1*** Settings ***
2Documentation       Test suite for OpenBMC IPMI user management.
3
4Resource            ../lib/ipmi_client.robot
5Resource            ../lib/openbmc_ffdc.robot
6Library             ../lib/ipmi_utils.py
7
8Test Teardown       Test Teardown Execution
9Suite Teardown      Delete All Non Root IPMI User
10
11*** Variables ***
12
13${invalid_username}     user%
14${invalid_password}     abc123
15${root_userid}          1
16${operator_level_priv}  0x3
17${user_priv}            2
18${operator_priv}        3
19${admin_level_priv}     4
20${no_access_priv}       15
21${valid_password}       0penBmc1
22${max_password_length}  20
23${ipmi_setaccess_cmd}   channel setaccess
24
25
26*** Test Cases ***
27
28Verify IPMI User Summary
29    [Documentation]  Verify IPMI maximum supported IPMI user ID and
30    ...  enabled user form user summary
31    [Tags]  Verify_IPMI_User_Summary
32
33    # Delete all non-root IPMI (i.e. except userid 1)
34    Delete All Non Root IPMI User
35
36    # Create a valid user and enable it.
37    ${random_username}=  Generate Random String  8  [LETTERS]
38    ${random_userid}=  Evaluate  random.randint(2, 15)  modules=random
39    IPMI Create User  ${random_userid}  ${random_username}
40    Run IPMI Standard Command  user enable ${random_userid}
41
42    # Verify maximum user count IPMI local user can have. Also verify
43    # currently enabled users.
44    ${resp}=  Wait Until Keyword Succeeds  15 sec  5 sec  Run IPMI Standard Command  user summary
45    ${enabled_user_count}=
46    ...  Get Lines Containing String  ${resp}  Enabled User Count
47    ${maximum_ids}=  Get Lines Containing String  ${resp}  Maximum IDs
48    Should Contain  ${enabled_user_count}  2
49    Should Contain  ${maximum_ids}  15
50
51
52Verify IPMI User Creation With Valid Name And ID
53    [Documentation]  Create user via IPMI and verify.
54    [Tags]  Test_IPMI_User_Creation_With_Valid_Name_And_ID
55
56    ${random_username}=  Generate Random String  8  [LETTERS]
57    ${random_userid}=  Evaluate  random.randint(2, 15)  modules=random
58    IPMI Create User  ${random_userid}  ${random_username}
59
60
61Verify IPMI User Creation With Invalid Name
62    [Documentation]  Verify error while creating IPMI user with invalid
63    ...  name(e.g. user name with special characters).
64    [Tags]  Verify_IPMI_User_Creation_With_Invalid_Name
65
66    ${random_userid}=  Evaluate  random.randint(2, 15)  modules=random
67    ${msg}=  Run Keyword And Expect Error  *  Run IPMI Standard Command
68    ...  user set name ${random_userid} ${invalid_username}
69    Should Contain  ${msg}  Invalid data
70
71
72Verify IPMI User Creation With Invalid ID
73    [Documentation]  Verify error while creating IPMI user with invalid
74    ...  ID(i.e. any number greater than 15 or 0).
75    [Tags]  Verify_IPMI_User_Creation_With_Invalid_ID
76
77    @{id_list}=  Create List
78    ${random_invalid_id}=  Evaluate  random.randint(16, 1000)  modules=random
79    Append To List  ${id_list}  ${random_invalid_id}
80    Append To List  ${id_list}  0
81
82    FOR  ${id}  IN  @{id_list}
83      ${msg}=  Run Keyword And Expect Error  *  Run IPMI Standard Command
84      ...  user set name ${id} newuser
85      Should Contain  ${msg}  User ID is limited to range
86    END
87
88Verify Setting IPMI User With Invalid Password
89    [Documentation]  Verify error while setting IPMI user with invalid
90    ...  password.
91    [Tags]  Verify_Setting_IPMI_User_With_Invalid_Password
92
93    # Create IPMI user.
