1*** Settings ***
2Documentation    Test IPMI and Redfish combinations for user management.
3
4Resource         ../../lib/openbmc_ffdc.robot
5Resource         ../../lib/ipmi_client.robot
6Resource         ../../lib/resource.robot
7Resource         ../../lib/bmc_redfish_resource.robot
8Resource         ../../lib/openbmc_ffdc.robot
9Resource         ../../lib/ipmi_client.robot
10Library          ../../lib/ipmi_utils.py
11
12Test Setup       Test Setup Execution
13Test Teardown    Test Teardown Execution
14
15Test Tags       IPMI_Redfish_User
16
17*** Variables ***
18
19${valid_password}       0penBmc1
20${valid_password2}      0penBmc2
21
22
23*** Test Cases ***
24
25Create IPMI User Without Any Privilege And Verify Via Redfish
26    [Documentation]  Create user using IPMI without privilege and verify user privilege
27    ...  via Redfish.
28    [Tags]  Create_IPMI_User_Without_Any_Privilege_And_Verify_Via_Redfish
29
30    # Create IPMI user with random id and username.
31    ${random_userid}=  Evaluate  random.randint(2, 15)  modules=random
32    ${random_username}=  Generate Random String  8  [LETTERS]
33    Run IPMI Standard Command
34    ...  user set name ${random_userid} ${random_username}
35
36    # Verify new user privilege level via Redfish.
37    ${privilege}=  Redfish_Utils.Get Attribute
38    ...  /redfish/v1/AccountService/Accounts/${random_username}  RoleId
39    Valid Value  privilege  ['ReadOnly']
40
41
42Create Admin User Via Redfish And Verify Login Via IPMI
43    [Documentation]  Create user via redfish and verify via IPMI.
44    [Tags]  Create_Admin_User_Via_Redfish_And_Verify_Login_Via_IPMI
45
46    ${random_username}=  Generate Random String  8  [LETTERS]
47    Set Test Variable  ${random_username}
48
49    ${payload}=  Create Dictionary
50    ...  UserName=${random_username}  Password=${valid_password}
51    ...  RoleId=Administrator  Enabled=${True}
52    Redfish.Post  /redfish/v1/AccountService/Accounts  body=&{payload}
53    ...  valid_status_codes=[${HTTP_CREATED}]
54
55    # Add delay for a new admin user password to set.
56    Sleep  5s
57
58    Enable IPMI Access To User Using Redfish  ${random_username}
59
60    # Update user password using Redfish.
61    ${payload}=  Create Dictionary  Password=${valid_password2}
62    Redfish.Patch  /redfish/v1/AccountService/Accounts/${random_username}  body=&{payload}
63
64    Verify IPMI Username And Password  ${random_username}  ${valid_password2}
65
66
67Delete User Via Redfish And Verify Using IPMI
68    [Documentation]  Delete user via redfish and verify using IPMI.
69    [Tags]  Delete_User_Via_Redfish_And_Verify_Using_IPMI
70
71    # Create user using Redfish.
72    ${random_username}=  Generate Random String  8  [LETTERS]
73    Set Test Variable  ${random_username}
74
75    ${payload}=  Create Dictionary
76    ...  UserName=${random_username}  Password=${valid_password}
77    ...  RoleId=Administrator  Enabled=${True}
78    Redfish.Post  /redfish/v1/AccountService/Accounts  body=&{payload}
79    ...  valid_status_codes=[${HTTP_CREATED}]
80
81    Enable IPMI Access To User Using Redfish  ${random_username}
82
83    # Update user password using Redfish.
84    ${payload}=  Create Dictionary  Password=${valid_password2}
85    Redfish.Patch  /redfish/v1/AccountService/Accounts/${random_username}  body=&{payload}
86
87    # Delete user using Redfish.
88    Redfish.Delete  /redfish/v1/AccountService/Accounts/${random_username}
89
90    # Verify that IPMI command fails with deleted user.
91    Run Keyword And Expect Error  *Error: Unable to establish IPMI*
92    ...  Verify IPMI Username And Password  ${random_username}  ${valid_password2}
93
94
95Update User Password Via Redfish And Verify Using IPMI
96    [Documentation]  Update user password via Redfish and verify using IPMI.
97    [Tags]  Update_User_Password_Via_Redfish_And_Verify_Using_IPMI
98
99    # Create user using Redfish.
100    ${random_username}=  Generate Random String  8  [LETTERS]
101    Set Test Variable  ${random_username}
102
103    ${payload}=  Create Dictionary
104    ...  UserName=${random_username}  Password=${valid_password}
105    ...  RoleId=Administrator  Enabled=${True}
106    Redfish.Post  /redfish/v1/AccountService/Accounts  body=&{payload}
107    ...  valid_status_codes=[${HTTP_CREATED}]
108
109    Enable IPMI Access To User Using Redfish  ${random_username}
110
111    # Update user password using Redfish.
112    ${payload}=  Create Dictionary  Password=${valid_password2}
113    Redfish.Patch  /redfish/v1/AccountService/Accounts/${random_username}  body=&{payload}
114
115    # Verify that IPMI command works with new password and fails with older password.
116    Verify IPMI Username And Password  ${random_username}  ${valid_password2}
117
118    Run Keyword And Expect Error  *Error: Unable to establish IPMI*
119    ...  Verify IPMI Username And Password  ${random_username}  ${valid_password}
120
121
122Update User Privilege Via Redfish And Verify Using IPMI
123    [Documentation]  Update user privilege via Redfish and verify using IPMI.
