Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / openbmc-test-automation / 746884b202bfacc74fde1245839bcc6a08fc4eab / . / redfish / account_service / test_user_account.robot
blob: b21eb5fd6dbcbc3fc193a9ed2eea8df950e22b80 [file] [log] [blame]
*** Settings ***
Documentation Test Redfish user account.
Resource ../../lib/resource.robot
Resource ../../lib/bmc_redfish_resource.robot
Resource ../../lib/openbmc_ffdc.robot
Resource ../../lib/bmc_redfish_utils.robot
Library SSHLibrary
Test Setup Redfish.Login
Test Teardown Test Teardown Execution
*** Variables ***
${account_lockout_duration} ${30}
${account_lockout_threshold} ${3}
** Test Cases **
Verify AccountService Available
[Documentation] Verify Redfish account service is available.
[Tags] Verify_AccountService_Available
${resp} = Redfish_utils.Get Attribute /redfish/v1/AccountService ServiceEnabled
Should Be Equal As Strings ${resp} ${True}
Verify Redfish Admin User Persistence After Reboot
[Documentation] Verify Redfish admin user persistence after reboot.
[Tags] Verify_Redfish_Admin_User_Persistence_After_Reboot
[Setup] Run Keywords Redfish.Login AND
... Redfish Create User admin_user TestPwd123 Administrator ${True}
[Teardown] Run Keywords Redfish.Delete /redfish/v1/AccountService/Accounts/admin_user
... AND Test Teardown Execution
# Reboot BMC.
Redfish OBMC Reboot (off) stack_mode=normal
# Verify users after reboot.
Redfish Verify User admin_user TestPwd123 Administrator ${True}
Verify Redfish Operator User Persistence After Reboot
[Documentation] Verify Redfish operator user persistence after reboot.
[Tags] Verify_Redfish_Operator_User_Persistence_After_Reboot
[Setup] Run Keywords Redfish.Login AND
... Redfish Create User operator_user TestPwd123 Operator ${True}
[Teardown] Run Keywords Redfish.Delete /redfish/v1/AccountService/Accounts/operator_user
... AND Test Teardown Execution
# Reboot BMC.
Redfish OBMC Reboot (off) stack_mode=normal
# Verify users after reboot.
Redfish Verify User operator_user TestPwd123 Operator ${True}
Verify Redfish Readonly User Persistence After Reboot
[Documentation] Verify Redfish readonly user persistence after reboot.
[Tags] Verify_Redfish_Readonly_User_Persistence_After_Reboot
[Setup] Run Keywords Redfish.Login AND
... Redfish Create User readonly_user TestPwd123 ReadOnly ${True}
[Teardown] Run Keywords Redfish.Delete /redfish/v1/AccountService/Accounts/readonly_user
... AND Test Teardown Execution
# Reboot BMC.
Redfish OBMC Reboot (off) stack_mode=normal
# Verify users after reboot.
Redfish Verify User readonly_user TestPwd123 ReadOnly ${True}
Redfish Create and Verify Admin User
[Documentation] Create a Redfish user with administrator role and verify.
[Tags] Redfish_Create_and_Verify_Admin_User
[Template] Redfish Create And Verify User
#username password role_id enabled
admin_user TestPwd123 Administrator ${True}
Redfish Create and Verify Operator User
[Documentation] Create a Redfish user with operator role and verify.
[Tags] Redfish_Create_and_Verify_Operator_User
[Template] Redfish Create And Verify User
#username password role_id enabled
operator_user TestPwd123 Operator ${True}
Redfish Create and Verify Readonly User
[Documentation] Create a Redfish user with readonly role and verify.
[Tags] Redfish_Create_and_Verify_Readonly_User
[Template] Redfish Create And Verify User
#username password role_id enabled
readonly_user TestPwd123 ReadOnly ${True}
Verify Redfish Admin User With Wrong Password
[Documentation] Verify Redfish admin user with wrong password.
