blob: 2e70eb3ad9533d3932f5ce7dc8256dbc671cb82b [file] [log] [blame]
Rahul Maheshwariddfc0cb2019-02-07 23:43:19 -06001*** Settings ***
2Documentation Test suite for OpenBMC IPMI user management.
3
4Resource ../lib/ipmi_client.robot
5Resource ../lib/openbmc_ffdc.robot
6Library ../lib/ipmi_utils.py
7
Rahul Maheshwarif646baa2019-02-20 12:29:35 -06008Test Teardown Test Teardown Execution
Rahul Maheshwarie36262f2019-09-26 05:14:06 -05009Suite Teardown Delete All Non Root IPMI User
Rahul Maheshwariddfc0cb2019-02-07 23:43:19 -060010
11*** Variables ***
12
13${invalid_username} user%
14${invalid_password} abc123
15${root_userid} 1
16${operator_level_priv} 0x3
Rahul Maheshwaric05bf562019-03-01 04:02:53 -060017${user_priv} 2
18${operator_priv} 3
Rahul Maheshwarief0a7352019-02-20 11:07:48 -060019${admin_level_priv} 4
Rahul Maheshwaric05bf562019-03-01 04:02:53 -060020${no_access_priv} 15
Rahul Maheshwaric19f8382019-02-20 08:19:22 -060021${valid_password} 0penBmc1
22${max_password_length} 20
Rahul Maheshwarief0a7352019-02-20 11:07:48 -060023${ipmi_setaccess_cmd} channel setaccess
Rahul Maheshwariddfc0cb2019-02-07 23:43:19 -060024
Rahul Maheshwaridd63c742019-02-27 23:03:54 -060025
Rahul Maheshwariddfc0cb2019-02-07 23:43:19 -060026*** Test Cases ***
27
Rahul Maheshwariffc77352019-02-25 09:05:27 -060028Verify IPMI User Summary
29 [Documentation] Verify IPMI maximum supported IPMI user ID and
30 ... enabled user form user summary
31 [Tags] Verify_IPMI_User_Summary
32
33 # Delete all non-root IPMI (i.e. except userid 1)
34 Delete All Non Root IPMI User
35
36 # Create a valid user and enable it.
37 ${random_username}= Generate Random String 8 [LETTERS]
38 ${random_userid}= Evaluate random.randint(2, 15) modules=random
39 IPMI Create User ${random_userid} ${random_username}
40 Run IPMI Standard Command user enable ${random_userid}
41
42 # Verify maximum user count IPMI local user can have. Also verify
43 # currently enabled users.
Rahul Maheshwaric0e91ec2019-08-27 05:43:11 -050044 ${resp}= Wait Until Keyword Succeeds 15 sec 5 sec Run IPMI Standard Command user summary
Rahul Maheshwariffc77352019-02-25 09:05:27 -060045 ${enabled_user_count}=
46 ... Get Lines Containing String ${resp} Enabled User Count
47 ${maximum_ids}= Get Lines Containing String ${resp} Maximum IDs
48 Should Contain ${enabled_user_count} 2
49 Should Contain ${maximum_ids} 15
50
51
Rahul Maheshwariddfc0cb2019-02-07 23:43:19 -060052Verify IPMI User Creation With Valid Name And ID
53 [Documentation] Create user via IPMI and verify.
54 [Tags] Test_IPMI_User_Creation_With_Valid_Name_And_ID
55
56 ${random_username}= Generate Random String 8 [LETTERS]
Rahul Maheshwari976a1702019-02-21 01:47:58 -060057 ${random_userid}= Evaluate random.randint(2, 15) modules=random
Rahul Maheshwariddfc0cb2019-02-07 23:43:19 -060058 IPMI Create User ${random_userid} ${random_username}
59
60
61Verify IPMI User Creation With Invalid Name
62 [Documentation] Verify error while creating IPMI user with invalid
George Keishingc2a6f092019-02-20 12:26:54 -060063 ... name(e.g. user name with special characters).
