1*** Settings *** 2Documentation Test IPMI and Redfish combinations for user management. 3 4Resource ../../lib/resource.robot 5Resource ../../lib/bmc_redfish_resource.robot 6Resource ../../lib/openbmc_ffdc.robot 7Resource ../../lib/ipmi_client.robot 8Library ../lib/ipmi_utils.py 9 10Test Setup Test Setup Execution 11Test Teardown Test Teardown Execution 12 13 14*** Variables *** 15 16${valid_password} 0penBmc1 17${valid_password2} 0penBmc2 18${admin_level_priv} 4 19${operator_level_priv} 3 20${readonly_level_priv} 2 21# Refer: #openbmc/phosphor-user-manager/blob/master/user_mgr.hpp#L41 22# ipmiMaxUsers = 15; <-- IPMI 23# maxSystemUsers = 30; <-- Max system redfish account users allowed 24${ipmi_max_num_users} ${15} 25${max_num_users} ${30} 26${empty_name_pattern} ^User Name\\s.*\\s:\\s$ 27 28** Test Cases ** 29 30Create Admin Redfish User And Verify Login Via IPMI 31 [Documentation] Create user using redfish and verify via IPMI. 32 [Tags] Create_Admin_Redfish_User_And_Verify_Login_Via_IPMI 33 34 ${random_username}= Generate Random String 8 [LETTERS] 35 Set Test Variable ${random_username} 36 37 ${payload}= Create Dictionary 38 ... UserName=${random_username} Password=${valid_password} 39 ... RoleId=Administrator Enabled=${True} 40 Redfish.Post /redfish/v1/AccountService/Accounts body=&{payload} 41 ... valid_status_codes=[${HTTP_CREATED}] 42 43 # Delay added for created new user password to get set. 44 Sleep 5s 45 46 Verify IPMI Username And Password ${random_username} ${valid_password} 47 48 49Update User Password Via Redfish And Verify Using IPMI 50 [Documentation] Update user password via Redfish and verify using IPMI. 51 [Tags] Update_User_Password_Via_Redfish_And_Verify_Using_IPMI 52 53 # Create user using Redfish. 54 ${random_username}= Generate Random String 8 [LETTERS] 55 Set Test Variable ${random_username} 56 57 ${payload}= Create Dictionary 58 ... UserName=${random_username} Password=${valid_password} 59 ... RoleId=Administrator Enabled=${True} 60 Redfish.Post /redfish/v1/AccountService/Accounts body=&{payload} 61 ... valid_status_codes=[${HTTP_CREATED}] 62 63 # Update user password using Redfish. 64 ${payload}= Create Dictionary Password=${valid_password2} 65 Redfish.Patch /redfish/v1/AccountService/Accounts/${random_username} body=&{payload} 66 67 # Verify that IPMI command works with new password and fails with older password. 68 Verify IPMI Username And Password ${random_username} ${valid_password2} 69 70 Run Keyword And Expect Error *Error: Unable to establish IPMI* 71 ... Verify IPMI Username And Password ${random_username} ${valid_password} 72 73 74Update User Privilege Via Redfish And Verify Using IPMI 75 [Documentation] Update user privilege via Redfish and verify using IPMI. 76 [Tags] Update_User_Privilege_Via_Redfish_And_Verify_Using_IPMI 77 78 # Create user using Redfish with admin privilege. 79 ${random_username}= Generate Random String 8 [LETTERS] 80 Set Test Variable ${random_username} 81 82 ${payload}= Create Dictionary 83 ... UserName=${random_username} Password=${valid_password} 84 ... RoleId=Administrator Enabled=${True} 85 Redfish.Post /redfish/v1/AccountService/Accounts body=&{payload} 86 ... valid_status_codes=[${HTTP_CREATED}] 87 88 # Update user privilege to operator using Redfish. 89 ${payload}= Create Dictionary RoleId=Operator 90 Redfish.Patch /redfish/v1/AccountService/Accounts/${random_username} body=&{payload} 91 92 # Verify new user privilege level via IPMI. 93 ${resp}= Run IPMI Standard Command user list ${CHANNEL_NUMBER} 94 95 # Example of response data: 96 # ID Name Callin Link Auth IPMI Msg Channel Priv Limit 97 # 1 root false true true ADMINISTRATOR 98 # 2 OAvCxjMv false true true OPERATOR 99 # 3 true false false NO ACCESS 100 # .. 101 # .. 102 # 15 true false false NO ACCESS 103 104 ${user_info}= 105 ... Get Lines Containing String ${resp} ${random_username} 106 Should Contain ${user_info} OPERATOR 107 108 109Delete User Via Redfish And Verify Using IPMI 110 [Documentation] Delete user via redfish and verify using IPMI. 111 [Tags] Delete_User_Via_Redfish_And_Verify_Using_IPMI 112 113 # Create user using Redfish. 