1*** Settings ***
2Documentation       Test suite for OpenBMC IPMI user management.
3
4Resource            ../lib/ipmi_client.robot
5Resource            ../lib/openbmc_ffdc.robot
6Library             ../lib/ipmi_utils.py
7
8Test Teardown       Test Teardown Execution
9
10
11*** Variables ***
12
13${invalid_username}     user%
14${invalid_password}     abc123
15${root_userid}          1
16${operator_level_priv}  0x3
17${admin_level_priv}     4
18${valid_password}       0penBmc1
19${max_password_length}  20
20${ipmi_setaccess_cmd}   channel setaccess
21${IPMI_EXT_CMD}         ipmitool -I lanplus -C 3
22${PASSWORD_OPTION}      -P
23${USER_OPTION}          -U
24${SEL_INFO_CMD}         sel info
25
26
27*** Test Cases ***
28
29Verify IPMI User Summary
30    [Documentation]  Verify IPMI maximum supported IPMI user ID and
31    ...  enabled user form user summary
32    [Tags]  Verify_IPMI_User_Summary
33
34    # Delete all non-root IPMI (i.e. except userid 1)
35    Delete All Non Root IPMI User
36
37    # Create a valid user and enable it.
38    ${random_username}=  Generate Random String  8  [LETTERS]
39    ${random_userid}=  Evaluate  random.randint(2, 15)  modules=random
40    IPMI Create User  ${random_userid}  ${random_username}
41    Run IPMI Standard Command  user enable ${random_userid}
42
43    # Verify maximum user count IPMI local user can have. Also verify
44    # currently enabled users.
45    ${resp}=  Run IPMI Standard Command  user summary
46    ${enabled_user_count}=
47    ...  Get Lines Containing String  ${resp}  Enabled User Count
48    ${maximum_ids}=  Get Lines Containing String  ${resp}  Maximum IDs
49    Should Contain  ${enabled_user_count}  2
50    Should Contain  ${maximum_ids}  15
51
52
53Verify IPMI User Creation With Valid Name And ID
54    [Documentation]  Create user via IPMI and verify.
55    [Tags]  Test_IPMI_User_Creation_With_Valid_Name_And_ID
56
57    ${random_username}=  Generate Random String  8  [LETTERS]
58    ${random_userid}=  Evaluate  random.randint(2, 15)  modules=random
59    IPMI Create User  ${random_userid}  ${random_username}
60
61
62Verify IPMI User Creation With Invalid Name
63    [Documentation]  Verify error while creating IPMI user with invalid
64    ...  name(e.g. user name with special characters).
65    [Tags]  Verify_IPMI_User_Creation_With_Invalid_Name
66
67    ${random_userid}=  Evaluate  random.randint(2, 15)  modules=random
68    ${msg}=  Run Keyword And Expect Error  *  Run IPMI Standard Command
69    ...  user set name ${random_userid} ${invalid_username}
70    Should Contain  ${msg}  Invalid data
71
72
73Verify IPMI User Creation With Invalid ID
74    [Documentation]  Verify error while creating IPMI user with invalid
75    ...  ID(i.e. any number greater than 15 or 0).
76    [Tags]  Verify_IPMI_User_Creation_With_Invalid_ID
77
78    @{id_list}=  Create List
79    ${random_invalid_id}=  Evaluate  random.randint(16, 1000)  modules=random
80    Append To List  ${id_list}  ${random_invalid_id}
81    Append To List  ${id_list}  0
82
83    :FOR  ${id}  IN  @{id_list}
84    \    ${msg}=  Run Keyword And Expect Error  *  Run IPMI Standard Command
85    \    ...  user set name ${id} newuser
86    \    Should Contain  ${msg}  User ID is limited to range
87
88
89Verify Setting IPMI User With Invalid Password
90    [Documentation]  Verify error while setting IPMI user with invalid
91    ...  password.
92    [Tags]  Verify_Setting_IPMI_User_With_Invalid_Password
93
94    # Create IPMI user.
95    ${random_username}=  Generate Random String  8  [LETTERS]
96    ${random_userid}=  Evaluate  random.randint(2, 15)  modules=random
97    IPMI Create User  ${random_userid}  ${random_username}
98
99    # Set invalid password for newly created user.
100    ${msg}=  Run Keyword And Expect Error  *  Run IPMI Standard Command
101    ...  user set password ${random_userid} ${invalid_password}
102
103    Should Contain  ${msg}  Invalid data field in request
104
105
106Verify Setting IPMI Root User With New Name
107    [Documentation]  Verify error while setting IPMI root user with new
108    ...  name.
109    [Tags]  Verify_Setting_IPMI_Root_User_With_New_Name
110
111    # Set invalid password for newly created user.
112    ${msg}=  Run Keyword And Expect Error  *  Run IPMI Standard Command
113    ...  user set name ${root_userid} abcd
114
115    Should Contain  ${msg}  Set User Name command failed
116
117
118Verify IPMI User Password Via Test Command
119    [Documentation]  Verify IPMI user password using test command.
