blob: 52251629f5cade5990e6016e06eead0f05e9dfe2 [file] [log] [blame]
*** Settings ***
Documentation Script to test Redfish privilege registry with various users
... such as test, admin, operator, readonly, patched.
Resource ../../lib/resource.robot
Resource ../../lib/bmc_redfish_resource.robot
Resource ../../lib/openbmc_ffdc.robot
Resource ../../lib/bmc_redfish_utils.robot
Suite Setup Create And Verify Various Privilege Users
Suite Teardown Delete Created Redfish Users Except Default Admin
Test Teardown Redfish.Logout
*** Variables ***
${test_user} testuser
${test_password} testpassword
${admin_user} testadmin
${admin_password} adminpassword
${operator_user} testoperator
${operator_password} operatorpassword
${readonly_user} testreadonly
${readonly_password} readonlypassword
${patched_user} patchuser
${post_user} postuser
${post_password} postpassword
${account_service} ${2}
** Test Cases **
Verify Redfish Privilege Registry Properties
[Documentation] Verify the Redfish Privilege Registry properties.
[Tags] Verify_Redfish_Privilege_Registry_Properties
Redfish.Login
# Get the complete Privilege Registry URL
${url}= Get Redfish Privilege Registry json URL
${resp}= Redfish.Get ${url}
Should Be Equal As Strings ${resp.status} ${HTTP_OK}
# Verify the Privilege Registry Resource.
# Example:
# "Id": "Redfish_1.1.0_PrivilegeRegistry",
# "Name": "Privilege Mapping array collection",
# "PrivilegesUsed": [
# "Login",
# "ConfigureManager",
# "ConfigureUsers",
# "ConfigureComponents",
# "ConfigureSelf"
# ],
Should Be Equal As Strings ${resp.dict["Id"]} Redfish_1.1.0_PrivilegeRegistry
Should Be Equal As Strings ${resp.dict["Name"]} Privilege Mapping array collection
Should Be Equal As Strings ${resp.dict["PrivilegesUsed"][0]} Login
Should Be Equal As Strings ${resp.dict["PrivilegesUsed"][1]} ConfigureManager
Should Be Equal As Strings ${resp.dict["PrivilegesUsed"][2]} ConfigureUsers
Should Be Equal As Strings ${resp.dict["PrivilegesUsed"][3]} ConfigureComponents
Should Be Equal As Strings ${resp.dict["PrivilegesUsed"][4]} ConfigureSelf
Verify Redfish Privilege Registry Mappings Properties For Account Service
[Documentation] Verify Privilege Registry Account Service Mappings resource properties.
[Tags] Verify_Redfish_Privilege_Registry_Mappings_Properties_For_Account_Service
# Below is the mapping for Redfish Privilege Registry property for
# Account Service.
# "Mappings": [
# {
# "Entity": "AccountService",
# "OperationMap": {
# "GET": [{
# "Privilege": [
# "Login"
# ]}],
# "HEAD": [{
# "Privilege": [
# "Login"
# ]}],
# "PATCH": [{
# "Privilege": [
# "ConfigureUsers"
# ]}],
# "PUT": [{
# "Privilege": [
# "ConfigureUsers"
# ]}],
# "DELETE": [{
# "Privilege": [
# "ConfigureUsers"
# ]}],
# "POST": [{
# "Privilege": [
# "ConfigureUsers"
# ]}]}
# }
# | ROLE NAME | ASSIGNED PRIVILEGES
# |---------------|--------------------
# | Administrator | Login, ConfigureManager, ConfigureUsers, ConfigureComponents, ConfigureSelf.
# | Operator | Login, ConfigureComponents, ConfigureSelf.
# | ReadOnly | Login, ConfigureSelf.
# Get the complete Privilege Registry URL.
${url}= Get Redfish Privilege Registry json URL
${resp}= Redfish.Get ${url}
# Get mappings properties for Entity: Account Service.
@{mappings}= Get From Dictionary ${resp.dict} Mappings
Should Be Equal ${mappings[${account_service}]['OperationMap']['GET'][0]['Privilege'][0]}
... Login
Should Be Equal ${mappings[${account_service}]['OperationMap']['HEAD'][0]['Privilege'][0]}
... Login
Should Be Equal ${mappings[${account_service}]['OperationMap']['PATCH'][0]['Privilege'][0]}
... ConfigureUsers
Should Be Equal ${mappings[${account_service}]['OperationMap']['PUT'][0]['Privilege'][0]}
... ConfigureUsers
Should Be Equal ${mappings[${account_service}]['OperationMap']['DELETE'][0]['Privilege'][0]}
... ConfigureUsers
Should Be Equal ${mappings[${account_service}]['OperationMap']['POST'][0]['Privilege'][0]}
... ConfigureUsers
Verify Admin User Privileges Via Redfish
[Documentation] Verify Admin user privileges via Redfish.
