1*** Settings ***
2Documentation       Test suite for OpenBMC IPMI user management.
3
4Resource            ../lib/ipmi_client.robot
5Resource            ../lib/openbmc_ffdc.robot
6Library             ../lib/ipmi_utils.py
7
8Test Teardown       Test Teardown Execution
9
10
11*** Variables ***
12
13${invalid_username}     user%
14${invalid_password}     abc123
15${root_userid}          1
16${operator_level_priv}  0x3
17${user_priv}            2
18${operator_priv}        3
19${admin_level_priv}     4
20${no_access_priv}       15
21${valid_password}       0penBmc1
22${max_password_length}  20
23${ipmi_setaccess_cmd}   channel setaccess
24
25
26*** Test Cases ***
27
28Verify IPMI User Summary
29    [Documentation]  Verify IPMI maximum supported IPMI user ID and
30    ...  enabled user form user summary
31    [Tags]  Verify_IPMI_User_Summary
32
33    # Delete all non-root IPMI (i.e. except userid 1)
34    Delete All Non Root IPMI User
35
36    # Create a valid user and enable it.
37    ${random_username}=  Generate Random String  8  [LETTERS]
38    ${random_userid}=  Evaluate  random.randint(2, 15)  modules=random
39    IPMI Create User  ${random_userid}  ${random_username}
40    Run IPMI Standard Command  user enable ${random_userid}
41
42    # Verify maximum user count IPMI local user can have. Also verify
43    # currently enabled users.
44    ${resp}=  Run IPMI Standard Command  user summary
45    ${enabled_user_count}=
46    ...  Get Lines Containing String  ${resp}  Enabled User Count
47    ${maximum_ids}=  Get Lines Containing String  ${resp}  Maximum IDs
48    Should Contain  ${enabled_user_count}  2
49    Should Contain  ${maximum_ids}  15
50
51
52Verify IPMI User Creation With Valid Name And ID
53    [Documentation]  Create user via IPMI and verify.
54    [Tags]  Test_IPMI_User_Creation_With_Valid_Name_And_ID
55
56    ${random_username}=  Generate Random String  8  [LETTERS]
57    ${random_userid}=  Evaluate  random.randint(2, 15)  modules=random
58    IPMI Create User  ${random_userid}  ${random_username}
59
60
61Verify IPMI User Creation With Invalid Name
62    [Documentation]  Verify error while creating IPMI user with invalid
63    ...  name(e.g. user name with special characters).
64    [Tags]  Verify_IPMI_User_Creation_With_Invalid_Name
65
66    ${random_userid}=  Evaluate  random.randint(2, 15)  modules=random
67    ${msg}=  Run Keyword And Expect Error  *  Run IPMI Standard Command
68    ...  user set name ${random_userid} ${invalid_username}
69    Should Contain  ${msg}  Invalid data
70
71
72Verify IPMI User Creation With Invalid ID
73    [Documentation]  Verify error while creating IPMI user with invalid
74    ...  ID(i.e. any number greater than 15 or 0).
75    [Tags]  Verify_IPMI_User_Creation_With_Invalid_ID
76
77    @{id_list}=  Create List
78    ${random_invalid_id}=  Evaluate  random.randint(16, 1000)  modules=random
79    Append To List  ${id_list}  ${random_invalid_id}
80    Append To List  ${id_list}  0
81
82    FOR  ${id}  IN  @{id_list}
83      ${msg}=  Run Keyword And Expect Error  *  Run IPMI Standard Command
84      ...  user set name ${id} newuser
85      Should Contain  ${msg}  User ID is limited to range
86    END
87
88Verify Setting IPMI User With Invalid Password
89    [Documentation]  Verify error while setting IPMI user with invalid
90    ...  password.
91    [Tags]  Verify_Setting_IPMI_User_With_Invalid_Password
92
93    # Create IPMI user.
