1*** Settings ***
2Documentation    Test IPMI and Redfish combinations for user management.
3
4Resource         ../../lib/resource.robot
5Resource         ../../lib/bmc_redfish_resource.robot
6Resource         ../../lib/openbmc_ffdc.robot
7Resource         ../../lib/ipmi_client.robot
8Library          ../lib/ipmi_utils.py
9
10Test Setup       Test Setup Execution
11Test Teardown    Test Teardown Execution
12
13
14*** Variables ***
15
16${valid_password}       0penBmc1
17${valid_password2}      0penBmc2
18${admin_level_priv}     4
19${operator_level_priv}  3
20${max_num_users}        ${15}
21
22** Test Cases **
23
24Create Admin Redfish User And Verify Login Via IPMI
25    [Documentation]  Create user using redfish and verify via IPMI.
26    [Tags]  Create_Admin_Redfish_User_And_Verify_Login_Via_IPMI
27
28    ${random_username}=  Generate Random String  8  [LETTERS]
29    Set Test Variable  ${random_username}
30
31    ${payload}=  Create Dictionary
32    ...  UserName=${random_username}  Password=${valid_password}
33    ...  RoleId=Administrator  Enabled=${True}
34    Redfish.Post  /redfish/v1/AccountService/Accounts  body=&{payload}
35    ...  valid_status_codes=[${HTTP_CREATED}]
36
37    Verify IPMI Username And Password  ${random_username}  ${valid_password}
38
39
40Update User Password Via Redfish And Verify Using IPMI
41    [Documentation]  Update user password via Redfish and verify using IPMI.
42    [Tags]  Update_User_Password_Via_Redfish_And_Verify_Using_IPMI
43
44    # Create user using Redfish.
45    ${random_username}=  Generate Random String  8  [LETTERS]
46    Set Test Variable  ${random_username}
47
48    ${payload}=  Create Dictionary
49    ...  UserName=${random_username}  Password=${valid_password}
50    ...  RoleId=Administrator  Enabled=${True}
51    Redfish.Post  /redfish/v1/AccountService/Accounts  body=&{payload}
52    ...  valid_status_codes=[${HTTP_CREATED}]
53
54    # Update user password using Redfish.
55    ${payload}=  Create Dictionary  Password=${valid_password2}
56    Redfish.Patch  /redfish/v1/AccountService/Accounts/${random_username}  body=&{payload}
57
58    # Verify that IPMI command works with new password and fails with older password.
59    Verify IPMI Username And Password  ${random_username}  ${valid_password2}
60
61    Run Keyword And Expect Error  *Error: Unable to establish IPMI*
62    ...  Verify IPMI Username And Password  ${random_username}  ${valid_password}
63
64
65Update User Privilege Via Redfish And Verify Using IPMI
66    [Documentation]  Update user privilege via Redfish and verify using IPMI.
67    [Tags]  Update_User_Privilege_Via_Redfish_And_Verify_Using_IPMI
68
69    # Create user using Redfish with admin privilege.
70    ${random_username}=  Generate Random String  8  [LETTERS]
71    Set Test Variable  ${random_username}
72
73    ${payload}=  Create Dictionary
74    ...  UserName=${random_username}  Password=${valid_password}
75    ...  RoleId=Administrator  Enabled=${True}
76    Redfish.Post  /redfish/v1/AccountService/Accounts  body=&{payload}
77    ...  valid_status_codes=[${HTTP_CREATED}]
78
79    # Update user privilege to operator using Redfish.
80    ${payload}=  Create Dictionary  RoleId=Operator
81    Redfish.Patch  /redfish/v1/AccountService/Accounts/${random_username}  body=&{payload}
82
83    # Verify new user privilege level via IPMI.
84    ${resp}=  Run IPMI Standard Command  user list
85
86    # Example of response data:
87    # ID  Name             Callin  Link Auth  IPMI Msg   Channel Priv Limit
88    # 1   root             false   true       true       ADMINISTRATOR
89    # 2   OAvCxjMv         false   true       true       OPERATOR
90    # 3                    true    false      false      NO ACCESS
91    # ..
