1*** Settings ***
2Documentation       Test suite for OpenBMC IPMI user management.
3
4Resource            ../lib/ipmi_client.robot
5Resource            ../lib/openbmc_ffdc.robot
6Library             ../lib/ipmi_utils.py
7Test Setup          Printn
8
9Test Teardown       Test Teardown Execution
10
11*** Variables ***
12
13${invalid_username}     user%
14${invalid_password}     abc123
15${root_userid}          1
16${operator_level_priv}  0x3
17${user_priv}            2
18${operator_priv}        3
19${admin_level_priv}     4
20${no_access_priv}       15
21${valid_password}       0penBmc1
22${max_password_length}  20
23${ipmi_setaccess_cmd}   channel setaccess
24&{password_values}      16=0penBmc10penBmc2  17=0penBmc10penBmc2B
25              ...       20=0penBmc10penBmc2Bmc3  21=0penBmc10penBmc2Bmc34
26              ...       7=0penBmc  8=0penBmc0
27
28
29*** Test Cases ***
30
31Verify IPMI User Summary
32    [Documentation]  Verify IPMI maximum supported IPMI user ID and
33    ...  enabled user form user summary
34    [Tags]  Verify_IPMI_User_Summary
35    [Teardown]  Run Keywords  FFDC On Test Case Fail  AND
36    ...  Delete Created User  ${random_userid}
37    # Delete all non-root IPMI (i.e. except userid 1)
38    Delete All Non Root IPMI User
39
40    ${random_userid}  ${random_username}=  Create Random IPMI User
41    Set Test Variable  ${random_userid}
42    Run IPMI Standard Command  user enable ${random_userid}
43
44    # Verify maximum user count IPMI local user can have. Also verify
45    # currently enabled users.
46    ${resp}=  Wait Until Keyword Succeeds  15 sec  5 sec  Run IPMI Standard Command  user summary
47    ${enabled_user_count}=
48    ...  Get Lines Containing String  ${resp}  Enabled User Count
49    ${maximum_ids}=  Get Lines Containing String  ${resp}  Maximum IDs
50    Should Contain  ${enabled_user_count}  2
51    Should Contain  ${maximum_ids}  15
52
53
54Verify IPMI User Creation With Valid Name And ID
55    [Documentation]  Create user via IPMI and verify.
56    [Tags]  Test_IPMI_User_Creation_With_Valid_Name_And_ID
57    [Teardown]  Run Keywords  FFDC On Test Case Fail  AND
58    ...  Delete Created User  ${random_userid}
59
60    ${random_userid}  ${random_username}=  Create Random IPMI User
61    Set Test Variable  ${random_userid}
62
63
64Verify IPMI User Creation With Invalid Name
65    [Documentation]  Verify error while creating IPMI user with invalid
66    ...  name(e.g. user name with special characters).
67    [Tags]  Verify_IPMI_User_Creation_With_Invalid_Name
68
69    ${random_userid}=  Evaluate  random.randint(2, 15)  modules=random
70    ${msg}=  Run Keyword And Expect Error  *  Run IPMI Standard Command
71    ...  user set name ${random_userid} ${invalid_username}
72    Should Contain  ${msg}  Invalid data
73
74
75Verify IPMI User Creation With Invalid ID
76    [Documentation]  Verify error while creating IPMI user with invalid
77    ...  ID(i.e. any number greater than 15 or 0).
78    [Tags]  Verify_IPMI_User_Creation_With_Invalid_ID
79
80    @{id_list}=  Create List
81    ${random_invalid_id}=  Evaluate  random.randint(16, 1000)  modules=random
82    Append To List  ${id_list}  ${random_invalid_id}
83    Append To List  ${id_list}  0
84
85    FOR  ${id}  IN  @{id_list}
86      ${msg}=  Run Keyword And Expect Error  *  Run IPMI Standard Command
87      ...  user set name ${id} newuser
88      Should Contain Any  ${msg}  User ID is limited to range  Parameter out of range
89    END
90
91Verify Setting IPMI User With Invalid Password
92    [Documentation]  Verify error while setting IPMI user with invalid
93    ...  password.
