commit b1b8575767d2541572125909c5233c23413248f4
author Sivas SRR <sivas.srr@in.ibm.com> Thu Jul 04 01:28:28 2019 -0500
committer George Keishing <gkeishin@in.ibm.com> Wed Jul 24 05:04:11 2019 +0000
tree a7ec2df3f942ddc039b0c62811c7dd881dd5eb11
parent f5b93d7a272caf966e7991d4a30e2644c92ff2e3

Additional LDAP test cases

- Verify LDAP Service Disable.
- Verify LDAP Configuration Created

resolves openbmc/openbmc-test-automation#1860

Change-Id: I9810f64054775bbb7db553ceeb05ad2d2cd23083
Signed-off-by: Sivas SRR <sivas.srr@in.ibm.com>

redfish/account_service/test_ldap_configuration.robot

diff --git a/redfish/account_service/test_ldap_configuration.robot b/redfish/account_service/test_ldap_configuration.robot
index 8acc5d9..83db55b 100644
--- a/redfish/account_service/test_ldap_configuration.robot
+++ b/redfish/account_service/test_ldap_configuration.robot
@@ -1,6 +1,5 @@
 *** Settings ***
 Documentation    Test Redfish LDAP user configuration.
-
 Library          ../../lib/gen_robot_valid.py
 Resource         ../../lib/resource.robot
 Resource         ../../lib/bmc_redfish_resource.robot
@@ -16,13 +15,45 @@
 *** Variables ***
 ${old_ldap_privilege}  ${EMPTY}
 &{old_account_service}  &{EMPTY}
+&{old_ldap_config}  &{EMPTY}
 
 ** Test Cases **
 
+Verify LDAP Configuration Created
+    [Documentation]  Verify LDAP configuration created.
+    [Tags]  Verify_LDAP_Configuration_Created
+
+    Create LDAP Configuration
+    # Call 'Get LDAP Configuration' to verify that LDAP configuration exists.
+    Get LDAP Configuration  ${LDAP_TYPE}
+    Sleep  10s
+    Redfish.Login  ${LDAP_USER}  ${LDAP_USER_PASSWORD}
+    Redfish.Logout
+    Redfish.Login
+
+
+Verify LDAP Service Disable
+    [Documentation]  Verify LDAP is disabled and that LDAP user cannot login.
+    [Tags]  Verify_LDAP_Service_Disable
+
+    Redfish.Patch  ${REDFISH_BASE_URI}AccountService
+    ...  body={'${LDAP_TYPE}': {'ServiceEnabled': ${False}}}
+    Sleep  15s
+    ${resp}=  Run Keyword And Return Status  Redfish.Login  ${LDAP_USER}
+    ...  ${LDAP_USER_PASSWORD}
+    Should Be Equal  ${resp}  ${False}  msg=LDAP user was able to login even though the LDAP service was disabled.
+    Redfish.Logout
+    Redfish.Login
+    # Enabling LDAP so that LDAP user works.
+    Redfish.Patch  ${REDFISH_BASE_URI}AccountService
+    ...  body={'${LDAP_TYPE}': {'ServiceEnabled': ${True}}}
+    Redfish.Logout
+    Redfish.Login
+
+
 Verify LDAP Configuration Exist
     [Documentation]  Verify LDAP configuration is available.
     [Tags]  Verify_LDAP_Configuration_Exist
-
     ${resp}=  Redfish.Get Attribute  ${REDFISH_BASE_URI}AccountService
     ...  ${LDAP_TYPE}  default=${EMPTY}
     Should Not Be Empty  ${resp}  msg=LDAP configuration is not defined.
@@ -31,7 +62,6 @@
 Verify LDAP User Login
     [Documentation]  Verify LDAP user able to login into BMC.
     [Tags]  Verify_LDAP_User_Login
-
     ${resp}=  Run Keyword And Return Status  Redfish.Login  ${LDAP_USER}
     ...  ${LDAP_USER_PASSWORD}
     Should Be Equal  ${resp}  ${True}  msg=LDAP user is not able to login.
@@ -42,7 +72,6 @@
 Verify LDAP Service Available
     [Documentation]  Verify LDAP service is available.
     [Tags]  Verify_LDAP_Service_Available
-
     @{ldap_configuration}=  Get LDAP Configuration  ${LDAP_TYPE}
     Should Contain  ${ldap_configuration}  LDAPService
     ...  msg=LDAPService is not available.
@@ -51,7 +80,6 @@
 Verify LDAP Login Works After BMC Reboot
     [Documentation]  Verify LDAP login works after BMC reboot.
     [Tags]  Verify_LDAP_Login_Works_After_BMC_Reboot
-
     Redfish OBMC Reboot (off)
     Redfish.Login  ${LDAP_USER}  ${LDAP_USER_PASSWORD}
     Redfish.Logout
@@ -62,7 +90,6 @@
     [Documentation]  Verify LDAP user with administrator privilege able to do BMC reboot.
     [Tags]  Verify_LDAP_User_With_Admin_Privilege_Able_To_Do_BMC_Reboot
 
