xref: /openbmc/openbmc-test-automation/redfish/account_service/test_ipmi_redfish_user.robot (revision 025063e5276721ce64b872bc18df6ce96cb8aa95) 
1*** Settings ***
2Documentation    Test IPMI and Redfish combinations for user management.
3
4Resource         ../../lib/resource.robot
5Resource         ../../lib/bmc_redfish_resource.robot
6Resource         ../../lib/openbmc_ffdc.robot
7Resource         ../../lib/ipmi_client.robot
8Library          ../lib/ipmi_utils.py
9
10Test Setup       Test Setup Execution
11Test Teardown    Test Teardown Execution
12
13Test Teardown    IPMI_Redfish_User
14
15*** Variables ***
16
17${valid_password}       0penBmc1
18${valid_password2}      0penBmc2
19${admin_level_priv}     4
20${operator_level_priv}  3
21${readonly_level_priv}  2
22${user_count}  0
23${ipmi_max_num_users}   ${15}
24${max_num_users}        ${15}
25${empty_name_pattern}   ^User Name\\s.*\\s:\\s$
26
27*** Test Cases ***
28
29Create Admin Redfish User And Verify Login Via IPMI
30    [Documentation]  Create user using redfish and verify via IPMI.
31    [Tags]  Create_Admin_Redfish_User_And_Verify_Login_Via_IPMI
32
33    ${random_username}=  Generate Random String  8  [LETTERS]
34    Set Test Variable  ${random_username}
35
36    ${payload}=  Create Dictionary
37    ...  UserName=${random_username}  Password=${valid_password}
38    ...  RoleId=Administrator  Enabled=${True}
39    Redfish.Post  /redfish/v1/AccountService/Accounts  body=&{payload}
40    ...  valid_status_codes=[${HTTP_CREATED}]
41
42    # Delay added for created new user password to get set.
43    Sleep  5s
44
45    Verify IPMI Username And Password  ${random_username}  ${valid_password}
46
47
48Update User Password Via Redfish And Verify Using IPMI
49    [Documentation]  Update user password via Redfish and verify using IPMI.
50    [Tags]  Update_User_Password_Via_Redfish_And_Verify_Using_IPMI
51
52    # Create user using Redfish.
53    ${random_username}=  Generate Random String  8  [LETTERS]
54    Set Test Variable  ${random_username}
55
56    ${payload}=  Create Dictionary
57    ...  UserName=${random_username}  Password=${valid_password}
58    ...  RoleId=Administrator  Enabled=${True}
59    Redfish.Post  /redfish/v1/AccountService/Accounts  body=&{payload}
60    ...  valid_status_codes=[${HTTP_CREATED}]
61
62    # Update user password using Redfish.
63    ${payload}=  Create Dictionary  Password=${valid_password2}
64    Redfish.Patch  /redfish/v1/AccountService/Accounts/${random_username}  body=&{payload}
65
66    # Verify that IPMI command works with new password and fails with older password.
67    Verify IPMI Username And Password  ${random_username}  ${valid_password2}
68
69    Run Keyword And Expect Error  *Error: Unable to establish IPMI*
70    ...  Verify IPMI Username And Password  ${random_username}  ${valid_password}
71
72
73Update User Privilege Via Redfish And Verify Using IPMI
74    [Documentation]  Update user privilege via Redfish and verify using IPMI.
75    [Tags]  Update_User_Privilege_Via_Redfish_And_Verify_Using_IPMI
76
77    # Create user using Redfish with admin privilege.
78    ${random_username}=  Generate Random String  8  [LETTERS]
79    Set Test Variable  ${random_username}
80
81    ${payload}=  Create Dictionary
82    ...  UserName=${random_username}  Password=${valid_password}
83    ...  RoleId=Administrator  Enabled=${True}
84    Redfish.Post  /redfish/v1/AccountService/Accounts  body=&{payload}
85    ...  valid_status_codes=[${HTTP_CREATED}]
86
87    # Update user privilege to operator using Redfish.
