xref: /openbmc/openbmc-test-automation/ipmi/test_ipmi_user.robot (revision fcdadc54659c667df0737ce6333010282b8f6de0) 
1*** Settings ***
2Documentation       Test suite for OpenBMC IPMI user management.
3
4Resource            ../lib/ipmi_client.robot
5Resource            ../lib/openbmc_ffdc.robot
6Library             ../lib/ipmi_utils.py
7Test Setup          Printn
8
9Test Teardown       Test Teardown Execution
10
11*** Variables ***
12
13${invalid_username}     user%
14${invalid_password}     abc123
15${root_userid}          1
16${operator_level_priv}  0x3
17${user_priv}            2
18${operator_priv}        3
19${admin_level_priv}     4
20${no_access_priv}       15
21${valid_password}       0penBmc1
22${max_password_length}  20
23${ipmi_setaccess_cmd}   channel setaccess
24&{password_values}      16=0penBmc10penBmc2  17=0penBmc10penBmc2B
25              ...       20=0penBmc10penBmc2Bmc3  21=0penBmc10penBmc2Bmc34
26
27
28*** Test Cases ***
29
30Verify IPMI User Summary
31    [Documentation]  Verify IPMI maximum supported IPMI user ID and
32    ...  enabled user form user summary
33    [Tags]  Verify_IPMI_User_Summary
34    [Teardown]  Run Keywords  FFDC On Test Case Fail  AND
35    ...  Delete Created User  ${random_userid}
36    # Delete all non-root IPMI (i.e. except userid 1)
37    Delete All Non Root IPMI User
38
39    ${random_userid}  ${random_username}=  Create Random IPMI User
40    Set Test Variable  ${random_userid}
41    Run IPMI Standard Command  user enable ${random_userid}
42
43    # Verify maximum user count IPMI local user can have. Also verify
44    # currently enabled users.
45    ${resp}=  Wait Until Keyword Succeeds  15 sec  5 sec  Run IPMI Standard Command  user summary
46    ${enabled_user_count}=
47    ...  Get Lines Containing String  ${resp}  Enabled User Count
48    ${maximum_ids}=  Get Lines Containing String  ${resp}  Maximum IDs
49    Should Contain  ${enabled_user_count}  2
50    Should Contain  ${maximum_ids}  15
51
52
53Verify IPMI User Creation With Valid Name And ID
54    [Documentation]  Create user via IPMI and verify.
55    [Tags]  Test_IPMI_User_Creation_With_Valid_Name_And_ID
56    [Teardown]  Run Keywords  FFDC On Test Case Fail  AND
57    ...  Delete Created User  ${random_userid}
58
59    ${random_userid}  ${random_username}=  Create Random IPMI User
60    Set Test Variable  ${random_userid}
61
62
63Verify IPMI User Creation With Invalid Name
64    [Documentation]  Verify error while creating IPMI user with invalid
65    ...  name(e.g. user name with special characters).
66    [Tags]  Verify_IPMI_User_Creation_With_Invalid_Name
67
68    ${random_userid}=  Evaluate  random.randint(2, 15)  modules=random
69    ${msg}=  Run Keyword And Expect Error  *  Run IPMI Standard Command
70    ...  user set name ${random_userid} ${invalid_username}
71    Should Contain  ${msg}  Invalid data
72
73
74Verify IPMI User Creation With Invalid ID
75    [Documentation]  Verify error while creating IPMI user with invalid
76    ...  ID(i.e. any number greater than 15 or 0).
77    [Tags]  Verify_IPMI_User_Creation_With_Invalid_ID
78
79    @{id_list}=  Create List
80    ${random_invalid_id}=  Evaluate  random.randint(16, 1000)  modules=random
81    Append To List  ${id_list}  ${random_invalid_id}
82    Append To List  ${id_list}  0
83
84    FOR  ${id}  IN  @{id_list}
85      ${msg}=  Run Keyword And Expect Error  *  Run IPMI Standard Command
86      ...  user set name ${id} newuser
87      Should Contain Any  ${msg}  User ID is limited to range  Parameter out of range
88    END
89
90Verify Setting IPMI User With Invalid Password
91    [Documentation]  Verify error while setting IPMI user with invalid
92    ...  password.
