blob: 420d0e37ba5b498a6e92aac43d3cba5227786876 [file] [log] [blame]
*** Settings ***
Documentation Test Redfish user account.
Resource ../../lib/resource.robot
Resource ../../lib/bmc_redfish_resource.robot
Resource ../../lib/openbmc_ffdc.robot
Resource ../../lib/bmc_redfish_utils.robot
Library SSHLibrary
Test Setup Redfish.Login
Test Teardown Test Teardown Execution
*** Variables ***
${account_lockout_duration} ${30}
${account_lockout_threshold} ${3}
${ssh_status} ${True}
** Test Cases **
Verify AccountService Available
[Documentation] Verify Redfish account service is available.
[Tags] Verify_AccountService_Available
${resp} = Redfish_utils.Get Attribute /redfish/v1/AccountService ServiceEnabled
Should Be Equal As Strings ${resp} ${True}
Verify Redfish Admin User Persistence After Reboot
[Documentation] Verify Redfish admin user persistence after reboot.
[Tags] Verify_Redfish_Admin_User_Persistence_After_Reboot
[Setup] Run Keywords Redfish.Login AND
... Redfish Create User admin_user TestPwd123 Administrator ${True}
[Teardown] Run Keywords Redfish.Delete /redfish/v1/AccountService/Accounts/admin_user
... AND Test Teardown Execution
# Reboot BMC.
Redfish OBMC Reboot (off) stack_mode=normal
# Verify users after reboot.
Redfish Verify User admin_user TestPwd123 Administrator ${True}
Verify Redfish Operator User Persistence After Reboot
[Documentation] Verify Redfish operator user persistence after reboot.
[Tags] Verify_Redfish_Operator_User_Persistence_After_Reboot
[Setup] Run Keywords Redfish.Login AND
... Redfish Create User operator_user TestPwd123 Operator ${True}
[Teardown] Run Keywords Redfish.Delete /redfish/v1/AccountService/Accounts/operator_user
... AND Test Teardown Execution
# Reboot BMC.
Redfish OBMC Reboot (off) stack_mode=normal
# Verify users after reboot.
Redfish Verify User operator_user TestPwd123 Operator ${True}
Verify Redfish Readonly User Persistence After Reboot
[Documentation] Verify Redfish readonly user persistence after reboot.
[Tags] Verify_Redfish_Readonly_User_Persistence_After_Reboot
[Setup] Run Keywords Redfish.Login AND
... Redfish Create User readonly_user TestPwd123 ReadOnly ${True}
[Teardown] Run Keywords Redfish.Delete /redfish/v1/AccountService/Accounts/readonly_user
... AND Test Teardown Execution
# Reboot BMC.
Redfish OBMC Reboot (off) stack_mode=normal
# Verify users after reboot.
Redfish Verify User readonly_user TestPwd123 ReadOnly ${True}
Redfish Create and Verify Admin User
[Documentation] Create a Redfish user with administrator role and verify.
[Tags] Redfish_Create_and_Verify_Admin_User
[Template] Redfish Create And Verify User
#username password role_id enabled
admin_user TestPwd123 Administrator ${True}
Redfish Create and Verify Operator User
[Documentation] Create a Redfish user with operator role and verify.
[Tags] Redfish_Create_and_Verify_Operator_User
[Template] Redfish Create And Verify User
#username password role_id enabled
operator_user TestPwd123 Operator ${True}
Redfish Create and Verify Readonly User
[Documentation] Create a Redfish user with readonly role and verify.
[Tags] Redfish_Create_and_Verify_Readonly_User
[Template] Redfish Create And Verify User
#username password role_id enabled
readonly_user TestPwd123 ReadOnly ${True}
Verify Redfish Admin User With Wrong Password
[Documentation] Verify Redfish admin user with wrong password.
[Tags] Verify_Redfish_Admin_User_With_Wrong_Password
[Template] Verify Redfish User with Wrong Password
#username password role_id enabled wrong_password
admin_user TestPwd123 Administrator ${True} alskjhfwurh
Verify Redfish Operator User with Wrong Password
[Documentation] Verify Redfish operator user with wrong password.