94    ${random_username}=  Generate Random String  8  [LETTERS]
95    ${random_userid}=  Evaluate  random.randint(2, 15)  modules=random
96    IPMI Create User  ${random_userid}  ${random_username}
97
98    # Set invalid password for newly created user.
99    ${msg}=  Run Keyword And Expect Error  *  Run IPMI Standard Command
100    ...  user set password ${random_userid} ${invalid_password}
101
102    Should Contain  ${msg}  Set User Password command failed
103
104Verify Setting IPMI Root User With New Name
105    [Documentation]  Verify error while setting IPMI root user with new
106    ...  name.
107    [Tags]  Verify_Setting_IPMI_Root_User_With_New_Name
108
109    # Set invalid password for newly created user.
110    ${msg}=  Run Keyword And Expect Error  *  Run IPMI Standard Command
111    ...  user set name ${root_userid} abcd
112
113    Should Contain  ${msg}  Set User Name command failed
114
115
116Verify IPMI User Password Via Test Command
117    [Documentation]  Verify IPMI user password using test command.
118    [Tags]  Verify_IPMI_User_Password_Via_Test_Command
119
120    # Create IPMI user.
121    ${random_username}=  Generate Random String  8  [LETTERS]
122    ${random_userid}=  Evaluate  random.randint(2, 15)  modules=random
123    IPMI Create User  ${random_userid}  ${random_username}
124
125    # Set valid password for newly created user.
126    Run IPMI Standard Command
127    ...  user set password ${random_userid} ${valid_password}
128
129    # Verify newly set password using test command.
130    ${msg}=  Run IPMI Standard Command
131    ...  user test ${random_userid} ${max_password_length} ${valid_password}
132
133    Should Contain  ${msg}  Success
134
135
136Verify Setting Valid Password For IPMI User
137    [Documentation]  Set valid password for IPMI user and verify.
138    [Tags]  Verify_Setting_Valid_Password_For_IPMI_User
139
140    # Create IPMI user.
141    ${random_username}=  Generate Random String  8  [LETTERS]
142    ${random_userid}=  Evaluate  random.randint(2, 15)  modules=random
143    IPMI Create User  ${random_userid}  ${random_username}
144
145    # Set valid password for newly created user.
146    Run IPMI Standard Command
147    ...  user set password ${random_userid} ${valid_password}
148
149    # Enable IPMI user
150    Run IPMI Standard Command  user enable ${random_userid}
151
152    # Delay added for IPMI user to get enable
153    Sleep  5s
154
155    # Set admin privilege and enable IPMI messaging for newly created user
156    Set Channel Access  ${random_userid}  ipmi=on privilege=${admin_level_priv}
157
158    Verify IPMI Username And Password  ${random_username}  ${valid_password}
159
160
161Verify IPMI User Creation With Same Name
162    [Documentation]  Verify error while creating two IPMI user with same name.
163    [Tags]  Verify_IPMI_User_Creation_With_Same_Name
164
165    ${random_username}=  Generate Random String  8  [LETTERS]
166    IPMI Create User  2  ${random_username}
167
168    # Set same username for another IPMI user.
169    ${msg}=  Run Keyword And Expect Error  *  Run IPMI Standard Command
170    ...  user set name 3 ${random_username}
171    Should Contain  ${msg}  Invalid data field in request
172
173
174Verify Setting IPMI User With Null Password
175    [Documentation]  Verify error while setting IPMI user with null
176    ...  password.
177    [Tags]  Verify_Setting_IPMI_User_With_Null_Password
178
179    # Create IPMI user.
180    ${random_username}=  Generate Random String  8  [LETTERS]
181    ${random_userid}=  Evaluate  random.randint(2, 15)  modules=random
182    IPMI Create User  ${random_userid}  ${random_username}
183
184    # Set null password for newly created user.
185    ${msg}=  Run Keyword And Expect Error  *  Run IPMI Standard Command
186    ...  user set password ${random_userid} ""
187
188    Should Contain  ${msg}  Invalid data field in request
189
190
191Verify IPMI User Deletion
192    [Documentation]  Delete user via IPMI and verify.