Rahul Maheshwariddfc0cb2019-02-07 23:43:19 -060064 [Tags] Verify_IPMI_User_Creation_With_Invalid_Name
65
Rahul Maheshwari976a1702019-02-21 01:47:58 -060066 ${random_userid}= Evaluate random.randint(2, 15) modules=random
Rahul Maheshwariddfc0cb2019-02-07 23:43:19 -060067 ${msg}= Run Keyword And Expect Error * Run IPMI Standard Command
68 ... user set name ${random_userid} ${invalid_username}
69 Should Contain ${msg} Invalid data
70
71
72Verify IPMI User Creation With Invalid ID
73 [Documentation] Verify error while creating IPMI user with invalid
74 ... ID(i.e. any number greater than 15 or 0).
75 [Tags] Verify_IPMI_User_Creation_With_Invalid_ID
76
77 @{id_list}= Create List
78 ${random_invalid_id}= Evaluate random.randint(16, 1000) modules=random
79 Append To List ${id_list} ${random_invalid_id}
80 Append To List ${id_list} 0
81
Sushil Singhbe97ffc2019-06-04 06:34:24 -050082 FOR ${id} IN @{id_list}
83 ${msg}= Run Keyword And Expect Error * Run IPMI Standard Command
84 ... user set name ${id} newuser
85 Should Contain ${msg} User ID is limited to range
86 END
Rahul Maheshwariddfc0cb2019-02-07 23:43:19 -060087
88Verify Setting IPMI User With Invalid Password
89 [Documentation] Verify error while setting IPMI user with invalid
90 ... password.
91 [Tags] Verify_Setting_IPMI_User_With_Invalid_Password
92
93 # Create IPMI user.
94 ${random_username}= Generate Random String 8 [LETTERS]
Rahul Maheshwari976a1702019-02-21 01:47:58 -060095 ${random_userid}= Evaluate random.randint(2, 15) modules=random
Rahul Maheshwariddfc0cb2019-02-07 23:43:19 -060096 IPMI Create User ${random_userid} ${random_username}
97
98 # Set invalid password for newly created user.
99 ${msg}= Run Keyword And Expect Error * Run IPMI Standard Command
100 ... user set password ${random_userid} ${invalid_password}
101
Anusha Dathatria54cddc2019-08-07 10:01:16 -0500102 Should Contain ${msg} Set User Password command failed
Rahul Maheshwariddfc0cb2019-02-07 23:43:19 -0600103
104Verify Setting IPMI Root User With New Name
105 [Documentation] Verify error while setting IPMI root user with new
106 ... name.
107 [Tags] Verify_Setting_IPMI_Root_User_With_New_Name
108
109 # Set invalid password for newly created user.
110 ${msg}= Run Keyword And Expect Error * Run IPMI Standard Command
111 ... user set name ${root_userid} abcd
112
113 Should Contain ${msg} Set User Name command failed
114
115
Rahul Maheshwaric19f8382019-02-20 08:19:22 -0600116Verify IPMI User Password Via Test Command
117 [Documentation] Verify IPMI user password using test command.
118 [Tags] Verify_IPMI_User_Password_Via_Test_Command
119
120 # Create IPMI user.
121 ${random_username}= Generate Random String 8 [LETTERS]
122 ${random_userid}= Evaluate random.randint(2, 15) modules=random
123 IPMI Create User ${random_userid} ${random_username}
124
125 # Set valid password for newly created user.
126 Run IPMI Standard Command
127 ... user set password ${random_userid} ${valid_password}
128
129 # Verify newly set password using test command.
130 ${msg}= Run IPMI Standard Command
131 ... user test ${random_userid} ${max_password_length} ${valid_password}
132
133 Should Contain ${msg} Success
134
135
Rahul Maheshwarief0a7352019-02-20 11:07:48 -0600136Verify Setting Valid Password For IPMI User
137 [Documentation] Set valid password for IPMI user and verify.
