1*** Settings ***
2Documentation       Test suite for OpenBMC IPMI user management.
3
4Resource            ../lib/ipmi_client.robot
5Resource            ../lib/openbmc_ffdc.robot
6Library             ../lib/ipmi_utils.py
7
8Test Teardown       Test Teardown Execution
9
10
11*** Variables ***
12
13${invalid_username}     user%
14${invalid_password}     abc123
15${root_userid}          1
16${operator_level_priv}  0x3
17${user_priv}            2
18${operator_priv}        3
19${admin_level_priv}     4
20${no_access_priv}       15
21${valid_password}       0penBmc1
22${max_password_length}  20
23${ipmi_setaccess_cmd}   channel setaccess
24
25
26*** Test Cases ***
27
28Verify IPMI User Summary
29    [Documentation]  Verify IPMI maximum supported IPMI user ID and
30    ...  enabled user form user summary
31    [Tags]  Verify_IPMI_User_Summary
32
33    # Delete all non-root IPMI (i.e. except userid 1)
34    Delete All Non Root IPMI User
35
36    # Create a valid user and enable it.
37    ${random_username}=  Generate Random String  8  [LETTERS]
38    ${random_userid}=  Evaluate  random.randint(2, 15)  modules=random
39    IPMI Create User  ${random_userid}  ${random_username}
40    Run IPMI Standard Command  user enable ${random_userid}
41
42    # Verify maximum user count IPMI local user can have. Also verify
43    # currently enabled users.
44    ${resp}=  Run IPMI Standard Command  user summary
45    ${enabled_user_count}=
46    ...  Get Lines Containing String  ${resp}  Enabled User Count
47    ${maximum_ids}=  Get Lines Containing String  ${resp}  Maximum IDs
48    Should Contain  ${enabled_user_count}  2
49    Should Contain  ${maximum_ids}  15
50
51
52Verify IPMI User Creation With Valid Name And ID
53    [Documentation]  Create user via IPMI and verify.
54    [Tags]  Test_IPMI_User_Creation_With_Valid_Name_And_ID
55
56    ${random_username}=  Generate Random String  8  [LETTERS]
57    ${random_userid}=  Evaluate  random.randint(2, 15)  modules=random
58    IPMI Create User  ${random_userid}  ${random_username}
59
60
61Verify IPMI User Creation With Invalid Name
62    [Documentation]  Verify error while creating IPMI user with invalid
63    ...  name(e.g. user name with special characters).
64    [Tags]  Verify_IPMI_User_Creation_With_Invalid_Name
65
66    ${random_userid}=  Evaluate  random.randint(2, 15)  modules=random
67    ${msg}=  Run Keyword And Expect Error  *  Run IPMI Standard Command
68    ...  user set name ${random_userid} ${invalid_username}
69    Should Contain  ${msg}  Invalid data
70
71
72Verify IPMI User Creation With Invalid ID
73    [Documentation]  Verify error while creating IPMI user with invalid
74    ...  ID(i.e. any number greater than 15 or 0).
75    [Tags]  Verify_IPMI_User_Creation_With_Invalid_ID
76
77    @{id_list}=  Create List
78    ${random_invalid_id}=  Evaluate  random.randint(16, 1000)  modules=random
79    Append To List  ${id_list}  ${random_invalid_id}
80    Append To List  ${id_list}  0
81
82    FOR  ${id}  IN  @{id_list}
83      ${msg}=  Run Keyword And Expect Error  *  Run IPMI Standard Command
84      ...  user set name ${id} newuser
85      Should Contain  ${msg}  User ID is limited to range
86    END
87
88Verify Setting IPMI User With Invalid Password
89    [Documentation]  Verify error while setting IPMI user with invalid
90    ...  password.
91    [Tags]  Verify_Setting_IPMI_User_With_Invalid_Password
92
93    # Create IPMI user.
