1*** Settings ***
2Documentation       Test suite for OpenBMC IPMI user management.
3
4Resource            ../lib/ipmi_client.robot
5Resource            ../lib/openbmc_ffdc.robot
6Library             ../lib/ipmi_utils.py
7
8Test Teardown       Test Teardown Execution
9
10
11*** Variables ***
12
13${invalid_username}     user%
14${invalid_password}     abc123
15${root_userid}          1
16${operator_level_priv}  0x3
17${user_priv}            2
18${operator_priv}        3
19${admin_level_priv}     4
20${no_access_priv}       15
21${valid_password}       0penBmc1
22${max_password_length}  20
23${ipmi_setaccess_cmd}   channel setaccess
24
25
26*** Test Cases ***
27
28Verify IPMI User Summary
29    [Documentation]  Verify IPMI maximum supported IPMI user ID and
30    ...  enabled user form user summary
31    [Tags]  Verify_IPMI_User_Summary
32
33    # Delete all non-root IPMI (i.e. except userid 1)
34    Delete All Non Root IPMI User
35
36    # Create a valid user and enable it.
37    ${random_username}=  Generate Random String  8  [LETTERS]
38    ${random_userid}=  Evaluate  random.randint(2, 15)  modules=random
39    IPMI Create User  ${random_userid}  ${random_username}
40    Run IPMI Standard Command  user enable ${random_userid}
41
42    # Verify maximum user count IPMI local user can have. Also verify
43    # currently enabled users.
44    ${resp}=  Wait Until Keyword Succeeds  15 sec  5 sec  Run IPMI Standard Command  user summary
45    ${enabled_user_count}=
46    ...  Get Lines Containing String  ${resp}  Enabled User Count
47    ${maximum_ids}=  Get Lines Containing String  ${resp}  Maximum IDs
48    Should Contain  ${enabled_user_count}  2
49    Should Contain  ${maximum_ids}  15
50
51
52Verify IPMI User Creation With Valid Name And ID
53    [Documentation]  Create user via IPMI and verify.
54    [Tags]  Test_IPMI_User_Creation_With_Valid_Name_And_ID
55
56    ${random_username}=  Generate Random String  8  [LETTERS]
57    ${random_userid}=  Evaluate  random.randint(2, 15)  modules=random
58    IPMI Create User  ${random_userid}  ${random_username}
59
60
61Verify IPMI User Creation With Invalid Name
62    [Documentation]  Verify error while creating IPMI user with invalid
63    ...  name(e.g. user name with special characters).
64    [Tags]  Verify_IPMI_User_Creation_With_Invalid_Name
65
66    ${random_userid}=  Evaluate  random.randint(2, 15)  modules=random
67    ${msg}=  Run Keyword And Expect Error  *  Run IPMI Standard Command
68    ...  user set name ${random_userid} ${invalid_username}
69    Should Contain  ${msg}  Invalid data
70
71
72Verify IPMI User Creation With Invalid ID
73    [Documentation]  Verify error while creating IPMI user with invalid
74    ...  ID(i.e. any number greater than 15 or 0).
75    [Tags]  Verify_IPMI_User_Creation_With_Invalid_ID
76
77    @{id_list}=  Create List
78    ${random_invalid_id}=  Evaluate  random.randint(16, 1000)  modules=random
79    Append To List  ${id_list}  ${random_invalid_id}
80    Append To List  ${id_list}  0
81
82    FOR  ${id}  IN  @{id_list}
83      ${msg}=  Run Keyword And Expect Error  *  Run IPMI Standard Command
84      ...  user set name ${id} newuser
85      Should Contain  ${msg}  User ID is limited to range
86    END
87
88Verify Setting IPMI User With Invalid Password
89    [Documentation]  Verify error while setting IPMI user with invalid
90    ...  password.
91    [Tags]  Verify_Setting_IPMI_User_With_Invalid_Password
92
93    # Create IPMI user.