94    [Tags]  Verify_Setting_IPMI_User_With_Invalid_Password
95    [Teardown]  Run Keywords  FFDC On Test Case Fail  AND
96    ...  Delete Created User  ${random_userid}
97
98    ${random_userid}  ${random_username}=  Create Random IPMI User
99    Set Test Variable  ${random_userid}
100
101    # Set invalid password for newly created user.
102    ${msg}=  Run Keyword And Expect Error  *  Run IPMI Standard Command
103    ...  user set password ${random_userid} ${invalid_password}
104
105    Should Contain  ${msg}  Set User Password command failed
106
107Verify Setting IPMI Root User With New Name
108    [Documentation]  Verify error while setting IPMI root user with new
109    ...  name.
110    [Tags]  Verify_Setting_IPMI_Root_User_With_New_Name
111
112    # Set invalid password for newly created user.
113    ${msg}=  Run Keyword And Expect Error  *  Run IPMI Standard Command
114    ...  user set name ${root_userid} abcd
115
116    Should Contain  ${msg}  Set User Name command failed
117
118
119Verify IPMI User Password Via Test Command
120    [Documentation]  Verify IPMI user password using test command.
121    [Tags]  Verify_IPMI_User_Password_Via_Test_Command
122    [Teardown]  Run Keywords  FFDC On Test Case Fail  AND
123    ...  Delete Created User  ${random_userid}
124
125    ${random_userid}  ${random_username}=  Create Random IPMI User
126    Set Test Variable  ${random_userid}
127
128    # Set valid password for newly created user.
129    Run IPMI Standard Command
130    ...  user set password ${random_userid} ${valid_password}
131
132    # Verify newly set password using test command.
133    ${msg}=  Run IPMI Standard Command
134    ...  user test ${random_userid} ${max_password_length} ${valid_password}
135
136    Should Contain  ${msg}  Success
137
138
139Verify Setting Valid Password For IPMI User
140    [Documentation]  Set valid password for IPMI user and verify.
141    [Tags]  Verify_Setting_Valid_Password_For_IPMI_User
142    [Teardown]  Run Keywords  FFDC On Test Case Fail  AND
143    ...  Delete Created User  ${random_userid}
144
145    ${random_userid}  ${random_username}=  Create Random IPMI User
146    Set Test Variable  ${random_userid}
147
148    # Set valid password for newly created user.
149    Run IPMI Standard Command
150    ...  user set password ${random_userid} ${valid_password}
151
152    Run IPMI Standard Command  user enable ${random_userid}
153
154    # Delay added for IPMI user to get enable
155    Sleep  5s
156
157    # Set admin privilege and enable IPMI messaging for newly created user
158    Set Channel Access  ${random_userid}  ipmi=on privilege=${admin_level_priv}
159
160    Verify IPMI Username And Password  ${random_username}  ${valid_password}
161
162
163Verify IPMI User Creation With Same Name
164    [Documentation]  Verify error while creating two IPMI user with same name.
165    [Tags]  Verify_IPMI_User_Creation_With_Same_Name
166    [Teardown]  Run Keywords  FFDC On Test Case Fail  AND
167    ...  Delete Created User  2
168
169    ${random_username}=  Generate Random String  8  [LETTERS]
170    IPMI Create User  2  ${random_username}
171
172    # Set same username for another IPMI user.
173    ${msg}=  Run Keyword And Expect Error  *  Run IPMI Standard Command
174    ...  user set name 3 ${random_username}
175    Should Contain  ${msg}  Invalid data field in request
176
177
178Verify Setting IPMI User With Null Password
179    [Documentation]  Verify error while setting IPMI user with null
180    ...  password.
181    [Tags]  Verify_Setting_IPMI_User_With_Null_Password
182    [Teardown]  Run Keywords  FFDC On Test Case Fail  AND
183    ...  Delete Created User  ${random_userid}
184
185    ${random_userid}  ${random_username}=  Create Random IPMI User
186    Set Test Variable  ${random_userid}
187
188    # Set null password for newly created user.
189    ${msg}=  Run Keyword And Expect Error  *  Run IPMI Standard Command
190    ...  user set password ${random_userid} ""
191
192    Should Contain  ${msg}  Invalid data field in request
193
194
195Verify IPMI User Deletion
196    [Documentation]  Delete user via IPMI and verify.