88    ${payload}=  Create Dictionary  RoleId=Operator
89    Redfish.Patch  /redfish/v1/AccountService/Accounts/${random_username}  body=&{payload}
90
91    # Verify new user privilege level via IPMI.
92    ${resp}=  Run IPMI Standard Command  user list ${CHANNEL_NUMBER}
93
94    # Example of response data:
95    # ID  Name             Callin  Link Auth  IPMI Msg   Channel Priv Limit
96    # 1   root             false   true       true       ADMINISTRATOR
97    # 2   OAvCxjMv         false   true       true       OPERATOR
98    # 3                    true    false      false      NO ACCESS
99    # ..
100    # ..
101    # 15                   true    false      false      NO ACCESS
102
103    ${user_info}=
104    ...  Get Lines Containing String  ${resp}  ${random_username}
105    Should Contain  ${user_info}  OPERATOR
106
107
108Delete User Via Redfish And Verify Using IPMI
109    [Documentation]  Delete user via redfish and verify using IPMI.
110    [Tags]  Delete_User_Via_Redfish_And_Verify_Using_IPMI
111
112    # Create user using Redfish.
113    ${random_username}=  Generate Random String  8  [LETTERS]
114    Set Test Variable  ${random_username}
115
116    ${payload}=  Create Dictionary
117    ...  UserName=${random_username}  Password=${valid_password}
118    ...  RoleId=Administrator  Enabled=${True}
119    Redfish.Post  /redfish/v1/AccountService/Accounts  body=&{payload}
120    ...  valid_status_codes=[${HTTP_CREATED}]
121
122    # Delete user using Redfish.
123    Redfish.Delete  /redfish/v1/AccountService/Accounts/${random_username}
124
125    # Verify that IPMI command fails with deleted user.
126    Run Keyword And Expect Error  *Error: Unable to establish IPMI*
127    ...  Verify IPMI Username And Password  ${random_username}  ${valid_password}
128
129
130Create IPMI User And Verify Login Via Redfish
131    [Documentation]  Create user using IPMI and verify user login via Redfish.
132    [Tags]  Create_IPMI_User_And_Verify_Login_Via_Redfish
133
134    ${username}  ${userid}=  IPMI Create Random User Plus Password And Privilege
135    ...  ${valid_password}  ${admin_level_priv}
136
137    Redfish.Logout
138
139    # Verify user login using Redfish.
140    Redfish.Login  ${username}  ${valid_password}
141    Redfish.Logout
142
143    Redfish.Login
144
145
146Update User Password Via IPMI And Verify Using Redfish
147    [Documentation]  Update user password using IPMI and verify user
148    ...  login via Redfish.
149    [Tags]  Update_User_Password_Via_IPMI_And_Verify_Using_Redfish
150
151    ${username}  ${userid}=  IPMI Create Random User Plus Password And Privilege
152    ...  ${valid_password}  ${admin_level_priv}
153
154    # Update user password using IPMI.
155    Run IPMI Standard Command
156    ...  user set password ${userid} ${valid_password2}
157
158    Redfish.Logout
159
160    # Verify that user login works with new password using Redfish.
161    Redfish.Login  ${username}  ${valid_password2}
162    Redfish.Logout
163
164    Redfish.Login
165
166
167Update User Privilege To Operator Via IPMI And Verify Using Redfish
168    [Documentation]  Update user privilege to operator via IPMI and verify using Redfish.
169    [Tags]  Update_User_Privilege_To_Operator_Via_IPMI_And_Verify_Using_Redfish
170    # Create user using IPMI with admin privilege.
171    ${username}  ${userid}=  IPMI Create Random User Plus Password And Privilege
172    ...  ${valid_password}  ${admin_level_priv}
173
174    # Change user privilege to opetrator using IPMI.
175    Run IPMI Standard Command
176    ...  user priv ${userid} ${operator_level_priv} ${CHANNEL_NUMBER}
177
178    # Verify new user privilege level via Redfish.