94    ${random_username}=  Generate Random String  8  [LETTERS]
95    ${random_userid}=  Evaluate  random.randint(2, 15)  modules=random
96    IPMI Create User  ${random_userid}  ${random_username}
97
98    # Set invalid password for newly created user.
99    ${msg}=  Run Keyword And Expect Error  *  Run IPMI Standard Command
100    ...  user set password ${random_userid} ${invalid_password}
101
102    Should Contain  ${msg}  Set User Password command failed
103
104Verify Setting IPMI Root User With New Name
105    [Documentation]  Verify error while setting IPMI root user with new
106    ...  name.
107    [Tags]  Verify_Setting_IPMI_Root_User_With_New_Name
108
109    # Set invalid password for newly created user.
110    ${msg}=  Run Keyword And Expect Error  *  Run IPMI Standard Command
111    ...  user set name ${root_userid} abcd
112
113    Should Contain  ${msg}  Set User Name command failed
114
115
116Verify IPMI User Password Via Test Command
117    [Documentation]  Verify IPMI user password using test command.
118    [Tags]  Verify_IPMI_User_Password_Via_Test_Command
119
120    # Create IPMI user.
121    ${random_username}=  Generate Random String  8  [LETTERS]
122    ${random_userid}=  Evaluate  random.randint(2, 15)  modules=random
123    IPMI Create User  ${random_userid}  ${random_username}
124
125    # Set valid password for newly created user.
126    Run IPMI Standard Command
127    ...  user set password ${random_userid} ${valid_password}
128
129    # Verify newly set password using test command.
130    ${msg}=  Run IPMI Standard Command
131    ...  user test ${random_userid} ${max_password_length} ${valid_password}
132
133    Should Contain  ${msg}  Success
134
135
136Verify Setting Valid Password For IPMI User
137    [Documentation]  Set valid password for IPMI user and verify.
138    [Tags]  Verify_Setting_Valid_Password_For_IPMI_User
139
140    # Create IPMI user.
141    ${random_username}=  Generate Random String  8  [LETTERS]
142    ${random_userid}=  Evaluate  random.randint(2, 15)  modules=random
143    IPMI Create User  ${random_userid}  ${random_username}
144
145    # Set valid password for newly created user.
146    Run IPMI Standard Command
147    ...  user set password ${random_userid} ${valid_password}
148
149    # Enable IPMI user
150    Run IPMI Standard Command  user enable ${random_userid}
151
152    # Delay added for IPMI user to get enable
153    Sleep  5s
154
155    # Set admin privilege and enable IPMI messaging for newly created user
156    Set Channel Access  ${random_userid}  ipmi=on privilege=${admin_level_priv}
157
158    Verify IPMI Username And Password  ${random_username}  ${valid_password}
159
160
161Verify IPMI User Creation With Same Name
162    [Documentation]  Verify error while creating two IPMI user with same name.
163    [Tags]  Verify_IPMI_User_Creation_With_Same_Name
164
165    ${random_username}=  Generate Random String  8  [LETTERS]
166    IPMI Create User  2  ${random_username}
167
168    # Set same username for another IPMI user.
169    ${msg}=  Run Keyword And Expect Error  *  Run IPMI Standard Command
170    ...  user set name 3 ${random_username}
171    Should Contain  ${msg}  Invalid data field in request
172
173
174Verify Setting IPMI User With Null Password
175    [Documentation]  Verify error while setting IPMI user with null
176    ...  password.
177    [Tags]  Verify_Setting_IPMI_User_With_Null_Password
178
179    # Create IPMI user.
180    ${random_username}=  Generate Random String  8  [LETTERS]
181    ${random_userid}=  Evaluate  random.randint(2, 15)  modules=random
182    IPMI Create User  ${random_userid}  ${random_username}
183
184    # Set null password for newly created user.
185    ${msg}=  Run Keyword And Expect Error  *  Run IPMI Standard Command
186    ...  user set password ${random_userid} ""
187
188    Should Contain  ${msg}  Invalid data field in request
189
190
191Verify IPMI User Deletion
192    [Documentation]  Delete user via IPMI and verify.
