redfish/account_service/test_user_account.robot

*** Settings ***
Documentation    Test Redfish user account.

Resource         ../../lib/resource.robot
Resource         ../../lib/bmc_redfish_resource.robot
Resource         ../../lib/openbmc_ffdc.robot
Resource         ../../lib/bmc_redfish_utils.robot

Library          SSHLibrary

Test Setup       Redfish.Login
Test Teardown    Test Teardown Execution

*** Variables ***

${account_lockout_duration}   ${30}
${account_lockout_threshold}  ${3}

** Test Cases **

Verify AccountService Available
    [Documentation]  Verify Redfish account service is available.
    [Tags]  Verify_AccountService_Available

    ${resp} =  Redfish_utils.Get Attribute  /redfish/v1/AccountService  ServiceEnabled
    Should Be Equal As Strings  ${resp}  ${True}


Verify Redfish Admin User Persistence After Reboot
    [Documentation]  Verify Redfish admin user persistence after reboot.
    [Tags]  Verify_Redfish_Admin_User_Persistence_After_Reboot
    [Setup]  Run Keywords  Redfish.Login  AND
    ...  Redfish Create User  admin_user  TestPwd123  Administrator  ${True}
    [Teardown]  Run Keywords  Redfish.Delete  /redfish/v1/AccountService/Accounts/admin_user
    ...  AND  Test Teardown Execution

    # Reboot BMC.
    Redfish OBMC Reboot (off)  stack_mode=normal

    # Verify users after reboot.
    Redfish Verify User  admin_user     TestPwd123  Administrator   ${True}


Verify Redfish Operator User Persistence After Reboot
    [Documentation]  Verify Redfish operator user persistence after reboot.
    [Tags]  Verify_Redfish_Operator_User_Persistence_After_Reboot
    [Setup]  Run Keywords  Redfish.Login  AND
    ...  Redfish Create User  operator_user  TestPwd123  Operator  ${True}
    [Teardown]  Run Keywords  Redfish.Delete  /redfish/v1/AccountService/Accounts/operator_user
    ...  AND  Test Teardown Execution

    # Reboot BMC.
    Redfish OBMC Reboot (off)  stack_mode=normal

    # Verify users after reboot.
    Redfish Verify User  operator_user  TestPwd123  Operator        ${True}


Verify Redfish Readonly User Persistence After Reboot
    [Documentation]  Verify Redfish readonly user persistence after reboot.
    [Tags]  Verify_Redfish_Readonly_User_Persistence_After_Reboot
    [Setup]  Run Keywords  Redfish.Login  AND
    ...  Redfish Create User  readonly_user  TestPwd123  ReadOnly  ${True}
    [Teardown]  Run Keywords  Redfish.Delete  /redfish/v1/AccountService/Accounts/readonly_user
    ...  AND  Test Teardown Execution

    # Reboot BMC.
    Redfish OBMC Reboot (off)  stack_mode=normal

    # Verify users after reboot.
    Redfish Verify User  readonly_user  TestPwd123  ReadOnly        ${True}


Redfish Create and Verify Admin User
    [Documentation]  Create a Redfish user with administrator role and verify.
    [Tags]  Redfish_Create_and_Verify_Admin_User
    [Template]  Redfish Create And Verify User

    #username      password    role_id         enabled
    admin_user     TestPwd123  Administrator   ${True}


Redfish Create and Verify Operator User
    [Documentation]  Create a Redfish user with operator role and verify.
    [Tags]  Redfish_Create_and_Verify_Operator_User
    [Template]  Redfish Create And Verify User

    #username      password    role_id         enabled
    operator_user  TestPwd123  Operator        ${True}


Redfish Create and Verify Readonly User
    [Documentation]  Create a Redfish user with readonly role and verify.
    [Tags]  Redfish_Create_and_Verify_Readonly_User
    [Template]  Redfish Create And Verify User

    #username      password    role_id         enabled
    readonly_user  TestPwd123  ReadOnly        ${True}


Verify Redfish Admin User With Wrong Password
    [Documentation]  Verify Redfish admin user with wrong password.
    [Tags]  Verify_Redfish_Admin_User_With_Wrong_Password
    [Template]  Verify Redfish User with Wrong Password

    #username      password    role_id         enabled  wrong_password
    admin_user     TestPwd123  Administrator   ${True}  alskjhfwurh