[Tags] Verify_Redfish_Admin_User_With_Wrong_Password
[Template] Verify Redfish User with Wrong Password
#username password role_id enabled wrong_password
admin_user TestPwd123 Administrator ${True} alskjhfwurh
Verify Redfish Operator User with Wrong Password
[Documentation] Verify Redfish operator user with wrong password.
[Tags] Verify_Redfish_Operator_User_with_Wrong_Password
[Template] Verify Redfish User with Wrong Password
#username password role_id enabled wrong_password
operator_user TestPwd123 Operator ${True} 12j8a8uakjhdaosiruf024
Verify Redfish Readonly User With Wrong Password
[Documentation] Verify Redfish readonly user with wrong password.
[Tags] Verify_Redfish_Readonly_User_With_Wrong_Password
[Template] Verify Redfish User with Wrong Password
#username password role_id enabled wrong_password
readonly_user TestPwd123 ReadOnly ${True} 12
Verify Login with Deleted Redfish Admin User
[Documentation] Verify login with deleted Redfish admin user.
[Tags] Verify_Login_with_Deleted_Redfish_Admin_User
[Template] Verify Login with Deleted Redfish User
#username password role_id enabled
admin_user TestPwd123 Administrator ${True}
Verify Login with Deleted Redfish Operator User
[Documentation] Verify login with deleted Redfish operator user.
[Tags] Verify_Login_with_Deleted_Redfish_Operator_User
[Template] Verify Login with Deleted Redfish User
#username password role_id enabled
operator_user TestPwd123 Operator ${True}
Verify Login with Deleted Redfish Readonly User
[Documentation] Verify login with deleted Redfish readonly user.
[Tags] Verify_Login_with_Deleted_Redfish_Readonly_User
[Template] Verify Login with Deleted Redfish User
#username password role_id enabled
readonly_user TestPwd123 ReadOnly ${True}
Verify Admin User Creation Without Enabling It
[Documentation] Verify admin user creation without enabling it.
[Tags] Verify_Admin_User_Creation_Without_Enabling_It
[Template] Verify Create User Without Enabling
#username password role_id enabled
admin_user TestPwd123 Administrator ${False}
Verify Operator User Creation Without Enabling It
[Documentation] Verify operator user creation without enabling it.
[Tags] Verify_Operator_User_Creation_Without_Enabling_It
[Template] Verify Create User Without Enabling
#username password role_id enabled
operator_user TestPwd123 Operator ${False}
Verify Readonly User Creation Without Enabling It
[Documentation] Verify readonly user creation without enabling it.
[Tags] Verify_Readonly_User_Creation_Without_Enabling_It
[Template] Verify Create User Without Enabling
#username password role_id enabled
readonly_user TestPwd123 ReadOnly ${False}
Verify User Creation With Invalid Role Id
[Documentation] Verify user creation with invalid role ID.
[Tags] Verify_User_Creation_With_Invalid_Role_Id
# Make sure the user account in question does not already exist.
Redfish.Delete /redfish/v1/AccountService/Accounts/test_user
... valid_status_codes=[${HTTP_OK}, ${HTTP_NOT_FOUND}]
# Create specified user.
${payload}= Create Dictionary
... UserName=test_user Password=TestPwd123 RoleId=wrongroleid Enabled=${True}
Redfish.Post /redfish/v1/AccountService/Accounts/ body=&{payload}
... valid_status_codes=[${HTTP_BAD_REQUEST}]
Verify Error Upon Creating Same Users With Different Privileges
[Documentation] Verify error upon creating same users with different privileges.
[Tags] Verify_Error_Upon_Creating_Same_Users_With_Different_Privileges
Redfish Create User test_user TestPwd123 Administrator ${True}
# Create specified user.
${payload}= Create Dictionary
... UserName=test_user Password=TestPwd123 RoleId=ReadOnly Enabled=${True}
Redfish.Post /redfish/v1/AccountService/Accounts/ body=&{payload}
... valid_status_codes=[${HTTP_BAD_REQUEST}]
Redfish.Delete /redfish/v1/AccountService/Accounts/test_user
Verify Modifying User Attributes
[Documentation] Verify modifying user attributes.