120    [Tags]  Verify_IPMI_User_Password_Via_Test_Command
121
122    # Create IPMI user.
123    ${random_username}=  Generate Random String  8  [LETTERS]
124    ${random_userid}=  Evaluate  random.randint(2, 15)  modules=random
125    IPMI Create User  ${random_userid}  ${random_username}
126
127    # Set valid password for newly created user.
128    Run IPMI Standard Command
129    ...  user set password ${random_userid} ${valid_password}
130
131    # Verify newly set password using test command.
132    ${msg}=  Run IPMI Standard Command
133    ...  user test ${random_userid} ${max_password_length} ${valid_password}
134
135    Should Contain  ${msg}  Success
136
137
138Verify Setting Valid Password For IPMI User
139    [Documentation]  Set valid password for IPMI user and verify.
140    [Tags]  Verify_Setting_Valid_Password_For_IPMI_User
141
142    # Create IPMI user.
143    ${random_username}=  Generate Random String  8  [LETTERS]
144    ${random_userid}=  Evaluate  random.randint(2, 15)  modules=random
145    IPMI Create User  ${random_userid}  ${random_username}
146
147    # Set valid password for newly created user.
148    Run IPMI Standard Command
149    ...  user set password ${random_userid} ${valid_password}
150
151    # Enable IPMI user
152    Run IPMI Standard Command  user enable ${random_userid}
153
154    # Set admin privilege and enable IPMI messaging for newly created user
155    Set Channel Access  ${random_userid}  ipmi=on privilege=${admin_level_priv}
156
157    Verify IPMI Username And Password  ${random_username}  ${valid_password}
158
159
160Verify IPMI User Creation With Same Name
161    [Documentation]  Verify error while creating two IPMI user with same name.
162    [Tags]  Verify_IPMI_User_Creation_With_Same_Name
163
164    ${random_username}=  Generate Random String  8  [LETTERS]
165    IPMI Create User  2  ${random_username}
166
167    # Set same username for another IPMI user.
168    ${msg}=  Run Keyword And Expect Error  *  Run IPMI Standard Command
169    ...  user set name 3 ${random_username}
170    Should Contain  ${msg}  Invalid data field in request
171
172
173Verify Setting IPMI User With Null Password
174    [Documentation]  Verify error while setting IPMI user with null
175    ...  password.
176    [Tags]  Verify_Setting_IPMI_User_With_Null_Password
177
178    # Create IPMI user.
179    ${random_username}=  Generate Random String  8  [LETTERS]
180    ${random_userid}=  Evaluate  random.randint(2, 15)  modules=random
181    IPMI Create User  ${random_userid}  ${random_username}
182
183    # Set null password for newly created user.
184    ${msg}=  Run Keyword And Expect Error  *  Run IPMI Standard Command
185    ...  user set password ${random_userid} ""
186
187    Should Contain  ${msg}  Invalid data field in request
188
189
190Verify IPMI User Deletion
191    [Documentation]  Delete user via IPMI and verify.
192    [Tags]  Verify_IPMI_User_Deletion
193
194    ${random_username}=  Generate Random String  8  [LETTERS]
195    ${random_userid}=  Evaluate  random.randint(2, 15)  modules=random
196    IPMI Create User  ${random_userid}  ${random_username}
197
198    # Delete IPMI User and verify
199    Run IPMI Standard Command  user set name ${random_userid} ""
200    ${user_info}=  Get User Info  ${random_userid}
201    Should Be Equal  ${user_info['user_name']}  ${EMPTY}
202
203
204Enable IPMI User And Verify
205    [Documentation]  Enable IPMI user and verify that the user is able
206    ...  to run IPMI command.
207    [Tags]  Enable_IPMI_User_And_Verify
208
209    # Create IPMI user and set valid password.
210    ${random_username}=  Generate Random String  8  [LETTERS]
211    ${random_userid}=  Evaluate  random.randint(2, 15)  modules=random
212    IPMI Create User  ${random_userid}  ${random_username}
213    Run IPMI Standard Command
214    ...  user set password ${random_userid} ${valid_password}
215
216    # Set admin privilege and enable IPMI messaging for newly created user.
217    Set Channel Access  ${random_userid}  ipmi=on privilege=${admin_level_priv}
218
219    # Enable IPMI user and verify.
220    Run IPMI Standard Command  user enable ${random_userid}
221    ${user_info}=  Get User Info  ${random_userid}
222    Should Be Equal  ${user_info['enable_status']}  enabled
223
224    # Verify that enabled IPMI  user is able to run IPMI command.
225    Verify IPMI Username And Password  ${random_username}  ${valid_password}
226
227
228Disable IPMI User And Verify
229    [Documentation]  Disable IPMI user and verify that that the user
230    ...  is unable to run IPMI command.
231    [Tags]  Disable_IPMI_User_And_Verify
232
233    # Create IPMI user and set valid password.