Verify Redfish Operator User with Wrong Password
    [Documentation]  Verify Redfish operator user with wrong password.
    [Tags]  Verify_Redfish_Operator_User_with_Wrong_Password
    [Template]  Verify Redfish User with Wrong Password

    #username      password    role_id         enabled  wrong_password
    operator_user  TestPwd123  Operator        ${True}  12j8a8uakjhdaosiruf024


Verify Redfish Readonly User With Wrong Password
    [Documentation]  Verify Redfish readonly user with wrong password.
    [Tags]  Verify_Redfish_Readonly_User_With_Wrong_Password
    [Template]  Verify Redfish User with Wrong Password

    #username      password    role_id         enabled  wrong_password
    readonly_user  TestPwd123  ReadOnly        ${True}  12


Verify Login with Deleted Redfish Admin User
    [Documentation]  Verify login with deleted Redfish admin user.
    [Tags]  Verify_Login_with_Deleted_Redfish_Admin_User
    [Template]  Verify Login with Deleted Redfish User

    #username     password    role_id         enabled
    admin_user     TestPwd123  Administrator   ${True}


Verify Login with Deleted Redfish Operator User
    [Documentation]  Verify login with deleted Redfish operator user.
    [Tags]  Verify_Login_with_Deleted_Redfish_Operator_User
    [Template]  Verify Login with Deleted Redfish User

    #username     password    role_id         enabled
    operator_user  TestPwd123  Operator        ${True}


Verify Login with Deleted Redfish Readonly User
    [Documentation]  Verify login with deleted Redfish readonly user.
    [Tags]  Verify_Login_with_Deleted_Redfish_Readonly_User
    [Template]  Verify Login with Deleted Redfish User

    #username     password    role_id         enabled
    readonly_user  TestPwd123  ReadOnly        ${True}


Verify Admin User Creation Without Enabling It
    [Documentation]  Verify admin user creation without enabling it.
    [Tags]  Verify_Admin_User_Creation_Without_Enabling_It
    [Template]  Verify Create User Without Enabling

    #username      password    role_id         enabled
    admin_user     TestPwd123  Administrator   ${False}


Verify Operator User Creation Without Enabling It
    [Documentation]  Verify operator user creation without enabling it.
    [Tags]  Verify_Operator_User_Creation_Without_Enabling_It
    [Template]  Verify Create User Without Enabling

    #username      password    role_id         enabled
    operator_user  TestPwd123  Operator        ${False}


Verify Readonly User Creation Without Enabling It
    [Documentation]  Verify readonly user creation without enabling it.
    [Tags]  Verify_Readonly_User_Creation_Without_Enabling_It
    [Template]  Verify Create User Without Enabling

    #username      password    role_id         enabled
    readonly_user  TestPwd123  ReadOnly        ${False}


Verify User Creation With Invalid Role Id
    [Documentation]  Verify user creation with invalid role ID.
    [Tags]  Verify_User_Creation_With_Invalid_Role_Id

    # Make sure the user account in question does not already exist.
    Redfish.Delete  /redfish/v1/AccountService/Accounts/test_user
    ...  valid_status_codes=[${HTTP_OK}, ${HTTP_NOT_FOUND}]

    # Create specified user.
    ${payload}=  Create Dictionary
    ...  UserName=test_user  Password=TestPwd123  RoleId=wrongroleid  Enabled=${True}
    Redfish.Post  /redfish/v1/AccountService/Accounts/  body=&{payload}
    ...  valid_status_codes=[${HTTP_BAD_REQUEST}]

Verify Error Upon Creating Same Users With Different Privileges
    [Documentation]  Verify error upon creating same users with different privileges.
    [Tags]  Verify_Error_Upon_Creating_Same_Users_With_Different_Privileges

    Redfish Create User  test_user  TestPwd123  Administrator  ${True}

    # Create specified user.
    ${payload}=  Create Dictionary
    ...  UserName=test_user  Password=TestPwd123  RoleId=ReadOnly  Enabled=${True}
    Redfish.Post  /redfish/v1/AccountService/Accounts/  body=&{payload}
    ...  valid_status_codes=[${HTTP_BAD_REQUEST}]

    Redfish.Delete  /redfish/v1/AccountService/Accounts/test_user


Verify Modifying User Attributes
    [Documentation]  Verify modifying user attributes.
    [Tags]  Verify_Modifying_User_Attributes

    # Create Redfish users.
    Redfish Create User  admin_user     TestPwd123  Administrator   ${True}
    Redfish Create User  readonly_user  TestPwd123  ReadOnly        ${True}

