Test IPMI restriction mode whitelist
Changes:
- Add test case to test restriction mode.
- Set the restriction mode via REST.
- Issue out of band IPMI power on and expect to boot to host.
- Issue inband IPMI BMC reset and it should error out.
Change-Id: I1c7b1e11dfaae9f880303dba5506e4b8cb64b164
Signed-off-by: George Keishing <gkeishin@in.ibm.com>
diff --git a/tests/ipmi/test_general_ipmi.robot b/tests/ipmi/test_general_ipmi.robot
index 8c13a1b..7cdd81b 100755
--- a/tests/ipmi/test_general_ipmi.robot
+++ b/tests/ipmi/test_general_ipmi.robot
@@ -681,6 +681,42 @@
... msg=IPMI channel ${channel_number} is invalid but seen working.
+Test IPMI Restriction Mode
+ [Documentation] Set restricition mode via REST and verify IPMI operation.
+ [Tags] Test_IPMI_Restriction_Mode
+ # Forego normal test setup:
+ [Setup] No Operation
+
+ # By default no IPMI operations are restricted.
+ # /xyz/openbmc_project/control/host0/restriction_mode/attr/RestrictionMode
+ # {
+ # "data": "xyz.openbmc_project.Control.Security.RestrictionMode.Modes.None",
+ # "message": "200 OK",
+ # "status": "ok"
+ # }
+
+ # Refer to: #openbmc/phosphor-host-ipmid/blob/master/host-ipmid-whitelist.conf
+ # Set the restriction mode to Whitelist IPMI commands only:
+ # /xyz/openbmc_project/control/host0/restriction_mode/attr/RestrictionMode
+ # {
+ # "data": "xyz.openbmc_project.Control.Security.RestrictionMode.Modes.Whitelist",
+ # "message": "200 OK",
+ # "status": "ok"
+ # }
+
+ ${valueDict}= Create Dictionary
+ ... data=xyz.openbmc_project.Control.Security.RestrictionMode.Modes.Whitelist
+ Write Attribute ${CONTROL_HOST_URI}restriction_mode/
+ ... RestrictionMode data=${valueDict}
+
+ # Attempt white-listed operation expecting success.
+ IPMI Power On
+
+ # Attempt non white-listed operation expecting failure.
+ Run Keyword And Expect Error *Insufficient privilege level*
+ ... Run Inband IPMI Standard Command mc reset warm
+
+
*** Keywords ***
Get Sensor Count