Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / openbmc-test-automation / 0aeb54f99eaaef93f72e4e4237bfcaef41a439c8 / . / redfish / account_service / test_ldap_configuration.robot
blob: 04ff9dc2b6fd6a6def442368c46188cd6ae04022 [file] [log] [blame]
Sivas SRR7d7bae32019-05-29 00:31:14 -0500[diff] [blame]1*** Settings ***
2Documentation Test Redfish LDAP user configuration.
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]3
Sivas SRRd21c9842019-06-21 05:41:18 -0500[diff] [blame]4Library ../../lib/gen_robot_valid.py
Sivas SRR7d7bae32019-05-29 00:31:14 -0500[diff] [blame]5Resource ../../lib/resource.robot
6Resource ../../lib/bmc_redfish_resource.robot
7Resource ../../lib/openbmc_ffdc.robot
Sivas SRRf4ec6492019-06-16 01:59:30 -0500[diff] [blame]8Library ../../lib/gen_robot_valid.py
Prashanth Katti3dc8cc32020-03-04 11:11:01 -0600[diff] [blame]9Resource ../../lib/bmc_network_utils.robot
Anves Kumar rayankula04bc48c2021-07-08 23:33:37 -0500[diff] [blame]10Resource ../../lib/bmc_ldap_utils.robot
Sivas SRR7d7bae32019-05-29 00:31:14 -0500[diff] [blame]11
12Suite Setup Suite Setup Execution
Sivas SRR939b4b12019-06-26 00:01:59 -0500[diff] [blame]13Suite Teardown Run Keywords Restore LDAP Privilege AND Redfish.Logout
Sivas SRRf4ec6492019-06-16 01:59:30 -0500[diff] [blame]14Test Teardown FFDC On Test Case Fail
Sivas SRR7d7bae32019-05-29 00:31:14 -0500[diff] [blame]15
Sivas SRR9358b5c2019-06-06 04:57:03 -0500[diff] [blame]16Force Tags LDAP_Test
17
Sivas SRRf4ec6492019-06-16 01:59:30 -0500[diff] [blame]18*** Variables ***
Nagarjun B1b821612021-12-06 22:52:04 +0530[diff] [blame]19${old_ldap_privilege} Administrator
Sivas SRRd21c9842019-06-21 05:41:18 -0500[diff] [blame]20&{old_account_service} &{EMPTY}
Sivas SRR873de8e2019-09-26 00:37:53 -0500[diff] [blame]21&{old_ldap_config} &{EMPTY}
22${hostname} ${EMPTY}
Prashanth Katti3dc8cc32020-03-04 11:11:01 -0600[diff] [blame]23${test_ip} 10.6.6.6
24${test_mask} 255.255.255.0
Sivas SRRf4ec6492019-06-16 01:59:30 -0500[diff] [blame]25
Sivas SRR7d7bae32019-05-29 00:31:14 -0500[diff] [blame]26** Test Cases **
27
Sivas SRRb1b85752019-07-04 01:28:28 -0500[diff] [blame]28Verify LDAP Configuration Created
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]29 [Documentation] Verify that LDAP configuration created.
Sivas SRRb1b85752019-07-04 01:28:28 -0500[diff] [blame]30 [Tags] Verify_LDAP_Configuration_Created
31
32 Create LDAP Configuration
33 # Call 'Get LDAP Configuration' to verify that LDAP configuration exists.
34 Get LDAP Configuration ${LDAP_TYPE}
35 Sleep 10s
36 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
37 Redfish.Logout
38 Redfish.Login
39
40
41Verify LDAP Service Disable
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]42 [Documentation] Verify that LDAP is disabled and that LDAP user cannot
43 ... login.
Sivas SRRb1b85752019-07-04 01:28:28 -0500[diff] [blame]44 [Tags] Verify_LDAP_Service_Disable
45
46 Redfish.Patch ${REDFISH_BASE_URI}AccountService
47 ... body={'${LDAP_TYPE}': {'ServiceEnabled': ${False}}}
48 Sleep 15s
49 ${resp}= Run Keyword And Return Status Redfish.Login ${LDAP_USER}
50 ... ${LDAP_USER_PASSWORD}
George Keishing333bb722019-12-11 11:40:49 -0600[diff] [blame]51 Should Be Equal ${resp} ${False}
52 ... msg=LDAP user was able to login even though the LDAP service was disabled.
Sivas SRRb1b85752019-07-04 01:28:28 -0500[diff] [blame]53 Redfish.Logout
54 Redfish.Login
55 # Enabling LDAP so that LDAP user works.
