Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / openbmc-test-automation / 73379bcaec51074d956f745f26d375071d20481e^! / . / redfish / account_service / test_ldap_configuration.robot
commit73379bcaec51074d956f745f26d375071d20481e[log] [tgz]
authorSivas SRR <sivas.srr@in.ibm.com>Mon Jul 22 10:21:45 2019 -0500
committerGeorge Keishing <gkeishin@in.ibm.com>Tue Jul 30 16:05:27 2019 +0000
treeb82ee718b60bbf9f6c19a03150af9b065307e170
parent32f7b3d357c21640f7e459dc6527fca57d2a27cc [diff] [blame]
LDAP additional test cases

Resolves openbmc/openbmc-test-automation#1888

Change-Id: Iaefd96e0fc70522f93ee6b62f552ff098609ac8b
Signed-off-by: Sivas SRR <sivas.srr@in.ibm.com>

diff --git a/redfish/account_service/test_ldap_configuration.robot b/redfish/account_service/test_ldap_configuration.robot
index 83db55b..e02c6aa 100644
--- a/redfish/account_service/test_ldap_configuration.robot
+++ b/redfish/account_service/test_ldap_configuration.robot

@@ -1,5 +1,6 @@
 *** Settings ***
 Documentation    Test Redfish LDAP user configuration.
+
 Library          ../../lib/gen_robot_valid.py
 Resource         ../../lib/resource.robot
 Resource         ../../lib/bmc_redfish_resource.robot
@@ -51,9 +52,62 @@
     Redfish.Login
 
 
+Verify LDAP Login With ServiceEnabled
+    [Documentation]  Verify LDAP Login with ServiceEnabled.
+    [Tags]  Verify_LDAP_Login_With_ServiceEnabled
+
+    Disable Other LDAP
+    # Actual service enablement.
+    Redfish.Patch  ${REDFISH_BASE_URI}AccountService
+    ...  body={'${LDAP_TYPE}': {'ServiceEnabled': ${True}}}
+    Sleep  15s
+    # After update, LDAP login.
+    Redfish.Login  ${LDAP_USER}  ${LDAP_USER_PASSWORD}
+    Redfish.Logout
+    Redfish.Login
+
+
+Verify LDAP Login With Correct AuthenticationType
+    [Documentation]  Verify LDAP Login with right AuthenticationType.
+    [Tags]  Verify_LDAP_Login_With_Correct_AuthenticationType
+
+    Redfish.Patch  ${REDFISH_BASE_URI}AccountService
+    ...  body={'${ldap_type}': {'Authentication': {'AuthenticationType':'UsernameAndPassword'}}}
+    Sleep  15s
+    # After update, LDAP login.
+    Redfish.Login  ${LDAP_USER}  ${LDAP_USER_PASSWORD}
+    Redfish.Logout
+    Redfish.Login
+
+
+Verify LDAP Config Update With Incorrect AuthenticationType
+    [Documentation]  Verify invalid AuthenticationType is not updated.
+    [Tags]  Verify_LDAP_Update_With_Incorrect_AuthenticationType
+
+    Redfish.Patch  ${REDFISH_BASE_URI}AccountService
+    ...  body={'${ldap_type}': {'Authentication': {'AuthenticationType':'KerberosKeytab'}}}  valid_status_codes=[400]
+
+
+Verify LDAP Login With Correct LDAP URL
+    [Documentation]  Verify LDAP Login with right LDAP URL.
+    [Tags]  Verify_LDAP_Login_With_Correct_LDAP_URL
+
+    Config LDAP URL  ${LDAP_SERVER_URI}
+
+
+Verify LDAP Config Update With Incorrect LDAP URL
+    [Documentation]  Verify LDAP Login fails with invalid LDAP URL.
+    [Tags]  Verify_LDAP_Config_Update_With_Incorrect_LDAP_URL
+    [Teardown]  Run Keywords  Restore LDAP URL  AND
+    ...  FFDC On Test Case Fail
+
+    Config LDAP URL  "ldap://1.2.3.4"
+
+
 Verify LDAP Configuration Exist
     [Documentation]  Verify LDAP configuration is available.
     [Tags]  Verify_LDAP_Configuration_Exist
+
     ${resp}=  Redfish.Get Attribute  ${REDFISH_BASE_URI}AccountService
     ...  ${LDAP_TYPE}  default=${EMPTY}
     Should Not Be Empty  ${resp}  msg=LDAP configuration is not defined.
@@ -62,9 +116,8 @@
 Verify LDAP User Login
     [Documentation]  Verify LDAP user able to login into BMC.
     [Tags]  Verify_LDAP_User_Login
-    ${resp}=  Run Keyword And Return Status  Redfish.Login  ${LDAP_USER}
-    ...  ${LDAP_USER_PASSWORD}
-    Should Be Equal  ${resp}  ${True}  msg=LDAP user is not able to login.
+
+    Redfish.Login  ${LDAP_USER}  ${LDAP_USER_PASSWORD}
     Redfish.Logout
     Redfish.Login
 
