blob: 56543154038745d069cb0bd3fd4398c8cc78a011 [file] [log] [blame]
Sivas SRR6aa101f2019-02-19 22:31:55 -06001*** Settings ***
2Documentation Test Redfish user account.
3
4Resource ../../lib/resource.robot
5Resource ../../lib/bmc_redfish_resource.robot
6Resource ../../lib/openbmc_ffdc.robot
Anusha Dathatrie0dddcf2020-06-18 05:23:16 -05007Resource ../../lib/bmc_redfish_utils.robot
Sivas SRR6aa101f2019-02-19 22:31:55 -06008
manashsarma654cbc12021-09-23 02:28:12 -05009Library SSHLibrary
10
Anusha Dathatrie0dddcf2020-06-18 05:23:16 -050011Test Setup Redfish.Login
Sivas SRR6aa101f2019-02-19 22:31:55 -060012Test Teardown Test Teardown Execution
13
Sandhya Somashekar37122b62019-06-18 06:02:02 -050014*** Variables ***
15
16${account_lockout_duration} ${30}
17${account_lockout_threshold} ${3}
18
Sivas SRR6aa101f2019-02-19 22:31:55 -060019** Test Cases **
20
21Verify AccountService Available
Sivas SRRfa6831c2019-02-22 00:12:00 -060022 [Documentation] Verify Redfish account service is available.
Sivas SRR6aa101f2019-02-19 22:31:55 -060023 [Tags] Verify_AccountService_Available
24
George Keishing97c93942019-03-04 12:45:07 -060025 ${resp} = Redfish_utils.Get Attribute /redfish/v1/AccountService ServiceEnabled
Sivas SRR6aa101f2019-02-19 22:31:55 -060026 Should Be Equal As Strings ${resp} ${True}
27
Rahul Maheshwarid0aa72b2022-08-23 06:44:07 -050028
29Verify Redfish Admin User Persistence After Reboot
30 [Documentation] Verify Redfish admin user persistence after reboot.
31 [Tags] Verify_Redfish_Admin_User_Persistence_After_Reboot
32 [Setup] Run Keywords Redfish.Login AND
33 ... Redfish Create User admin_user TestPwd123 Administrator ${True}
34 [Teardown] Run Keywords Redfish.Delete /redfish/v1/AccountService/Accounts/admin_user
35 ... AND Test Teardown Execution
Sandhya Somashekara83fb472019-08-29 02:26:21 -050036
37 # Reboot BMC.
38 Redfish OBMC Reboot (off) stack_mode=normal
Sandhya Somashekara83fb472019-08-29 02:26:21 -050039
40 # Verify users after reboot.
41 Redfish Verify User admin_user TestPwd123 Administrator ${True}
Rahul Maheshwarid0aa72b2022-08-23 06:44:07 -050042
43
44Verify Redfish Operator User Persistence After Reboot
45 [Documentation] Verify Redfish operator user persistence after reboot.
46 [Tags] Verify_Redfish_Operator_User_Persistence_After_Reboot
47 [Setup] Run Keywords Redfish.Login AND
48 ... Redfish Create User operator_user TestPwd123 Operator ${True}
49 [Teardown] Run Keywords Redfish.Delete /redfish/v1/AccountService/Accounts/operator_user
50 ... AND Test Teardown Execution
51
52 # Reboot BMC.
53 Redfish OBMC Reboot (off) stack_mode=normal
54
55 # Verify users after reboot.
Sandhya Somashekara83fb472019-08-29 02:26:21 -050056 Redfish Verify User operator_user TestPwd123 Operator ${True}
Rahul Maheshwarid0aa72b2022-08-23 06:44:07 -050057
58
59Verify Redfish Readonly User Persistence After Reboot
60 [Documentation] Verify Redfish readonly user persistence after reboot.
61 [Tags] Verify_Redfish_Readonly_User_Persistence_After_Reboot
62 [Setup] Run Keywords Redfish.Login AND
63 ... Redfish Create User readonly_user TestPwd123 ReadOnly ${True}
64 [Teardown] Run Keywords Redfish.Delete /redfish/v1/AccountService/Accounts/readonly_user
65 ... AND Test Teardown Execution
66
67 # Reboot BMC.
68 Redfish OBMC Reboot (off) stack_mode=normal
69
70 # Verify users after reboot.
Anusha Dathatri4062b442020-02-03 04:39:15 -060071 Redfish Verify User readonly_user TestPwd123 ReadOnly ${True}
Sandhya Somashekara83fb472019-08-29 02:26:21 -050072
Sandhya Somashekara83fb472019-08-29 02:26:21 -050073
Rahul Maheshwaricbc4c0b2022-04-25 05:29:25 -050074Redfish Create and Verify Admin User
75 [Documentation] Create a Redfish user with administrator role and verify.
George Keishingf5176902022-05-12 04:23:59 -050076 [Tags] Redfish_Create_and_Verify_Admin_User
Sandhya Somashekar00f59cc2019-03-05 03:39:47 -060077 [Template] Redfish Create And Verify User
78
Sandhya Somashekare92b1e62019-04-25 05:27:45 -050079 #username password role_id enabled
Sandhya Somashekaraa280aa2019-04-01 04:15:06 -050080 admin_user TestPwd123 Administrator ${True}
Rahul Maheshwaricbc4c0b2022-04-25 05:29:25 -050081
82
83Redfish Create and Verify Operator User
84 [Documentation] Create a Redfish user with operator role and verify.
85 [Tags] Redfish_Create_and_Verify_Operator_User
86 [Template] Redfish Create And Verify User
87
88 #username password role_id enabled
Sandhya Somashekaraa280aa2019-04-01 04:15:06 -050089 operator_user TestPwd123 Operator ${True}
Rahul Maheshwaricbc4c0b2022-04-25 05:29:25 -050090
91
92Redfish Create and Verify Readonly User
93 [Documentation] Create a Redfish user with readonly role and verify.
