1*** Settings ***
2
3
4Documentation     Suite to test local user management.
5
6Library           OperatingSystem
7Library           String
8Library           Collections
9
10Resource          ../../lib/resource.robot
11Resource          ../../lib/bmc_redfish_resource.robot
12Resource          ../../lib/openbmc_ffdc.robot
13Resource          ../../lib/certificate_utils.robot
14
15
16Suite Setup       Suite Setup Execution
17
18
19*** Variables ***
20
21${root_cmd_args} =  SEPARATOR=
22...  redfishtool raw -r ${OPENBMC_HOST} -u ${OPENBMC_USERNAME} -p ${OPENBMC_PASSWORD} -S Always
23
24
25*** Test Cases ***
26
27
28Verify Redfishtool Create Users
29    [Documentation]  Create user via Redfishtool and verify.
30    [Tags]  Verify_Redfishtool_Create_Users
31    [Teardown]  Redfishtool Delete User  "UserT100"
32
33    Redfishtool Create User  "UserT100"  "TestPwd123"  "Operator"  true
34    Redfishtool Verify User  "UserT100"  "Operator"
35
36
37Verify Redfishtool Modify Users
38    [Documentation]  Modify user via Redfishtool and verify.
39    [Tags]  Verify_Redfishtool_Modify_Users
40    [Teardown]  Redfishtool Delete User  "UserT100"
41
42    Redfishtool Create User  "UserT100"  "TestPwd123"  "Operator"  true
43    Redfishtool Update User Role  "UserT100"  "Administrator"
44    Redfishtool Verify User  "UserT100"  "Administrator"
45
46
47Verify Redfishtool Delete Users
48    [Documentation]  Delete user via Redfishtool and verify.
49    [Tags]  Verify_Redfishtool_Delete_Users
50
51    Redfishtool Create User  "UserT100"  "TestPwd123"  "Operator"  true
52    Redfishtool Delete User  "UserT100"
53    ${status}=  Redfishtool Verify User Name Exists  "UserT100"
54    Should Be True  ${status} == False
55
56
57Verify Redfishtool Login With Deleted Redfish Users
58    [Documentation]  Verify login with deleted user via Redfishtool.
59    [Tags]  Verify_Redfishtool_Login_With_Deleted_Redfish_Users
60
61    Redfishtool Create User  "UserT100"  "TestPwd123"  "Operator"  true
62    Redfishtool Delete User  "UserT100"
63    Redfishtool Access Resource  /redfish/v1/AccountService/Accounts  "UserT100"  "TestPwd123"
64    ...  ${HTTP_UNAUTHORIZED}
65
66
67Verify Redfishtool Error Upon Creating Same Users With Different Privileges
68    [Documentation]  Verify error upon creating same users with different privileges.
69    [Tags]  Verify_Redfishtool_Error_Upon_Creating_Same_Users_With_Different_Privileges
70    [Teardown]  Redfishtool Delete User  "UserT100"
71
72    Redfishtool Create User  "UserT100"  "TestPwd123"  "Operator"  true
73    Redfishtool Create User  "UserT100"  "TestPwd123"  "Administrator"  true
74    ...  expected_error=${HTTP_BAD_REQUEST}
75
76
77Verify Redfishtool Admin User Privilege
78    [Documentation]  Verify privilege of admin user.
79    [Tags]  Verify_Redfishtool_Admin_User_Privilege
80    [Teardown]  Run Keywords  Redfishtool Delete User  "UserT100"  AND
81    ...  Redfishtool Delete User  "UserT101"
82
83    Redfishtool Create User  "UserT100"  "TestPwd123"  "Administrator"  true
84
85    # Verify if an user can be added by admin
86    Redfishtool Create User  "UserT101"  "TestPwd123"  "Operator"  true  "UserT100"  "TestPwd123"
87
88
89Verify Redfishtool ReadOnly User Privilege
90    [Documentation]  Verify Redfishtool ReadOnly user privilege works.
91    [Tags]  Verify_Redfishtool_ReadOnly_User_Privilege
92    [Teardown]  Redfishtool Delete User  "UserT100"
93
94    Redfishtool Create User  "UserT100"  "TestPwd123"  "ReadOnly"  true
95    Redfishtool Access Resource  /redfish/v1/Systems/  "UserT100"  "TestPwd123"
96
97    Redfishtool Create User
98    ...  "UserT101"  "TestPwd123"  "Operator"  true  "UserT100"  "TestPwd123"  ${HTTP_FORBIDDEN}
99
100
101*** Keywords ***
102
103
104Redfishtool Access Resource
105    [Documentation]  Access resource.