94    ${random_username}=  Generate Random String  8  [LETTERS]
95    ${random_userid}=  Evaluate  random.randint(2, 15)  modules=random
96    IPMI Create User  ${random_userid}  ${random_username}
97
98    # Set invalid password for newly created user.
99    ${msg}=  Run Keyword And Expect Error  *  Run IPMI Standard Command
100    ...  user set password ${random_userid} ${invalid_password}
101
102    Should Contain  ${msg}  Set User Password command failed
103
104Verify Setting IPMI Root User With New Name
105    [Documentation]  Verify error while setting IPMI root user with new
106    ...  name.
107    [Tags]  Verify_Setting_IPMI_Root_User_With_New_Name
108
109    # Set invalid password for newly created user.
110    ${msg}=  Run Keyword And Expect Error  *  Run IPMI Standard Command
111    ...  user set name ${root_userid} abcd
112
113    Should Contain  ${msg}  Set User Name command failed
114
115
116Verify IPMI User Password Via Test Command
117    [Documentation]  Verify IPMI user password using test command.
118    [Tags]  Verify_IPMI_User_Password_Via_Test_Command
119
120    # Create IPMI user.
121    ${random_username}=  Generate Random String  8  [LETTERS]
122    ${random_userid}=  Evaluate  random.randint(2, 15)  modules=random
123    IPMI Create User  ${random_userid}  ${random_username}
124
125    # Set valid password for newly created user.
126    Run IPMI Standard Command
127    ...  user set password ${random_userid} ${valid_password}
128
129    # Verify newly set password using test command.
130    ${msg}=  Run IPMI Standard Command
131    ...  user test ${random_userid} ${max_password_length} ${valid_password}
132
133    Should Contain  ${msg}  Success
134
135
136Verify Setting Valid Password For IPMI User
137    [Documentation]  Set valid password for IPMI user and verify.
138    [Tags]  Verify_Setting_Valid_Password_For_IPMI_User
139
140    # Create IPMI user.
141    ${random_username}=  Generate Random String  8  [LETTERS]
142    ${random_userid}=  Evaluate  random.randint(2, 15)  modules=random
143    IPMI Create User  ${random_userid}  ${random_username}
144
145    # Set valid password for newly created user.
146    Run IPMI Standard Command
147    ...  user set password ${random_userid} ${valid_password}
148
149    # Enable IPMI user
150    Run IPMI Standard Command  user enable ${random_userid}
151
152    # Set admin privilege and enable IPMI messaging for newly created user
153    Set Channel Access  ${random_userid}  ipmi=on privilege=${admin_level_priv}
154
155    Verify IPMI Username And Password  ${random_username}  ${valid_password}
156
157
158Verify IPMI User Creation With Same Name
159    [Documentation]  Verify error while creating two IPMI user with same name.
160    [Tags]  Verify_IPMI_User_Creation_With_Same_Name
161
162    ${random_username}=  Generate Random String  8  [LETTERS]
163    IPMI Create User  2  ${random_username}
164
165    # Set same username for another IPMI user.
166    ${msg}=  Run Keyword And Expect Error  *  Run IPMI Standard Command
167    ...  user set name 3 ${random_username}
168    Should Contain  ${msg}  Invalid data field in request
169
170
171Verify Setting IPMI User With Null Password
172    [Documentation]  Verify error while setting IPMI user with null
173    ...  password.
174    [Tags]  Verify_Setting_IPMI_User_With_Null_Password
175
176    # Create IPMI user.
177    ${random_username}=  Generate Random String  8  [LETTERS]
178    ${random_userid}=  Evaluate  random.randint(2, 15)  modules=random
179    IPMI Create User  ${random_userid}  ${random_username}
180
181    # Set null password for newly created user.
182    ${msg}=  Run Keyword And Expect Error  *  Run IPMI Standard Command
183    ...  user set password ${random_userid} ""
184
185    Should Contain  ${msg}  Invalid data field in request
186
187
188Verify IPMI User Deletion
189    [Documentation]  Delete user via IPMI and verify.
