1*** Settings ***
2Documentation    Test IPMI and Redfish combinations for user management.
3
4Resource         ../../lib/resource.robot
5Resource         ../../lib/bmc_redfish_resource.robot
6Resource         ../../lib/openbmc_ffdc.robot
7Resource         ../../lib/ipmi_client.robot
8Library          ../lib/ipmi_utils.py
9
10Test Setup       Test Setup Execution
11Test Teardown    Test Teardown Execution
12
13
14*** Variables ***
15
16${valid_password}       0penBmc1
17${valid_password2}      0penBmc2
18${admin_level_priv}     4
19${operator_level_priv}  3
20${readonly_level_priv}  2
21# Refer:  #openbmc/phosphor-user-manager/blob/master/user_mgr.hpp#L41
22# ipmiMaxUsers = 15;    <-- IPMI
23# maxSystemUsers = 30;  <-- Max system redfish account users allowed
24${ipmi_max_num_users}   ${15}
25${max_num_users}        ${30}
26${empty_name_pattern}   ^User Name\\s.*\\s:\\s$
27
28** Test Cases **
29
30Create Admin Redfish User And Verify Login Via IPMI
31    [Documentation]  Create user using redfish and verify via IPMI.
32    [Tags]  Create_Admin_Redfish_User_And_Verify_Login_Via_IPMI
33
34    ${random_username}=  Generate Random String  8  [LETTERS]
35    Set Test Variable  ${random_username}
36
37    ${payload}=  Create Dictionary
38    ...  UserName=${random_username}  Password=${valid_password}
39    ...  RoleId=Administrator  Enabled=${True}
40    Redfish.Post  /redfish/v1/AccountService/Accounts  body=&{payload}
41    ...  valid_status_codes=[${HTTP_CREATED}]
42
43    # Delay added for created new user password to get set.
44    Sleep  5s
45
46    Verify IPMI Username And Password  ${random_username}  ${valid_password}
47
48
49Update User Password Via Redfish And Verify Using IPMI
50    [Documentation]  Update user password via Redfish and verify using IPMI.
51    [Tags]  Update_User_Password_Via_Redfish_And_Verify_Using_IPMI
52
53    # Create user using Redfish.
54    ${random_username}=  Generate Random String  8  [LETTERS]
55    Set Test Variable  ${random_username}
56
57    ${payload}=  Create Dictionary
58    ...  UserName=${random_username}  Password=${valid_password}
59    ...  RoleId=Administrator  Enabled=${True}
60    Redfish.Post  /redfish/v1/AccountService/Accounts  body=&{payload}
61    ...  valid_status_codes=[${HTTP_CREATED}]
62
63    # Update user password using Redfish.
64    ${payload}=  Create Dictionary  Password=${valid_password2}
65    Redfish.Patch  /redfish/v1/AccountService/Accounts/${random_username}  body=&{payload}
66
67    # Verify that IPMI command works with new password and fails with older password.
68    Verify IPMI Username And Password  ${random_username}  ${valid_password2}
69
70    Run Keyword And Expect Error  *Error: Unable to establish IPMI*
71    ...  Verify IPMI Username And Password  ${random_username}  ${valid_password}
72
73
74Update User Privilege Via Redfish And Verify Using IPMI
75    [Documentation]  Update user privilege via Redfish and verify using IPMI.
76    [Tags]  Update_User_Privilege_Via_Redfish_And_Verify_Using_IPMI
77
78    # Create user using Redfish with admin privilege.
79    ${random_username}=  Generate Random String  8  [LETTERS]
80    Set Test Variable  ${random_username}
81
82    ${payload}=  Create Dictionary
83    ...  UserName=${random_username}  Password=${valid_password}
84    ...  RoleId=Administrator  Enabled=${True}
85    Redfish.Post  /redfish/v1/AccountService/Accounts  body=&{payload}
86    ...  valid_status_codes=[${HTTP_CREATED}]
87
88    # Update user privilege to operator using Redfish.
89    ${payload}=  Create Dictionary  RoleId=Operator
90    Redfish.Patch  /redfish/v1/AccountService/Accounts/${random_username}  body=&{payload}
91
92    # Verify new user privilege level via IPMI.
93    ${resp}=  Run IPMI Standard Command  user list ${CHANNEL_NUMBER}
94
95    # Example of response data:
96    # ID  Name             Callin  Link Auth  IPMI Msg   Channel Priv Limit
97    # 1   root             false   true       true       ADMINISTRATOR
98    # 2   OAvCxjMv         false   true       true       OPERATOR
99    # 3                    true    false      false      NO ACCESS
100    # ..
101    # ..
102    # 15                   true    false      false      NO ACCESS
103
104    ${user_info}=
105    ...  Get Lines Containing String  ${resp}  ${random_username}
106    Should Contain  ${user_info}  OPERATOR
107
108
109Delete User Via Redfish And Verify Using IPMI
110    [Documentation]  Delete user via redfish and verify using IPMI.
