blob: cbf71da44d67740873a234c622a1c58bf8323d0e [file] [log] [blame]
*** Settings ***
Documentation Test suite for OpenBMC IPMI user management.
Resource ../lib/ipmi_client.robot
Resource ../lib/openbmc_ffdc.robot
Library ../lib/ipmi_utils.py
Test Teardown Test Teardown Execution
*** Variables ***
${invalid_username} user%
${invalid_password} abc123
${root_userid} 1
${operator_level_priv} 0x3
${user_priv} 2
${operator_priv} 3
${admin_level_priv} 4
${no_access_priv} 15
${valid_password} 0penBmc1
${max_password_length} 20
${ipmi_setaccess_cmd} channel setaccess
*** Test Cases ***
Verify IPMI User Summary
[Documentation] Verify IPMI maximum supported IPMI user ID and
... enabled user form user summary
[Tags] Verify_IPMI_User_Summary
# Delete all non-root IPMI (i.e. except userid 1)
Delete All Non Root IPMI User
# Create a valid user and enable it.
${random_username}= Generate Random String 8 [LETTERS]
${random_userid}= Evaluate random.randint(2, 15) modules=random
IPMI Create User ${random_userid} ${random_username}
Run IPMI Standard Command user enable ${random_userid}
# Verify maximum user count IPMI local user can have. Also verify
# currently enabled users.
${resp}= Wait Until Keyword Succeeds 15 sec 5 sec Run IPMI Standard Command user summary
${enabled_user_count}=
... Get Lines Containing String ${resp} Enabled User Count
${maximum_ids}= Get Lines Containing String ${resp} Maximum IDs
Should Contain ${enabled_user_count} 2
Should Contain ${maximum_ids} 15
Verify IPMI User Creation With Valid Name And ID
[Documentation] Create user via IPMI and verify.
[Tags] Test_IPMI_User_Creation_With_Valid_Name_And_ID
${random_username}= Generate Random String 8 [LETTERS]
${random_userid}= Evaluate random.randint(2, 15) modules=random
IPMI Create User ${random_userid} ${random_username}
Verify IPMI User Creation With Invalid Name
[Documentation] Verify error while creating IPMI user with invalid
... name(e.g. user name with special characters).
[Tags] Verify_IPMI_User_Creation_With_Invalid_Name
${random_userid}= Evaluate random.randint(2, 15) modules=random
${msg}= Run Keyword And Expect Error * Run IPMI Standard Command
... user set name ${random_userid} ${invalid_username}
Should Contain ${msg} Invalid data
Verify IPMI User Creation With Invalid ID
[Documentation] Verify error while creating IPMI user with invalid
... ID(i.e. any number greater than 15 or 0).
[Tags] Verify_IPMI_User_Creation_With_Invalid_ID
@{id_list}= Create List
${random_invalid_id}= Evaluate random.randint(16, 1000) modules=random
Append To List ${id_list} ${random_invalid_id}
Append To List ${id_list} 0
FOR ${id} IN @{id_list}
${msg}= Run Keyword And Expect Error * Run IPMI Standard Command
... user set name ${id} newuser
Should Contain ${msg} User ID is limited to range
END
Verify Setting IPMI User With Invalid Password
[Documentation] Verify error while setting IPMI user with invalid
... password.
[Tags] Verify_Setting_IPMI_User_With_Invalid_Password
# Create IPMI user.
${random_username}= Generate Random String 8 [LETTERS]
${random_userid}= Evaluate random.randint(2, 15) modules=random
IPMI Create User ${random_userid} ${random_username}
# Set invalid password for newly created user.
${msg}= Run Keyword And Expect Error * Run IPMI Standard Command
... user set password ${random_userid} ${invalid_password}
Should Contain ${msg} Set User Password command failed
Verify Setting IPMI Root User With New Name
[Documentation] Verify error while setting IPMI root user with new
... name.
[Tags] Verify_Setting_IPMI_Root_User_With_New_Name
# Set invalid password for newly created user.
${msg}= Run Keyword And Expect Error * Run IPMI Standard Command
... user set name ${root_userid} abcd
Should Contain ${msg} Set User Name command failed
Verify IPMI User Password Via Test Command
[Documentation] Verify IPMI user password using test command.