193    [Tags]  Verify_IPMI_User_Deletion
194
195    ${random_username}=  Generate Random String  8  [LETTERS]
196    ${random_userid}=  Evaluate  random.randint(2, 15)  modules=random
197    IPMI Create User  ${random_userid}  ${random_username}
198
199    # Delete IPMI User and verify
200    Run IPMI Standard Command  user set name ${random_userid} ""
201    ${user_info}=  Get User Info  ${random_userid}
202    Should Be Equal  ${user_info['user_name']}  ${EMPTY}
203
204
205Test IPMI User Privilege Level
206    [Documentation]  Verify IPMI user with user privilege can only run user level commands.
207    [Tags]  Test_IPMI_User_Privilege_Level
208    [Template]  Test IPMI User Privilege
209
210    #Privilege level     User Cmd Status  Operator Cmd Status  Admin Cmd Status
211    ${user_priv}         Passed           Failed               Failed
212
213
214Test IPMI Operator Privilege Level
215    [Documentation]  Verify IPMI user with operator privilege can only run user and operator levels commands.
216    ...  level is set to operator.
217    [Tags]  Test_IPMI_Operator_Privilege_Level
218    [Template]  Test IPMI User Privilege
219
220    #Privilege level     User Cmd Status  Operator Cmd Status  Admin Cmd Status
221    ${operator_priv}     Passed           Passed               Failed
222
223
224Test IPMI Administrator Privilege Level
225    [Documentation]  Verify IPMI user with admin privilege can run all levels command.
226    [Tags]  Test_IPMI_Administrator_Privilege_Level
227    [Template]  Test IPMI User Privilege
228
229    #Privilege level     User Cmd Status  Operator Cmd Status  Admin Cmd Status
230    ${admin_level_priv}  Passed           Passed               Passed
231
232
233Test IPMI No Access Privilege Level
234    [Documentation]  Verify IPMI user with no access privilege can not run only any level command.
235    [Tags]  Test_IPMI_No_Access_Privilege_Level
236    [Template]  Test IPMI User Privilege
237
238    #Privilege level     User Cmd Status  Operator Cmd Status  Admin Cmd Status
239    ${no_access_priv}    Failed           Failed               Failed
240
241
242Enable IPMI User And Verify
243    [Documentation]  Enable IPMI user and verify that the user is able
244    ...  to run IPMI command.
245    [Tags]  Enable_IPMI_User_And_Verify
246
247    # Create IPMI user and set valid password.
248    ${random_username}=  Generate Random String  8  [LETTERS]
249    ${random_userid}=  Evaluate  random.randint(2, 15)  modules=random
250    IPMI Create User  ${random_userid}  ${random_username}
251    Run IPMI Standard Command
252    ...  user set password ${random_userid} ${valid_password}
253
254    # Set admin privilege and enable IPMI messaging for newly created user.
255    Set Channel Access  ${random_userid}  ipmi=on privilege=${admin_level_priv}
256
257    # Enable IPMI user and verify.
258    Run IPMI Standard Command  user enable ${random_userid}
259    ${user_info}=  Get User Info  ${random_userid}
260    Should Be Equal  ${user_info['enable_status']}  enabled
261
262    # Verify that enabled IPMI  user is able to run IPMI command.
263    Verify IPMI Username And Password  ${random_username}  ${valid_password}
264
265
266Disable IPMI User And Verify
267    [Documentation]  Disable IPMI user and verify that that the user
268    ...  is unable to run IPMI command.
269    [Tags]  Disable_IPMI_User_And_Verify
270
271    # Create IPMI user and set valid password.
272    ${random_username}=  Generate Random String  8  [LETTERS]
273    ${random_userid}=  Evaluate  random.randint(2, 15)  modules=random
274    IPMI Create User  ${random_userid}  ${random_username}
275    Run IPMI Standard Command
276    ...  user set password ${random_userid} ${valid_password}
277
278    # Set admin privilege and enable IPMI messaging for newly created user.
