Blame - openpower/ext_interfaces/test_vmicert_management.robot - openbmc/openbmc-test-automation

blob: 921d5797b8720114a161c9a0eb717ff1abd82b1e [file] [log] [blame]

manashsarma	b7af817	2020-07-16 05:05:44 -0500	[diff] [blame]	1	* Settings *
				2
				3	Documentation VMI certificate exchange tests.
				4
				5	Resource ../../lib/resource.robot
				6	Resource ../../lib/bmc_redfish_resource.robot
				7	Resource ../../lib/openbmc_ffdc.robot
				8	Resource ../../lib/bmc_redfish_utils.robot
				9	Resource ../../lib/utils.robot
				10
				11	Suite Setup Suite Setup Execution
				12	Test Teardown FFDC On Test Case Fail
				13	Suite Teardown Suite Teardown Execution
				14
				15
				16	* Variables *
				17
				18	# users User Name password
				19	@{ADMIN} admin_user TestPwd123
				20	@{OPERATOR} operator_user TestPwd123
Prashanth Katti	7ee2825	2020-09-17 01:55:17 -0500	[diff] [blame^]	21	@{ReadOnly} readonly_user TestPwd123
				22	@{NoAccess} noaccess_user TestPwd123
				23	&{USERS} Administrator=${ADMIN} Operator=${OPERATOR} ReadOnly=${ReadOnly}
				24	... NoAccess=${NoAccess}
manashsarma	b7af817	2020-07-16 05:05:44 -0500	[diff] [blame]	25	${VMI_BASE_URI} /ibm/v1/
				26	${CSR_FILE} csr_server.csr
				27	${CSR_KEY} csr_server.key
				28
				29	* Test Cases *
				30
				31	Get CSR Request Signed By VMI And Verify
				32	[Documentation] Get CSR request signed by VMI using different user roles and verify.
				33	[Tags] Get_CSR_Request_Signed_By_VMI_And_Verify
Prashanth Katti	7ee2825	2020-09-17 01:55:17 -0500	[diff] [blame^]	34	[Setup] Redfish Power On
manashsarma	b7af817	2020-07-16 05:05:44 -0500	[diff] [blame]	35	[Template] Get Certificate Signed By VMI
				36
				37	# username password force_create valid_csr valid_status_code
				38	${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK}
Prashanth Katti	7ee2825	2020-09-17 01:55:17 -0500	[diff] [blame^]	39
				40	# Send CSR request from operator user.
manashsarma	b7af817	2020-07-16 05:05:44 -0500	[diff] [blame]	41	operator_user TestPwd123 ${False} ${True} ${HTTP_FORBIDDEN}
				42
Prashanth Katti	7ee2825	2020-09-17 01:55:17 -0500	[diff] [blame^]	43	# Send CSR request from ReadOnly user.
				44	readonly_user TestPwd123 ${False} ${True} ${HTTP_FORBIDDEN}
				45
				46	# Send CSR request from NoAccess user.
				47	noaccess_user TestPwd123 ${False} ${True} ${HTTP_FORBIDDEN}
				48
manashsarma	b7af817	2020-07-16 05:05:44 -0500	[diff] [blame]	49
				50	Get Root Certificate Using Different Privilege Users Roles
				51	[Documentation] Get root certificate using different users.
				52	[Tags] Get_Root_Certificate_Using_Different_Users
Prashanth Katti	7ee2825	2020-09-17 01:55:17 -0500	[diff] [blame^]	53	[Setup] Redfish Power On
manashsarma	b7af817	2020-07-16 05:05:44 -0500	[diff] [blame]	54	[Template] Get Root Certificate
				55
				56	# username password force_create valid_csr valid_status_code
Prashanth Katti	7ee2825	2020-09-17 01:55:17 -0500	[diff] [blame^]	57	# Request root certificate from admin user.
manashsarma	b7af817	2020-07-16 05:05:44 -0500	[diff] [blame]	58	admin_user TestPwd123 ${True} ${True} ${HTTP_OK}
Prashanth Katti	7ee2825	2020-09-17 01:55:17 -0500	[diff] [blame^]	59
				60	# Request root certificate from operator user.
manashsarma	b7af817	2020-07-16 05:05:44 -0500	[diff] [blame]	61	operator_user TestPwd123 ${False} ${True} ${HTTP_FORBIDDEN}
				62
Prashanth Katti	7ee2825	2020-09-17 01:55:17 -0500	[diff] [blame^]	63	# Request root certificate from ReadOnly user.
				64	readonly_user TestPwd123 ${False} ${True} ${HTTP_FORBIDDEN}
				65
				66	# Request root certificate from NoAccess user.