94 [Tags] Redfish_Create_and_Verify_Readonly_User
95 [Template] Redfish Create And Verify User
96
97 #username password role_id enabled
Anusha Dathatri4062b442020-02-03 04:39:15 -060098 readonly_user TestPwd123 ReadOnly ${True}
Sivas SRR6aa101f2019-02-19 22:31:55 -060099
Rahul Maheshwaricbc4c0b2022-04-25 05:29:25 -0500100
101Verify Redfish Admin User With Wrong Password
102 [Documentation] Verify Redfish admin user with wrong password.
103 [Tags] Verify_Redfish_Admin_User_With_Wrong_Password
Sandhya Somashekar33aa48c2019-03-13 05:54:49 -0500104 [Template] Verify Redfish User with Wrong Password
105
Sandhya Somashekare92b1e62019-04-25 05:27:45 -0500106 #username password role_id enabled wrong_password
Sandhya Somashekaraa280aa2019-04-01 04:15:06 -0500107 admin_user TestPwd123 Administrator ${True} alskjhfwurh
Rahul Maheshwaricbc4c0b2022-04-25 05:29:25 -0500108
109
110Verify Redfish Operator User with Wrong Password
111 [Documentation] Verify Redfish operator user with wrong password.
112 [Tags] Verify_Redfish_Operator_User_with_Wrong_Password
113 [Template] Verify Redfish User with Wrong Password
114
115 #username password role_id enabled wrong_password
Sandhya Somashekaraa280aa2019-04-01 04:15:06 -0500116 operator_user TestPwd123 Operator ${True} 12j8a8uakjhdaosiruf024
Rahul Maheshwaricbc4c0b2022-04-25 05:29:25 -0500117
118
119Verify Redfish Readonly User With Wrong Password
120 [Documentation] Verify Redfish readonly user with wrong password.
121 [Tags] Verify_Redfish_Readonly_User_With_Wrong_Password
122 [Template] Verify Redfish User with Wrong Password
123
124 #username password role_id enabled wrong_password
Anusha Dathatri4062b442020-02-03 04:39:15 -0600125 readonly_user TestPwd123 ReadOnly ${True} 12
Sandhya Somashekar33aa48c2019-03-13 05:54:49 -0500126
Rahul Maheshwaricbc4c0b2022-04-25 05:29:25 -0500127
Rahul Maheshwaricbc4c0b2022-04-25 05:29:25 -0500128Verify Login with Deleted Redfish Admin User
129 [Documentation] Verify login with deleted Redfish admin user.
130 [Tags] Verify_Login_with_Deleted_Redfish_Admin_User
Sandhya Somashekaraf402ca2019-03-18 05:59:19 -0500131 [Template] Verify Login with Deleted Redfish User
132
Sandhya Somashekare92b1e62019-04-25 05:27:45 -0500133 #username password role_id enabled
Sandhya Somashekaraa280aa2019-04-01 04:15:06 -0500134 admin_user TestPwd123 Administrator ${True}
Rahul Maheshwaricbc4c0b2022-04-25 05:29:25 -0500135
136
137Verify Login with Deleted Redfish Operator User
138 [Documentation] Verify login with deleted Redfish operator user.
139 [Tags] Verify_Login_with_Deleted_Redfish_Operator_User
140 [Template] Verify Login with Deleted Redfish User
141
142 #username password role_id enabled
Sandhya Somashekaraa280aa2019-04-01 04:15:06 -0500143 operator_user TestPwd123 Operator ${True}
Rahul Maheshwaricbc4c0b2022-04-25 05:29:25 -0500144
145
146Verify Login with Deleted Redfish Readonly User
147 [Documentation] Verify login with deleted Redfish readonly user.
148 [Tags] Verify_Login_with_Deleted_Redfish_Readonly_User
149 [Template] Verify Login with Deleted Redfish User
150
151 #username password role_id enabled
Anusha Dathatri4062b442020-02-03 04:39:15 -0600152 readonly_user TestPwd123 ReadOnly ${True}
Sandhya Somashekaraf402ca2019-03-18 05:59:19 -0500153
Rahul Maheshwaricbc4c0b2022-04-25 05:29:25 -0500154
155Verify Admin User Creation Without Enabling It
156 [Documentation] Verify admin user creation without enabling it.
157 [Tags] Verify_Admin_User_Creation_Without_Enabling_It
Sandhya Somashekare92b1e62019-04-25 05:27:45 -0500158 [Template] Verify Create User Without Enabling
Sandhya Somashekaraa280aa2019-04-01 04:15:06 -0500159
Sandhya Somashekare92b1e62019-04-25 05:27:45 -0500160 #username password role_id enabled
Sandhya Somashekaraa280aa2019-04-01 04:15:06 -0500161 admin_user TestPwd123 Administrator ${False}
Rahul Maheshwaricbc4c0b2022-04-25 05:29:25 -0500162
163
164Verify Operator User Creation Without Enabling It
165 [Documentation] Verify operator user creation without enabling it.
166 [Tags] Verify_Operator_User_Creation_Without_Enabling_It
167 [Template] Verify Create User Without Enabling
168
169 #username password role_id enabled
Sandhya Somashekaraa280aa2019-04-01 04:15:06 -0500170 operator_user TestPwd123 Operator ${False}
Rahul Maheshwaricbc4c0b2022-04-25 05:29:25 -0500171
172
173Verify Readonly User Creation Without Enabling It
174 [Documentation] Verify readonly user creation without enabling it.
