Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / openbmc-test-automation / badb4c689d3e2b5163dfd29c901592003ca27efb / . / redfish / account_service / test_redfish_privilege_registry.robot
blob: 8401cca35234870c9d15f3bdd7cda58b72996b22 [file] [log] [blame]
leet3d946ef2022-05-05 18:57:41 +0000[diff] [blame]1*** Settings ***
2Documentation Script to test Redfish privilege registry with various users
3... such as test, admin, operator, readonly, patched.
4
5Resource ../../lib/resource.robot
6Resource ../../lib/bmc_redfish_resource.robot
7Resource ../../lib/openbmc_ffdc.robot
8Resource ../../lib/bmc_redfish_utils.robot
9
10Suite Setup Create And Verify Various Privilege Users
11Suite Teardown Delete Created Redfish Users Except Default Admin
12Test Teardown Redfish.Logout
13
Sridevi Rameshcf0c8b02025-09-17 06:22:35 -0500[diff] [blame]14Test Tags Redfish_Privilege_Registry
15
leet3d946ef2022-05-05 18:57:41 +0000[diff] [blame]16*** Variables ***
17
18${test_user} testuser
19${test_password} testpassword
20${admin_user} testadmin
21${admin_password} adminpassword
22${operator_user} testoperator
23${operator_password} operatorpassword
24${readonly_user} testreadonly
25${readonly_password} readonlypassword
26${patched_user} patchuser
27${post_user} postuser
28${post_password} postpassword
29${account_service} ${2}
30
Sridevi Rameshcf0c8b02025-09-17 06:22:35 -0500[diff] [blame]31*** Test Cases ***
leet3d946ef2022-05-05 18:57:41 +0000[diff] [blame]32
33Verify Redfish Privilege Registry Properties
34 [Documentation] Verify the Redfish Privilege Registry properties.
35 [Tags] Verify_Redfish_Privilege_Registry_Properties
36
37 Redfish.Login
38
39 # Get the complete Privilege Registry URL
40 ${url}= Get Redfish Privilege Registry json URL
41 ${resp}= Redfish.Get ${url}
42 Should Be Equal As Strings ${resp.status} ${HTTP_OK}
43
44 # Verify the Privilege Registry Resource.
45 # Example:
46 # "Id": "Redfish_1.1.0_PrivilegeRegistry",
47 # "Name": "Privilege Mapping array collection",
48 # "PrivilegesUsed": [
49 # "Login",
50 # "ConfigureManager",
51 # "ConfigureUsers",
52 # "ConfigureComponents",
53 # "ConfigureSelf"
54 # ],
55
56 Should Be Equal As Strings ${resp.dict["Id"]} Redfish_1.1.0_PrivilegeRegistry
57 Should Be Equal As Strings ${resp.dict["Name"]} Privilege Mapping array collection
58 Should Be Equal As Strings ${resp.dict["PrivilegesUsed"][0]} Login
59 Should Be Equal As Strings ${resp.dict["PrivilegesUsed"][1]} ConfigureManager
60 Should Be Equal As Strings ${resp.dict["PrivilegesUsed"][2]} ConfigureUsers
61 Should Be Equal As Strings ${resp.dict["PrivilegesUsed"][3]} ConfigureComponents
62 Should Be Equal As Strings ${resp.dict["PrivilegesUsed"][4]} ConfigureSelf
63
64Verify Redfish Privilege Registry Mappings Properties For Account Service
65 [Documentation] Verify Privilege Registry Account Service Mappings resource properties.
66 [Tags] Verify_Redfish_Privilege_Registry_Mappings_Properties_For_Account_Service
67
68 # Below is the mapping for Redfish Privilege Registry property for
69 # Account Service.
70
71 # "Mappings": [
72 # {
73 # "Entity": "AccountService",
74 # "OperationMap": {
75 # "GET": [{
76 # "Privilege": [
77 # "Login"
78 # ]}],
79 # "HEAD": [{
80 # "Privilege": [
81 # "Login"
82 # ]}],
83 # "PATCH": [{
84 # "Privilege": [
85 # "ConfigureUsers"
86 # ]}],
87 # "PUT": [{
88 # "Privilege": [
89 # "ConfigureUsers"
90 # ]}],
91 # "DELETE": [{
92 # "Privilege": [
93 # "ConfigureUsers"
94 # ]}],
95 # "POST": [{
96 # "Privilege": [
97 # "ConfigureUsers"
98 # ]}]}
99 # }
100
101 # | ROLE NAME | ASSIGNED PRIVILEGES
102 # |---------------|--------------------
103 # | Administrator | Login, ConfigureManager, ConfigureUsers, ConfigureComponents, ConfigureSelf.