93    [Tags]  Verify_Setting_IPMI_User_With_Invalid_Password
94    [Teardown]  Run Keywords  FFDC On Test Case Fail  AND
95    ...  Delete Created User  ${random_userid}
96
97    ${random_userid}  ${random_username}=  Create Random IPMI User
98    Set Test Variable  ${random_userid}
99
100    # Set invalid password for newly created user.
101    ${msg}=  Run Keyword And Expect Error  *  Run IPMI Standard Command
102    ...  user set password ${random_userid} ${invalid_password}
103
104    Should Contain  ${msg}  Set User Password command failed
105
106Verify Setting IPMI Root User With New Name
107    [Documentation]  Verify error while setting IPMI root user with new
108    ...  name.
109    [Tags]  Verify_Setting_IPMI_Root_User_With_New_Name
110
111    # Set invalid password for newly created user.
112    ${msg}=  Run Keyword And Expect Error  *  Run IPMI Standard Command
113    ...  user set name ${root_userid} abcd
114
115    Should Contain  ${msg}  Set User Name command failed
116
117
118Verify IPMI User Password Via Test Command
119    [Documentation]  Verify IPMI user password using test command.
120    [Tags]  Verify_IPMI_User_Password_Via_Test_Command
121    [Teardown]  Run Keywords  FFDC On Test Case Fail  AND
122    ...  Delete Created User  ${random_userid}
123
124    ${random_userid}  ${random_username}=  Create Random IPMI User
125    Set Test Variable  ${random_userid}
126
127    # Set valid password for newly created user.
128    Run IPMI Standard Command
129    ...  user set password ${random_userid} ${valid_password}
130
131    # Verify newly set password using test command.
132    ${msg}=  Run IPMI Standard Command
133    ...  user test ${random_userid} ${max_password_length} ${valid_password}
134
135    Should Contain  ${msg}  Success
136
137
138Verify Setting Valid Password For IPMI User
139    [Documentation]  Set valid password for IPMI user and verify.
140    [Tags]  Verify_Setting_Valid_Password_For_IPMI_User
141    [Teardown]  Run Keywords  FFDC On Test Case Fail  AND
142    ...  Delete Created User  ${random_userid}
143
144    ${random_userid}  ${random_username}=  Create Random IPMI User
145    Set Test Variable  ${random_userid}
146
147    # Set valid password for newly created user.
148    Run IPMI Standard Command
149    ...  user set password ${random_userid} ${valid_password}
150
151    Run IPMI Standard Command  user enable ${random_userid}
152
153    # Delay added for IPMI user to get enable
154    Sleep  5s
155
156    # Set admin privilege and enable IPMI messaging for newly created user
157    Set Channel Access  ${random_userid}  ipmi=on privilege=${admin_level_priv}
158
159    Verify IPMI Username And Password  ${random_username}  ${valid_password}
160
161
162Verify IPMI User Creation With Same Name
163    [Documentation]  Verify error while creating two IPMI user with same name.
164    [Tags]  Verify_IPMI_User_Creation_With_Same_Name
165    [Teardown]  Run Keywords  FFDC On Test Case Fail  AND
166    ...  Delete Created User  2
167
168    ${random_username}=  Generate Random String  8  [LETTERS]
169    IPMI Create User  2  ${random_username}
170
171    # Set same username for another IPMI user.
172    ${msg}=  Run Keyword And Expect Error  *  Run IPMI Standard Command
173    ...  user set name 3 ${random_username}
174    Should Contain  ${msg}  Invalid data field in request
175
176
177Verify Setting IPMI User With Null Password
178    [Documentation]  Verify error while setting IPMI user with null
179    ...  password.
180    [Tags]  Verify_Setting_IPMI_User_With_Null_Password
181    [Teardown]  Run Keywords  FFDC On Test Case Fail  AND
182    ...  Delete Created User  ${random_userid}
183
184    ${random_userid}  ${random_username}=  Create Random IPMI User
185    Set Test Variable  ${random_userid}
186
187    # Set null password for newly created user.
188    ${msg}=  Run Keyword And Expect Error  *  Run IPMI Standard Command
189    ...  user set password ${random_userid} ""
190
191    Should Contain  ${msg}  Invalid data field in request
192
193
194Verify IPMI User Deletion
195    [Documentation]  Delete user via IPMI and verify.