190    [Tags]  Verify_IPMI_User_Deletion
191
192    ${random_username}=  Generate Random String  8  [LETTERS]
193    ${random_userid}=  Evaluate  random.randint(2, 15)  modules=random
194    IPMI Create User  ${random_userid}  ${random_username}
195
196    # Delete IPMI User and verify
197    Run IPMI Standard Command  user set name ${random_userid} ""
198    ${user_info}=  Get User Info  ${random_userid}
199    Should Be Equal  ${user_info['user_name']}  ${EMPTY}
200
201
202Test IPMI User Privilege Level
203    [Documentation]  Verify IPMI user with user privilege can only run user level commands.
204    [Tags]  Test_IPMI_User_Privilege_Level
205    [Template]  Test IPMI User Privilege
206
207    #Privilege level     User Cmd Status  Operator Cmd Status  Admin Cmd Status
208    ${user_priv}         Passed           Failed               Failed
209
210
211Test IPMI Operator Privilege Level
212    [Documentation]  Verify IPMI user with operator privilege can only run user and operator levels commands.
213    ...  level is set to operator.
214    [Tags]  Test_IPMI_Operator_Privilege_Level
215    [Template]  Test IPMI User Privilege
216
217    #Privilege level     User Cmd Status  Operator Cmd Status  Admin Cmd Status
218    ${operator_priv}     Passed           Passed               Failed
219
220
221Test IPMI Administrator Privilege Level
222    [Documentation]  Verify IPMI user with admin privilege can run all levels command.
223    [Tags]  Test_IPMI_Administrator_Privilege_Level
224    [Template]  Test IPMI User Privilege
225
226    #Privilege level     User Cmd Status  Operator Cmd Status  Admin Cmd Status
227    ${admin_level_priv}  Passed           Passed               Passed
228
229
230Test IPMI No Access Privilege Level
231    [Documentation]  Verify IPMI user with no access privilege can not run only any level command.
232    [Tags]  Test_IPMI_No_Access_Privilege_Level
233    [Template]  Test IPMI User Privilege
234
235    #Privilege level     User Cmd Status  Operator Cmd Status  Admin Cmd Status
236    ${no_access_priv}    Failed           Failed               Failed
237
238
239Enable IPMI User And Verify
240    [Documentation]  Enable IPMI user and verify that the user is able
241    ...  to run IPMI command.
242    [Tags]  Enable_IPMI_User_And_Verify
243
244    # Create IPMI user and set valid password.
245    ${random_username}=  Generate Random String  8  [LETTERS]
246    ${random_userid}=  Evaluate  random.randint(2, 15)  modules=random
247    IPMI Create User  ${random_userid}  ${random_username}
248    Run IPMI Standard Command
249    ...  user set password ${random_userid} ${valid_password}
250
251    # Set admin privilege and enable IPMI messaging for newly created user.
252    Set Channel Access  ${random_userid}  ipmi=on privilege=${admin_level_priv}
253
254    # Enable IPMI user and verify.
255    Run IPMI Standard Command  user enable ${random_userid}
256    ${user_info}=  Get User Info  ${random_userid}
257    Should Be Equal  ${user_info['enable_status']}  enabled
258
259    # Verify that enabled IPMI  user is able to run IPMI command.
260    Verify IPMI Username And Password  ${random_username}  ${valid_password}
261
262
263Disable IPMI User And Verify
264    [Documentation]  Disable IPMI user and verify that that the user
265    ...  is unable to run IPMI command.
266    [Tags]  Disable_IPMI_User_And_Verify
267
268    # Create IPMI user and set valid password.
269    ${random_username}=  Generate Random String  8  [LETTERS]
270    ${random_userid}=  Evaluate  random.randint(2, 15)  modules=random
271    IPMI Create User  ${random_userid}  ${random_username}
272    Run IPMI Standard Command
273    ...  user set password ${random_userid} ${valid_password}
274
275    # Set admin privilege and enable IPMI messaging for newly created user.