94    ${random_username}=  Generate Random String  8  [LETTERS]
95    ${random_userid}=  Evaluate  random.randint(2, 15)  modules=random
96    IPMI Create User  ${random_userid}  ${random_username}
97
98    # Set invalid password for newly created user.
99    ${msg}=  Run Keyword And Expect Error  *  Run IPMI Standard Command
100    ...  user set password ${random_userid} ${invalid_password}
101
102    Should Contain  ${msg}  Set User Name command failed
103
104
105Verify Setting IPMI Root User With New Name
106    [Documentation]  Verify error while setting IPMI root user with new
107    ...  name.
108    [Tags]  Verify_Setting_IPMI_Root_User_With_New_Name
109
110    # Set invalid password for newly created user.
111    ${msg}=  Run Keyword And Expect Error  *  Run IPMI Standard Command
112    ...  user set name ${root_userid} abcd
113
114    Should Contain  ${msg}  Set User Name command failed
115
116
117Verify IPMI User Password Via Test Command
118    [Documentation]  Verify IPMI user password using test command.
119    [Tags]  Verify_IPMI_User_Password_Via_Test_Command
120
121    # Create IPMI user.
122    ${random_username}=  Generate Random String  8  [LETTERS]
123    ${random_userid}=  Evaluate  random.randint(2, 15)  modules=random
124    IPMI Create User  ${random_userid}  ${random_username}
125
126    # Set valid password for newly created user.
127    Run IPMI Standard Command
128    ...  user set password ${random_userid} ${valid_password}
129
130    # Verify newly set password using test command.
131    ${msg}=  Run IPMI Standard Command
132    ...  user test ${random_userid} ${max_password_length} ${valid_password}
133
134    Should Contain  ${msg}  Success
135
136
137Verify Setting Valid Password For IPMI User
138    [Documentation]  Set valid password for IPMI user and verify.
139    [Tags]  Verify_Setting_Valid_Password_For_IPMI_User
140
141    # Create IPMI user.
142    ${random_username}=  Generate Random String  8  [LETTERS]
143    ${random_userid}=  Evaluate  random.randint(2, 15)  modules=random
144    IPMI Create User  ${random_userid}  ${random_username}
145
146    # Set valid password for newly created user.
147    Run IPMI Standard Command
148    ...  user set password ${random_userid} ${valid_password}
149
150    # Enable IPMI user
151    Run IPMI Standard Command  user enable ${random_userid}
152
153    # Set admin privilege and enable IPMI messaging for newly created user
154    Set Channel Access  ${random_userid}  ipmi=on privilege=${admin_level_priv}
155
156    Verify IPMI Username And Password  ${random_username}  ${valid_password}
157
158
159Verify IPMI User Creation With Same Name
160    [Documentation]  Verify error while creating two IPMI user with same name.
161    [Tags]  Verify_IPMI_User_Creation_With_Same_Name
162
163    ${random_username}=  Generate Random String  8  [LETTERS]
164    IPMI Create User  2  ${random_username}
165
166    # Set same username for another IPMI user.
167    ${msg}=  Run Keyword And Expect Error  *  Run IPMI Standard Command
168    ...  user set name 3 ${random_username}
169    Should Contain  ${msg}  Invalid data field in request
170
171
172Verify Setting IPMI User With Null Password
173    [Documentation]  Verify error while setting IPMI user with null
174    ...  password.
175    [Tags]  Verify_Setting_IPMI_User_With_Null_Password
176
177    # Create IPMI user.
178    ${random_username}=  Generate Random String  8  [LETTERS]
179    ${random_userid}=  Evaluate  random.randint(2, 15)  modules=random
180    IPMI Create User  ${random_userid}  ${random_username}
181
182    # Set null password for newly created user.
183    ${msg}=  Run Keyword And Expect Error  *  Run IPMI Standard Command
184    ...  user set password ${random_userid} ""
185
186    Should Contain  ${msg}  Invalid data field in request
187
188
189Verify IPMI User Deletion
190    [Documentation]  Delete user via IPMI and verify.