196    [Tags]  Verify_IPMI_User_Deletion
197    [Teardown]  Run Keywords  FFDC On Test Case Fail  AND
198    ...  Delete Created User  ${random_userid}
199
200    ${random_userid}  ${random_username}=  Create Random IPMI User
201    Set Test Variable  ${random_userid}
202    # Delete IPMI User and verify
203    Run IPMI Standard Command  user set name ${random_userid} ""
204    ${user_info}=  Get User Info  ${random_userid}
205    Should Be Equal  ${user_info['user_name']}  ${EMPTY}
206
207
208Test IPMI User Privilege Level
209    [Documentation]  Verify IPMI user with user privilege can only run user level commands.
210    [Tags]  Test_IPMI_User_Privilege_Level
211    [Template]  Test IPMI User Privilege
212    [Teardown]  Run Keywords  FFDC On Test Case Fail  AND
213    ...  Delete Created User  ${random_userid}
214
215    #Privilege level     User Cmd Status  Operator Cmd Status  Admin Cmd Status
216    ${user_priv}         Passed           Failed               Failed
217
218
219Test IPMI Operator Privilege Level
220    [Documentation]  Verify IPMI user with operator privilege can only run user and operator levels commands.
221    ...  level is set to operator.
222    [Tags]  Test_IPMI_Operator_Privilege_Level
223    [Template]  Test IPMI User Privilege
224    [Teardown]  Run Keywords  FFDC On Test Case Fail  AND
225    ...  Delete Created User  ${random_userid}
226
227    #Privilege level     User Cmd Status  Operator Cmd Status  Admin Cmd Status
228    ${operator_priv}     Passed           Passed               Failed
229
230
231Test IPMI Administrator Privilege Level
232    [Documentation]  Verify IPMI user with admin privilege can run all levels command.
233    [Tags]  Test_IPMI_Administrator_Privilege_Level
234    [Template]  Test IPMI User Privilege
235    [Teardown]  Run Keywords  FFDC On Test Case Fail  AND
236    ...  Delete Created User  ${random_userid}
237
238    #Privilege level     User Cmd Status  Operator Cmd Status  Admin Cmd Status
239    ${admin_level_priv}  Passed           Passed               Passed
240
241
242Test IPMI No Access Privilege Level
243    [Documentation]  Verify IPMI user with no access privilege can not run only any level command.
244    [Tags]  Test_IPMI_No_Access_Privilege_Level
245    [Template]  Test IPMI User Privilege
246    [Teardown]  Run Keywords  FFDC On Test Case Fail  AND
247    ...  Delete Created User  ${random_userid}
248
249    #Privilege level     User Cmd Status  Operator Cmd Status  Admin Cmd Status
250    ${no_access_priv}    Failed           Failed               Failed
251
252
253Enable IPMI User And Verify
254    [Documentation]  Enable IPMI user and verify that the user is able
255    ...  to run IPMI command.
256    [Tags]  Enable_IPMI_User_And_Verify
257    [Teardown]  Run Keywords  FFDC On Test Case Fail  AND
258    ...  Delete Created User  ${random_userid}
259
260    ${random_userid}  ${random_username}=  Create Random IPMI User
261    Set Test Variable  ${random_userid}
262    Run IPMI Standard Command
263    ...  user set password ${random_userid} ${valid_password}
264
265    # Set admin privilege and enable IPMI messaging for newly created user.
266    Set Channel Access  ${random_userid}  ipmi=on privilege=${admin_level_priv}
267
268    # Delay added for user privilege to get set.
269    Sleep  5s
270
271    Enable IPMI User And Verify  ${random_userid}
272
273    # Verify that enabled IPMI  user is able to run IPMI command.
274    Verify IPMI Username And Password  ${random_username}  ${valid_password}
275
276
277Disable IPMI User And Verify
278    [Documentation]  Disable IPMI user and verify that that the user
279    ...  is unable to run IPMI command.