[Tags] Verify_Redfish_Operator_User_with_Wrong_Password
[Template] Verify Redfish User with Wrong Password
#username password role_id enabled wrong_password
operator_user TestPwd123 Operator ${True} 12j8a8uakjhdaosiruf024
Verify Redfish Readonly User With Wrong Password
[Documentation] Verify Redfish readonly user with wrong password.
[Tags] Verify_Redfish_Readonly_User_With_Wrong_Password
[Template] Verify Redfish User with Wrong Password
#username password role_id enabled wrong_password
readonly_user TestPwd123 ReadOnly ${True} 12
Verify Login with Deleted Redfish Admin User
[Documentation] Verify login with deleted Redfish admin user.
[Tags] Verify_Login_with_Deleted_Redfish_Admin_User
[Template] Verify Login with Deleted Redfish User
#username password role_id enabled
admin_user TestPwd123 Administrator ${True}
Verify Login with Deleted Redfish Operator User
[Documentation] Verify login with deleted Redfish operator user.
[Tags] Verify_Login_with_Deleted_Redfish_Operator_User
[Template] Verify Login with Deleted Redfish User
#username password role_id enabled
operator_user TestPwd123 Operator ${True}
Verify Login with Deleted Redfish Readonly User
[Documentation] Verify login with deleted Redfish readonly user.
[Tags] Verify_Login_with_Deleted_Redfish_Readonly_User
[Template] Verify Login with Deleted Redfish User
#username password role_id enabled
readonly_user TestPwd123 ReadOnly ${True}
Verify Admin User Creation Without Enabling It
[Documentation] Verify admin user creation without enabling it.
[Tags] Verify_Admin_User_Creation_Without_Enabling_It
[Template] Verify Create User Without Enabling
#username password role_id enabled
admin_user TestPwd123 Administrator ${False}
Verify Operator User Creation Without Enabling It
[Documentation] Verify operator user creation without enabling it.
[Tags] Verify_Operator_User_Creation_Without_Enabling_It
[Template] Verify Create User Without Enabling
#username password role_id enabled
operator_user TestPwd123 Operator ${False}
Verify Readonly User Creation Without Enabling It
[Documentation] Verify readonly user creation without enabling it.
[Tags] Verify_Readonly_User_Creation_Without_Enabling_It
[Template] Verify Create User Without Enabling
#username password role_id enabled
readonly_user TestPwd123 ReadOnly ${False}
Verify User Creation With Invalid Role Id
[Documentation] Verify user creation with invalid role ID.
[Tags] Verify_User_Creation_With_Invalid_Role_Id
# Make sure the user account in question does not already exist.
Redfish.Delete /redfish/v1/AccountService/Accounts/test_user
... valid_status_codes=[${HTTP_OK}, ${HTTP_NOT_FOUND}]
# Create specified user.
${payload}= Create Dictionary
... UserName=test_user Password=TestPwd123 RoleId=wrongroleid Enabled=${True}
Redfish.Post /redfish/v1/AccountService/Accounts/ body=&{payload}
... valid_status_codes=[${HTTP_BAD_REQUEST}]
Verify Error Upon Creating Same Users With Different Privileges
[Documentation] Verify error upon creating same users with different privileges.
[Tags] Verify_Error_Upon_Creating_Same_Users_With_Different_Privileges
Redfish Create User test_user TestPwd123 Administrator ${True}
# Create specified user.
${payload}= Create Dictionary
... UserName=test_user Password=TestPwd123 RoleId=ReadOnly Enabled=${True}
Redfish.Post /redfish/v1/AccountService/Accounts/ body=&{payload}
... valid_status_codes=[${HTTP_BAD_REQUEST}]
Redfish.Delete /redfish/v1/AccountService/Accounts/test_user
Verify Modifying User Attributes
[Documentation] Verify modifying user attributes.