124    [Tags]  Update_User_Privilege_Via_Redfish_And_Verify_Using_IPMI
125
126    # Create user using Redfish with admin privilege.
127    ${random_username}=  Generate Random String  8  [LETTERS]
128    Set Test Variable  ${random_username}
129
130    ${payload}=  Create Dictionary
131    ...  UserName=${random_username}  Password=${valid_password}
132    ...  RoleId=Administrator  Enabled=${True}
133    Redfish.Post  /redfish/v1/AccountService/Accounts  body=&{payload}
134    ...  valid_status_codes=[${HTTP_CREATED}]
135
136    Enable IPMI Access To User Using Redfish  ${random_username}
137
138    # Update user password using Redfish.
139    ${payload}=  Create Dictionary  Password=${valid_password2}
140    Redfish.Patch  /redfish/v1/AccountService/Accounts/${random_username}  body=&{payload}
141
142    # Update user privilege to readonly using Redfish.
143    ${payload}=  Create Dictionary  RoleId=ReadOnly
144    Redfish.Patch  /redfish/v1/AccountService/Accounts/${random_username}  body=&{payload}
145
146    # Verify new user privilege level via IPMI.
147    ${resp}=  Run IPMI Standard Command  user list
148
149    # Example of response data:
150    # ID  Name             Callin  Link Auth  IPMI Msg   Channel Priv Limit
151    # 1   ipmi_admin       false   true       true       ADMINISTRATOR
152    # 2   OAvCxjMv         false   true       true       USER
153    # 3                    true    false      false      NO ACCESS
154    # ..
155    # ..
156    # 15                   true    false      false      NO ACCESS
157
158    ${user_info}=
159    ...  Get Lines Containing String  ${resp}  ${random_username}
160    Should Contain  ${user_info}  USER
161
162
163*** Keywords ***
164
165Create IPMI Random User With Password And Privilege
166    [Documentation]  Create random IPMI user with given password and privilege
167    ...  level.
168    [Arguments]  ${password}  ${privilege}=0
169
170    # Description of argument(s):
171    # password      Password to be assigned for the user.
172    # privilege     Privilege level for the user (e.g. "1", "2", "3", etc.).
173
174    # Create IPMI user.
175    ${random_username}=  Generate Random String  8  [LETTERS]
176    Set Suite Variable  ${random_username}
177
178    ${random_userid}=  Find And Return Free User Id
179    IPMI Create User  ${random_userid}  ${random_username}
180
181    # Set given password for newly created user.
182    Run IPMI Standard Command
183    ...  user set password ${random_userid} ${password}
184
185    # Enable IPMI user.
186    Run IPMI Standard Command  user enable ${random_userid}
187
188    # Set given privilege and enable IPMI messaging for newly created user.
189    Run Keyword If  '${privilege}' != '0'
190    ...  Set Channel Access  ${random_userid}  ipmi=on privilege=${privilege}
191
192    RETURN  ${random_username}  ${random_userid}
193
194
195Delete Users Via Redfish
196    [Documentation]  Delete all the users via redfish from given list.
197    [Arguments]  ${user_list}
198
199    # Description of argument(s):
200    # user_list    List of user which are to be deleted.
201
202    Redfish.Login
203
204    FOR  ${user}  IN  @{user_list}
205      Redfish.Delete  ${user}
206    END
207
208    Redfish.Logout
209
210
211Enable IPMI Access To User Using Redfish
212    [Documentation]  Add IPMI access to a user through Redfish.
213    [Arguments]  ${user_name}
214
215    # Description of argument(s):
216    # user_name  User name to which IPMI access is to be added.
217
218    # Adding IPMI access to user name.
219    Redfish.Patch    /redfish/v1/AccountService/Accounts/${user_name}
220    ...  body={"AccountTypes": ["Redfish", "HostConsole", "ManagerConsole", "WebUI", "IPMI"]}
221
222
223Test Setup Execution
224    [Documentation]  Do test case setup tasks.
225
226    Redfish.Login
227
228
229Test Teardown Execution
230    [Documentation]  Do the post test teardown.
231
232    FFDC On Test Case Fail
233    # Delete the test user.
234    Run Keyword And Ignore Error
235    ...  Redfish.Delete  /redfish/v1/AccountService/Accounts/${random_username}
236
237    Redfish.Logout
238
239
240Find And Return Free User Id
241    [Documentation]  Find and return userid that is not being used.
242
243    FOR    ${index}    IN RANGE    300
244        # IPMI maximum users count (i.e. 15 users).
245        ${random_userid}=  Evaluate  random.randint(1, ${ipmi_max_num_users})  modules=random
246        ${access_output}=  Run IPMI Standard Command  channel getaccess 1 ${random_userid}
247
248        ${name_line}=  Get Lines Containing String  ${access_output}  User Name
249        Log To Console  For ID ${random_userid}: ${name_line}
250        ${is_empty}=  Run Keyword And Return Status
251        ...  Should Match Regexp  ${name_line}  ${empty_name_pattern}
252
253        Exit For Loop If  ${is_empty} == ${True}
254    END
255    Run Keyword If  '${index}' == '299'  Fail  msg=A free user ID could not be found.
256    RETURN  ${random_userid}
257
258