197    [Tags]  Verify_IPMI_User_Deletion
198    [Teardown]  Run Keywords  FFDC On Test Case Fail  AND
199    ...  Delete Created User  ${random_userid}
200
201    ${random_userid}  ${random_username}=  Create Random IPMI User
202    Set Test Variable  ${random_userid}
203    # Delete IPMI User and verify
204    Run IPMI Standard Command  user set name ${random_userid} ""
205    ${user_info}=  Get User Info  ${random_userid}
206    Should Be Equal  ${user_info['user_name']}  ${EMPTY}
207
208
209Test IPMI User Privilege Level
210    [Documentation]  Verify IPMI user with user privilege can only run user level commands.
211    [Tags]  Test_IPMI_User_Privilege_Level
212    [Template]  Test IPMI User Privilege
213    [Teardown]  Run Keywords  FFDC On Test Case Fail  AND
214    ...  Delete Created User  ${random_userid}
215
216    #Privilege level     User Cmd Status  Operator Cmd Status  Admin Cmd Status
217    ${user_priv}         Passed           Failed               Failed
218
219
220Test IPMI Operator Privilege Level
221    [Documentation]  Verify IPMI user with operator privilege can only run user and operator levels commands.
222    ...  level is set to operator.
223    [Tags]  Test_IPMI_Operator_Privilege_Level
224    [Template]  Test IPMI User Privilege
225    [Teardown]  Run Keywords  FFDC On Test Case Fail  AND
226    ...  Delete Created User  ${random_userid}
227
228    #Privilege level     User Cmd Status  Operator Cmd Status  Admin Cmd Status
229    ${operator_priv}     Passed           Passed               Failed
230
231
232Test IPMI Administrator Privilege Level
233    [Documentation]  Verify IPMI user with admin privilege can run all levels command.
234    [Tags]  Test_IPMI_Administrator_Privilege_Level
235    [Template]  Test IPMI User Privilege
236    [Teardown]  Run Keywords  FFDC On Test Case Fail  AND
237    ...  Delete Created User  ${random_userid}
238
239    #Privilege level     User Cmd Status  Operator Cmd Status  Admin Cmd Status
240    ${admin_level_priv}  Passed           Passed               Passed
241
242
243Test IPMI No Access Privilege Level
244    [Documentation]  Verify IPMI user with no access privilege can not run only any level command.
245    [Tags]  Test_IPMI_No_Access_Privilege_Level
246    [Template]  Test IPMI User Privilege
247    [Teardown]  Run Keywords  FFDC On Test Case Fail  AND
248    ...  Delete Created User  ${random_userid}
249
250    #Privilege level     User Cmd Status  Operator Cmd Status  Admin Cmd Status
251    ${no_access_priv}    Failed           Failed               Failed
252
253
254Enable IPMI User And Verify
255    [Documentation]  Enable IPMI user and verify that the user is able
256    ...  to run IPMI command.
257    [Tags]  Enable_IPMI_User_And_Verify
258    [Teardown]  Run Keywords  FFDC On Test Case Fail  AND
259    ...  Delete Created User  ${random_userid}
260
261    ${random_userid}  ${random_username}=  Create Random IPMI User
262    Set Test Variable  ${random_userid}
263    Run IPMI Standard Command
264    ...  user set password ${random_userid} ${valid_password}
265
266    # Set admin privilege and enable IPMI messaging for newly created user.
267    Set Channel Access  ${random_userid}  ipmi=on privilege=${admin_level_priv}
268
269    # Delay added for user privilege to get set.
270    Sleep  5s
271
272    Enable IPMI User And Verify  ${random_userid}
273
274    # Verify that enabled IPMI  user is able to run IPMI command.
275    Verify IPMI Username And Password  ${random_username}  ${valid_password}
276
277
278Disable IPMI User And Verify
279    [Documentation]  Disable IPMI user and verify that that the user
280    ...  is unable to run IPMI command.
281    [Tags]  Disable_IPMI_User_And_Verify
282    [Teardown]  Run Keywords  FFDC On Test Case Fail  AND
283    ...  Delete Created User  ${random_userid}
284
285    ${random_userid}  ${random_username}=  Create Random IPMI User
286    Set Test Variable  ${random_userid}
287    Run IPMI Standard Command
288    ...  user set password ${random_userid} ${valid_password}
289
290    # Set admin privilege and enable IPMI messaging for newly created user.