175 [Tags] Verify_Readonly_User_Creation_Without_Enabling_It
176 [Template] Verify Create User Without Enabling
177
178 #username password role_id enabled
Anusha Dathatri4062b442020-02-03 04:39:15 -0600179 readonly_user TestPwd123 ReadOnly ${False}
Sandhya Somashekaraa280aa2019-04-01 04:15:06 -0500180
Rahul Maheshwaricbc4c0b2022-04-25 05:29:25 -0500181
Sandhya Somashekare92b1e62019-04-25 05:27:45 -0500182Verify User Creation With Invalid Role Id
Sandhya Somashekard7d46c02019-06-26 05:10:25 -0500183 [Documentation] Verify user creation with invalid role ID.
Sandhya Somashekare92b1e62019-04-25 05:27:45 -0500184 [Tags] Verify_User_Creation_With_Invalid_Role_Id
185
186 # Make sure the user account in question does not already exist.
Anusha Dathatri466816f2020-01-30 05:12:36 -0600187 Redfish.Delete /redfish/v1/AccountService/Accounts/test_user
Sandhya Somashekare92b1e62019-04-25 05:27:45 -0500188 ... valid_status_codes=[${HTTP_OK}, ${HTTP_NOT_FOUND}]
189
190 # Create specified user.
191 ${payload}= Create Dictionary
192 ... UserName=test_user Password=TestPwd123 RoleId=wrongroleid Enabled=${True}
Anusha Dathatri466816f2020-01-30 05:12:36 -0600193 Redfish.Post /redfish/v1/AccountService/Accounts/ body=&{payload}
Sandhya Somashekare92b1e62019-04-25 05:27:45 -0500194 ... valid_status_codes=[${HTTP_BAD_REQUEST}]
195
Sandhya Somashekar8c5b2492019-05-16 05:19:03 -0500196Verify Error Upon Creating Same Users With Different Privileges
197 [Documentation] Verify error upon creating same users with different privileges.
198 [Tags] Verify_Error_Upon_Creating_Same_Users_With_Different_Privileges
199
200 Redfish Create User test_user TestPwd123 Administrator ${True}
201
202 # Create specified user.
203 ${payload}= Create Dictionary
Nandish-Matti232a6f02023-04-07 05:54:32 -0500204 ... UserName=test_user Password=TestPwd123 RoleId=ReadOnly Enabled=${True}
Anusha Dathatri466816f2020-01-30 05:12:36 -0600205 Redfish.Post /redfish/v1/AccountService/Accounts/ body=&{payload}
Sandhya Somashekar8c5b2492019-05-16 05:19:03 -0500206 ... valid_status_codes=[${HTTP_BAD_REQUEST}]
207
Anusha Dathatri466816f2020-01-30 05:12:36 -0600208 Redfish.Delete /redfish/v1/AccountService/Accounts/test_user
Sandhya Somashekar8c5b2492019-05-16 05:19:03 -0500209
Rahul Maheshwari124ebef2022-08-23 12:06:59 -0500210
Sandhya Somashekar8c5b2492019-05-16 05:19:03 -0500211Verify Modifying User Attributes
212 [Documentation] Verify modifying user attributes.
213 [Tags] Verify_Modifying_User_Attributes
Rahul Maheshwari124ebef2022-08-23 12:06:59 -0500214
Sandhya Somashekar8c5b2492019-05-16 05:19:03 -0500215 # Create Redfish users.
216 Redfish Create User admin_user TestPwd123 Administrator ${True}
Anusha Dathatri4062b442020-02-03 04:39:15 -0600217 Redfish Create User readonly_user TestPwd123 ReadOnly ${True}
Sandhya Somashekar8c5b2492019-05-16 05:19:03 -0500218
Sandhya Somashekar8c5b2492019-05-16 05:19:03 -0500219 # Make sure the new user account does not already exist.
Anusha Dathatri466816f2020-01-30 05:12:36 -0600220 Redfish.Delete /redfish/v1/AccountService/Accounts/newadmin_user
Sandhya Somashekar8c5b2492019-05-16 05:19:03 -0500221 ... valid_status_codes=[${HTTP_OK}, ${HTTP_NOT_FOUND}]
222
223 # Update admin_user username using Redfish.
224 ${payload}= Create Dictionary UserName=newadmin_user
Anusha Dathatri466816f2020-01-30 05:12:36 -0600225 Redfish.Patch /redfish/v1/AccountService/Accounts/admin_user body=&{payload}
Sandhya Somashekar8c5b2492019-05-16 05:19:03 -0500226
Anusha Dathatri4062b442020-02-03 04:39:15 -0600227 # Update readonly_user role using Redfish.
Rahul Maheshwari124ebef2022-08-23 12:06:59 -0500228 ${payload}= Create Dictionary RoleId=Administrator
Anusha Dathatri466816f2020-01-30 05:12:36 -0600229 Redfish.Patch /redfish/v1/AccountService/Accounts/readonly_user body=&{payload}
Sandhya Somashekar8c5b2492019-05-16 05:19:03 -0500230
Sandhya Somashekar8c5b2492019-05-16 05:19:03 -0500231 # Verify users after updating
232 Redfish Verify User newadmin_user TestPwd123 Administrator ${True}
Rahul Maheshwari124ebef2022-08-23 12:06:59 -0500233 Redfish Verify User readonly_user TestPwd123 Administrator ${True}
Sandhya Somashekar8c5b2492019-05-16 05:19:03 -0500234
235 # Delete created users.
