Additional LDAP test cases
- Verify LDAP Service Disable.
- Verify LDAP Configuration Created
resolves openbmc/openbmc-test-automation#1860
Change-Id: I9810f64054775bbb7db553ceeb05ad2d2cd23083
Signed-off-by: Sivas SRR <sivas.srr@in.ibm.com>
diff --git a/redfish/account_service/test_ldap_configuration.robot b/redfish/account_service/test_ldap_configuration.robot
index 8acc5d9..83db55b 100644
--- a/redfish/account_service/test_ldap_configuration.robot
+++ b/redfish/account_service/test_ldap_configuration.robot
@@ -1,6 +1,5 @@
*** Settings ***
Documentation Test Redfish LDAP user configuration.
-
Library ../../lib/gen_robot_valid.py
Resource ../../lib/resource.robot
Resource ../../lib/bmc_redfish_resource.robot
@@ -16,13 +15,45 @@
*** Variables ***
${old_ldap_privilege} ${EMPTY}
&{old_account_service} &{EMPTY}
+&{old_ldap_config} &{EMPTY}
** Test Cases **
+Verify LDAP Configuration Created
+ [Documentation] Verify LDAP configuration created.
+ [Tags] Verify_LDAP_Configuration_Created
+
+ Create LDAP Configuration
+ # Call 'Get LDAP Configuration' to verify that LDAP configuration exists.
+ Get LDAP Configuration ${LDAP_TYPE}
+ Sleep 10s
+ Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
+ Redfish.Logout
+ Redfish.Login
+
+
+Verify LDAP Service Disable
+ [Documentation] Verify LDAP is disabled and that LDAP user cannot login.
+ [Tags] Verify_LDAP_Service_Disable
+
+ Redfish.Patch ${REDFISH_BASE_URI}AccountService
+ ... body={'${LDAP_TYPE}': {'ServiceEnabled': ${False}}}
+ Sleep 15s
+ ${resp}= Run Keyword And Return Status Redfish.Login ${LDAP_USER}
+ ... ${LDAP_USER_PASSWORD}
+ Should Be Equal ${resp} ${False} msg=LDAP user was able to login even though the LDAP service was disabled.
+ Redfish.Logout
+ Redfish.Login
+ # Enabling LDAP so that LDAP user works.
+ Redfish.Patch ${REDFISH_BASE_URI}AccountService
+ ... body={'${LDAP_TYPE}': {'ServiceEnabled': ${True}}}
+ Redfish.Logout
+ Redfish.Login
+
+
Verify LDAP Configuration Exist
[Documentation] Verify LDAP configuration is available.
[Tags] Verify_LDAP_Configuration_Exist
-
${resp}= Redfish.Get Attribute ${REDFISH_BASE_URI}AccountService
... ${LDAP_TYPE} default=${EMPTY}
Should Not Be Empty ${resp} msg=LDAP configuration is not defined.
@@ -31,7 +62,6 @@
Verify LDAP User Login
[Documentation] Verify LDAP user able to login into BMC.
[Tags] Verify_LDAP_User_Login
-
${resp}= Run Keyword And Return Status Redfish.Login ${LDAP_USER}
... ${LDAP_USER_PASSWORD}
Should Be Equal ${resp} ${True} msg=LDAP user is not able to login.
@@ -42,7 +72,6 @@
Verify LDAP Service Available
[Documentation] Verify LDAP service is available.
[Tags] Verify_LDAP_Service_Available
-
@{ldap_configuration}= Get LDAP Configuration ${LDAP_TYPE}
Should Contain ${ldap_configuration} LDAPService
... msg=LDAPService is not available.
@@ -51,7 +80,6 @@
Verify LDAP Login Works After BMC Reboot
[Documentation] Verify LDAP login works after BMC reboot.
[Tags] Verify_LDAP_Login_Works_After_BMC_Reboot
-
Redfish OBMC Reboot (off)
Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
Redfish.Logout
@@ -62,7 +90,6 @@
[Documentation] Verify LDAP user with administrator privilege able to do BMC reboot.
[Tags] Verify_LDAP_User_With_Admin_Privilege_Able_To_Do_BMC_Reboot
-
Update LDAP Configuration with LDAP User Role And Group ${LDAP_TYPE}
... ${GROUP_PRIVILEGE} ${GROUP_NAME}
Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
@@ -99,7 +126,6 @@
[Teardown] Run Keywords Restore AccountLockout Attributes AND
... FFDC On Test Case Fail
[Tags] Verify_AccountLockout_Attributes_Set_To_Zero
-
${old_account_service}= Redfish.Get Properties
... ${REDFISH_BASE_URI}AccountService
Rprint Vars old_account_service
@@ -133,9 +159,41 @@
*** Keywords ***
+Create LDAP Configuration
+ [Documentation] Create LDAP configuration.