[Tags] Verify_Modifying_User_Attributes
# Create Redfish users.
Redfish Create User admin_user TestPwd123 Administrator ${True}
Redfish Create User readonly_user TestPwd123 ReadOnly ${True}
# Make sure the new user account does not already exist.
Redfish.Delete /redfish/v1/AccountService/Accounts/newadmin_user
... valid_status_codes=[${HTTP_OK}, ${HTTP_NOT_FOUND}]
# Update admin_user username using Redfish.
${payload}= Create Dictionary UserName=newadmin_user
Redfish.Patch /redfish/v1/AccountService/Accounts/admin_user body=&{payload}
# Update readonly_user role using Redfish.
${payload}= Create Dictionary RoleId=Administrator
Redfish.Patch /redfish/v1/AccountService/Accounts/readonly_user body=&{payload}
# Verify users after updating
Redfish Verify User newadmin_user TestPwd123 Administrator ${True}
Redfish Verify User readonly_user TestPwd123 Administrator ${True}
# Delete created users.
Redfish.Delete /redfish/v1/AccountService/Accounts/newadmin_user
Redfish.Delete /redfish/v1/AccountService/Accounts/readonly_user
Verify Modifying Operator User Attributes
[Documentation] Verify modifying operator user attributes.
[Tags] Verify_Modifying_Operator_User_Attributes
[Setup] Run Keywords Redfish.Login AND
... Redfish Create User operator_user TestPwd123 Operator ${True}
[Teardown] Run Keywords Redfish.Delete /redfish/v1/AccountService/Accounts/operator_user
... AND Test Teardown Execution
# Update operator_user password using Redfish.
${payload}= Create Dictionary Password=NewTestPwd123
Redfish.Patch /redfish/v1/AccountService/Accounts/operator_user body=&{payload}
# Verify users after updating
Redfish Verify User operator_user NewTestPwd123 Operator ${True}
Verify User Account Locked
[Documentation] Verify user account locked upon trying with invalid password.
[Tags] Verify_User_Account_Locked
Redfish Create User admin_user TestPwd123 Administrator ${True}
${payload}= Create Dictionary AccountLockoutThreshold=${account_lockout_threshold}
... AccountLockoutDuration=${account_lockout_duration}
Redfish.Patch ${REDFISH_ACCOUNTS_SERVICE_URI} body=${payload}
Redfish.Logout
# Make ${account_lockout_threshold} failed login attempts.
Repeat Keyword ${account_lockout_threshold} times
... Run Keyword And Expect Error InvalidCredentialsError* Redfish.Login admin_user abc123
