Added a testcase to verify LDAP user with admin privilege
Change-Id: I262c70218b50dedf6945ac67b0f7e041369ab48e
Signed-off-by: Anves Kumar rayankula <anvesr77@in.ibm.com>
diff --git a/gui/gui_test/access_control/test_obmc_gui_ldap.robot b/gui/gui_test/access_control/test_obmc_gui_ldap.robot
index f12e73f..adf5c9a 100644
--- a/gui/gui_test/access_control/test_obmc_gui_ldap.robot
+++ b/gui/gui_test/access_control/test_obmc_gui_ldap.robot
@@ -3,6 +3,7 @@
Documentation Test OpenBMC GUI "LDAP" sub-menu of "Access control".
Resource ../../lib/gui_resource.robot
+Resource ../../../lib/bmc_ldap_utils.robot
Suite Setup Suite Setup Execution
Suite Teardown Close Browser
@@ -21,6 +22,11 @@
${xpath_ldap_base_dn} //*[@data-test-id='ldap-input-baseDn']
${xpath_ldap_save_settings} //*[@data-test-id='ldap-button-saveSettings']
${xpath_select_refresh_button} //*[text()[contains(.,"Refresh")]]
+${xpath_add_group_name} //*[@id="role-group-name"]
+${xpath_add_group_Privilege} //*[@id="privilege"]
+${xpath_add_privilege_button} //button[text()=" Add "]
+${xpath_delete_group_button} //*[@title="Delete"]
+${xpath_delete_button} //button[text()="Delete"]
${incorrect_ip} 1.2.3.4
@@ -128,6 +134,17 @@
... msg=LDAP user was able to login even though the LDAP service was disabled.
+Verify LDAP User With Admin Privilege
+ [Documentation] Verify that LDAP user with administrator privilege is able to do BMC reboot.
+ [Tags] Verify_LDAP_User_With_Admin_Privilege
+ [Teardown] Run Keywords Redfish.Login AND Delete LDAP Role Group ${GROUP_NAME}
+
+ Update LDAP Configuration with LDAP User Role And Group ${GROUP_NAME} ${GROUP_PRIVILEGE}
+ Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
+ Redfish OBMC Reboot (off)
+ Redfish.Logout
+
+
*** Keywords ***
Suite Setup Execution
@@ -136,7 +153,6 @@
Launch Browser And Login GUI
# Navigate to https://xx.xx.xx.xx/#/access-control/ldap LDAP page.
-
Click Element ${xpath_access_control_menu}
Click Element ${xpath_ldap_sub_menu}
Wait Until Keyword Succeeds 30 sec 10 sec Location Should Contain ldap
@@ -209,3 +225,44 @@
... ELSE
... Checkbox Should Be Selected ${radio_buttons}[${1}]
Should Be Equal ${status} ${True}
+
+
+Update LDAP Configuration With LDAP User Role And Group
+ [Documentation] Update LDAP configuration update with LDAP user role and group.
+ [Arguments] ${group_name} ${group_privilege}
+
+ # Description of argument(s):
+ # group_name The group name of LDAP user.
+ # group_privilege The group privilege for LDAP user
+ # (e.g. "Administrator", "Operator", "ReadOnly" or "NoAcccess").
+
+ Create LDAP Configuration
+ Click Element ${xpath_add_role_group_button}
+ Input Text ${xpath_add_group_name} ${group_name}
+ Select From List By Value ${xpath_add_group_Privilege} ${group_privilege}
+ Click Element ${xpath_add_privilege_button}
+
+ # Verify group name after adding.
+ ${ldap_group_name}= Get LDAP Privilege And Group Name Via Redfish
+ List Should Contain Value ${ldap_group_name} ${group_name}
+
+
+Delete LDAP Role Group
+ [Documentation] Delete LDAP role group.
+ [Arguments] ${group_name}
+
+ # Description of argument(s):
+ # group_name The group name of LDAP user.
+
+ # Verify given group name is exist before deleting.
+ ${ldap_group_name}= Get LDAP Privilege And Group Name Via Redfish
+ List Should Contain Value ${ldap_group_name} ${group_name} msg=${group_name} not available.
+
+ ${get_groupname_index}= Get Index From List ${ldap_group_name} ${group_name}
+ ${delete_group_elements}= Get WebElements ${xpath_delete_group_button}
+ Click Element ${delete_group_elements}[${get_groupname_index}]
+ Click Element ${xpath_delete_button}
+
+ # Verify group name after deleting.
+ ${ldap_group_name}= Get LDAP Privilege And Group Name Via Redfish
+ List Should Not Contain Value ${ldap_group_name} ${group_name} msg=${group_name} not available.
diff --git a/lib/bmc_ldap_utils.robot b/lib/bmc_ldap_utils.robot
new file mode 100644
index 0000000..a5d2a8d
--- /dev/null
+++ b/lib/bmc_ldap_utils.robot
@@ -0,0 +1,61 @@
+*** Settings ***
+Documentation This module provides general keywords for LDAP.
+
+*** Keywords ***
+
+Get LDAP Configuration Using Redfish
+ [Documentation] Retrieve LDAP Configuration.
+ [Arguments] ${ldap_type}
+
+ # Description of argument(s):
+ # ldap_type The LDAP type ("ActiveDirectory" or "LDAP").
+
+ ${ldap_config}= Redfish.Get Properties ${REDFISH_BASE_URI}AccountService
+ [Return] ${ldap_config["${ldap_type}"]}
+
+
+Get LDAP Privilege And Group Name Via Redfish
+ [Documentation] Get LDAP groupname via Redfish.
+
+ # Get LDAP configuration via Redfish.
+ # Sample output of LDAP configuration:
+ # {
+ # 'RemoteRoleMapping': [
+ # {
+ # 'RemoteGroup': 'openldapgroup',
+ # 'LocalRole': 'Administrator'
+ # },
+ # ],
+ # 'Authentication':
+ # {
+ # 'Username': 'cn=Administrator,dc=ldap,dc=com',
+ # 'Password': None,
+ # 'AuthenticationType': 'UsernameAndPassword'
+ # },
+ # 'LDAPService':
+ # {
+ # 'SearchSettings':
+ # {
+ # 'BaseDistinguishedNames': ['dc=ldap,dc=com'],
+ # 'UsernameAttribute': 'cn',
+ # 'GroupsAttribute': 'gidNumber'
+ # }
+ # },
+ # 'ServiceEnabled': True,
+ # 'Certificates':
+ # {
+ # '@odata.id': u'/redfish/v1/AccountService/LDAP/Certificates'
+ # },
+ # 'ServiceAddresses': ['ldap://xx.xx.xx.xx/']
+ # }
+
+ ${ldap_config}= Get LDAP Configuration Using Redfish ${LDAP_TYPE}
+ ${num_list_entries}= Get Length ${ldap_config["RemoteRoleMapping"]}
+ Return From Keyword If ${num_list_entries} == ${0} @{EMPTY}
+ ${ldap_group_names}= Create List
+ FOR ${i} IN RANGE ${num_list_entries}
+ Append To List ${ldap_group_names} ${ldap_config["RemoteRoleMapping"][${i}]["RemoteGroup"]}
+ END
+
+ [Return] ${ldap_group_names}
+