Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / openbmc-test-automation / 70aab0739be762393c30405af9723e915ebe5787 / . / redfish / account_service / test_redfish_privilege_registry.robot
blob: 88ceceb921470d0ff202970c34af6404355e2a20 [file] [log] [blame]
leet3d946ef2022-05-05 18:57:41 +0000[diff] [blame]1*** Settings ***
2Documentation Script to test Redfish privilege registry with various users
3... such as test, admin, operator, readonly, patched.
4
5Resource ../../lib/resource.robot
6Resource ../../lib/bmc_redfish_resource.robot
7Resource ../../lib/openbmc_ffdc.robot
8Resource ../../lib/bmc_redfish_utils.robot
9
10Suite Setup Create And Verify Various Privilege Users
11Suite Teardown Delete Created Redfish Users Except Default Admin
12Test Teardown Redfish.Logout
13
14*** Variables ***
15
16${test_user} testuser
17${test_password} testpassword
18${admin_user} testadmin
19${admin_password} adminpassword
20${operator_user} testoperator
21${operator_password} operatorpassword
22${readonly_user} testreadonly
23${readonly_password} readonlypassword
24${patched_user} patchuser
25${post_user} postuser
26${post_password} postpassword
27${account_service} ${2}
28
29** Test Cases **
30
31Verify Redfish Privilege Registry Properties
32 [Documentation] Verify the Redfish Privilege Registry properties.
33 [Tags] Verify_Redfish_Privilege_Registry_Properties
34
35 Redfish.Login
36
37 # Get the complete Privilege Registry URL
38 ${url}= Get Redfish Privilege Registry json URL
39 ${resp}= Redfish.Get ${url}
40 Should Be Equal As Strings ${resp.status} ${HTTP_OK}
41
42 # Verify the Privilege Registry Resource.
43 # Example:
44 # "Id": "Redfish_1.1.0_PrivilegeRegistry",
45 # "Name": "Privilege Mapping array collection",
46 # "PrivilegesUsed": [
47 # "Login",
48 # "ConfigureManager",
49 # "ConfigureUsers",
50 # "ConfigureComponents",
51 # "ConfigureSelf"
52 # ],
53
54 Should Be Equal As Strings ${resp.dict["Id"]} Redfish_1.1.0_PrivilegeRegistry
55 Should Be Equal As Strings ${resp.dict["Name"]} Privilege Mapping array collection
56 Should Be Equal As Strings ${resp.dict["PrivilegesUsed"][0]} Login
57 Should Be Equal As Strings ${resp.dict["PrivilegesUsed"][1]} ConfigureManager
58 Should Be Equal As Strings ${resp.dict["PrivilegesUsed"][2]} ConfigureUsers
59 Should Be Equal As Strings ${resp.dict["PrivilegesUsed"][3]} ConfigureComponents
60 Should Be Equal As Strings ${resp.dict["PrivilegesUsed"][4]} ConfigureSelf
61
62Verify Redfish Privilege Registry Mappings Properties For Account Service
63 [Documentation] Verify Privilege Registry Account Service Mappings resource properties.
64 [Tags] Verify_Redfish_Privilege_Registry_Mappings_Properties_For_Account_Service
65
66 # Below is the mapping for Redfish Privilege Registry property for
67 # Account Service.
68
69 # "Mappings": [
70 # {
71 # "Entity": "AccountService",
72 # "OperationMap": {
73 # "GET": [{
74 # "Privilege": [
75 # "Login"
76 # ]}],
77 # "HEAD": [{
78 # "Privilege": [
79 # "Login"
80 # ]}],
81 # "PATCH": [{
82 # "Privilege": [
83 # "ConfigureUsers"
84 # ]}],
85 # "PUT": [{
86 # "Privilege": [
87 # "ConfigureUsers"
88 # ]}],
89 # "DELETE": [{
90 # "Privilege": [
91 # "ConfigureUsers"
92 # ]}],
93 # "POST": [{
94 # "Privilege": [
95 # "ConfigureUsers"
96 # ]}]}
97 # }
98
99 # | ROLE NAME | ASSIGNED PRIVILEGES
100 # |---------------|--------------------
101 # | Administrator | Login, ConfigureManager, ConfigureUsers, ConfigureComponents, ConfigureSelf.