191    [Tags]  Verify_IPMI_User_Deletion
192
193    ${random_username}=  Generate Random String  8  [LETTERS]
194    ${random_userid}=  Evaluate  random.randint(2, 15)  modules=random
195    IPMI Create User  ${random_userid}  ${random_username}
196
197    # Delete IPMI User and verify
198    Run IPMI Standard Command  user set name ${random_userid} ""
199    ${user_info}=  Get User Info  ${random_userid}
200    Should Be Equal  ${user_info['user_name']}  ${EMPTY}
201
202
203Test IPMI User Privilege Level
204    [Documentation]  Verify IPMI user with user privilege can only run user level commands.
205    [Tags]  Test_IPMI_User_Privilege_Level
206    [Template]  Test IPMI User Privilege
207
208    #Privilege level     User Cmd Status  Operator Cmd Status  Admin Cmd Status
209    ${user_priv}         Passed           Failed               Failed
210
211
212Test IPMI Operator Privilege Level
213    [Documentation]  Verify IPMI user with operator privilege can only run user and operator levels commands.
214    ...  level is set to operator.
215    [Tags]  Test_IPMI_Operator_Privilege_Level
216    [Template]  Test IPMI User Privilege
217
218    #Privilege level     User Cmd Status  Operator Cmd Status  Admin Cmd Status
219    ${operator_priv}     Passed           Passed               Failed
220
221
222Test IPMI Administrator Privilege Level
223    [Documentation]  Verify IPMI user with admin privilege can run all levels command.
224    [Tags]  Test_IPMI_Administrator_Privilege_Level
225    [Template]  Test IPMI User Privilege
226
227    #Privilege level     User Cmd Status  Operator Cmd Status  Admin Cmd Status
228    ${admin_level_priv}  Passed           Passed               Passed
229
230
231Test IPMI No Access Privilege Level
232    [Documentation]  Verify IPMI user with no access privilege can not run only any level command.
233    [Tags]  Test_IPMI_No_Access_Privilege_Level
234    [Template]  Test IPMI User Privilege
235
236    #Privilege level     User Cmd Status  Operator Cmd Status  Admin Cmd Status
237    ${no_access_priv}    Failed           Failed               Failed
238
239
240Enable IPMI User And Verify
241    [Documentation]  Enable IPMI user and verify that the user is able
242    ...  to run IPMI command.
243    [Tags]  Enable_IPMI_User_And_Verify
244
245    # Create IPMI user and set valid password.
246    ${random_username}=  Generate Random String  8  [LETTERS]
247    ${random_userid}=  Evaluate  random.randint(2, 15)  modules=random
248    IPMI Create User  ${random_userid}  ${random_username}
249    Run IPMI Standard Command
250    ...  user set password ${random_userid} ${valid_password}
251
252    # Set admin privilege and enable IPMI messaging for newly created user.
253    Set Channel Access  ${random_userid}  ipmi=on privilege=${admin_level_priv}
254
255    # Enable IPMI user and verify.
256    Run IPMI Standard Command  user enable ${random_userid}
257    ${user_info}=  Get User Info  ${random_userid}
258    Should Be Equal  ${user_info['enable_status']}  enabled
259
260    # Verify that enabled IPMI  user is able to run IPMI command.
261    Verify IPMI Username And Password  ${random_username}  ${valid_password}
262
263
264Disable IPMI User And Verify
265    [Documentation]  Disable IPMI user and verify that that the user
266    ...  is unable to run IPMI command.
267    [Tags]  Disable_IPMI_User_And_Verify
268
269    # Create IPMI user and set valid password.
270    ${random_username}=  Generate Random String  8  [LETTERS]
271    ${random_userid}=  Evaluate  random.randint(2, 15)  modules=random
272    IPMI Create User  ${random_userid}  ${random_username}
273    Run IPMI Standard Command
274    ...  user set password ${random_userid} ${valid_password}
275
276    # Set admin privilege and enable IPMI messaging for newly created user.