Anusha Dathatri466816f2020-01-30 05:12:36 -0600236 Redfish.Delete /redfish/v1/AccountService/Accounts/newadmin_user
Anusha Dathatri466816f2020-01-30 05:12:36 -0600237 Redfish.Delete /redfish/v1/AccountService/Accounts/readonly_user
Sandhya Somashekar8c5b2492019-05-16 05:19:03 -0500238
Rahul Maheshwari124ebef2022-08-23 12:06:59 -0500239
240Verify Modifying Operator User Attributes
241 [Documentation] Verify modifying operator user attributes.
242 [Tags] Verify_Modifying_Operator_User_Attributes
243 [Setup] Run Keywords Redfish.Login AND
244 ... Redfish Create User operator_user TestPwd123 Operator ${True}
245 [Teardown] Run Keywords Redfish.Delete /redfish/v1/AccountService/Accounts/operator_user
246 ... AND Test Teardown Execution
247
248 # Update operator_user password using Redfish.
249 ${payload}= Create Dictionary Password=NewTestPwd123
250 Redfish.Patch /redfish/v1/AccountService/Accounts/operator_user body=&{payload}
251
252 # Verify users after updating
253 Redfish Verify User operator_user NewTestPwd123 Operator ${True}
254
255
Sandhya Somashekar37122b62019-06-18 06:02:02 -0500256Verify User Account Locked
257 [Documentation] Verify user account locked upon trying with invalid password.
258 [Tags] Verify_User_Account_Locked
259
260 Redfish Create User admin_user TestPwd123 Administrator ${True}
261
Joy Onyerikwu1483ce02019-06-26 14:56:36 -0500262 ${payload}= Create Dictionary AccountLockoutThreshold=${account_lockout_threshold}
263 ... AccountLockoutDuration=${account_lockout_duration}
264 Redfish.Patch ${REDFISH_ACCOUNTS_SERVICE_URI} body=${payload}
Sandhya Somashekar37122b62019-06-18 06:02:02 -0500265
Anusha Dathatrie0dddcf2020-06-18 05:23:16 -0500266 Redfish.Logout
267
Sandhya Somashekar37122b62019-06-18 06:02:02 -0500268 # Make ${account_lockout_threshold} failed login attempts.
269 Repeat Keyword ${account_lockout_threshold} times
270 ... Run Keyword And Expect Error InvalidCredentialsError* Redfish.Login admin_user abc123
271
272 # Verify that legitimate login fails due to lockout.
273 Run Keyword And Expect Error InvalidCredentialsError*
274 ... Redfish.Login admin_user TestPwd123
275
276 # Wait for lockout duration to expire and then verify that login works.
277 Sleep ${account_lockout_duration}s
278 Redfish.Login admin_user TestPwd123
279
280 Redfish.Logout
Sandhya Somashekar8c5b2492019-05-16 05:19:03 -0500281
Sandhya Somashekar7a237472019-07-15 02:06:39 -0500282 Redfish.Login
283
Anusha Dathatri466816f2020-01-30 05:12:36 -0600284 Redfish.Delete /redfish/v1/AccountService/Accounts/admin_user
Sandhya Somashekar7a237472019-07-15 02:06:39 -0500285
Sandhya Somashekard7d46c02019-06-26 05:10:25 -0500286Verify Admin User Privilege
287 [Documentation] Verify admin user privilege.
288 [Tags] Verify_Admin_User_Privilege
289
290 Redfish Create User admin_user TestPwd123 Administrator ${True}
Anusha Dathatri4062b442020-02-03 04:39:15 -0600291 Redfish Create User readonly_user TestPwd123 ReadOnly ${True}
Sandhya Somashekard7d46c02019-06-26 05:10:25 -0500292
Anusha Dathatrie0dddcf2020-06-18 05:23:16 -0500293 Redfish.Logout
294
Rahul Maheshwari3bc08642022-08-23 12:49:48 -0500295 Redfish.Login admin_user TestPwd123
296
297 # Change password of 'readonly' user with admin user.
298 Redfish.Patch /redfish/v1/AccountService/Accounts/readonly_user body={'Password': 'NewTestPwd123'}
299
300 # Verify modified user.
301 Redfish Verify User readonly_user NewTestPwd123 ReadOnly ${True}
302
303 # Note: Delete user would work here because a root login is
304 # performed as part of "Redfish Verify User" keyword's teardown.
305 Redfish.Delete /redfish/v1/AccountService/Accounts/admin_user
306 Redfish.Delete /redfish/v1/AccountService/Accounts/readonly_user
307
308
309Verify Operator User Role Change Using Admin Privilege User
310 [Documentation] Verify operator user role change using admin privilege user
311 [Tags] Verify_Operator_User_Role_Change_Using_Admin_Privilege_User
312
313 Redfish Create User admin_user TestPwd123 Administrator ${True}
314 Redfish Create User operator_user TestPwd123 Operator ${True}
315
316 Redfish.Logout
317
Sandhya Somashekard7d46c02019-06-26 05:10:25 -0500318 # Change role ID of operator user with admin user.
319 # Login with admin user.
320 Redfish.Login admin_user TestPwd123
321
322 # Modify Role ID of Operator user.
Anusha Dathatri466816f2020-01-30 05:12:36 -0600323 Redfish.Patch /redfish/v1/AccountService/Accounts/operator_user body={'RoleId': 'Administrator'}
Sandhya Somashekard7d46c02019-06-26 05:10:25 -0500324
325 # Verify modified user.
326 Redfish Verify User operator_user TestPwd123 Administrator ${True}
327
Anusha Dathatri466816f2020-01-30 05:12:36 -0600328 Redfish.Delete /redfish/v1/AccountService/Accounts/admin_user
329 Redfish.Delete /redfish/v1/AccountService/Accounts/operator_user
Rahul Maheshwari3bc08642022-08-23 12:49:48 -0500330
Sandhya Somashekar7a237472019-07-15 02:06:39 -0500331
Sandhya Somashekard7d46c02019-06-26 05:10:25 -0500332Verify Operator User Privilege
333 [Documentation] Verify operator user privilege.