291    Set Channel Access  ${random_userid}  ipmi=on privilege=${admin_level_priv}
292
293    # Disable IPMI user and verify.
294    Run IPMI Standard Command  user disable ${random_userid}
295    ${user_info}=  Get User Info  ${random_userid}
296    Should Be Equal  ${user_info['enable_status']}  disabled
297
298    # Verify that disabled IPMI  user is unable to run IPMI command.
299    ${msg}=  Run Keyword And Expect Error  *  Verify IPMI Username And Password
300    ...  ${random_username}  ${valid_password}
301    Should Contain  ${msg}  Unable to establish IPMI
302
303
304Verify IPMI Root User Password Change
305    [Documentation]  Change IPMI root user password and verify that
306    ...  root user is able to run IPMI command.
307    [Tags]  Verify_IPMI_Root_User_Password_Change
308    [Teardown]  Run Keywords  FFDC On Test Case Fail  AND
309    ...  Wait Until Keyword Succeeds  15 sec  5 sec
310    ...  Set Default Password For IPMI Root User
311
312    # User input password should be minimum 8 characters long.
313    Valid Length  OPENBMC_PASSWORD  min_length=8
314    # Set new password for root user.
315    Run IPMI Standard Command
316    ...  user set password ${root_userid} ${valid_password}
317
318    # Verify that root user is able to run IPMI command using new password.
319    Wait Until Keyword Succeeds  15 sec  5 sec  Verify IPMI Username And Password
320    ...  root  ${valid_password}
321
322
323Verify Administrator And No Access Privilege For Different Channels
324    [Documentation]  Set administrator and no access privilege for different channels and verify.
325    [Tags]  Verify_Administrator_And_No_Access_Privilege_For_Different_Channels
326    [Teardown]  Run Keywords  FFDC On Test Case Fail  AND
327    ...  Delete Created User  ${random_userid}
328
329    ${random_userid}  ${random_username}=  Create Random IPMI User
330    Set Test Variable  ${random_userid}
331    Run IPMI Standard Command
332    ...  user set password ${random_userid} ${valid_password}
333
334    # Set admin privilege for newly created user with channel 1.
335    Set Channel Access  ${random_userid}  ipmi=on privilege=${admin_level_priv}  1
336
337    # Set no access privilege for newly created user with channel 2.
338    Set Channel Access  ${random_userid}  ipmi=on privilege=${no_access_priv}  2
339
340    Enable IPMI User And Verify  ${random_userid}
341
342    # Verify that user is able to run administrator level IPMI command with channel 1.
343    Verify IPMI Command  ${random_username}  ${valid_password}  Administrator  1
344
345    # Verify that user is unable to run IPMI command with channel 2.
346    Run IPMI Standard Command  sel info 2  expected_rc=${1}  U=${random_username}  P=${valid_password}
347
348
349Verify Operator And User Privilege For Different Channels
350    [Documentation]  Set operator and user privilege for different channels and verify.
351    [Tags]  Verify_Operator_And_User_Privilege_For_Different_Channels
352    [Teardown]  Run Keywords  FFDC On Test Case Fail  AND
353    ...  Delete Created User  ${random_userid}
354
355    ${random_userid}  ${random_username}=  Create Random IPMI User
356    Set Test Variable  ${random_userid}
357    Run IPMI Standard Command
358    ...  user set password ${random_userid} ${valid_password}
359
360    # Set operator privilege for newly created user with channel 1.
361    Set Channel Access  ${random_userid}  ipmi=on privilege=${operator_priv}  1
362
363    # Set user privilege for newly created user with channel 2.
364    Set Channel Access  ${random_userid}  ipmi=on privilege=${user_priv}  2
365
366    Enable IPMI User And Verify  ${random_userid}
367
368    # Verify that user is able to run operator level IPMI command with channel 1.
369    Verify IPMI Command  ${random_username}  ${valid_password}  Operator  1
370
371    # Verify that user is able to run user level IPMI command with channel 2.
372    Verify IPMI Command  ${random_username}  ${valid_password}  User  2
373
374
375Verify Setting IPMI User With Max Password Length
376    [Documentation]  Verify IPMI user creation with password length of 20 characters.