    # Make sure the new user account does not already exist.
    Redfish.Delete  /redfish/v1/AccountService/Accounts/newadmin_user
    ...  valid_status_codes=[${HTTP_OK}, ${HTTP_NOT_FOUND}]

    # Update admin_user username using Redfish.
    ${payload}=  Create Dictionary  UserName=newadmin_user
    Redfish.Patch  /redfish/v1/AccountService/Accounts/admin_user  body=&{payload}

    # Update readonly_user role using Redfish.
    ${payload}=  Create Dictionary  RoleId=Administrator
    Redfish.Patch  /redfish/v1/AccountService/Accounts/readonly_user  body=&{payload}

    # Verify users after updating
    Redfish Verify User  newadmin_user  TestPwd123     Administrator   ${True}
    Redfish Verify User  readonly_user  TestPwd123     Administrator   ${True}

    # Delete created users.
    Redfish.Delete  /redfish/v1/AccountService/Accounts/newadmin_user
    Redfish.Delete  /redfish/v1/AccountService/Accounts/readonly_user


Verify Modifying Operator User Attributes
    [Documentation]  Verify modifying operator user attributes.
    [Tags]  Verify_Modifying_Operator_User_Attributes
    [Setup]  Run Keywords  Redfish.Login  AND
    ...  Redfish Create User  operator_user  TestPwd123  Operator  ${True}
    [Teardown]  Run Keywords  Redfish.Delete  /redfish/v1/AccountService/Accounts/operator_user
    ...  AND  Test Teardown Execution

    # Update operator_user password using Redfish.
    ${payload}=  Create Dictionary  Password=NewTestPwd123
    Redfish.Patch  /redfish/v1/AccountService/Accounts/operator_user  body=&{payload}

    # Verify users after updating
    Redfish Verify User  operator_user  NewTestPwd123  Operator        ${True}


Verify User Account Locked
    [Documentation]  Verify user account locked upon trying with invalid password.
    [Tags]  Verify_User_Account_Locked

    Redfish Create User  admin_user  TestPwd123  Administrator   ${True}

    ${payload}=  Create Dictionary  AccountLockoutThreshold=${account_lockout_threshold}
    ...  AccountLockoutDuration=${account_lockout_duration}
    Redfish.Patch  ${REDFISH_ACCOUNTS_SERVICE_URI}  body=${payload}

    Redfish.Logout

    # Make ${account_lockout_threshold} failed login attempts.
    Repeat Keyword  ${account_lockout_threshold} times
    ...  Run Keyword And Expect Error  InvalidCredentialsError*  Redfish.Login  admin_user  abc123

    # Verify that legitimate login fails due to lockout.
    Run Keyword And Expect Error  InvalidCredentialsError*
    ...  Redfish.Login  admin_user  TestPwd123

    # Wait for lockout duration to expire and then verify that login works.
    Sleep  ${account_lockout_duration}s
    Redfish.Login  admin_user  TestPwd123

    Redfish.Logout

    Redfish.Login

    Redfish.Delete  /redfish/v1/AccountService/Accounts/admin_user


Verify User Account Unlock
    [Documentation]  Verify manually unlocking the account before lockout time
    [Tags]  Verify_User_Account_Unlock
    [Teardown]  Run Keywords  Redfish.Logout
    ...  AND  Redfish.Login
    ...  AND  Redfish.Delete  /redfish/v1/AccountService/Accounts/test_user
    ...  AND  SSHLibrary.Close All Connections

    Redfish Create User  test_user  TestPwd123  Administrator  ${True}

    ${payload}=  Create Dictionary
    ...  AccountLockoutThreshold=${account_lockout_threshold}
    ...  AccountLockoutDuration=${account_lockout_duration}
    Redfish.Patch  ${REDFISH_ACCOUNTS_SERVICE_URI}  body=${payload}

    Redfish.Logout

    # Make ${account_lockout_threshold} failed login attempts.
    Repeat Keyword  ${account_lockout_threshold} times
    ...  Run Keyword And Expect Error  InvalidCredentialsError*
    ...  Redfish.Login  test_user  abc123

    # Ensure SSH Login with locked account gets failed
    SSHLibrary.Open Connection  ${OPENBMC_HOST}
    Run Keyword And Expect Error  Authentication failed*
    ...  SSHLibrary.Login  test_user  TestPwd123