56 Redfish.Patch ${REDFISH_BASE_URI}AccountService
57 ... body={'${LDAP_TYPE}': {'ServiceEnabled': ${True}}}
58 Redfish.Logout
59 Redfish.Login
60
61
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]62Verify LDAP Login With ServiceEnabled
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]63 [Documentation] Verify that LDAP Login with ServiceEnabled.
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]64 [Tags] Verify_LDAP_Login_With_ServiceEnabled
65
66 Disable Other LDAP
67 # Actual service enablement.
68 Redfish.Patch ${REDFISH_BASE_URI}AccountService
69 ... body={'${LDAP_TYPE}': {'ServiceEnabled': ${True}}}
70 Sleep 15s
71 # After update, LDAP login.
72 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
73 Redfish.Logout
74 Redfish.Login
75
76
77Verify LDAP Login With Correct AuthenticationType
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]78 [Documentation] Verify that LDAP Login with right AuthenticationType.
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]79 [Tags] Verify_LDAP_Login_With_Correct_AuthenticationType
80
81 Redfish.Patch ${REDFISH_BASE_URI}AccountService
82 ... body={'${ldap_type}': {'Authentication': {'AuthenticationType':'UsernameAndPassword'}}}
83 Sleep 15s
84 # After update, LDAP login.
85 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
86 Redfish.Logout
87 Redfish.Login
88
89
90Verify LDAP Config Update With Incorrect AuthenticationType
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]91 [Documentation] Verify that invalid AuthenticationType is not updated.
George Keishing5236ec52022-01-31 12:07:58 -0600[diff] [blame]92 [Tags] Verify_LDAP_Config_Update_With_Incorrect_AuthenticationType
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]93
George Keishing2d0804e2019-12-12 22:27:05 -0600[diff] [blame]94 ${body}= Catenate {'${ldap_type}': {'Authentication': {'AuthenticationType':'KerberosKeytab'}}}
Prashanth Katti7d38a092020-01-10 06:01:09 -0600[diff] [blame]95
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]96 Redfish.Patch ${REDFISH_BASE_URI}AccountService
Prashanth Katti7d38a092020-01-10 06:01:09 -0600[diff] [blame]97 ... body=${body} valid_status_codes=[400]
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]98
99
100Verify LDAP Login With Correct LDAP URL
101 [Documentation] Verify LDAP Login with right LDAP URL.
102 [Tags] Verify_LDAP_Login_With_Correct_LDAP_URL
103
104 Config LDAP URL ${LDAP_SERVER_URI}
105
106
107Verify LDAP Config Update With Incorrect LDAP URL
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]108 [Documentation] Verify that LDAP Login fails with invalid LDAP URL.
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]109 [Tags] Verify_LDAP_Config_Update_With_Incorrect_LDAP_URL
110 [Teardown] Run Keywords Restore LDAP URL AND
111 ... FFDC On Test Case Fail
112
Prashanth Katti7d38a092020-01-10 06:01:09 -0600[diff] [blame]113 Config LDAP URL ldap://1.2.3.4/ ${FALSE}
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]114
Sivas SRR7d7bae32019-05-29 00:31:14 -0500[diff] [blame]115Verify LDAP Configuration Exist
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]116 [Documentation] Verify that LDAP configuration is available.
Sivas SRR7d7bae32019-05-29 00:31:14 -0500[diff] [blame]117 [Tags] Verify_LDAP_Configuration_Exist
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]118
Sivas SRR7d7bae32019-05-29 00:31:14 -0500[diff] [blame]119 ${resp}= Redfish.Get Attribute ${REDFISH_BASE_URI}AccountService
120 ... ${LDAP_TYPE} default=${EMPTY}
121 Should Not Be Empty ${resp} msg=LDAP configuration is not defined.
122
123
124Verify LDAP User Login
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]125 [Documentation] Verify that LDAP user able to login into BMC.
Sivas SRR7d7bae32019-05-29 00:31:14 -0500[diff] [blame]126 [Tags] Verify_LDAP_User_Login
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]127
128 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
Sivas SRR939b4b12019-06-26 00:01:59 -0500[diff] [blame]129 Redfish.Logout
130 Redfish.Login
Sivas SRR7d7bae32019-05-29 00:31:14 -0500[diff] [blame]131
132
133Verify LDAP Service Available
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]134 [Documentation] Verify that LDAP service is available.
Sivas SRR7d7bae32019-05-29 00:31:14 -0500[diff] [blame]135 [Tags] Verify_LDAP_Service_Available
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]136
Sivas SRR7d7bae32019-05-29 00:31:14 -0500[diff] [blame]137 @{ldap_configuration}= Get LDAP Configuration ${LDAP_TYPE}
138 Should Contain ${ldap_configuration} LDAPService
139 ... msg=LDAPService is not available.