# Verify that legitimate login fails due to lockout.
Run Keyword And Expect Error InvalidCredentialsError*
... Redfish.Login admin_user TestPwd123
# Wait for lockout duration to expire and then verify that login works.
Sleep ${account_lockout_duration}s
Redfish.Login admin_user TestPwd123
Redfish.Logout
Redfish.Login
Redfish.Delete /redfish/v1/AccountService/Accounts/admin_user
Verify User Account Unlock
[Documentation] Verify manually unlocking the account before lockout time
[Tags] Verify_User_Account_Unlock
[Teardown] Run Keywords Redfish.Logout
... AND Redfish.Login
... AND Redfish.Delete /redfish/v1/AccountService/Accounts/test_user
... AND SSHLibrary.Close All Connections
Redfish Create User test_user TestPwd123 Administrator ${True}
${payload}= Create Dictionary
... AccountLockoutThreshold=${account_lockout_threshold}
... AccountLockoutDuration=${account_lockout_duration}
Redfish.Patch ${REDFISH_ACCOUNTS_SERVICE_URI} body=${payload}
Redfish.Logout
# Make ${account_lockout_threshold} failed login attempts.
Repeat Keyword ${account_lockout_threshold} times
... Run Keyword And Expect Error InvalidCredentialsError*
... Redfish.Login test_user abc123
# Ensure SSH Login with locked account gets failed
SSHLibrary.Open Connection ${OPENBMC_HOST}
Run Keyword And Expect Error Authentication failed*
... SSHLibrary.Login test_user TestPwd123
# Verify that legitimate login fails due to lockout.
Run Keyword And Expect Error InvalidCredentialsError*
... Redfish.Login test_user TestPwd123
${payload}= Create Dictionary Locked=${FALSE}
# Manually unlock the account before lockout threshold expires
Redfish.Login
Redfish.Patch ${REDFISH_ACCOUNTS_URI}test_user body=${payload}
Redfish.Logout
# Try redfish login with the recently unlocked account
Redfish.Login test_user TestPwd123
# Try SSH login with the unlocked account
SSHLibrary.Open Connection ${OPENBMC_HOST}
SSHLibrary.Login test_user TestPwd123
Verify Admin User Privilege
[Documentation] Verify admin user privilege.
[Tags] Verify_Admin_User_Privilege
Redfish Create User admin_user TestPwd123 Administrator ${True}
Redfish Create User readonly_user TestPwd123 ReadOnly ${True}
Redfish.Logout
Redfish.Login admin_user TestPwd123
# Change password of 'readonly' user with admin user.
Redfish.Patch /redfish/v1/AccountService/Accounts/readonly_user body={'Password': 'NewTestPwd123'}
# Verify modified user.
Redfish Verify User readonly_user NewTestPwd123 ReadOnly ${True}
# Note: Delete user would work here because a root login is
# performed as part of "Redfish Verify User" keyword's teardown.
Redfish.Delete /redfish/v1/AccountService/Accounts/admin_user
Redfish.Delete /redfish/v1/AccountService/Accounts/readonly_user
Verify Operator User Role Change Using Admin Privilege User
[Documentation] Verify operator user role change using admin privilege user
[Tags] Verify_Operator_User_Role_Change_Using_Admin_Privilege_User
Redfish Create User admin_user TestPwd123 Administrator ${True}
Redfish Create User operator_user TestPwd123 Operator ${True}
Redfish.Logout
# Change role ID of operator user with admin user.
# Login with admin user.
Redfish.Login admin_user TestPwd123
# Modify Role ID of Operator user.
Redfish.Patch /redfish/v1/AccountService/Accounts/operator_user body={'RoleId': 'Administrator'}
# Verify modified user.
Redfish Verify User operator_user TestPwd123 Administrator ${True}
Redfish.Delete /redfish/v1/AccountService/Accounts/admin_user
Redfish.Delete /redfish/v1/AccountService/Accounts/operator_user
Verify Operator User Privilege
[Documentation] Verify operator user privilege.
[Tags] Verify_Operator_User_Privilege
Redfish Create User admin_user TestPwd123 Administrator ${True}
Redfish Create User operator_user TestPwd123 Operator ${True}
Redfish.Logout
# Login with operator user.
Redfish.Login operator_user TestPwd123
# Verify BMC reset.
Run Keyword And Expect Error ValueError* Redfish BMC Reset Operation
# Attempt to change password of admin user with operator user.
Redfish.Patch /redfish/v1/AccountService/Accounts/admin_user body={'Password': 'NewTestPwd123'}
... valid_status_codes=[${HTTP_FORBIDDEN}]
Redfish.Logout
Redfish.Login
Redfish.Delete /redfish/v1/AccountService/Accounts/admin_user
Redfish.Delete /redfish/v1/AccountService/Accounts/operator_user
Verify ReadOnly User Privilege
[Documentation] Verify ReadOnly user privilege.
[Tags] Verify_ReadOnly_User_Privilege
Redfish Create User readonly_user TestPwd123 ReadOnly ${True}
Redfish.Logout
# Login with read_only user.
Redfish.Login readonly_user TestPwd123
# Read system level data.
${system_model}= Redfish_Utils.Get Attribute
... ${SYSTEM_BASE_URI} Model
Redfish.Logout
Redfish.Login
Redfish.Delete ${REDFISH_ACCOUNTS_URI}readonly_user
Verify Minimum Password Length For Redfish User
[Documentation] Verify minimum password length for new and existing user.
