1*** Settings ***
2Documentation    Test IPMI and Redfish combinations for user management.
3
4Resource         ../../lib/resource.robot
5Resource         ../../lib/bmc_redfish_resource.robot
6Resource         ../../lib/openbmc_ffdc.robot
7Resource         ../../lib/ipmi_client.robot
8Library          ../lib/ipmi_utils.py
9
10Test Setup       Test Setup Execution
11Test Teardown    Test Teardown Execution
12
13
14*** Variables ***
15
16${valid_password}       0penBmc1
17${valid_password2}      0penBmc2
18${admin_level_priv}     4
19${operator_level_priv}  3
20${max_num_users}        ${15}
21${empty_name_pattern}   ^User Name\\s.*\\s:\\s$
22
23** Test Cases **
24
25Create Admin Redfish User And Verify Login Via IPMI
26    [Documentation]  Create user using redfish and verify via IPMI.
27    [Tags]  Create_Admin_Redfish_User_And_Verify_Login_Via_IPMI
28
29    ${random_username}=  Generate Random String  8  [LETTERS]
30    Set Test Variable  ${random_username}
31
32    ${payload}=  Create Dictionary
33    ...  UserName=${random_username}  Password=${valid_password}
34    ...  RoleId=Administrator  Enabled=${True}
35    Redfish.Post  /redfish/v1/AccountService/Accounts  body=&{payload}
36    ...  valid_status_codes=[${HTTP_CREATED}]
37
38    # Delay added for created new user password to get set.
39    Sleep  5s
40
41    Verify IPMI Username And Password  ${random_username}  ${valid_password}
42
43
44Update User Password Via Redfish And Verify Using IPMI
45    [Documentation]  Update user password via Redfish and verify using IPMI.
46    [Tags]  Update_User_Password_Via_Redfish_And_Verify_Using_IPMI
47
48    # Create user using Redfish.
49    ${random_username}=  Generate Random String  8  [LETTERS]
50    Set Test Variable  ${random_username}
51
52    ${payload}=  Create Dictionary
53    ...  UserName=${random_username}  Password=${valid_password}
54    ...  RoleId=Administrator  Enabled=${True}
55    Redfish.Post  /redfish/v1/AccountService/Accounts  body=&{payload}
56    ...  valid_status_codes=[${HTTP_CREATED}]
57
58    # Update user password using Redfish.
59    ${payload}=  Create Dictionary  Password=${valid_password2}
60    Redfish.Patch  /redfish/v1/AccountService/Accounts/${random_username}  body=&{payload}
61
62    # Verify that IPMI command works with new password and fails with older password.
63    Verify IPMI Username And Password  ${random_username}  ${valid_password2}
64
65    Run Keyword And Expect Error  *Error: Unable to establish IPMI*
66    ...  Verify IPMI Username And Password  ${random_username}  ${valid_password}
67
68
69Update User Privilege Via Redfish And Verify Using IPMI
70    [Documentation]  Update user privilege via Redfish and verify using IPMI.
71    [Tags]  Update_User_Privilege_Via_Redfish_And_Verify_Using_IPMI
72
73    # Create user using Redfish with admin privilege.
74    ${random_username}=  Generate Random String  8  [LETTERS]
75    Set Test Variable  ${random_username}
76
77    ${payload}=  Create Dictionary
78    ...  UserName=${random_username}  Password=${valid_password}
79    ...  RoleId=Administrator  Enabled=${True}
80    Redfish.Post  /redfish/v1/AccountService/Accounts  body=&{payload}
81    ...  valid_status_codes=[${HTTP_CREATED}]
82
83    # Update user privilege to operator using Redfish.
84    ${payload}=  Create Dictionary  RoleId=Operator
85    Redfish.Patch  /redfish/v1/AccountService/Accounts/${random_username}  body=&{payload}
86
87    # Verify new user privilege level via IPMI.
88    ${resp}=  Run IPMI Standard Command  user list ${CHANNEL_NUMBER}
89
90    # Example of response data:
91    # ID  Name             Callin  Link Auth  IPMI Msg   Channel Priv Limit
92    # 1   root             false   true       true       ADMINISTRATOR
93    # 2   OAvCxjMv         false   true       true       OPERATOR
94    # 3                    true    false      false      NO ACCESS
95    # ..
96    # ..