279    Set Channel Access  ${random_userid}  ipmi=on privilege=${admin_level_priv}
280
281    # Disable IPMI user and verify.
282    Run IPMI Standard Command  user disable ${random_userid}
283    ${user_info}=  Get User Info  ${random_userid}
284    Should Be Equal  ${user_info['enable_status']}  disabled
285
286    # Verify that disabled IPMI  user is unable to run IPMI command.
287    ${msg}=  Run Keyword And Expect Error  *  Verify IPMI Username And Password
288    ...  ${random_username}  ${valid_password}
289    Should Contain  ${msg}  Unable to establish IPMI
290
291
292Verify IPMI Root User Password Change
293    [Documentation]  Change IPMI root user password and verify that
294    ...  root user is able to run IPMI command.
295    [Tags]  Verify_IPMI_Root_User_Password_Change
296    [Teardown]  Wait Until Keyword Succeeds  15 sec  5 sec
297    ...  Set Default Password For IPMI Root User
298
299    # Set new password for root user.
300    Run IPMI Standard Command
301    ...  user set password ${root_userid} ${valid_password}
302
303    # Verify that root user is able to run IPMI command using new password.
304    Verify IPMI Username And Password  root  ${valid_password}
305
306
307Verify Administrator And No Access Privilege For Different Channels
308    [Documentation]  Set administrator and no access privilege for different channels and verify.
309    [Tags]  Verify_Administrator_And_No_Access_Privilege_For_Different_Channels
310
311    # Create IPMI user and set valid password.
312    ${random_username}=  Generate Random String  8  [LETTERS]
313    ${random_userid}=  Evaluate  random.randint(2, 15)  modules=random
314    IPMI Create User  ${random_userid}  ${random_username}
315    Run IPMI Standard Command
316    ...  user set password ${random_userid} ${valid_password}
317
318    # Set admin privilege for newly created user with channel 1.
319    Set Channel Access  ${random_userid}  ipmi=on privilege=${admin_level_priv}  1
320
321    # Set no access privilege for newly created user with channel 2.
322    Set Channel Access  ${random_userid}  ipmi=on privilege=${no_access_priv}  2
323
324    # Enable IPMI user and verify.
325    Run IPMI Standard Command  user enable ${random_userid}
326    ${user_info}=  Get User Info  ${random_userid}
327    Should Be Equal  ${user_info['enable_status']}  enabled
328
329    # Verify that user is able to run administrator level IPMI command with channel 1.
330    Verify IPMI Command  ${random_username}  ${valid_password}  Administrator  1
331
332    # Verify that user is unable to run IPMI command with channel 2.
333    Run IPMI Standard Command  sel info 2  expected_rc=${1}  U=${random_username}  P=${valid_password}
334
335
336Verify Operator And User Privilege For Different Channels
337    [Documentation]  Set operator and user privilege for different channels and verify.
338    [Tags]  Verify_Operator_And_User_Privilege_For_Different_Channels
339
340    # Create IPMI user and set valid password.
341    ${random_username}=  Generate Random String  8  [LETTERS]
342    ${random_userid}=  Evaluate  random.randint(2, 15)  modules=random
343    IPMI Create User  ${random_userid}  ${random_username}
344    Run IPMI Standard Command
345    ...  user set password ${random_userid} ${valid_password}
346
347    # Set operator privilege for newly created user with channel 1.
348    Set Channel Access  ${random_userid}  ipmi=on privilege=${operator_priv}  1
349
350    # Set user privilege for newly created user with channel 2.
351    Set Channel Access  ${random_userid}  ipmi=on privilege=${user_priv}  2
352
353    # Enable IPMI user and verify.
354    Run IPMI Standard Command  user enable ${random_userid}
355    ${user_info}=  Get User Info  ${random_userid}
356    Should Be Equal  ${user_info['enable_status']}  enabled
357
358    # Verify that user is able to run operator level IPMI command with channel 1.
