1*** Settings ***
2
3
4Documentation     Suite to test local user management.
5
6Library           OperatingSystem
7Library           String
8Library           Collections
9
10Resource          ../../lib/resource.robot
11Resource          ../../lib/bmc_redfish_resource.robot
12Resource          ../../lib/openbmc_ffdc.robot
13Resource          ../../lib/certificate_utils.robot
14Resource          ../../lib/dmtf_redfishtool_utils.robot
15
16Suite Setup       Suite Setup Execution
17
18Force Tags        Redfishtool_Local_User
19
20*** Variables ***
21
22${root_cmd_args} =  SEPARATOR=
23...  redfishtool raw -r ${OPENBMC_HOST}:${HTTPS_PORT} -u ${OPENBMC_USERNAME} -p ${OPENBMC_PASSWORD} -S Always
24
25
26*** Test Cases ***
27
28Verify Redfishtool Create Users
29    [Documentation]  Create user via Redfishtool and verify.
30    [Tags]  Verify_Redfishtool_Create_Users
31    [Teardown]  Redfishtool Delete User  "UserT100"
32
33    Redfishtool Create User  "UserT100"  "TestPwd123"  "ReadOnly"  true
34    Redfishtool Verify User  "UserT100"  "ReadOnly"
35
36
37Verify Redfishtool Modify Users
38    [Documentation]  Modify user via Redfishtool and verify.
39    [Tags]  Verify_Redfishtool_Modify_Users
40    [Teardown]  Redfishtool Delete User  "UserT100"
41
42    Redfishtool Create User  "UserT100"  "TestPwd123"  "ReadOnly"  true
43    Redfishtool Update User Role  "UserT100"  "Administrator"
44    Redfishtool Verify User  "UserT100"  "Administrator"
45
46
47Verify Redfishtool Delete Users
48    [Documentation]  Delete user via Redfishtool and verify.
49    [Tags]  Verify_Redfishtool_Delete_Users
50
51    Redfishtool Create User  "UserT100"  "TestPwd123"  "ReadOnly"  true
52    Redfishtool Delete User  "UserT100"
53    ${status}=  Redfishtool Verify User Name Exists  "UserT100"
54    Should Be True  ${status} == False
55
56
57Verify Redfishtool Login With Deleted Redfish Users
58    [Documentation]  Verify login with deleted user via Redfishtool.
59    [Tags]  Verify_Redfishtool_Login_With_Deleted_Redfish_Users
60
61    Redfishtool Create User  "UserT100"  "TestPwd123"  "ReadOnly"  true
62    Redfishtool Delete User  "UserT100"
63    Redfishtool Access Resource  /redfish/v1/AccountService/Accounts  "UserT100"  "TestPwd123"
64    ...  ${HTTP_UNAUTHORIZED}
65
66
67Verify Redfishtool Error Upon Creating Same Users With Different Privileges
68    [Documentation]  Verify error upon creating same users with different privileges.
69    [Tags]  Verify_Redfishtool_Error_Upon_Creating_Same_Users_With_Different_Privileges
70    [Teardown]  Redfishtool Delete User  "UserT100"
71
72    Redfishtool Create User  "UserT100"  "TestPwd123"  "ReadOnly"  true
73    Redfishtool Create User  "UserT100"  "TestPwd123"  "Administrator"  true
74    ...  expected_error=${HTTP_BAD_REQUEST}
75
76
77Verify Redfishtool Admin User Privilege
78    [Documentation]  Verify privilege of admin user.
79    [Tags]  Verify_Redfishtool_Admin_User_Privilege
80    [Teardown]  Run Keywords  Redfishtool Delete User  "UserT100"  AND
81    ...  Redfishtool Delete User  "UserT101"
82
83    Redfishtool Create User  "UserT100"  "TestPwd123"  "Administrator"  true
84
85    # Verify if a user can be added by admin
86    Redfishtool Create User  "UserT101"  "TestPwd123"  "ReadOnly"  true  "UserT100"  "TestPwd123"
87
88
89Verify Redfishtool ReadOnly User Privilege
90    [Documentation]  Verify Redfishtool ReadOnly user privilege works.