104 # | Operator | Login, ConfigureComponents, ConfigureSelf.
105 # | ReadOnly | Login, ConfigureSelf.
106
107 # Get the complete Privilege Registry URL.
108 ${url}= Get Redfish Privilege Registry json URL
109 ${resp}= Redfish.Get ${url}
110
111 # Get mappings properties for Entity: Account Service.
112 @{mappings}= Get From Dictionary ${resp.dict} Mappings
113
114 Should Be Equal ${mappings[${account_service}]['OperationMap']['GET'][0]['Privilege'][0]}
115 ... Login
116 Should Be Equal ${mappings[${account_service}]['OperationMap']['HEAD'][0]['Privilege'][0]}
117 ... Login
118 Should Be Equal ${mappings[${account_service}]['OperationMap']['PATCH'][0]['Privilege'][0]}
119 ... ConfigureUsers
120 Should Be Equal ${mappings[${account_service}]['OperationMap']['PUT'][0]['Privilege'][0]}
121 ... ConfigureUsers
122 Should Be Equal ${mappings[${account_service}]['OperationMap']['DELETE'][0]['Privilege'][0]}
123 ... ConfigureUsers
124 Should Be Equal ${mappings[${account_service}]['OperationMap']['POST'][0]['Privilege'][0]}
125 ... ConfigureUsers
126
127Verify Admin User Privileges Via Redfish
128 [Documentation] Verify Admin user privileges via Redfish.
129 [Tags] Verify_Admin_User_Privileges_Via_Redfish
130
131 Redfish.Login ${admin_user} ${admin_password}
132
133 ${payload}= Create Dictionary
134 ... UserName=${post_user} Password=${post_password} RoleId=Operator Enabled=${true}
135 Redfish.Post ${REDFISH_ACCOUNTS_URI} body=&{payload}
136 ... valid_status_codes=[${HTTP_CREATED}]
137
138 ${data}= Create Dictionary UserName=${patched_user}
139 Redfish.patch ${REDFISH_ACCOUNTS_URI}${test_user} body=&{data}
140 ... valid_status_codes=[${HTTP_OK}, ${HTTP_NO_CONTENT}]
141
142 ${patched_user_name}= Redfish.Get Attribute ${REDFISH_ACCOUNTS_URI}${patched_user} UserName
143 Should Be Equal ${patched_user_name} ${patched_user}
144
145Verify Operator User Privileges Via Redfish
146 [Documentation] Verify Operator user privileges via Redfish.
147 [Tags] Verify_Operator_User_Privileges_Via_Redfish
148
149 Redfish.Login ${operator_user} ${operator_password}
150
151 ${payload}= Create Dictionary
152 ... UserName=${post_user} Password=${post_password} RoleId=Operator Enabled=${true}
153 Redfish.Post ${REDFISH_ACCOUNTS_URI} body=&{payload}
154 ... valid_status_codes=[${HTTP_FORBIDDEN}]
155
156 ${data}= Create Dictionary UserName=${patched_user}
157 Redfish.patch ${REDFISH_ACCOUNTS_URI}${test_user} body=&{data}
158 ... valid_status_codes=[${HTTP_FORBIDDEN}]
159
160 Redfish.Get ${REDFISH_ACCOUNTS_URI}${patched_user}
161 ... valid_status_codes=[${HTTP_FORBIDDEN}]
162
163 Redfish.Delete ${REDFISH_ACCOUNTS_URI}${patched_user}
164 ... valid_status_codes=[${HTTP_FORBIDDEN}]
165
166Verify ReadOnly User Privileges Via Redfish
167 [Documentation] Verify ReadOnly user privileges via Redfish.