106    [Arguments]  ${uri}   ${login_user}  ${login_pasword}  ${expected_error}=""
107
108    # Description of argument(s):
109    # uri            URI for resource access.
110    # login_user     The login user name used other than default root user.
111    # login_pasword  The login password.
112    # expected_error Expected error optionally provided in testcase (e.g. 401 /
113    #                authentication error, etc. )
114
115    ${user_cmd_args}=  Set Variable
116    ...  redfishtool raw -r ${OPENBMC_HOST} -u ${login_user} -p ${login_pasword} -S Always
117    Redfishtool Get  ${uri}  ${user_cmd_args}  ${expected_error}
118
119
120Is HTTP error Expected
121    [Documentation]  Check if the HTTP error is expected.
122    [Arguments]  ${cmd_output}  ${error_expected}
123
124    # Description of argument(s):
125    # cmd_output      Output of an HTTP operation.
126    # error_expected  Expected error.
127
128    @{words} =  Split String  ${error_expected}  ,
129    @{errorString}=  Split String  ${cmd_output}  ${SPACE}
130    Should Contain Any  ${errorString}  @{words}
131
132
133Redfishtool Create User
134    [Documentation]  Create new user.
135    [Arguments]  ${user_name}  ${password}  ${roleID}  ${enable}  ${login_user}=""  ${login_pasword}=""
136    ...  ${expected_error}=""
137
138    # Description of argument(s):
139    # user_name      The user name (e.g. "test", "robert", etc.).
140    # password       The user password (e.g. "0penBmc", "0penBmc1", etc.).
141    # roleID         The role of user (e.g. "Administrator", "Operator", etc.).
142    # enable         Enabled attribute of (e.g. true or false).
143    # expected_error Expected error optionally provided in testcase (e.g. 401 /
144    #                authentication error, etc. )
145
146    ${user_cmd_args}=  Set Variable
147    ...  redfishtool raw -r ${OPENBMC_HOST} -u ${login_user} -p ${login_pasword} -S Always
148    ${data}=  Set Variable
149    ...  '{"UserName":${user_name},"Password":${password},"RoleId":${roleId},"Enabled":${enable}}'
150    Run Keyword If  ${login_user} == ""
151    ...   Redfishtool Post  ${data}  /redfish/v1/AccountService/Accounts  ${root_cmd_args}  ${expected_error}
152    ...   ELSE
153    ...   Redfishtool Post  ${data}  /redfish/v1/AccountService/Accounts  ${user_cmd_args}  ${expected_error}
154
155
156Redfishtool Update User Role
157    [Documentation]  Update user role.
158    [Arguments]  ${user_name}  ${newRole}  ${login_user}=""  ${login_pasword}=""
159    ...  ${expected_error}=""
160
161    # Description of argument(s):
162    # user_name      The user name (e.g. "test", "robert", etc.).
163    # newRole        The new role of user (e.g. "Administrator", "Operator", etc.).
164    # login_user     The login user name used other than default root user.
165    # login_pasword  The login password.
166    # expected_error Expected error optionally provided in testcase (e.g. 401 /
167    #                authentication error, etc. )
168
169    ${user_cmd_args}=  Set Variable
170    ...  redfishtool raw -r ${OPENBMC_HOST} -u ${login_user} -p ${login_pasword} -S Always
171    Run Keyword If  ${login_user} == ""
172    ...   Redfishtool Patch  '{"RoleId":${newRole}}'
173          ...  /redfish/v1/AccountService/Accounts/${user_name}  ${root_cmd_args}  ${expected_error}
174    ...   ELSE
175    ...   Redfishtool Patch  '{"RoleId":${newRole}}'
176          ...  /redfish/v1/AccountService/Accounts/${user_name}  ${user_cmd_args}  ${expected_error}
177
178
179Redfishtool Delete User
180    [Documentation]  Delete an user.
181    [Arguments]  ${user_name}  ${expected_error}=""
182
183    # Description of argument(s):
184    # user_name       The user name (e.g. "test", "robert", etc.).
185    # expected_error  Expected error optionally provided in testcase (e.g. 401 /
186    #                 authentication error, etc. ).
187
188    Redfishtool Delete  /redfish/v1/AccountService/Accounts/${user_name}
189    ...  ${root_cmd_args}  ${expected_error}
190
191
192Redfishtool Verify User
193    [Documentation]  Verify role of the user.
