LDAP additional test cases
Resolves openbmc/openbmc-test-automation#1888
Change-Id: Iaefd96e0fc70522f93ee6b62f552ff098609ac8b
Signed-off-by: Sivas SRR <sivas.srr@in.ibm.com>
diff --git a/redfish/account_service/test_ldap_configuration.robot b/redfish/account_service/test_ldap_configuration.robot
index 83db55b..e02c6aa 100644
--- a/redfish/account_service/test_ldap_configuration.robot
+++ b/redfish/account_service/test_ldap_configuration.robot
@@ -1,5 +1,6 @@
*** Settings ***
Documentation Test Redfish LDAP user configuration.
+
Library ../../lib/gen_robot_valid.py
Resource ../../lib/resource.robot
Resource ../../lib/bmc_redfish_resource.robot
@@ -51,9 +52,62 @@
Redfish.Login
+Verify LDAP Login With ServiceEnabled
+ [Documentation] Verify LDAP Login with ServiceEnabled.
+ [Tags] Verify_LDAP_Login_With_ServiceEnabled
+
+ Disable Other LDAP
+ # Actual service enablement.
+ Redfish.Patch ${REDFISH_BASE_URI}AccountService
+ ... body={'${LDAP_TYPE}': {'ServiceEnabled': ${True}}}
+ Sleep 15s
+ # After update, LDAP login.
+ Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
+ Redfish.Logout
+ Redfish.Login
+
+
+Verify LDAP Login With Correct AuthenticationType
+ [Documentation] Verify LDAP Login with right AuthenticationType.
+ [Tags] Verify_LDAP_Login_With_Correct_AuthenticationType
+
+ Redfish.Patch ${REDFISH_BASE_URI}AccountService
+ ... body={'${ldap_type}': {'Authentication': {'AuthenticationType':'UsernameAndPassword'}}}
+ Sleep 15s
+ # After update, LDAP login.
+ Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
+ Redfish.Logout
+ Redfish.Login
+
+
+Verify LDAP Config Update With Incorrect AuthenticationType
+ [Documentation] Verify invalid AuthenticationType is not updated.
+ [Tags] Verify_LDAP_Update_With_Incorrect_AuthenticationType
+
+ Redfish.Patch ${REDFISH_BASE_URI}AccountService
+ ... body={'${ldap_type}': {'Authentication': {'AuthenticationType':'KerberosKeytab'}}} valid_status_codes=[400]
+
+
+Verify LDAP Login With Correct LDAP URL
+ [Documentation] Verify LDAP Login with right LDAP URL.
+ [Tags] Verify_LDAP_Login_With_Correct_LDAP_URL
+
+ Config LDAP URL ${LDAP_SERVER_URI}
+
+
+Verify LDAP Config Update With Incorrect LDAP URL
+ [Documentation] Verify LDAP Login fails with invalid LDAP URL.
+ [Tags] Verify_LDAP_Config_Update_With_Incorrect_LDAP_URL
+ [Teardown] Run Keywords Restore LDAP URL AND
+ ... FFDC On Test Case Fail
+
+ Config LDAP URL "ldap://1.2.3.4"
+
+
Verify LDAP Configuration Exist
[Documentation] Verify LDAP configuration is available.
[Tags] Verify_LDAP_Configuration_Exist
+
${resp}= Redfish.Get Attribute ${REDFISH_BASE_URI}AccountService
... ${LDAP_TYPE} default=${EMPTY}
Should Not Be Empty ${resp} msg=LDAP configuration is not defined.
@@ -62,9 +116,8 @@
Verify LDAP User Login
[Documentation] Verify LDAP user able to login into BMC.
[Tags] Verify_LDAP_User_Login
- ${resp}= Run Keyword And Return Status Redfish.Login ${LDAP_USER}
- ... ${LDAP_USER_PASSWORD}
- Should Be Equal ${resp} ${True} msg=LDAP user is not able to login.
+
+ Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
Redfish.Logout
Redfish.Login
@@ -72,6 +125,7 @@
Verify LDAP Service Available
[Documentation] Verify LDAP service is available.
[Tags] Verify_LDAP_Service_Available
+
@{ldap_configuration}= Get LDAP Configuration ${LDAP_TYPE}
Should Contain ${ldap_configuration} LDAPService
... msg=LDAPService is not available.
@@ -80,6 +134,7 @@
Verify LDAP Login Works After BMC Reboot
[Documentation] Verify LDAP login works after BMC reboot.
[Tags] Verify_LDAP_Login_Works_After_BMC_Reboot
+
Redfish OBMC Reboot (off)
Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
Redfish.Logout
@@ -90,6 +145,7 @@
[Documentation] Verify LDAP user with administrator privilege able to do BMC reboot.
[Tags] Verify_LDAP_User_With_Admin_Privilege_Able_To_Do_BMC_Reboot
+
Update LDAP Configuration with LDAP User Role And Group ${LDAP_TYPE}
... ${GROUP_PRIVILEGE} ${GROUP_NAME}
Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
@@ -108,10 +164,6 @@
Update LDAP Configuration with LDAP User Role And Group ${LDAP_TYPE}
... Operator ${GROUP_NAME}
- ${ldap_config}= Redfish.Get Properties ${REDFISH_BASE_URI}AccountService
- ${new_ldap_privilege}= Set Variable
- ... ${ldap_config["LDAP"]["RemoteRoleMapping"][0]["LocalRole"]}
- Should Be Equal ${new_ldap_privilege} Operator
Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
# Verify that the LDAP user with operator privilege is able to power the system off.
Redfish.Post ${REDFISH_POWER_URI}
@@ -126,6 +178,7 @@
[Teardown] Run Keywords Restore AccountLockout Attributes AND
... FFDC On Test Case Fail
[Tags] Verify_AccountLockout_Attributes_Set_To_Zero
+
${old_account_service}= Redfish.Get Properties
... ${REDFISH_BASE_URI}AccountService
Rprint Vars old_account_service
@@ -159,6 +212,16 @@
*** Keywords ***
+Disable Other LDAP
+ [Documentation] Disable other LDAP configuration.
