1*** Settings ***
2
3
4Documentation     Suite to test local user management.
5
6Library           OperatingSystem
7Library           String
8Library           Collections
9
10Resource          ../../lib/resource.robot
11Resource          ../../lib/bmc_redfish_resource.robot
12Resource          ../../lib/openbmc_ffdc.robot
13Resource          ../../lib/certificate_utils.robot
14Resource          ../../lib/dmtf_redfishtool_utils.robot
15
16Suite Setup       Suite Setup Execution
17
18
19*** Variables ***
20
21${root_cmd_args} =  SEPARATOR=
22...  redfishtool raw -r ${OPENBMC_HOST} -u ${OPENBMC_USERNAME} -p ${OPENBMC_PASSWORD} -S Always
23
24
25*** Test Cases ***
26
27Verify Redfishtool Create Users
28    [Documentation]  Create user via Redfishtool and verify.
29    [Tags]  Verify_Redfishtool_Create_Users
30    [Teardown]  Redfishtool Delete User  "UserT100"
31
32    Redfishtool Create User  "UserT100"  "TestPwd123"  "Operator"  true
33    Redfishtool Verify User  "UserT100"  "Operator"
34
35
36Verify Redfishtool Modify Users
37    [Documentation]  Modify user via Redfishtool and verify.
38    [Tags]  Verify_Redfishtool_Modify_Users
39    [Teardown]  Redfishtool Delete User  "UserT100"
40
41    Redfishtool Create User  "UserT100"  "TestPwd123"  "Operator"  true
42    Redfishtool Update User Role  "UserT100"  "Administrator"
43    Redfishtool Verify User  "UserT100"  "Administrator"
44
45
46Verify Redfishtool Delete Users
47    [Documentation]  Delete user via Redfishtool and verify.
48    [Tags]  Verify_Redfishtool_Delete_Users
49
50    Redfishtool Create User  "UserT100"  "TestPwd123"  "Operator"  true
51    Redfishtool Delete User  "UserT100"
52    ${status}=  Redfishtool Verify User Name Exists  "UserT100"
53    Should Be True  ${status} == False
54
55
56Verify Redfishtool Login With Deleted Redfish Users
57    [Documentation]  Verify login with deleted user via Redfishtool.
58    [Tags]  Verify_Redfishtool_Login_With_Deleted_Redfish_Users
59
60    Redfishtool Create User  "UserT100"  "TestPwd123"  "Operator"  true
61    Redfishtool Delete User  "UserT100"
62    Redfishtool Access Resource  /redfish/v1/AccountService/Accounts  "UserT100"  "TestPwd123"
63    ...  ${HTTP_UNAUTHORIZED}
64
65
66Verify Redfishtool Error Upon Creating Same Users With Different Privileges
67    [Documentation]  Verify error upon creating same users with different privileges.
68    [Tags]  Verify_Redfishtool_Error_Upon_Creating_Same_Users_With_Different_Privileges
69    [Teardown]  Redfishtool Delete User  "UserT100"
70
71    Redfishtool Create User  "UserT100"  "TestPwd123"  "Operator"  true
72    Redfishtool Create User  "UserT100"  "TestPwd123"  "Administrator"  true
73    ...  expected_error=${HTTP_BAD_REQUEST}
74
75
76Verify Redfishtool Admin User Privilege
77    [Documentation]  Verify privilege of admin user.
78    [Tags]  Verify_Redfishtool_Admin_User_Privilege
79    [Teardown]  Run Keywords  Redfishtool Delete User  "UserT100"  AND
80    ...  Redfishtool Delete User  "UserT101"
81
82    Redfishtool Create User  "UserT100"  "TestPwd123"  "Administrator"  true
83
84    # Verify if an user can be added by admin
85    Redfishtool Create User  "UserT101"  "TestPwd123"  "Operator"  true  "UserT100"  "TestPwd123"
86
87
88Verify Redfishtool ReadOnly User Privilege
89    [Documentation]  Verify Redfishtool ReadOnly user privilege works.