194    [Arguments]  ${user_name}  ${role}
195
196    # Description of argument(s):
197    # user_name  The user name (e.g. "test", "robert", etc.).
198    # role       The new role of user (e.g. "Administrator", "Operator", etc.).
199
200    ${user_account}=  Redfishtool Get  /redfish/v1/AccountService/Accounts/${user_name}
201    ${json_obj}=   Evaluate  json.loads('''${user_account}''')  json
202    Should Be equal  "${json_obj["RoleId"]}"  ${role}
203
204
205Redfishtool Verify User Name Exists
206    [Documentation]  Verify user name exists.
207    [Arguments]  ${user_name}
208
209    # Description of argument(s):
210    # user_name  The user name (e.g. "test", "robert", etc.).
211
212    ${status}=  Run Keyword And Return Status  redfishtool Get
213    ...  /redfish/v1/AccountService/Accounts/${user_name}
214
215    [return]  ${status}
216
217
218Redfishtool Get
219    [Documentation]  Execute redfishtool for GET operation.
220    [Arguments]  ${uri}  ${cmd_args}=${root_cmd_args}  ${expected_error}=""
221
222    # Description of argument(s):
223    # uri             URI for GET operation (e.g. /redfish/v1/AccountService/Accounts/).
224    # cmd_args        Commandline arguments.
225    # expected_error  Expected error optionally provided in testcase (e.g. 401 /
226    #                 authentication error, etc. ).
227
228    ${rc}  ${cmd_output}=  Run and Return RC and Output  ${cmd_args} GET ${uri}
229    Run Keyword If  ${rc} != 0  Is HTTP error Expected  ${cmd_output}  ${expected_error}
230
231    [Return]  ${cmd_output}
232
233
234Redfishtool Post
235    [Documentation]  Execute redfishtool for  Post operation.
236    [Arguments]  ${payload}  ${uri}  ${cmd_args}=${root_cmd_args}  ${expected_error}=""
237
238    # Description of argument(s):
239    # payload         Payload with POST operation (e.g. data for user name, password, role,
240    #                 enabled attribute)
241    # uri             URI for POST operation (e.g. /redfish/v1/AccountService/Accounts/).
242    # cmd_args        Commandline arguments.
243    # expected_error  Expected error optionally provided in testcase (e.g. 401 /
244    #                 authentication error, etc. ).
245
246    ${rc}  ${cmd_output}=  Run and Return RC and Output  ${cmd_args} POST ${uri} --data=${payload}
247    Run Keyword If  ${rc} != 0  Is HTTP error Expected  ${cmd_output}  ${expected_error}
248
249    [Return]  ${cmd_output}
250
251
252Redfishtool Patch
253    [Documentation]  Execute redfishtool for  Patch operation.
254    [Arguments]  ${payload}  ${uri}  ${cmd_args}=${root_cmd_args}  ${expected_error}=""
255
256    # Description of argument(s):
257    # payload         Payload with POST operation (e.g. data for user name, role, etc. ).
258    # uri             URI for PATCH operation (e.g. /redfish/v1/AccountService/Accounts/ ).
259    # cmd_args        Commandline arguments.
260    # expected_error  Expected error optionally provided in testcase (e.g. 401 /
261    #                 authentication error, etc. ).
262
263    ${rc}  ${cmd_output}=  Run and Return RC and Output  ${cmd_args} PATCH ${uri} --data=${payload}
264    Run Keyword If  ${rc} != 0  Is HTTP error Expected  ${cmd_output}  ${expected_error}
265
266    [Return]  ${cmd_output}
267
268
269Redfishtool Delete
270    [Documentation]  Execute redfishtool for  Post operation.
271    [Arguments]  ${uri}  ${cmd_args}=${root_cmd_args}  ${expected_error}=""
272
273    # Description of argument(s):
274    # uri             URI for DELETE operation.
275    # cmd_args        Commandline arguments.
276    # expected_error  Expected error optionally provided in testcase (e.g. 401 /
277    #                 authentication error, etc. ).
278
279    ${rc}  ${cmd_output}=  Run and Return RC and Output  ${cmd_args} DELETE ${uri}
280    Run Keyword If  ${rc} != 0  Is HTTP error Expected  ${cmd_output}  ${expected_error}
281
282    [Return]  ${cmd_output}
283
284
285Suite Setup Execution
286    [Documentation]  Do suite setup execution.
287
288    ${tool_exist}=  Run  which redfishtool
289    Should Not Be Empty  ${tool_exist}
290