280    [Tags]  Disable_IPMI_User_And_Verify
281    [Teardown]  Run Keywords  FFDC On Test Case Fail  AND
282    ...  Delete Created User  ${random_userid}
283
284    ${random_userid}  ${random_username}=  Create Random IPMI User
285    Set Test Variable  ${random_userid}
286    Run IPMI Standard Command
287    ...  user set password ${random_userid} ${valid_password}
288
289    # Set admin privilege and enable IPMI messaging for newly created user.
290    Set Channel Access  ${random_userid}  ipmi=on privilege=${admin_level_priv}
291
292    # Disable IPMI user and verify.
293    Run IPMI Standard Command  user disable ${random_userid}
294    ${user_info}=  Get User Info  ${random_userid}
295    Should Be Equal  ${user_info['enable_status']}  disabled
296
297    # Verify that disabled IPMI  user is unable to run IPMI command.
298    ${msg}=  Run Keyword And Expect Error  *  Verify IPMI Username And Password
299    ...  ${random_username}  ${valid_password}
300    Should Contain  ${msg}  Unable to establish IPMI
301
302
303Verify IPMI Root User Password Change
304    [Documentation]  Change IPMI root user password and verify that
305    ...  root user is able to run IPMI command.
306    [Tags]  Verify_IPMI_Root_User_Password_Change
307    [Teardown]  Run Keywords  FFDC On Test Case Fail  AND
308    ...  Wait Until Keyword Succeeds  15 sec  5 sec
309    ...  Set Default Password For IPMI Root User
310
311    # User input password should be minimum 8 characters long.
312    Valid Length  OPENBMC_PASSWORD  min_length=8
313    # Set new password for root user.
314    Run IPMI Standard Command
315    ...  user set password ${root_userid} ${valid_password}
316
317    # Verify that root user is able to run IPMI command using new password.
318    Wait Until Keyword Succeeds  15 sec  5 sec  Verify IPMI Username And Password
319    ...  root  ${valid_password}
320
321
322Verify Administrator And No Access Privilege For Different Channels
323    [Documentation]  Set administrator and no access privilege for different channels and verify.
324    [Tags]  Verify_Administrator_And_No_Access_Privilege_For_Different_Channels
325    [Teardown]  Run Keywords  FFDC On Test Case Fail  AND
326    ...  Delete Created User  ${random_userid}
327
328    ${random_userid}  ${random_username}=  Create Random IPMI User
329    Set Test Variable  ${random_userid}
330    Run IPMI Standard Command
331    ...  user set password ${random_userid} ${valid_password}
332
333    # Set admin privilege for newly created user with channel 1.
334    Set Channel Access  ${random_userid}  ipmi=on privilege=${admin_level_priv}  1
335
336    # Set no access privilege for newly created user with channel 2.
337    Set Channel Access  ${random_userid}  ipmi=on privilege=${no_access_priv}  2
338
339    Enable IPMI User And Verify  ${random_userid}
340
341    # Verify that user is able to run administrator level IPMI command with channel 1.
342    Verify IPMI Command  ${random_username}  ${valid_password}  Administrator  1
343
344    # Verify that user is unable to run IPMI command with channel 2.
345    Run IPMI Standard Command  sel info 2  expected_rc=${1}  U=${random_username}  P=${valid_password}
346
347
348Verify Operator And User Privilege For Different Channels
349    [Documentation]  Set operator and user privilege for different channels and verify.
350    [Tags]  Verify_Operator_And_User_Privilege_For_Different_Channels
351    [Teardown]  Run Keywords  FFDC On Test Case Fail  AND
352    ...  Delete Created User  ${random_userid}
353
354    ${random_userid}  ${random_username}=  Create Random IPMI User
355    Set Test Variable  ${random_userid}
356    Run IPMI Standard Command
357    ...  user set password ${random_userid} ${valid_password}
358
359    # Set operator privilege for newly created user with channel 1.
360    Set Channel Access  ${random_userid}  ipmi=on privilege=${operator_priv}  1
361
362    # Set user privilege for newly created user with channel 2.
363    Set Channel Access  ${random_userid}  ipmi=on privilege=${user_priv}  2
364
365    Enable IPMI User And Verify  ${random_userid}
366
367    # Verify that user is able to run operator level IPMI command with channel 1.
368    Verify IPMI Command  ${random_username}  ${valid_password}  Operator  1
369
370    # Verify that user is able to run user level IPMI command with channel 2.
