1*** Settings ***
2Documentation       Test suite for OpenBMC IPMI user management.
3
4Resource            ../lib/ipmi_client.robot
5Resource            ../lib/openbmc_ffdc.robot
6Library             ../lib/ipmi_utils.py
7Test Setup          Printn
8
9Test Teardown       Test Teardown Execution
10Suite Teardown      Delete All Non Root IPMI User
11
12*** Variables ***
13
14${invalid_username}     user%
15${invalid_password}     abc123
16${root_userid}          1
17${operator_level_priv}  0x3
18${user_priv}            2
19${operator_priv}        3
20${admin_level_priv}     4
21${no_access_priv}       15
22${valid_password}       0penBmc1
23${max_password_length}  20
24${ipmi_setaccess_cmd}   channel setaccess
25&{password_values}      16=0penBmc10penBmc2  17=0penBmc10penBmc2B
26              ...       20=0penBmc10penBmc2Bmc3  21=0penBmc10penBmc2Bmc34
27
28
29*** Test Cases ***
30
31Verify IPMI User Summary
32    [Documentation]  Verify IPMI maximum supported IPMI user ID and
33    ...  enabled user form user summary
34    [Tags]  Verify_IPMI_User_Summary
35
36    # Delete all non-root IPMI (i.e. except userid 1)
37    Delete All Non Root IPMI User
38
39    ${random_userid}  ${random_username}=  Create Random IPMI User
40    Run IPMI Standard Command  user enable ${random_userid}
41
42    # Verify maximum user count IPMI local user can have. Also verify
43    # currently enabled users.
44    ${resp}=  Wait Until Keyword Succeeds  15 sec  5 sec  Run IPMI Standard Command  user summary
45    ${enabled_user_count}=
46    ...  Get Lines Containing String  ${resp}  Enabled User Count
47    ${maximum_ids}=  Get Lines Containing String  ${resp}  Maximum IDs
48    Should Contain  ${enabled_user_count}  2
49    Should Contain  ${maximum_ids}  15
50
51
52Verify IPMI User Creation With Valid Name And ID
53    [Documentation]  Create user via IPMI and verify.
54    [Tags]  Test_IPMI_User_Creation_With_Valid_Name_And_ID
55
56    ${random_userid}  ${random_username}=  Create Random IPMI User
57
58
59Verify IPMI User Creation With Invalid Name
60    [Documentation]  Verify error while creating IPMI user with invalid
61    ...  name(e.g. user name with special characters).
62    [Tags]  Verify_IPMI_User_Creation_With_Invalid_Name
63
64    ${random_userid}=  Evaluate  random.randint(2, 15)  modules=random
65    ${msg}=  Run Keyword And Expect Error  *  Run IPMI Standard Command
66    ...  user set name ${random_userid} ${invalid_username}
67    Should Contain  ${msg}  Invalid data
68
69
70Verify IPMI User Creation With Invalid ID
71    [Documentation]  Verify error while creating IPMI user with invalid
72    ...  ID(i.e. any number greater than 15 or 0).
73    [Tags]  Verify_IPMI_User_Creation_With_Invalid_ID
74
75    @{id_list}=  Create List
76    ${random_invalid_id}=  Evaluate  random.randint(16, 1000)  modules=random
77    Append To List  ${id_list}  ${random_invalid_id}
78    Append To List  ${id_list}  0
79
80    FOR  ${id}  IN  @{id_list}
81      ${msg}=  Run Keyword And Expect Error  *  Run IPMI Standard Command
82      ...  user set name ${id} newuser
83      Should Contain  ${msg}  User ID is limited to range
84    END
85
86Verify Setting IPMI User With Invalid Password
87    [Documentation]  Verify error while setting IPMI user with invalid
88    ...  password.
89    [Tags]  Verify_Setting_IPMI_User_With_Invalid_Password
90
91    ${random_userid}  ${random_username}=  Create Random IPMI User
92
93    # Set invalid password for newly created user.
94    ${msg}=  Run Keyword And Expect Error  *  Run IPMI Standard Command
95    ...  user set password ${random_userid} ${invalid_password}
96
97    Should Contain  ${msg}  Set User Password command failed
98
99Verify Setting IPMI Root User With New Name
100    [Documentation]  Verify error while setting IPMI root user with new
101    ...  name.
102    [Tags]  Verify_Setting_IPMI_Root_User_With_New_Name
103
104    # Set invalid password for newly created user.
