1*** Settings ***
2Documentation    Test IPMI and Redfish combinations for user management.
3
4Resource         ../../lib/resource.robot
5Resource         ../../lib/bmc_redfish_resource.robot
6Resource         ../../lib/openbmc_ffdc.robot
7Resource         ../../lib/ipmi_client.robot
8Library          ../lib/ipmi_utils.py
9
10Test Setup       Test Setup Execution
11Test Teardown    Test Teardown Execution
12
13
14*** Variables ***
15
16${valid_password}       0penBmc1
17${valid_password2}      0penBmc2
18${admin_level_priv}     4
19${operator_level_priv}  3
20${readonly_level_priv}  2
21${ipmi_max_num_users}   ${15}
22${max_num_users}        ${15}
23${empty_name_pattern}   ^User Name\\s.*\\s:\\s$
24
25** Test Cases **
26
27Create Admin Redfish User And Verify Login Via IPMI
28    [Documentation]  Create user using redfish and verify via IPMI.
29    [Tags]  Create_Admin_Redfish_User_And_Verify_Login_Via_IPMI
30
31    ${random_username}=  Generate Random String  8  [LETTERS]
32    Set Test Variable  ${random_username}
33
34    ${payload}=  Create Dictionary
35    ...  UserName=${random_username}  Password=${valid_password}
36    ...  RoleId=Administrator  Enabled=${True}
37    Redfish.Post  /redfish/v1/AccountService/Accounts  body=&{payload}
38    ...  valid_status_codes=[${HTTP_CREATED}]
39
40    # Delay added for created new user password to get set.
41    Sleep  5s
42
43    Verify IPMI Username And Password  ${random_username}  ${valid_password}
44
45
46Update User Password Via Redfish And Verify Using IPMI
47    [Documentation]  Update user password via Redfish and verify using IPMI.
48    [Tags]  Update_User_Password_Via_Redfish_And_Verify_Using_IPMI
49
50    # Create user using Redfish.
51    ${random_username}=  Generate Random String  8  [LETTERS]
52    Set Test Variable  ${random_username}
53
54    ${payload}=  Create Dictionary
55    ...  UserName=${random_username}  Password=${valid_password}
56    ...  RoleId=Administrator  Enabled=${True}
57    Redfish.Post  /redfish/v1/AccountService/Accounts  body=&{payload}
58    ...  valid_status_codes=[${HTTP_CREATED}]
59
60    # Update user password using Redfish.
61    ${payload}=  Create Dictionary  Password=${valid_password2}
62    Redfish.Patch  /redfish/v1/AccountService/Accounts/${random_username}  body=&{payload}
63
64    # Verify that IPMI command works with new password and fails with older password.
65    Verify IPMI Username And Password  ${random_username}  ${valid_password2}
66
67    Run Keyword And Expect Error  *Error: Unable to establish IPMI*
68    ...  Verify IPMI Username And Password  ${random_username}  ${valid_password}
69
70
71Update User Privilege Via Redfish And Verify Using IPMI
72    [Documentation]  Update user privilege via Redfish and verify using IPMI.
73    [Tags]  Update_User_Privilege_Via_Redfish_And_Verify_Using_IPMI
74
75    # Create user using Redfish with admin privilege.
76    ${random_username}=  Generate Random String  8  [LETTERS]
77    Set Test Variable  ${random_username}
78
79    ${payload}=  Create Dictionary
80    ...  UserName=${random_username}  Password=${valid_password}
81    ...  RoleId=Administrator  Enabled=${True}
82    Redfish.Post  /redfish/v1/AccountService/Accounts  body=&{payload}
83    ...  valid_status_codes=[${HTTP_CREATED}]
84
85    # Update user privilege to operator using Redfish.
86    ${payload}=  Create Dictionary  RoleId=Operator
87    Redfish.Patch  /redfish/v1/AccountService/Accounts/${random_username}  body=&{payload}
88
89    # Verify new user privilege level via IPMI.
90    ${resp}=  Run IPMI Standard Command  user list ${CHANNEL_NUMBER}
91
92    # Example of response data:
93    # ID  Name             Callin  Link Auth  IPMI Msg   Channel Priv Limit
94    # 1   root             false   true       true       ADMINISTRATOR
95    # 2   OAvCxjMv         false   true       true       OPERATOR
96    # 3                    true    false      false      NO ACCESS
97    # ..
98    # ..
99    # 15                   true    false      false      NO ACCESS
100
101    ${user_info}=
102    ...  Get Lines Containing String  ${resp}  ${random_username}
103    Should Contain  ${user_info}  OPERATOR
104
105
106Delete User Via Redfish And Verify Using IPMI
107    [Documentation]  Delete user via redfish and verify using IPMI.
108    [Tags]  Delete_User_Via_Redfish_And_Verify_Using_IPMI
109
110    # Create user using Redfish.
