Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / openbmc-test-automation / 2072fe8c295a19528788cb70d143354a0219c886 / . / gui / gui_test / security_and_access_menu / test_ldap_sub_menu.robot
blob: a7990e12ae7ceee4857f09a38f6ca18c7d680bb3 [file] [log] [blame]
*** Settings ***
Documentation Test OpenBMC GUI "LDAP" sub-menu of "Security and access".
Resource ../../lib/gui_resource.robot
Resource ../../../lib/bmc_ldap_utils.robot
Suite Setup Suite Setup Execution
Suite Teardown Close Browser
Force Tags LDAP_Sub_Menu
*** Variables ***
${xpath_ldap_heading} //h1[text()="LDAP"]
${xpath_enable_ldap_checkbox} //*[@data-test-id='ldap-checkbox-ldapAuthenticationEnabled']
${xpath_secure_ldap_checkbox} //*[@data-test-id='ldap-checkbox-secureLdapEnabled']
${xpath_service_radio_button} //*[@data-test-id="ldap-radio-activeDirectoryEnabled"]
${xpath_add_role_group_button} //button[contains(text(),'Add role group')]
${xpath_ldap_url} //*[@data-test-id='ldap-input-serverUri']
${xpath_ldap_bind_dn} //*[@data-test-id='ldap-input-bindDn']
${xpath_ldap_password} //*[@id='bind-password']
${xpath_ldap_base_dn} //*[@data-test-id='ldap-input-baseDn']
${xpath_ldap_save_settings} //*[@data-test-id='ldap-button-saveSettings']
${xpath_select_refresh_button} //*[text()[contains(.,"Refresh")]]
${xpath_add_group_name} //*[@id="role-group-name"]
${xpath_add_group_Privilege} //*[@id="privilege"]
${xpath_add_privilege_button} //button[text()=" Add "]
${xpath_delete_group_button} //*[@title="Delete"]
${xpath_delete_button} //button[text()="Delete"]
${incorrect_ip} 1.2.3.4
${wrong_ldap_port} 135
*** Test Cases ***
Verify Navigation To LDAP Page
[Documentation] Verify navigation to LDAP page.
[Tags] Verify_Navigation_To_LDAP_Page
Page Should Contain Element ${xpath_ldap_heading}
Verify Existence Of All Sections In LDAP Page
[Documentation] Verify existence of all sections in LDAP page.
[Tags] Verify_Existence_Of_All_Sections_In_LDAP_Page
Page Should Contain Settings
Page Should Contain Role groups
Verify Existence Of All Buttons In LDAP Page
[Documentation] Verify existence of all buttons in LDAP page.
[Tags] Verify_Existence_Of_All_Buttons_In_LDAP_Page
# Buttons under settings section.
Page Should Contain Element ${xpath_service_radio_button}
Page Should Contain Element ${xpath_save_settings_button}
# Buttons under role groups section.
Page Should Contain Element ${xpath_add_role_group_button}
Verify Existence Of All Checkboxes In LDAP Page
[Documentation] Verify existence of all checkboxes in LDAP page.
[Tags] Verify_Existence_Of_All_Checkboxes_In_LDAP_Page
# Checkboxes under settings section.
Page Should Contain Element ${xpath_enable_ldap_checkbox}
Page Should Contain Element ${xpath_secure_ldap_checkbox}
Verify LDAP Configurations Editable
[Documentation] Verify LDAP configurations are editable.
[Tags] Verify_LDAP_Configurations_Editable
[Setup] Redfish.Login
[Teardown] Redfish.Logout
Create LDAP Configuration ${LDAP_SERVER_URI} ${LDAP_TYPE} ${LDAP_BIND_DN}
... ${LDAP_BIND_DN_PASSWORD} ${LDAP_BASE_DN}
Wait Until Page Contains Element ${xpath_ldap_url}
Textfield Value Should Be ${xpath_ldap_url} ${LDAP_SERVER_URI}
Textfield Value Should Be ${xpath_ldap_bind_dn} ${LDAP_BIND_DN}
Textfield Value Should Be ${xpath_ldap_password} ${empty}
Textfield Value Should Be ${xpath_ldap_base_dn} ${LDAP_BASE_DN}
Verify Create LDAP Configuration
[Documentation] Verify created LDAP configuration.