97    # 15                   true    false      false      NO ACCESS
98
99    ${user_info}=
100    ...  Get Lines Containing String  ${resp}  ${random_username}
101    Should Contain  ${user_info}  OPERATOR
102
103
104Delete User Via Redfish And Verify Using IPMI
105    [Documentation]  Delete user via redfish and verify using IPMI.
106    [Tags]  Delete_User_Via_Redfish_And_Verify_Using_IPMI
107
108    # Create user using Redfish.
109    ${random_username}=  Generate Random String  8  [LETTERS]
110    Set Test Variable  ${random_username}
111
112    ${payload}=  Create Dictionary
113    ...  UserName=${random_username}  Password=${valid_password}
114    ...  RoleId=Administrator  Enabled=${True}
115    Redfish.Post  /redfish/v1/AccountService/Accounts  body=&{payload}
116    ...  valid_status_codes=[${HTTP_CREATED}]
117
118    # Delete user using Redfish.
119    Redfish.Delete  /redfish/v1/AccountService/Accounts/${random_username}
120
121    # Verify that IPMI command fails with deleted user.
122    Run Keyword And Expect Error  *Error: Unable to establish IPMI*
123    ...  Verify IPMI Username And Password  ${random_username}  ${valid_password}
124
125
126Create IPMI User And Verify Login Via Redfish
127    [Documentation]  Create user using IPMI and verify user login via Redfish.
128    [Tags]  Create_IPMI_User_And_Verify_Login_Via_Redfish
129
130    ${username}  ${userid}=  IPMI Create Random User Plus Password And Privilege
131    ...  ${valid_password}  ${admin_level_priv}
132
133    Redfish.Logout
134
135    # Verify user login using Redfish.
136    Redfish.Login  ${username}  ${valid_password}
137    Redfish.Logout
138
139    Redfish.Login
140
141
142Update User Password Via IPMI And Verify Using Redfish
143    [Documentation]  Update user password using IPMI and verify user
144    ...  login via Redfish.
145    [Tags]  Update_User_Password_Via_IPMI_And_Verify_Using_Redfish
146
147    ${username}  ${userid}=  IPMI Create Random User Plus Password And Privilege
148    ...  ${valid_password}  ${admin_level_priv}
149
150    # Update user password using IPMI.
151    Run IPMI Standard Command
152    ...  user set password ${userid} ${valid_password2}
153
154    Redfish.Logout
155
156    # Verify that user login works with new password using Redfish.
157    Redfish.Login  ${username}  ${valid_password2}
158    Redfish.Logout
159
160    Redfish.Login
161
162
163Update User Privilege Via IPMI And Verify Using Redfish
164    [Documentation]  Update user privilege via IPMI and verify using Redfish.
165    [Tags]  Update_User_Privilege_Via_IPMI_And_Verify_Using_Redfish
166
167    # Create user using IPMI with admin privilege.
168    ${username}  ${userid}=  IPMI Create Random User Plus Password And Privilege
169    ...  ${valid_password}  ${admin_level_priv}
170
171    # Change user privilege to opetrator using IPMI.
172    Run IPMI Standard Command
173    ...  user priv ${userid} ${operator_level_priv} ${CHANNEL_NUMBER}
174
175    # Verify new user privilege level via Redfish.
176    ${privilege}=  Redfish_Utils.Get Attribute
177    ...  /redfish/v1/AccountService/Accounts/${username}  RoleId
178    Should Be Equal  ${privilege}  Operator
179
180
181Delete User Via IPMI And Verify Using Redfish
182    [Documentation]  Delete user using IPMI and verify error while doing
183    ...  user login with deleted user via Redfish.
184    [Tags]  Delete_User_Via_IPMI_And_Verify_Using_Redfish
185
186    ${username}  ${userid}=  IPMI Create Random User Plus Password And Privilege
187    ...  ${valid_password}  ${admin_level_priv}
188
189    # Delete IPMI User.
190    Run IPMI Standard Command  user set name ${userid} ""
191
192    # Verify that Redfish login fails with deleted user.
193    Run Keyword And Expect Error  *InvalidCredentialsError*
194    ...  Redfish.Login  ${username}  ${valid_password}
195
196
197Verify Failure To Exceed Max Number Of Users
198    [Documentation]  Verify failure attempting to exceed the max number of user accounts.
199    [Tags]  Verify_Failure_To_Exceed_Max_Number_Of_Users
200
201    # Get existing user count.
