Network configuration using different LDAP user roles
Changes:
- Expose Add IP Address keyword for common usage in LDAP and network test.
- Add test case in LDAP to configure network.
Signed-off-by: Prashanth Katti <prkatti1@in.ibm.com>
Change-Id: I181369af438b3d591f51e62373edda33b7ea7528
diff --git a/lib/bmc_network_utils.robot b/lib/bmc_network_utils.robot
index 4fcee72..587883d 100644
--- a/lib/bmc_network_utils.robot
+++ b/lib/bmc_network_utils.robot
@@ -351,3 +351,97 @@
${resp}= Redfish.Get ${REDFISH_NW_ETH0_URI}
@{network_configurations}= Get From Dictionary ${resp.dict} IPv4StaticAddresses
[Return] @{network_configurations}
+
+Add IP Address
+ [Documentation] Add IP Address To BMC.
+ [Arguments] ${ip} ${subnet_mask} ${gateway}
+ ... ${valid_status_codes}=${HTTP_OK}
+
+ # Description of argument(s):
+ # ip IP address to be added (e.g. "10.7.7.7").
+ # subnet_mask Subnet mask for the IP to be added
+ # (e.g. "255.255.0.0").
+ # gateway Gateway for the IP to be added (e.g. "10.7.7.1").
+ # valid_status_codes Expected return code from patch operation
+ # (e.g. "200"). See prolog of rest_request
+ # method in redfish_plus.py for details.
+
+ ${empty_dict}= Create Dictionary
+ ${ip_data}= Create Dictionary Address=${ip}
+ ... SubnetMask=${subnet_mask} Gateway=${gateway}
+
+ ${patch_list}= Create List
+ ${network_configurations}= Get Network Configuration
+ ${num_entries}= Get Length ${network_configurations}
+
+ : FOR ${INDEX} IN RANGE 0 ${num_entries}
+ \ Append To List ${patch_list} ${empty_dict}
+
+ # We need not check for existence of IP on BMC while adding.
+ Append To List ${patch_list} ${ip_data}
+ ${data}= Create Dictionary IPv4StaticAddresses=${patch_list}
+
+ Redfish.patch ${REDFISH_NW_ETH0_URI} body=&{data}
+ ... valid_status_codes=[${valid_status_codes}]
+
+ Return From Keyword If '${valid_status_codes}' != '${HTTP_OK}'
+
+ # Note: Network restart takes around 15-18s after patch request processing.
+ Sleep ${NETWORK_TIMEOUT}s
+ Wait For Host To Ping ${OPENBMC_HOST} ${NETWORK_TIMEOUT}
+
+ Verify IP On BMC ${ip}
+ Validate Network Config On BMC
+
+
+Delete IP Address
+ [Documentation] Delete IP Address Of BMC.
+ [Arguments] ${ip} ${valid_status_codes}=${HTTP_OK}
+
+ # Description of argument(s):
+ # ip IP address to be deleted (e.g. "10.7.7.7").
+ # valid_status_codes Expected return code from patch operation
+ # (e.g. "200"). See prolog of rest_request
+ # method in redfish_plus.py for details.
+
+ ${empty_dict}= Create Dictionary
+ ${patch_list}= Create List
+
+ @{network_configurations}= Get Network Configuration
+ : FOR ${network_configuration} IN @{network_configurations}
+ \ Run Keyword If '${network_configuration['Address']}' == '${ip}'
+ ... Append To List ${patch_list} ${null}
+ ... ELSE Append To List ${patch_list} ${empty_dict}
+
+ ${ip_found}= Run Keyword And Return Status List Should Contain Value
+ ... ${patch_list} ${null} msg=${ip} does not exist on BMC
+ Pass Execution If ${ip_found} == ${False} ${ip} does not exist on BMC
+
+ # Run patch command only if given IP is found on BMC
+ ${data}= Create Dictionary IPv4StaticAddresses=${patch_list}
+
+ Redfish.patch ${REDFISH_NW_ETH0_URI} body=&{data}
+ ... valid_status_codes=[${valid_status_codes}]
+
+ # Note: Network restart takes around 15-18s after patch request processing
+ Sleep ${NETWORK_TIMEOUT}s
+ Wait For Host To Ping ${OPENBMC_HOST} ${NETWORK_TIMEOUT}
+
+ ${delete_status}= Run Keyword And Return Status Verify IP On BMC ${ip}
+ Run Keyword If '${valid_status_codes}' == '${HTTP_OK}'
+ ... Should Be True '${delete_status}' == '${False}'
+ ... ELSE Should Be True '${delete_status}' == '${True}'
+
+ Validate Network Config On BMC
+
+
+Validate Network Config On BMC
+ [Documentation] Check that network info obtained via redfish matches info
+ ... obtained via CLI.