105    ${msg}=  Run Keyword And Expect Error  *  Run IPMI Standard Command
106    ...  user set name ${root_userid} abcd
107
108    Should Contain  ${msg}  Set User Name command failed
109
110
111Verify IPMI User Password Via Test Command
112    [Documentation]  Verify IPMI user password using test command.
113    [Tags]  Verify_IPMI_User_Password_Via_Test_Command
114
115    ${random_userid}  ${random_username}=  Create Random IPMI User
116
117    # Set valid password for newly created user.
118    Run IPMI Standard Command
119    ...  user set password ${random_userid} ${valid_password}
120
121    # Verify newly set password using test command.
122    ${msg}=  Run IPMI Standard Command
123    ...  user test ${random_userid} ${max_password_length} ${valid_password}
124
125    Should Contain  ${msg}  Success
126
127
128Verify Setting Valid Password For IPMI User
129    [Documentation]  Set valid password for IPMI user and verify.
130    [Tags]  Verify_Setting_Valid_Password_For_IPMI_User
131
132    ${random_userid}  ${random_username}=  Create Random IPMI User
133
134    # Set valid password for newly created user.
135    Run IPMI Standard Command
136    ...  user set password ${random_userid} ${valid_password}
137
138    Run IPMI Standard Command  user enable ${random_userid}
139
140    # Delay added for IPMI user to get enable
141    Sleep  5s
142
143    # Set admin privilege and enable IPMI messaging for newly created user
144    Set Channel Access  ${random_userid}  ipmi=on privilege=${admin_level_priv}
145
146    Verify IPMI Username And Password  ${random_username}  ${valid_password}
147
148
149Verify IPMI User Creation With Same Name
150    [Documentation]  Verify error while creating two IPMI user with same name.
151    [Tags]  Verify_IPMI_User_Creation_With_Same_Name
152
153    ${random_username}=  Generate Random String  8  [LETTERS]
154    IPMI Create User  2  ${random_username}
155
156    # Set same username for another IPMI user.
157    ${msg}=  Run Keyword And Expect Error  *  Run IPMI Standard Command
158    ...  user set name 3 ${random_username}
159    Should Contain  ${msg}  Invalid data field in request
160
161
162Verify Setting IPMI User With Null Password
163    [Documentation]  Verify error while setting IPMI user with null
164    ...  password.
165    [Tags]  Verify_Setting_IPMI_User_With_Null_Password
166
167    ${random_userid}  ${random_username}=  Create Random IPMI User
168
169    # Set null password for newly created user.
170    ${msg}=  Run Keyword And Expect Error  *  Run IPMI Standard Command
171    ...  user set password ${random_userid} ""
172
173    Should Contain  ${msg}  Invalid data field in request
174
175
176Verify IPMI User Deletion
177    [Documentation]  Delete user via IPMI and verify.
178    [Tags]  Verify_IPMI_User_Deletion
179
180    ${random_userid}  ${random_username}=  Create Random IPMI User
181
182    # Delete IPMI User and verify
183    Run IPMI Standard Command  user set name ${random_userid} ""
184    ${user_info}=  Get User Info  ${random_userid}
185    Should Be Equal  ${user_info['user_name']}  ${EMPTY}
186
187
188Test IPMI User Privilege Level
189    [Documentation]  Verify IPMI user with user privilege can only run user level commands.
190    [Tags]  Test_IPMI_User_Privilege_Level
191    [Template]  Test IPMI User Privilege
192
193    #Privilege level     User Cmd Status  Operator Cmd Status  Admin Cmd Status
194    ${user_priv}         Passed           Failed               Failed
195
196
197Test IPMI Operator Privilege Level
198    [Documentation]  Verify IPMI user with operator privilege can only run user and operator levels commands.
199    ...  level is set to operator.
200    [Tags]  Test_IPMI_Operator_Privilege_Level
201    [Template]  Test IPMI User Privilege
202
203    #Privilege level     User Cmd Status  Operator Cmd Status  Admin Cmd Status
204    ${operator_priv}     Passed           Passed               Failed
205
206
207Test IPMI Administrator Privilege Level
208    [Documentation]  Verify IPMI user with admin privilege can run all levels command.