90    [Tags]  Verify_Redfishtool_ReadOnly_User_Privilege
91    [Teardown]  Redfishtool Delete User  "UserT100"
92
93    Redfishtool Create User  "UserT100"  "TestPwd123"  "ReadOnly"  true
94    Redfishtool Access Resource  /redfish/v1/Systems/  "UserT100"  "TestPwd123"
95
96    Redfishtool Create User
97    ...  "UserT101"  "TestPwd123"  "Operator"  true  "UserT100"  "TestPwd123"  ${HTTP_FORBIDDEN}
98
99
100Verify Redfishtool Operator User Privilege
101    [Documentation]  Verify that an operator user is able to perform operator privilege
102    ...  task(e.g. create user, delete user).
103    [Tags]  Verify_Redfishtool_Operator_User_Privilege
104    [Teardown]  Redfishtool Delete User  "UserT100"
105
106    Redfishtool Create User  "UserT100"  "TestPwd123"  "ReadOnly"  true
107    Redfishtool Access Resource  /redfish/v1/Systems/  "UserT100"  "TestPwd123"
108
109    Redfishtool Create User
110    ...  "UserT101"  "TestPwd123"  "Operator"  true  "UserT100"  "TestPwd123"  ${HTTP_FORBIDDEN}
111
112
113Verify Error While Creating User With Invalid Role
114    [Documentation]  Verify error while creating a user with invalid role using Redfishtool.
115    [Tags]  Verify_Error_While_Creating_User_With_Invalid_Role
116    [Teardown]  Redfishtool Delete User  "UserT100"
117
118    Redfishtool Create User  "UserT100"  "TestPwd123"  "wrongroleid"  true  expected_error=${HTTP_BAD_REQUEST}
119
120
121Verify Minimum Password Length For Redfish User
122    [Documentation]  Verify minimum password length of eight characters for new and existing user.
123    [Tags]  Verify_Minimum_Password_Length_For_Redfish_User
124    [Teardown]  Redfishtool Delete User  "UserT100"
125
126    Redfishtool Create User  "UserT100"  "TestPwd"  "Operator"  true  expected_error=${HTTP_BAD_REQUEST}
127    Redfishtool Create User  "UserT100"  "TestPwd1"  "Operator"  true
128
129
130Verify Create User Without Enabling
131    [Documentation]  Create an user without enabling it and verify that it does not have access.
132    [Teardown]  Redfishtool Delete User  "UserT100"
133
134    Redfishtool Create User  "UserT100"  "TestPwd123"  "Operator"  false
135    Redfishtool Access Resource  /redfish/v1/AccountService/Accounts  "UserT100"  "TestPwd123"
136    ...  ${HTTP_UNAUTHORIZED}
137
138*** Keywords ***
139
140
141Redfishtool Access Resource
142    [Documentation]  Access resource.
143    [Arguments]  ${uri}   ${login_user}  ${login_pasword}  ${expected_error}=200
144
145    # Description of argument(s):
146    # uri            URI for resource access.
147    # login_user     The login user name used other than default root user.
148    # login_pasword  The login password.
149    # expected_error Expected error optionally provided in testcase (e.g. 401 /
150    #                authentication error, etc. )
151
152    ${user_cmd_args}=  Set Variable
153    ...  redfishtool raw -r ${OPENBMC_HOST} -u ${login_user} -p ${login_pasword} -S Always
154    Redfishtool Get  ${uri}  ${user_cmd_args}  ${expected_error}
155
156
157Redfishtool Create User
158    [Documentation]  Create new user.
159    [Arguments]  ${user_name}  ${password}  ${roleID}  ${enable}  ${login_user}=""  ${login_pasword}=""
160    ...  ${expected_error}=200
161
162    # Description of argument(s):
163    # user_name      The user name (e.g. "test", "robert", etc.).
164    # password       The user password (e.g. "0penBmc", "0penBmc1", etc.).
165    # roleID         The role of user (e.g. "Administrator", "Operator", etc.).
166    # enable         Enabled attribute of (e.g. true or false).
167    # expected_error Expected error optionally provided in testcase (e.g. 401 /
168    #                authentication error, etc. )
169
170    ${user_cmd_args}=  Set Variable
171    ...  redfishtool raw -r ${OPENBMC_HOST} -u ${login_user} -p ${login_pasword} -S Always
172    ${data}=  Set Variable
173    ...  '{"UserName":${user_name},"Password":${password},"RoleId":${roleId},"Enabled":${enable}}'
174    Run Keyword If  ${login_user} == ""
175    ...   Redfishtool Post  ${data}  /redfish/v1/AccountService/Accounts  ${root_cmd_args}  ${expected_error}
176    ...   ELSE
177    ...   Redfishtool Post  ${data}  /redfish/v1/AccountService/Accounts  ${user_cmd_args}  ${expected_error}
178
179
180Redfishtool Update User Role
181    [Documentation]  Update user role.