111    [Tags]  Delete_User_Via_Redfish_And_Verify_Using_IPMI
112
113    # Create user using Redfish.
114    ${random_username}=  Generate Random String  8  [LETTERS]
115    Set Test Variable  ${random_username}
116
117    ${payload}=  Create Dictionary
118    ...  UserName=${random_username}  Password=${valid_password}
119    ...  RoleId=Administrator  Enabled=${True}
120    Redfish.Post  /redfish/v1/AccountService/Accounts  body=&{payload}
121    ...  valid_status_codes=[${HTTP_CREATED}]
122
123    # Delete user using Redfish.
124    Redfish.Delete  /redfish/v1/AccountService/Accounts/${random_username}
125
126    # Verify that IPMI command fails with deleted user.
127    Run Keyword And Expect Error  *Error: Unable to establish IPMI*
128    ...  Verify IPMI Username And Password  ${random_username}  ${valid_password}
129
130
131Create IPMI User And Verify Login Via Redfish
132    [Documentation]  Create user using IPMI and verify user login via Redfish.
133    [Tags]  Create_IPMI_User_And_Verify_Login_Via_Redfish
134
135    ${username}  ${userid}=  IPMI Create Random User Plus Password And Privilege
136    ...  ${valid_password}  ${admin_level_priv}
137
138    Redfish.Logout
139
140    # Verify user login using Redfish.
141    Redfish.Login  ${username}  ${valid_password}
142    Redfish.Logout
143
144    Redfish.Login
145
146
147Update User Password Via IPMI And Verify Using Redfish
148    [Documentation]  Update user password using IPMI and verify user
149    ...  login via Redfish.
150    [Tags]  Update_User_Password_Via_IPMI_And_Verify_Using_Redfish
151
152    ${username}  ${userid}=  IPMI Create Random User Plus Password And Privilege
153    ...  ${valid_password}  ${admin_level_priv}
154
155    # Update user password using IPMI.
156    Run IPMI Standard Command
157    ...  user set password ${userid} ${valid_password2}
158
159    Redfish.Logout
160
161    # Verify that user login works with new password using Redfish.
162    Redfish.Login  ${username}  ${valid_password2}
163    Redfish.Logout
164
165    Redfish.Login
166
167
168Update User Privilege To Operator Via IPMI And Verify Using Redfish
169    [Documentation]  Update user privilege to operator via IPMI and verify using Redfish.
170    [Tags]  Update_User_Privilege_To_Operator_Via_IPMI_And_Verify_Using_Redfish
171    # Create user using IPMI with admin privilege.
172    ${username}  ${userid}=  IPMI Create Random User Plus Password And Privilege
173    ...  ${valid_password}  ${admin_level_priv}
174
175    # Change user privilege to opetrator using IPMI.
176    Run IPMI Standard Command
177    ...  user priv ${userid} ${operator_level_priv} ${CHANNEL_NUMBER}
178
179    # Verify new user privilege level via Redfish.
180    ${privilege}=  Redfish_Utils.Get Attribute
181    ...  /redfish/v1/AccountService/Accounts/${username}  RoleId
182    Should Be Equal  ${privilege}  Operator
183
184
185Update User Privilege To Readonly Via IPMI And Verify Using Redfish
186    [Documentation]  Update user privilege to readonly via IPMI and verify using Redfish.
187    [Tags]  Update_User_Privilege_To_Readonly_Via_IPMI_And_Verify_Using_Redfish
188
189    # Create user using IPMI with admin privilege.
190    ${username}  ${userid}=  IPMI Create Random User Plus Password And Privilege
191    ...  ${valid_password}  ${admin_level_priv}
192
193    # Change user privilege to readonly using IPMI.
194    Run IPMI Standard Command
195    ...  user priv ${userid} ${readonly_level_priv} ${CHANNEL_NUMBER}
196
197    # Verify new user privilege level via Redfish.
198    ${privilege}=  Redfish_Utils.Get Attribute
199    ...  /redfish/v1/AccountService/Accounts/${username}  RoleId
200    Should Be Equal  ${privilege}  ReadOnly
201
202
203Delete User Via IPMI And Verify Using Redfish
204    [Documentation]  Delete user using IPMI and verify error while doing
205    ...  user login with deleted user via Redfish.
206    [Tags]  Delete_User_Via_IPMI_And_Verify_Using_Redfish
207
208    ${username}  ${userid}=  IPMI Create Random User Plus Password And Privilege
209    ...  ${valid_password}  ${admin_level_priv}
210
211    # Delete IPMI User.
212    Run IPMI Standard Command  user set name ${userid} ""
213
214    # Verify that Redfish login fails with deleted user.
215    Run Keyword And Expect Error  *InvalidCredentialsError*
216    ...  Redfish.Login  ${username}  ${valid_password}
217
218
219Verify Failure To Exceed Max Number Of Users
220    [Documentation]  Verify failure attempting to exceed the max number of user accounts.