179    ${privilege}=  Redfish_Utils.Get Attribute
180    ...  /redfish/v1/AccountService/Accounts/${username}  RoleId
181    Should Be Equal  ${privilege}  Operator
182
183
184Update User Privilege To Readonly Via IPMI And Verify Using Redfish
185    [Documentation]  Update user privilege to readonly via IPMI and verify using Redfish.
186    [Tags]  Update_User_Privilege_To_Readonly_Via_IPMI_And_Verify_Using_Redfish
187
188    # Create user using IPMI with admin privilege.
189    ${username}  ${userid}=  IPMI Create Random User Plus Password And Privilege
190    ...  ${valid_password}  ${admin_level_priv}
191
192    # Change user privilege to readonly using IPMI.
193    Run IPMI Standard Command
194    ...  user priv ${userid} ${readonly_level_priv} ${CHANNEL_NUMBER}
195
196    # Verify new user privilege level via Redfish.
197    ${privilege}=  Redfish_Utils.Get Attribute
198    ...  /redfish/v1/AccountService/Accounts/${username}  RoleId
199    Should Be Equal  ${privilege}  ReadOnly
200
201
202Delete User Via IPMI And Verify Using Redfish
203    [Documentation]  Delete user using IPMI and verify error while doing
204    ...  user login with deleted user via Redfish.
205    [Tags]  Delete_User_Via_IPMI_And_Verify_Using_Redfish
206
207    ${username}  ${userid}=  IPMI Create Random User Plus Password And Privilege
208    ...  ${valid_password}  ${admin_level_priv}
209
210    # Delete IPMI User.
211    Run IPMI Standard Command  user set name ${userid} ""
212
213    # Verify that Redfish login fails with deleted user.
214    Run Keyword And Expect Error  *InvalidCredentialsError*
215    ...  Redfish.Login  ${username}  ${valid_password}
216
217
218Verify Failure To Exceed Max Number Of Users
219    [Documentation]  Verify failure attempting to exceed the max number of
220    ...  user accounts.
221    [Tags]  Verify_Failure_To_Exceed_Max_Number_Of_Users
222    [Teardown]  Run Keywords  Test Teardown Execution
223    ...         AND  Delete Users Via Redfish  ${username_list}
224
225    # Get existing user count.
226    ${existing_user_count}=  Get User Count Of Not IPMI Account Type
227
228    ${payload}=  Create Dictionary  Password=${valid_password}
229    ...  RoleId=Administrator  Enabled=${True}
230
231    @{username_list}=  Create List
232
233    # Create users to reach maximum users count (i.e. 15 users).
234    FOR  ${INDEX}  IN RANGE  ${existing_user_count}  ${max_num_users}
235      ${random_username}=  Generate Random String  8  [LETTERS]
236      Set To Dictionary  ${payload}  UserName  ${random_username}
237      Redfish.Post  ${REDFISH_ACCOUNTS_URI}  body=&{payload}
238      ...  valid_status_codes=[${HTTP_CREATED}]
239      Append To List  ${username_list}  /redfish/v1/AccountService/Accounts/${random_username}
240    END
241
242    # Verify error while creating 16th user.
243    ${random_username}=  Generate Random String  8  [LETTERS]
244    Set To Dictionary  ${payload}  UserName  ${random_username}
245    Redfish.Post  ${REDFISH_ACCOUNTS_URI}  body=&{payload}
246    ...  valid_status_codes=[${HTTP_BAD_REQUEST}]
247
248
249Create IPMI User Without Any Privilege And Verify Via Redfish
250    [Documentation]  Create user using IPMI without privilege and verify via redfish.
251    [Tags]  Create_IPMI_User_Without_Any_Privilege_And_Verify_Via_Redfish
252
253    ${username}  ${userid}=  IPMI Create Random User Plus Password And Privilege
254    ...  ${valid_password}
255
256    # Verify new user privilege level via Redfish.