[Tags] Verify_Modifying_User_Attributes
# Create Redfish users.
Redfish Create User admin_user TestPwd123 Administrator ${True}
Redfish Create User readonly_user TestPwd123 ReadOnly ${True}
# Make sure the new user account does not already exist.
Redfish.Delete /redfish/v1/AccountService/Accounts/newadmin_user
... valid_status_codes=[${HTTP_OK}, ${HTTP_NOT_FOUND}]
# Update admin_user username using Redfish.
${payload}= Create Dictionary UserName=newadmin_user
Redfish.Patch /redfish/v1/AccountService/Accounts/admin_user body=&{payload}
# Update readonly_user role using Redfish.
${payload}= Create Dictionary RoleId=Administrator
Redfish.Patch /redfish/v1/AccountService/Accounts/readonly_user body=&{payload}
# Verify users after updating
Redfish Verify User newadmin_user TestPwd123 Administrator ${True}
Redfish Verify User readonly_user TestPwd123 Administrator ${True}
# Delete created users.
Redfish.Delete /redfish/v1/AccountService/Accounts/newadmin_user
Redfish.Delete /redfish/v1/AccountService/Accounts/readonly_user
Verify Modifying Operator User Attributes
[Documentation] Verify modifying operator user attributes.
[Tags] Verify_Modifying_Operator_User_Attributes
[Setup] Run Keywords Redfish.Login AND
... Redfish Create User operator_user TestPwd123 Operator ${True}
[Teardown] Run Keywords Redfish.Delete /redfish/v1/AccountService/Accounts/operator_user
... AND Test Teardown Execution
# Update operator_user password using Redfish.
${payload}= Create Dictionary Password=NewTestPwd123
Redfish.Patch /redfish/v1/AccountService/Accounts/operator_user body=&{payload}
# Verify users after updating
Redfish Verify User operator_user NewTestPwd123 Operator ${True}
Verify User Account Locked
[Documentation] Verify user account locked upon trying with invalid password.
[Tags] Verify_User_Account_Locked
Redfish Create User admin_user TestPwd123 Administrator ${True}
${payload}= Create Dictionary AccountLockoutThreshold=${account_lockout_threshold}
... AccountLockoutDuration=${account_lockout_duration}
Redfish.Patch ${REDFISH_ACCOUNTS_SERVICE_URI} body=${payload}
Redfish.Logout
# Make ${account_lockout_threshold} failed login attempts.
Repeat Keyword ${account_lockout_threshold} times
... Run Keyword And Expect Error InvalidCredentialsError* Redfish.Login admin_user abc123
