1*** Settings ***
2
3
4Documentation     Suite to test local user management.
5
6Library           OperatingSystem
7Library           String
8Library           Collections
9
10Resource          ../../lib/resource.robot
11Resource          ../../lib/bmc_redfish_resource.robot
12Resource          ../../lib/openbmc_ffdc.robot
13Resource          ../../lib/certificate_utils.robot
14Resource          ../../lib/dmtf_redfishtool_utils.robot
15
16Suite Setup       Suite Setup Execution
17
18
19*** Variables ***
20
21${root_cmd_args} =  SEPARATOR=
22...  redfishtool raw -r ${OPENBMC_HOST}:${HTTPS_PORT} -u ${OPENBMC_USERNAME} -p ${OPENBMC_PASSWORD} -S Always
23
24
25*** Test Cases ***
26
27Verify Redfishtool Create Users
28    [Documentation]  Create user via Redfishtool and verify.
29    [Tags]  Verify_Redfishtool_Create_Users
30    [Teardown]  Redfishtool Delete User  "UserT100"
31
32    Redfishtool Create User  "UserT100"  "TestPwd123"  "Operator"  true
33    Redfishtool Verify User  "UserT100"  "Operator"
34
35
36Verify Redfishtool Modify Users
37    [Documentation]  Modify user via Redfishtool and verify.
38    [Tags]  Verify_Redfishtool_Modify_Users
39    [Teardown]  Redfishtool Delete User  "UserT100"
40
41    Redfishtool Create User  "UserT100"  "TestPwd123"  "Operator"  true
42    Redfishtool Update User Role  "UserT100"  "Administrator"
43    Redfishtool Verify User  "UserT100"  "Administrator"
44
45
46Verify Redfishtool Delete Users
47    [Documentation]  Delete user via Redfishtool and verify.
48    [Tags]  Verify_Redfishtool_Delete_Users
49
50    Redfishtool Create User  "UserT100"  "TestPwd123"  "Operator"  true
51    Redfishtool Delete User  "UserT100"
52    ${status}=  Redfishtool Verify User Name Exists  "UserT100"
53    Should Be True  ${status} == False
54
55
56Verify Redfishtool Login With Deleted Redfish Users
57    [Documentation]  Verify login with deleted user via Redfishtool.
58    [Tags]  Verify_Redfishtool_Login_With_Deleted_Redfish_Users
59
60    Redfishtool Create User  "UserT100"  "TestPwd123"  "Operator"  true
61    Redfishtool Delete User  "UserT100"
62    Redfishtool Access Resource  /redfish/v1/AccountService/Accounts  "UserT100"  "TestPwd123"
63    ...  ${HTTP_UNAUTHORIZED}
64
65
66Verify Redfishtool Error Upon Creating Same Users With Different Privileges
67    [Documentation]  Verify error upon creating same users with different privileges.
68    [Tags]  Verify_Redfishtool_Error_Upon_Creating_Same_Users_With_Different_Privileges
69    [Teardown]  Redfishtool Delete User  "UserT100"
70
71    Redfishtool Create User  "UserT100"  "TestPwd123"  "Operator"  true
72    Redfishtool Create User  "UserT100"  "TestPwd123"  "Administrator"  true
73    ...  expected_error=${HTTP_BAD_REQUEST}
74
75
76Verify Redfishtool Admin User Privilege
77    [Documentation]  Verify privilege of admin user.
78    [Tags]  Verify_Redfishtool_Admin_User_Privilege
79    [Teardown]  Run Keywords  Redfishtool Delete User  "UserT100"  AND
80    ...  Redfishtool Delete User  "UserT101"
81
82    Redfishtool Create User  "UserT100"  "TestPwd123"  "Administrator"  true
83
84    # Verify if an user can be added by admin
85    Redfishtool Create User  "UserT101"  "TestPwd123"  "Operator"  true  "UserT100"  "TestPwd123"
86
87
88Verify Redfishtool ReadOnly User Privilege
89    [Documentation]  Verify Redfishtool ReadOnly user privilege works.
90    [Tags]  Verify_Redfishtool_ReadOnly_User_Privilege
91    [Teardown]  Redfishtool Delete User  "UserT100"
92
93    Redfishtool Create User  "UserT100"  "TestPwd123"  "ReadOnly"  true
94    Redfishtool Access Resource  /redfish/v1/Systems/  "UserT100"  "TestPwd123"
95
96    Redfishtool Create User
97    ...  "UserT101"  "TestPwd123"  "Operator"  true  "UserT100"  "TestPwd123"  ${HTTP_FORBIDDEN}
98
99
100Verify Redfishtool Operator User Privilege
101    [Documentation]  Verify that an operator user is able to perform operator privilege
102    ...  task(e.g. create user, delete user).