    # Verify that legitimate login fails due to lockout.
    Run Keyword And Expect Error  InvalidCredentialsError*
    ...  Redfish.Login  test_user  TestPwd123

    ${payload}=  Create Dictionary  Locked=${FALSE}

    # Manually unlock the account before lockout threshold expires
    Redfish.Login
    Redfish.Patch  ${REDFISH_ACCOUNTS_URI}test_user  body=${payload}
    Redfish.Logout

    # Try redfish login with the recently unlocked account
    Redfish.Login  test_user  TestPwd123

    # Try SSH login with the unlocked account
    SSHLibrary.Open Connection  ${OPENBMC_HOST}
    SSHLibrary.Login  test_user  TestPwd123


Verify Admin User Privilege
    [Documentation]  Verify admin user privilege.
    [Tags]  Verify_Admin_User_Privilege

    Redfish Create User  admin_user  TestPwd123  Administrator  ${True}
    Redfish Create User  readonly_user  TestPwd123  ReadOnly  ${True}

    Redfish.Logout

    Redfish.Login  admin_user  TestPwd123

    # Change password of 'readonly' user with admin user.
    Redfish.Patch  /redfish/v1/AccountService/Accounts/readonly_user  body={'Password': 'NewTestPwd123'}

    # Verify modified user.
    Redfish Verify User  readonly_user  NewTestPwd123  ReadOnly  ${True}

    # Note: Delete user would work here because a root login is
    # performed as part of "Redfish Verify User" keyword's teardown.
    Redfish.Delete  /redfish/v1/AccountService/Accounts/admin_user
    Redfish.Delete  /redfish/v1/AccountService/Accounts/readonly_user


Verify Operator User Role Change Using Admin Privilege User
    [Documentation]  Verify operator user role change using admin privilege user
    [Tags]  Verify_Operator_User_Role_Change_Using_Admin_Privilege_User

    Redfish Create User  admin_user  TestPwd123  Administrator  ${True}
    Redfish Create User  operator_user  TestPwd123  Operator  ${True}

    Redfish.Logout

    # Change role ID of operator user with admin user.
    # Login with admin user.
    Redfish.Login  admin_user  TestPwd123

    # Modify Role ID of Operator user.
    Redfish.Patch  /redfish/v1/AccountService/Accounts/operator_user  body={'RoleId': 'Administrator'}

    # Verify modified user.
    Redfish Verify User  operator_user  TestPwd123  Administrator  ${True}

    Redfish.Delete  /redfish/v1/AccountService/Accounts/admin_user
    Redfish.Delete  /redfish/v1/AccountService/Accounts/operator_user


Verify Operator User Privilege
    [Documentation]  Verify operator user privilege.
    [Tags]  Verify_Operator_User_Privilege

    Redfish Create User  admin_user  TestPwd123  Administrator  ${True}
    Redfish Create User  operator_user  TestPwd123  Operator  ${True}

    Redfish.Logout
    # Login with operator user.
    Redfish.Login  operator_user  TestPwd123

    # Verify BMC reset.
    Run Keyword And Expect Error  ValueError*  Redfish BMC Reset Operation

    # Attempt to change password of admin user with operator user.
    Redfish.Patch  /redfish/v1/AccountService/Accounts/admin_user  body={'Password': 'NewTestPwd123'}
    ...  valid_status_codes=[${HTTP_FORBIDDEN}]

    Redfish.Logout

    Redfish.Login

    Redfish.Delete  /redfish/v1/AccountService/Accounts/admin_user
    Redfish.Delete  /redfish/v1/AccountService/Accounts/operator_user


Verify ReadOnly User Privilege
    [Documentation]  Verify ReadOnly user privilege.
    [Tags]  Verify_ReadOnly_User_Privilege

    Redfish Create User  readonly_user  TestPwd123  ReadOnly  ${True}
    Redfish.Logout

    # Login with read_only user.
    Redfish.Login  readonly_user  TestPwd123

    # Read system level data.
    ${system_model}=  Redfish_Utils.Get Attribute
    ...  ${SYSTEM_BASE_URI}  Model

    Redfish.Logout
    Redfish.Login
    Redfish.Delete  ${REDFISH_ACCOUNTS_URI}readonly_user


Verify Minimum Password Length For Redfish User
    [Documentation]  Verify minimum password length for new and existing user.
    [Tags]  Verify_Minimum_Password_Length_For_Redfish_User