[Tags] Verify_Minimum_Password_Length_For_Redfish_User
${user_name}= Set Variable testUser
# Make sure the user account in question does not already exist.
Redfish.Delete /redfish/v1/AccountService/Accounts/${user_name}
... valid_status_codes=[${HTTP_OK}, ${HTTP_NOT_FOUND}]
# Try to create a user with invalid length password.
${payload}= Create Dictionary
... UserName=${user_name} Password=UserPwd RoleId=Administrator Enabled=${True}
Redfish.Post /redfish/v1/AccountService/Accounts/ body=&{payload}
... valid_status_codes=[${HTTP_BAD_REQUEST}]
# Create specified user with valid length password.
Set To Dictionary ${payload} Password UserPwd1
Redfish.Post /redfish/v1/AccountService/Accounts/ body=&{payload}
... valid_status_codes=[${HTTP_CREATED}]
# Try to change to an invalid password.
Redfish.Patch /redfish/v1/AccountService/Accounts/${user_name} body={'Password': 'UserPwd'}
... valid_status_codes=[${HTTP_BAD_REQUEST}]
# Change to a valid password.
Redfish.Patch /redfish/v1/AccountService/Accounts/${user_name} body={'Password': 'UserPwd1'}
# Verify login.
Redfish.Logout
Redfish.Login ${user_name} UserPwd1
Redfish.Logout
Redfish.Login
Redfish.Delete /redfish/v1/AccountService/Accounts/${user_name}
Verify Standard User Roles Defined By Redfish
[Documentation] Verify standard user roles defined by Redfish.
[Tags] Verify_Standard_User_Roles_Defined_By_Redfish
${member_list}= Redfish_Utils.Get Member List
... /redfish/v1/AccountService/Roles
@{roles}= Create List
... /redfish/v1/AccountService/Roles/Administrator
... /redfish/v1/AccountService/Roles/Operator
... /redfish/v1/AccountService/Roles/ReadOnly
List Should Contain Sub List ${member_list} ${roles}
# The standard roles are:
# | Role name | Assigned privileges |
# | Administrator | Login, ConfigureManager, ConfigureUsers, ConfigureComponents, ConfigureSelf |
# | Operator | Login, ConfigureComponents, ConfigureSelf |
# | ReadOnly | Login, ConfigureSelf |
@{admin}= Create List Login ConfigureManager ConfigureUsers ConfigureComponents ConfigureSelf
@{operator}= Create List Login ConfigureComponents ConfigureSelf
@{readOnly}= Create List Login ConfigureSelf
${roles_dict}= create dictionary admin_privileges=${admin} operator_privileges=${operator}
... readOnly_privileges=${readOnly}
${resp}= redfish.Get /redfish/v1/AccountService/Roles/Administrator
List Should Contain Sub List ${resp.dict['AssignedPrivileges']} ${roles_dict['admin_privileges']}
${resp}= redfish.Get /redfish/v1/AccountService/Roles/Operator
List Should Contain Sub List ${resp.dict['AssignedPrivileges']} ${roles_dict['operator_privileges']}
${resp}= redfish.Get /redfish/v1/AccountService/Roles/ReadOnly
List Should Contain Sub List ${resp.dict['AssignedPrivileges']} ${roles_dict['readOnly_privileges']}
Verify Error While Deleting Root User
[Documentation] Verify error while deleting root user.
[Tags] Verify_Error_While_Deleting_Root_User
Redfish.Delete /redfish/v1/AccountService/Accounts/root valid_status_codes=[${HTTP_FORBIDDEN}]
Verify SSH Login Access With Admin User
[Documentation] Verify that admin user have SSH login access.
... By default, admin should have access but there could be
... case where admin user shell access is restricted by design
... in the community sphere..