202    ${resp}=  Redfish.Get  /redfish/v1/AccountService/Accounts/
203    ${current_user_count}=  Get From Dictionary  ${resp.dict}  Members@odata.count
204
205    ${payload}=  Create Dictionary  Password=${valid_password}
206    ...  RoleId=Administrator  Enabled=${True}
207
208    @{username_list}=  Create List
209
210    # Create users to reach maximum users count (i.e. 15 users).
211    FOR  ${INDEX}  IN RANGE  ${current_user_count}  ${max_num_users}
212      ${random_username}=  Generate Random String  8  [LETTERS]
213      Set To Dictionary  ${payload}  UserName  ${random_username}
214      Redfish.Post  ${REDFISH_ACCOUNTS_URI}  body=&{payload}
215      ...  valid_status_codes=[${HTTP_CREATED}]
216      Append To List  ${username_list}  /redfish/v1/AccountService/Accounts/${random_username}
217    END
218
219    # Verify error while creating 16th user.
220    ${random_username}=  Generate Random String  8  [LETTERS]
221    Set To Dictionary  ${payload}  UserName  ${random_username}
222    Redfish.Post  ${REDFISH_ACCOUNTS_URI}  body=&{payload}
223    ...  valid_status_codes=[${HTTP_BAD_REQUEST}]
224
225    FOR  ${saved_user_list}  IN  @{username_list}
226      Redfish.Delete  ${saved_user_list}
227    END
228
229
230Create IPMI User Without Any Privilege And Verify Via Redfish
231    [Documentation]  Create user using IPMI without privilege and verify via redfish.
232    [Tags]  Create_IPMI_User_Without_Any_Privilege_And_Verify_Via_Redfish
233
234    ${username}  ${userid}=  IPMI Create Random User Plus Password And Privilege
235    ...  ${valid_password}
236
237    # Verify new user privilege level via Redfish.
238    ${privilege}=  Redfish_Utils.Get Attribute
239    ...  /redfish/v1/AccountService/Accounts/${username}  RoleId
240    Valid Value  privilege  ['NoAccess']
241
242*** Keywords ***
243
244IPMI Create Random User Plus Password And Privilege
245    [Documentation]  Create random IPMI user with given password and privilege
246    ...  level.
247    [Arguments]  ${password}  ${privilege}=0
248
249    # Description of argument(s):
250    # password      Password to be assigned for the user.
251    # privilege     Privilege level for the user (e.g. "1", "2", "3", etc.).
252
253    # Create IPMI user.
254    ${random_username}=  Generate Random String  8  [LETTERS]
255    Set Suite Variable  ${random_username}
256
257    ${random_userid}=  Find Free User Id
258    IPMI Create User  ${random_userid}  ${random_username}
259
260    # Set given password for newly created user.
261    Run IPMI Standard Command
262    ...  user set password ${random_userid} ${password}
263
264    # Enable IPMI user.
265    Run IPMI Standard Command  user enable ${random_userid}
266
267    # Set given privilege and enable IPMI messaging for newly created user.
268    Run Keyword If  '${privilege}' != '0'
269    ...  Set Channel Access  ${random_userid}  ipmi=on privilege=${privilege}
270
271    [Return]  ${random_username}  ${random_userid}
272
273
274Test Setup Execution
275    [Documentation]  Do test case setup tasks.
276
277    Redfish.Login
278
279
280Test Teardown Execution
281    [Documentation]  Do the post test teardown.
282
283    FFDC On Test Case Fail
284    # Delete the test user.
285    Run Keyword And Ignore Error
286    ...  Redfish.Delete  /redfish/v1/AccountService/Accounts/${random_username}
287
288    Redfish.Logout
289
290
291Find Free User Id
292    [Documentation]  Find a userid that is not being used.
293    FOR    ${jj}    IN RANGE    300
294        ${random_userid}=  Evaluate  random.randint(1, ${max_num_users})  modules=random
295        ${access}=  Run IPMI Standard Command  channel getaccess 1 ${random_userid}
296
297        ${name_line}=  Get Lines Containing String  ${access}  User Name
298        Log To Console  For ID ${random_userid}: ${name_line}
299        ${is_empty}=  Run Keyword And Return Status
300        ...  Should Match Regexp  ${name_line}  ${empty_name_pattern}
301
302        Exit For Loop If  ${is_empty} == ${True}
303    END
304    Run Keyword If  '${jj}' == '299'  Fail  msg=A free user ID could not be found.
305    [Return]  ${random_userid}
306