    ${user_name}=  Set Variable  testUser

    # Make sure the user account in question does not already exist.
    Redfish.Delete  /redfish/v1/AccountService/Accounts/${user_name}
    ...  valid_status_codes=[${HTTP_OK}, ${HTTP_NOT_FOUND}]

    # Try to create a user with invalid length password.
    ${payload}=  Create Dictionary
    ...  UserName=${user_name}  Password=UserPwd  RoleId=Administrator  Enabled=${True}
    Redfish.Post  /redfish/v1/AccountService/Accounts/  body=&{payload}
    ...  valid_status_codes=[${HTTP_BAD_REQUEST}]

    # Create specified user with valid length password.
    Set To Dictionary  ${payload}  Password  UserPwd1
    Redfish.Post  /redfish/v1/AccountService/Accounts/  body=&{payload}
    ...  valid_status_codes=[${HTTP_CREATED}]

    # Try to change to an invalid password.
    Redfish.Patch  /redfish/v1/AccountService/Accounts/${user_name}  body={'Password': 'UserPwd'}
    ...  valid_status_codes=[${HTTP_BAD_REQUEST}]

    # Change to a valid password.
    Redfish.Patch  /redfish/v1/AccountService/Accounts/${user_name}  body={'Password': 'UserPwd1'}

    # Verify login.
    Redfish.Logout
    Redfish.Login  ${user_name}  UserPwd1
    Redfish.Logout
    Redfish.Login
    Redfish.Delete  /redfish/v1/AccountService/Accounts/${user_name}


Verify Standard User Roles Defined By Redfish
    [Documentation]  Verify standard user roles defined by Redfish.
    [Tags]  Verify_Standard_User_Roles_Defined_By_Redfish

    ${member_list}=  Redfish_Utils.Get Member List
    ...  /redfish/v1/AccountService/Roles

    @{roles}=  Create List
    ...  /redfish/v1/AccountService/Roles/Administrator
    ...  /redfish/v1/AccountService/Roles/Operator
    ...  /redfish/v1/AccountService/Roles/ReadOnly

    List Should Contain Sub List  ${member_list}  ${roles}

    # The standard roles are:

    # | Role name | Assigned privileges |
    # | Administrator | Login, ConfigureManager, ConfigureUsers, ConfigureComponents, ConfigureSelf |
    # | Operator | Login, ConfigureComponents, ConfigureSelf |
    # | ReadOnly | Login, ConfigureSelf |

    @{admin}=  Create List  Login  ConfigureManager  ConfigureUsers  ConfigureComponents  ConfigureSelf
    @{operator}=  Create List  Login  ConfigureComponents  ConfigureSelf
    @{readOnly}=  Create List  Login  ConfigureSelf

    ${roles_dict}=  create dictionary  admin_privileges=${admin}  operator_privileges=${operator}
    ...  readOnly_privileges=${readOnly}

    ${resp}=  redfish.Get  /redfish/v1/AccountService/Roles/Administrator
    List Should Contain Sub List  ${resp.dict['AssignedPrivileges']}  ${roles_dict['admin_privileges']}

    ${resp}=  redfish.Get  /redfish/v1/AccountService/Roles/Operator
    List Should Contain Sub List  ${resp.dict['AssignedPrivileges']}  ${roles_dict['operator_privileges']}

    ${resp}=  redfish.Get  /redfish/v1/AccountService/Roles/ReadOnly
    List Should Contain Sub List  ${resp.dict['AssignedPrivileges']}  ${roles_dict['readOnly_privileges']}


Verify Error While Deleting Root User
    [Documentation]  Verify error while deleting root user.
    [Tags]  Verify_Error_While_Deleting_Root_User

    Redfish.Delete  /redfish/v1/AccountService/Accounts/root  valid_status_codes=[${HTTP_FORBIDDEN}]


Verify SSH Login Access With Admin User
    [Documentation]  Verify that admin user does not have SSH login access.
    [Tags]  Verify_SSH_Login_Access_With_Admin_User

    # Create an admin User.
    Redfish Create User  new_admin  TestPwd1  Administrator  ${True}

    # Attempt SSH login with admin user.
    SSHLibrary.Open Connection  ${OPENBMC_HOST}
    ${status}=  Run Keyword And Return Status  SSHLibrary.Login  new_admin  TestPwd1
    Should Be Equal  ${status}  ${False}

    Redfish.Login
    Redfish.Delete  /redfish/v1/AccountService/Accounts/new_admin


Verify Configure BasicAuth Enable And Disable
    [Documentation]  Verify configure basicauth enable and disable
    [Tags]  Verify_Configure_BasicAuth_Enable_And_Disable
    [Template]  Template For Configure Auth Methods

    # auth_method
    BasicAuth
    XToken

*** Keywords ***

Test Teardown Execution
    [Documentation]  Do the post test teardown.

