xref: /openbmc/openbmc-test-automation/redfish/account_service/test_ipmi_redfish_user.robot (revision 069b266e40a93fda3992c888062745b1ac920473) 
1*** Settings ***
2Documentation    Test IPMI and Redfish combinations for user management.
3
4Resource         ../../lib/resource.robot
5Resource         ../../lib/bmc_redfish_resource.robot
6Resource         ../../lib/openbmc_ffdc.robot
7Resource         ../../lib/ipmi_client.robot
8Library          ../lib/ipmi_utils.py
9
10Test Setup       Test Setup Execution
11Test Teardown    Test Teardown Execution
12
13
14*** Variables ***
15
16${valid_password}       0penBmc1
17${valid_password2}      0penBmc2
18${admin_level_priv}     4
19${operator_level_priv}  3
20${readonly_level_priv}  2
21${user_count}  0
22${ipmi_max_num_users}   ${15}
23${max_num_users}        ${15}
24${empty_name_pattern}   ^User Name\\s.*\\s:\\s$
25
26*** Test Cases ***
27
28Create Admin Redfish User And Verify Login Via IPMI
29    [Documentation]  Create user using redfish and verify via IPMI.
30    [Tags]  Create_Admin_Redfish_User_And_Verify_Login_Via_IPMI
31
32    ${random_username}=  Generate Random String  8  [LETTERS]
33    Set Test Variable  ${random_username}
34
35    ${payload}=  Create Dictionary
36    ...  UserName=${random_username}  Password=${valid_password}
37    ...  RoleId=Administrator  Enabled=${True}
38    Redfish.Post  /redfish/v1/AccountService/Accounts  body=&{payload}
39    ...  valid_status_codes=[${HTTP_CREATED}]
40
41    # Delay added for created new user password to get set.
42    Sleep  5s
43
44    Verify IPMI Username And Password  ${random_username}  ${valid_password}
45
46
47Update User Password Via Redfish And Verify Using IPMI
48    [Documentation]  Update user password via Redfish and verify using IPMI.
49    [Tags]  Update_User_Password_Via_Redfish_And_Verify_Using_IPMI
50
51    # Create user using Redfish.
52    ${random_username}=  Generate Random String  8  [LETTERS]
53    Set Test Variable  ${random_username}
54
55    ${payload}=  Create Dictionary
56    ...  UserName=${random_username}  Password=${valid_password}
57    ...  RoleId=Administrator  Enabled=${True}
58    Redfish.Post  /redfish/v1/AccountService/Accounts  body=&{payload}
59    ...  valid_status_codes=[${HTTP_CREATED}]
60
61    # Update user password using Redfish.
62    ${payload}=  Create Dictionary  Password=${valid_password2}
63    Redfish.Patch  /redfish/v1/AccountService/Accounts/${random_username}  body=&{payload}
64
65    # Verify that IPMI command works with new password and fails with older password.
66    Verify IPMI Username And Password  ${random_username}  ${valid_password2}
67
68    Run Keyword And Expect Error  *Error: Unable to establish IPMI*
69    ...  Verify IPMI Username And Password  ${random_username}  ${valid_password}
70
71
72Update User Privilege Via Redfish And Verify Using IPMI
73    [Documentation]  Update user privilege via Redfish and verify using IPMI.
74    [Tags]  Update_User_Privilege_Via_Redfish_And_Verify_Using_IPMI
75
76    # Create user using Redfish with admin privilege.
77    ${random_username}=  Generate Random String  8  [LETTERS]
78    Set Test Variable  ${random_username}
79
80    ${payload}=  Create Dictionary
81    ...  UserName=${random_username}  Password=${valid_password}
82    ...  RoleId=Administrator  Enabled=${True}
83    Redfish.Post  /redfish/v1/AccountService/Accounts  body=&{payload}
84    ...  valid_status_codes=[${HTTP_CREATED}]
85
86    # Update user privilege to operator using Redfish.