+ [Arguments] ${ldap_type}=${LDAP_TYPE} ${ldap_server_uri}=${LDAP_SERVER_URI}
+ ... ${ldap_bind_dn}=${LDAP_BIND_DN} ${ldap_bind_dn_password}=${LDAP_BIND_DN_PASSWORD}
+ ... ${ldap_base_dn}=${LDAP_BASE_DN}
+
+ # Description of argument(s):
+ # ldap_type The LDAP type ("ActiveDirectory" or "LDAP").
+ # ldap_server_uri LDAP server uri (e.g. ldap://XX.XX.XX.XX).
+ # ldap_bind_dn The LDAP bind distinguished name.
+ # ldap_bind_dn_password The LDAP bind distinguished name password.
+ # ldap_base_dn The LDAP base distinguished name.
+
+ Redfish.Patch ${REDFISH_BASE_URI}AccountService
+ ... body={'${ldap_type}': {'ServiceEnabled': ${True}}}
+ Sleep 15s
+ Redfish.Patch ${REDFISH_BASE_URI}AccountService
+ ... body={'${ldap_type}': {'ServiceAddresses': ['${ldap_server_uri}']}}
+ Sleep 15s
+ Redfish.Patch ${REDFISH_BASE_URI}AccountService
+ ... body={'${ldap_type}': {'Authentication': {'AuthenticationType':'UsernameAndPassword'}}}
+ Sleep 15s
+ Redfish.Patch ${REDFISH_BASE_URI}AccountService
+ ... body={'${ldap_type}': {'Authentication': {'Username':'${ldap_bind_dn}'}}}
+ Sleep 15s
+ Redfish.Patch ${REDFISH_BASE_URI}AccountService
+ ... body={'${ldap_type}': {'Authentication': {'Password':'${ldap_bind_dn_password}'}}}
+ Sleep 15s
+ Redfish.Patch ${REDFISH_BASE_URI}AccountService
+ ... body={'${ldap_type}': {'LDAPService': {'SearchSettings': {'BaseDistinguishedNames': ['${ldap_base_dn}']}}}}
+ Sleep 15s
+
+
Restore AccountLockout Attributes
[Documentation] Restore AccountLockout Attributes.
-
Return From Keyword If &{old_account_service} == &{EMPTY}
Redfish.Patch ${REDFISH_BASE_URI}AccountService
... body=[('AccountLockoutDuration', ${old_account_service['AccountLockoutDuration']})]
@@ -145,15 +203,17 @@
Suite Setup Execution
[Documentation] Do suite setup tasks.
-
Rvalid Value LDAP_TYPE valid_values=["ActiveDirectory", "LDAP"]
Rvalid Value LDAP_USER
Rvalid Value LDAP_USER_PASSWORD
Rvalid Value GROUP_PRIVILEGE
Rvalid Value GROUP_NAME
Redfish.Login
- # Call 'Get LDAP Configuration' to verify that LDAP configuration exists.
- Get LDAP Configuration ${LDAP_TYPE}
+ ${old_ldap_config}= Get LDAP Configuration ${LDAP_TYPE}
+ Run Keyword If '${old_ldap_config['ServiceEnabled']}' == 'False'
+ ... Run Keywords Create LDAP Configuration AND
+ ... Update LDAP Configuration with LDAP User Role And Group
+ ... ${LDAP_TYPE} ${GROUP_PRIVILEGE} ${GROUP_NAME}
${old_ldap_privilege}= Get LDAP Privilege
@@ -223,14 +283,12 @@
Get LDAP Privilege
[Documentation] Get LDAP privilege and return it.
-
${ldap_config}= Get LDAP Configuration ${LDAP_TYPE}
[Return] ${ldap_config["RemoteRoleMapping"][0]["LocalRole"]}
Restore LDAP Privilege
[Documentation] Restore the LDAP privilege to its original value.
-
Return From Keyword If '${old_ldap_privilege}' == '${EMPTY}'
# Log back in to restore the original privilege.
Update LDAP Configuration with LDAP User Role And Group ${LDAP_TYPE}