103    [Tags]  Verify_Redfishtool_Operator_User_Privilege
104    [Teardown]  Redfishtool Delete User  "UserT100"
105
106    Redfishtool Create User  "UserT100"  "TestPwd123"  "ReadOnly"  true
107    Redfishtool Access Resource  /redfish/v1/Systems/  "UserT100"  "TestPwd123"
108
109    Redfishtool Create User
110    ...  "UserT101"  "TestPwd123"  "Operator"  true  "UserT100"  "TestPwd123"  ${HTTP_FORBIDDEN}
111
112
113Verify Error While Creating User With Invalid Role
114    [Documentation]  Verify error while creating a user with invalid role using Redfishtool.
115    [Tags]  Verify_Error_While_Creating_User_With_Invalid_Role
116    [Teardown]  Redfishtool Delete User  "UserT100"  ${HTTP_NOT_FOUND}
117
118    Redfishtool Create User  "UserT100"  "TestPwd123"  "wrongroleid"  true  expected_error=${HTTP_BAD_REQUEST}
119
120
121Verify Minimum Password Length For Redfish User
122    [Documentation]  Verify minimum password length of eight characters for new and existing user.
123    [Tags]  Verify_Minimum_Password_Length_For_Redfish_User
124    [Teardown]  Redfishtool Delete User  "UserT100"
125
126    Redfishtool Create User  "UserT100"  "TestPwd"  "Operator"  true  expected_error=${HTTP_BAD_REQUEST}
127    Redfishtool Create User  "UserT100"  "TestPwd1"  "Operator"  true
128
129
130Verify Create User Without Enabling
131    [Documentation]  Create an user without enabling it and verify that it does not have access.
132    [Teardown]  Redfishtool Delete User  "UserT100"
133
134    Redfishtool Create User  "UserT100"  "TestPwd123"  "Operator"  false
135    Redfishtool Access Resource  /redfish/v1/AccountService/Accounts  "UserT100"  "TestPwd123"
136    ...  ${HTTP_UNAUTHORIZED}
137
138
139Verify Error While Running Redfishtool With Incorrect Password
140    [Documentation]  Verify error while running redfishtool with incorrect Password.
141    [Tags]  Verify_Error_While_Running_Redfishtool_With_Incorrect_Password
142    [Teardown]  Redfishtool Delete User  "UserT100"
143
144    Redfishtool Create User  "UserT100"  "TestPwd123"  "Administrator"  true
145    Redfishtool Access Resource  /redfish/v1/Systems/  "UserT100"  "TestPwd234"  ${HTTP_UNAUTHORIZED}
146
147*** Keywords ***
148
149
150Redfishtool Access Resource
151    [Documentation]  Access resource.
152    [Arguments]  ${uri}   ${login_user}  ${login_pasword}  ${expected_error}=200
153
154    # Description of argument(s):
155    # uri            URI for resource access.
156    # login_user     The login user name used other than default root user.
157    # login_pasword  The login password.
158    # expected_error Expected error optionally provided in testcase (e.g. 401 /
159    #                authentication error, etc. )
160
161    ${user_cmd_args}=  Set Variable
162    ...  redfishtool raw -r ${OPENBMC_HOST} -u ${login_user} -p ${login_pasword} -S Always
163    Redfishtool Get  ${uri}  ${user_cmd_args}  ${expected_error}
164
165
166Redfishtool Create User
167    [Documentation]  Create new user.
168    [Arguments]  ${user_name}  ${password}  ${roleID}  ${enable}  ${login_user}=""  ${login_pasword}=""
169    ...  ${expected_error}=200
170
171    # Description of argument(s):
172    # user_name      The user name (e.g. "test", "robert", etc.).
173    # password       The user password (e.g. "0penBmc", "0penBmc1", etc.).
174    # roleID         The role of user (e.g. "Administrator", "Operator", etc.).
175    # enable         Enabled attribute of (e.g. true or false).