138 [Tags] Verify_Setting_Valid_Password_For_IPMI_User
139
140 # Create IPMI user.
141 ${random_username}= Generate Random String 8 [LETTERS]
142 ${random_userid}= Evaluate random.randint(2, 15) modules=random
143 IPMI Create User ${random_userid} ${random_username}
144
145 # Set valid password for newly created user.
146 Run IPMI Standard Command
147 ... user set password ${random_userid} ${valid_password}
148
149 # Enable IPMI user
150 Run IPMI Standard Command user enable ${random_userid}
151
Rahul Maheshwari7d232ab2019-08-29 06:44:16 -0500152 # Delay added for IPMI user to get enable
153 Sleep 5s
154
Rahul Maheshwarief0a7352019-02-20 11:07:48 -0600155 # Set admin privilege and enable IPMI messaging for newly created user
156 Set Channel Access ${random_userid} ipmi=on privilege=${admin_level_priv}
157
158 Verify IPMI Username And Password ${random_username} ${valid_password}
159
160
Rahul Maheshwari404da0d2019-02-18 23:24:17 -0600161Verify IPMI User Creation With Same Name
162 [Documentation] Verify error while creating two IPMI user with same name.
163 [Tags] Verify_IPMI_User_Creation_With_Same_Name
164
165 ${random_username}= Generate Random String 8 [LETTERS]
166 IPMI Create User 2 ${random_username}
167
168 # Set same username for another IPMI user.
169 ${msg}= Run Keyword And Expect Error * Run IPMI Standard Command
170 ... user set name 3 ${random_username}
171 Should Contain ${msg} Invalid data field in request
172
173
174Verify Setting IPMI User With Null Password
175 [Documentation] Verify error while setting IPMI user with null
176 ... password.
177 [Tags] Verify_Setting_IPMI_User_With_Null_Password
178
179 # Create IPMI user.
180 ${random_username}= Generate Random String 8 [LETTERS]
Rahul Maheshwari976a1702019-02-21 01:47:58 -0600181 ${random_userid}= Evaluate random.randint(2, 15) modules=random
Rahul Maheshwari404da0d2019-02-18 23:24:17 -0600182 IPMI Create User ${random_userid} ${random_username}
183
184 # Set null password for newly created user.
185 ${msg}= Run Keyword And Expect Error * Run IPMI Standard Command
186 ... user set password ${random_userid} ""
187
188 Should Contain ${msg} Invalid data field in request
189
190
Rahul Maheshwari645a1132019-02-18 03:29:27 -0600191Verify IPMI User Deletion
192 [Documentation] Delete user via IPMI and verify.
193 [Tags] Verify_IPMI_User_Deletion
194
195 ${random_username}= Generate Random String 8 [LETTERS]
196 ${random_userid}= Evaluate random.randint(2, 15) modules=random
197 IPMI Create User ${random_userid} ${random_username}
198
199 # Delete IPMI User and verify
200 Run IPMI Standard Command user set name ${random_userid} ""
Rahul Maheshwari4f4688f2019-02-28 00:49:10 -0600201 ${user_info}= Get User Info ${random_userid}
Rahul Maheshwari645a1132019-02-18 03:29:27 -0600202 Should Be Equal ${user_info['user_name']} ${EMPTY}
203
204
Rahul Maheshwaric05bf562019-03-01 04:02:53 -0600205Test IPMI User Privilege Level
206 [Documentation] Verify IPMI user with user privilege can only run user level commands.
207 [Tags] Test_IPMI_User_Privilege_Level
208 [Template] Test IPMI User Privilege
209
210 #Privilege level User Cmd Status Operator Cmd Status Admin Cmd Status
211 ${user_priv} Passed Failed Failed
212
213
214Test IPMI Operator Privilege Level
215 [Documentation] Verify IPMI user with operator privilege can only run user and operator levels commands.