276    Set Channel Access  ${random_userid}  ipmi=on privilege=${admin_level_priv}
277
278    # Disable IPMI user and verify.
279    Run IPMI Standard Command  user disable ${random_userid}
280    ${user_info}=  Get User Info  ${random_userid}
281    Should Be Equal  ${user_info['enable_status']}  disabled
282
283    # Verify that disabled IPMI  user is unable to run IPMI command.
284    ${msg}=  Run Keyword And Expect Error  *  Verify IPMI Username And Password
285    ...  ${random_username}  ${valid_password}
286    Should Contain  ${msg}  Unable to establish IPMI
287
288
289Verify IPMI Root User Password Change
290    [Documentation]  Change IPMI root user password and verify that
291    ...  root user is able to run IPMI command.
292    [Tags]  Verify_IPMI_Root_User_Password_Change
293    [Teardown]  Wait Until Keyword Succeeds  15 sec  5 sec
294    ...  Set Default Password For IPMI Root User
295
296    # Set new password for root user.
297    Run IPMI Standard Command
298    ...  user set password ${root_userid} ${valid_password}
299
300    # Verify that root user is able to run IPMI command using new password.
301    Verify IPMI Username And Password  root  ${valid_password}
302
303
304Verify Administrator And No Access Privilege For Different Channels
305    [Documentation]  Set administrator and no access privilege for different channels and verify.
306    [Tags]  Verify_Administrator_And_No_Access_Privilege_For_Different_Channels
307
308    # Create IPMI user and set valid password.
309    ${random_username}=  Generate Random String  8  [LETTERS]
310    ${random_userid}=  Evaluate  random.randint(2, 15)  modules=random
311    IPMI Create User  ${random_userid}  ${random_username}
312    Run IPMI Standard Command
313    ...  user set password ${random_userid} ${valid_password}
314
315    # Set admin privilege for newly created user with channel 1.
316    Set Channel Access  ${random_userid}  ipmi=on privilege=${admin_level_priv}  1
317
318    # Set no access privilege for newly created user with channel 2.
319    Set Channel Access  ${random_userid}  ipmi=on privilege=${no_access_priv}  2
320
321    # Enable IPMI user and verify.
322    Run IPMI Standard Command  user enable ${random_userid}
323    ${user_info}=  Get User Info  ${random_userid}
324    Should Be Equal  ${user_info['enable_status']}  enabled
325
326    # Verify that user is able to run administrator level IPMI command with channel 1.
327    Verify IPMI Command  ${random_username}  ${valid_password}  Administrator  1
328
329    # Verify that user is unable to run IPMI command with channel 2.
330    Run IPMI Standard Command  sel info 2  expected_rc=${1}  U=${random_username}  P=${valid_password}
331
332
333Verify Operator And User Privilege For Different Channels
334    [Documentation]  Set operator and user privilege for different channels and verify.
335    [Tags]  Verify_Operator_And_User_Privilege_For_Different_Channels
336
337    # Create IPMI user and set valid password.
338    ${random_username}=  Generate Random String  8  [LETTERS]
339    ${random_userid}=  Evaluate  random.randint(2, 15)  modules=random
340    IPMI Create User  ${random_userid}  ${random_username}
341    Run IPMI Standard Command
342    ...  user set password ${random_userid} ${valid_password}
343
344    # Set operator privilege for newly created user with channel 1.
345    Set Channel Access  ${random_userid}  ipmi=on privilege=${operator_priv}  1
346
347    # Set user privilege for newly created user with channel 2.
348    Set Channel Access  ${random_userid}  ipmi=on privilege=${user_priv}  2
349
350    # Enable IPMI user and verify.
351    Run IPMI Standard Command  user enable ${random_userid}
352    ${user_info}=  Get User Info  ${random_userid}
353    Should Be Equal  ${user_info['enable_status']}  enabled
354
355    # Verify that user is able to run operator level IPMI command with channel 1.