# Verify that legitimate login fails due to lockout.
Run Keyword And Expect Error InvalidCredentialsError*
... Redfish.Login admin_user TestPwd123
# Wait for lockout duration to expire and then verify that login works.
Sleep ${account_lockout_duration}s
Redfish.Login admin_user TestPwd123
Redfish.Logout
Redfish.Login
Redfish.Delete /redfish/v1/AccountService/Accounts/admin_user
Verify User Account Unlock
[Documentation] Verify manually unlocking the account before lockout time
[Tags] Verify_User_Account_Unlock
[Teardown] Run Keywords Redfish.Logout AND Redfish.Login AND
... AND Redfish.Delete /redfish/v1/AccountService/Accounts/test_user
... AND SSHLibrary.Close All Connections
Redfish Create User test_user TestPwd123 Administrator ${True}
${payload}= Create Dictionary
... AccountLockoutThreshold=${account_lockout_threshold}
... AccountLockoutDuration=${account_lockout_duration}
Redfish.Patch ${REDFISH_ACCOUNTS_SERVICE_URI} body=${payload}
Redfish.Logout
# Make ${account_lockout_threshold} failed login attempts.
Repeat Keyword ${account_lockout_threshold} times
... Run Keyword And Expect Error InvalidCredentialsError*
... Redfish.Login test_user abc123
# Ensure SSH Login with locked account gets failed
SSHLibrary.Open Connection ${OPENBMC_HOST}
Run Keyword And Expect Error Authentication failed*
... SSHLibrary.Login test_user TestPwd123
# Verify that legitimate login fails due to lockout.
Run Keyword And Expect Error InvalidCredentialsError*
... Redfish.Login test_user TestPwd123
${payload}= Create Dictionary Locked=${FALSE}
# Manually unlock the account before lockout threshold expires
Redfish.Login
Redfish.Patch ${REDFISH_ACCOUNTS_URI}test_user body=${payload}
Redfish.Logout
# Try redfish login with the recently unlocked account
Redfish.Login test_user TestPwd123
# Try SSH login with the unlocked account
SSHLibrary.Open Connection ${OPENBMC_HOST}
SSHLibrary.Login test_user TestPwd123
Verify Admin User Privilege
[Documentation] Verify admin user privilege.
[Tags] Verify_Admin_User_Privilege
Redfish Create User admin_user TestPwd123 Administrator ${True}
Redfish Create User readonly_user TestPwd123 ReadOnly ${True}
Redfish.Logout
Redfish.Login admin_user TestPwd123
# Change password of 'readonly' user with admin user.
Redfish.Patch /redfish/v1/AccountService/Accounts/readonly_user body={'Password': 'NewTestPwd123'}
# Verify modified user.
Redfish Verify User readonly_user NewTestPwd123 ReadOnly ${True}
# Note: Delete user would work here because a root login is
# performed as part of "Redfish Verify User" keyword's teardown.
Redfish.Delete /redfish/v1/AccountService/Accounts/admin_user
Redfish.Delete /redfish/v1/AccountService/Accounts/readonly_user
Verify Operator User Role Change Using Admin Privilege User
[Documentation] Verify operator user role change using admin privilege user
[Tags] Verify_Operator_User_Role_Change_Using_Admin_Privilege_User
Redfish Create User admin_user TestPwd123 Administrator ${True}
Redfish Create User operator_user TestPwd123 Operator ${True}
Redfish.Logout
# Change role ID of operator user with admin user.
# Login with admin user.
Redfish.Login admin_user TestPwd123
# Modify Role ID of Operator user.
Redfish.Patch /redfish/v1/AccountService/Accounts/operator_user body={'RoleId': 'Administrator'}
# Verify modified user.
Redfish Verify User operator_user TestPwd123 Administrator ${True}
Redfish.Delete /redfish/v1/AccountService/Accounts/admin_user
Redfish.Delete /redfish/v1/AccountService/Accounts/operator_user
Verify Operator User Privilege
[Documentation] Verify operator user privilege.
[Tags] Verify_Operator_User_Privilege
Redfish Create User admin_user TestPwd123 Administrator ${True}
Redfish Create User operator_user TestPwd123 Operator ${True}
Redfish.Logout
# Login with operator user.
Redfish.Login operator_user TestPwd123
# Verify BMC reset.
Run Keyword And Expect Error ValueError* Redfish BMC Reset Operation
# Attempt to change password of admin user with operator user.
Redfish.Patch /redfish/v1/AccountService/Accounts/admin_user body={'Password': 'NewTestPwd123'}
... valid_status_codes=[${HTTP_FORBIDDEN}]
Redfish.Logout
Redfish.Login
Redfish.Delete /redfish/v1/AccountService/Accounts/admin_user
Redfish.Delete /redfish/v1/AccountService/Accounts/operator_user
Verify ReadOnly User Privilege
[Documentation] Verify ReadOnly user privilege.
[Tags] Verify_ReadOnly_User_Privilege
Redfish Create User readonly_user TestPwd123 ReadOnly ${True}
Redfish.Logout
# Login with read_only user.
Redfish.Login readonly_user TestPwd123
# Read system level data.
${system_model}= Redfish_Utils.Get Attribute
... ${SYSTEM_BASE_URI} Model
Redfish.Logout
Redfish.Login
Redfish.Delete ${REDFISH_ACCOUNTS_URI}readonly_user
Verify Minimum Password Length For Redfish User
[Documentation] Verify minimum password length for new and existing user.