216 ... level is set to operator.
217 [Tags] Test_IPMI_Operator_Privilege_Level
218 [Template] Test IPMI User Privilege
219
220 #Privilege level User Cmd Status Operator Cmd Status Admin Cmd Status
221 ${operator_priv} Passed Passed Failed
222
223
224Test IPMI Administrator Privilege Level
225 [Documentation] Verify IPMI user with admin privilege can run all levels command.
226 [Tags] Test_IPMI_Administrator_Privilege_Level
227 [Template] Test IPMI User Privilege
228
229 #Privilege level User Cmd Status Operator Cmd Status Admin Cmd Status
230 ${admin_level_priv} Passed Passed Passed
231
232
233Test IPMI No Access Privilege Level
234 [Documentation] Verify IPMI user with no access privilege can not run only any level command.
235 [Tags] Test_IPMI_No_Access_Privilege_Level
236 [Template] Test IPMI User Privilege
237
238 #Privilege level User Cmd Status Operator Cmd Status Admin Cmd Status
239 ${no_access_priv} Failed Failed Failed
240
241
Rahul Maheshwari0c71f5e2019-02-20 03:52:55 -0600242Enable IPMI User And Verify
243 [Documentation] Enable IPMI user and verify that the user is able
244 ... to run IPMI command.
245 [Tags] Enable_IPMI_User_And_Verify
246
247 # Create IPMI user and set valid password.
248 ${random_username}= Generate Random String 8 [LETTERS]
249 ${random_userid}= Evaluate random.randint(2, 15) modules=random
250 IPMI Create User ${random_userid} ${random_username}
251 Run IPMI Standard Command
252 ... user set password ${random_userid} ${valid_password}
253
254 # Set admin privilege and enable IPMI messaging for newly created user.
255 Set Channel Access ${random_userid} ipmi=on privilege=${admin_level_priv}
256
257 # Enable IPMI user and verify.
258 Run IPMI Standard Command user enable ${random_userid}
259 ${user_info}= Get User Info ${random_userid}
260 Should Be Equal ${user_info['enable_status']} enabled
261
262 # Verify that enabled IPMI user is able to run IPMI command.
263 Verify IPMI Username And Password ${random_username} ${valid_password}
264
265
266Disable IPMI User And Verify
267 [Documentation] Disable IPMI user and verify that that the user
268 ... is unable to run IPMI command.
269 [Tags] Disable_IPMI_User_And_Verify
270
271 # Create IPMI user and set valid password.
272 ${random_username}= Generate Random String 8 [LETTERS]
273 ${random_userid}= Evaluate random.randint(2, 15) modules=random
274 IPMI Create User ${random_userid} ${random_username}
275 Run IPMI Standard Command
276 ... user set password ${random_userid} ${valid_password}
277
278 # Set admin privilege and enable IPMI messaging for newly created user.
279 Set Channel Access ${random_userid} ipmi=on privilege=${admin_level_priv}
280
281 # Disable IPMI user and verify.
282 Run IPMI Standard Command user disable ${random_userid}
283 ${user_info}= Get User Info ${random_userid}
284 Should Be Equal ${user_info['enable_status']} disabled
285
286 # Verify that disabled IPMI user is unable to run IPMI command.
287 ${msg}= Run Keyword And Expect Error * Verify IPMI Username And Password
288 ... ${random_username} ${valid_password}
Rahul Maheshwaric3d1e962019-03-06 23:53:21 -0600289 Should Contain ${msg} Unable to establish IPMI
Rahul Maheshwari0c71f5e2019-02-20 03:52:55 -0600290
Rahul Maheshwaric19f8382019-02-20 08:19:22 -0600291
Rahul Maheshwaridd63c742019-02-27 23:03:54 -0600292Verify IPMI Root User Password Change
293 [Documentation] Change IPMI root user password and verify that
294 ... root user is able to run IPMI command.