111    ${random_username}=  Generate Random String  8  [LETTERS]
112    Set Test Variable  ${random_username}
113
114    ${payload}=  Create Dictionary
115    ...  UserName=${random_username}  Password=${valid_password}
116    ...  RoleId=Administrator  Enabled=${True}
117    Redfish.Post  /redfish/v1/AccountService/Accounts  body=&{payload}
118    ...  valid_status_codes=[${HTTP_CREATED}]
119
120    # Delete user using Redfish.
121    Redfish.Delete  /redfish/v1/AccountService/Accounts/${random_username}
122
123    # Verify that IPMI command fails with deleted user.
124    Run Keyword And Expect Error  *Error: Unable to establish IPMI*
125    ...  Verify IPMI Username And Password  ${random_username}  ${valid_password}
126
127
128Create IPMI User And Verify Login Via Redfish
129    [Documentation]  Create user using IPMI and verify user login via Redfish.
130    [Tags]  Create_IPMI_User_And_Verify_Login_Via_Redfish
131
132    ${username}  ${userid}=  IPMI Create Random User Plus Password And Privilege
133    ...  ${valid_password}  ${admin_level_priv}
134
135    Redfish.Logout
136
137    # Verify user login using Redfish.
138    Redfish.Login  ${username}  ${valid_password}
139    Redfish.Logout
140
141    Redfish.Login
142
143
144Update User Password Via IPMI And Verify Using Redfish
145    [Documentation]  Update user password using IPMI and verify user
146    ...  login via Redfish.
147    [Tags]  Update_User_Password_Via_IPMI_And_Verify_Using_Redfish
148
149    ${username}  ${userid}=  IPMI Create Random User Plus Password And Privilege
150    ...  ${valid_password}  ${admin_level_priv}
151
152    # Update user password using IPMI.
153    Run IPMI Standard Command
154    ...  user set password ${userid} ${valid_password2}
155
156    Redfish.Logout
157
158    # Verify that user login works with new password using Redfish.
159    Redfish.Login  ${username}  ${valid_password2}
160    Redfish.Logout
161
162    Redfish.Login
163
164
165Update User Privilege To Operator Via IPMI And Verify Using Redfish
166    [Documentation]  Update user privilege to operator via IPMI and verify using Redfish.
167    [Tags]  Update_User_Privilege_To_Operator_Via_IPMI_And_Verify_Using_Redfish
168    # Create user using IPMI with admin privilege.
169    ${username}  ${userid}=  IPMI Create Random User Plus Password And Privilege
170    ...  ${valid_password}  ${admin_level_priv}
171
172    # Change user privilege to opetrator using IPMI.
173    Run IPMI Standard Command
174    ...  user priv ${userid} ${operator_level_priv} ${CHANNEL_NUMBER}
175
176    # Verify new user privilege level via Redfish.
177    ${privilege}=  Redfish_Utils.Get Attribute
178    ...  /redfish/v1/AccountService/Accounts/${username}  RoleId
179    Should Be Equal  ${privilege}  Operator
180
181
182Update User Privilege To Readonly Via IPMI And Verify Using Redfish
183    [Documentation]  Update user privilege to readonly via IPMI and verify using Redfish.
184    [Tags]  Update_User_Privilege_To_Readonly_Via_IPMI_And_Verify_Using_Redfish
185
186    # Create user using IPMI with admin privilege.
187    ${username}  ${userid}=  IPMI Create Random User Plus Password And Privilege
188    ...  ${valid_password}  ${admin_level_priv}
189
190    # Change user privilege to readonly using IPMI.
191    Run IPMI Standard Command
192    ...  user priv ${userid} ${readonly_level_priv} ${CHANNEL_NUMBER}
193
194    # Verify new user privilege level via Redfish.
195    ${privilege}=  Redfish_Utils.Get Attribute
196    ...  /redfish/v1/AccountService/Accounts/${username}  RoleId
197    Should Be Equal  ${privilege}  ReadOnly
198
199
200Delete User Via IPMI And Verify Using Redfish
201    [Documentation]  Delete user using IPMI and verify error while doing
202    ...  user login with deleted user via Redfish.
203    [Tags]  Delete_User_Via_IPMI_And_Verify_Using_Redfish
204
205    ${username}  ${userid}=  IPMI Create Random User Plus Password And Privilege
206    ...  ${valid_password}  ${admin_level_priv}
207
208    # Delete IPMI User.
209    Run IPMI Standard Command  user set name ${userid} ""
210
211    # Verify that Redfish login fails with deleted user.
212    Run Keyword And Expect Error  *InvalidCredentialsError*
213    ...  Redfish.Login  ${username}  ${valid_password}
214
215
216Verify Failure To Exceed Max Number Of Users
217    [Documentation]  Verify failure attempting to exceed the max number of user accounts.
218    [Tags]  Verify_Failure_To_Exceed_Max_Number_Of_Users
219    [Teardown]  Run Keywords  Test Teardown Execution
220    ...         AND  Delete Users Via Redfish  ${username_list}
221
222    # Get existing user count.
