1*** Settings ***
2Documentation    Test IPMI and Redfish combinations for user management.
3
4Resource         ../../lib/resource.robot
5Resource         ../../lib/bmc_redfish_resource.robot
6Resource         ../../lib/openbmc_ffdc.robot
7Resource         ../../lib/ipmi_client.robot
8Library          ../lib/ipmi_utils.py
9
10Test Setup       Test Setup Execution
11Test Teardown    Test Teardown Execution
12
13
14*** Variables ***
15
16${valid_password}       0penBmc1
17${valid_password2}      0penBmc2
18${admin_level_priv}     4
19${operator_level_priv}  3
20${max_num_users}        ${15}
21
22** Test Cases **
23
24Create Admin Redfish User And Verify Login Via IPMI
25    [Documentation]  Create user using redfish and verify via IPMI.
26    [Tags]  Create_Admin_Redfish_User_And_Verify_Login_Via_IPMI
27
28    ${random_username}=  Generate Random String  8  [LETTERS]
29    Set Test Variable  ${random_username}
30
31    ${payload}=  Create Dictionary
32    ...  UserName=${random_username}  Password=${valid_password}
33    ...  RoleId=Administrator  Enabled=${True}
34    Redfish.Post  /redfish/v1/AccountService/Accounts  body=&{payload}
35    ...  valid_status_codes=[${HTTP_CREATED}]
36
37    # Delay added for created new user password to get set.
38    Sleep  5s
39
40    Verify IPMI Username And Password  ${random_username}  ${valid_password}
41
42
43Update User Password Via Redfish And Verify Using IPMI
44    [Documentation]  Update user password via Redfish and verify using IPMI.
45    [Tags]  Update_User_Password_Via_Redfish_And_Verify_Using_IPMI
46
47    # Create user using Redfish.
48    ${random_username}=  Generate Random String  8  [LETTERS]
49    Set Test Variable  ${random_username}
50
51    ${payload}=  Create Dictionary
52    ...  UserName=${random_username}  Password=${valid_password}
53    ...  RoleId=Administrator  Enabled=${True}
54    Redfish.Post  /redfish/v1/AccountService/Accounts  body=&{payload}
55    ...  valid_status_codes=[${HTTP_CREATED}]
56
57    # Update user password using Redfish.
58    ${payload}=  Create Dictionary  Password=${valid_password2}
59    Redfish.Patch  /redfish/v1/AccountService/Accounts/${random_username}  body=&{payload}
60
61    # Verify that IPMI command works with new password and fails with older password.
62    Verify IPMI Username And Password  ${random_username}  ${valid_password2}
63
64    Run Keyword And Expect Error  *Error: Unable to establish IPMI*
65    ...  Verify IPMI Username And Password  ${random_username}  ${valid_password}
66
67
68Update User Privilege Via Redfish And Verify Using IPMI
69    [Documentation]  Update user privilege via Redfish and verify using IPMI.
70    [Tags]  Update_User_Privilege_Via_Redfish_And_Verify_Using_IPMI
71
72    # Create user using Redfish with admin privilege.
73    ${random_username}=  Generate Random String  8  [LETTERS]
74    Set Test Variable  ${random_username}
75
76    ${payload}=  Create Dictionary
77    ...  UserName=${random_username}  Password=${valid_password}
78    ...  RoleId=Administrator  Enabled=${True}
79    Redfish.Post  /redfish/v1/AccountService/Accounts  body=&{payload}
80    ...  valid_status_codes=[${HTTP_CREATED}]
81
82    # Update user privilege to operator using Redfish.
83    ${payload}=  Create Dictionary  RoleId=Operator
84    Redfish.Patch  /redfish/v1/AccountService/Accounts/${random_username}  body=&{payload}
85
86    # Verify new user privilege level via IPMI.
87    ${resp}=  Run IPMI Standard Command  user list ${CHANNEL_NUMBER}
88
89    # Example of response data:
90    # ID  Name             Callin  Link Auth  IPMI Msg   Channel Priv Limit
91    # 1   root             false   true       true       ADMINISTRATOR
92    # 2   OAvCxjMv         false   true       true       OPERATOR
93    # 3                    true    false      false      NO ACCESS
94    # ..