87    ${payload}=  Create Dictionary  RoleId=Operator
88    Redfish.Patch  /redfish/v1/AccountService/Accounts/${random_username}  body=&{payload}
89
90    # Verify new user privilege level via IPMI.
91    ${resp}=  Run IPMI Standard Command  user list ${CHANNEL_NUMBER}
92
93    # Example of response data:
94    # ID  Name             Callin  Link Auth  IPMI Msg   Channel Priv Limit
95    # 1   root             false   true       true       ADMINISTRATOR
96    # 2   OAvCxjMv         false   true       true       OPERATOR
97    # 3                    true    false      false      NO ACCESS
98    # ..
99    # ..
100    # 15                   true    false      false      NO ACCESS
101
102    ${user_info}=
103    ...  Get Lines Containing String  ${resp}  ${random_username}
104    Should Contain  ${user_info}  OPERATOR
105
106
107Delete User Via Redfish And Verify Using IPMI
108    [Documentation]  Delete user via redfish and verify using IPMI.
109    [Tags]  Delete_User_Via_Redfish_And_Verify_Using_IPMI
110
111    # Create user using Redfish.
112    ${random_username}=  Generate Random String  8  [LETTERS]
113    Set Test Variable  ${random_username}
114
115    ${payload}=  Create Dictionary
116    ...  UserName=${random_username}  Password=${valid_password}
117    ...  RoleId=Administrator  Enabled=${True}
118    Redfish.Post  /redfish/v1/AccountService/Accounts  body=&{payload}
119    ...  valid_status_codes=[${HTTP_CREATED}]
120
121    # Delete user using Redfish.
122    Redfish.Delete  /redfish/v1/AccountService/Accounts/${random_username}
123
124    # Verify that IPMI command fails with deleted user.
125    Run Keyword And Expect Error  *Error: Unable to establish IPMI*
126    ...  Verify IPMI Username And Password  ${random_username}  ${valid_password}
127
128
129Create IPMI User And Verify Login Via Redfish
130    [Documentation]  Create user using IPMI and verify user login via Redfish.
131    [Tags]  Create_IPMI_User_And_Verify_Login_Via_Redfish
132
133    ${username}  ${userid}=  IPMI Create Random User Plus Password And Privilege
134    ...  ${valid_password}  ${admin_level_priv}
135
136    Redfish.Logout
137
138    # Verify user login using Redfish.
139    Redfish.Login  ${username}  ${valid_password}
140    Redfish.Logout
141
142    Redfish.Login
143
144
145Update User Password Via IPMI And Verify Using Redfish
146    [Documentation]  Update user password using IPMI and verify user
147    ...  login via Redfish.
148    [Tags]  Update_User_Password_Via_IPMI_And_Verify_Using_Redfish
149
150    ${username}  ${userid}=  IPMI Create Random User Plus Password And Privilege
151    ...  ${valid_password}  ${admin_level_priv}
152
153    # Update user password using IPMI.
154    Run IPMI Standard Command
155    ...  user set password ${userid} ${valid_password2}
156
157    Redfish.Logout
158
159    # Verify that user login works with new password using Redfish.
160    Redfish.Login  ${username}  ${valid_password2}
161    Redfish.Logout
162
163    Redfish.Login
164
165
166Update User Privilege To Operator Via IPMI And Verify Using Redfish
167    [Documentation]  Update user privilege to operator via IPMI and verify using Redfish.
168    [Tags]  Update_User_Privilege_To_Operator_Via_IPMI_And_Verify_Using_Redfish
169    # Create user using IPMI with admin privilege.
170    ${username}  ${userid}=  IPMI Create Random User Plus Password And Privilege
171    ...  ${valid_password}  ${admin_level_priv}
172
173    # Change user privilege to opetrator using IPMI.
174    Run IPMI Standard Command
175    ...  user priv ${userid} ${operator_level_priv} ${CHANNEL_NUMBER}
176
177    # Verify new user privilege level via Redfish.
