Porting IPMI restriction mode test
Resolves openbmc/openbmc-test-automation#1803
Change-Id: I964166fec596292fee1fb82364ff6871dcdd19a7
Signed-off-by: George Keishing <gkeishin@in.ibm.com>
diff --git a/tests/ipmi/test_general_ipmi.robot b/tests/ipmi/test_general_ipmi.robot
index 5fa5fec..f8ce15d 100755
--- a/tests/ipmi/test_general_ipmi.robot
+++ b/tests/ipmi/test_general_ipmi.robot
@@ -684,6 +684,41 @@
... msg=IPMI channel ${channel_number} is invalid but seen working.
+Test IPMI Restriction Mode
+ [Documentation] Set restricition mode via REST and verify IPMI operation.
+ [Tags] Test_IPMI_Restriction_Mode
+ # Forego normal test setup:
+ [Setup] No Operation
+ [Teardown] Run Keywords FFDC On Test Case Fail AND
+ ... Set IPMI Restriction Mode xyz.openbmc_project.Control.Security.RestrictionMode.Modes.None
+
+ # By default no IPMI operations are restricted.
+ # /xyz/openbmc_project/control/host0/restriction_mode/attr/RestrictionMode
+ # {
+ # "data": "xyz.openbmc_project.Control.Security.RestrictionMode.Modes.None",
+ # "message": "200 OK",
+ # "status": "ok"
+ # }
+
+ # Refer to: #openbmc/phosphor-host-ipmid/blob/master/host-ipmid-whitelist.conf
+ # Set the restriction mode to Whitelist IPMI commands only:
+ # /xyz/openbmc_project/control/host0/restriction_mode/attr/RestrictionMode
+ # {
+ # "data": "xyz.openbmc_project.Control.Security.RestrictionMode.Modes.Whitelist",
+ # "message": "200 OK",
+ # "status": "ok"
+ # }
+
+ Set IPMI Restriction Mode xyz.openbmc_project.Control.Security.RestrictionMode.Modes.Whitelist
+
+ # Attempt white-listed operation expecting success.
+ IPMI Power On
+
+ # Attempt non white-listed operation expecting failure.
+ Run Keyword And Expect Error *Insufficient privilege level*
+ ... Run Inband IPMI Standard Command mc reset cold
+
+
*** Keywords ***
Get Sensor Count
@@ -895,3 +930,15 @@
[Return] ${physical_interface_count}
+
+Set IPMI Restriction Mode
+ [Documentation] Set the IPMI restriction mode.
+ [Arguments] ${restriction_mode}
+
+ # Description of argument(s):
+ # restriction_mode IPMI valid restriction modes.
+
+ ${valueDict}= Create Dictionary data=${restriction_mode}
+
+ Write Attribute ${CONTROL_HOST_URI}restriction_mode/
+ ... RestrictionMode data=${valueDict}