193    [Tags]  Verify_IPMI_User_Deletion
194
195    ${random_username}=  Generate Random String  8  [LETTERS]
196    ${random_userid}=  Evaluate  random.randint(2, 15)  modules=random
197    IPMI Create User  ${random_userid}  ${random_username}
198
199    # Delete IPMI User and verify
200    Run IPMI Standard Command  user set name ${random_userid} ""
201    ${user_info}=  Get User Info  ${random_userid}
202    Should Be Equal  ${user_info['user_name']}  ${EMPTY}
203
204
205Test IPMI User Privilege Level
206    [Documentation]  Verify IPMI user with user privilege can only run user level commands.
207    [Tags]  Test_IPMI_User_Privilege_Level
208    [Template]  Test IPMI User Privilege
209
210    #Privilege level     User Cmd Status  Operator Cmd Status  Admin Cmd Status
211    ${user_priv}         Passed           Failed               Failed
212
213
214Test IPMI Operator Privilege Level
215    [Documentation]  Verify IPMI user with operator privilege can only run user and operator levels commands.
216    ...  level is set to operator.
217    [Tags]  Test_IPMI_Operator_Privilege_Level
218    [Template]  Test IPMI User Privilege
219
220    #Privilege level     User Cmd Status  Operator Cmd Status  Admin Cmd Status
221    ${operator_priv}     Passed           Passed               Failed
222
223
224Test IPMI Administrator Privilege Level
225    [Documentation]  Verify IPMI user with admin privilege can run all levels command.
226    [Tags]  Test_IPMI_Administrator_Privilege_Level
227    [Template]  Test IPMI User Privilege
228
229    #Privilege level     User Cmd Status  Operator Cmd Status  Admin Cmd Status
230    ${admin_level_priv}  Passed           Passed               Passed
231
232
233Test IPMI No Access Privilege Level
234    [Documentation]  Verify IPMI user with no access privilege can not run only any level command.
235    [Tags]  Test_IPMI_No_Access_Privilege_Level
236    [Template]  Test IPMI User Privilege
237
238    #Privilege level     User Cmd Status  Operator Cmd Status  Admin Cmd Status
239    ${no_access_priv}    Failed           Failed               Failed
240
241
242Enable IPMI User And Verify
243    [Documentation]  Enable IPMI user and verify that the user is able
244    ...  to run IPMI command.
245    [Tags]  Enable_IPMI_User_And_Verify
246
247    # Create IPMI user and set valid password.
248    ${random_username}=  Generate Random String  8  [LETTERS]
249    ${random_userid}=  Evaluate  random.randint(2, 15)  modules=random
250    IPMI Create User  ${random_userid}  ${random_username}
251    Run IPMI Standard Command
252    ...  user set password ${random_userid} ${valid_password}
253
254    # Set admin privilege and enable IPMI messaging for newly created user.
255    Set Channel Access  ${random_userid}  ipmi=on privilege=${admin_level_priv}
256
257    # Delay added for user privilge to get set.
258    Sleep  5s
259
260    # Enable IPMI user and verify.
261    Run IPMI Standard Command  user enable ${random_userid}
262    ${user_info}=  Get User Info  ${random_userid}
263    Should Be Equal  ${user_info['enable_status']}  enabled
264
265    # Verify that enabled IPMI  user is able to run IPMI command.
266    Verify IPMI Username And Password  ${random_username}  ${valid_password}
267
268
269Disable IPMI User And Verify
270    [Documentation]  Disable IPMI user and verify that that the user
271    ...  is unable to run IPMI command.
272    [Tags]  Disable_IPMI_User_And_Verify
273
274    # Create IPMI user and set valid password.
275    ${random_username}=  Generate Random String  8  [LETTERS]
276    ${random_userid}=  Evaluate  random.randint(2, 15)  modules=random
277    IPMI Create User  ${random_userid}  ${random_username}
278    Run IPMI Standard Command
279    ...  user set password ${random_userid} ${valid_password}
280
281    # Set admin privilege and enable IPMI messaging for newly created user.