359    Verify IPMI Command  ${random_username}  ${valid_password}  Operator  1
360
361    # Verify that user is able to run user level IPMI command with channel 2.
362    Verify IPMI Command  ${random_username}  ${valid_password}  User  2
363
364
365*** Keywords ***
366
367Set Default Password For IPMI Root User
368    [Documentation]  Set default password for IPMI root user (i.e. 0penBmc).
369    # Set default password for root user.
370    ${result}=  Run External IPMI Standard Command
371    ...  user set password ${root_userid} ${OPENBMC_PASSWORD}
372    ...  P=${valid_password}
373    Should Contain  ${result}  Set User Password command successful
374
375    # Verify that root user is able to run IPMI command using default password.
376    Verify IPMI Username And Password  root  ${OPENBMC_PASSWORD}
377
378
379Test IPMI User Privilege
380    [Documentation]  Test IPMI user privilege by executing IPMI command with different privileges.
381    [Arguments]  ${privilege_level}  ${user_cmd_status}  ${operator_cmd_status}  ${admin_cmd_status}
382
383    # Description of argument(s):
384    # privilege_level     Privilege level of IPMI user (e.g. 4, 3).
385    # user_cmd_status     Expected status of IPMI command run with the "User"
386    #                     privilege (i.e. "Passed" or "Failed").
387    # operator_cmd_status Expected status of IPMI command run with the "Operator"
388    #                     privilege (i.e. "Passed" or "Failed").
389    # admin_cmd_status    Expected status of IPMI command run with the "Administrator"
390    #                     privilege (i.e. "Passed" or "Failed").
391
392    # Create IPMI user and set valid password.
393    ${random_username}=  Generate Random String  8  [LETTERS]
394    ${random_userid}=  Evaluate  random.randint(2, 15)  modules=random
395    IPMI Create User  ${random_userid}  ${random_username}
396    Run IPMI Standard Command
397    ...  user set password ${random_userid} ${valid_password}
398
399    # Set privilege and enable IPMI messaging for newly created user.
400    Set Channel Access  ${random_userid}  ipmi=on privilege=${privilege_level}
401
402    # Enable IPMI user and verify.
403    Run IPMI Standard Command  user enable ${random_userid}
404    ${user_info}=  Get User Info  ${random_userid}
405    Should Be Equal  ${user_info['enable_status']}  enabled
406
407    Verify IPMI Command  ${random_username}  ${valid_password}  User
408    ...  expected_status=${user_cmd_status}
409    Verify IPMI Command  ${random_username}  ${valid_password}  Operator
410    ...  expected_status=${operator_cmd_status}
411    Verify IPMI Command  ${random_username}  ${valid_password}  Administrator
412    ...  expected_status=${admin_cmd_status}
413
414
415Verify IPMI Command
416    [Documentation]  Verify IPMI command execution with given username,
417    ...  password, privilege and expected status.
418    [Arguments]  ${username}  ${password}  ${privilege}  ${channel}=${1}  ${expected_status}=Passed
419    # Description of argument(s):
420    # username         The user name (e.g. "root", "robert", etc.).
421    # password         The user password (e.g. "0penBmc", "0penBmc1", etc.).
422    # privilege        The session privilge for IPMI command (e.g. "User", "Operator", etc.).
423    # channel          The user channel number (e.g. "1" or "2").
424    # expected_status  Expected status of IPMI command run with the user
425    #                  of above password and privilege (i.e. "Passed" or "Failed").
426
427    ${expected_rc}=  Set Variable If  '${expected_status}' == 'Passed'  ${0}  ${1}
428    Run IPMI Standard Command  sel info ${channel}  expected_rc=${expected_rc}  U=${username}  P=${password}
429    ...  L=${privilege}
430
431
432Test Teardown Execution
433    [Documentation]  Do the test teardown execution.
434
435    FFDC On Test Case Fail
436    Delete All Non Root IPMI User
437