				67	noaccess_user TestPwd123 ${False} ${True} ${HTTP_FORBIDDEN}
				68
				69
				70	Send CSR Request When VMI Is Off And Verify
				71	[Documentation] Send CSR signing request to VMI when it is off and expect an error.
				72	[Tags] Get_CSR_Request_When_VMI_Is_Off_And_verify
				73	[Setup] Redfish Power Off
				74	[Template] Get Certificate Signed By VMI
				75
				76	# username password force_create valid_csr valid_status_code
				77	${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_INTERNAL_SERVER_ERROR}
				78
				79	# Send CSR request from operator user.
				80	operator_user TestPwd123 ${False} ${True} ${HTTP_INTERNAL_SERVER_ERROR}
				81
				82	# Send CSR request from ReadOnly user.
				83	readonly_user TestPwd123 ${False} ${True} ${HTTP_INTERNAL_SERVER_ERROR}
				84
				85	# Send CSR request from NoAccess user.
				86	noaccess_user TestPwd123 ${False} ${True} ${HTTP_INTERNAL_SERVER_ERROR}
				87
manashsarma	b7af817	2020-07-16 05:05:44 -0500	[diff] [blame]	88
				89	* Keywords *
				90
				91	Generate CSR String
				92	[Documentation] Generate a csr string.
				93
				94	# Note: Generates and returns csr string.
				95	${ssl_cmd}= Set Variable openssl req -new -newkey rsa:2048 -nodes -keyout ${CSR_KEY} -out ${CSR_FILE}
				96	${ssl_sub}= Set Variable
				97	... -subj "/C=XY/ST=Abcd/L=Efgh/O=ABC/OU=Systems/CN=abc.com/emailAddress=xyz@xx.ABC.com"
				98
				99	# Run openssl command to create a new private key and use that to generate a CSR string
				100	# in server.csr file.
				101	${output}= Run ${ssl_cmd} ${ssl_sub}
Prashanth Katti	7ee2825	2020-09-17 01:55:17 -0500	[diff] [blame^]	102	${csr}= OperatingSystem.Get File ${CSR_FILE}
manashsarma	b7af817	2020-07-16 05:05:44 -0500	[diff] [blame]	103
				104	[Return] ${csr}
				105
				106
				107	Send CSR To VMI And Get Signed
				108	[Arguments] ${csr} ${force_create} ${username} ${password}
				109
				110	# Description of argument(s):
				111	# csr Certificate request from client to VMI.
				112	# force_create Create a new REST session if True.
				113	# username Username to create a REST session.
				114	# password Password to create a REST session.
				115
				116	Run Keyword If "${XAUTH_TOKEN}" != "${EMPTY}" or ${force_create} == ${True}
				117	... Initialize OpenBMC rest_username=${username} rest_password=${password}
				118
				119	${data}= Create Dictionary
				120	${headers}= Create Dictionary X-Auth-Token=${XAUTH_TOKEN}
				121	... Content-Type=application/json
				122
				123	${cert_uri}= Set Variable ${VMI_BASE_URI}Host/Actions/SignCSR
				124
				125	# For SignCSR request, we need to pass CSR string generated by openssl command.
				126	${csr_data}= Create Dictionary CsrString ${csr}
				127	Set To Dictionary ${data} data ${csr_data}
				128
				129	${resp}= Post Request openbmc ${cert_uri} &{data} headers=${headers}
				130
				131	[Return] ${resp}
				132
				133
				134	Get Root Certificate
				135	[Documentation] Get root certificate from VMI.
				136	[Arguments] ${username}=${OPENBMC_USERNAME} ${password}=${OPENBMC_PASSWORD}
				137	... ${force_create}=${False} ${valid_csr}=${True} ${valid_status_code}=${HTTP_OK}
				138
				139	# Description of argument(s):
				140	# cert_type Type of the certificate requesting. eg. root or SignCSR.
				141	# username Username to create a REST session.
				142	# password Password to create a REST session.
				143	# force_create Create a new REST session if True.
				144	# valid_csr Uses valid CSR string in the REST request if True.
				145	# This is not applicable for root certificate.
				146	# valid_status_code Expected status code from REST request.
