Redfish LDAP additional test cases
resolves openbmc/openbmc-test-automation#1854
Change-Id: I820819a67a8b4819b7e7e0a4e06f4b72cd8147b6
Signed-off-by: Sivas SRR <sivas.srr@in.ibm.com>
diff --git a/data/variables.py b/data/variables.py
index 129d1a8..5da776e 100755
--- a/data/variables.py
+++ b/data/variables.py
@@ -168,7 +168,8 @@
POWER_GRACEFUL_RESTART = "GracefulRestart"
POWER_FORCE_OFF = 'ForceOff'
-REDFISH_POWER_URI = 'Systems/1/Actions/ComputerSystem.Reset'
+REDFISH_POWER = 'Systems/system/Actions/ComputerSystem.Reset'
+REDFISH_POWER_URI = REDFISH_BASE_URI + REDFISH_POWER
# rsyslog variables.
REMOTE_LOGGING_URI = OPENBMC_BASE_URI + 'logging/config/remote/'
diff --git a/redfish/account_service/test_ldap_configuration.robot b/redfish/account_service/test_ldap_configuration.robot
index 79ce2e4..a719dd4 100644
--- a/redfish/account_service/test_ldap_configuration.robot
+++ b/redfish/account_service/test_ldap_configuration.robot
@@ -8,7 +8,7 @@
Library ../../lib/gen_robot_valid.py
Suite Setup Suite Setup Execution
-Suite Teardown Redfish.Logout
+Suite Teardown Run Keywords Restore LDAP Privilege AND Redfish.Logout
Test Teardown FFDC On Test Case Fail
Force Tags LDAP_Test
@@ -35,7 +35,8 @@
${resp}= Run Keyword And Return Status Redfish.Login ${LDAP_USER}
... ${LDAP_USER_PASSWORD}
Should Be Equal ${resp} ${True} msg=LDAP user is not able to login.
- redfish.Logout
+ Redfish.Logout
+ Redfish.Login
Verify LDAP Service Available
@@ -54,6 +55,7 @@
Redfish OBMC Reboot (off)
Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
Redfish.Logout
+ Redfish.Login
Verify LDAP User With Admin Privilege Able To Do BMC Reboot
@@ -68,18 +70,16 @@
Redfish OBMC Reboot (off)
Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
Redfish.Logout
+ Redfish.Login
Verify LDAP User With Operator Privilege Able To Do Host Poweron
- [Documentation] Verify LDAP user with operator privilege able to do host up.
+ [Documentation] Verify LDAP user with operator privilege can do host power on.
[Tags] Verify_LDAP_User_With_Operator_Privilege_Able_To_Do_Host_Poweron
[Teardown] Restore LDAP Privilege
- ${old_ldap_privilege}= Get LDAP Privilege
Update LDAP Configuration with LDAP User Role And Group ${LDAP_TYPE}
... Operator ${GROUP_NAME}
- # Provide adequate time for LDAP daemon to restart after the update.
- Sleep 10s
${ldap_config}= Redfish.Get Properties ${REDFISH_BASE_URI}AccountService
${new_ldap_privilege}= Set Variable
@@ -89,6 +89,7 @@
# Verify that the LDAP user with operator privilege is able to power the system on.
Redfish Power On
Redfish.Logout
+ Redfish.Login
Verify AccountLockout Attributes Set To Zero
@@ -107,6 +108,28 @@
... body=[('AccountLockoutThreshold', 0)]
+Verify LDAP User With Read Privilege Able To Check Inventory
+ [Documentation] Verify LDAP user with read privilege able to
+ ... read firmware inventory.
+ [Tags] Verify_LDAP_User_With_Read_Privilege_Able_To_Check_Inventory
+ [Teardown] Run Keywords FFDC On Test Case Fail AND Restore LDAP Privilege
+ [Template] Set Read Privilege And Check Firmware Inventory
+
+ User
+ Callback
+
+
+Verify LDAP User With Read Privilege Should Not Do Host Poweron
+ [Documentation] Verify LDAP user with read privilege should not be
+ ... allowed to power on the host.
+ [Tags] Verify_LDAP_User_With_Read_Privilege_Should_Not_Do_Host_Poweron
+ [Teardown] Run Keywords FFDC On Test Case Fail AND Restore LDAP Privilege
+ [Template] Set Read Privilege And Check Poweron
+
+ User
+ Callback
+
+
*** Keywords ***
Restore AccountLockout Attributes
@@ -130,12 +153,42 @@
Redfish.Login
# Call 'Get LDAP Configuration' to verify that LDAP configuration exists.
Get LDAP Configuration ${LDAP_TYPE}
+ ${old_ldap_privilege}= Get LDAP Privilege
-Test Teardown Execution
- [Documentation] Do the post test teardown.
- FFDC On Test Case Fail
+Set Read Privilege And Check Firmware Inventory
+ [Documentation] Set read privilege and check firmware inventory.
+ [Arguments] ${read_privilege}
+
+ # Description of argument(s):
+ # read_privilege The read privilege role (e.g. "User" / "Callback").
+
+ Update LDAP Configuration with LDAP User Role And Group ${LDAP_TYPE}
+ ... ${read_privilege} ${GROUP_NAME}
+
+ Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
+ # Verify that the LDAP user with read privilege is able to read inventory.
+ ${resp}= Redfish.Get /redfish/v1/UpdateService/FirmwareInventory
+ Should Be True ${resp.dict["Members@odata.count"]} >= ${1}
+ Length Should Be ${resp.dict["Members"]} ${resp.dict["Members@odata.count"]}
Redfish.Logout
+ Redfish.Login
+
+
+Set Read Privilege And Check Poweron
+ [Documentation] Set read privilege and power on should not be possible.
+ [Arguments] ${read_privilege}
+
+ # Description of argument(s):
+ # read_privilege The read privilege role (e.g. "User" / "Callback").
+
+ Update LDAP Configuration with LDAP User Role And Group ${LDAP_TYPE}
+ ... ${read_privilege} ${GROUP_NAME}
+ Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
+ Redfish.Post ${REDFISH_POWER_URI}
+ ... body={'ResetType': 'On'} valid_status_codes=[401, 403]
+ Redfish.Logout
+ Redfish.Login
Get LDAP Configuration
@@ -163,6 +216,8 @@
${ldap_data}= Create Dictionary RemoteRoleMapping=${remote_role_mapping}
${payload}= Create Dictionary ${ldap_type}=${ldap_data}
Redfish.Patch ${REDFISH_BASE_URI}AccountService body=&{payload}
+ # Provide adequate time for LDAP daemon to restart after the update.
+ Sleep 10s
Get LDAP Privilege
@@ -175,9 +230,7 @@
Restore LDAP Privilege
[Documentation] Restore the LDAP privilege to its original value.
- # Login back to update the original privilege.
- Redfish.Login
+ Return From Keyword If '${old_ldap_privilege}' == '${EMPTY}'
+ # Log back in to restore the original privilege.
Update LDAP Configuration with LDAP User Role And Group ${LDAP_TYPE}
... ${old_ldap_privilege} ${GROUP_NAME}
- FFDC On Test Case Fail
- Redfish.Logout