257    ${privilege}=  Redfish_Utils.Get Attribute
258    ...  /redfish/v1/AccountService/Accounts/${username}  RoleId
259    Valid Value  privilege  ['ReadOnly']
260
261*** Keywords ***
262
263IPMI Create Random User Plus Password And Privilege
264    [Documentation]  Create random IPMI user with given password and privilege
265    ...  level.
266    [Arguments]  ${password}  ${privilege}=0
267
268    # Description of argument(s):
269    # password      Password to be assigned for the user.
270    # privilege     Privilege level for the user (e.g. "1", "2", "3", etc.).
271
272    # Create IPMI user.
273    ${random_username}=  Generate Random String  8  [LETTERS]
274    Set Suite Variable  ${random_username}
275
276    ${random_userid}=  Find Free User Id
277    IPMI Create User  ${random_userid}  ${random_username}
278
279    # Set given password for newly created user.
280    Run IPMI Standard Command
281    ...  user set password ${random_userid} ${password}
282
283    # Enable IPMI user.
284    Run IPMI Standard Command  user enable ${random_userid}
285
286    # Set given privilege and enable IPMI messaging for newly created user.
287    IF  '${privilege}' != '0'
288        Set Channel Access  ${random_userid}  ipmi=on privilege=${privilege}
289    END
290
291    RETURN  ${random_username}  ${random_userid}
292
293
294Delete Users Via Redfish
295    [Documentation]  Delete all the users via redfish from given list.
296    [Arguments]  ${user_list}
297
298    # Description of argument(s):
299    # user_list    List of user which are to be deleted.
300
301    Redfish.Login
302
303    FOR  ${user}  IN  @{user_list}
304      Redfish.Delete  ${user}
305    END
306
307    Redfish.Logout
308
309
310Test Setup Execution
311    [Documentation]  Do test case setup tasks.
312
313    Redfish.Login
314
315
316Test Teardown Execution
317    [Documentation]  Do the post test teardown.
318
319    FFDC On Test Case Fail
320    # Delete the test user.
321    Run Keyword And Ignore Error
322    ...  Redfish.Delete  /redfish/v1/AccountService/Accounts/${random_username}
323
324    Redfish.Logout
325
326
327Find Free User Id
328    [Documentation]  Find a userid that is not being used.
329
330    FOR    ${jj}    IN RANGE    300
331        # IPMI maximum users count (i.e. 15 users).
332        ${random_userid}=  Evaluate  random.randint(1, ${ipmi_max_num_users})  modules=random
333        ${access}=  Run IPMI Standard Command  channel getaccess ${CHANNEL_NUMBER} ${random_userid}
334
335        ${name_line}=  Get Lines Containing String  ${access}  User Name
336        ${is_empty}=  Run Keyword And Return Status
337        ...  Should Match Regexp  ${name_line}  ${empty_name_pattern}
338
339        IF  ${is_empty} == ${True}  BREAK
340    END
341    IF  '${jj}' == '299'  Fail  msg=A free user ID could not be found.
342    RETURN  ${random_userid}
343
344
345Get All User Account Names
346    [Documentation]  Get all user account names in list format.
347
348    @{username_list}=  Create List
349    ${resp}=  Redfish.Get  /redfish/v1/AccountService/Accounts/
350    ${current_users}=  Get From Dictionary  ${resp.dict}  Members
351    FOR  ${user}  IN  @{current_users}
352        ${output}=  Split String  ${user["@odata.id"]}  /redfish/v1/AccountService/Accounts/
353        Append To List  ${username_list}  ${output[1]}
354    END
355    RETURN  ${username_list}
356
357
358Get User Count Of Not IPMI Account Type
359    [Documentation]  Get user count of not IPMI account type.
360
361    ${username_list}=  Get All User Account Names
362    FOR  ${user}  IN  @{username_list}
363        ${resp}=  Redfish.Get  /redfish/v1/AccountService/Accounts/${user}
364        @{account_type}=  Get From Dictionary  ${resp.dict}  AccountTypes
365        IF  "IPMI" not in ${account_type}
366            ${user_count}=  Evaluate  ${user_count} + 1
367         END
368    END
369    RETURN  ${user_count}
370