				147
				148	Run Keyword If "${XAUTH_TOKEN}" != "${EMPTY}" or ${force_create} == ${True}
				149	... Initialize OpenBMC rest_username=${username} rest_password=${password}
				150
				151	${data}= Create Dictionary
				152	${headers}= Create Dictionary X-Auth-Token=${XAUTH_TOKEN}
				153	... Content-Type=application/json
				154
				155	${cert_uri}= Set Variable ${VMI_BASE_URI}Host/Certificate/root
				156
				157	${resp}= Get Request openbmc ${cert_uri} &{data} headers=${headers}
				158
				159	Should Be Equal As Strings ${resp.status_code} ${valid_status_code}
				160	Return From Keyword If ${resp.status_code} != ${HTTP_OK}
				161
				162	${cert}= Evaluate json.loads('''${resp.text}''', strict=False) json
				163	Should Contain ${cert["Certificate"]} BEGIN CERTIFICATE
				164	Should Contain ${cert["Certificate"]} END CERTIFICATE
				165
				166
				167	Get Subject
				168	[Documentation] Generate a csr string.
				169	[Arguments] ${file_name} ${is_csr_file}
				170
				171	# Description of argument(s):
				172	# file_name Name of CSR or signed CERT file.
				173	# is_csr_file A True value means a CSR while a False is for signed CERT file.
				174
				175	${subject}= Run Keyword If ${is_csr_file} Run openssl req -in ${file_name} -text -noout \| grep Subject:
				176	... ELSE Run openssl x509 -in ${file_name} -text -noout \| grep Subject:
				177
				178	[Return] ${subject}
				179
				180
				181	Get Public Key
				182	[Documentation] Generate a csr string.
				183	[Arguments] ${file_name} ${is_csr_file}
				184
				185	# Description of argument(s):
				186	# file_name Name of CSR or CERT file.
				187	# is_csr_file A True value means a CSR while a False is for signed CERT file.
				188
				189	${PublicKey}= Run Keyword If ${is_csr_file} Run openssl req -in ${file_name} -noout -pubkey
				190	... ELSE Run openssl x509 -in ${file_name} -noout -pubkey
				191
				192	[Return] ${PublicKey}
				193
				194
				195	Get Certificate Signed By VMI
				196	[Documentation] Get signed certificate from VMI.
				197	[Arguments] ${username}=${OPENBMC_USERNAME} ${password}=${OPENBMC_PASSWORD}
				198	... ${force_create}=${False} ${valid_csr}=${True} ${valid_status_code}=${HTTP_OK}
				199
				200	# Description of argument(s):
				201	# cert_type Type of the certificate requesting. eg. root or SignCSR.
				202	# username Username to create a REST session.
				203	# password Password to create a REST session.
				204	# force_create Create a new REST session if True.
				205	# valid_csr Uses valid CSR string in the REST request if True.
				206	# This is not applicable for root certificate.
				207	# valid_status_code Expected status code from REST request.
				208
				209	Set Test Variable ${CSR} CSR
				210	Set Test Variable ${CORRUPTED_CSR} CORRUPTED_CSR
				211
				212	${CSR}= Generate CSR String
				213
				214	# For SignCSR request, we need to pass CSR string generated by openssl command
				215	${csr_str}= Set Variable If ${valid_csr} == ${True} ${CSR} ${CORRUPTED_CSR}
				216
				217	${resp}= Send CSR To VMI And Get Signed ${csr_str} ${force_create} ${username} ${password}
				218
				219	Should Be Equal As Strings ${resp.status_code} ${valid_status_code}
				220	Return From Keyword If ${resp.status_code} != ${HTTP_OK}
				221
				222	${cert}= Evaluate json.loads('''${resp.text}''', strict=False) json
				223	Should Contain ${cert["Certificate"]} BEGIN CERTIFICATE
				224	Should Contain ${cert["Certificate"]} END CERTIFICATE
				225
				226	# Now do subject and public key verification
				227	${subject_csr}= Get Subject ${CSR_FILE} True
				228	${pubKey_csr}= Get Public Key ${CSR_FILE} True
				229
				230	# create a crt file with certificate string
				231	${signed_cert}= Set Variable ${cert["Certificate"]}
				232
				233	Create File test_certificate.crt ${signed_cert}
				234	${subject_signed_csr}= Get Subject test_certificate.crt False
				235	${pubKey_signed_csr}= Get Public Key test_certificate.crt False
				236
				237	Should be equal as strings ${subject_signed_csr} ${subject_csr}
				238	Should be equal as strings ${pubKey_signed_csr} ${pubKey_csr}
				239
				240
				241	Suite Setup Execution
				242	[Documentation] Suite setup execution.
				243
				244	# Create different user accounts.
				245	Redfish.Login
				246	Create Users With Different Roles users=${USERS} force=${True}
				247
				248
				249	Suite Teardown Execution
				250	[Documentation] Suite teardown execution.
				251
				252	Delete BMC Users Via Redfish users=${USERS}
				253	Delete All Sessions
				254	Redfish.Logout