114 ${random_username}= Generate Random String 8 [LETTERS] 115 Set Test Variable ${random_username} 116 117 ${payload}= Create Dictionary 118 ... UserName=${random_username} Password=${valid_password} 119 ... RoleId=Administrator Enabled=${True} 120 Redfish.Post /redfish/v1/AccountService/Accounts body=&{payload} 121 ... valid_status_codes=[${HTTP_CREATED}] 122 123 # Delete user using Redfish. 124 Redfish.Delete /redfish/v1/AccountService/Accounts/${random_username} 125 126 # Verify that IPMI command fails with deleted user. 127 Run Keyword And Expect Error *Error: Unable to establish IPMI* 128 ... Verify IPMI Username And Password ${random_username} ${valid_password} 129 130 131Create IPMI User And Verify Login Via Redfish 132 [Documentation] Create user using IPMI and verify user login via Redfish. 133 [Tags] Create_IPMI_User_And_Verify_Login_Via_Redfish 134 135 ${username} ${userid}= IPMI Create Random User Plus Password And Privilege 136 ... ${valid_password} ${admin_level_priv} 137 138 Redfish.Logout 139 140 # Verify user login using Redfish. 141 Redfish.Login ${username} ${valid_password} 142 Redfish.Logout 143 144 Redfish.Login 145 146 147Update User Password Via IPMI And Verify Using Redfish 148 [Documentation] Update user password using IPMI and verify user 149 ... login via Redfish. 150 [Tags] Update_User_Password_Via_IPMI_And_Verify_Using_Redfish 151 152 ${username} ${userid}= IPMI Create Random User Plus Password And Privilege 153 ... ${valid_password} ${admin_level_priv} 154 155 # Update user password using IPMI. 156 Run IPMI Standard Command 157 ... user set password ${userid} ${valid_password2} 158 159 Redfish.Logout 160 161 # Verify that user login works with new password using Redfish. 162 Redfish.Login ${username} ${valid_password2} 163 Redfish.Logout 164 165 Redfish.Login 166 167 168Update User Privilege To Operator Via IPMI And Verify Using Redfish 169 [Documentation] Update user privilege to operator via IPMI and verify using Redfish. 170 [Tags] Update_User_Privilege_To_Operator_Via_IPMI_And_Verify_Using_Redfish 171 # Create user using IPMI with admin privilege. 172 ${username} ${userid}= IPMI Create Random User Plus Password And Privilege 173 ... ${valid_password} ${admin_level_priv} 174 175 # Change user privilege to opetrator using IPMI. 176 Run IPMI Standard Command 177 ... user priv ${userid} ${operator_level_priv} ${CHANNEL_NUMBER} 178 179 # Verify new user privilege level via Redfish. 180 ${privilege}= Redfish_Utils.Get Attribute 181 ... /redfish/v1/AccountService/Accounts/${username} RoleId 182 Should Be Equal ${privilege} Operator 183 184 185Update User Privilege To Readonly Via IPMI And Verify Using Redfish 186 [Documentation] Update user privilege to readonly via IPMI and verify using Redfish. 187 [Tags] Update_User_Privilege_To_Readonly_Via_IPMI_And_Verify_Using_Redfish 188 189 # Create user using IPMI with admin privilege. 190 ${username} ${userid}= IPMI Create Random User Plus Password And Privilege 191 ... ${valid_password} ${admin_level_priv} 192 193 # Change user privilege to readonly using IPMI. 194 Run IPMI Standard Command 195 ... user priv ${userid} ${readonly_level_priv} ${CHANNEL_NUMBER} 196 197 # Verify new user privilege level via Redfish. 198 ${privilege}= Redfish_Utils.Get Attribute 199 ... /redfish/v1/AccountService/Accounts/${username} RoleId 200 Should Be Equal ${privilege} ReadOnly 201 202 203Delete User Via IPMI And Verify Using Redfish 204 [Documentation] Delete user using IPMI and verify error while doing 205 ... user login with deleted user via Redfish. 206 [Tags] Delete_User_Via_IPMI_And_Verify_Using_Redfish 207 208 ${username} ${userid}= IPMI Create Random User Plus Password And Privilege 209 ... ${valid_password} ${admin_level_priv} 210 211 # Delete IPMI User. 212 Run IPMI Standard Command user set name ${userid} "" 213 214 # Verify that Redfish login fails with deleted user. 215 Run Keyword And Expect Error *InvalidCredentialsError* 216 ... Redfish.Login ${username} ${valid_password} 217 218 219Verify Failure To Exceed Max Number Of Users 220 [Documentation] Verify failure attempting to exceed the max number of user accounts. 221 [Tags] Verify_Failure_To_Exceed_Max_Number_Of_Users 222 [Teardown] Run Keywords Test Teardown Execution 223 ... AND Delete Users Via Redfish ${username_list} 224 225 # Get existing user count. 