102 # | Operator | Login, ConfigureComponents, ConfigureSelf.
103 # | ReadOnly | Login, ConfigureSelf.
104
105 # Get the complete Privilege Registry URL.
106 ${url}= Get Redfish Privilege Registry json URL
107 ${resp}= Redfish.Get ${url}
108
109 # Get mappings properties for Entity: Account Service.
110 @{mappings}= Get From Dictionary ${resp.dict} Mappings
111
112 Should Be Equal ${mappings[${account_service}]['OperationMap']['GET'][0]['Privilege'][0]}
113 ... Login
114 Should Be Equal ${mappings[${account_service}]['OperationMap']['HEAD'][0]['Privilege'][0]}
115 ... Login
116 Should Be Equal ${mappings[${account_service}]['OperationMap']['PATCH'][0]['Privilege'][0]}
117 ... ConfigureUsers
118 Should Be Equal ${mappings[${account_service}]['OperationMap']['PUT'][0]['Privilege'][0]}
119 ... ConfigureUsers
120 Should Be Equal ${mappings[${account_service}]['OperationMap']['DELETE'][0]['Privilege'][0]}
121 ... ConfigureUsers
122 Should Be Equal ${mappings[${account_service}]['OperationMap']['POST'][0]['Privilege'][0]}
123 ... ConfigureUsers
124
125Verify Admin User Privileges Via Redfish
126 [Documentation] Verify Admin user privileges via Redfish.
127 [Tags] Verify_Admin_User_Privileges_Via_Redfish
128
129 Redfish.Login ${admin_user} ${admin_password}
130
131 ${payload}= Create Dictionary
132 ... UserName=${post_user} Password=${post_password} RoleId=Operator Enabled=${true}
133 Redfish.Post ${REDFISH_ACCOUNTS_URI} body=&{payload}
134 ... valid_status_codes=[${HTTP_CREATED}]
135
136 ${data}= Create Dictionary UserName=${patched_user}
137 Redfish.patch ${REDFISH_ACCOUNTS_URI}${test_user} body=&{data}
138 ... valid_status_codes=[${HTTP_OK}, ${HTTP_NO_CONTENT}]
139
140 ${patched_user_name}= Redfish.Get Attribute ${REDFISH_ACCOUNTS_URI}${patched_user} UserName
141 Should Be Equal ${patched_user_name} ${patched_user}
142
143Verify Operator User Privileges Via Redfish
144 [Documentation] Verify Operator user privileges via Redfish.
145 [Tags] Verify_Operator_User_Privileges_Via_Redfish
146
147 Redfish.Login ${operator_user} ${operator_password}
148
149 ${payload}= Create Dictionary
150 ... UserName=${post_user} Password=${post_password} RoleId=Operator Enabled=${true}
151 Redfish.Post ${REDFISH_ACCOUNTS_URI} body=&{payload}
152 ... valid_status_codes=[${HTTP_FORBIDDEN}]
153
154 ${data}= Create Dictionary UserName=${patched_user}
155 Redfish.patch ${REDFISH_ACCOUNTS_URI}${test_user} body=&{data}
156 ... valid_status_codes=[${HTTP_FORBIDDEN}]
157
158 Redfish.Get ${REDFISH_ACCOUNTS_URI}${patched_user}
159 ... valid_status_codes=[${HTTP_FORBIDDEN}]
160
161 Redfish.Delete ${REDFISH_ACCOUNTS_URI}${patched_user}
162 ... valid_status_codes=[${HTTP_FORBIDDEN}]
163
164Verify ReadOnly User Privileges Via Redfish
165 [Documentation] Verify ReadOnly user privileges via Redfish.