277    Set Channel Access  ${random_userid}  ipmi=on privilege=${admin_level_priv}
278
279    # Disable IPMI user and verify.
280    Run IPMI Standard Command  user disable ${random_userid}
281    ${user_info}=  Get User Info  ${random_userid}
282    Should Be Equal  ${user_info['enable_status']}  disabled
283
284    # Verify that disabled IPMI  user is unable to run IPMI command.
285    ${msg}=  Run Keyword And Expect Error  *  Verify IPMI Username And Password
286    ...  ${random_username}  ${valid_password}
287    Should Contain  ${msg}  Unable to establish IPMI
288
289
290Verify IPMI Root User Password Change
291    [Documentation]  Change IPMI root user password and verify that
292    ...  root user is able to run IPMI command.
293    [Tags]  Verify_IPMI_Root_User_Password_Change
294    [Teardown]  Wait Until Keyword Succeeds  15 sec  5 sec
295    ...  Set Default Password For IPMI Root User
296
297    # Set new password for root user.
298    Run IPMI Standard Command
299    ...  user set password ${root_userid} ${valid_password}
300
301    # Verify that root user is able to run IPMI command using new password.
302    Verify IPMI Username And Password  root  ${valid_password}
303
304
305Verify Administrator And No Access Privilege For Different Channels
306    [Documentation]  Set administrator and no access privilege for different channels and verify.
307    [Tags]  Verify_Administrator_And_No_Access_Privilege_For_Different_Channels
308
309    # Create IPMI user and set valid password.
310    ${random_username}=  Generate Random String  8  [LETTERS]
311    ${random_userid}=  Evaluate  random.randint(2, 15)  modules=random
312    IPMI Create User  ${random_userid}  ${random_username}
313    Run IPMI Standard Command
314    ...  user set password ${random_userid} ${valid_password}
315
316    # Set admin privilege for newly created user with channel 1.
317    Set Channel Access  ${random_userid}  ipmi=on privilege=${admin_level_priv}  1
318
319    # Set no access privilege for newly created user with channel 2.
320    Set Channel Access  ${random_userid}  ipmi=on privilege=${no_access_priv}  2
321
322    # Enable IPMI user and verify.
323    Run IPMI Standard Command  user enable ${random_userid}
324    ${user_info}=  Get User Info  ${random_userid}
325    Should Be Equal  ${user_info['enable_status']}  enabled
326
327    # Verify that user is able to run administrator level IPMI command with channel 1.
328    Verify IPMI Command  ${random_username}  ${valid_password}  Administrator  1
329
330    # Verify that user is unable to run IPMI command with channel 2.
331    Run IPMI Standard Command  sel info 2  expected_rc=${1}  U=${random_username}  P=${valid_password}
332
333
334Verify Operator And User Privilege For Different Channels
335    [Documentation]  Set operator and user privilege for different channels and verify.
336    [Tags]  Verify_Operator_And_User_Privilege_For_Different_Channels
337
338    # Create IPMI user and set valid password.
339    ${random_username}=  Generate Random String  8  [LETTERS]
340    ${random_userid}=  Evaluate  random.randint(2, 15)  modules=random
341    IPMI Create User  ${random_userid}  ${random_username}
342    Run IPMI Standard Command
343    ...  user set password ${random_userid} ${valid_password}
344
345    # Set operator privilege for newly created user with channel 1.
346    Set Channel Access  ${random_userid}  ipmi=on privilege=${operator_priv}  1
347
348    # Set user privilege for newly created user with channel 2.
349    Set Channel Access  ${random_userid}  ipmi=on privilege=${user_priv}  2
350
351    # Enable IPMI user and verify.
352    Run IPMI Standard Command  user enable ${random_userid}
353    ${user_info}=  Get User Info  ${random_userid}
354    Should Be Equal  ${user_info['enable_status']}  enabled
355
356    # Verify that user is able to run operator level IPMI command with channel 1.