    Run Keyword And Ignore Error  Redfish.Logout
    FFDC On Test Case Fail


Redfish Create User
    [Documentation]  Redfish create user.
    [Arguments]   ${username}  ${password}  ${role_id}  ${enabled}  ${login_check}=${True}

    # Description of argument(s):
    # username            The username to be created.
    # password            The password to be assigned.
    # role_id             The role ID of the user to be created
    #                     (e.g. "Administrator", "Operator", etc.).
    # enabled             Indicates whether the username being created
    #                     should be enabled (${True}, ${False}).
    # login_check         Checks user login for created user.
    #                     (e.g. ${True}, ${False}).

    # Make sure the user account in question does not already exist.
    Redfish.Delete  /redfish/v1/AccountService/Accounts/${userName}
    ...  valid_status_codes=[${HTTP_OK}, ${HTTP_NOT_FOUND}]

    # Create specified user.
    ${payload}=  Create Dictionary
    ...  UserName=${username}  Password=${password}  RoleId=${role_id}  Enabled=${enabled}
    Redfish.Post  /redfish/v1/AccountService/Accounts/  body=&{payload}
    ...  valid_status_codes=[${HTTP_CREATED}]

    # Resetting faillock count as a workaround for issue
    # openbmc/phosphor-user-manager#4
    ${cmd}=  Catenate  test -f /usr/sbin/faillock && /usr/sbin/faillock --user USER --reset
    ...  || /usr/sbin/pam_tally2 -u ${username} --reset
    Bmc Execute Command  ${cmd}

    # Verify login with created user.
    ${status}=  Run Keyword If  '${login_check}' == '${True}'
    ...  Verify Redfish User Login  ${username}  ${password}
    Run Keyword If  '${login_check}' == '${True}'  Should Be Equal  ${status}  ${enabled}

    # Validate Role ID of created user.
    ${role_config}=  Redfish_Utils.Get Attribute
    ...  /redfish/v1/AccountService/Accounts/${username}  RoleId
    Should Be Equal  ${role_id}  ${role_config}


Redfish Verify User
    [Documentation]  Redfish user verification.
    [Arguments]   ${username}  ${password}  ${role_id}  ${enabled}

    # Description of argument(s):
    # username            The username to be created.
    # password            The password to be assigned.
    # role_id             The role ID of the user to be created
    #                     (e.g. "Administrator", "Operator", etc.).
    # enabled             Indicates whether the username being created
    #                     should be enabled (${True}, ${False}).

    ${status}=  Verify Redfish User Login  ${username}  ${password}
    # Doing a check of the returned status.
    Should Be Equal  ${status}  ${enabled}

    # Validate Role Id of user.
    ${role_config}=  Redfish_Utils.Get Attribute
    ...  /redfish/v1/AccountService/Accounts/${username}  RoleId
    Should Be Equal  ${role_id}  ${role_config}


Verify Redfish User Login
    [Documentation]  Verify Redfish login with given user id.
    [Teardown]  Run Keywords  Run Keyword And Ignore Error  Redfish.Logout  AND  Redfish.Login
    [Arguments]   ${username}  ${password}

    # Description of argument(s):
    # username            Login username.
    # password            Login password.

    # Logout from current Redfish session.
    # We don't really care if the current session is flushed out since we are going to login
    # with new credential in next.
    Run Keyword And Ignore Error  Redfish.Logout

    ${status}=  Run Keyword And Return Status  Redfish.Login  ${username}  ${password}
    [Return]  ${status}


Redfish Create And Verify User
    [Documentation]  Redfish create and verify user.
    [Arguments]   ${username}  ${password}  ${role_id}  ${enabled}

    # Description of argument(s):
    # username            The username to be created.
    # password            The password to be assigned.
    # role_id             The role ID of the user to be created
    #                     (e.g. "Administrator", "Operator", etc.).
    # enabled             Indicates whether the username being created
    #                     should be enabled (${True}, ${False}).