209    [Tags]  Test_IPMI_Administrator_Privilege_Level
210    [Template]  Test IPMI User Privilege
211
212    #Privilege level     User Cmd Status  Operator Cmd Status  Admin Cmd Status
213    ${admin_level_priv}  Passed           Passed               Passed
214
215
216Test IPMI No Access Privilege Level
217    [Documentation]  Verify IPMI user with no access privilege can not run only any level command.
218    [Tags]  Test_IPMI_No_Access_Privilege_Level
219    [Template]  Test IPMI User Privilege
220
221    #Privilege level     User Cmd Status  Operator Cmd Status  Admin Cmd Status
222    ${no_access_priv}    Failed           Failed               Failed
223
224
225Enable IPMI User And Verify
226    [Documentation]  Enable IPMI user and verify that the user is able
227    ...  to run IPMI command.
228    [Tags]  Enable_IPMI_User_And_Verify
229
230    ${random_userid}  ${random_username}=  Create Random IPMI User
231    Run IPMI Standard Command
232    ...  user set password ${random_userid} ${valid_password}
233
234    # Set admin privilege and enable IPMI messaging for newly created user.
235    Set Channel Access  ${random_userid}  ipmi=on privilege=${admin_level_priv}
236
237    # Delay added for user privilege to get set.
238    Sleep  5s
239
240    Enable IPMI User And Verify  ${random_userid}
241
242    # Verify that enabled IPMI  user is able to run IPMI command.
243    Verify IPMI Username And Password  ${random_username}  ${valid_password}
244
245
246Disable IPMI User And Verify
247    [Documentation]  Disable IPMI user and verify that that the user
248    ...  is unable to run IPMI command.
249    [Tags]  Disable_IPMI_User_And_Verify
250
251    ${random_userid}  ${random_username}=  Create Random IPMI User
252    Run IPMI Standard Command
253    ...  user set password ${random_userid} ${valid_password}
254
255    # Set admin privilege and enable IPMI messaging for newly created user.
256    Set Channel Access  ${random_userid}  ipmi=on privilege=${admin_level_priv}
257
258    # Disable IPMI user and verify.
259    Run IPMI Standard Command  user disable ${random_userid}
260    ${user_info}=  Get User Info  ${random_userid}
261    Should Be Equal  ${user_info['enable_status']}  disabled
262
263    # Verify that disabled IPMI  user is unable to run IPMI command.
264    ${msg}=  Run Keyword And Expect Error  *  Verify IPMI Username And Password
265    ...  ${random_username}  ${valid_password}
266    Should Contain  ${msg}  Unable to establish IPMI
267
268
269Verify IPMI Root User Password Change
270    [Documentation]  Change IPMI root user password and verify that
271    ...  root user is able to run IPMI command.
272    [Tags]  Verify_IPMI_Root_User_Password_Change
273    [Teardown]  Wait Until Keyword Succeeds  15 sec  5 sec
274    ...  Set Default Password For IPMI Root User
275
276    # Set new password for root user.
277    Run IPMI Standard Command
278    ...  user set password ${root_userid} ${valid_password}
279
280    # Verify that root user is able to run IPMI command using new password.
281    Wait Until Keyword Succeeds  15 sec  5 sec  Verify IPMI Username And Password
282    ...  root  ${valid_password}
283
284
285Verify Administrator And No Access Privilege For Different Channels
286    [Documentation]  Set administrator and no access privilege for different channels and verify.
287    [Tags]  Verify_Administrator_And_No_Access_Privilege_For_Different_Channels
288
289    ${random_userid}  ${random_username}=  Create Random IPMI User
290    Run IPMI Standard Command
291    ...  user set password ${random_userid} ${valid_password}
292
293    # Set admin privilege for newly created user with channel 1.
294    Set Channel Access  ${random_userid}  ipmi=on privilege=${admin_level_priv}  1
295
296    # Set no access privilege for newly created user with channel 2.
297    Set Channel Access  ${random_userid}  ipmi=on privilege=${no_access_priv}  2
298
299    Enable IPMI User And Verify  ${random_userid}
300
301    # Verify that user is able to run administrator level IPMI command with channel 1.
302    Verify IPMI Command  ${random_username}  ${valid_password}  Administrator  1
303
304    # Verify that user is unable to run IPMI command with channel 2.
305    Run IPMI Standard Command  sel info 2  expected_rc=${1}  U=${random_username}  P=${valid_password}
306
307
308Verify Operator And User Privilege For Different Channels
309    [Documentation]  Set operator and user privilege for different channels and verify.