282    Set Channel Access  ${random_userid}  ipmi=on privilege=${admin_level_priv}
283
284    # Disable IPMI user and verify.
285    Run IPMI Standard Command  user disable ${random_userid}
286    ${user_info}=  Get User Info  ${random_userid}
287    Should Be Equal  ${user_info['enable_status']}  disabled
288
289    # Verify that disabled IPMI  user is unable to run IPMI command.
290    ${msg}=  Run Keyword And Expect Error  *  Verify IPMI Username And Password
291    ...  ${random_username}  ${valid_password}
292    Should Contain  ${msg}  Unable to establish IPMI
293
294
295Verify IPMI Root User Password Change
296    [Documentation]  Change IPMI root user password and verify that
297    ...  root user is able to run IPMI command.
298    [Tags]  Verify_IPMI_Root_User_Password_Change
299    [Teardown]  Wait Until Keyword Succeeds  15 sec  5 sec
300    ...  Set Default Password For IPMI Root User
301
302    # Set new password for root user.
303    Run IPMI Standard Command
304    ...  user set password ${root_userid} ${valid_password}
305
306    # Verify that root user is able to run IPMI command using new password.
307    Wait Until Keyword Succeeds  15 sec  5 sec  Verify IPMI Username And Password
308    ...  root  ${valid_password}
309
310
311Verify Administrator And No Access Privilege For Different Channels
312    [Documentation]  Set administrator and no access privilege for different channels and verify.
313    [Tags]  Verify_Administrator_And_No_Access_Privilege_For_Different_Channels
314
315    # Create IPMI user and set valid password.
316    ${random_username}=  Generate Random String  8  [LETTERS]
317    ${random_userid}=  Evaluate  random.randint(2, 15)  modules=random
318    IPMI Create User  ${random_userid}  ${random_username}
319    Run IPMI Standard Command
320    ...  user set password ${random_userid} ${valid_password}
321
322    # Set admin privilege for newly created user with channel 1.
323    Set Channel Access  ${random_userid}  ipmi=on privilege=${admin_level_priv}  1
324
325    # Set no access privilege for newly created user with channel 2.
326    Set Channel Access  ${random_userid}  ipmi=on privilege=${no_access_priv}  2
327
328    # Enable IPMI user and verify.
329    Run IPMI Standard Command  user enable ${random_userid}
330    ${user_info}=  Get User Info  ${random_userid}
331    Should Be Equal  ${user_info['enable_status']}  enabled
332
333    # Verify that user is able to run administrator level IPMI command with channel 1.
334    Verify IPMI Command  ${random_username}  ${valid_password}  Administrator  1
335
336    # Verify that user is unable to run IPMI command with channel 2.
337    Run IPMI Standard Command  sel info 2  expected_rc=${1}  U=${random_username}  P=${valid_password}
338
339
340Verify Operator And User Privilege For Different Channels
341    [Documentation]  Set operator and user privilege for different channels and verify.
342    [Tags]  Verify_Operator_And_User_Privilege_For_Different_Channels
343
344    # Create IPMI user and set valid password.
345    ${random_username}=  Generate Random String  8  [LETTERS]
346    ${random_userid}=  Evaluate  random.randint(2, 15)  modules=random
347    IPMI Create User  ${random_userid}  ${random_username}
348    Run IPMI Standard Command
349    ...  user set password ${random_userid} ${valid_password}
350
351    # Set operator privilege for newly created user with channel 1.
352    Set Channel Access  ${random_userid}  ipmi=on privilege=${operator_priv}  1
353
354    # Set user privilege for newly created user with channel 2.
355    Set Channel Access  ${random_userid}  ipmi=on privilege=${user_priv}  2
356
357    # Enable IPMI user and verify.
358    Run IPMI Standard Command  user enable ${random_userid}
359    ${user_info}=  Get User Info  ${random_userid}
360    Should Be Equal  ${user_info['enable_status']}  enabled
361
362    # Verify that user is able to run operator level IPMI command with channel 1.