168 [Tags] Verify_ReadOnly_User_Privileges_Via_Redfish
169
170 Redfish.Login ${readonly_user} ${readonly_password}
171
172 ${payload}= Create Dictionary
173 ... UserName=${post_user} Password=${post_password} RoleId=Operator Enabled=${true}
174 Redfish.Post ${REDFISH_ACCOUNTS_URI} body=&{payload}
175 ... valid_status_codes=[${HTTP_FORBIDDEN}]
176
177 ${data}= Create Dictionary UserName=${patched_user}
178 Redfish.patch ${REDFISH_ACCOUNTS_URI}${test_user} body=&{data}
179 ... valid_status_codes=[${HTTP_FORBIDDEN}]
180
181 Redfish.Get ${REDFISH_ACCOUNTS_URI}${patched_user}
182 ... valid_status_codes=[${HTTP_FORBIDDEN}]
183
184 Redfish.Delete ${REDFISH_ACCOUNTS_URI}${patched_user}
185 ... valid_status_codes=[${HTTP_FORBIDDEN}]
186
187
188*** Keywords ***
189
190Get Redfish Privilege Registry Json URL
191 [Documentation] Return the complete Privilege Registry Json URL.
192
193 # Get Privilege Registry version Json path in redfish.
194 # Example: Redfish_1.1.0_PrivilegeRegistry.json
195
196 ${resp}= Redfish.Get
197 ... /redfish/v1/Registries/PrivilegeRegistry/
198 @{location}= Get From Dictionary ${resp.dict} Location
199 ${uri}= Set Variable ${location[0]['Uri']}
George Keishing409df052024-01-17 22:36:14 +0530[diff] [blame]200 RETURN ${uri}
leet3d946ef2022-05-05 18:57:41 +0000[diff] [blame]201
202Create And Verify Various Privilege Users
203 [Documentation] Create and verify admin, test, operator, and readonly users.
204
205 Redfish Create User ${test_user} ${test_password} Operator ${true}
206 Redfish Create User ${admin_user} ${admin_password} Administrator ${true}
207 Redfish Create User ${operator_user} ${operator_password} Operator ${true}
208 Redfish Create User ${readonly_user} ${readonly_password} ReadOnly ${true}
209
210 Redfish Verify User ${test_user} ${test_password} Operator
211 Redfish Verify User ${admin_user} ${admin_password} Administrator
212 Redfish Verify User ${operator_user} ${operator_password} Operator
213 Redfish Verify User ${readonly_user} ${readonly_password} ReadOnly
214
215Redfish Verify User
216 [Documentation] Verify Redfish user with given credentials.
217 [Arguments] ${username} ${password} ${role_id}
218
219 # Description of argument(s):
220 # username The username to be created.
221 # password The password to be assigned.
222 # role_id The role ID of the user to be created
223 # (e.g. "Administrator", "Operator", etc.).
224
225 Run Keyword And Ignore Error Redfish.Logout
226 Redfish.Login ${username} ${password}
227
228 # Validate Role Id of user.
229 ${role_config}= Redfish_Utils.Get Attribute
230 ... /redfish/v1/AccountService/Accounts/${username} RoleId
231 Should Be Equal ${role_id} ${role_config}
232 Redfish.Logout
233
234Delete Created Redfish Users Except Default Admin
235 [Documentation] Delete the admin, patched, operator, readonly, and post users.
236
237 Redfish.Login
238 Run Keyword And Ignore Error Redfish.Delete ${REDFISH_ACCOUNTS_URI}${admin_user}
239 ... valid_status_codes=[${HTTP_OK}]
240 Run Keyword And Ignore Error Redfish.Delete ${REDFISH_ACCOUNTS_URI}${patched_user}
241 ... valid_status_codes=[${HTTP_OK}]
242 Run Keyword And Ignore Error Redfish.Delete ${REDFISH_ACCOUNTS_URI}${operator_user}
243 ... valid_status_codes=[${HTTP_OK}]
244 Run Keyword And Ignore Error Redfish.Delete ${REDFISH_ACCOUNTS_URI}${readonly_user}
245 ... valid_status_codes=[${HTTP_OK}]
246 Run Keyword And Ignore Error Redfish.Delete ${REDFISH_ACCOUNTS_URI}${post_user}
247 ... valid_status_codes=[${HTTP_OK}]
248 Redfish.Logout