[Tags] Verify_Minimum_Password_Length_For_Redfish_User
${user_name}= Set Variable testUser
# Make sure the user account in question does not already exist.
Redfish.Delete /redfish/v1/AccountService/Accounts/${user_name}
... valid_status_codes=[${HTTP_OK}, ${HTTP_NOT_FOUND}]
# Try to create a user with invalid length password.
${payload}= Create Dictionary
... UserName=${user_name} Password=UserPwd RoleId=Administrator Enabled=${True}
Redfish.Post /redfish/v1/AccountService/Accounts/ body=&{payload}
... valid_status_codes=[${HTTP_BAD_REQUEST}]
# Create specified user with valid length password.
Set To Dictionary ${payload} Password UserPwd1
Redfish.Post /redfish/v1/AccountService/Accounts/ body=&{payload}
... valid_status_codes=[${HTTP_CREATED}]
# Try to change to an invalid password.
Redfish.Patch /redfish/v1/AccountService/Accounts/${user_name} body={'Password': 'UserPwd'}
... valid_status_codes=[${HTTP_BAD_REQUEST}]
# Change to a valid password.
Redfish.Patch /redfish/v1/AccountService/Accounts/${user_name} body={'Password': 'UserPwd1'}
# Verify login.
Redfish.Logout
Redfish.Login ${user_name} UserPwd1
Redfish.Logout
Redfish.Login
Redfish.Delete /redfish/v1/AccountService/Accounts/${user_name}
Verify Standard User Roles Defined By Redfish
[Documentation] Verify standard user roles defined by Redfish.
[Tags] Verify_Standard_User_Roles_Defined_By_Redfish
${member_list}= Redfish_Utils.Get Member List
... /redfish/v1/AccountService/Roles
@{roles}= Create List
... /redfish/v1/AccountService/Roles/Administrator
... /redfish/v1/AccountService/Roles/Operator
... /redfish/v1/AccountService/Roles/ReadOnly
List Should Contain Sub List ${member_list} ${roles}
# The standard roles are:
# | Role name | Assigned privileges |
# | Administrator | Login, ConfigureManager, ConfigureUsers, ConfigureComponents, ConfigureSelf |
# | Operator | Login, ConfigureComponents, ConfigureSelf |
# | ReadOnly | Login, ConfigureSelf |
@{admin}= Create List Login ConfigureManager ConfigureUsers ConfigureComponents ConfigureSelf
@{operator}= Create List Login ConfigureComponents ConfigureSelf
@{readOnly}= Create List Login ConfigureSelf
${roles_dict}= create dictionary admin_privileges=${admin} operator_privileges=${operator}
... readOnly_privileges=${readOnly}
${resp}= redfish.Get /redfish/v1/AccountService/Roles/Administrator
List Should Contain Sub List ${resp.dict['AssignedPrivileges']} ${roles_dict['admin_privileges']}
${resp}= redfish.Get /redfish/v1/AccountService/Roles/Operator
List Should Contain Sub List ${resp.dict['AssignedPrivileges']} ${roles_dict['operator_privileges']}
${resp}= redfish.Get /redfish/v1/AccountService/Roles/ReadOnly
List Should Contain Sub List ${resp.dict['AssignedPrivileges']} ${roles_dict['readOnly_privileges']}
Verify Error While Deleting Root User
[Documentation] Verify error while deleting root user.
[Tags] Verify_Error_While_Deleting_Root_User
Redfish.Delete /redfish/v1/AccountService/Accounts/root valid_status_codes=[${HTTP_FORBIDDEN}]
Verify SSH Login Access With Admin User
[Documentation] Verify that admin user does not have SSH login access.