295 [Tags] Verify_IPMI_Root_User_Password_Change
296 [Teardown] Wait Until Keyword Succeeds 15 sec 5 sec
297 ... Set Default Password For IPMI Root User
298
299 # Set new password for root user.
300 Run IPMI Standard Command
301 ... user set password ${root_userid} ${valid_password}
302
303 # Verify that root user is able to run IPMI command using new password.
304 Verify IPMI Username And Password root ${valid_password}
305
306
Rahul Maheshwari8e175622019-05-20 05:30:32 -0500307Verify Administrator And No Access Privilege For Different Channels
308 [Documentation] Set administrator and no access privilege for different channels and verify.
309 [Tags] Verify_Administrator_And_No_Access_Privilege_For_Different_Channels
310
311 # Create IPMI user and set valid password.
312 ${random_username}= Generate Random String 8 [LETTERS]
313 ${random_userid}= Evaluate random.randint(2, 15) modules=random
314 IPMI Create User ${random_userid} ${random_username}
315 Run IPMI Standard Command
316 ... user set password ${random_userid} ${valid_password}
317
318 # Set admin privilege for newly created user with channel 1.
319 Set Channel Access ${random_userid} ipmi=on privilege=${admin_level_priv} 1
320
321 # Set no access privilege for newly created user with channel 2.
322 Set Channel Access ${random_userid} ipmi=on privilege=${no_access_priv} 2
323
324 # Enable IPMI user and verify.
325 Run IPMI Standard Command user enable ${random_userid}
326 ${user_info}= Get User Info ${random_userid}
327 Should Be Equal ${user_info['enable_status']} enabled
328
329 # Verify that user is able to run administrator level IPMI command with channel 1.
330 Verify IPMI Command ${random_username} ${valid_password} Administrator 1
331
332 # Verify that user is unable to run IPMI command with channel 2.
333 Run IPMI Standard Command sel info 2 expected_rc=${1} U=${random_username} P=${valid_password}
334
335
336Verify Operator And User Privilege For Different Channels
337 [Documentation] Set operator and user privilege for different channels and verify.
338 [Tags] Verify_Operator_And_User_Privilege_For_Different_Channels
339
340 # Create IPMI user and set valid password.
341 ${random_username}= Generate Random String 8 [LETTERS]
342 ${random_userid}= Evaluate random.randint(2, 15) modules=random
343 IPMI Create User ${random_userid} ${random_username}
344 Run IPMI Standard Command
345 ... user set password ${random_userid} ${valid_password}
346
347 # Set operator privilege for newly created user with channel 1.
348 Set Channel Access ${random_userid} ipmi=on privilege=${operator_priv} 1
349
350 # Set user privilege for newly created user with channel 2.
351 Set Channel Access ${random_userid} ipmi=on privilege=${user_priv} 2
352
353 # Enable IPMI user and verify.
354 Run IPMI Standard Command user enable ${random_userid}
355 ${user_info}= Get User Info ${random_userid}
356 Should Be Equal ${user_info['enable_status']} enabled
357
358 # Verify that user is able to run operator level IPMI command with channel 1.
359 Verify IPMI Command ${random_username} ${valid_password} Operator 1
360
361 # Verify that user is able to run user level IPMI command with channel 2.
362 Verify IPMI Command ${random_username} ${valid_password} User 2
363
364
Rahul Maheshwariddfc0cb2019-02-07 23:43:19 -0600365*** Keywords ***
366
Rahul Maheshwaridd63c742019-02-27 23:03:54 -0600367Set Default Password For IPMI Root User
368 [Documentation] Set default password for IPMI root user (i.e. 0penBmc).
Rahul Maheshwaridd63c742019-02-27 23:03:54 -0600369 # Set default password for root user.
370 ${result}= Run External IPMI Standard Command
371 ... user set password ${root_userid} ${OPENBMC_PASSWORD}
372 ... P=${valid_password}
373 Should Contain ${result} Set User Password command successful
374
375 # Verify that root user is able to run IPMI command using default password.