[Tags] Verify_Create_LDAP_Configuration
[Teardown] Run Keywords Redfish.Logout AND Redfish.Login
Create LDAP Configuration
Get LDAP Configuration ${LDAP_TYPE}
Redfish.Logout
Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
Verify LDAP Config Update With Incorrect LDAP IP Address
[Documentation] Verify that LDAP login fails with incorrect LDAP IP Address.
[Tags] Verify_LDAP_Config_Update_With_Incorrect_LDAP_IP_Address
[Setup] Redfish.Login
[Teardown] Run Keywords Redfish.Logout AND Redfish.Login
Create LDAP Configuration ${incorrect_ip} ${LDAP_TYPE} ${LDAP_BIND_DN}
... ${LDAP_BIND_DN_PASSWORD} ${LDAP_BASE_DN} ${LDAP_MODE}
Get LDAP Configuration ${LDAP_TYPE}
Redfish.Logout
${resp}= Run Keyword And Return Status
... Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
Should Be Equal ${resp} ${False}
... msg=LDAP user was able to login though the incorrect LDAP IP Address.
Verify LDAP Service Disable
[Documentation] Verify that LDAP user cannot login when LDAP service is disabled.
[Tags] Verify_LDAP_Service_Disable
[Teardown] Run Keywords Redfish.Logout AND Redfish.Login
${status}= Run Keyword And Return Status
... Checkbox Should Be Selected ${xpath_enable_ldap_checkbox}
Run Keyword If ${status} == ${True}
... Click Element At Coordinates ${xpath_enable_ldap_checkbox} 0 0
Checkbox Should Not Be Selected ${xpath_enable_ldap_checkbox}
Click Element ${xpath_ldap_save_settings}
Wait Until Page Contains Successfully saved Open LDAP settings
Click Element ${xpath_refresh_button}
Wait Until Page Contains Element ${xpath_ldap_heading}
Redfish.Logout
${resp}= Run Keyword And Return Status
... Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
Should Be Equal ${resp} ${False}
... msg=LDAP user was able to login even though the LDAP service was disabled.
Verify LDAP User With Admin Privilege
[Documentation] Verify that LDAP user with administrator privilege is able to do BMC reboot.
[Tags] Verify_LDAP_User_With_Admin_Privilege
[Teardown] Run Keywords Redfish.Login AND Delete LDAP Role Group ${GROUP_NAME}
Update LDAP Configuration with LDAP User Role And Group ${GROUP_NAME} ${GROUP_PRIVILEGE}
Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
Redfish OBMC Reboot (off)
Redfish.Logout
Verify Enabling LDAP
[Documentation] Verify that LDAP can be enabled from disabled state.
[Tags] Verify_Enabling_LDAP
Disable LDAP Configuration
Create LDAP Configuration
Read Network Configuration Via Different User Roles And Verify Using GUI
[Documentation] Read network configuration via different user roles and verify.
[Tags] Read_Network_Configuration_Via_Different_User_Roles_And_Verify_Using_GUI
[Template] Update LDAP User Role And Read Network Configuration Via GUI
# group_name user_role valid_status_code
${GROUP_NAME} Administrator ${HTTP_OK}
${GROUP_NAME} Operator ${HTTP_OK}
${GROUP_NAME} ReadOnly ${HTTP_OK}
${GROUP_NAME} NoAccess ${HTTP_FORBIDDEN}
Verify LDAP Login Fails On Wrong LDAP Port
[Documentation] Verify that LDAP login fails when wrong port is entered in LDAP URL.
[Tags] Verify_LDAP_Login_Fails_On_Wrong_LDAP_Port
[Teardown] Run Keywords Redfish.Logout AND Redfish.Login
${ldap_uri_wrong_port}= Catenate SEPARATOR=: ${LDAP_SERVER_URI} ${wrong_ldap_port}
Create LDAP Configuration ${ldap_uri_wrong_port} ${LDAP_TYPE} ${LDAP_BIND_DN}
... ${LDAP_BIND_DN_PASSWORD} ${LDAP_BASE_DN} ${LDAP_MODE}
Get LDAP Configuration ${LDAP_TYPE}
Redfish.Logout
${resp}= Run Keyword And Return Status
... Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
Should Be Equal ${resp} ${False}
... msg=LDAP user was able to login though the wrong port in LDAP URL
*** Keywords ***
Suite Setup Execution
[Documentation] Do test case setup tasks.