George Keishing5236ec52022-01-31 12:07:58 -0600334 [Tags] Verify_Operator_User_Privilege
Sandhya Somashekard7d46c02019-06-26 05:10:25 -0500335
336 Redfish Create User admin_user TestPwd123 Administrator ${True}
337 Redfish Create User operator_user TestPwd123 Operator ${True}
338
Anusha Dathatrie0dddcf2020-06-18 05:23:16 -0500339 Redfish.Logout
Sandhya Somashekard7d46c02019-06-26 05:10:25 -0500340 # Login with operator user.
341 Redfish.Login operator_user TestPwd123
342
George Keishing093c1bd2020-02-10 09:47:34 -0600343 # Verify BMC reset.
Anusha Dathatrie0dddcf2020-06-18 05:23:16 -0500344 Run Keyword And Expect Error ValueError* Redfish BMC Reset Operation
Sandhya Somashekard7d46c02019-06-26 05:10:25 -0500345
346 # Attempt to change password of admin user with operator user.
Anusha Dathatri466816f2020-01-30 05:12:36 -0600347 Redfish.Patch /redfish/v1/AccountService/Accounts/admin_user body={'Password': 'NewTestPwd123'}
Anusha Dathatrie0dddcf2020-06-18 05:23:16 -0500348 ... valid_status_codes=[${HTTP_FORBIDDEN}]
349
350 Redfish.Logout
Sandhya Somashekard7d46c02019-06-26 05:10:25 -0500351
Sandhya Somashekar7a237472019-07-15 02:06:39 -0500352 Redfish.Login
353
Anusha Dathatri466816f2020-01-30 05:12:36 -0600354 Redfish.Delete /redfish/v1/AccountService/Accounts/admin_user
355 Redfish.Delete /redfish/v1/AccountService/Accounts/operator_user
Sandhya Somashekar7a237472019-07-15 02:06:39 -0500356
357
Anusha Dathatri4062b442020-02-03 04:39:15 -0600358Verify ReadOnly User Privilege
359 [Documentation] Verify ReadOnly user privilege.
360 [Tags] Verify_ReadOnly_User_Privilege
Sandhya Somashekard7d46c02019-06-26 05:10:25 -0500361
Anusha Dathatri4062b442020-02-03 04:39:15 -0600362 Redfish Create User readonly_user TestPwd123 ReadOnly ${True}
Anusha Dathatrie0dddcf2020-06-18 05:23:16 -0500363 Redfish.Logout
364
365 # Login with read_only user.
366 Redfish.Login readonly_user TestPwd123
Sandhya Somashekard7d46c02019-06-26 05:10:25 -0500367
368 # Read system level data.
369 ${system_model}= Redfish_Utils.Get Attribute
370 ... ${SYSTEM_BASE_URI} Model
371
Anusha Dathatrie0dddcf2020-06-18 05:23:16 -0500372 Redfish.Logout
Sandhya Somashekar7a237472019-07-15 02:06:39 -0500373 Redfish.Login
Anusha Dathatri4062b442020-02-03 04:39:15 -0600374 Redfish.Delete ${REDFISH_ACCOUNTS_URI}readonly_user
Sandhya Somashekar7a237472019-07-15 02:06:39 -0500375
Sandhya Somashekare92b1e62019-04-25 05:27:45 -0500376
Anusha Dathatri466816f2020-01-30 05:12:36 -0600377Verify Minimum Password Length For Redfish User
378 [Documentation] Verify minimum password length for new and existing user.
379 [Tags] Verify_Minimum_Password_Length_For_Redfish_User
380
381 ${user_name}= Set Variable testUser
382
383 # Make sure the user account in question does not already exist.
384 Redfish.Delete /redfish/v1/AccountService/Accounts/${user_name}
385 ... valid_status_codes=[${HTTP_OK}, ${HTTP_NOT_FOUND}]
386
387 # Try to create a user with invalid length password.
388 ${payload}= Create Dictionary
389 ... UserName=${user_name} Password=UserPwd RoleId=Administrator Enabled=${True}
390 Redfish.Post /redfish/v1/AccountService/Accounts/ body=&{payload}
391 ... valid_status_codes=[${HTTP_BAD_REQUEST}]
392
393 # Create specified user with valid length password.
394 Set To Dictionary ${payload} Password UserPwd1
395 Redfish.Post /redfish/v1/AccountService/Accounts/ body=&{payload}
396 ... valid_status_codes=[${HTTP_CREATED}]
397
398 # Try to change to an invalid password.
399 Redfish.Patch /redfish/v1/AccountService/Accounts/${user_name} body={'Password': 'UserPwd'}
400 ... valid_status_codes=[${HTTP_BAD_REQUEST}]
401
402 # Change to a valid password.
403 Redfish.Patch /redfish/v1/AccountService/Accounts/${user_name} body={'Password': 'UserPwd1'}
404
405 # Verify login.
406 Redfish.Logout
407 Redfish.Login ${user_name} UserPwd1
408 Redfish.Logout
409 Redfish.Login
410 Redfish.Delete /redfish/v1/AccountService/Accounts/${user_name}
411
412
Tony Lee94335f42021-02-04 15:16:39 +0800413Verify Standard User Roles Defined By Redfish
414 [Documentation] Verify standard user roles defined by Redfish.