+
+ @{network_configurations}= Get Network Configuration
+ ${ip_data}= Get BMC IP Info
+ : FOR ${network_configuration} IN @{network_configurations}
+ \ Should Contain Match ${ip_data} ${network_configuration['Address']}/*
+ ... msg=IP address does not exist.
+
diff --git a/redfish/account_service/test_ldap_configuration.robot b/redfish/account_service/test_ldap_configuration.robot
index 948be44..a384c1f 100644
--- a/redfish/account_service/test_ldap_configuration.robot
+++ b/redfish/account_service/test_ldap_configuration.robot
@@ -6,6 +6,7 @@
Resource ../../lib/bmc_redfish_resource.robot
Resource ../../lib/openbmc_ffdc.robot
Library ../../lib/gen_robot_valid.py
+Resource ../../lib/bmc_network_utils.robot
Suite Setup Suite Setup Execution
Suite Teardown Run Keywords Restore LDAP Privilege AND Redfish.Logout
@@ -18,6 +19,9 @@
&{old_account_service} &{EMPTY}
&{old_ldap_config} &{EMPTY}
${hostname} ${EMPTY}
+${test_ip} 10.6.6.6
+${test_mask} 255.255.255.0
+${test_gw} 10.6.6.1
** Test Cases **
@@ -454,6 +458,25 @@
${LDAP_TYPE} Administrator ${GROUP_NAME} ${HTTP_OK}
+Configure IP Address Via Different User Roles And Verify
+ [Documentation] Configure IP address via different user roles and verify.
+ [Tags] Configure_IP_Address_Via_Different_User_Roles_And_Verify
+ [Teardown] Restore LDAP Privilege
+
+ [Template] Update LDAP User Role And Configure IP Address
+ # Verify LDAP user with Administrator privilege is able to configure IP address.
+ ${LDAP_TYPE} Administrator ${GROUP_NAME} ${HTTP_OK}
+
+ # Verify LDAP user with ReadOnly privilege is forbidden to configure IP address.
+ ${LDAP_TYPE} ReadOnly ${GROUP_NAME} ${HTTP_FORBIDDEN}
+
+ # Verify LDAP user with NoAccess privilege is forbidden to configure IP address.
+ ${LDAP_TYPE} ReadOnly ${GROUP_NAME} ${HTTP_FORBIDDEN}
+
+ # Verify LDAP user with Operator privilege is able to configure IP address.
+ ${LDAP_TYPE} Operator ${GROUP_NAME} ${HTTP_OK}
+
+
*** Keywords ***
Redfish Verify LDAP Login
@@ -720,3 +743,24 @@
Redfish.Post ${REDFISH_POWER_URI}
... body={'ResetType': 'On'} valid_status_codes=[${valid_status_code}]
+
+
+Update LDAP User Role And Configure IP Address
+ [Documentation] Update LDAP user role and configure IP address.
+ [Arguments] ${ldap_type} ${group_privilege} ${group_name} ${valid_status_code}=${HTTP_OK}
+ [Teardown] Run Keywords Redfish.Logout AND Redfish.Login AND Delete IP Address ${test_ip}
+
+ # Description of argument(s):
+ # ldap_type The LDAP type ("ActiveDirectory" or "LDAP").
+ # group_privilege The group privilege ("Administrator", "Operator", "ReadOnly" or "NoAccess").
+ # group_name The group name of user.
+ # valid_status_code The expected valid status code.
+
+ Update LDAP Configuration with LDAP User Role And Group ${ldap_type}
+ ... ${group_privilege} ${group_name}
+
+ Redfish.Logout
+
+ Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
+
+ Add IP Address ${test_ip} ${test_mask} ${test_gw} ${valid_status_code}
diff --git a/redfish/managers/test_bmc_network_conf.robot b/redfish/managers/test_bmc_network_conf.robot
index 098794c..bd91cad 100644
--- a/redfish/managers/test_bmc_network_conf.robot
+++ b/redfish/managers/test_bmc_network_conf.robot
@@ -472,100 +472,6 @@
Set Test Variable ${ip_data}
-Add IP Address
- [Documentation] Add IP Address To BMC.