[Tags] Verify_IPMI_User_Password_Via_Test_Command
# Create IPMI user.
${random_username}= Generate Random String 8 [LETTERS]
${random_userid}= Evaluate random.randint(2, 15) modules=random
IPMI Create User ${random_userid} ${random_username}
# Set valid password for newly created user.
Run IPMI Standard Command
... user set password ${random_userid} ${valid_password}
# Verify newly set password using test command.
${msg}= Run IPMI Standard Command
... user test ${random_userid} ${max_password_length} ${valid_password}
Should Contain ${msg} Success
Verify Setting Valid Password For IPMI User
[Documentation] Set valid password for IPMI user and verify.
[Tags] Verify_Setting_Valid_Password_For_IPMI_User
# Create IPMI user.
${random_username}= Generate Random String 8 [LETTERS]
${random_userid}= Evaluate random.randint(2, 15) modules=random
IPMI Create User ${random_userid} ${random_username}
# Set valid password for newly created user.
Run IPMI Standard Command
... user set password ${random_userid} ${valid_password}
# Enable IPMI user
Run IPMI Standard Command user enable ${random_userid}
# Set admin privilege and enable IPMI messaging for newly created user
Set Channel Access ${random_userid} ipmi=on privilege=${admin_level_priv}
Verify IPMI Username And Password ${random_username} ${valid_password}
Verify IPMI User Creation With Same Name
[Documentation] Verify error while creating two IPMI user with same name.
[Tags] Verify_IPMI_User_Creation_With_Same_Name
${random_username}= Generate Random String 8 [LETTERS]
IPMI Create User 2 ${random_username}
# Set same username for another IPMI user.
${msg}= Run Keyword And Expect Error * Run IPMI Standard Command
... user set name 3 ${random_username}
Should Contain ${msg} Invalid data field in request
Verify Setting IPMI User With Null Password
[Documentation] Verify error while setting IPMI user with null
... password.
[Tags] Verify_Setting_IPMI_User_With_Null_Password
# Create IPMI user.
${random_username}= Generate Random String 8 [LETTERS]
${random_userid}= Evaluate random.randint(2, 15) modules=random
IPMI Create User ${random_userid} ${random_username}
# Set null password for newly created user.
${msg}= Run Keyword And Expect Error * Run IPMI Standard Command
... user set password ${random_userid} ""
Should Contain ${msg} Invalid data field in request
Verify IPMI User Deletion
[Documentation] Delete user via IPMI and verify.
[Tags] Verify_IPMI_User_Deletion
${random_username}= Generate Random String 8 [LETTERS]
${random_userid}= Evaluate random.randint(2, 15) modules=random
IPMI Create User ${random_userid} ${random_username}
# Delete IPMI User and verify
Run IPMI Standard Command user set name ${random_userid} ""
${user_info}= Get User Info ${random_userid}
Should Be Equal ${user_info['user_name']} ${EMPTY}
Test IPMI User Privilege Level
[Documentation] Verify IPMI user with user privilege can only run user level commands.
[Tags] Test_IPMI_User_Privilege_Level
[Template] Test IPMI User Privilege
#Privilege level User Cmd Status Operator Cmd Status Admin Cmd Status
${user_priv} Passed Failed Failed
Test IPMI Operator Privilege Level
[Documentation] Verify IPMI user with operator privilege can only run user and operator levels commands.
... level is set to operator.
[Tags] Test_IPMI_Operator_Privilege_Level
[Template] Test IPMI User Privilege
#Privilege level User Cmd Status Operator Cmd Status Admin Cmd Status
${operator_priv} Passed Passed Failed
Test IPMI Administrator Privilege Level
[Documentation] Verify IPMI user with admin privilege can run all levels command.
[Tags] Test_IPMI_Administrator_Privilege_Level
[Template] Test IPMI User Privilege
#Privilege level User Cmd Status Operator Cmd Status Admin Cmd Status
${admin_level_priv} Passed Passed Passed
Test IPMI No Access Privilege Level
[Documentation] Verify IPMI user with no access privilege can not run only any level command.
