Added testcases for testing IPMI user privilege
Test cases added:
- Test IPMI user privilege level.
- Test IPMI operator privilege level.
- Test IPMI administrator privilege level.
- Test IPMI no Access privilege level.
Change-Id: Idc4d1ba3b0fcf6085a48b6ab5e1d909499fdbc76
Signed-off-by: Rahul Maheshwari <rahulmaheshwari@in.ibm.com>
diff --git a/ipmi/test_ipmi_user.robot b/ipmi/test_ipmi_user.robot
index d25cd50..aa9dc30 100644
--- a/ipmi/test_ipmi_user.robot
+++ b/ipmi/test_ipmi_user.robot
@@ -14,7 +14,10 @@
${invalid_password} abc123
${root_userid} 1
${operator_level_priv} 0x3
+${user_priv} 2
+${operator_priv} 3
${admin_level_priv} 4
+${no_access_priv} 15
${valid_password} 0penBmc1
${max_password_length} 20
${ipmi_setaccess_cmd} channel setaccess
@@ -197,6 +200,43 @@
Should Be Equal ${user_info['user_name']} ${EMPTY}
+Test IPMI User Privilege Level
+ [Documentation] Verify IPMI user with user privilege can only run user level commands.
+ [Tags] Test_IPMI_User_Privilege_Level
+ [Template] Test IPMI User Privilege
+
+ #Privilege level User Cmd Status Operator Cmd Status Admin Cmd Status
+ ${user_priv} Passed Failed Failed
+
+
+Test IPMI Operator Privilege Level
+ [Documentation] Verify IPMI user with operator privilege can only run user and operator levels commands.
+ ... level is set to operator.
+ [Tags] Test_IPMI_Operator_Privilege_Level
+ [Template] Test IPMI User Privilege
+
+ #Privilege level User Cmd Status Operator Cmd Status Admin Cmd Status
+ ${operator_priv} Passed Passed Failed
+
+
+Test IPMI Administrator Privilege Level
+ [Documentation] Verify IPMI user with admin privilege can run all levels command.
+ [Tags] Test_IPMI_Administrator_Privilege_Level
+ [Template] Test IPMI User Privilege
+
+ #Privilege level User Cmd Status Operator Cmd Status Admin Cmd Status
+ ${admin_level_priv} Passed Passed Passed
+
+
+Test IPMI No Access Privilege Level
+ [Documentation] Verify IPMI user with no access privilege can not run only any level command.
+ [Tags] Test_IPMI_No_Access_Privilege_Level
+ [Template] Test IPMI User Privilege
+
+ #Privilege level User Cmd Status Operator Cmd Status Admin Cmd Status
+ ${no_access_priv} Failed Failed Failed
+
+
Enable IPMI User And Verify
[Documentation] Enable IPMI user and verify that the user is able
... to run IPMI command.
@@ -276,6 +316,55 @@
Verify IPMI Username And Password root ${OPENBMC_PASSWORD}
+Test IPMI User Privilege
+ [Documentation] Test IPMI user privilege by executing IPMI command with different privileges.
+ [Arguments] ${privilege_level} ${user_cmd_status} ${operator_cmd_status} ${admin_cmd_status}
+
+ # Description of argument(s):
+ # privilege_level Privilege level of IPMI user (e.g. 4, 3).
+ # user_cmd_status Expected status of IPMI command run with the "User"
+ # privilege (i.e. "Passed" or "Failed").
+ # operator_cmd_status Expected status of IPMI command run with the "Operator"
+ # privilege (i.e. "Passed" or "Failed").
+ # admin_cmd_status Expected status of IPMI command run with the "Administrator"
+ # privilege (i.e. "Passed" or "Failed").
+
+ # Create IPMI user and set valid password.
+ ${random_username}= Generate Random String 8 [LETTERS]
+ ${random_userid}= Evaluate random.randint(2, 15) modules=random
+ IPMI Create User ${random_userid} ${random_username}
+ Run IPMI Standard Command
+ ... user set password ${random_userid} ${valid_password}
+
+ # Set privilege and enable IPMI messaging for newly created user.
+ Set Channel Access ${random_userid} ipmi=on privilege=${privilege_level}
+
+ # Enable IPMI user and verify.
+ Run IPMI Standard Command user enable ${random_userid}
+ ${user_info}= Get User Info ${random_userid}
+ Should Be Equal ${user_info['enable_status']} enabled
+
+ Verify IPMI Command ${random_username} ${valid_password} User ${user_cmd_status}
+ Verify IPMI Command ${random_username} ${valid_password} Operator ${operator_cmd_status}
+ Verify IPMI Command ${random_username} ${valid_password} Administrator ${admin_cmd_status}
+
+
+Verify IPMI Command
+ [Documentation] Verify IPMI command execution with given username,
+ ... password, privilege and expected status.
+ [Arguments] ${username} ${password} ${privilege} ${expected_status}
+ # Description of argument(s):
+ # username The user name (e.g. "root", "robert", etc.).
+ # password The user password (e.g. "0penBmc", "0penBmc1", etc.).
+ # privilege The session privilge for IPMI command (e.g. "User", "Operator", etc.).
+ # expected_status Expected status of IPMI command run with the user
+ # of above password and privilege (i.e. "Passed" or "Failed").
+
+ ${expected_rc}= Set Variable If '${expected_status}' == 'Passed' ${0} ${1}
+ Run IPMI Standard Command sel info expected_rc=${expected_rc} U=${username} P=${password}
+ ... L=${privilege}
+
+
Delete All Non Root IPMI User
[Documentation] Delete all non-root IPMI user.