92    # ..
93    # 15                   true    false      false      NO ACCESS
94
95    ${user_info}=
96    ...  Get Lines Containing String  ${resp}  ${random_username}
97    Should Contain  ${user_info}  OPERATOR
98
99
100Delete User Via Redfish And Verify Using IPMI
101    [Documentation]  Delete user via redfish and verify using IPMI.
102    [Tags]  Delete_User_Via_Redfish_And_Verify_Using_IPMI
103
104    # Create user using Redfish.
105    ${random_username}=  Generate Random String  8  [LETTERS]
106    Set Test Variable  ${random_username}
107
108    ${payload}=  Create Dictionary
109    ...  UserName=${random_username}  Password=${valid_password}
110    ...  RoleId=Administrator  Enabled=${True}
111    Redfish.Post  /redfish/v1/AccountService/Accounts  body=&{payload}
112    ...  valid_status_codes=[${HTTP_CREATED}]
113
114    # Delete user using Redfish.
115    Redfish.Delete  /redfish/v1/AccountService/Accounts/${random_username}
116
117    # Verify that IPMI command fails with deleted user.
118    Run Keyword And Expect Error  *Error: Unable to establish IPMI*
119    ...  Verify IPMI Username And Password  ${random_username}  ${valid_password}
120
121
122Create IPMI User And Verify Login Via Redfish
123    [Documentation]  Create user using IPMI and verify user login via Redfish.
124    [Tags]  Create_IPMI_User_And_Verify_Login_Via_Redfish
125
126    ${username}  ${userid}=  IPMI Create Random User Plus Password And Privilege
127    ...  ${valid_password}  ${admin_level_priv}
128
129    Redfish.Logout
130
131    # Verify user login using Redfish.
132    Redfish.Login  ${username}  ${valid_password}
133    Redfish.Logout
134
135    Redfish.Login
136
137
138Update User Password Via IPMI And Verify Using Redfish
139    [Documentation]  Update user password using IPMI and verify user
140    ...  login via Redfish.
141    [Tags]  Update_User_Password_Via_IPMI_And_Verify_Using_Redfish
142
143    ${username}  ${userid}=  IPMI Create Random User Plus Password And Privilege
144    ...  ${valid_password}  ${admin_level_priv}
145
146    # Update user password using IPMI.
147    Run IPMI Standard Command
148    ...  user set password ${userid} ${valid_password2}
149
150    Redfish.Logout
151
152    # Verify that user login works with new password using Redfish.
153    Redfish.Login  ${username}  ${valid_password2}
154    Redfish.Logout
155
156    Redfish.Login
157
158
159Update User Privilege Via IPMI And Verify Using Redfish
160    [Documentation]  Update user privilege via IPMI and verify using Redfish.
161    [Tags]  Update_User_Privilege_Via_IPMI_And_Verify_Using_Redfish
162
163    # Create user using IPMI with admin privilege.
164    ${username}  ${userid}=  IPMI Create Random User Plus Password And Privilege
165    ...  ${valid_password}  ${admin_level_priv}
166
167    # Change user privilege to opetrator using IPMI.
168    Run IPMI Standard Command
169    ...  user priv ${userid} ${operator_level_priv}
170
171    # Verify new user privilege level via Redfish.
172    ${privilege}=  Redfish_Utils.Get Attribute
173    ...  /redfish/v1/AccountService/Accounts/${username}  RoleId
174    Should Be Equal  ${privilege}  Operator
175
176
177Delete User Via IPMI And Verify Using Redfish
178    [Documentation]  Delete user using IPMI and verify error while doing
179    ...  user login with deleted user via Redfish.
180    [Tags]  Delete_User_Via_IPMI_And_Verify_Using_Redfish
181
182    ${username}  ${userid}=  IPMI Create Random User Plus Password And Privilege
183    ...  ${valid_password}  ${admin_level_priv}
184
185    # Delete IPMI User.