226 ${resp}= Redfish.Get /redfish/v1/AccountService/Accounts/ 227 ${current_user_count}= Get From Dictionary ${resp.dict} Members@odata.count 228 229 ${payload}= Create Dictionary Password=${valid_password} 230 ... RoleId=Administrator Enabled=${True} 231 232 @{username_list}= Create List 233 234 # Create users to reach maximum users count (i.e. 30 users). 235 FOR ${INDEX} IN RANGE ${current_user_count} ${max_num_users} 236 ${random_username}= Generate Random String 8 [LETTERS] 237 Set To Dictionary ${payload} UserName ${random_username} 238 Redfish.Post ${REDFISH_ACCOUNTS_URI} body=&{payload} 239 ... valid_status_codes=[${HTTP_CREATED}] 240 Append To List ${username_list} /redfish/v1/AccountService/Accounts/${random_username} 241 END 242 243 # Verify error while creating 16th user. 244 ${random_username}= Generate Random String 8 [LETTERS] 245 Set To Dictionary ${payload} UserName ${random_username} 246 Redfish.Post ${REDFISH_ACCOUNTS_URI} body=&{payload} 247 ... valid_status_codes=[${HTTP_BAD_REQUEST}] 248 249 250Create IPMI User Without Any Privilege And Verify Via Redfish 251 [Documentation] Create user using IPMI without privilege and verify via redfish. 252 [Tags] Create_IPMI_User_Without_Any_Privilege_And_Verify_Via_Redfish 253 254 ${username} ${userid}= IPMI Create Random User Plus Password And Privilege 255 ... ${valid_password} 256 257 # Verify new user privilege level via Redfish. 258 ${privilege}= Redfish_Utils.Get Attribute 259 ... /redfish/v1/AccountService/Accounts/${username} RoleId 260 Valid Value privilege ['NoAccess'] 261 262*** Keywords *** 263 264IPMI Create Random User Plus Password And Privilege 265 [Documentation] Create random IPMI user with given password and privilege 266 ... level. 267 [Arguments] ${password} ${privilege}=0 268 269 # Description of argument(s): 270 # password Password to be assigned for the user. 271 # privilege Privilege level for the user (e.g. "1", "2", "3", etc.). 272 273 # Create IPMI user. 274 ${random_username}= Generate Random String 8 [LETTERS] 275 Set Suite Variable ${random_username} 276 277 ${random_userid}= Find Free User Id 278 IPMI Create User ${random_userid} ${random_username} 279 280 # Set given password for newly created user. 281 Run IPMI Standard Command 282 ... user set password ${random_userid} ${password} 283 284 # Enable IPMI user. 285 Run IPMI Standard Command user enable ${random_userid} 286 287 # Set given privilege and enable IPMI messaging for newly created user. 288 Run Keyword If '${privilege}' != '0' 289 ... Set Channel Access ${random_userid} ipmi=on privilege=${privilege} 290 291 [Return] ${random_username} ${random_userid} 292 293 294Delete Users Via Redfish 295 [Documentation] Delete all the users via redfish from given list. 296 [Arguments] ${user_list} 297 298 # Description of argument(s): 299 # user_list List of user which are to be deleted. 300 301 Redfish.Login 302 303 FOR ${user} IN @{user_list} 304 Redfish.Delete ${user} 305 END 306 307 Redfish.Logout 308 309 310Test Setup Execution 311 [Documentation] Do test case setup tasks. 312 313 Redfish.Login 314 315 316Test Teardown Execution 317 [Documentation] Do the post test teardown. 318 319 FFDC On Test Case Fail 320 # Delete the test user. 321 Run Keyword And Ignore Error 322 ... Redfish.Delete /redfish/v1/AccountService/Accounts/${random_username} 323 324 Redfish.Logout 325 326 327Find Free User Id 328 [Documentation] Find a userid that is not being used. 329 FOR ${jj} IN RANGE 300 330 # IPMI maximum users count (i.e. 15 users). 331 ${random_userid}= Evaluate random.randint(1, ${ipmi_max_num_users}) modules=random 332 ${access}= Run IPMI Standard Command channel getaccess ${CHANNEL_NUMBER} ${random_userid} 333 334 ${name_line}= Get Lines Containing String ${access} User Name 335 Log To Console For ID ${random_userid}: ${name_line} 336 ${is_empty}= Run Keyword And Return Status 337 ... Should Match Regexp ${name_line} ${empty_name_pattern} 338 339 Exit For Loop If ${is_empty} == ${True} 340 END 341 Run Keyword If '${jj}' == '299' Fail msg=A free user ID could not be found. 342 [Return] ${random_userid} 343