377    [Tags]  Verify_Setting_IPMI_User_With_Max_Password_Length
378    [Template]  Set User Password And Verify
379
380    # password_length  password_option  expected_status
381    20                 20               ${True}
382
383
384Verify Setting IPMI User With Invalid Password Length
385    [Documentation]  Verify that IPMI user cannot be set with 21 character password using 16 char
386    ...  or 20 char password option.
387    [Tags]  Verify_Setting_IPMI_User_With_Invalid_Password_Length
388    [Template]  Set User Password And Verify
389
390    # password_length  password_option  expected_status
391    21                 16               ${False}
392    21                 20               ${False}
393
394
395Verify Setting IPMI User With 16 Character Password
396    [Documentation]  Verify that IPMI user can create a 16 character password using 16 char or 20
397    ...  char password option.
398    [Tags]  Verify_Setting_IPMI_User_With_16_Character_Password
399    [Template]  Set User Password And Verify
400
401    # password_length  password_option  expected_status
402    16                 16               ${True}
403    16                 20               ${True}
404
405
406Verify Default Selection Of 16 Character Password For IPMI User
407    [Documentation]  Verify that ipmitool by default opts for the 16 character option when given a
408    ...  password whose length is in between 17 and 20.
409    [Tags]  Verify_Default_Selection_Of_16_Character_Password_For_IPMI_User
410    [Template]  Set User Password And Verify
411
412    # password_length  password_option  expected_status
413    17                 16               ${True}
414    20                 16               ${True}
415
416
417Verify Minimum Password Length For IPMI User
418    [Documentation]  Verify minimum password length of 8 characters.
419    [Tags]  Verify_Minimum_Password_Length_For_IPMI_User
420    [Template]  Set User Password And Verify
421
422    # password_length  password_option  expected_status
423    7                  16               ${False}
424    8                  16               ${True}
425    7                  20               ${False}
426    8                  20               ${True}
427
428
429*** Keywords ***
430
431Create Random IPMI User
432    [Documentation]  Create IPMI user with random username and userid and return those fields.
433
434    ${random_username}=  Generate Random String  8  [LETTERS]
435    ${random_userid}=  Evaluate  random.randint(2, 15)  modules=random
436    IPMI Create User  ${random_userid}  ${random_username}
437    [Return]  ${random_userid}  ${random_username}
438
439
440Enable IPMI User And Verify
441    [Documentation]  Enable the userid and verify that it has been enabled.
442    [Arguments]  ${userid}
443
444    # Description of argument(s):
445    # userid   A numeric userid (e.g. "4").
446
447    Run IPMI Standard Command  user enable ${userid}
448    ${user_info}=  Get User Info  ${userid}
449    Valid Value  user_info['enable_status']  ['enabled']
450
451
452Set Default Password For IPMI Root User
453    [Documentation]  Set default password for IPMI root user (i.e. 0penBmc).
454    # Set default password for root user.
455    ${result}=  Run External IPMI Standard Command
456    ...  user set password ${root_userid} ${OPENBMC_PASSWORD}
457    ...  P=${valid_password}
458    Should Contain  ${result}  Set User Password command successful
459
460    # Verify that root user is able to run IPMI command using default password.
461    Verify IPMI Username And Password  root  ${OPENBMC_PASSWORD}
462
463
464Test IPMI User Privilege
465    [Documentation]  Test IPMI user privilege by executing IPMI command with different privileges.
466    [Arguments]  ${privilege_level}  ${user_cmd_status}  ${operator_cmd_status}  ${admin_cmd_status}
467
468    # Description of argument(s):
469    # privilege_level     Privilege level of IPMI user (e.g. 4, 3).
470    # user_cmd_status     Expected status of IPMI command run with the "User"
471    #                     privilege (i.e. "Passed" or "Failed").
472    # operator_cmd_status Expected status of IPMI command run with the "Operator"
473    #                     privilege (i.e. "Passed" or "Failed").
474    # admin_cmd_status    Expected status of IPMI command run with the "Administrator"
475    #                     privilege (i.e. "Passed" or "Failed").
476
477    # Create IPMI user and set valid password.