95    # ..
96    # 15                   true    false      false      NO ACCESS
97
98    ${user_info}=
99    ...  Get Lines Containing String  ${resp}  ${random_username}
100    Should Contain  ${user_info}  OPERATOR
101
102
103Delete User Via Redfish And Verify Using IPMI
104    [Documentation]  Delete user via redfish and verify using IPMI.
105    [Tags]  Delete_User_Via_Redfish_And_Verify_Using_IPMI
106
107    # Create user using Redfish.
108    ${random_username}=  Generate Random String  8  [LETTERS]
109    Set Test Variable  ${random_username}
110
111    ${payload}=  Create Dictionary
112    ...  UserName=${random_username}  Password=${valid_password}
113    ...  RoleId=Administrator  Enabled=${True}
114    Redfish.Post  /redfish/v1/AccountService/Accounts  body=&{payload}
115    ...  valid_status_codes=[${HTTP_CREATED}]
116
117    # Delete user using Redfish.
118    Redfish.Delete  /redfish/v1/AccountService/Accounts/${random_username}
119
120    # Verify that IPMI command fails with deleted user.
121    Run Keyword And Expect Error  *Error: Unable to establish IPMI*
122    ...  Verify IPMI Username And Password  ${random_username}  ${valid_password}
123
124
125Create IPMI User And Verify Login Via Redfish
126    [Documentation]  Create user using IPMI and verify user login via Redfish.
127    [Tags]  Create_IPMI_User_And_Verify_Login_Via_Redfish
128
129    ${username}  ${userid}=  IPMI Create Random User Plus Password And Privilege
130    ...  ${valid_password}  ${admin_level_priv}
131
132    Redfish.Logout
133
134    # Verify user login using Redfish.
135    Redfish.Login  ${username}  ${valid_password}
136    Redfish.Logout
137
138    Redfish.Login
139
140
141Update User Password Via IPMI And Verify Using Redfish
142    [Documentation]  Update user password using IPMI and verify user
143    ...  login via Redfish.
144    [Tags]  Update_User_Password_Via_IPMI_And_Verify_Using_Redfish
145
146    ${username}  ${userid}=  IPMI Create Random User Plus Password And Privilege
147    ...  ${valid_password}  ${admin_level_priv}
148
149    # Update user password using IPMI.
150    Run IPMI Standard Command
151    ...  user set password ${userid} ${valid_password2}
152
153    Redfish.Logout
154
155    # Verify that user login works with new password using Redfish.
156    Redfish.Login  ${username}  ${valid_password2}
157    Redfish.Logout
158
159    Redfish.Login
160
161
162Update User Privilege Via IPMI And Verify Using Redfish
163    [Documentation]  Update user privilege via IPMI and verify using Redfish.
164    [Tags]  Update_User_Privilege_Via_IPMI_And_Verify_Using_Redfish
165
166    # Create user using IPMI with admin privilege.
167    ${username}  ${userid}=  IPMI Create Random User Plus Password And Privilege
168    ...  ${valid_password}  ${admin_level_priv}
169
170    # Change user privilege to opetrator using IPMI.
171    Run IPMI Standard Command
172    ...  user priv ${userid} ${operator_level_priv} ${CHANNEL_NUMBER}
173
174    # Verify new user privilege level via Redfish.
175    ${privilege}=  Redfish_Utils.Get Attribute
176    ...  /redfish/v1/AccountService/Accounts/${username}  RoleId
177    Should Be Equal  ${privilege}  Operator
178
179
180Delete User Via IPMI And Verify Using Redfish
181    [Documentation]  Delete user using IPMI and verify error while doing
182    ...  user login with deleted user via Redfish.
183    [Tags]  Delete_User_Via_IPMI_And_Verify_Using_Redfish
184
185    ${username}  ${userid}=  IPMI Create Random User Plus Password And Privilege
186    ...  ${valid_password}  ${admin_level_priv}
187
188    # Delete IPMI User.
189    Run IPMI Standard Command  user set name ${userid} ""
190
191    # Verify that Redfish login fails with deleted user.