[Tags] Verify_SSH_Login_Access_With_Admin_User
# Create an admin User.
Redfish Create User new_admin TestPwd1 Administrator ${True}
# Attempt SSH login with admin user.
SSHLibrary.Open Connection ${OPENBMC_HOST}
${status}= Run Keyword And Return Status SSHLibrary.Login new_admin TestPwd1
Should Be Equal ${status} ${False}
Redfish.Login
Redfish.Delete /redfish/v1/AccountService/Accounts/new_admin
Verify Configure BasicAuth Enable And Disable
[Documentation] Verify configure basicauth enable and disable
[Tags] Verify_Configure_BasicAuth_Enable_And_Disable
[Template] Template For Configure Auth Methods
# auth_method
BasicAuth
XToken
*** Keywords ***
Test Teardown Execution
[Documentation] Do the post test teardown.
Run Keyword And Ignore Error Redfish.Logout
FFDC On Test Case Fail
Redfish Create User
[Documentation] Redfish create user.
[Arguments] ${username} ${password} ${role_id} ${enabled} ${login_check}=${True}
# Description of argument(s):
# username The username to be created.
# password The password to be assigned.
# role_id The role ID of the user to be created
# (e.g. "Administrator", "Operator", etc.).
# enabled Indicates whether the username being created
# should be enabled (${True}, ${False}).
# login_check Checks user login for created user.
# (e.g. ${True}, ${False}).
# Make sure the user account in question does not already exist.
Redfish.Delete /redfish/v1/AccountService/Accounts/${userName}
... valid_status_codes=[${HTTP_OK}, ${HTTP_NOT_FOUND}]
# Create specified user.
${payload}= Create Dictionary
... UserName=${username} Password=${password} RoleId=${role_id} Enabled=${enabled}
Redfish.Post /redfish/v1/AccountService/Accounts/ body=&{payload}
... valid_status_codes=[${HTTP_CREATED}]
# Resetting faillock count as a workaround for issue
# openbmc/phosphor-user-manager#4
${cmd}= Catenate test -f /usr/sbin/faillock && /usr/sbin/faillock --user USER --reset
... || /usr/sbin/pam_tally2 -u ${username} --reset
Bmc Execute Command ${cmd}
# Verify login with created user.
${status}= Run Keyword If '${login_check}' == '${True}'
... Verify Redfish User Login ${username} ${password}
Run Keyword If '${login_check}' == '${True}' Should Be Equal ${status} ${enabled}
# Validate Role ID of created user.
${role_config}= Redfish_Utils.Get Attribute
... /redfish/v1/AccountService/Accounts/${username} RoleId
Should Be Equal ${role_id} ${role_config}
Redfish Verify User
[Documentation] Redfish user verification.
[Arguments] ${username} ${password} ${role_id} ${enabled}
# Description of argument(s):
# username The username to be created.
# password The password to be assigned.
# role_id The role ID of the user to be created
# (e.g. "Administrator", "Operator", etc.).
# enabled Indicates whether the username being created
# should be enabled (${True}, ${False}).
${status}= Verify Redfish User Login ${username} ${password}
# Doing a check of the returned status.
Should Be Equal ${status} ${enabled}
# Validate Role Id of user.
${role_config}= Redfish_Utils.Get Attribute
... /redfish/v1/AccountService/Accounts/${username} RoleId
Should Be Equal ${role_id} ${role_config}
Verify Redfish User Login
[Documentation] Verify Redfish login with given user id.
[Teardown] Run Keywords Run Keyword And Ignore Error Redfish.Logout AND Redfish.Login
[Arguments] ${username} ${password}
# Description of argument(s):
# username Login username.
# password Login password.
# Logout from current Redfish session.
# We don't really care if the current session is flushed out since we are going to login
# with new credential in next.
Run Keyword And Ignore Error Redfish.Logout
${status}= Run Keyword And Return Status Redfish.Login ${username} ${password}
[Return] ${status}
Redfish Create And Verify User
[Documentation] Redfish create and verify user.