178    ${privilege}=  Redfish_Utils.Get Attribute
179    ...  /redfish/v1/AccountService/Accounts/${username}  RoleId
180    Should Be Equal  ${privilege}  Operator
181
182
183Update User Privilege To Readonly Via IPMI And Verify Using Redfish
184    [Documentation]  Update user privilege to readonly via IPMI and verify using Redfish.
185    [Tags]  Update_User_Privilege_To_Readonly_Via_IPMI_And_Verify_Using_Redfish
186
187    # Create user using IPMI with admin privilege.
188    ${username}  ${userid}=  IPMI Create Random User Plus Password And Privilege
189    ...  ${valid_password}  ${admin_level_priv}
190
191    # Change user privilege to readonly using IPMI.
192    Run IPMI Standard Command
193    ...  user priv ${userid} ${readonly_level_priv} ${CHANNEL_NUMBER}
194
195    # Verify new user privilege level via Redfish.
196    ${privilege}=  Redfish_Utils.Get Attribute
197    ...  /redfish/v1/AccountService/Accounts/${username}  RoleId
198    Should Be Equal  ${privilege}  ReadOnly
199
200
201Delete User Via IPMI And Verify Using Redfish
202    [Documentation]  Delete user using IPMI and verify error while doing
203    ...  user login with deleted user via Redfish.
204    [Tags]  Delete_User_Via_IPMI_And_Verify_Using_Redfish
205
206    ${username}  ${userid}=  IPMI Create Random User Plus Password And Privilege
207    ...  ${valid_password}  ${admin_level_priv}
208
209    # Delete IPMI User.
210    Run IPMI Standard Command  user set name ${userid} ""
211
212    # Verify that Redfish login fails with deleted user.
213    Run Keyword And Expect Error  *InvalidCredentialsError*
214    ...  Redfish.Login  ${username}  ${valid_password}
215
216
217Verify Failure To Exceed Max Number Of Users
218    [Documentation]  Verify failure attempting to exceed the max number of
219    ...  user accounts.
220    [Tags]  Verify_Failure_To_Exceed_Max_Number_Of_Users
221    [Teardown]  Run Keywords  Test Teardown Execution
222    ...         AND  Delete Users Via Redfish  ${username_list}
223
224    # Get existing user count.
225    ${existing_user_count}=  Get User Count Of Not IPMI Account Type
226
227    ${payload}=  Create Dictionary  Password=${valid_password}
228    ...  RoleId=Administrator  Enabled=${True}
229
230    @{username_list}=  Create List
231
232    # Create users to reach maximum users count (i.e. 15 users).
233    FOR  ${INDEX}  IN RANGE  ${existing_user_count}  ${max_num_users}
234      ${random_username}=  Generate Random String  8  [LETTERS]
235      Set To Dictionary  ${payload}  UserName  ${random_username}
236      Redfish.Post  ${REDFISH_ACCOUNTS_URI}  body=&{payload}
237      ...  valid_status_codes=[${HTTP_CREATED}]
238      Append To List  ${username_list}  /redfish/v1/AccountService/Accounts/${random_username}
239    END
240
241    # Verify error while creating 16th user.
242    ${random_username}=  Generate Random String  8  [LETTERS]
243    Set To Dictionary  ${payload}  UserName  ${random_username}
244    Redfish.Post  ${REDFISH_ACCOUNTS_URI}  body=&{payload}
245    ...  valid_status_codes=[${HTTP_BAD_REQUEST}]
246
247
248Create IPMI User Without Any Privilege And Verify Via Redfish
249    [Documentation]  Create user using IPMI without privilege and verify via redfish.
250    [Tags]  Create_IPMI_User_Without_Any_Privilege_And_Verify_Via_Redfish
251
252    ${username}  ${userid}=  IPMI Create Random User Plus Password And Privilege
253    ...  ${valid_password}
254
255    # Verify new user privilege level via Redfish.
256    ${privilege}=  Redfish_Utils.Get Attribute
257    ...  /redfish/v1/AccountService/Accounts/${username}  RoleId
258    Valid Value  privilege  ['ReadOnly']
259
260*** Keywords ***
261
262IPMI Create Random User Plus Password And Privilege
263    [Documentation]  Create random IPMI user with given password and privilege
264    ...  level.