221    [Tags]  Verify_Failure_To_Exceed_Max_Number_Of_Users
222    [Teardown]  Run Keywords  Test Teardown Execution
223    ...         AND  Delete Users Via Redfish  ${username_list}
224
225    # Get existing user count.
226    ${resp}=  Redfish.Get  /redfish/v1/AccountService/Accounts/
227    ${current_user_count}=  Get From Dictionary  ${resp.dict}  Members@odata.count
228
229    ${payload}=  Create Dictionary  Password=${valid_password}
230    ...  RoleId=Administrator  Enabled=${True}
231
232    @{username_list}=  Create List
233
234    # Create users to reach maximum users count (i.e. 30 users).
235    FOR  ${INDEX}  IN RANGE  ${current_user_count}  ${max_num_users}
236      ${random_username}=  Generate Random String  8  [LETTERS]
237      Set To Dictionary  ${payload}  UserName  ${random_username}
238      Redfish.Post  ${REDFISH_ACCOUNTS_URI}  body=&{payload}
239      ...  valid_status_codes=[${HTTP_CREATED}]
240      Append To List  ${username_list}  /redfish/v1/AccountService/Accounts/${random_username}
241    END
242
243    # Verify error while creating 16th user.
244    ${random_username}=  Generate Random String  8  [LETTERS]
245    Set To Dictionary  ${payload}  UserName  ${random_username}
246    Redfish.Post  ${REDFISH_ACCOUNTS_URI}  body=&{payload}
247    ...  valid_status_codes=[${HTTP_BAD_REQUEST}]
248
249
250Create IPMI User Without Any Privilege And Verify Via Redfish
251    [Documentation]  Create user using IPMI without privilege and verify via redfish.
252    [Tags]  Create_IPMI_User_Without_Any_Privilege_And_Verify_Via_Redfish
253
254    ${username}  ${userid}=  IPMI Create Random User Plus Password And Privilege
255    ...  ${valid_password}
256
257    # Verify new user privilege level via Redfish.
258    ${privilege}=  Redfish_Utils.Get Attribute
259    ...  /redfish/v1/AccountService/Accounts/${username}  RoleId
260    Valid Value  privilege  ['NoAccess']
261
262*** Keywords ***
263
264IPMI Create Random User Plus Password And Privilege
265    [Documentation]  Create random IPMI user with given password and privilege
266    ...  level.
267    [Arguments]  ${password}  ${privilege}=0
268
269    # Description of argument(s):
270    # password      Password to be assigned for the user.
271    # privilege     Privilege level for the user (e.g. "1", "2", "3", etc.).
272
273    # Create IPMI user.
274    ${random_username}=  Generate Random String  8  [LETTERS]
275    Set Suite Variable  ${random_username}
276
277    ${random_userid}=  Find Free User Id
278    IPMI Create User  ${random_userid}  ${random_username}
279
280    # Set given password for newly created user.
281    Run IPMI Standard Command
282    ...  user set password ${random_userid} ${password}
283
284    # Enable IPMI user.
285    Run IPMI Standard Command  user enable ${random_userid}
286
287    # Set given privilege and enable IPMI messaging for newly created user.
288    Run Keyword If  '${privilege}' != '0'
289    ...  Set Channel Access  ${random_userid}  ipmi=on privilege=${privilege}
290
291    [Return]  ${random_username}  ${random_userid}
292
293
294Delete Users Via Redfish
295    [Documentation]  Delete all the users via redfish from given list.
296    [Arguments]  ${user_list}
297
298    # Description of argument(s):
299    # user_list    List of user which are to be deleted.
300
301    Redfish.Login
302
303    FOR  ${user}  IN  @{user_list}
304      Redfish.Delete  ${user}
305    END
306
307    Redfish.Logout
308
309
310Test Setup Execution
311    [Documentation]  Do test case setup tasks.
312
313    Redfish.Login
314
315
316Test Teardown Execution
317    [Documentation]  Do the post test teardown.
318
319    FFDC On Test Case Fail
320    # Delete the test user.
321    Run Keyword And Ignore Error
322    ...  Redfish.Delete  /redfish/v1/AccountService/Accounts/${random_username}
323
324    Redfish.Logout
325
326
327Find Free User Id
328    [Documentation]  Find a userid that is not being used.
329    FOR    ${jj}    IN RANGE    300
330        # IPMI maximum users count (i.e. 15 users).
331        ${random_userid}=  Evaluate  random.randint(1, ${ipmi_max_num_users})  modules=random
332        ${access}=  Run IPMI Standard Command  channel getaccess ${CHANNEL_NUMBER} ${random_userid}
333
334        ${name_line}=  Get Lines Containing String  ${access}  User Name
335        Log To Console  For ID ${random_userid}: ${name_line}
336        ${is_empty}=  Run Keyword And Return Status
337        ...  Should Match Regexp  ${name_line}  ${empty_name_pattern}
338
339        Exit For Loop If  ${is_empty} == ${True}
340    END
341    Run Keyword If  '${jj}' == '299'  Fail  msg=A free user ID could not be found.
342    [Return]  ${random_userid}
343