371    Verify IPMI Command  ${random_username}  ${valid_password}  User  2
372
373
374Verify Setting IPMI User With Max Password Length
375    [Documentation]  Verify IPMI user creation with password length of 20 characters.
376    [Tags]  Verify_Setting_IPMI_User_With_Max_Password_Length
377    [Template]  Set User Password And Verify
378
379    # password_length  password_option  expected_status
380    20                 20               ${True}
381
382
383Verify Setting IPMI User With Invalid Password Length
384    [Documentation]  Verify that IPMI user cannot be set with 21 character password using 16 char
385    ...  or 20 char password option.
386    [Tags]  Verify_Setting_IPMI_User_With_Invalid_Password_Length
387    [Template]  Set User Password And Verify
388
389    # password_length  password_option  expected_status
390    21                 16               ${False}
391    21                 20               ${False}
392
393
394Verify Setting IPMI User With 16 Character Password
395    [Documentation]  Verify that IPMI user can create a 16 character password using 16 char or 20
396    ...  char password option.
397    [Tags]  Verify_Setting_IPMI_User_With_16_Character_Password
398    [Template]  Set User Password And Verify
399
400    # password_length  password_option  expected_status
401    16                 16               ${True}
402    16                 20               ${True}
403
404
405Verify Default Selection Of 16 Character Password For IPMI User
406    [Documentation]  Verify that ipmitool by default opts for the 16 character option when given a
407    ...  password whose length is in between 17 and 20.
408    [Tags]  Verify_Default_Selection_Of_16_Character_Password_For_IPMI_User
409    [Template]  Set User Password And Verify
410
411    # password_length  password_option  expected_status
412    17                 16               ${True}
413    20                 16               ${True}
414
415
416*** Keywords ***
417
418Create Random IPMI User
419    [Documentation]  Create IPMI user with random username and userid and return those fields.
420
421    ${random_username}=  Generate Random String  8  [LETTERS]
422    ${random_userid}=  Evaluate  random.randint(2, 15)  modules=random
423    IPMI Create User  ${random_userid}  ${random_username}
424    [Return]  ${random_userid}  ${random_username}
425
426
427Enable IPMI User And Verify
428    [Documentation]  Enable the userid and verify that it has been enabled.
429    [Arguments]  ${userid}
430
431    # Description of argument(s):
432    # userid   A numeric userid (e.g. "4").
433
434    Run IPMI Standard Command  user enable ${userid}
435    ${user_info}=  Get User Info  ${userid}
436    Valid Value  user_info['enable_status']  ['enabled']
437
438
439Set Default Password For IPMI Root User
440    [Documentation]  Set default password for IPMI root user (i.e. 0penBmc).
441    # Set default password for root user.
442    ${result}=  Run External IPMI Standard Command
443    ...  user set password ${root_userid} ${OPENBMC_PASSWORD}
444    ...  P=${valid_password}
445    Should Contain  ${result}  Set User Password command successful
446
447    # Verify that root user is able to run IPMI command using default password.
448    Verify IPMI Username And Password  root  ${OPENBMC_PASSWORD}
449
450
451Test IPMI User Privilege
452    [Documentation]  Test IPMI user privilege by executing IPMI command with different privileges.
453    [Arguments]  ${privilege_level}  ${user_cmd_status}  ${operator_cmd_status}  ${admin_cmd_status}
454
455    # Description of argument(s):
456    # privilege_level     Privilege level of IPMI user (e.g. 4, 3).
457    # user_cmd_status     Expected status of IPMI command run with the "User"
458    #                     privilege (i.e. "Passed" or "Failed").
459    # operator_cmd_status Expected status of IPMI command run with the "Operator"
460    #                     privilege (i.e. "Passed" or "Failed").
461    # admin_cmd_status    Expected status of IPMI command run with the "Administrator"
462    #                     privilege (i.e. "Passed" or "Failed").
463
464    # Create IPMI user and set valid password.
465    ${random_username}=  Generate Random String  8  [LETTERS]
466    ${random_userid}=  Evaluate  random.randint(2, 15)  modules=random
467    IPMI Create User  ${random_userid}  ${random_username}
468    Set Test Variable  ${random_userid}
469    Run IPMI Standard Command
470    ...  user set password ${random_userid} ${valid_password}
471
472    # Set privilege and enable IPMI messaging for newly created user.
