xref: /openbmc/openbmc-test-automation/openpower/localuser/test_ipmi_redfish_user.robot (revision 7bc5ce3a40b19f552580c5a2712cad141a28c9fc)
1*** Settings ***
2Documentation    Test IPMI and Redfish combinations for user management.
3
4Resource         ../../lib/resource.robot
5Resource         ../../lib/bmc_redfish_resource.robot
6Resource         ../../lib/openbmc_ffdc.robot
7Resource         ../../lib/ipmi_client.robot
8Library          ../../lib/ipmi_utils.py
9
10Test Setup       Test Setup Execution
11Test Teardown    Test Teardown Execution
12
13Test Tags       IPMI_Redfish_User
14
15*** Variables ***
16
17${valid_password}       0penBmc1
18${valid_password2}      0penBmc2
19
20
21*** Test Cases ***
22
23Create IPMI User Without Any Privilege And Verify Via Redfish
24    [Documentation]  Create user using IPMI without privilege and verify user privilege
25    ...  via Redfish.
26    [Tags]  Create_IPMI_User_Without_Any_Privilege_And_Verify_Via_Redfish
27
28    # Create IPMI user with random id and username.
29    ${random_userid}=  Evaluate  random.randint(2, 15)  modules=random
30    ${random_username}=  Generate Random String  8  [LETTERS]
31    Run IPMI Standard Command
32    ...  user set name ${random_userid} ${random_username}
33
34    # Verify new user privilege level via Redfish.
35    ${privilege}=  Redfish.Get Attribute
36    ...  /redfish/v1/AccountService/Accounts/${random_username}  RoleId
37    Valid Value  privilege  ['ReadOnly']
38
39
40Create Admin User Via Redfish And Verify Login Via IPMI
41    [Documentation]  Create user via redfish and verify via IPMI.
42    [Tags]  Create_Admin_User_Via_Redfish_And_Verify_Login_Via_IPMI
43
44    ${random_username}=  Generate Random String  8  [LETTERS]
45    Set Test Variable  ${random_username}
46
47    ${payload}=  Create Dictionary
48    ...  UserName=${random_username}  Password=${valid_password}
49    ...  RoleId=Administrator  Enabled=${True}
50    Redfish.Post  /redfish/v1/AccountService/Accounts  body=&{payload}
51    ...  valid_status_codes=[${HTTP_CREATED}]
52
53    # Add delay for a new admin user password to set.
54    Sleep  5s
55
56    Enable IPMI Access To User Using Redfish  ${random_username}
57
58    # Update user password using Redfish.
59    ${payload}=  Create Dictionary  Password=${valid_password2}
60    Redfish.Patch  /redfish/v1/AccountService/Accounts/${random_username}  body=&{payload}
61
62    Verify IPMI Username And Password  ${random_username}  ${valid_password2}
63
64
65Delete User Via Redfish And Verify Using IPMI
66    [Documentation]  Delete user via redfish and verify using IPMI.
67    [Tags]  Delete_User_Via_Redfish_And_Verify_Using_IPMI
68
69    # Create user using Redfish.
70    ${random_username}=  Generate Random String  8  [LETTERS]
71    Set Test Variable  ${random_username}
72
73    ${payload}=  Create Dictionary
74    ...  UserName=${random_username}  Password=${valid_password}
75    ...  RoleId=Administrator  Enabled=${True}
76    Redfish.Post  /redfish/v1/AccountService/Accounts  body=&{payload}
77    ...  valid_status_codes=[${HTTP_CREATED}]
78
79    Enable IPMI Access To User Using Redfish  ${random_username}
80
81    # Update user password using Redfish.
82    ${payload}=  Create Dictionary  Password=${valid_password2}
83    Redfish.Patch  /redfish/v1/AccountService/Accounts/${random_username}  body=&{payload}
84
85    # Delete user using Redfish.
86    Redfish.Delete  /redfish/v1/AccountService/Accounts/${random_username}
87
88    # Verify that IPMI command fails with deleted user.
89    Run Keyword And Expect Error  *Error: Unable to establish IPMI*
90    ...  Verify IPMI Username And Password  ${random_username}  ${valid_password2}
91
92
93Update User Password Via Redfish And Verify Using IPMI
94    [Documentation]  Update user password via Redfish and verify using IPMI.
95    [Tags]  Update_User_Password_Via_Redfish_And_Verify_Using_IPMI
96
97    # Create user using Redfish.
98    ${random_username}=  Generate Random String  8  [LETTERS]
99    Set Test Variable  ${random_username}
100
101    ${payload}=  Create Dictionary
102    ...  UserName=${random_username}  Password=${valid_password}
103    ...  RoleId=Administrator  Enabled=${True}
104    Redfish.Post  /redfish/v1/AccountService/Accounts  body=&{payload}
105    ...  valid_status_codes=[${HTTP_CREATED}]
106
107    Enable IPMI Access To User Using Redfish  ${random_username}
108
109    # Update user password using Redfish.
110    ${payload}=  Create Dictionary  Password=${valid_password2}
111    Redfish.Patch  /redfish/v1/AccountService/Accounts/${random_username}  body=&{payload}
112
113    # Verify that IPMI command works with new password and fails with older password.
114    Verify IPMI Username And Password  ${random_username}  ${valid_password2}
115
116    Run Keyword And Expect Error  *Error: Unable to establish IPMI*
117    ...  Verify IPMI Username And Password  ${random_username}  ${valid_password}
118
119
120Update User Privilege Via Redfish And Verify Using IPMI
121    [Documentation]  Update user privilege via Redfish and verify using IPMI.