415 [Tags] Verify_Standard_User_Roles_Defined_By_Redfish
416
417 ${member_list}= Redfish_Utils.Get Member List
418 ... /redfish/v1/AccountService/Roles
419
420 @{roles}= Create List
421 ... /redfish/v1/AccountService/Roles/Administrator
422 ... /redfish/v1/AccountService/Roles/Operator
423 ... /redfish/v1/AccountService/Roles/ReadOnly
424
425 List Should Contain Sub List ${member_list} ${roles}
426
427 # The standard roles are:
428
429 # | Role name | Assigned privileges |
430 # | Administrator | Login, ConfigureManager, ConfigureUsers, ConfigureComponents, ConfigureSelf |
431 # | Operator | Login, ConfigureComponents, ConfigureSelf |
432 # | ReadOnly | Login, ConfigureSelf |
433
434 @{admin}= Create List Login ConfigureManager ConfigureUsers ConfigureComponents ConfigureSelf
435 @{operator}= Create List Login ConfigureComponents ConfigureSelf
436 @{readOnly}= Create List Login ConfigureSelf
437
438 ${roles_dict}= create dictionary admin_privileges=${admin} operator_privileges=${operator}
439 ... readOnly_privileges=${readOnly}
440
441 ${resp}= redfish.Get /redfish/v1/AccountService/Roles/Administrator
442 List Should Contain Sub List ${resp.dict['AssignedPrivileges']} ${roles_dict['admin_privileges']}
443
444 ${resp}= redfish.Get /redfish/v1/AccountService/Roles/Operator
445 List Should Contain Sub List ${resp.dict['AssignedPrivileges']} ${roles_dict['operator_privileges']}
446
447 ${resp}= redfish.Get /redfish/v1/AccountService/Roles/ReadOnly
448 List Should Contain Sub List ${resp.dict['AssignedPrivileges']} ${roles_dict['readOnly_privileges']}
449
450
manashsarma4910aa22021-07-26 09:12:36 -0500451Verify Error While Deleting Root User
452 [Documentation] Verify error while deleting root user.
453 [Tags] Verify_Error_While_Deleting_Root_User
454
455 Redfish.Delete /redfish/v1/AccountService/Accounts/root valid_status_codes=[${HTTP_FORBIDDEN}]
456
457
manashsarma654cbc12021-09-23 02:28:12 -0500458Verify SSH Login Access With Admin User
459 [Documentation] Verify that admin user does not have SSH login access.
460 [Tags] Verify_SSH_Login_Access_With_Admin_User
461
462 # Create an admin User.
463 Redfish Create User new_admin TestPwd1 Administrator ${True}
464
465 # Attempt SSH login with admin user.
466 SSHLibrary.Open Connection ${OPENBMC_HOST}
467 ${status}= Run Keyword And Return Status SSHLibrary.Login new_admin TestPwd1
468 Should Be Equal ${status} ${False}
469
George Keishinge8015b32022-09-19 09:38:47 -0500470 Redfish.Login
471 Redfish.Delete /redfish/v1/AccountService/Accounts/new_admin
472
manashsarma654cbc12021-09-23 02:28:12 -0500473
Sivas SRR6aa101f2019-02-19 22:31:55 -0600474*** Keywords ***
475
Sivas SRR6aa101f2019-02-19 22:31:55 -0600476Test Teardown Execution
477 [Documentation] Do the post test teardown.
478
Anusha Dathatridb769702020-02-12 01:02:30 -0600479 Run Keyword And Ignore Error Redfish.Logout
Anusha Dathatrie0dddcf2020-06-18 05:23:16 -0500480 FFDC On Test Case Fail
481
Sandhya Somashekar00f59cc2019-03-05 03:39:47 -0600482
Sandhya Somashekaraa280aa2019-04-01 04:15:06 -0500483Redfish Create User
484 [Documentation] Redfish create user.
Anusha Dathatrie0dddcf2020-06-18 05:23:16 -0500485 [Arguments] ${username} ${password} ${role_id} ${enabled} ${login_check}=${True}
Sandhya Somashekaraa280aa2019-04-01 04:15:06 -0500486
487 # Description of argument(s):
488 # username The username to be created.
489 # password The password to be assigned.
Sandhya Somashekard7d46c02019-06-26 05:10:25 -0500490 # role_id The role ID of the user to be created
Sandhya Somashekaraa280aa2019-04-01 04:15:06 -0500491 # (e.g. "Administrator", "Operator", etc.).
492 # enabled Indicates whether the username being created
493 # should be enabled (${True}, ${False}).
Anusha Dathatrie0dddcf2020-06-18 05:23:16 -0500494 # login_check Checks user login for created user.
495 # (e.g. ${True}, ${False}).
Sandhya Somashekar8c5b2492019-05-16 05:19:03 -0500496
Sandhya Somashekare92b1e62019-04-25 05:27:45 -0500497 # Make sure the user account in question does not already exist.
Anusha Dathatri466816f2020-01-30 05:12:36 -0600498 Redfish.Delete /redfish/v1/AccountService/Accounts/${userName}
Sandhya Somashekare92b1e62019-04-25 05:27:45 -0500499 ... valid_status_codes=[${HTTP_OK}, ${HTTP_NOT_FOUND}]
500
Sandhya Somashekaraa280aa2019-04-01 04:15:06 -0500501 # Create specified user.