@@ -72,6 +125,7 @@
 Verify LDAP Service Available
     [Documentation]  Verify LDAP service is available.
     [Tags]  Verify_LDAP_Service_Available
+
     @{ldap_configuration}=  Get LDAP Configuration  ${LDAP_TYPE}
     Should Contain  ${ldap_configuration}  LDAPService
     ...  msg=LDAPService is not available.
@@ -80,6 +134,7 @@
 Verify LDAP Login Works After BMC Reboot
     [Documentation]  Verify LDAP login works after BMC reboot.
     [Tags]  Verify_LDAP_Login_Works_After_BMC_Reboot
+
     Redfish OBMC Reboot (off)
     Redfish.Login  ${LDAP_USER}  ${LDAP_USER_PASSWORD}
     Redfish.Logout
@@ -90,6 +145,7 @@
     [Documentation]  Verify LDAP user with administrator privilege able to do BMC reboot.
     [Tags]  Verify_LDAP_User_With_Admin_Privilege_Able_To_Do_BMC_Reboot
 
+
     Update LDAP Configuration with LDAP User Role And Group  ${LDAP_TYPE}
     ...  ${GROUP_PRIVILEGE}  ${GROUP_NAME}
     Redfish.Login  ${LDAP_USER}  ${LDAP_USER_PASSWORD}
@@ -108,10 +164,6 @@
     Update LDAP Configuration with LDAP User Role And Group  ${LDAP_TYPE}
     ...  Operator  ${GROUP_NAME}
 
-    ${ldap_config}=  Redfish.Get Properties  ${REDFISH_BASE_URI}AccountService
-    ${new_ldap_privilege}=  Set Variable
-    ...  ${ldap_config["LDAP"]["RemoteRoleMapping"][0]["LocalRole"]}
-    Should Be Equal  ${new_ldap_privilege}  Operator
     Redfish.Login  ${LDAP_USER}  ${LDAP_USER_PASSWORD}
     # Verify that the LDAP user with operator privilege is able to power the system off.
     Redfish.Post  ${REDFISH_POWER_URI}
@@ -126,6 +178,7 @@
     [Teardown]  Run Keywords  Restore AccountLockout Attributes  AND
     ...  FFDC On Test Case Fail
     [Tags]  Verify_AccountLockout_Attributes_Set_To_Zero
+
     ${old_account_service}=  Redfish.Get Properties
     ...  ${REDFISH_BASE_URI}AccountService
     Rprint Vars  old_account_service
@@ -159,6 +212,16 @@
 
 *** Keywords ***
 
+Disable Other LDAP
+    [Documentation]  Disable other LDAP configuration.
+
+    # First disable other LDAP.
+    ${inverse_ldap_type}=  Set Variable If  '${LDAP_TYPE}' == 'LDAP'  ActiveDirectory  LDAP
+    Redfish.Patch  ${REDFISH_BASE_URI}AccountService
+    ...  body={'${inverse_ldap_type}': {'ServiceEnabled': ${False}}}
+    Sleep  15s
+
+
 Create LDAP Configuration
     [Documentation]  Create LDAP configuration.
     [Arguments]  ${ldap_type}=${LDAP_TYPE}  ${ldap_server_uri}=${LDAP_SERVER_URI}
@@ -172,28 +235,40 @@
     # ldap_bind_dn_password  The LDAP bind distinguished name password.
     # ldap_base_dn           The LDAP base distinguished name.
 