192    Run Keyword And Expect Error  *InvalidCredentialsError*
193    ...  Redfish.Login  ${username}  ${valid_password}
194
195
196Verify Failure To Exceed Max Number Of Users
197    [Documentation]  Verify failure attempting to exceed the max number of user accounts.
198    [Tags]  Verify_Failure_To_Exceed_Max_Number_Of_Users
199
200    # Get existing user count.
201    ${resp}=  Redfish.Get  /redfish/v1/AccountService/Accounts/
202    ${current_user_count}=  Get From Dictionary  ${resp.dict}  Members@odata.count
203
204    ${payload}=  Create Dictionary  Password=${valid_password}
205    ...  RoleId=Administrator  Enabled=${True}
206
207    @{username_list}=  Create List
208
209    # Create users to reach maximum users count (i.e. 15 users).
210    FOR  ${INDEX}  IN RANGE  ${current_user_count}  ${max_num_users}
211      ${random_username}=  Generate Random String  8  [LETTERS]
212      Set To Dictionary  ${payload}  UserName  ${random_username}
213      Redfish.Post  ${REDFISH_ACCOUNTS_URI}  body=&{payload}
214      ...  valid_status_codes=[${HTTP_CREATED}]
215      Append To List  ${username_list}  /redfish/v1/AccountService/Accounts/${random_username}
216    END
217
218    # Verify error while creating 16th user.
219    ${random_username}=  Generate Random String  8  [LETTERS]
220    Set To Dictionary  ${payload}  UserName  ${random_username}
221    Redfish.Post  ${REDFISH_ACCOUNTS_URI}  body=&{payload}
222    ...  valid_status_codes=[${HTTP_BAD_REQUEST}]
223
224    FOR  ${saved_user_list}  IN  @{username_list}
225      Redfish.Delete  ${saved_user_list}
226    END
227
228
229Create IPMI User Without Any Privilege And Verify Via Redfish
230    [Documentation]  Create user using IPMI without privilege and verify via redfish.
231    [Tags]  Create_IPMI_User_Without_Any_Privilege_And_Verify_Via_Redfish
232
233    ${username}  ${userid}=  IPMI Create Random User Plus Password And Privilege
234    ...  ${valid_password}
235
236    # Verify new user privilege level via Redfish.
237    ${privilege}=  Redfish_Utils.Get Attribute
238    ...  /redfish/v1/AccountService/Accounts/${username}  RoleId
239    Valid Value  privilege  ['NoAccess']
240
241*** Keywords ***
242
243IPMI Create Random User Plus Password And Privilege
244    [Documentation]  Create random IPMI user with given password and privilege
245    ...  level.
246    [Arguments]  ${password}  ${privilege}=0
247
248    # Description of argument(s):
249    # password      Password to be assigned for the user.
250    # privilege     Privilege level for the user (e.g. "1", "2", "3", etc.).
251
252    # Create IPMI user.
253    ${random_username}=  Generate Random String  8  [LETTERS]
254    Set Suite Variable  ${random_username}
255
256    ${random_userid}=  Evaluate  random.randint(2, 15)  modules=random
257    IPMI Create User  ${random_userid}  ${random_username}
258
259    # Set given password for newly created user.
260    Run IPMI Standard Command
261    ...  user set password ${random_userid} ${password}
262
263    # Enable IPMI user.
264    Run IPMI Standard Command  user enable ${random_userid}
265
266    # Set given privilege and enable IPMI messaging for newly created user.
267    Run Keyword If  '${privilege}' != '0'
268    ...  Set Channel Access  ${random_userid}  ipmi=on privilege=${privilege}
269
270    [Return]  ${random_username}  ${random_userid}
271
272
273Test Setup Execution
274    [Documentation]  Do test case setup tasks.
275
276    Redfish.Login
277
278
279Test Teardown Execution
280    [Documentation]  Do the post test teardown.
281
282    FFDC On Test Case Fail
283    # Delete the test user.
284    Run Keyword And Ignore Error
285    ...  Redfish.Delete  /redfish/v1/AccountService/Accounts/${random_username}
286
287    Redfish.Logout
288