[Arguments] ${username} ${password} ${role_id} ${enabled}
# Description of argument(s):
# username The username to be created.
# password The password to be assigned.
# role_id The role ID of the user to be created
# (e.g. "Administrator", "Operator", etc.).
# enabled Indicates whether the username being created
# should be enabled (${True}, ${False}).
# Example:
#{
#"@odata.context": "/redfish/v1/$metadata#ManagerAccount.ManagerAccount",
#"@odata.id": "/redfish/v1/AccountService/Accounts/test1",
#"@odata.type": "#ManagerAccount.v1_0_3.ManagerAccount",
#"Description": "User Account",
#"Enabled": true,
#"Id": "test1",
#"Links": {
# "Role": {
# "@odata.id": "/redfish/v1/AccountService/Roles/Administrator"
# }
#},
Redfish Create User ${username} ${password} ${role_id} ${enabled}
Redfish Verify User ${username} ${password} ${role_id} ${enabled}
# Delete Specified User
Redfish.Delete /redfish/v1/AccountService/Accounts/${username}
Verify Redfish User with Wrong Password
[Documentation] Verify Redfish User with Wrong Password.
[Arguments] ${username} ${password} ${role_id} ${enabled} ${wrong_password}
# Description of argument(s):
# username The username to be created.
# password The password to be assigned.
# role_id The role ID of the user to be created
# (e.g. "Administrator", "Operator", etc.).
# enabled Indicates whether the username being created
# should be enabled (${True}, ${False}).
# wrong_password Any invalid password.
Redfish Create User ${username} ${password} ${role_id} ${enabled}
Redfish.Logout
# Attempt to login with created user with invalid password.
Run Keyword And Expect Error InvalidCredentialsError*
... Redfish.Login ${username} ${wrong_password}
Redfish.Login
# Delete newly created user.
Redfish.Delete /redfish/v1/AccountService/Accounts/${username}
Verify Login with Deleted Redfish User
[Documentation] Verify Login with Deleted Redfish User.
[Arguments] ${username} ${password} ${role_id} ${enabled}
# Description of argument(s):
# username The username to be created.
# password The password to be assigned.
# role_id The role ID of the user to be created
# (e.g. "Administrator", "Operator", etc.).
# enabled Indicates whether the username being created
# should be enabled (${True}, ${False}).
Redfish Create User ${username} ${password} ${role_id} ${enabled}
# Delete newly created user.
Redfish.Delete /redfish/v1/AccountService/Accounts/${userName}
Redfish.Logout
# Attempt to login with deleted user account.
Run Keyword And Expect Error InvalidCredentialsError*
... Redfish.Login ${username} ${password}
Redfish.Login
Verify Create User Without Enabling
[Documentation] Verify Create User Without Enabling.
[Arguments] ${username} ${password} ${role_id} ${enabled}
# Description of argument(s):
# username The username to be created.
# password The password to be assigned.
# role_id The role ID of the user to be created
# (e.g. "Administrator", "Operator", etc.).
# enabled Indicates whether the username being created
# should be enabled (${True}, ${False}).
Redfish Create User ${username} ${password} ${role_id} ${enabled} ${False}
Redfish.Logout
# Login with created user.
Run Keyword And Expect Error InvalidCredentialsError*
... Redfish.Login ${username} ${password}
Redfish.Login
# Delete newly created user.
Redfish.Delete /redfish/v1/AccountService/Accounts/${username}
Template For Configure Auth Methods
[Documentation] Template to configure auth methods.
[Arguments] ${auth_method}
[Teardown] Configure AuthMethods ${auth_method}=${initial_value}
# Description of Argument(s):
# authmethods The authmethod setting which needs to be
# set in account service URI.
# valid values BasicAuth, XToken.
Get AuthMethods Default Values ${auth_method}
# Patch basicauth to TRUE
Configure AuthMethods ${auth_method}=${TRUE}
Run Keyword IF "${auth_method}" == "XToken"
... Check XToken Works Fine ${HTTP_OK}
... ELSE
... Check BasicAuth Works Fine ${HTTP_OK}
# Patch basicauth to FALSE
Configure AuthMethods ${auth_method}=${FALSE}
Run Keyword IF "${auth_method}" == "BasicAuth"
... Check BasicAuth Works Fine ${HTTP_UNAUTHORIZED}
... ELSE
... Check XToken Works Fine ${HTTP_UNAUTHORIZED}
Configure AuthMethods
[Documentation] Enable/disable authmethod types.