Launch Browser And Login GUI
# Navigate to https://xx.xx.xx.xx/#/security-and-access/ldap LDAP page.
Click Element ${xpath_secuity_and_accesss_menu}
Click Element ${xpath_ldap_sub_menu}
Wait Until Keyword Succeeds 30 sec 10 sec Location Should Contain ldap
Wait Until Element Is Not Visible ${xpath_page_loading_progress_bar} timeout=30
Wait Until Element Is Enabled ${xpath_enable_ldap_checkbox} timeout=10s
Valid Value LDAP_TYPE valid_values=["ActiveDirectory", "LDAP"]
Valid Value LDAP_USER
Valid Value LDAP_USER_PASSWORD
Valid Value GROUP_PRIVILEGE
Valid Value GROUP_NAME
Valid Value LDAP_SERVER_URI
Valid Value LDAP_BIND_DN_PASSWORD
Valid Value LDAP_BIND_DN
Valid Value LDAP_BASE_DN
Valid Value LDAP_MODE valid_values=["secure", "nonsecure"]
Create LDAP Configuration
[Documentation] Create LDAP configuration.
[Arguments] ${ldap_server_uri}=${LDAP_SERVER_URI} ${ldap_servicetype}=${LDAP_TYPE}
... ${ldap_bind_dn}=${LDAP_BIND_DN} ${ldap_bind_dn_password}=${LDAP_BIND_DN_PASSWORD}
... ${ldap_base_dn}=${LDAP_BASE_DN} ${ldap_mode}=${LDAP_MODE}
# Description of argument(s):
# ldap_server_uri LDAP server uri (e.g. ldap://XX.XX.XX.XX).
# ldap_type The LDAP type ("ActiveDirectory" or "LDAP").
# ldap_bind_dn The LDAP bind distinguished name.
# ldap_bind_dn_password The LDAP bind distinguished name password.
# ldap_base_dn The LDAP base distinguished name.
# Clearing existing LDAP configuration by disabling it.
Redfish.Patch ${REDFISH_BASE_URI}AccountService
... body={'${LDAP_TYPE}': {'ServiceEnabled': ${False}}}
# Wait for GUI to reflect LDAP disabled status.
Run Keywords Refresh GUI AND Sleep 10s
Click Element At Coordinates ${xpath_enable_ldap_checkbox} 0 0
${radio_buttons}= Get WebElements ${xpath_service_radio_button}
Run Keyword If '${ldap_service_type}' == 'LDAP'
... Click Element At Coordinates ${radio_buttons}[${0}] 0 0
... ELSE Click Element At Coordinates ${radio_buttons}[${1}] 0 0
Wait Until Page Contains Element ${xpath_ldap_url}
Run Keyword If '${ldap_mode}' == 'secure'
... Click Element At Coordinates ${xpath_secure_ldap_checkbox} 0 0
Input Text ${xpath_ldap_url} ${ldap_server_uri}
Input Text ${xpath_ldap_bind_dn} ${ldap_bind_dn}
Input Text ${xpath_ldap_password} ${ldap_bind_dn_password}
Input Text ${xpath_ldap_base_dn} ${ldap_base_dn}
Click Element ${xpath_ldap_save_settings}
Run Keyword If '${ldap_service_type}'=='LDAP'
... Wait Until Page Contains Successfully saved Open LDAP settings
... ELSE
... Wait Until Page Contains Successfully saved Active Directory settings
Click Element ${xpath_refresh_button}
Wait Until Page Contains Element ${xpath_ldap_heading}
Get LDAP Configuration
[Documentation] Retrieve LDAP Configuration.
[Arguments] ${ldap_type}
# Description of argument(s):
# ldap_type The LDAP type ("ActiveDirectory" or "LDAP").
${radio_buttons}= Get WebElements ${xpath_service_radio_button}
${status}= Run Keyword And Return Status
... Run Keyword If '${ldap_type}'=='LDAP'
... Checkbox Should Be Selected ${radio_buttons}[${0}]
... ELSE
... Checkbox Should Be Selected ${radio_buttons}[${1}]
Should Be Equal ${status} ${True}
Update LDAP Configuration With LDAP User Role And Group
[Documentation] Update LDAP configuration update with LDAP user role and group.