473    Set Channel Access  ${random_userid}  ipmi=on privilege=${privilege_level}
474
475    # Delay added for user privilege to get set.
476    Sleep  5s
477
478    Enable IPMI User And Verify  ${random_userid}
479
480    Verify IPMI Command  ${random_username}  ${valid_password}  User
481    ...  expected_status=${user_cmd_status}
482    Verify IPMI Command  ${random_username}  ${valid_password}  Operator
483    ...  expected_status=${operator_cmd_status}
484    Verify IPMI Command  ${random_username}  ${valid_password}  Administrator
485    ...  expected_status=${admin_cmd_status}
486
487
488Verify IPMI Command
489    [Documentation]  Verify IPMI command execution with given username,
490    ...  password, privilege and expected status.
491    [Arguments]  ${username}  ${password}  ${privilege}  ${channel}=${1}  ${expected_status}=Passed
492    # Description of argument(s):
493    # username         The user name (e.g. "root", "robert", etc.).
494    # password         The user password (e.g. "0penBmc", "0penBmc1", etc.).
495    # privilege        The session privilege for IPMI command (e.g. "User", "Operator", etc.).
496    # channel          The user channel number (e.g. "1" or "2").
497    # expected_status  Expected status of IPMI command run with the user
498    #                  of above password and privilege (i.e. "Passed" or "Failed").
499
500    ${expected_rc}=  Set Variable If  '${expected_status}' == 'Passed'  ${0}  ${1}
501    Wait Until Keyword Succeeds  15 sec  5 sec  Run IPMI Standard Command
502    ...  sel info ${channel}  expected_rc=${expected_rc}  U=${username}  P=${password}
503    ...  L=${privilege}
504
505
506Set User Password And Verify
507    [Documentation]  Create a user and set its password with given length and option.
508    [Arguments]  ${password_length}  ${password_option}  ${expected_result}
509    [Teardown]  Run Keyword  Delete Created User  ${random_userid}
510    # Description of argument(s):
511    # password_length  Length of password to be generated and used (e.g. "16").
512    # password_option  Password length option to be given in IPMI command (e.g. "16", "20").
513    # expected_result  Expected result for setting the user's password (e.g. "True", "False").
514
515    Rprint Vars  password_length  password_option  expected_result
516    ${random_userid}  ${random_username}=  Create Random IPMI User
517    Set Test Variable  ${random_userid}
518    ${password}=  Get From Dictionary  ${password_values}  ${password_length}
519    Rprint Vars  random_userid  password
520
521    # Set password for newly created user.
522    ${status}=  Run Keyword And Return Status  Run IPMI Standard Command
523    ...  user set password ${random_userid} ${password} ${password_option}
524    Rprint Vars  status
525    Valid Value  status  [${expected_result}]
526    Return From Keyword If  '${expected_result}' == '${False}'
527
528    # Set admin privilege and enable IPMI messaging for newly created user.
529    Set Channel Access  ${random_userid}  ipmi=on privilege=${admin_level_priv}
530
531    # Delay added for user privilege to get set.
532    Sleep  5s
533
534    Enable IPMI User And Verify  ${random_userid}
535
536    # For password_option 16, passwords with length between 17 and 20 will be truncated.
537    # For all other cases, passwords will be retained as it is to verify.
538    ${truncated_password}=  Set Variable  ${password[:${password_option}]}
539    Rprint Vars  truncated_password
540    ${status}=  Run Keyword And Return Status  Verify IPMI Username And Password  ${random_username}
541    ...  ${truncated_password}
542    Rprint Vars  status
543    Valid Value  status  [${expected_result}]
544
545
546Test Teardown Execution
547    [Documentation]  Do the test teardown execution.
548
549    FFDC On Test Case Fail
550
551
552Delete Created User
553    [Documentation]  Delete created IPMI user.
554    [Arguments]  ${userid}
555    # Description of argument(s):
556    # userid  The user ID (e.g. "1", "2", etc.).
557
558    Run IPMI Standard Command  user set name ${userid} ""
559    Sleep  5s