1*** Settings ***
2Documentation    Test IPMI and Redfish combinations for user management.
3
4Resource         ../../lib/resource.robot
5Resource         ../../lib/bmc_redfish_resource.robot
6Resource         ../../lib/openbmc_ffdc.robot
7Resource         ../../lib/ipmi_client.robot
8Library          ../lib/ipmi_utils.py
9
10Test Setup       Test Setup Execution
11Test Teardown    Test Teardown Execution
12
13
14*** Variables ***
15
16${valid_password}       0penBmc1
17${valid_password2}      0penBmc2
18${admin_level_priv}     4
19${operator_level_priv}  3
20
21** Test Cases **
22
23Create Admin Redfish User And Verify Login Via IPMI
24    [Documentation]  Create user using redfish and verify via IPMI.
25    [Tags]  Create_Admin_Redfish_User_And_Verify_Login_Via_IPMI
26
27    ${random_username}=  Generate Random String  8  [LETTERS]
28    Set Test Variable  ${random_username}
29
30    ${payload}=  Create Dictionary
31    ...  UserName=${random_username}  Password=${valid_password}
32    ...  RoleId=Administrator  Enabled=${True}
33    Redfish.Post  /redfish/v1/AccountService/Accounts  body=&{payload}
34    ...  valid_status_codes=[${HTTP_CREATED}]
35
36    Verify IPMI Username And Password  ${random_username}  ${valid_password}
37
38
39Update User Password Via Redfish And Verify Using IPMI
40    [Documentation]  Update user password via Redfish and verify using IPMI.
41    [Tags]  Update_User_Password_Via_Redfish_And_Verify_Using_IPMI
42
43    # Create user using Redfish.
44    ${random_username}=  Generate Random String  8  [LETTERS]
45    Set Test Variable  ${random_username}
46
47    ${payload}=  Create Dictionary
48    ...  UserName=${random_username}  Password=${valid_password}
49    ...  RoleId=Administrator  Enabled=${True}
50    Redfish.Post  /redfish/v1/AccountService/Accounts  body=&{payload}
51    ...  valid_status_codes=[${HTTP_CREATED}]
52
53    # Update user password using Redfish.
54    ${payload}=  Create Dictionary  Password=${valid_password2}
55    Redfish.Patch  /redfish/v1/AccountService/Accounts/${random_username}  body=&{payload}
56
57    # Verify that IPMI command works with new password and fails with older password.
58    Verify IPMI Username And Password  ${random_username}  ${valid_password2}
59
60    Run Keyword And Expect Error  Error: Unable to establish IPMI*
61    ...  Verify IPMI Username And Password  ${random_username}  ${valid_password}
62
63
64Update User Privilege Via Redfish And Verify Using IPMI
65    [Documentation]  Update user privilege via Redfish and verify using IPMI.
66    [Tags]  Update_User_Privilege_Via_Redfish_And_Verify_Using_IPMI
67
68    # Create user using Redfish with admin privilege.
69    ${random_username}=  Generate Random String  8  [LETTERS]
70    Set Test Variable  ${random_username}
71
72    ${payload}=  Create Dictionary
73    ...  UserName=${random_username}  Password=${valid_password}
74    ...  RoleId=Administrator  Enabled=${True}
75    Redfish.Post  /redfish/v1/AccountService/Accounts  body=&{payload}
76    ...  valid_status_codes=[${HTTP_CREATED}]
77
78    # Update user privilege to operator using Redfish.
79    ${payload}=  Create Dictionary  RoleId=Operator
80    Redfish.Patch  /redfish/v1/AccountService/Accounts/${random_username}  body=&{payload}
81
82    # Verify new user privilege level via IPMI.
83    ${resp}=  Run IPMI Standard Command  user list
84
85    # Example of response data:
86    # ID  Name             Callin  Link Auth  IPMI Msg   Channel Priv Limit
87    # 1   root             false   true       true       ADMINISTRATOR
88    # 2   OAvCxjMv         false   true       true       OPERATOR
89    # 3                    true    false      false      NO ACCESS
90    # ..
91    # ..
92    # 15                   true    false      false      NO ACCESS
93
94    ${user_info}=
95    ...  Get Lines Containing String  ${resp}  ${random_username}
96    Should Contain  ${user_info}  OPERATOR
97
98
99Delete User Via Redfish And Verify Using IPMI
100    [Documentation]  Delete user via redfish and verify using IPMI.
101    [Tags]  Delete_User_Via_Redfish_And_Verify_Using_IPMI
102
103    # Create user using Redfish.
104    ${random_username}=  Generate Random String  8  [LETTERS]
105    Set Test Variable  ${random_username}
106
107    ${payload}=  Create Dictionary
108    ...  UserName=${random_username}  Password=${valid_password}
109    ...  RoleId=Administrator  Enabled=${True}
110    Redfish.Post  /redfish/v1/AccountService/Accounts  body=&{payload}
111    ...  valid_status_codes=[${HTTP_CREATED}]
112
113    # Delete user using Redfish.