91    [Tags]  Verify_Redfishtool_ReadOnly_User_Privilege
92    [Teardown]  Redfishtool Delete User  "UserT100"
93
94    Redfishtool Create User  "UserT100"  "TestPwd123"  "ReadOnly"  true
95    Redfishtool Access Resource  /redfish/v1/Systems/  "UserT100"  "TestPwd123"
96
97    Redfishtool Create User
98    ...  "UserT101"  "TestPwd123"  "Operator"  true  "UserT100"  "TestPwd123"  ${HTTP_FORBIDDEN}
99
100
101Verify Redfishtool Operator User Privilege
102    [Documentation]  Verify that an operator user is able to perform operator privilege
103    ...  task(e.g. create user, delete user).
104    [Tags]  Verify_Redfishtool_Operator_User_Privilege
105    [Teardown]  Redfishtool Delete User  "UserT100"
106
107    Redfishtool Create User  "UserT100"  "TestPwd123"  "ReadOnly"  true
108    Redfishtool Access Resource  /redfish/v1/Systems/  "UserT100"  "TestPwd123"
109
110    Redfishtool Create User
111    ...  "UserT101"  "TestPwd123"  "Operator"  true  "UserT100"  "TestPwd123"  ${HTTP_FORBIDDEN}
112
113
114Verify Error While Creating User With Invalid Role
115    [Documentation]  Verify error while creating a user with invalid role using Redfishtool.
116    [Tags]  Verify_Error_While_Creating_User_With_Invalid_Role
117    [Teardown]  Redfishtool Delete User  "UserT100"  ${HTTP_NOT_FOUND}
118
119    Redfishtool Create User  "UserT100"  "TestPwd123"  "wrongroleid"  true  expected_error=${HTTP_BAD_REQUEST}
120
121
122Verify Minimum Password Length For Redfish User Using Redfishtool
123    [Documentation]  Verify minimum password length of eight characters for new and existing user.
124    [Tags]  Verify_Minimum_Password_Length_For_Redfish_User_Using_Redfishtool
125    [Teardown]  Redfishtool Delete User  "UserT100"
126
127    Redfishtool Create User  "UserT100"  "TestPwd"  "ReadOnly"  true  expected_error=${HTTP_BAD_REQUEST}
128    Redfishtool Create User  "UserT100"  "TestPwd1"  "ReadOnly"  true
129
130
131Verify Create User Without Enabling
132    [Documentation]  Create a user without enabling it and verify that it does not have access.
133    [Tags]  Verify_Create_User_Without_Enabling
134    [Teardown]  Redfishtool Delete User  "UserT100"
135
136    Redfishtool Create User  "UserT100"  "TestPwd123"  "ReadOnly"  false
137    Redfishtool Access Resource  /redfish/v1/AccountService/Accounts  "UserT100"  "TestPwd123"
138    ...  ${HTTP_UNAUTHORIZED}
139
140
141Verify Error While Running Redfishtool With Incorrect Password
142    [Documentation]  Verify error while running redfishtool with incorrect Password.
143    [Tags]  Verify_Error_While_Running_Redfishtool_With_Incorrect_Password
144    [Teardown]  Redfishtool Delete User  "UserT100"
145
146    Redfishtool Create User  "UserT100"  "TestPwd123"  "Administrator"  true
147    Redfishtool Access Resource  /redfish/v1/Systems/  "UserT100"  "TestPwd234"  ${HTTP_UNAUTHORIZED}
148
149*** Keywords ***
150
151
152Redfishtool Access Resource
153    [Documentation]  Access resource.
154    [Arguments]  ${uri}   ${login_user}  ${login_pasword}  ${expected_error}=200
155
156    # Description of argument(s):
157    # uri            URI for resource access.
158    # login_user     The login user name used other than default root user.
159    # login_pasword  The login password.
160    # expected_error Expected error optionally provided in testcase (e.g. 401 /
161    #                authentication error, etc. )
162
163    ${user_cmd_args}=  Set Variable
164    ...  redfishtool raw -r ${OPENBMC_HOST} -u ${login_user} -p ${login_pasword} -S Always
165    Redfishtool Get  ${uri}  ${user_cmd_args}  ${expected_error}
166
167
168Redfishtool Create User
169    [Documentation]  Create new user.