+    Disable Other LDAP
     Redfish.Patch  ${REDFISH_BASE_URI}AccountService
-    ...  body={'${ldap_type}': {'ServiceEnabled': ${True}}}
+    ...  body={'${ldap_type}': {'ServiceEnabled': ${True}, 'ServiceAddresses': ['${ldap_server_uri}'], 'Authentication': {'AuthenticationType':'UsernameAndPassword', 'Username':'${ldap_bind_dn}', 'Password':'${ldap_bind_dn_password}'}, 'LDAPService': {'SearchSettings': {'BaseDistinguishedNames': ['${ldap_base_dn}']}}}}
     Sleep  15s
+
+
+Config LDAP URL
+    [Documentation]  Config LDAP URL.
+    [Arguments]  ${ldap_server_uri}=${LDAP_SERVER_URI}
+
+    # Description of argument(s):
+    # ldap_server_uri LDAP server uri (e.g. "ldap://XX.XX.XX.XX/").
+
     Redfish.Patch  ${REDFISH_BASE_URI}AccountService
     ...  body={'${ldap_type}': {'ServiceAddresses': ['${ldap_server_uri}']}}
     Sleep  15s
+    # After update, LDAP login.
+    Redfish.Login  ${LDAP_USER}  ${LDAP_USER_PASSWORD}
+    Redfish.Logout
+    Redfish.Login
+
+
+Restore LDAP URL
+    [Documentation]  Restore LDAP URL.
+
+    # Restoring the working LDAP server uri.
     Redfish.Patch  ${REDFISH_BASE_URI}AccountService
-    ...  body={'${ldap_type}': {'Authentication': {'AuthenticationType':'UsernameAndPassword'}}}
-    Sleep  15s
-    Redfish.Patch  ${REDFISH_BASE_URI}AccountService
-    ...  body={'${ldap_type}': {'Authentication': {'Username':'${ldap_bind_dn}'}}}
-    Sleep  15s
-    Redfish.Patch  ${REDFISH_BASE_URI}AccountService
-    ...  body={'${ldap_type}': {'Authentication': {'Password':'${ldap_bind_dn_password}'}}}
-    Sleep  15s
-    Redfish.Patch  ${REDFISH_BASE_URI}AccountService
-    ...  body={'${ldap_type}': {'LDAPService': {'SearchSettings': {'BaseDistinguishedNames': ['${ldap_base_dn}']}}}}
+    ...  body={'${ldap_type}': {'ServiceAddresses': ['${LDAP_SERVER_URI}']}}
     Sleep  15s
 
 
 Restore AccountLockout Attributes
     [Documentation]  Restore AccountLockout Attributes.
+
     Return From Keyword If  &{old_account_service} == &{EMPTY}
     Redfish.Patch  ${REDFISH_BASE_URI}AccountService
     ...  body=[('AccountLockoutDuration', ${old_account_service['AccountLockoutDuration']})]
@@ -203,17 +278,15 @@
 
 Suite Setup Execution
     [Documentation]  Do suite setup tasks.
+
     Rvalid Value  LDAP_TYPE  valid_values=["ActiveDirectory", "LDAP"]
     Rvalid Value  LDAP_USER
     Rvalid Value  LDAP_USER_PASSWORD
     Rvalid Value  GROUP_PRIVILEGE
     Rvalid Value  GROUP_NAME
     Redfish.Login
-    ${old_ldap_config}=  Get LDAP Configuration  ${LDAP_TYPE}
-    Run Keyword If  '${old_ldap_config['ServiceEnabled']}' == 'False'
-    ...  Run Keywords  Create LDAP Configuration  AND
-    ...  Update LDAP Configuration with LDAP User Role And Group
-    ...  ${LDAP_TYPE}  ${GROUP_PRIVILEGE}  ${GROUP_NAME}
+    # Call 'Get LDAP Configuration' to verify that LDAP configuration exists.
+    Get LDAP Configuration  ${LDAP_TYPE}
     ${old_ldap_privilege}=  Get LDAP Privilege
 
 
@@ -278,17 +351,19 @@
     ${payload}=  Create Dictionary  ${ldap_type}=${ldap_data}
     Redfish.Patch  ${REDFISH_BASE_URI}AccountService  body=&{payload}
     # Provide adequate time for LDAP daemon to restart after the update.
-    Sleep  10s
+    Sleep  15s
 
 
 Get LDAP Privilege
     [Documentation]  Get LDAP privilege and return it.
+
     ${ldap_config}=  Get LDAP Configuration  ${LDAP_TYPE}
     [Return]  ${ldap_config["RemoteRoleMapping"][0]["LocalRole"]}
 
 
 Restore LDAP Privilege
     [Documentation]  Restore the LDAP privilege to its original value.
+
     Return From Keyword If  '${old_ldap_privilege}' == '${EMPTY}'
     # Log back in to restore the original privilege.
     Update LDAP Configuration with LDAP User Role And Group  ${LDAP_TYPE}