ${login_pasword}  ${expected_error}=200
154
155    # Description of argument(s):
156    # uri            URI for resource access.
157    # login_user     The login user name used other than default root user.
158    # login_pasword  The login password.
159    # expected_error Expected error optionally provided in testcase (e.g. 401 /
160    #                authentication error, etc. )
161
162    ${user_cmd_args}=  Set Variable
163    ...  redfishtool raw -r ${OPENBMC_HOST} -u ${login_user} -p ${login_pasword} -S Always
164    Redfishtool Get  ${uri}  ${user_cmd_args}  ${expected_error}
165
166
167Redfishtool Create User
168    [Documentation]  Create new user.
169    [Arguments]  ${user_name}  ${password}  ${roleId}  ${enable}  ${login_user}=""  ${login_pasword}=""
170    ...  ${expected_error}=200
171
172    # Description of argument(s):
173    # user_name      The user name (e.g. "test", "robert", etc.).
174    # password       The user password (e.g. "0penBmc", "0penBmc1", etc.).
175    # roleId         The role of user (e.g. "Administrator", "Operator", etc.).
176    # enable         Enabled attribute of (e.g. true or false).
177    # expected_error Expected error optionally provided in testcase (e.g. 401 /
178    #                authentication error, etc. )
179
180    ${user_cmd_args}=  Set Variable
181    ...  redfishtool raw -r ${OPENBMC_HOST} -u ${login_user} -p ${login_pasword} -S Always
182    ${data}=  Set Variable
183    ...  '{"UserName":${user_name},"Password":${password},"RoleId":${roleId},"Enabled":${enable}}'
184    Run Keyword If  ${login_user} == ""
185    ...   Redfishtool Post  ${data}  /redfish/v1/AccountService/Accounts  ${root_cmd_args}  ${expected_error}
186    ...   ELSE
187    ...   Redfishtool Post  ${data}  /redfish/v1/AccountService/Accounts  ${user_cmd_args}  ${expected_error}
188
189
190Redfishtool Update User Role
191    [Documentation]  Update user role.
192    [Arguments]  ${user_name}  ${newRole}  ${login_user}=""  ${login_pasword}=""
193    ...  ${expected_error}=200
194
195    # Description of argument(s):
196    # user_name      The user name (e.g. "test", "robert", etc.).
197    # newRole        The new role of user (e.g. "Administrator", "Operator", etc.).
198    # login_user     The login user name used other than default root user.
199    # login_pasword  The login password.
200    # expected_error Expected error optionally provided in testcase (e.g. 401 /
201    #                authentication error, etc. )
202
203    ${user_cmd_args}=  Set Variable
204    ...  redfishtool raw -r ${OPENBMC_HOST} -u ${login_user} -p ${login_pasword} -S Always
205    Run Keyword If  ${login_user} == ""
206    ...   Redfishtool Patch  '{"RoleId":${newRole}}'
207          ...  /redfish/v1/AccountService/Accounts/${user_name}  ${root_cmd_args}  ${expected_error}
208    ...   ELSE
209    ...   Redfishtool Patch  '{"RoleId":${newRole}}'
210          ...  /redfish/v1/AccountService/Accounts/${user_name}  ${user_cmd_args}  ${expected_error}
211
212
213Redfishtool Delete User
214    [Documentation]  Delete a user.
215    [Arguments]  ${user_name}  ${expected_error}=200
216
217    # Description of argument(s):
218    # user_name       The user name (e.g. "test", "robert", etc.).
219    # expected_error  Expected error optionally provided in testcase (e.g. 401 /
220    #                 authentication error, etc. ).
221
222    Redfishtool Delete  /redfish/v1/AccountService/Accounts/${user_name}
223    ...  ${root_cmd_args}  ${expected_error}
224
225
226Redfishtool Verify User
227    [Documentation]  Verify role of the user.
228    [Arguments]  ${user_name}  ${role}
229
230    # Description of argument(s):
231    # user_name  The user name (e.g. "test", "robert", etc.).
232    # role       The new role of user (e.g. "Administrator", "Operator", etc.).
233
234    ${user_account}=  Redfishtool Get  /redfish/v1/AccountService/Accounts/${user_name}
235    ${json_obj}=   Evaluate  json.loads('''${user_account}''')  json
236    Should Be equal  "${json_obj["RoleId"]}"  ${role}
237
238
239Redfishtool Verify User Name Exists
240    [Documentation]  Verify user name exists.
241    [Arguments]  ${user_name}
242
243    # Description of argument(s):
244    # user_name  The user name (e.g. "test", "robert", etc.).
245
246    ${status}=  Run Keyword And Return Status  redfishtool Get
247    ...  /redfish/v1/AccountService/Accounts/${user_name}
248
249    [return]  ${status}
250
251
252Suite Setup Execution
253    [Documentation]  Do suite setup execution.
254
255    ${tool_exist}=  Run  which redfishtool
256    Should Not Be Empty  ${tool_exist}
257