[Arguments] ${group_name} ${group_privilege}
# Description of argument(s):
# group_name The group name of LDAP user.
# group_privilege The group privilege for LDAP user
# (e.g. "Administrator", "Operator", "ReadOnly" or "NoAcccess").
Create LDAP Configuration
Click Element ${xpath_add_role_group_button}
Input Text ${xpath_add_group_name} ${group_name}
Select From List By Value ${xpath_add_group_Privilege} ${group_privilege}
Click Element ${xpath_add_privilege_button}
# Verify group name after adding.
${ldap_group_name}= Get LDAP Privilege And Group Name Via Redfish
List Should Contain Value ${ldap_group_name} ${group_name}
Delete LDAP Role Group
[Documentation] Delete LDAP role group.
[Arguments] ${group_name}
# Description of argument(s):
# group_name The group name of LDAP user.
# Verify given group name is exist before deleting.
${ldap_group_name}= Get LDAP Privilege And Group Name Via Redfish
List Should Contain Value ${ldap_group_name} ${group_name} msg=${group_name} not available.
${get_groupname_index}= Get Index From List ${ldap_group_name} ${group_name}
${delete_group_elements}= Get WebElements ${xpath_delete_group_button}
Click Element ${delete_group_elements}[${get_groupname_index}]
Click Element ${xpath_delete_button}
# Verify group name after deleting.
${ldap_group_name}= Get LDAP Privilege And Group Name Via Redfish
List Should Not Contain Value ${ldap_group_name} ${group_name} msg=${group_name} not available.
Disable LDAP Configuration
[Documentation] Disable LDAP configuration on BMC.
${status}= Run Keyword And Return Status
... Checkbox Should Be Selected ${xpath_enable_ldap_checkbox}
Run Keyword If ${status} == ${True}
... Click Element At Coordinates ${xpath_enable_ldap_checkbox} 0 0
Checkbox Should Not Be Selected ${xpath_enable_ldap_checkbox}
Click Element ${xpath_ldap_save_settings}
Wait Until Page Contains Successfully saved Open LDAP settings
Click Element ${xpath_refresh_button}
Wait Until Page Contains Element ${xpath_ldap_heading}
Login BMC And Navigate To LDAP Page
[Documentation] Login BMC and navigate to ldap page.
[Arguments] ${username}=${OPENBMC_USERNAME} ${password}=${OPENBMC_PASSWORD}
# Description of argument(s):
# username The username to be used for login.
# password The password to be used for login.
Login GUI ${username} ${password}
# Navigate to https://xx.xx.xx.xx/#/security-and-access/ldap LDAP page.
Click Element ${xpath_secuity_and_accesss_menu}
Click Element ${xpath_ldap_sub_menu}
Wait Until Keyword Succeeds 30 sec 10 sec Location Should Contain ldap
Update LDAP User Role And Read Network Configuration Via GUI
[Documentation] Update LDAP user role and read network configuration via GUI.
[Arguments] ${group_name} ${user_role} ${valid_status_codes}
[Teardown] Run Keywords Logout GUI AND Login BMC And Navigate To LDAP Page
... AND Delete LDAP Role Group ${group_name}
# Description of argument(s):
# group_privilege The group privilege ("Administrator", "Operator", "ReadOnly" or "NoAccess").
# group_name The group name of user.
# valid_status_code The expected valid status code.
Update LDAP Configuration with LDAP User Role And Group ${group_name} ${user_role}
Logout GUI
Login GUI ${LDAP_USER} ${LDAP_USER_PASSWORD}
Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
Click Element ${xpath_server_configuration}
Click Element ${xpath_select_network_settings}
Wait Until Keyword Succeeds 30 sec 10 sec Location Should Contain network-settings
${resp}= Redfish.Get ${REDFISH_NW_ETH0_URI} valid_status_codes=[${valid_status_codes}]
Return From Keyword If ${valid_status_codes} == ${HTTP_FORBIDDEN}
${host_name}= Redfish.Get Attribute ${REDFISH_NW_PROTOCOL_URI} HostName
Textfield Value Should Be ${xpath_hostname_input} ${host_name}
${mac_address}= Redfish.Get Attribute ${REDFISH_NW_ETH0_URI} MACAddress
Textfield Value Should Be ${xpath_mac_address_input} ${mac_address}