    # Example:
    #{
    #"@odata.context": "/redfish/v1/$metadata#ManagerAccount.ManagerAccount",
    #"@odata.id": "/redfish/v1/AccountService/Accounts/test1",
    #"@odata.type": "#ManagerAccount.v1_0_3.ManagerAccount",
    #"Description": "User Account",
    #"Enabled": true,
    #"Id": "test1",
    #"Links": {
    #  "Role": {
    #    "@odata.id": "/redfish/v1/AccountService/Roles/Administrator"
    #  }
    #},

    Redfish Create User  ${username}  ${password}  ${role_id}  ${enabled}

    Redfish Verify User  ${username}  ${password}  ${role_id}  ${enabled}

    # Delete Specified User
    Redfish.Delete  /redfish/v1/AccountService/Accounts/${username}

Verify Redfish User with Wrong Password
    [Documentation]  Verify Redfish User with Wrong Password.
    [Arguments]   ${username}  ${password}  ${role_id}  ${enabled}  ${wrong_password}

    # Description of argument(s):
    # username            The username to be created.
    # password            The password to be assigned.
    # role_id             The role ID of the user to be created
    #                     (e.g. "Administrator", "Operator", etc.).
    # enabled             Indicates whether the username being created
    #                     should be enabled (${True}, ${False}).
    # wrong_password      Any invalid password.

    Redfish Create User  ${username}  ${password}  ${role_id}  ${enabled}

    Redfish.Logout

    # Attempt to login with created user with invalid password.
    Run Keyword And Expect Error  InvalidCredentialsError*
    ...  Redfish.Login  ${username}  ${wrong_password}

    Redfish.Login

    # Delete newly created user.
    Redfish.Delete  /redfish/v1/AccountService/Accounts/${username}


Verify Login with Deleted Redfish User
    [Documentation]  Verify Login with Deleted Redfish User.
    [Arguments]   ${username}  ${password}  ${role_id}  ${enabled}

    # Description of argument(s):
    # username            The username to be created.
    # password            The password to be assigned.
    # role_id             The role ID of the user to be created
    #                     (e.g. "Administrator", "Operator", etc.).
    # enabled             Indicates whether the username being created
    #                     should be enabled (${True}, ${False}).

    Redfish Create User  ${username}  ${password}  ${role_id}  ${enabled}

    # Delete newly created user.
    Redfish.Delete  /redfish/v1/AccountService/Accounts/${userName}

    Redfish.Logout

    # Attempt to login with deleted user account.
    Run Keyword And Expect Error  InvalidCredentialsError*
    ...  Redfish.Login  ${username}  ${password}

    Redfish.Login


Verify Create User Without Enabling
    [Documentation]  Verify Create User Without Enabling.
    [Arguments]   ${username}  ${password}  ${role_id}  ${enabled}

    # Description of argument(s):
    # username            The username to be created.
    # password            The password to be assigned.
    # role_id             The role ID of the user to be created
    #                     (e.g. "Administrator", "Operator", etc.).
    # enabled             Indicates whether the username being created
    #                     should be enabled (${True}, ${False}).

    Redfish Create User  ${username}  ${password}  ${role_id}  ${enabled}  ${False}

    Redfish.Logout

    # Login with created user.
    Run Keyword And Expect Error  InvalidCredentialsError*
    ...  Redfish.Login  ${username}  ${password}

    Redfish.Login

    # Delete newly created user.
    Redfish.Delete  /redfish/v1/AccountService/Accounts/${username}

Template For Configure Auth Methods
    [Documentation]  Template to configure auth methods.
    [Arguments]  ${auth_method}
    [Teardown]  Configure AuthMethods  ${auth_method}=${initial_value}

    # Description of Argument(s):
    # authmethods   The authmethod setting which needs to be
    #               set in account service URI.
    # valid values  BasicAuth, XToken.

    Get AuthMethods Default Values  ${auth_method}

    # Patch basicauth to TRUE
    Configure AuthMethods  ${auth_method}=${TRUE}

    Run Keyword IF  "${auth_method}" == "XToken"
    ...    Check XToken Works Fine  ${HTTP_OK}
    ...  ELSE
    ...    Check BasicAuth Works Fine  ${HTTP_OK}

    # Patch basicauth to FALSE
    Configure AuthMethods  ${auth_method}=${FALSE}

    Run Keyword IF  "${auth_method}" == "BasicAuth"
    ...    Check BasicAuth Works Fine  ${HTTP_UNAUTHORIZED}
    ...  ELSE
    ...    Check XToken Works Fine  ${HTTP_UNAUTHORIZED}

Configure AuthMethods
    [Documentation]  Enable/disable authmethod types.
    [Arguments]  &{authmethods}

    # Description of argument(s):
    # authmethods            The authmethod setting which needs to be
    #                        set in account service URI.
    # Usage Example          Configure AuthMethods  XToken=${TRUE}  BasicAuth=${TRUE}
    #                        This will set the value of "XToken" and "BasicAuth"
    #                        property in accountservice uri to TRUE.