356    Verify IPMI Command  ${random_username}  ${valid_password}  Operator  1
357
358    # Verify that user is able to run user level IPMI command with channel 2.
359    Verify IPMI Command  ${random_username}  ${valid_password}  User  2
360
361
362*** Keywords ***
363
364Set Default Password For IPMI Root User
365    [Documentation]  Set default password for IPMI root user (i.e. 0penBmc).
366    # Set default password for root user.
367    ${result}=  Run External IPMI Standard Command
368    ...  user set password ${root_userid} ${OPENBMC_PASSWORD}
369    ...  P=${valid_password}
370    Should Contain  ${result}  Set User Password command successful
371
372    # Verify that root user is able to run IPMI command using default password.
373    Verify IPMI Username And Password  root  ${OPENBMC_PASSWORD}
374
375
376Test IPMI User Privilege
377    [Documentation]  Test IPMI user privilege by executing IPMI command with different privileges.
378    [Arguments]  ${privilege_level}  ${user_cmd_status}  ${operator_cmd_status}  ${admin_cmd_status}
379
380    # Description of argument(s):
381    # privilege_level     Privilege level of IPMI user (e.g. 4, 3).
382    # user_cmd_status     Expected status of IPMI command run with the "User"
383    #                     privilege (i.e. "Passed" or "Failed").
384    # operator_cmd_status Expected status of IPMI command run with the "Operator"
385    #                     privilege (i.e. "Passed" or "Failed").
386    # admin_cmd_status    Expected status of IPMI command run with the "Administrator"
387    #                     privilege (i.e. "Passed" or "Failed").
388
389    # Create IPMI user and set valid password.
390    ${random_username}=  Generate Random String  8  [LETTERS]
391    ${random_userid}=  Evaluate  random.randint(2, 15)  modules=random
392    IPMI Create User  ${random_userid}  ${random_username}
393    Run IPMI Standard Command
394    ...  user set password ${random_userid} ${valid_password}
395
396    # Set privilege and enable IPMI messaging for newly created user.
397    Set Channel Access  ${random_userid}  ipmi=on privilege=${privilege_level}
398
399    # Enable IPMI user and verify.
400    Run IPMI Standard Command  user enable ${random_userid}
401    ${user_info}=  Get User Info  ${random_userid}
402    Should Be Equal  ${user_info['enable_status']}  enabled
403
404    Verify IPMI Command  ${random_username}  ${valid_password}  User
405    ...  expected_status=${user_cmd_status}
406    Verify IPMI Command  ${random_username}  ${valid_password}  Operator
407    ...  expected_status=${operator_cmd_status}
408    Verify IPMI Command  ${random_username}  ${valid_password}  Administrator
409    ...  expected_status=${admin_cmd_status}
410
411
412Verify IPMI Command
413    [Documentation]  Verify IPMI command execution with given username,
414    ...  password, privilege and expected status.
415    [Arguments]  ${username}  ${password}  ${privilege}  ${channel}=${1}  ${expected_status}=Passed
416    # Description of argument(s):
417    # username         The user name (e.g. "root", "robert", etc.).
418    # password         The user password (e.g. "0penBmc", "0penBmc1", etc.).
419    # privilege        The session privilge for IPMI command (e.g. "User", "Operator", etc.).
420    # channel          The user channel number (e.g. "1" or "2").
421    # expected_status  Expected status of IPMI command run with the user
422    #                  of above password and privilege (i.e. "Passed" or "Failed").
423
424    ${expected_rc}=  Set Variable If  '${expected_status}' == 'Passed'  ${0}  ${1}
425    Run IPMI Standard Command  sel info ${channel}  expected_rc=${expected_rc}  U=${username}  P=${password}
426    ...  L=${privilege}
427
428
429Test Teardown Execution
430    [Documentation]  Do the test teardown execution.
431
432    FFDC On Test Case Fail
433    Delete All Non Root IPMI User
434