166 [Tags] Verify_ReadOnly_User_Privileges_Via_Redfish
167
168 Redfish.Login ${readonly_user} ${readonly_password}
169
170 ${payload}= Create Dictionary
171 ... UserName=${post_user} Password=${post_password} RoleId=Operator Enabled=${true}
172 Redfish.Post ${REDFISH_ACCOUNTS_URI} body=&{payload}
173 ... valid_status_codes=[${HTTP_FORBIDDEN}]
174
175 ${data}= Create Dictionary UserName=${patched_user}
176 Redfish.patch ${REDFISH_ACCOUNTS_URI}${test_user} body=&{data}
177 ... valid_status_codes=[${HTTP_FORBIDDEN}]
178
179 Redfish.Get ${REDFISH_ACCOUNTS_URI}${patched_user}
180 ... valid_status_codes=[${HTTP_FORBIDDEN}]
181
182 Redfish.Delete ${REDFISH_ACCOUNTS_URI}${patched_user}
183 ... valid_status_codes=[${HTTP_FORBIDDEN}]
184
185
186*** Keywords ***
187
188Get Redfish Privilege Registry Json URL
189 [Documentation] Return the complete Privilege Registry Json URL.
190
191 # Get Privilege Registry version Json path in redfish.
192 # Example: Redfish_1.1.0_PrivilegeRegistry.json
193
194 ${resp}= Redfish.Get
195 ... /redfish/v1/Registries/PrivilegeRegistry/
196 @{location}= Get From Dictionary ${resp.dict} Location
197 ${uri}= Set Variable ${location[0]['Uri']}
198 [Return] ${uri}
199
200Create And Verify Various Privilege Users
201 [Documentation] Create and verify admin, test, operator, and readonly users.
202
203 Redfish Create User ${test_user} ${test_password} Operator ${true}
204 Redfish Create User ${admin_user} ${admin_password} Administrator ${true}
205 Redfish Create User ${operator_user} ${operator_password} Operator ${true}
206 Redfish Create User ${readonly_user} ${readonly_password} ReadOnly ${true}
207
208 Redfish Verify User ${test_user} ${test_password} Operator
209 Redfish Verify User ${admin_user} ${admin_password} Administrator
210 Redfish Verify User ${operator_user} ${operator_password} Operator
211 Redfish Verify User ${readonly_user} ${readonly_password} ReadOnly
212
213Redfish Verify User
214 [Documentation] Verify Redfish user with given credentials.
215 [Arguments] ${username} ${password} ${role_id}
216
217 # Description of argument(s):
218 # username The username to be created.
219 # password The password to be assigned.
220 # role_id The role ID of the user to be created
221 # (e.g. "Administrator", "Operator", etc.).
222
223 Run Keyword And Ignore Error Redfish.Logout
224 Redfish.Login ${username} ${password}
225
226 # Validate Role Id of user.
227 ${role_config}= Redfish_Utils.Get Attribute
228 ... /redfish/v1/AccountService/Accounts/${username} RoleId
229 Should Be Equal ${role_id} ${role_config}
230 Redfish.Logout
231
232Delete Created Redfish Users Except Default Admin
233 [Documentation] Delete the admin, patched, operator, readonly, and post users.
234
235 Redfish.Login
236 Run Keyword And Ignore Error Redfish.Delete ${REDFISH_ACCOUNTS_URI}${admin_user}
237 ... valid_status_codes=[${HTTP_OK}]
238 Run Keyword And Ignore Error Redfish.Delete ${REDFISH_ACCOUNTS_URI}${patched_user}
239 ... valid_status_codes=[${HTTP_OK}]
240 Run Keyword And Ignore Error Redfish.Delete ${REDFISH_ACCOUNTS_URI}${operator_user}
241 ... valid_status_codes=[${HTTP_OK}]
242 Run Keyword And Ignore Error Redfish.Delete ${REDFISH_ACCOUNTS_URI}${readonly_user}
243 ... valid_status_codes=[${HTTP_OK}]
244 Run Keyword And Ignore Error Redfish.Delete ${REDFISH_ACCOUNTS_URI}${post_user}
245 ... valid_status_codes=[${HTTP_OK}]
246 Redfish.Logout