502 ${payload}= Create Dictionary
503 ... UserName=${username} Password=${password} RoleId=${role_id} Enabled=${enabled}
Anusha Dathatri466816f2020-01-30 05:12:36 -0600504 Redfish.Post /redfish/v1/AccountService/Accounts/ body=&{payload}
Sandhya Somashekaraa280aa2019-04-01 04:15:06 -0500505 ... valid_status_codes=[${HTTP_CREATED}]
506
Rahul Maheshwari9928b1d2021-07-19 04:59:55 -0500507 # Resetting faillock count as a workaround for issue
Anusha Dathatrif7268b52020-02-19 01:03:49 -0600508 # openbmc/phosphor-user-manager#4
nagarjunb2261267e92022-03-30 21:04:16 +0530509 ${cmd}= Catenate test -f /usr/sbin/faillock && /usr/sbin/faillock --user USER --reset
510 ... || /usr/sbin/pam_tally2 -u ${username} --reset
Anusha Dathatrif7268b52020-02-19 01:03:49 -0600511 Bmc Execute Command ${cmd}
512
Anusha Dathatrie0dddcf2020-06-18 05:23:16 -0500513 # Verify login with created user.
514 ${status}= Run Keyword If '${login_check}' == '${True}'
515 ... Verify Redfish User Login ${username} ${password}
516 Run Keyword If '${login_check}' == '${True}' Should Be Equal ${status} ${enabled}
Sandhya Somashekare92b1e62019-04-25 05:27:45 -0500517
Sandhya Somashekard7d46c02019-06-26 05:10:25 -0500518 # Validate Role ID of created user.
Sandhya Somashekare92b1e62019-04-25 05:27:45 -0500519 ${role_config}= Redfish_Utils.Get Attribute
Anusha Dathatri466816f2020-01-30 05:12:36 -0600520 ... /redfish/v1/AccountService/Accounts/${username} RoleId
Sandhya Somashekare92b1e62019-04-25 05:27:45 -0500521 Should Be Equal ${role_id} ${role_config}
522
Sandhya Somashekaraa280aa2019-04-01 04:15:06 -0500523
524Redfish Verify User
525 [Documentation] Redfish user verification.
526 [Arguments] ${username} ${password} ${role_id} ${enabled}
527
528 # Description of argument(s):
529 # username The username to be created.
530 # password The password to be assigned.
Sandhya Somashekard7d46c02019-06-26 05:10:25 -0500531 # role_id The role ID of the user to be created
Sandhya Somashekaraa280aa2019-04-01 04:15:06 -0500532 # (e.g. "Administrator", "Operator", etc.).
Sandhya Somashekare92b1e62019-04-25 05:27:45 -0500533 # enabled Indicates whether the username being created
534 # should be enabled (${True}, ${False}).
Sandhya Somashekaraa280aa2019-04-01 04:15:06 -0500535
Anusha Dathatrie0dddcf2020-06-18 05:23:16 -0500536 ${status}= Verify Redfish User Login ${username} ${password}
Sandhya Somashekare92b1e62019-04-25 05:27:45 -0500537 # Doing a check of the returned status.
538 Should Be Equal ${status} ${enabled}
Sandhya Somashekaraa280aa2019-04-01 04:15:06 -0500539
Sandhya Somashekare92b1e62019-04-25 05:27:45 -0500540 # Validate Role Id of user.
Sandhya Somashekaraa280aa2019-04-01 04:15:06 -0500541 ${role_config}= Redfish_Utils.Get Attribute
Anusha Dathatri466816f2020-01-30 05:12:36 -0600542 ... /redfish/v1/AccountService/Accounts/${username} RoleId
Sandhya Somashekaraa280aa2019-04-01 04:15:06 -0500543 Should Be Equal ${role_id} ${role_config}
544
545
Anusha Dathatrie0dddcf2020-06-18 05:23:16 -0500546Verify Redfish User Login
547 [Documentation] Verify Redfish login with given user id.
548 [Teardown] Run Keywords Run Keyword And Ignore Error Redfish.Logout AND Redfish.Login
549 [Arguments] ${username} ${password}
550
551 # Description of argument(s):
552 # username Login username.
553 # password Login password.
554
555 # Logout from current Redfish session.
George Keishing1cf2a422021-02-02 22:59:29 -0600556 # We don't really care if the current session is flushed out since we are going to login
557 # with new credential in next.
558 Run Keyword And Ignore Error Redfish.Logout
559
Anusha Dathatrie0dddcf2020-06-18 05:23:16 -0500560 ${status}= Run Keyword And Return Status Redfish.Login ${username} ${password}
561 [Return] ${status}
562
563
Sandhya Somashekar00f59cc2019-03-05 03:39:47 -0600564Redfish Create And Verify User
565 [Documentation] Redfish create and verify user.
566 [Arguments] ${username} ${password} ${role_id} ${enabled}
567
568 # Description of argument(s):
Sandhya Somashekar33aa48c2019-03-13 05:54:49 -0500569 # username The username to be created.
570 # password The password to be assigned.
Sandhya Somashekard7d46c02019-06-26 05:10:25 -0500571 # role_id The role ID of the user to be created
Sandhya Somashekaraf402ca2019-03-18 05:59:19 -0500572 # (e.g. "Administrator", "Operator", etc.).
573 # enabled Indicates whether the username being created
574 # should be enabled (${True}, ${False}).
Sandhya Somashekar00f59cc2019-03-05 03:39:47 -0600575
Sandhya Somashekare92b1e62019-04-25 05:27:45 -0500576 # Example:
577 #{
578 #"@odata.context": "/redfish/v1/$metadata#ManagerAccount.ManagerAccount",
579 #"@odata.id": "/redfish/v1/AccountService/Accounts/test1",
580 #"@odata.type": "#ManagerAccount.v1_0_3.ManagerAccount",
581 #"Description": "User Account",
582 #"Enabled": true,
583 #"Id": "test1",
584 #"Links": {
585 # "Role": {
586 # "@odata.id": "/redfish/v1/AccountService/Roles/Administrator"
587 # }
588 #},
589
Sandhya Somashekaraa280aa2019-04-01 04:15:06 -0500590 Redfish Create User ${username} ${password} ${role_id} ${enabled}
Sandhya Somashekar00f59cc2019-03-05 03:39:47 -0600591
Sandhya Somashekaraa280aa2019-04-01 04:15:06 -0500592 Redfish Verify User ${username} ${password} ${role_id} ${enabled}
Sandhya Somashekar00f59cc2019-03-05 03:39:47 -0600593
594 # Delete Specified User
Anusha Dathatri466816f2020-01-30 05:12:36 -0600595 Redfish.Delete /redfish/v1/AccountService/Accounts/${username}
Sandhya Somashekaraa280aa2019-04-01 04:15:06 -0500596
Sandhya Somashekar33aa48c2019-03-13 05:54:49 -0500597Verify Redfish User with Wrong Password
Sandhya Somashekaraa280aa2019-04-01 04:15:06 -0500598 [Documentation] Verify Redfish User with Wrong Password.