[Arguments] &{authmethods}
# Description of argument(s):
# authmethods The authmethod setting which needs to be
# set in account service URI.
# Usage Example Configure AuthMethods XToken=${TRUE} BasicAuth=${TRUE}
# This will set the value of "XToken" and "BasicAuth"
# property in accountservice uri to TRUE.
${openbmc}= Create Dictionary AuthMethods=${authmethods}
${oem}= Create Dictionary OpenBMC=${openbmc}
${payload}= Create Dictionary Oem=${oem}
# Setting authmethod properties using Redfish session based auth
${status}= Run Keyword And Return Status
... Redfish.Patch ${REDFISH_BASE_URI}AccountService
... body=${payload} valid_status_codes=[${HTTP_OK},${HTTP_NO_CONTENT}]
# Setting authmethod properties using basic auth incase the former fails
IF ${status}==${FALSE}
# Payload dictionary pre-process to match json formatting
${payload}= Convert To String ${payload}
${payload}= Replace String ${payload} ' "
${payload}= Replace String ${payload} False false
${payload}= Replace String ${payload} True true
# Curl Command Framing for PATCH authmethod
${cmd}= Catenate curl -k -i -u ${OPENBMC_USERNAME}:${OPENBMC_PASSWORD}
... -X PATCH '${AUTH_URI}${REDFISH_ACCOUNTS_SERVICE_URI}'
... -H 'content-type:application/json' -H 'If-Match:*'
... -d '${payload}'
${rc} ${out}= Run And Return Rc And Output ${cmd}
# Check the response of curl command is 200 or 204
${check_no_content}=
... Run Keyword and Return Status Should Contain ${out} 204
${check_ok}=
... Run Keyword and Return Status Should Contain ${out} 200
Pass Execution If ${check_no_content}==${TRUE}
... OR ${check_ok}==${TRUE}
END
Get AuthMethods Default Values
[Documentation] Get enabled/disabled status of all authmethods
... from Redfish account service URI
[Arguments] ${authmethod}
# Description of argument(s):
# authmethod The authmethod property whose value needs to be
# retrieved from account service URI.
# Usage Example Get AuthMethods Default Values BasicAuth
# returns >> ${TRUE}
# Example:
# {
# "@odata.id": "/redfish/v1/AccountService",
# (...)
# "Oem": {
# "OpenBMC": {
# "AuthMethods": {
# "BasicAuth": true,
# "Cookie": true,
# "SessionToken": true,
# "TLS": true,
# "XToken": true
# }
# }
# }
# }
${resp}= Redfish.Get Attribute ${REDFISH_ACCOUNTS_SERVICE_URI} Oem
${authmethods}= Set Variable ${resp['OpenBMC']['AuthMethods']}
${initial_value}= Get From Dictionary ${authmethods} ${authmethod}
Set Test Variable ${initial_value}
Check XToken Works Fine
[Documentation] Verify Xtoken works fine.
[Arguments] ${status_code}
# Description of Argument(s):
# status_code : 200, 401.
# Verify xtoken auth works for xtoken
Redfish.Get ${REDFISH_ACCOUNTS_SERVICE_URI}
... valid_status_codes=[${status_code}]
Check BasicAuth Works Fine
[Documentation] Verify Basic Auth works fine.
[Arguments] ${status_code}
# Description of Argument(s):
# status_code : 200, 401.
# Verify basic auth works based on basic auth.
${cmd}= Catenate curl -k -i -u ${OPENBMC_USERNAME}:${OPENBMC_PASSWORD}
... ${AUTH_URI}/redfish/v1/AccountService
${rc} ${out}= Run And Return Rc And Output ${cmd}
# Check the response of curl command is 200/401
Should Contain ${out} ${status_code}