[Tags] Test_IPMI_No_Access_Privilege_Level
[Template] Test IPMI User Privilege
#Privilege level User Cmd Status Operator Cmd Status Admin Cmd Status
${no_access_priv} Failed Failed Failed
Enable IPMI User And Verify
[Documentation] Enable IPMI user and verify that the user is able
... to run IPMI command.
[Tags] Enable_IPMI_User_And_Verify
# Create IPMI user and set valid password.
${random_username}= Generate Random String 8 [LETTERS]
${random_userid}= Evaluate random.randint(2, 15) modules=random
IPMI Create User ${random_userid} ${random_username}
Run IPMI Standard Command
... user set password ${random_userid} ${valid_password}
# Set admin privilege and enable IPMI messaging for newly created user.
Set Channel Access ${random_userid} ipmi=on privilege=${admin_level_priv}
# Enable IPMI user and verify.
Run IPMI Standard Command user enable ${random_userid}
${user_info}= Get User Info ${random_userid}
Should Be Equal ${user_info['enable_status']} enabled
# Verify that enabled IPMI user is able to run IPMI command.
Verify IPMI Username And Password ${random_username} ${valid_password}
Disable IPMI User And Verify
[Documentation] Disable IPMI user and verify that that the user
... is unable to run IPMI command.
[Tags] Disable_IPMI_User_And_Verify
# Create IPMI user and set valid password.
${random_username}= Generate Random String 8 [LETTERS]
${random_userid}= Evaluate random.randint(2, 15) modules=random
IPMI Create User ${random_userid} ${random_username}
Run IPMI Standard Command
... user set password ${random_userid} ${valid_password}
# Set admin privilege and enable IPMI messaging for newly created user.
Set Channel Access ${random_userid} ipmi=on privilege=${admin_level_priv}
# Disable IPMI user and verify.
Run IPMI Standard Command user disable ${random_userid}
${user_info}= Get User Info ${random_userid}
Should Be Equal ${user_info['enable_status']} disabled
# Verify that disabled IPMI user is unable to run IPMI command.
${msg}= Run Keyword And Expect Error * Verify IPMI Username And Password
... ${random_username} ${valid_password}
Should Contain ${msg} Unable to establish IPMI
Verify IPMI Root User Password Change
[Documentation] Change IPMI root user password and verify that
... root user is able to run IPMI command.
[Tags] Verify_IPMI_Root_User_Password_Change
[Teardown] Wait Until Keyword Succeeds 15 sec 5 sec
... Set Default Password For IPMI Root User
# Set new password for root user.
Run IPMI Standard Command
... user set password ${root_userid} ${valid_password}
# Verify that root user is able to run IPMI command using new password.
Verify IPMI Username And Password root ${valid_password}
Verify Administrator And No Access Privilege For Different Channels
[Documentation] Set administrator and no access privilege for different channels and verify.
[Tags] Verify_Administrator_And_No_Access_Privilege_For_Different_Channels
# Create IPMI user and set valid password.
${random_username}= Generate Random String 8 [LETTERS]
${random_userid}= Evaluate random.randint(2, 15) modules=random
IPMI Create User ${random_userid} ${random_username}
Run IPMI Standard Command
... user set password ${random_userid} ${valid_password}
# Set admin privilege for newly created user with channel 1.
Set Channel Access ${random_userid} ipmi=on privilege=${admin_level_priv} 1
# Set no access privilege for newly created user with channel 2.
Set Channel Access ${random_userid} ipmi=on privilege=${no_access_priv} 2
# Enable IPMI user and verify.
Run IPMI Standard Command user enable ${random_userid}
${user_info}= Get User Info ${random_userid}
Should Be Equal ${user_info['enable_status']} enabled
# Verify that user is able to run administrator level IPMI command with channel 1.
Verify IPMI Command ${random_username} ${valid_password} Administrator 1
# Verify that user is unable to run IPMI command with channel 2.
Run IPMI Standard Command sel info 2 expected_rc=${1} U=${random_username} P=${valid_password}
Verify Operator And User Privilege For Different Channels
[Documentation] Set operator and user privilege for different channels and verify.