310    [Tags]  Verify_Operator_And_User_Privilege_For_Different_Channels
311
312    ${random_userid}  ${random_username}=  Create Random IPMI User
313    Run IPMI Standard Command
314    ...  user set password ${random_userid} ${valid_password}
315
316    # Set operator privilege for newly created user with channel 1.
317    Set Channel Access  ${random_userid}  ipmi=on privilege=${operator_priv}  1
318
319    # Set user privilege for newly created user with channel 2.
320    Set Channel Access  ${random_userid}  ipmi=on privilege=${user_priv}  2
321
322    Enable IPMI User And Verify  ${random_userid}
323
324    # Verify that user is able to run operator level IPMI command with channel 1.
325    Verify IPMI Command  ${random_username}  ${valid_password}  Operator  1
326
327    # Verify that user is able to run user level IPMI command with channel 2.
328    Verify IPMI Command  ${random_username}  ${valid_password}  User  2
329
330
331Verify Setting IPMI User With Max Password Length
332    [Documentation]  Verify IPMI user creation with password length of 20 characters.
333    [Tags]  Verify_Setting_IPMI_User_With_Max_Password_Length
334    [Template]  Set User Password And Verify
335
336    # password_length  password_option  expected_status
337    20                 20               ${True}
338
339
340Verify Setting IPMI User With Invalid Password Length
341    [Documentation]  Verify that IPMI user cannot be set with 21 character password using 16 char
342    ...  or 20 char password option.
343    [Tags]  Verify_Setting_IPMI_User_With_Invalid_Password_Length
344    [Template]  Set User Password And Verify
345
346    # password_length  password_option  expected_status
347    21                 16               ${False}
348    21                 20               ${False}
349
350
351Verify Setting IPMI User With 16 Character Password
352    [Documentation]  Verify that IPMI user can create a 16 character password using 16 char or 20
353    ...  char password option.
354    [Tags]  Verify_Setting_IPMI_User_With_16_Character_Password
355    [Template]  Set User Password And Verify
356
357    # password_length  password_option  expected_status
358    16                 16               ${True}
359    16                 20               ${True}
360
361
362Verify Default Selection Of 16 Character Password For IPMI User
363    [Documentation]  Verify that ipmitool by default opts for the 16 character option when given a
364    ...  password whose length is in between 17 and 20.
365    [Tags]  Verify_Default_Selection_Of_16_Character_Password_For_IPMI_User
366    [Template]  Set User Password And Verify
367
368    # password_length  password_option  expected_status
369    17                 16               ${True}
370    20                 16               ${True}
371
372
373*** Keywords ***
374
375Create Random IPMI User
376    [Documentation]  Create IPMI user with random username and userid and return those fields.
377
378    ${random_username}=  Generate Random String  8  [LETTERS]
379    ${random_userid}=  Evaluate  random.randint(2, 15)  modules=random
380    IPMI Create User  ${random_userid}  ${random_username}
381    [Return]  ${random_userid}  ${random_username}
382
383
384Enable IPMI User And Verify
385    [Documentation]  Enable the userid and verify that it has been enabled.
386    [Arguments]  ${userid}
387
388    # Description of argument(s):
389    # userid   A numeric userid (e.g. "4").
390
391    Run IPMI Standard Command  user enable ${userid}
392    ${user_info}=  Get User Info  ${userid}
393    Valid Value  user_info['enable_status']  ['enabled']
394
395
396Set Default Password For IPMI Root User
397    [Documentation]  Set default password for IPMI root user (i.e. 0penBmc).
398    # Set default password for root user.
399    ${result}=  Run External IPMI Standard Command
400    ...  user set password ${root_userid} ${OPENBMC_PASSWORD}
401    ...  P=${valid_password}
402    Should Contain  ${result}  Set User Password command successful
403
404    # Verify that root user is able to run IPMI command using default password.
405    Verify IPMI Username And Password  root  ${OPENBMC_PASSWORD}
406
407
408Test IPMI User Privilege
409    [Documentation]  Test IPMI user privilege by executing IPMI command with different privileges.
410    [Arguments]  ${privilege_level}  ${user_cmd_status}  ${operator_cmd_status}  ${admin_cmd_status}
411
412    # Description of argument(s):
413    # privilege_level     Privilege level of IPMI user (e.g. 4, 3).