357    Verify IPMI Command  ${random_username}  ${valid_password}  Operator  1
358
359    # Verify that user is able to run user level IPMI command with channel 2.
360    Verify IPMI Command  ${random_username}  ${valid_password}  User  2
361
362
363*** Keywords ***
364
365Set Default Password For IPMI Root User
366    [Documentation]  Set default password for IPMI root user (i.e. 0penBmc).
367    # Set default password for root user.
368    ${result}=  Run External IPMI Standard Command
369    ...  user set password ${root_userid} ${OPENBMC_PASSWORD}
370    ...  P=${valid_password}
371    Should Contain  ${result}  Set User Password command successful
372
373    # Verify that root user is able to run IPMI command using default password.
374    Verify IPMI Username And Password  root  ${OPENBMC_PASSWORD}
375
376
377Test IPMI User Privilege
378    [Documentation]  Test IPMI user privilege by executing IPMI command with different privileges.
379    [Arguments]  ${privilege_level}  ${user_cmd_status}  ${operator_cmd_status}  ${admin_cmd_status}
380
381    # Description of argument(s):
382    # privilege_level     Privilege level of IPMI user (e.g. 4, 3).
383    # user_cmd_status     Expected status of IPMI command run with the "User"
384    #                     privilege (i.e. "Passed" or "Failed").
385    # operator_cmd_status Expected status of IPMI command run with the "Operator"
386    #                     privilege (i.e. "Passed" or "Failed").
387    # admin_cmd_status    Expected status of IPMI command run with the "Administrator"
388    #                     privilege (i.e. "Passed" or "Failed").
389
390    # Create IPMI user and set valid password.
391    ${random_username}=  Generate Random String  8  [LETTERS]
392    ${random_userid}=  Evaluate  random.randint(2, 15)  modules=random
393    IPMI Create User  ${random_userid}  ${random_username}
394    Run IPMI Standard Command
395    ...  user set password ${random_userid} ${valid_password}
396
397    # Set privilege and enable IPMI messaging for newly created user.
398    Set Channel Access  ${random_userid}  ipmi=on privilege=${privilege_level}
399
400    # Enable IPMI user and verify.
401    Run IPMI Standard Command  user enable ${random_userid}
402    ${user_info}=  Get User Info  ${random_userid}
403    Should Be Equal  ${user_info['enable_status']}  enabled
404
405    Verify IPMI Command  ${random_username}  ${valid_password}  User
406    ...  expected_status=${user_cmd_status}
407    Verify IPMI Command  ${random_username}  ${valid_password}  Operator
408    ...  expected_status=${operator_cmd_status}
409    Verify IPMI Command  ${random_username}  ${valid_password}  Administrator
410    ...  expected_status=${admin_cmd_status}
411
412
413Verify IPMI Command
414    [Documentation]  Verify IPMI command execution with given username,
415    ...  password, privilege and expected status.
416    [Arguments]  ${username}  ${password}  ${privilege}  ${channel}=${1}  ${expected_status}=Passed
417    # Description of argument(s):
418    # username         The user name (e.g. "root", "robert", etc.).
419    # password         The user password (e.g. "0penBmc", "0penBmc1", etc.).
420    # privilege        The session privilge for IPMI command (e.g. "User", "Operator", etc.).
421    # channel          The user channel number (e.g. "1" or "2").
422    # expected_status  Expected status of IPMI command run with the user
423    #                  of above password and privilege (i.e. "Passed" or "Failed").
424
425    ${expected_rc}=  Set Variable If  '${expected_status}' == 'Passed'  ${0}  ${1}
426    Run IPMI Standard Command  sel info ${channel}  expected_rc=${expected_rc}  U=${username}  P=${password}
427    ...  L=${privilege}
428
429
430Test Teardown Execution
431    [Documentation]  Do the test teardown execution.
432
433    FFDC On Test Case Fail
434    Delete All Non Root IPMI User
435