    ${openbmc}=  Create Dictionary  AuthMethods=${authmethods}
    ${oem}=  Create Dictionary  OpenBMC=${openbmc}
    ${payload}=  Create Dictionary  Oem=${oem}

    # Setting authmethod properties using Redfish session based auth
    ${status}=  Run Keyword And Return Status
    ...  Redfish.Patch  ${REDFISH_BASE_URI}AccountService
    ...  body=${payload}  valid_status_codes=[${HTTP_OK},${HTTP_NO_CONTENT}]

    # Setting authmethod properties using basic auth incase the former fails
    IF  ${status}==${FALSE}
        # Payload dictionary pre-process to match json formatting
        ${payload}=  Convert To String  ${payload}
        ${payload}=  Replace String  ${payload}  '  "
        ${payload}=  Replace String  ${payload}  False  false
        ${payload}=  Replace String  ${payload}  True  true

        # Curl Command Framing for PATCH authmethod
        ${cmd}=  Catenate  curl -k -i -u ${OPENBMC_USERNAME}:${OPENBMC_PASSWORD}
        ...  -X PATCH '${AUTH_URI}${REDFISH_ACCOUNTS_SERVICE_URI}'
        ...  -H 'content-type:application/json' -H 'If-Match:*'
        ...  -d '${payload}'
        ${rc}  ${out}=  Run And Return Rc And Output  ${cmd}

        #  Check the response of curl command is 200 or 204
        ${check_no_content}=
        ...  Run Keyword and Return Status  Should Contain  ${out}  204
        ${check_ok}=
        ...  Run Keyword and Return Status  Should Contain  ${out}  200
        Pass Execution If  ${check_no_content}==${TRUE}
        ...  OR  ${check_ok}==${TRUE}
    END


Get AuthMethods Default Values
    [Documentation]  Get enabled/disabled status of all authmethods
    ...  from Redfish account service URI
    [Arguments]  ${authmethod}

    # Description of argument(s):
    # authmethod            The authmethod property whose value needs to be
    #                       retrieved from account service URI.
    # Usage Example         Get AuthMethods Default Values  BasicAuth
    #                       returns >> ${TRUE}
    # Example:
    # {
    #     "@odata.id": "/redfish/v1/AccountService",
    #     (...)
    #     "Oem": {
    #         "OpenBMC": {
    #             "AuthMethods": {
    #                 "BasicAuth": true,
    #                 "Cookie": true,
    #                 "SessionToken": true,
    #                 "TLS": true,
    #                 "XToken": true
    #             }
    #         }
    #     }
    # }

    ${resp}=  Redfish.Get Attribute  ${REDFISH_ACCOUNTS_SERVICE_URI}  Oem
    ${authmethods}=  Set Variable  ${resp['OpenBMC']['AuthMethods']}
    ${initial_value}=  Get From Dictionary  ${authmethods}  ${authmethod}
    Set Test Variable  ${initial_value}

Check XToken Works Fine
    [Documentation]  Verify Xtoken works fine.
    [Arguments]  ${status_code}

    # Description of Argument(s):
    # status_code : 200, 401.

    # Verify xtoken auth works for xtoken
    Redfish.Get  ${REDFISH_ACCOUNTS_SERVICE_URI}
    ...  valid_status_codes=[${status_code}]

Check BasicAuth Works Fine
    [Documentation]  Verify Basic Auth works fine.
    [Arguments]  ${status_code}

    # Description of Argument(s):
    # status_code : 200, 401.

    # Verify basic auth works based on basic auth.
    ${cmd}=  Catenate  curl -k -i -u ${OPENBMC_USERNAME}:${OPENBMC_PASSWORD}
    ...  ${AUTH_URI}/redfish/v1/AccountService
    ${rc}  ${out}=  Run And Return Rc And Output  ${cmd}

    #  Check the response of curl command is 200/401
    Should Contain  ${out}  ${status_code}