[Tags] Verify_SSH_Login_Access_With_Admin_User
# Create an admin User.
Redfish Create User new_admin TestPwd1 Administrator ${True}
# Attempt SSH login with admin user.
SSHLibrary.Open Connection ${OPENBMC_HOST}
${status}= Run Keyword And Return Status SSHLibrary.Login new_admin TestPwd1
# By default ssh_status is True, user can change the status via CLI
# -v ssh_status:False
Should Be Equal As Strings "${status}" "${ssh_status}"
Redfish.Login
Redfish.Delete /redfish/v1/AccountService/Accounts/new_admin
Verify Configure BasicAuth Enable And Disable
[Documentation] Verify configure basicauth enable and disable
[Tags] Verify_Configure_BasicAuth_Enable_And_Disable
[Template] Template For Configure Auth Methods
# auth_method
BasicAuth
XToken
*** Keywords ***
Test Teardown Execution
[Documentation] Do the post test teardown.
Run Keyword And Ignore Error Redfish.Logout
FFDC On Test Case Fail
Redfish Create User
[Documentation] Redfish create user.
[Arguments] ${username} ${password} ${role_id} ${enabled} ${login_check}=${True}
# Description of argument(s):
# username The username to be created.
# password The password to be assigned.
# role_id The role ID of the user to be created
# (e.g. "Administrator", "Operator", etc.).
# enabled Indicates whether the username being created
# should be enabled (${True}, ${False}).
# login_check Checks user login for created user.
# (e.g. ${True}, ${False}).
# Make sure the user account in question does not already exist.
Redfish.Delete /redfish/v1/AccountService/Accounts/${userName}
... valid_status_codes=[${HTTP_OK}, ${HTTP_NOT_FOUND}]
# Create specified user.
${payload}= Create Dictionary
... UserName=${username} Password=${password} RoleId=${role_id} Enabled=${enabled}
Redfish.Post /redfish/v1/AccountService/Accounts/ body=&{payload}
... valid_status_codes=[${HTTP_CREATED}]
# Resetting faillock count as a workaround for issue
# openbmc/phosphor-user-manager#4
${cmd}= Catenate test -f /usr/sbin/faillock && /usr/sbin/faillock --user USER --reset
... || /usr/sbin/pam_tally2 -u ${username} --reset
Bmc Execute Command ${cmd}
# Verify login with created user.
${status}= Run Keyword If '${login_check}' == '${True}'
... Verify Redfish User Login ${username} ${password}
Run Keyword If '${login_check}' == '${True}' Should Be Equal ${status} ${enabled}
# Validate Role ID of created user.
${role_config}= Redfish_Utils.Get Attribute
... /redfish/v1/AccountService/Accounts/${username} RoleId
Should Be Equal ${role_id} ${role_config}
Redfish Verify User
[Documentation] Redfish user verification.
[Arguments] ${username} ${password} ${role_id} ${enabled}
# Description of argument(s):
# username The username to be created.
# password The password to be assigned.
# role_id The role ID of the user to be created
# (e.g. "Administrator", "Operator", etc.).
# enabled Indicates whether the username being created
# should be enabled (${True}, ${False}).
${status}= Verify Redfish User Login ${username} ${password}
# Doing a check of the returned status.
Should Be Equal ${status} ${enabled}
# Validate Role Id of user.
${role_config}= Redfish_Utils.Get Attribute
... /redfish/v1/AccountService/Accounts/${username} RoleId
Should Be Equal ${role_id} ${role_config}
Verify Redfish User Login
[Documentation] Verify Redfish login with given user id.
[Teardown] Run Keywords Run Keyword And Ignore Error Redfish.Logout AND Redfish.Login
[Arguments] ${username} ${password}
# Description of argument(s):
# username Login username.
# password Login password.
# Logout from current Redfish session.
# We don't really care if the current session is flushed out since we are going to login
# with new credential in next.
Run Keyword And Ignore Error Redfish.Logout
${status}= Run Keyword And Return Status Redfish.Login ${username} ${password}
[Return] ${status}
Redfish Create And Verify User
[Documentation] Redfish create and verify user.