114    Redfish.Delete  /redfish/v1/AccountService/Accounts/${random_username}
115
116    # Verify that IPMI command fails with deleted user.
117    Run Keyword And Expect Error  Error: Unable to establish IPMI*
118    ...  Verify IPMI Username And Password  ${random_username}  ${valid_password}
119
120
121Create IPMI User And Verify Login Via Redfish
122    [Documentation]  Create user using IPMI and verify user login via Redfish.
123    [Tags]  Create_IPMI_User_And_Verify_Login_Via_Redfish
124
125    ${username}  ${userid}=  IPMI Create Random User Plus Password And Privilege
126    ...  ${valid_password}  ${admin_level_priv}
127
128    # Verify user login using Redfish.
129    Redfish.Login  ${username}  ${valid_password}
130
131
132Update User Password Via IPMI And Verify Using Redfish
133    [Documentation]  Update user password using IPMI and verify user
134    ...  login via Redfish.
135    [Tags]  Update_User_Password_Via_IPMI_And_Verify_Using_Redfish
136
137    ${username}  ${userid}=  IPMI Create Random User Plus Password And Privilege
138    ...  ${valid_password}  ${admin_level_priv}
139
140    # Update user password using IPMI.
141    Run IPMI Standard Command
142    ...  user set password ${userid} ${valid_password2}
143
144    # Verify that user login works with new password using Redfish.
145    Redfish.Login  ${username}  ${valid_password2}
146
147
148Update User Privilege Via IPMI And Verify Using Redfish
149    [Documentation]  Update user privilege via IPMI and verify using Redfish.
150    [Tags]  Update_User_Privilege_Via_IPMI_And_Verify_Using_Redfish
151
152    # Create user using IPMI with admin privilege.
153    ${username}  ${userid}=  IPMI Create Random User Plus Password And Privilege
154    ...  ${valid_password}  ${admin_level_priv}
155
156    # Change user privilege to opetrator using IPMI.
157    Run IPMI Standard Command
158    ...  user priv ${userid} ${operator_level_priv}
159
160    # Verify new user privilege level via Redfish.
161    ${privilege}=  Redfish_Utils.Get Attribute
162    ...  /redfish/v1/AccountService/Accounts/${username}  RoleId
163    Should Be Equal  ${privilege}  Operator
164
165
166Delete User Via IPMI And Verify Using Redfish
167    [Documentation]  Delete user using IPMI and verify error while doing
168    ...  user login with deleted user via Redfish.
169    [Tags]  Delete_User_Via_IPMI_And_Verify_Using_Redfish
170
171    ${username}  ${userid}=  IPMI Create Random User Plus Password And Privilege
172    ...  ${valid_password}  ${admin_level_priv}
173
174    # Delete IPMI User.
175    Run IPMI Standard Command  user set name ${userid} ""
176
177    # Verify that Redfish login fails with deleted user.
178    Run Keyword And Expect Error  *InvalidCredentialsError*
179    ...  Redfish.Login  ${username}  ${valid_password}
180
181
182*** Keywords ***
183
184IPMI Create Random User Plus Password And Privilege
185    [Documentation]  Create random IPMI user with given password and privilege
186    ...  level.
187    [Arguments]  ${password}  ${privilege}
188
189    # Description of argument(s):
190    # password      Password to be assigned for the user.
191    # privilege     Privilege level for the user (e.g. "1", "2", "3", etc.).
192
193    # Create IPMI user.
194    ${random_username}=  Generate Random String  8  [LETTERS]
195    Set Suite Variable  ${random_username}
196
197    ${random_userid}=  Evaluate  random.randint(2, 15)  modules=random
198    IPMI Create User  ${random_userid}  ${random_username}
199
200    # Set given password for newly created user.
201    Run IPMI Standard Command
202    ...  user set password ${random_userid} ${password}
203
204    # Enable IPMI user.
205    Run IPMI Standard Command  user enable ${random_userid}
206
207    # Set given privilege and enable IPMI messaging for newly created user.
208    Set Channel Access  ${random_userid}  ipmi=on privilege=${privilege}
209
210    [Return]  ${random_username}  ${random_userid}
211
212
213Test Setup Execution
214    [Documentation]  Do test case setup tasks.
215
216    Redfish.Login
217
218
219Test Teardown Execution
220    [Documentation]  Do the post test teardown.
221
222    FFDC On Test Case Fail
223    # Delete the test user.
224    Run Keyword And Ignore Error
225    ...  Redfish.Delete  /redfish/v1/AccountService/Accounts/${random_username}
226
227    Redfish.Logout
228