[Tags] Verify_Operator_And_User_Privilege_For_Different_Channels
# Create IPMI user and set valid password.
${random_username}= Generate Random String 8 [LETTERS]
${random_userid}= Evaluate random.randint(2, 15) modules=random
IPMI Create User ${random_userid} ${random_username}
Run IPMI Standard Command
... user set password ${random_userid} ${valid_password}
# Set operator privilege for newly created user with channel 1.
Set Channel Access ${random_userid} ipmi=on privilege=${operator_priv} 1
# Set user privilege for newly created user with channel 2.
Set Channel Access ${random_userid} ipmi=on privilege=${user_priv} 2
# Enable IPMI user and verify.
Run IPMI Standard Command user enable ${random_userid}
${user_info}= Get User Info ${random_userid}
Should Be Equal ${user_info['enable_status']} enabled
# Verify that user is able to run operator level IPMI command with channel 1.
Verify IPMI Command ${random_username} ${valid_password} Operator 1
# Verify that user is able to run user level IPMI command with channel 2.
Verify IPMI Command ${random_username} ${valid_password} User 2
*** Keywords ***
Set Default Password For IPMI Root User
[Documentation] Set default password for IPMI root user (i.e. 0penBmc).
# Set default password for root user.
${result}= Run External IPMI Standard Command
... user set password ${root_userid} ${OPENBMC_PASSWORD}
... P=${valid_password}
Should Contain ${result} Set User Password command successful
# Verify that root user is able to run IPMI command using default password.
Verify IPMI Username And Password root ${OPENBMC_PASSWORD}
Test IPMI User Privilege
[Documentation] Test IPMI user privilege by executing IPMI command with different privileges.
[Arguments] ${privilege_level} ${user_cmd_status} ${operator_cmd_status} ${admin_cmd_status}
# Description of argument(s):
# privilege_level Privilege level of IPMI user (e.g. 4, 3).
# user_cmd_status Expected status of IPMI command run with the "User"
# privilege (i.e. "Passed" or "Failed").
# operator_cmd_status Expected status of IPMI command run with the "Operator"
# privilege (i.e. "Passed" or "Failed").
# admin_cmd_status Expected status of IPMI command run with the "Administrator"
# privilege (i.e. "Passed" or "Failed").
# Create IPMI user and set valid password.
${random_username}= Generate Random String 8 [LETTERS]
${random_userid}= Evaluate random.randint(2, 15) modules=random
IPMI Create User ${random_userid} ${random_username}
Run IPMI Standard Command
... user set password ${random_userid} ${valid_password}
# Set privilege and enable IPMI messaging for newly created user.
Set Channel Access ${random_userid} ipmi=on privilege=${privilege_level}
# Enable IPMI user and verify.
Run IPMI Standard Command user enable ${random_userid}
${user_info}= Get User Info ${random_userid}
Should Be Equal ${user_info['enable_status']} enabled
Verify IPMI Command ${random_username} ${valid_password} User
... expected_status=${user_cmd_status}
Verify IPMI Command ${random_username} ${valid_password} Operator
... expected_status=${operator_cmd_status}
Verify IPMI Command ${random_username} ${valid_password} Administrator
... expected_status=${admin_cmd_status}
Verify IPMI Command
[Documentation] Verify IPMI command execution with given username,
... password, privilege and expected status.
[Arguments] ${username} ${password} ${privilege} ${channel}=${1} ${expected_status}=Passed
# Description of argument(s):
# username The user name (e.g. "root", "robert", etc.).
# password The user password (e.g. "0penBmc", "0penBmc1", etc.).
# privilege The session privilge for IPMI command (e.g. "User", "Operator", etc.).
# channel The user channel number (e.g. "1" or "2").
# expected_status Expected status of IPMI command run with the user
# of above password and privilege (i.e. "Passed" or "Failed").
${expected_rc}= Set Variable If '${expected_status}' == 'Passed' ${0} ${1}
Run IPMI Standard Command sel info ${channel} expected_rc=${expected_rc} U=${username} P=${password}
... L=${privilege}
Test Teardown Execution
[Documentation] Do the test teardown execution.
FFDC On Test Case Fail
Delete All Non Root IPMI User