376 Verify IPMI Username And Password root ${OPENBMC_PASSWORD}
377
Rahul Maheshwarief0a7352019-02-20 11:07:48 -0600378
Rahul Maheshwaric05bf562019-03-01 04:02:53 -0600379Test IPMI User Privilege
380 [Documentation] Test IPMI user privilege by executing IPMI command with different privileges.
381 [Arguments] ${privilege_level} ${user_cmd_status} ${operator_cmd_status} ${admin_cmd_status}
382
383 # Description of argument(s):
384 # privilege_level Privilege level of IPMI user (e.g. 4, 3).
385 # user_cmd_status Expected status of IPMI command run with the "User"
386 # privilege (i.e. "Passed" or "Failed").
387 # operator_cmd_status Expected status of IPMI command run with the "Operator"
388 # privilege (i.e. "Passed" or "Failed").
389 # admin_cmd_status Expected status of IPMI command run with the "Administrator"
390 # privilege (i.e. "Passed" or "Failed").
391
392 # Create IPMI user and set valid password.
393 ${random_username}= Generate Random String 8 [LETTERS]
394 ${random_userid}= Evaluate random.randint(2, 15) modules=random
395 IPMI Create User ${random_userid} ${random_username}
396 Run IPMI Standard Command
397 ... user set password ${random_userid} ${valid_password}
398
399 # Set privilege and enable IPMI messaging for newly created user.
400 Set Channel Access ${random_userid} ipmi=on privilege=${privilege_level}
401
402 # Enable IPMI user and verify.
403 Run IPMI Standard Command user enable ${random_userid}
404 ${user_info}= Get User Info ${random_userid}
405 Should Be Equal ${user_info['enable_status']} enabled
406
Rahul Maheshwari8e175622019-05-20 05:30:32 -0500407 Verify IPMI Command ${random_username} ${valid_password} User
408 ... expected_status=${user_cmd_status}
409 Verify IPMI Command ${random_username} ${valid_password} Operator
410 ... expected_status=${operator_cmd_status}
411 Verify IPMI Command ${random_username} ${valid_password} Administrator
412 ... expected_status=${admin_cmd_status}
Rahul Maheshwaric05bf562019-03-01 04:02:53 -0600413
414
415Verify IPMI Command
416 [Documentation] Verify IPMI command execution with given username,
417 ... password, privilege and expected status.
Rahul Maheshwari8e175622019-05-20 05:30:32 -0500418 [Arguments] ${username} ${password} ${privilege} ${channel}=${1} ${expected_status}=Passed
Rahul Maheshwaric05bf562019-03-01 04:02:53 -0600419 # Description of argument(s):
420 # username The user name (e.g. "root", "robert", etc.).
421 # password The user password (e.g. "0penBmc", "0penBmc1", etc.).
422 # privilege The session privilge for IPMI command (e.g. "User", "Operator", etc.).
Rahul Maheshwari8e175622019-05-20 05:30:32 -0500423 # channel The user channel number (e.g. "1" or "2").
Rahul Maheshwaric05bf562019-03-01 04:02:53 -0600424 # expected_status Expected status of IPMI command run with the user
425 # of above password and privilege (i.e. "Passed" or "Failed").
426
427 ${expected_rc}= Set Variable If '${expected_status}' == 'Passed' ${0} ${1}
Rahul Maheshwariceb282e2019-09-16 00:11:41 -0500428 Wait Until Keyword Succeeds 15 sec 5 sec Run IPMI Standard Command
429 ... sel info ${channel} expected_rc=${expected_rc} U=${username} P=${password}
Rahul Maheshwaric05bf562019-03-01 04:02:53 -0600430 ... L=${privilege}
431
432
Rahul Maheshwarif646baa2019-02-20 12:29:35 -0600433Test Teardown Execution
434 [Documentation] Do the test teardown execution.
435
436 FFDC On Test Case Fail