- [Arguments] ${ip} ${subnet_mask} ${gateway}
- ... ${valid_status_codes}=${HTTP_OK}
-
- # Description of argument(s):
- # ip IP address to be added (e.g. "10.7.7.7").
- # subnet_mask Subnet mask for the IP to be added
- # (e.g. "255.255.0.0").
- # gateway Gateway for the IP to be added (e.g. "10.7.7.1").
- # valid_status_codes Expected return code from patch operation
- # (e.g. "200"). See prolog of rest_request
- # method in redfish_plut.py for details.
-
- ${empty_dict}= Create Dictionary
- ${ip_data}= Create Dictionary Address=${ip}
- ... SubnetMask=${subnet_mask} Gateway=${gateway}
-
- ${patch_list}= Create List
- ${network_configurations}= Get Network Configuration
- ${num_entries}= Get Length ${network_configurations}
-
- : FOR ${INDEX} IN RANGE 0 ${num_entries}
- \ Append To List ${patch_list} ${empty_dict}
-
- # We need not check for existence of IP on BMC while adding.
- Append To List ${patch_list} ${ip_data}
- ${data}= Create Dictionary IPv4StaticAddresses=${patch_list}
-
- Redfish.patch ${REDFISH_NW_ETH0_URI} body=&{data}
- ... valid_status_codes=[${valid_status_codes}]
-
- Return From Keyword If '${valid_status_codes}' != '${HTTP_OK}'
-
- # Note: Network restart takes around 15-18s after patch request processing.
- Sleep ${NETWORK_TIMEOUT}s
- Wait For Host To Ping ${OPENBMC_HOST} ${NETWORK_TIMEOUT}
-
- Verify IP On BMC ${ip}
- Validate Network Config On BMC
-
-
-Delete IP Address
- [Documentation] Delete IP Address Of BMC.
- [Arguments] ${ip} ${valid_status_codes}=${HTTP_OK}
-
- # Description of argument(s):
- # ip IP address to be deleted (e.g. "10.7.7.7").
- # valid_status_codes Expected return code from patch operation
- # (e.g. "200"). See prolog of rest_request
- # method in redfish_plut.py for details.
-
- ${empty_dict}= Create Dictionary
- ${patch_list}= Create List
-
- @{network_configurations}= Get Network Configuration
- : FOR ${network_configuration} IN @{network_configurations}
- \ Run Keyword If '${network_configuration['Address']}' == '${ip}'
- ... Append To List ${patch_list} ${null}
- ... ELSE Append To List ${patch_list} ${empty_dict}
-
- ${ip_found}= Run Keyword And Return Status List Should Contain Value
- ... ${patch_list} ${null} msg=${ip} does not exist on BMC
- Pass Execution If ${ip_found} == ${False} ${ip} does not exist on BMC
-
- # Run patch command only if given IP is found on BMC
- ${data}= Create Dictionary IPv4StaticAddresses=${patch_list}
-
- Redfish.patch ${REDFISH_NW_ETH0_URI} body=&{data}
- ... valid_status_codes=[${valid_status_codes}]
-
- # Note: Network restart takes around 15-18s after patch request processing
- Sleep ${NETWORK_TIMEOUT}s
- Wait For Host To Ping ${OPENBMC_HOST} ${NETWORK_TIMEOUT}
-
- ${delete_status}= Run Keyword And Return Status Verify IP On BMC ${ip}
- Run Keyword If '${valid_status_codes}' == '${HTTP_OK}'
- ... Should Be True ${delete_status} == ${False}
- ... ELSE Should Be True ${delete_status} == ${True}
-
- Validate Network Config On BMC
-
-
-Validate Network Config On BMC
- [Documentation] Check that network info obtained via redfish matches info
- ... obtained via CLI.
-
- @{network_configurations}= Get Network Configuration
- ${ip_data}= Get BMC IP Info
- : FOR ${network_configuration} IN @{network_configurations}
- \ Should Contain Match ${ip_data} ${network_configuration['Address']}/*
- ... msg=IP address does not exist.
-
-
Verify Netmask On BMC
[Documentation] Verify netmask on BMC.
[Arguments] ${netmask}