[Tags] Verify_Admin_User_Privileges_Via_Redfish
Redfish.Login ${admin_user} ${admin_password}
${payload}= Create Dictionary
... UserName=${post_user} Password=${post_password} RoleId=Operator Enabled=${true}
Redfish.Post ${REDFISH_ACCOUNTS_URI} body=&{payload}
... valid_status_codes=[${HTTP_CREATED}]
${data}= Create Dictionary UserName=${patched_user}
Redfish.patch ${REDFISH_ACCOUNTS_URI}${test_user} body=&{data}
... valid_status_codes=[${HTTP_OK}, ${HTTP_NO_CONTENT}]
${patched_user_name}= Redfish.Get Attribute ${REDFISH_ACCOUNTS_URI}${patched_user} UserName
Should Be Equal ${patched_user_name} ${patched_user}
Verify Operator User Privileges Via Redfish
[Documentation] Verify Operator user privileges via Redfish.
[Tags] Verify_Operator_User_Privileges_Via_Redfish
Redfish.Login ${operator_user} ${operator_password}
${payload}= Create Dictionary
... UserName=${post_user} Password=${post_password} RoleId=Operator Enabled=${true}
Redfish.Post ${REDFISH_ACCOUNTS_URI} body=&{payload}
... valid_status_codes=[${HTTP_FORBIDDEN}]
${data}= Create Dictionary UserName=${patched_user}
Redfish.patch ${REDFISH_ACCOUNTS_URI}${test_user} body=&{data}
... valid_status_codes=[${HTTP_FORBIDDEN}]
Redfish.Get ${REDFISH_ACCOUNTS_URI}${patched_user}
... valid_status_codes=[${HTTP_FORBIDDEN}]
Redfish.Delete ${REDFISH_ACCOUNTS_URI}${patched_user}
... valid_status_codes=[${HTTP_FORBIDDEN}]
Verify ReadOnly User Privileges Via Redfish
[Documentation] Verify ReadOnly user privileges via Redfish.
[Tags] Verify_ReadOnly_User_Privileges_Via_Redfish
Redfish.Login ${readonly_user} ${readonly_password}
${payload}= Create Dictionary
... UserName=${post_user} Password=${post_password} RoleId=Operator Enabled=${true}
Redfish.Post ${REDFISH_ACCOUNTS_URI} body=&{payload}
... valid_status_codes=[${HTTP_FORBIDDEN}]
${data}= Create Dictionary UserName=${patched_user}
Redfish.patch ${REDFISH_ACCOUNTS_URI}${test_user} body=&{data}
... valid_status_codes=[${HTTP_FORBIDDEN}]
Redfish.Get ${REDFISH_ACCOUNTS_URI}${patched_user}
... valid_status_codes=[${HTTP_FORBIDDEN}]
Redfish.Delete ${REDFISH_ACCOUNTS_URI}${patched_user}
... valid_status_codes=[${HTTP_FORBIDDEN}]
*** Keywords ***
Get Redfish Privilege Registry Json URL
[Documentation] Return the complete Privilege Registry Json URL.
# Get Privilege Registry version Json path in redfish.
# Example: Redfish_1.1.0_PrivilegeRegistry.json
${resp}= Redfish.Get
... /redfish/v1/Registries/PrivilegeRegistry/
@{location}= Get From Dictionary ${resp.dict} Location
${uri}= Set Variable ${location[0]['Uri']}
RETURN ${uri}
Create And Verify Various Privilege Users
[Documentation] Create and verify admin, test, operator, and readonly users.
Redfish Create User ${test_user} ${test_password} Operator ${true}
Redfish Create User ${admin_user} ${admin_password} Administrator ${true}
Redfish Create User ${operator_user} ${operator_password} Operator ${true}
Redfish Create User ${readonly_user} ${readonly_password} ReadOnly ${true}
Redfish Verify User ${test_user} ${test_password} Operator
Redfish Verify User ${admin_user} ${admin_password} Administrator
Redfish Verify User ${operator_user} ${operator_password} Operator
Redfish Verify User ${readonly_user} ${readonly_password} ReadOnly
Redfish Verify User
[Documentation] Verify Redfish user with given credentials.
[Arguments] ${username} ${password} ${role_id}
# Description of argument(s):
# username The username to be created.
# password The password to be assigned.
# role_id The role ID of the user to be created
# (e.g. "Administrator", "Operator", etc.).
Run Keyword And Ignore Error Redfish.Logout
Redfish.Login ${username} ${password}
# Validate Role Id of user.
${role_config}= Redfish_Utils.Get Attribute
... /redfish/v1/AccountService/Accounts/${username} RoleId
Should Be Equal ${role_id} ${role_config}
Redfish.Logout
Delete Created Redfish Users Except Default Admin
[Documentation] Delete the admin, patched, operator, readonly, and post users.
Redfish.Login
Run Keyword And Ignore Error Redfish.Delete ${REDFISH_ACCOUNTS_URI}${admin_user}
... valid_status_codes=[${HTTP_OK}]
Run Keyword And Ignore Error Redfish.Delete ${REDFISH_ACCOUNTS_URI}${patched_user}
... valid_status_codes=[${HTTP_OK}]
Run Keyword And Ignore Error Redfish.Delete ${REDFISH_ACCOUNTS_URI}${operator_user}
... valid_status_codes=[${HTTP_OK}]
Run Keyword And Ignore Error Redfish.Delete ${REDFISH_ACCOUNTS_URI}${readonly_user}
... valid_status_codes=[${HTTP_OK}]
Run Keyword And Ignore Error Redfish.Delete ${REDFISH_ACCOUNTS_URI}${post_user}
... valid_status_codes=[${HTTP_OK}]
Redfish.Logout