234    ${random_username}=  Generate Random String  8  [LETTERS]
235    ${random_userid}=  Evaluate  random.randint(2, 15)  modules=random
236    IPMI Create User  ${random_userid}  ${random_username}
237    Run IPMI Standard Command
238    ...  user set password ${random_userid} ${valid_password}
239
240    # Set admin privilege and enable IPMI messaging for newly created user.
241    Set Channel Access  ${random_userid}  ipmi=on privilege=${admin_level_priv}
242
243    # Disable IPMI user and verify.
244    Run IPMI Standard Command  user disable ${random_userid}
245    ${user_info}=  Get User Info  ${random_userid}
246    Should Be Equal  ${user_info['enable_status']}  disabled
247
248    # Verify that disabled IPMI  user is unable to run IPMI command.
249    ${msg}=  Run Keyword And Expect Error  *  Verify IPMI Username And Password
250    ...  ${random_username}  ${valid_password}
251    Should Contain  ${msg}  IPMI command fails
252
253
254Verify IPMI Root User Password Change
255    [Documentation]  Change IPMI root user password and verify that
256    ...  root user is able to run IPMI command.
257    [Tags]  Verify_IPMI_Root_User_Password_Change
258    [Teardown]  Wait Until Keyword Succeeds  15 sec  5 sec
259    ...  Set Default Password For IPMI Root User
260
261    # Set new password for root user.
262    Run IPMI Standard Command
263    ...  user set password ${root_userid} ${valid_password}
264
265    # Verify that root user is able to run IPMI command using new password.
266    Verify IPMI Username And Password  root  ${valid_password}
267
268
269*** Keywords ***
270
271IPMI Create User
272    [Documentation]  Create IPMI user with given userid and username.
273    [Arguments]  ${userid}  ${username}
274
275    # Description of argument(s):
276    # userid      The user ID (e.g. "1", "2", etc.).
277    # username    The user name (e.g. "root", "robert", etc.).
278
279    ${ipmi_cmd}=  Catenate  user set name ${userid} ${username}
280    ${resp}=  Run IPMI Standard Command  ${ipmi_cmd}
281    ${user_info}=  Get User Info  ${userid}
282    Should Be Equal  ${user_info['user_name']}  ${username}
283
284
285Set Channel Access
286    [Documentation]  Verify that user is able to run IPMI command
287    ...  with given username and password.
288    [Arguments]  ${userid}  ${options}  ${channel}=1
289
290    # Description of argument(s):
291    # userid          The user ID (e.g. "1", "2", etc.).
292    # options         Set channel command options (e.g.
293    #                 "link=on", "ipmi=on", etc.).
294    # channel_number  The user's channel number (e.g. "1").
295
296    ${ipmi_cmd}=  Catenate  SEPARATOR=
297    ...  ${ipmi_setaccess_cmd}${SPACE}${channel}${SPACE}${userid}
298    ...  ${SPACE}${options}
299    Run IPMI Standard Command  ${ipmi_cmd}
300
301Set Default Password For IPMI Root User
302    [Documentation]  Set default password for IPMI root user (i.e. 0penBmc).
303
304    # Set default password for root user.
305    ${result}=  Run External IPMI Standard Command
306    ...  user set password ${root_userid} ${OPENBMC_PASSWORD}
307    ...  P=${valid_password}
308    Should Contain  ${result}  Set User Password command successful
309
310    # Verify that root user is able to run IPMI command using default password.
311    Verify IPMI Username And Password  root  ${OPENBMC_PASSWORD}
312
313
314Verify IPMI Username And Password
315    [Documentation]  Verify that user is able to run IPMI command
316    ...  with given username and password.
317    [Arguments]  ${username}  ${password}
318
319    ${ipmi_cmd}=  Catenate  SEPARATOR=
320    ...  ${IPMI_EXT_CMD}${SPACE}${USER_OPTION}${SPACE}${username}
321    ...  ${SPACE}${PASSWORD_OPTION}${SPACE}${password}
322    ...  ${SPACE}${HOST}${SPACE}${OPENBMC_HOST}${SPACE}${SEL_INFO_CMD}
323    ${rc}  ${output}=  Run and Return RC and Output  ${ipmi_cmd}
324    Should Be Equal  ${rc}  ${0}  msg=IPMI command fails
325    Should Contain  ${output}  SEL Information
326
327
328Delete All Non Root IPMI User
329    [Documentation]  Delete all non-root IPMI user.
330
331    :FOR  ${userid}  IN RANGE  2  16
332    \  ${user_info}=  Get User Info  ${userid}
333    \  Run Keyword If  "${user_info['user_name']}" != ""
334    ...  Run IPMI Standard Command  user set name ${userid} ""
335
336
337Test Teardown Execution
338    [Documentation]  Do the test teardown execution.
339
340    FFDC On Test Case Fail
341    Delete All Non Root IPMI User
342
343