-
     Update LDAP Configuration with LDAP User Role And Group  ${LDAP_TYPE}
     ...  ${GROUP_PRIVILEGE}  ${GROUP_NAME}
     Redfish.Login  ${LDAP_USER}  ${LDAP_USER_PASSWORD}
@@ -99,7 +126,6 @@
     [Teardown]  Run Keywords  Restore AccountLockout Attributes  AND
     ...  FFDC On Test Case Fail
     [Tags]  Verify_AccountLockout_Attributes_Set_To_Zero
-
     ${old_account_service}=  Redfish.Get Properties
     ...  ${REDFISH_BASE_URI}AccountService
     Rprint Vars  old_account_service
@@ -133,9 +159,41 @@
 
 *** Keywords ***
 
+Create LDAP Configuration
+    [Documentation]  Create LDAP configuration.
+    [Arguments]  ${ldap_type}=${LDAP_TYPE}  ${ldap_server_uri}=${LDAP_SERVER_URI}
+    ...  ${ldap_bind_dn}=${LDAP_BIND_DN}  ${ldap_bind_dn_password}=${LDAP_BIND_DN_PASSWORD}
+    ...  ${ldap_base_dn}=${LDAP_BASE_DN}
+
+    # Description of argument(s):
+    # ldap_type              The LDAP type ("ActiveDirectory" or "LDAP").
+    # ldap_server_uri        LDAP server uri (e.g. ldap://XX.XX.XX.XX).
+    # ldap_bind_dn           The LDAP bind distinguished name.
+    # ldap_bind_dn_password  The LDAP bind distinguished name password.
+    # ldap_base_dn           The LDAP base distinguished name.
+
+    Redfish.Patch  ${REDFISH_BASE_URI}AccountService
+    ...  body={'${ldap_type}': {'ServiceEnabled': ${True}}}
+    Sleep  15s
+    Redfish.Patch  ${REDFISH_BASE_URI}AccountService
+    ...  body={'${ldap_type}': {'ServiceAddresses': ['${ldap_server_uri}']}}
+    Sleep  15s
+    Redfish.Patch  ${REDFISH_BASE_URI}AccountService
+    ...  body={'${ldap_type}': {'Authentication': {'AuthenticationType':'UsernameAndPassword'}}}
+    Sleep  15s
+    Redfish.Patch  ${REDFISH_BASE_URI}AccountService
+    ...  body={'${ldap_type}': {'Authentication': {'Username':'${ldap_bind_dn}'}}}
+    Sleep  15s
+    Redfish.Patch  ${REDFISH_BASE_URI}AccountService
+    ...  body={'${ldap_type}': {'Authentication': {'Password':'${ldap_bind_dn_password}'}}}
+    Sleep  15s
+    Redfish.Patch  ${REDFISH_BASE_URI}AccountService
+    ...  body={'${ldap_type}': {'LDAPService': {'SearchSettings': {'BaseDistinguishedNames': ['${ldap_base_dn}']}}}}
+    Sleep  15s
+
+
 Restore AccountLockout Attributes
     [Documentation]  Restore AccountLockout Attributes.
-
     Return From Keyword If  &{old_account_service} == &{EMPTY}
     Redfish.Patch  ${REDFISH_BASE_URI}AccountService
     ...  body=[('AccountLockoutDuration', ${old_account_service['AccountLockoutDuration']})]
@@ -145,15 +203,17 @@
 
 Suite Setup Execution
     [Documentation]  Do suite setup tasks.
-
     Rvalid Value  LDAP_TYPE  valid_values=["ActiveDirectory", "LDAP"]
     Rvalid Value  LDAP_USER
     Rvalid Value  LDAP_USER_PASSWORD
     Rvalid Value  GROUP_PRIVILEGE
     Rvalid Value  GROUP_NAME
     Redfish.Login
-    # Call 'Get LDAP Configuration' to verify that LDAP configuration exists.
-    Get LDAP Configuration  ${LDAP_TYPE}
+    ${old_ldap_config}=  Get LDAP Configuration  ${LDAP_TYPE}
+    Run Keyword If  '${old_ldap_config['ServiceEnabled']}' == 'False'
+    ...  Run Keywords  Create LDAP Configuration  AND
+    ...  Update LDAP Configuration with LDAP User Role And Group
+    ...  ${LDAP_TYPE}  ${GROUP_PRIVILEGE}  ${GROUP_NAME}
     ${old_ldap_privilege}=  Get LDAP Privilege
 
 
@@ -223,14 +283,12 @@
 
 Get LDAP Privilege
     [Documentation]  Get LDAP privilege and return it.
-
     ${ldap_config}=  Get LDAP Configuration  ${LDAP_TYPE}
     [Return]  ${ldap_config["RemoteRoleMapping"][0]["LocalRole"]}
 
 
 Restore LDAP Privilege
     [Documentation]  Restore the LDAP privilege to its original value.
-
     Return From Keyword If  '${old_ldap_privilege}' == '${EMPTY}'
     # Log back in to restore the original privilege.
     Update LDAP Configuration with LDAP User Role And Group  ${LDAP_TYPE}