265    [Arguments]  ${password}  ${privilege}=0
266
267    # Description of argument(s):
268    # password      Password to be assigned for the user.
269    # privilege     Privilege level for the user (e.g. "1", "2", "3", etc.).
270
271    # Create IPMI user.
272    ${random_username}=  Generate Random String  8  [LETTERS]
273    Set Suite Variable  ${random_username}
274
275    ${random_userid}=  Find Free User Id
276    IPMI Create User  ${random_userid}  ${random_username}
277
278    # Set given password for newly created user.
279    Run IPMI Standard Command
280    ...  user set password ${random_userid} ${password}
281
282    # Enable IPMI user.
283    Run IPMI Standard Command  user enable ${random_userid}
284
285    # Set given privilege and enable IPMI messaging for newly created user.
286    IF  '${privilege}' != '0'
287        Set Channel Access  ${random_userid}  ipmi=on privilege=${privilege}
288    END
289
290    RETURN  ${random_username}  ${random_userid}
291
292
293Delete Users Via Redfish
294    [Documentation]  Delete all the users via redfish from given list.
295    [Arguments]  ${user_list}
296
297    # Description of argument(s):
298    # user_list    List of user which are to be deleted.
299
300    Redfish.Login
301
302    FOR  ${user}  IN  @{user_list}
303      Redfish.Delete  ${user}
304    END
305
306    Redfish.Logout
307
308
309Test Setup Execution
310    [Documentation]  Do test case setup tasks.
311
312    Redfish.Login
313
314
315Test Teardown Execution
316    [Documentation]  Do the post test teardown.
317
318    FFDC On Test Case Fail
319    # Delete the test user.
320    Run Keyword And Ignore Error
321    ...  Redfish.Delete  /redfish/v1/AccountService/Accounts/${random_username}
322
323    Redfish.Logout
324
325
326Find Free User Id
327    [Documentation]  Find a userid that is not being used.
328    FOR    ${jj}    IN RANGE    300
329        # IPMI maximum users count (i.e. 15 users).
330        ${random_userid}=  Evaluate  random.randint(1, ${ipmi_max_num_users})  modules=random
331        ${access}=  Run IPMI Standard Command  channel getaccess ${CHANNEL_NUMBER} ${random_userid}
332
333        ${name_line}=  Get Lines Containing String  ${access}  User Name
334        ${is_empty}=  Run Keyword And Return Status
335        ...  Should Match Regexp  ${name_line}  ${empty_name_pattern}
336
337        IF  ${is_empty} == ${True}  BREAK
338    END
339    IF  '${jj}' == '299'  Fail  msg=A free user ID could not be found.
340    RETURN  ${random_userid}
341
342
343Get All User Account Names
344    [Documentation]  Get all user account names in list format.
345
346    @{username_list}=  Create List
347    ${resp}=  Redfish.Get  /redfish/v1/AccountService/Accounts/
348    ${current_users}=  Get From Dictionary  ${resp.dict}  Members
349    FOR  ${user}  IN  @{current_users}
350        ${output}=  Split String  ${user["@odata.id"]}  /redfish/v1/AccountService/Accounts/
351        Append To List  ${username_list}  ${output[1]}
352    END
353    RETURN  ${username_list}
354
355
356Get User Count Of Not IPMI Account Type
357    [Documentation]  Get user count of not IPMI account type.
358
359    ${username_list}=  Get All User Account Names
360    FOR  ${user}  IN  @{username_list}
361        ${resp}=  Redfish.Get  /redfish/v1/AccountService/Accounts/${user}
362        @{account_type}=  Get From Dictionary  ${resp.dict}  AccountTypes
363        IF  "IPMI" not in ${account_type}
364            ${user_count}=  Evaluate  ${user_count} + 1
365         END
366    END
367    RETURN  ${user_count}
368