+
+ # First disable other LDAP.
+ ${inverse_ldap_type}= Set Variable If '${LDAP_TYPE}' == 'LDAP' ActiveDirectory LDAP
+ Redfish.Patch ${REDFISH_BASE_URI}AccountService
+ ... body={'${inverse_ldap_type}': {'ServiceEnabled': ${False}}}
+ Sleep 15s
+
+
Create LDAP Configuration
[Documentation] Create LDAP configuration.
[Arguments] ${ldap_type}=${LDAP_TYPE} ${ldap_server_uri}=${LDAP_SERVER_URI}
@@ -172,28 +235,40 @@
# ldap_bind_dn_password The LDAP bind distinguished name password.
# ldap_base_dn The LDAP base distinguished name.
+ Disable Other LDAP
Redfish.Patch ${REDFISH_BASE_URI}AccountService
- ... body={'${ldap_type}': {'ServiceEnabled': ${True}}}
+ ... body={'${ldap_type}': {'ServiceEnabled': ${True}, 'ServiceAddresses': ['${ldap_server_uri}'], 'Authentication': {'AuthenticationType':'UsernameAndPassword', 'Username':'${ldap_bind_dn}', 'Password':'${ldap_bind_dn_password}'}, 'LDAPService': {'SearchSettings': {'BaseDistinguishedNames': ['${ldap_base_dn}']}}}}
Sleep 15s
+
+
+Config LDAP URL
+ [Documentation] Config LDAP URL.
+ [Arguments] ${ldap_server_uri}=${LDAP_SERVER_URI}
+
+ # Description of argument(s):
+ # ldap_server_uri LDAP server uri (e.g. "ldap://XX.XX.XX.XX/").
+
Redfish.Patch ${REDFISH_BASE_URI}AccountService
... body={'${ldap_type}': {'ServiceAddresses': ['${ldap_server_uri}']}}
Sleep 15s
+ # After update, LDAP login.
+ Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
+ Redfish.Logout
+ Redfish.Login
+
+
+Restore LDAP URL
+ [Documentation] Restore LDAP URL.
+
+ # Restoring the working LDAP server uri.
Redfish.Patch ${REDFISH_BASE_URI}AccountService
- ... body={'${ldap_type}': {'Authentication': {'AuthenticationType':'UsernameAndPassword'}}}
- Sleep 15s
- Redfish.Patch ${REDFISH_BASE_URI}AccountService
- ... body={'${ldap_type}': {'Authentication': {'Username':'${ldap_bind_dn}'}}}
- Sleep 15s
- Redfish.Patch ${REDFISH_BASE_URI}AccountService
- ... body={'${ldap_type}': {'Authentication': {'Password':'${ldap_bind_dn_password}'}}}
- Sleep 15s
- Redfish.Patch ${REDFISH_BASE_URI}AccountService
- ... body={'${ldap_type}': {'LDAPService': {'SearchSettings': {'BaseDistinguishedNames': ['${ldap_base_dn}']}}}}
+ ... body={'${ldap_type}': {'ServiceAddresses': ['${LDAP_SERVER_URI}']}}
Sleep 15s
Restore AccountLockout Attributes
[Documentation] Restore AccountLockout Attributes.
+
Return From Keyword If &{old_account_service} == &{EMPTY}
Redfish.Patch ${REDFISH_BASE_URI}AccountService
... body=[('AccountLockoutDuration', ${old_account_service['AccountLockoutDuration']})]
@@ -203,17 +278,15 @@
Suite Setup Execution
[Documentation] Do suite setup tasks.
+
Rvalid Value LDAP_TYPE valid_values=["ActiveDirectory", "LDAP"]
Rvalid Value LDAP_USER
Rvalid Value LDAP_USER_PASSWORD
Rvalid Value GROUP_PRIVILEGE
Rvalid Value GROUP_NAME
Redfish.Login
- ${old_ldap_config}= Get LDAP Configuration ${LDAP_TYPE}
- Run Keyword If '${old_ldap_config['ServiceEnabled']}' == 'False'
- ... Run Keywords Create LDAP Configuration AND
- ... Update LDAP Configuration with LDAP User Role And Group
- ... ${LDAP_TYPE} ${GROUP_PRIVILEGE} ${GROUP_NAME}
+ # Call 'Get LDAP Configuration' to verify that LDAP configuration exists.
+ Get LDAP Configuration ${LDAP_TYPE}
${old_ldap_privilege}= Get LDAP Privilege
@@ -278,17 +351,19 @@
${payload}= Create Dictionary ${ldap_type}=${ldap_data}
Redfish.Patch ${REDFISH_BASE_URI}AccountService body=&{payload}
# Provide adequate time for LDAP daemon to restart after the update.
- Sleep 10s
+ Sleep 15s
Get LDAP Privilege
[Documentation] Get LDAP privilege and return it.
+
${ldap_config}= Get LDAP Configuration ${LDAP_TYPE}
[Return] ${ldap_config["RemoteRoleMapping"][0]["LocalRole"]}
Restore LDAP Privilege
[Documentation] Restore the LDAP privilege to its original value.
+
Return From Keyword If '${old_ldap_privilege}' == '${EMPTY}'
# Log back in to restore the original privilege.
Update LDAP Configuration with LDAP User Role And Group ${LDAP_TYPE}