363    Verify IPMI Command  ${random_username}  ${valid_password}  Operator  1
364
365    # Verify that user is able to run user level IPMI command with channel 2.
366    Verify IPMI Command  ${random_username}  ${valid_password}  User  2
367
368
369*** Keywords ***
370
371Set Default Password For IPMI Root User
372    [Documentation]  Set default password for IPMI root user (i.e. 0penBmc).
373    # Set default password for root user.
374    ${result}=  Run External IPMI Standard Command
375    ...  user set password ${root_userid} ${OPENBMC_PASSWORD}
376    ...  P=${valid_password}
377    Should Contain  ${result}  Set User Password command successful
378
379    # Verify that root user is able to run IPMI command using default password.
380    Verify IPMI Username And Password  root  ${OPENBMC_PASSWORD}
381
382
383Test IPMI User Privilege
384    [Documentation]  Test IPMI user privilege by executing IPMI command with different privileges.
385    [Arguments]  ${privilege_level}  ${user_cmd_status}  ${operator_cmd_status}  ${admin_cmd_status}
386
387    # Description of argument(s):
388    # privilege_level     Privilege level of IPMI user (e.g. 4, 3).
389    # user_cmd_status     Expected status of IPMI command run with the "User"
390    #                     privilege (i.e. "Passed" or "Failed").
391    # operator_cmd_status Expected status of IPMI command run with the "Operator"
392    #                     privilege (i.e. "Passed" or "Failed").
393    # admin_cmd_status    Expected status of IPMI command run with the "Administrator"
394    #                     privilege (i.e. "Passed" or "Failed").
395
396    # Create IPMI user and set valid password.
397    ${random_username}=  Generate Random String  8  [LETTERS]
398    ${random_userid}=  Evaluate  random.randint(2, 15)  modules=random
399    IPMI Create User  ${random_userid}  ${random_username}
400    Run IPMI Standard Command
401    ...  user set password ${random_userid} ${valid_password}
402
403    # Set privilege and enable IPMI messaging for newly created user.
404    Set Channel Access  ${random_userid}  ipmi=on privilege=${privilege_level}
405
406    # Delay added for user privilge to get set.
407    Sleep  5s
408
409    # Enable IPMI user and verify.
410    Run IPMI Standard Command  user enable ${random_userid}
411    ${user_info}=  Get User Info  ${random_userid}
412    Should Be Equal  ${user_info['enable_status']}  enabled
413
414    Verify IPMI Command  ${random_username}  ${valid_password}  User
415    ...  expected_status=${user_cmd_status}
416    Verify IPMI Command  ${random_username}  ${valid_password}  Operator
417    ...  expected_status=${operator_cmd_status}
418    Verify IPMI Command  ${random_username}  ${valid_password}  Administrator
419    ...  expected_status=${admin_cmd_status}
420
421
422Verify IPMI Command
423    [Documentation]  Verify IPMI command execution with given username,
424    ...  password, privilege and expected status.
425    [Arguments]  ${username}  ${password}  ${privilege}  ${channel}=${1}  ${expected_status}=Passed
426    # Description of argument(s):
427    # username         The user name (e.g. "root", "robert", etc.).
428    # password         The user password (e.g. "0penBmc", "0penBmc1", etc.).
429    # privilege        The session privilge for IPMI command (e.g. "User", "Operator", etc.).
430    # channel          The user channel number (e.g. "1" or "2").
431    # expected_status  Expected status of IPMI command run with the user
432    #                  of above password and privilege (i.e. "Passed" or "Failed").
433
434    ${expected_rc}=  Set Variable If  '${expected_status}' == 'Passed'  ${0}  ${1}
435    Wait Until Keyword Succeeds  15 sec  5 sec  Run IPMI Standard Command
436    ...  sel info ${channel}  expected_rc=${expected_rc}  U=${username}  P=${password}
437    ...  L=${privilege}
438
439
440Test Teardown Execution
441    [Documentation]  Do the test teardown execution.
442
443    FFDC On Test Case Fail
444