122    [Tags]  Update_User_Privilege_Via_Redfish_And_Verify_Using_IPMI
123
124    # Create user using Redfish with admin privilege.
125    ${random_username}=  Generate Random String  8  [LETTERS]
126    Set Test Variable  ${random_username}
127
128    ${payload}=  Create Dictionary
129    ...  UserName=${random_username}  Password=${valid_password}
130    ...  RoleId=Administrator  Enabled=${True}
131    Redfish.Post  /redfish/v1/AccountService/Accounts  body=&{payload}
132    ...  valid_status_codes=[${HTTP_CREATED}]
133
134    Enable IPMI Access To User Using Redfish  ${random_username}
135
136    # Update user password using Redfish.
137    ${payload}=  Create Dictionary  Password=${valid_password2}
138    Redfish.Patch  /redfish/v1/AccountService/Accounts/${random_username}  body=&{payload}
139
140    # Update user privilege to readonly using Redfish.
141    ${payload}=  Create Dictionary  RoleId=ReadOnly
142    Redfish.Patch  /redfish/v1/AccountService/Accounts/${random_username}  body=&{payload}
143
144    # Verify new user privilege level via IPMI.
145    ${resp}=  Run IPMI Standard Command  user list
146
147    # Example of response data:
148    # ID  Name             Callin  Link Auth  IPMI Msg   Channel Priv Limit
149    # 1   ipmi_admin       false   true       true       ADMINISTRATOR
150    # 2   OAvCxjMv         false   true       true       USER
151    # 3                    true    false      false      NO ACCESS
152    # ..
153    # ..
154    # 15                   true    false      false      NO ACCESS
155
156    ${user_info}=
157    ...  Get Lines Containing String  ${resp}  ${random_username}
158    Should Contain  ${user_info}  USER
159
160
161*** Keywords ***
162
163Create IPMI Random User With Password And Privilege
164    [Documentation]  Create random IPMI user with given password and privilege
165    ...  level.
166    [Arguments]  ${password}  ${privilege}=0
167
168    # Description of argument(s):
169    # password      Password to be assigned for the user.
170    # privilege     Privilege level for the user (e.g. "1", "2", "3", etc.).
171
172    # Create IPMI user.
173    ${random_username}=  Generate Random String  8  [LETTERS]
174    Set Suite Variable  ${random_username}
175
176    ${random_userid}=  Find And Return Free User Id
177    IPMI Create User  ${random_userid}  ${random_username}
178
179    # Set given password for newly created user.
180    Run IPMI Standard Command
181    ...  user set password ${random_userid} ${password}
182
183    # Enable IPMI user.
184    Run IPMI Standard Command  user enable ${random_userid}
185
186    # Set given privilege and enable IPMI messaging for newly created user.
187    IF  '${privilege}' != '0'
188        Set Channel Access  ${random_userid}  ipmi=on privilege=${privilege}
189    END
190
191    RETURN  ${random_username}  ${random_userid}
192
193
194Delete Users Via Redfish
195    [Documentation]  Delete all the users via redfish from given list.
196    [Arguments]  ${user_list}
197
198    # Description of argument(s):
199    # user_list    List of user which are to be deleted.
200
201    Redfish.Login
202
203    FOR  ${user}  IN  @{user_list}
204      Redfish.Delete  ${user}
205    END
206
207    Redfish.Logout
208
209
210Enable IPMI Access To User Using Redfish
211    [Documentation]  Add IPMI access to a user through Redfish.
212    [Arguments]  ${user_name}
213
214    # Description of argument(s):
215    # user_name  User name to which IPMI access is to be added.
216
217    # Adding IPMI access to user name.
218    Redfish.Patch    /redfish/v1/AccountService/Accounts/${user_name}
219    ...  body={"AccountTypes": ["Redfish", "HostConsole", "ManagerConsole", "WebUI", "IPMI"]}
220
221
222Test Setup Execution
223    [Documentation]  Do test case setup tasks.
224
225    Redfish.Login
226
227
228Test Teardown Execution
229    [Documentation]  Do the post test teardown.
230
231    FFDC On Test Case Fail
232    # Delete the test user.
233    Run Keyword And Ignore Error
234    ...  Redfish.Delete  /redfish/v1/AccountService/Accounts/${random_username}
235
236    Redfish.Logout
237
238
239Find And Return Free User Id
240    [Documentation]  Find and return userid that is not being used.
241
242    FOR    ${index}    IN RANGE    300
243        # IPMI maximum users count (i.e. 15 users).
244        ${random_userid}=  Evaluate  random.randint(1, ${ipmi_max_num_users})  modules=random
245        ${access_output}=  Run IPMI Standard Command  channel getaccess 1 ${random_userid}
246
247        ${name_line}=  Get Lines Containing String  ${access_output}  User Name
248        Log To Console  For ID ${random_userid}: ${name_line}
249        ${is_empty}=  Run Keyword And Return Status
250        ...  Should Match Regexp  ${name_line}  ${empty_name_pattern}
251
252        IF  ${is_empty} == ${True}  BREAK
253    END
254
255    IF  '${index}' == '299'
256        Fail  msg=A free user ID could not be found.
257    END
258
259    RETURN  ${random_userid}
260
261