[Arguments] ${username} ${password} ${role_id} ${enabled}
# Description of argument(s):
# username The username to be created.
# password The password to be assigned.
# role_id The role ID of the user to be created
# (e.g. "Administrator", "Operator", etc.).
# enabled Indicates whether the username being created
# should be enabled (${True}, ${False}).
# Example:
#{
#"@odata.context": "/redfish/v1/$metadata#ManagerAccount.ManagerAccount",
#"@odata.id": "/redfish/v1/AccountService/Accounts/test1",
#"@odata.type": "#ManagerAccount.v1_0_3.ManagerAccount",
#"Description": "User Account",
#"Enabled": true,
#"Id": "test1",
#"Links": {
# "Role": {
# "@odata.id": "/redfish/v1/AccountService/Roles/Administrator"
# }
#},
Redfish Create User ${username} ${password} ${role_id} ${enabled}
Redfish Verify User ${username} ${password} ${role_id} ${enabled}
# Delete Specified User
Redfish.Delete /redfish/v1/AccountService/Accounts/${username}
Verify Redfish User with Wrong Password
[Documentation] Verify Redfish User with Wrong Password.
[Arguments] ${username} ${password} ${role_id} ${enabled} ${wrong_password}
# Description of argument(s):
# username The username to be created.
# password The password to be assigned.
# role_id The role ID of the user to be created
# (e.g. "Administrator", "Operator", etc.).
# enabled Indicates whether the username being created
# should be enabled (${True}, ${False}).
# wrong_password Any invalid password.
Redfish Create User ${username} ${password} ${role_id} ${enabled}
Redfish.Logout
# Attempt to login with created user with invalid password.
Run Keyword And Expect Error InvalidCredentialsError*
... Redfish.Login ${username} ${wrong_password}
Redfish.Login
# Delete newly created user.
Redfish.Delete /redfish/v1/AccountService/Accounts/${username}
Verify Login with Deleted Redfish User
[Documentation] Verify Login with Deleted Redfish User.
[Arguments] ${username} ${password} ${role_id} ${enabled}
# Description of argument(s):
# username The username to be created.
# password The password to be assigned.
# role_id The role ID of the user to be created
# (e.g. "Administrator", "Operator", etc.).
# enabled Indicates whether the username being created
# should be enabled (${True}, ${False}).
Redfish Create User ${username} ${password} ${role_id} ${enabled}
# Delete newly created user.
Redfish.Delete /redfish/v1/AccountService/Accounts/${userName}
Redfish.Logout
# Attempt to login with deleted user account.
Run Keyword And Expect Error InvalidCredentialsError*
... Redfish.Login ${username} ${password}
Redfish.Login
Verify Create User Without Enabling
[Documentation] Verify Create User Without Enabling.
[Arguments] ${username} ${password} ${role_id} ${enabled}
# Description of argument(s):
# username The username to be created.
# password The password to be assigned.
# role_id The role ID of the user to be created
# (e.g. "Administrator", "Operator", etc.).
# enabled Indicates whether the username being created
# should be enabled (${True}, ${False}).
Redfish Create User ${username} ${password} ${role_id} ${enabled} ${False}
Redfish.Logout
# Login with created user.
Run Keyword And Expect Error InvalidCredentialsError*
... Redfish.Login ${username} ${password}
Redfish.Login
# Delete newly created user.
Redfish.Delete /redfish/v1/AccountService/Accounts/${username}
Template For Configure Auth Methods
[Documentation] Template to configure auth methods.
[Arguments] ${auth_method}
[Teardown] Configure AuthMethods ${auth_method}=${initial_value}
# Description of Argument(s):
# authmethods The authmethod setting which needs to be
# set in account service URI.
# valid values BasicAuth, XToken.
Get AuthMethods Default Values ${auth_method}
# Patch basicauth to TRUE
Configure AuthMethods ${auth_method}=${TRUE}
Run Keyword IF "${auth_method}" == "XToken"
... Check XToken Works Fine ${HTTP_OK}
... ELSE
... Check BasicAuth Works Fine ${HTTP_OK}
# Patch basicauth to FALSE
Configure AuthMethods ${auth_method}=${FALSE}
Run Keyword IF "${auth_method}" == "BasicAuth"
... Check BasicAuth Works Fine ${HTTP_UNAUTHORIZED}
... ELSE
... Check XToken Works Fine ${HTTP_UNAUTHORIZED}
Configure AuthMethods
[Documentation] Enable/disable authmethod types.