176    # expected_error Expected error optionally provided in testcase (e.g. 401 /
177    #                authentication error, etc. )
178
179    ${user_cmd_args}=  Set Variable
180    ...  redfishtool raw -r ${OPENBMC_HOST} -u ${login_user} -p ${login_pasword} -S Always
181    ${data}=  Set Variable
182    ...  '{"UserName":${user_name},"Password":${password},"RoleId":${roleId},"Enabled":${enable}}'
183    Run Keyword If  ${login_user} == ""
184    ...   Redfishtool Post  ${data}  /redfish/v1/AccountService/Accounts  ${root_cmd_args}  ${expected_error}
185    ...   ELSE
186    ...   Redfishtool Post  ${data}  /redfish/v1/AccountService/Accounts  ${user_cmd_args}  ${expected_error}
187
188
189Redfishtool Update User Role
190    [Documentation]  Update user role.
191    [Arguments]  ${user_name}  ${newRole}  ${login_user}=""  ${login_pasword}=""
192    ...  ${expected_error}=200
193
194    # Description of argument(s):
195    # user_name      The user name (e.g. "test", "robert", etc.).
196    # newRole        The new role of user (e.g. "Administrator", "Operator", etc.).
197    # login_user     The login user name used other than default root user.
198    # login_pasword  The login password.
199    # expected_error Expected error optionally provided in testcase (e.g. 401 /
200    #                authentication error, etc. )
201
202    ${user_cmd_args}=  Set Variable
203    ...  redfishtool raw -r ${OPENBMC_HOST} -u ${login_user} -p ${login_pasword} -S Always
204    Run Keyword If  ${login_user} == ""
205    ...   Redfishtool Patch  '{"RoleId":${newRole}}'
206          ...  /redfish/v1/AccountService/Accounts/${user_name}  ${root_cmd_args}  ${expected_error}
207    ...   ELSE
208    ...   Redfishtool Patch  '{"RoleId":${newRole}}'
209          ...  /redfish/v1/AccountService/Accounts/${user_name}  ${user_cmd_args}  ${expected_error}
210
211
212Redfishtool Delete User
213    [Documentation]  Delete an user.
214    [Arguments]  ${user_name}  ${expected_error}=200
215
216    # Description of argument(s):
217    # user_name       The user name (e.g. "test", "robert", etc.).
218    # expected_error  Expected error optionally provided in testcase (e.g. 401 /
219    #                 authentication error, etc. ).
220
221    Redfishtool Delete  /redfish/v1/AccountService/Accounts/${user_name}
222    ...  ${root_cmd_args}  ${expected_error}
223
224
225Redfishtool Verify User
226    [Documentation]  Verify role of the user.
227    [Arguments]  ${user_name}  ${role}
228
229    # Description of argument(s):
230    # user_name  The user name (e.g. "test", "robert", etc.).
231    # role       The new role of user (e.g. "Administrator", "Operator", etc.).
232
233    ${user_account}=  Redfishtool Get  /redfish/v1/AccountService/Accounts/${user_name}
234    ${json_obj}=   Evaluate  json.loads('''${user_account}''')  json
235    Should Be equal  "${json_obj["RoleId"]}"  ${role}
236
237
238Redfishtool Verify User Name Exists
239    [Documentation]  Verify user name exists.
240    [Arguments]  ${user_name}
241
242    # Description of argument(s):
243    # user_name  The user name (e.g. "test", "robert", etc.).
244
245    ${status}=  Run Keyword And Return Status  redfishtool Get
246    ...  /redfish/v1/AccountService/Accounts/${user_name}
247
248    [return]  ${status}
249
250
251Redfishtool GetAttribute
252    [Documentation]  Execute redfishtool for GET operation.
253    [Arguments]  ${uri}  ${Attribute}  ${cmd_args}=${root_cmd_args}  ${expected_error}=""
254
255    # Description of argument(s):
256    # uri             URI for GET operation (e.g. /redfish/v1/AccountService/Accounts/).
257    # Attribute       The specific attribute to be retrieved with the URI.
258    # cmd_args        Commandline arguments.
259    # expected_error  Expected error optionally provided in testcase (e.g. 401 /
260    #                 authentication error, etc. ).
261
262    ${rc}  ${cmd_output}=  Run and Return RC and Output  ${cmd_args} GET ${uri}
263    Run Keyword If  ${rc} != 0  Is HTTP error Expected  ${cmd_output}  ${expected_error}
264    ${json_object}=  To JSON  ${cmd_output}
265
266    [Return]  ${json_object["${Attribute}"]}
267
268
269Suite Setup Execution
270    [Documentation]  Do suite setup execution.
271
272    ${tool_exist}=  Run  which redfishtool
273    Should Not Be Empty  ${tool_exist}
274