170    [Arguments]  ${user_name}  ${password}  ${roleId}  ${enable}  ${login_user}=""  ${login_pasword}=""
171    ...  ${expected_error}=200
172
173    # Description of argument(s):
174    # user_name      The user name (e.g. "test", "robert", etc.).
175    # password       The user password (e.g. "0penBmc", "0penBmc1", etc.).
176    # roleId         The role of user (e.g. "Administrator", "Operator", etc.).
177    # enable         Enabled attribute of (e.g. true or false).
178    # expected_error Expected error optionally provided in testcase (e.g. 401 /
179    #                authentication error, etc. )
180
181    ${user_cmd_args}=  Set Variable
182    ...  redfishtool raw -r ${OPENBMC_HOST} -u ${login_user} -p ${login_pasword} -S Always
183    ${data}=  Set Variable
184    ...  '{"UserName":${user_name},"Password":${password},"RoleId":${roleId},"Enabled":${enable}}'
185    Run Keyword If  ${login_user} == ""
186    ...   Redfishtool Post  ${data}  /redfish/v1/AccountService/Accounts  ${root_cmd_args}  ${expected_error}
187    ...   ELSE
188    ...   Redfishtool Post  ${data}  /redfish/v1/AccountService/Accounts  ${user_cmd_args}  ${expected_error}
189
190
191Redfishtool Update User Role
192    [Documentation]  Update user role.
193    [Arguments]  ${user_name}  ${newRole}  ${login_user}=""  ${login_pasword}=""
194    ...  ${expected_error}=200
195
196    # Description of argument(s):
197    # user_name      The user name (e.g. "test", "robert", etc.).
198    # newRole        The new role of user (e.g. "Administrator", "Operator", etc.).
199    # login_user     The login user name used other than default root user.
200    # login_pasword  The login password.
201    # expected_error Expected error optionally provided in testcase (e.g. 401 /
202    #                authentication error, etc. )
203
204    ${user_cmd_args}=  Set Variable
205    ...  redfishtool raw -r ${OPENBMC_HOST} -u ${login_user} -p ${login_pasword} -S Always
206    Run Keyword If  ${login_user} == ""
207    ...   Redfishtool Patch  '{"RoleId":${newRole}}'
208          ...  /redfish/v1/AccountService/Accounts/${user_name}  ${root_cmd_args}  ${expected_error}
209    ...   ELSE
210    ...   Redfishtool Patch  '{"RoleId":${newRole}}'
211          ...  /redfish/v1/AccountService/Accounts/${user_name}  ${user_cmd_args}  ${expected_error}
212
213
214Redfishtool Delete User
215    [Documentation]  Delete a user.
216    [Arguments]  ${user_name}  ${expected_error}=200
217
218    # Description of argument(s):
219    # user_name       The user name (e.g. "test", "robert", etc.).
220    # expected_error  Expected error optionally provided in testcase (e.g. 401 /
221    #                 authentication error, etc. ).
222
223    Redfishtool Delete  /redfish/v1/AccountService/Accounts/${user_name}
224    ...  ${root_cmd_args}  ${expected_error}
225
226
227Redfishtool Verify User
228    [Documentation]  Verify role of the user.
229    [Arguments]  ${user_name}  ${role}
230
231    # Description of argument(s):
232    # user_name  The user name (e.g. "test", "robert", etc.).
233    # role       The new role of user (e.g. "Administrator", "Operator", etc.).
234
235    ${user_account}=  Redfishtool Get  /redfish/v1/AccountService/Accounts/${user_name}
236    ${json_obj}=   Evaluate  json.loads('''${user_account}''')  json
237    Should Be equal  "${json_obj["RoleId"]}"  ${role}
238
239
240Redfishtool Verify User Name Exists
241    [Documentation]  Verify user name exists.
242    [Arguments]  ${user_name}
243
244    # Description of argument(s):
245    # user_name  The user name (e.g. "test", "robert", etc.).
246
247    ${status}=  Run Keyword And Return Status  redfishtool Get
248    ...  /redfish/v1/AccountService/Accounts/${user_name}
249
250    [return]  ${status}
251
252
253Suite Setup Execution
254    [Documentation]  Do suite setup execution.
255
256    ${tool_exist}=  Run  which redfishtool
257    Should Not Be Empty  ${tool_exist}
258