223    ${resp}=  Redfish.Get  /redfish/v1/AccountService/Accounts/
224    ${current_user_count}=  Get From Dictionary  ${resp.dict}  Members@odata.count
225
226    ${payload}=  Create Dictionary  Password=${valid_password}
227    ...  RoleId=Administrator  Enabled=${True}
228
229    @{username_list}=  Create List
230
231    # Create users to reach maximum users count (i.e. 15 users).
232    FOR  ${INDEX}  IN RANGE  ${current_user_count}  ${max_num_users}
233      ${random_username}=  Generate Random String  8  [LETTERS]
234      Set To Dictionary  ${payload}  UserName  ${random_username}
235      Redfish.Post  ${REDFISH_ACCOUNTS_URI}  body=&{payload}
236      ...  valid_status_codes=[${HTTP_CREATED}]
237      Append To List  ${username_list}  /redfish/v1/AccountService/Accounts/${random_username}
238    END
239
240    # Verify error while creating 16th user.
241    ${random_username}=  Generate Random String  8  [LETTERS]
242    Set To Dictionary  ${payload}  UserName  ${random_username}
243    Redfish.Post  ${REDFISH_ACCOUNTS_URI}  body=&{payload}
244    ...  valid_status_codes=[${HTTP_BAD_REQUEST}]
245
246
247Create IPMI User Without Any Privilege And Verify Via Redfish
248    [Documentation]  Create user using IPMI without privilege and verify via redfish.
249    [Tags]  Create_IPMI_User_Without_Any_Privilege_And_Verify_Via_Redfish
250
251    ${username}  ${userid}=  IPMI Create Random User Plus Password And Privilege
252    ...  ${valid_password}
253
254    # Verify new user privilege level via Redfish.
255    ${privilege}=  Redfish_Utils.Get Attribute
256    ...  /redfish/v1/AccountService/Accounts/${username}  RoleId
257    Valid Value  privilege  ['NoAccess']
258
259*** Keywords ***
260
261IPMI Create Random User Plus Password And Privilege
262    [Documentation]  Create random IPMI user with given password and privilege
263    ...  level.
264    [Arguments]  ${password}  ${privilege}=0
265
266    # Description of argument(s):
267    # password      Password to be assigned for the user.
268    # privilege     Privilege level for the user (e.g. "1", "2", "3", etc.).
269
270    # Create IPMI user.
271    ${random_username}=  Generate Random String  8  [LETTERS]
272    Set Suite Variable  ${random_username}
273
274    ${random_userid}=  Find Free User Id
275    IPMI Create User  ${random_userid}  ${random_username}
276
277    # Set given password for newly created user.
278    Run IPMI Standard Command
279    ...  user set password ${random_userid} ${password}
280
281    # Enable IPMI user.
282    Run IPMI Standard Command  user enable ${random_userid}
283
284    # Set given privilege and enable IPMI messaging for newly created user.
285    Run Keyword If  '${privilege}' != '0'
286    ...  Set Channel Access  ${random_userid}  ipmi=on privilege=${privilege}
287
288    [Return]  ${random_username}  ${random_userid}
289
290
291Delete Users Via Redfish
292    [Documentation]  Delete all the users via redfish from given list.
293    [Arguments]  ${user_list}
294
295    # Description of argument(s):
296    # user_list    List of user which are to be deleted.
297
298    Redfish.Login
299
300    FOR  ${user}  IN  @{user_list}
301      Redfish.Delete  ${user}
302    END
303
304    Redfish.Logout
305
306
307Test Setup Execution
308    [Documentation]  Do test case setup tasks.
309
310    Redfish.Login
311
312
313Test Teardown Execution
314    [Documentation]  Do the post test teardown.
315
316    FFDC On Test Case Fail
317    # Delete the test user.
318    Run Keyword And Ignore Error
319    ...  Redfish.Delete  /redfish/v1/AccountService/Accounts/${random_username}
320
321    Redfish.Logout
322
323
324Find Free User Id
325    [Documentation]  Find a userid that is not being used.
326    FOR    ${jj}    IN RANGE    300
327        # IPMI maximum users count (i.e. 15 users).
328        ${random_userid}=  Evaluate  random.randint(1, ${ipmi_max_num_users})  modules=random
329        ${access}=  Run IPMI Standard Command  channel getaccess ${CHANNEL_NUMBER} ${random_userid}
330
331        ${name_line}=  Get Lines Containing String  ${access}  User Name
332        Log To Console  For ID ${random_userid}: ${name_line}
333        ${is_empty}=  Run Keyword And Return Status
334        ...  Should Match Regexp  ${name_line}  ${empty_name_pattern}
335
336        Exit For Loop If  ${is_empty} == ${True}
337    END
338    Run Keyword If  '${jj}' == '299'  Fail  msg=A free user ID could not be found.
339    [Return]  ${random_userid}
340