478    ${random_username}=  Generate Random String  8  [LETTERS]
479    ${random_userid}=  Evaluate  random.randint(2, 15)  modules=random
480    IPMI Create User  ${random_userid}  ${random_username}
481    Set Test Variable  ${random_userid}
482    Run IPMI Standard Command
483    ...  user set password ${random_userid} ${valid_password}
484
485    # Set privilege and enable IPMI messaging for newly created user.
486    Set Channel Access  ${random_userid}  ipmi=on privilege=${privilege_level}
487
488    # Delay added for user privilege to get set.
489    Sleep  5s
490
491    Enable IPMI User And Verify  ${random_userid}
492
493    Verify IPMI Command  ${random_username}  ${valid_password}  User
494    ...  expected_status=${user_cmd_status}
495    Verify IPMI Command  ${random_username}  ${valid_password}  Operator
496    ...  expected_status=${operator_cmd_status}
497    Verify IPMI Command  ${random_username}  ${valid_password}  Administrator
498    ...  expected_status=${admin_cmd_status}
499
500
501Verify IPMI Command
502    [Documentation]  Verify IPMI command execution with given username,
503    ...  password, privilege and expected status.
504    [Arguments]  ${username}  ${password}  ${privilege}  ${channel}=${1}  ${expected_status}=Passed
505    # Description of argument(s):
506    # username         The user name (e.g. "root", "robert", etc.).
507    # password         The user password (e.g. "0penBmc", "0penBmc1", etc.).
508    # privilege        The session privilege for IPMI command (e.g. "User", "Operator", etc.).
509    # channel          The user channel number (e.g. "1" or "2").
510    # expected_status  Expected status of IPMI command run with the user
511    #                  of above password and privilege (i.e. "Passed" or "Failed").
512
513    ${expected_rc}=  Set Variable If  '${expected_status}' == 'Passed'  ${0}  ${1}
514    Wait Until Keyword Succeeds  15 sec  5 sec  Run IPMI Standard Command
515    ...  sel info ${channel}  expected_rc=${expected_rc}  U=${username}  P=${password}
516    ...  L=${privilege}
517
518
519Set User Password And Verify
520    [Documentation]  Create a user and set its password with given length and option.
521    [Arguments]  ${password_length}  ${password_option}  ${expected_result}
522    [Teardown]  Run Keyword  Delete Created User  ${random_userid}
523    # Description of argument(s):
524    # password_length  Length of password to be generated and used (e.g. "16").
525    # password_option  Password length option to be given in IPMI command (e.g. "16", "20").
526    # expected_result  Expected result for setting the user's password (e.g. "True", "False").
527
528    Rprint Vars  password_length  password_option  expected_result
529    ${random_userid}  ${random_username}=  Create Random IPMI User
530    Set Test Variable  ${random_userid}
531    ${password}=  Get From Dictionary  ${password_values}  ${password_length}
532    Rprint Vars  random_userid  password
533
534    # Set password for newly created user.
535    ${status}=  Run Keyword And Return Status  Run IPMI Standard Command
536    ...  user set password ${random_userid} ${password} ${password_option}
537    Rprint Vars  status
538    Valid Value  status  [${expected_result}]
539    Return From Keyword If  '${expected_result}' == '${False}'
540
541    # Set admin privilege and enable IPMI messaging for newly created user.
542    Set Channel Access  ${random_userid}  ipmi=on privilege=${admin_level_priv}
543
544    # Delay added for user privilege to get set.
545    Sleep  5s
546
547    Enable IPMI User And Verify  ${random_userid}
548
549    # For password_option 16, passwords with length between 17 and 20 will be truncated.
550    # For all other cases, passwords will be retained as it is to verify.
551    ${truncated_password}=  Set Variable  ${password[:${password_option}]}
552    Rprint Vars  truncated_password
553    ${status}=  Run Keyword And Return Status  Verify IPMI Username And Password  ${random_username}
554    ...  ${truncated_password}
555    Rprint Vars  status
556    Valid Value  status  [${expected_result}]
557
558
559Test Teardown Execution
560    [Documentation]  Do the test teardown execution.
561
562    FFDC On Test Case Fail
563
564
565Delete Created User
566    [Documentation]  Delete created IPMI user.
567    [Arguments]  ${userid}
568    # Description of argument(s):
569    # userid  The user ID (e.g. "1", "2", etc.).
570
571    Run IPMI Standard Command  user set name ${userid} ""
572    Sleep  5s