186    Run IPMI Standard Command  user set name ${userid} ""
187
188    # Verify that Redfish login fails with deleted user.
189    Run Keyword And Expect Error  *InvalidCredentialsError*
190    ...  Redfish.Login  ${username}  ${valid_password}
191
192
193Verify Failure To Exceed Max Number Of Users
194    [Documentation]  Verify failure attempting to exceed the max number of user accounts.
195    [Tags]  Verify_Failure_To_Exceed_Max_Number_Of_Users
196    [Teardown]  Run Keywords  Test Teardown Execution  AND  Delete All Non Root IPMI User
197
198    # Get existing user count.
199    ${resp}=  Redfish.Get  /redfish/v1/AccountService/Accounts/
200    ${current_user_count}=  Get From Dictionary  ${resp.dict}  Members@odata.count
201
202    ${payload}=  Create Dictionary  Password=${valid_password}
203    ...  RoleId=Administrator  Enabled=${True}
204
205    # Create users to reach maximum users count (i.e. 15 users).
206    FOR  ${INDEX}  IN RANGE  ${current_user_count}  ${max_num_users}
207      ${random_username}=  Generate Random String  8  [LETTERS]
208      Set To Dictionary  ${payload}  UserName  ${random_username}
209      Redfish.Post  ${REDFISH_ACCOUNTS_URI}  body=&{payload}
210      ...  valid_status_codes=[${HTTP_CREATED}]
211    END
212
213    # Verify error while creating 16th user.
214    ${random_username}=  Generate Random String  8  [LETTERS]
215    Set To Dictionary  ${payload}  UserName  ${random_username}
216    Redfish.Post  ${REDFISH_ACCOUNTS_URI}  body=&{payload}
217    ...  valid_status_codes=[${HTTP_BAD_REQUEST}]
218
219
220Create IPMI User Without Any Privilege And Verify Via Redfish
221    [Documentation]  Create user using IPMI without privilege and verify via redfish.
222    [Tags]  Create_IPMI_User_Without_Any_Privilege_And_Verify_Via_Redfish
223
224    ${username}  ${userid}=  IPMI Create Random User Plus Password And Privilege
225    ...  ${valid_password}
226
227    # Verify new user privilege level via Redfish.
228    ${privilege}=  Redfish_Utils.Get Attribute
229    ...  /redfish/v1/AccountService/Accounts/${username}  RoleId
230    Valid Value  privilege  ['NoAccess']
231
232*** Keywords ***
233
234IPMI Create Random User Plus Password And Privilege
235    [Documentation]  Create random IPMI user with given password and privilege
236    ...  level.
237    [Arguments]  ${password}  ${privilege}=0
238
239    # Description of argument(s):
240    # password      Password to be assigned for the user.
241    # privilege     Privilege level for the user (e.g. "1", "2", "3", etc.).
242
243    # Create IPMI user.
244    ${random_username}=  Generate Random String  8  [LETTERS]
245    Set Suite Variable  ${random_username}
246
247    ${random_userid}=  Evaluate  random.randint(2, 15)  modules=random
248    IPMI Create User  ${random_userid}  ${random_username}
249
250    # Set given password for newly created user.
251    Run IPMI Standard Command
252    ...  user set password ${random_userid} ${password}
253
254    # Enable IPMI user.
255    Run IPMI Standard Command  user enable ${random_userid}
256
257    # Set given privilege and enable IPMI messaging for newly created user.
258    Run Keyword If  '${privilege}' != '0'
259    ...  Set Channel Access  ${random_userid}  ipmi=on privilege=${privilege}
260
261    [Return]  ${random_username}  ${random_userid}
262
263
264Test Setup Execution
265    [Documentation]  Do test case setup tasks.
266
267    Redfish.Login
268
269
270Test Teardown Execution
271    [Documentation]  Do the post test teardown.
272
273    FFDC On Test Case Fail
274    # Delete the test user.
275    Run Keyword And Ignore Error
276    ...  Redfish.Delete  /redfish/v1/AccountService/Accounts/${random_username}
277
278    Redfish.Logout
279