182    [Arguments]  ${user_name}  ${newRole}  ${login_user}=""  ${login_pasword}=""
183    ...  ${expected_error}=200
184
185    # Description of argument(s):
186    # user_name      The user name (e.g. "test", "robert", etc.).
187    # newRole        The new role of user (e.g. "Administrator", "Operator", etc.).
188    # login_user     The login user name used other than default root user.
189    # login_pasword  The login password.
190    # expected_error Expected error optionally provided in testcase (e.g. 401 /
191    #                authentication error, etc. )
192
193    ${user_cmd_args}=  Set Variable
194    ...  redfishtool raw -r ${OPENBMC_HOST} -u ${login_user} -p ${login_pasword} -S Always
195    Run Keyword If  ${login_user} == ""
196    ...   Redfishtool Patch  '{"RoleId":${newRole}}'
197          ...  /redfish/v1/AccountService/Accounts/${user_name}  ${root_cmd_args}  ${expected_error}
198    ...   ELSE
199    ...   Redfishtool Patch  '{"RoleId":${newRole}}'
200          ...  /redfish/v1/AccountService/Accounts/${user_name}  ${user_cmd_args}  ${expected_error}
201
202
203Redfishtool Delete User
204    [Documentation]  Delete an user.
205    [Arguments]  ${user_name}  ${expected_error}=200
206
207    # Description of argument(s):
208    # user_name       The user name (e.g. "test", "robert", etc.).
209    # expected_error  Expected error optionally provided in testcase (e.g. 401 /
210    #                 authentication error, etc. ).
211
212    Redfishtool Delete  /redfish/v1/AccountService/Accounts/${user_name}
213    ...  ${root_cmd_args}  ${expected_error}
214
215
216Redfishtool Verify User
217    [Documentation]  Verify role of the user.
218    [Arguments]  ${user_name}  ${role}
219
220    # Description of argument(s):
221    # user_name  The user name (e.g. "test", "robert", etc.).
222    # role       The new role of user (e.g. "Administrator", "Operator", etc.).
223
224    ${user_account}=  Redfishtool Get  /redfish/v1/AccountService/Accounts/${user_name}
225    ${json_obj}=   Evaluate  json.loads('''${user_account}''')  json
226    Should Be equal  "${json_obj["RoleId"]}"  ${role}
227
228
229Redfishtool Verify User Name Exists
230    [Documentation]  Verify user name exists.
231    [Arguments]  ${user_name}
232
233    # Description of argument(s):
234    # user_name  The user name (e.g. "test", "robert", etc.).
235
236    ${status}=  Run Keyword And Return Status  redfishtool Get
237    ...  /redfish/v1/AccountService/Accounts/${user_name}
238
239    [return]  ${status}
240
241
242Redfishtool GetAttribute
243    [Documentation]  Execute redfishtool for GET operation.
244    [Arguments]  ${uri}  ${Attribute}  ${cmd_args}=${root_cmd_args}  ${expected_error}=""
245
246    # Description of argument(s):
247    # uri             URI for GET operation (e.g. /redfish/v1/AccountService/Accounts/).
248    # Attribute       The specific attribute to be retrieved with the URI.
249    # cmd_args        Commandline arguments.
250    # expected_error  Expected error optionally provided in testcase (e.g. 401 /
251    #                 authentication error, etc. ).
252
253    ${rc}  ${cmd_output}=  Run and Return RC and Output  ${cmd_args} GET ${uri}
254    Run Keyword If  ${rc} != 0  Is HTTP error Expected  ${cmd_output}  ${expected_error}
255    ${json_object}=  To JSON  ${cmd_output}
256
257    [Return]  ${json_object["${Attribute}"]}
258
259
260Suite Setup Execution
261    [Documentation]  Do suite setup execution.
262
263    ${tool_exist}=  Run  which redfishtool
264    Should Not Be Empty  ${tool_exist}
265