commit e85113afcbe2182405fd3a5850558766a87f0e23
author George Keishing <gkeishin@in.ibm.com> Fri Jun 07 08:21:51 2019 -0500
committer George Keishing <gkeishin@in.ibm.com> Wed Jun 19 04:54:33 2019 +0000
tree 83a2f744562bf6d46306ccf5472c99c43eca3eb8
parent f32ee4cb4c24c1a7e61d094936193bcc03aa6f7d

Porting IPMI restriction mode test

Resolves   openbmc/openbmc-test-automation#1803

Change-Id: I964166fec596292fee1fb82364ff6871dcdd19a7
Signed-off-by: George Keishing <gkeishin@in.ibm.com>

tests/ipmi/test_general_ipmi.robot

diff --git a/tests/ipmi/test_general_ipmi.robot b/tests/ipmi/test_general_ipmi.robot
index 5fa5fec..f8ce15d 100755
--- a/tests/ipmi/test_general_ipmi.robot
+++ b/tests/ipmi/test_general_ipmi.robot
@@ -684,6 +684,41 @@
     ...  msg=IPMI channel ${channel_number} is invalid but seen working.
 
 
+Test IPMI Restriction Mode
+    [Documentation]  Set restricition mode via REST and verify IPMI operation.
+    [Tags]  Test_IPMI_Restriction_Mode
+    # Forego normal test setup:
+    [Setup]  No Operation
+    [Teardown]  Run Keywords  FFDC On Test Case Fail  AND
+    ...  Set IPMI Restriction Mode  xyz.openbmc_project.Control.Security.RestrictionMode.Modes.None
+
+    # By default no IPMI operations are restricted.
+    # /xyz/openbmc_project/control/host0/restriction_mode/attr/RestrictionMode
+    # {
+    #    "data": "xyz.openbmc_project.Control.Security.RestrictionMode.Modes.None",
+    #    "message": "200 OK",
+    #    "status": "ok"
+    # }
+
+    # Refer to: #openbmc/phosphor-host-ipmid/blob/master/host-ipmid-whitelist.conf
+    # Set the restriction mode to Whitelist IPMI commands only:
+    # /xyz/openbmc_project/control/host0/restriction_mode/attr/RestrictionMode
+    # {
+    #    "data": "xyz.openbmc_project.Control.Security.RestrictionMode.Modes.Whitelist",
+    #    "message": "200 OK",
+    #    "status": "ok"
+    # }
+
+    Set IPMI Restriction Mode  xyz.openbmc_project.Control.Security.RestrictionMode.Modes.Whitelist
+
+    # Attempt white-listed operation expecting success.
+    IPMI Power On
+
+    # Attempt non white-listed operation expecting failure.
+    Run Keyword And Expect Error  *Insufficient privilege level*
+    ...  Run Inband IPMI Standard Command  mc reset cold
+
+
 *** Keywords ***
 
 Get Sensor Count
@@ -895,3 +930,15 @@
 
     [Return]  ${physical_interface_count}
 
+
+Set IPMI Restriction Mode
+    [Documentation]  Set the IPMI restriction mode.
+    [Arguments]  ${restriction_mode}
+
+    # Description of argument(s):
+    # restriction_mode   IPMI valid restriction modes.
+
+    ${valueDict}=  Create Dictionary  data=${restriction_mode}
+
+    Write Attribute  ${CONTROL_HOST_URI}restriction_mode/
+    ...  RestrictionMode  data=${valueDict}