Sandhya Somashekar33aa48c2019-03-13 05:54:49 -0500599 [Arguments] ${username} ${password} ${role_id} ${enabled} ${wrong_password}
600
601 # Description of argument(s):
602 # username The username to be created.
603 # password The password to be assigned.
Sandhya Somashekard7d46c02019-06-26 05:10:25 -0500604 # role_id The role ID of the user to be created
Sandhya Somashekaraf402ca2019-03-18 05:59:19 -0500605 # (e.g. "Administrator", "Operator", etc.).
606 # enabled Indicates whether the username being created
607 # should be enabled (${True}, ${False}).
Sandhya Somashekar33aa48c2019-03-13 05:54:49 -0500608 # wrong_password Any invalid password.
609
Sandhya Somashekaraa280aa2019-04-01 04:15:06 -0500610 Redfish Create User ${username} ${password} ${role_id} ${enabled}
Sandhya Somashekar33aa48c2019-03-13 05:54:49 -0500611
Anusha Dathatrie0dddcf2020-06-18 05:23:16 -0500612 Redfish.Logout
613
Sandhya Somashekar33aa48c2019-03-13 05:54:49 -0500614 # Attempt to login with created user with invalid password.
615 Run Keyword And Expect Error InvalidCredentialsError*
616 ... Redfish.Login ${username} ${wrong_password}
617
618 Redfish.Login
619
620 # Delete newly created user.
Anusha Dathatri466816f2020-01-30 05:12:36 -0600621 Redfish.Delete /redfish/v1/AccountService/Accounts/${username}
Sandhya Somashekar33aa48c2019-03-13 05:54:49 -0500622
623
Sandhya Somashekaraf402ca2019-03-18 05:59:19 -0500624Verify Login with Deleted Redfish User
Sandhya Somashekaraa280aa2019-04-01 04:15:06 -0500625 [Documentation] Verify Login with Deleted Redfish User.
Sandhya Somashekaraf402ca2019-03-18 05:59:19 -0500626 [Arguments] ${username} ${password} ${role_id} ${enabled}
627
628 # Description of argument(s):
629 # username The username to be created.
630 # password The password to be assigned.
Sandhya Somashekard7d46c02019-06-26 05:10:25 -0500631 # role_id The role ID of the user to be created
Sandhya Somashekaraf402ca2019-03-18 05:59:19 -0500632 # (e.g. "Administrator", "Operator", etc.).
633 # enabled Indicates whether the username being created
634 # should be enabled (${True}, ${False}).
635
Sandhya Somashekaraa280aa2019-04-01 04:15:06 -0500636 Redfish Create User ${username} ${password} ${role_id} ${enabled}
Sandhya Somashekare92b1e62019-04-25 05:27:45 -0500637
638 # Delete newly created user.
Anusha Dathatri466816f2020-01-30 05:12:36 -0600639 Redfish.Delete /redfish/v1/AccountService/Accounts/${userName}
Sandhya Somashekare92b1e62019-04-25 05:27:45 -0500640
Anusha Dathatrie0dddcf2020-06-18 05:23:16 -0500641 Redfish.Logout
642
Sandhya Somashekare92b1e62019-04-25 05:27:45 -0500643 # Attempt to login with deleted user account.
644 Run Keyword And Expect Error InvalidCredentialsError*
645 ... Redfish.Login ${username} ${password}
646
647 Redfish.Login
648
Anusha Dathatrie0dddcf2020-06-18 05:23:16 -0500649
Sandhya Somashekare92b1e62019-04-25 05:27:45 -0500650Verify Create User Without Enabling
651 [Documentation] Verify Create User Without Enabling.
652 [Arguments] ${username} ${password} ${role_id} ${enabled}
653
654 # Description of argument(s):
655 # username The username to be created.
656 # password The password to be assigned.
Sandhya Somashekard7d46c02019-06-26 05:10:25 -0500657 # role_id The role ID of the user to be created
Sandhya Somashekare92b1e62019-04-25 05:27:45 -0500658 # (e.g. "Administrator", "Operator", etc.).
659 # enabled Indicates whether the username being created
660 # should be enabled (${True}, ${False}).
661
Anusha Dathatrie0dddcf2020-06-18 05:23:16 -0500662 Redfish Create User ${username} ${password} ${role_id} ${enabled} ${False}
Sandhya Somashekare92b1e62019-04-25 05:27:45 -0500663
664 Redfish.Logout
665
666 # Login with created user.
667 Run Keyword And Expect Error InvalidCredentialsError*
668 ... Redfish.Login ${username} ${password}
669
670 Redfish.Login
Sandhya Somashekaraf402ca2019-03-18 05:59:19 -0500671
672 # Delete newly created user.
Anusha Dathatri466816f2020-01-30 05:12:36 -0600673 Redfish.Delete /redfish/v1/AccountService/Accounts/${username}
George Keishing07fb41f2020-06-16 08:09:19 -0500674