414    # user_cmd_status     Expected status of IPMI command run with the "User"
415    #                     privilege (i.e. "Passed" or "Failed").
416    # operator_cmd_status Expected status of IPMI command run with the "Operator"
417    #                     privilege (i.e. "Passed" or "Failed").
418    # admin_cmd_status    Expected status of IPMI command run with the "Administrator"
419    #                     privilege (i.e. "Passed" or "Failed").
420
421    # Create IPMI user and set valid password.
422    ${random_username}=  Generate Random String  8  [LETTERS]
423    ${random_userid}=  Evaluate  random.randint(2, 15)  modules=random
424    IPMI Create User  ${random_userid}  ${random_username}
425    Run IPMI Standard Command
426    ...  user set password ${random_userid} ${valid_password}
427
428    # Set privilege and enable IPMI messaging for newly created user.
429    Set Channel Access  ${random_userid}  ipmi=on privilege=${privilege_level}
430
431    # Delay added for user privilege to get set.
432    Sleep  5s
433
434    Enable IPMI User And Verify  ${random_userid}
435
436    Verify IPMI Command  ${random_username}  ${valid_password}  User
437    ...  expected_status=${user_cmd_status}
438    Verify IPMI Command  ${random_username}  ${valid_password}  Operator
439    ...  expected_status=${operator_cmd_status}
440    Verify IPMI Command  ${random_username}  ${valid_password}  Administrator
441    ...  expected_status=${admin_cmd_status}
442
443
444Verify IPMI Command
445    [Documentation]  Verify IPMI command execution with given username,
446    ...  password, privilege and expected status.
447    [Arguments]  ${username}  ${password}  ${privilege}  ${channel}=${1}  ${expected_status}=Passed
448    # Description of argument(s):
449    # username         The user name (e.g. "root", "robert", etc.).
450    # password         The user password (e.g. "0penBmc", "0penBmc1", etc.).
451    # privilege        The session privilege for IPMI command (e.g. "User", "Operator", etc.).
452    # channel          The user channel number (e.g. "1" or "2").
453    # expected_status  Expected status of IPMI command run with the user
454    #                  of above password and privilege (i.e. "Passed" or "Failed").
455
456    ${expected_rc}=  Set Variable If  '${expected_status}' == 'Passed'  ${0}  ${1}
457    Wait Until Keyword Succeeds  15 sec  5 sec  Run IPMI Standard Command
458    ...  sel info ${channel}  expected_rc=${expected_rc}  U=${username}  P=${password}
459    ...  L=${privilege}
460
461
462Set User Password And Verify
463    [Documentation]  Create a user and set its password with given length and option.
464    [Arguments]  ${password_length}  ${password_option}  ${expected_result}
465    # Description of argument(s):
466    # password_length  Length of password to be generated and used (e.g. "16").
467    # password_option  Password length option to be given in IPMI command (e.g. "16", "20").
468    # expected_result  Expected result for setting the user's password (e.g. "True", "False").
469
470    Rprint Vars  password_length  password_option  expected_result
471    ${random_userid}  ${random_username}=  Create Random IPMI User
472    ${password}=  Get From Dictionary  ${password_values}  ${password_length}
473    Rprint Vars  random_userid  password
474
475    # Set password for newly created user.
476    ${status}=  Run Keyword And Return Status  Run IPMI Standard Command
477    ...  user set password ${random_userid} ${password} ${password_option}
478    Rprint Vars  status
479    Valid Value  status  [${expected_result}]
480
481    # Set admin privilege and enable IPMI messaging for newly created user.
482    Set Channel Access  ${random_userid}  ipmi=on privilege=${admin_level_priv}
483
484    # Delay added for user privilege to get set.
485    Sleep  5s
486
487    Enable IPMI User And Verify  ${random_userid}
488
489    # For password_option 16, passwords with length between 17 and 20 will be truncated.
490    # For all other cases, passwords will be retained as it is to verify.
491    ${truncated_password}=  Set Variable  ${password[:${password_option}]}
492    Rprint Vars  truncated_password
493    ${status}=  Run Keyword And Return Status  Verify IPMI Username And Password  ${random_username}
494    ...  ${truncated_password}
495    Rprint Vars  status
496    Valid Value  status  [${expected_result}]
497
498
499Test Teardown Execution
500    [Documentation]  Do the test teardown execution.
501
502    FFDC On Test Case Fail
503