[Arguments] &{authmethods}
# Description of argument(s):
# authmethods The authmethod setting which needs to be
# set in account service URI.
# Usage Example Configure AuthMethods XToken=${TRUE} BasicAuth=${TRUE}
# This will set the value of "XToken" and "BasicAuth"
# property in accountservice uri to TRUE.
${openbmc}= Create Dictionary AuthMethods=${authmethods}
${oem}= Create Dictionary OpenBMC=${openbmc}
${payload}= Create Dictionary Oem=${oem}
# Setting authmethod properties using Redfish session based auth
${status}= Run Keyword And Return Status
... Redfish.Patch ${REDFISH_BASE_URI}AccountService
... body=${payload} valid_status_codes=[${HTTP_OK},${HTTP_NO_CONTENT}]
# Setting authmethod properties using basic auth in case the former fails
IF ${status}==${FALSE}
# Payload dictionary pre-process to match json formatting
${payload}= Convert To String ${payload}
${payload}= Replace String ${payload} ' "
${payload}= Replace String ${payload} False false
${payload}= Replace String ${payload} True true
# Curl Command Framing for PATCH authmethod
${cmd}= Catenate curl -k -i -u ${OPENBMC_USERNAME}:${OPENBMC_PASSWORD}
... -X PATCH '${AUTH_URI}${REDFISH_ACCOUNTS_SERVICE_URI}'
... -H 'content-type:application/json' -H 'If-Match:*'
... -d '${payload}'
${rc} ${out}= Run And Return Rc And Output ${cmd}
# Check the response of curl command is 200 or 204
${check_no_content}=
... Run Keyword and Return Status Should Contain ${out} 204
${check_ok}=
... Run Keyword and Return Status Should Contain ${out} 200
Pass Execution If ${check_no_content}==${TRUE}
... OR ${check_ok}==${TRUE}
END
Get AuthMethods Default Values
[Documentation] Get enabled/disabled status of all authmethods
... from Redfish account service URI
[Arguments] ${authmethod}
# Description of argument(s):
# authmethod The authmethod property whose value needs to be
# retrieved from account service URI.
# Usage Example Get AuthMethods Default Values BasicAuth
# returns >> ${TRUE}
# Example:
# {
# "@odata.id": "/redfish/v1/AccountService",
# (...)
# "Oem": {
# "OpenBMC": {
# "AuthMethods": {
# "BasicAuth": true,
# "Cookie": true,
# "SessionToken": true,
# "TLS": true,
# "XToken": true
# }
# }
# }
# }
${resp}= Redfish.Get Attribute ${REDFISH_ACCOUNTS_SERVICE_URI} Oem
${authmethods}= Set Variable ${resp['OpenBMC']['AuthMethods']}
${initial_value}= Get From Dictionary ${authmethods} ${authmethod}
Set Test Variable ${initial_value}
Check XToken Works Fine
[Documentation] Verify Xtoken works fine.
[Arguments] ${status_code}
# Description of Argument(s):
# status_code : 200, 401.
# Verify xtoken auth works for xtoken
Redfish.Get ${REDFISH_ACCOUNTS_SERVICE_URI}
... valid_status_codes=[${status_code}]
Check BasicAuth Works Fine
[Documentation] Verify Basic Auth works fine.
[Arguments] ${status_code}
# Description of Argument(s):
# status_code : 200, 401.
# Verify basic auth works based on basic auth.
${cmd}= Catenate curl -k -i -u ${OPENBMC_USERNAME}:${OPENBMC_PASSWORD}
... ${AUTH_URI}/redfish/v1/AccountService
${rc} ${out}= Run And Return Rc And Output ${cmd}
# Check the response of curl command is 200/401
Should Contain ${out} ${status_code}