140
141
Sivas SRR108f9d32019-06-03 10:05:34 -0500[diff] [blame]142Verify LDAP Login Works After BMC Reboot
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]143 [Documentation] Verify that LDAP login works after BMC reboot.
Sivas SRR108f9d32019-06-03 10:05:34 -0500[diff] [blame]144 [Tags] Verify_LDAP_Login_Works_After_BMC_Reboot
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]145
Sivas SRR108f9d32019-06-03 10:05:34 -0500[diff] [blame]146 Redfish OBMC Reboot (off)
147 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
148 Redfish.Logout
Sivas SRR939b4b12019-06-26 00:01:59 -0500[diff] [blame]149 Redfish.Login
Sivas SRR108f9d32019-06-03 10:05:34 -0500[diff] [blame]150
151
152Verify LDAP User With Admin Privilege Able To Do BMC Reboot
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]153 [Documentation] Verify that LDAP user with administrator privilege able to do BMC reboot.
Sivas SRR108f9d32019-06-03 10:05:34 -0500[diff] [blame]154 [Tags] Verify_LDAP_User_With_Admin_Privilege_Able_To_Do_BMC_Reboot
155
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]156
Sivas SRR108f9d32019-06-03 10:05:34 -0500[diff] [blame]157 Update LDAP Configuration with LDAP User Role And Group ${LDAP_TYPE}
158 ... ${GROUP_PRIVILEGE} ${GROUP_NAME}
159 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
160 # With LDAP user and with right privilege trying to do BMC reboot.
161 Redfish OBMC Reboot (off)
162 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
163 Redfish.Logout
Sivas SRR939b4b12019-06-26 00:01:59 -0500[diff] [blame]164 Redfish.Login
Sivas SRR108f9d32019-06-03 10:05:34 -0500[diff] [blame]165
166
Sivas SRR2b83ec02019-07-12 11:30:20 -0500[diff] [blame]167Verify LDAP User With Operator Privilege Able To Do Host Poweroff
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]168 [Documentation] Verify that LDAP user with operator privilege can do host
169 ... power off.
Sivas SRR2b83ec02019-07-12 11:30:20 -0500[diff] [blame]170 [Tags] Verify_LDAP_User_With_Operator_Privilege_Able_To_Do_Host_Poweroff
Sivas SRRf4ec6492019-06-16 01:59:30 -0500[diff] [blame]171 [Teardown] Restore LDAP Privilege
172
Sivas SRRf4ec6492019-06-16 01:59:30 -0500[diff] [blame]173 Update LDAP Configuration with LDAP User Role And Group ${LDAP_TYPE}
174 ... Operator ${GROUP_NAME}
Sivas SRRf4ec6492019-06-16 01:59:30 -0500[diff] [blame]175
Sivas SRRf4ec6492019-06-16 01:59:30 -0500[diff] [blame]176 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
Sivas SRR2b83ec02019-07-12 11:30:20 -0500[diff] [blame]177 # Verify that the LDAP user with operator privilege is able to power the system off.
178 Redfish.Post ${REDFISH_POWER_URI}
Sivas SRR3d82b3c2019-07-12 12:20:04 -0500[diff] [blame]179 ... body={'ResetType': 'ForceOff'} valid_status_codes=[200]
Sivas SRRf4ec6492019-06-16 01:59:30 -0500[diff] [blame]180 Redfish.Logout
Sivas SRR939b4b12019-06-26 00:01:59 -0500[diff] [blame]181 Redfish.Login
Sivas SRRf4ec6492019-06-16 01:59:30 -0500[diff] [blame]182
183
Prashanth Katti12e20402022-01-12 05:19:23 -0600[diff] [blame]184Verify AccountLockout Attributes Set To Zero By LDAP User
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]185 [Documentation] Verify that attribute AccountLockoutDuration and
Prashanth Katti12e20402022-01-12 05:19:23 -0600[diff] [blame]186 ... AccountLockoutThreshold are set to 0 by LDAP user.
Sivas SRRd21c9842019-06-21 05:41:18 -0500[diff] [blame]187 [Teardown] Run Keywords Restore AccountLockout Attributes AND
188 ... FFDC On Test Case Fail
Prashanth Katti12e20402022-01-12 05:19:23 -0600[diff] [blame]189 [Tags] Verify_AccountLockout_Attributes_Set_To_Zero_By_LDAP_User
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]190
Sivas SRRd21c9842019-06-21 05:41:18 -0500[diff] [blame]191 ${old_account_service}= Redfish.Get Properties
192 ... ${REDFISH_BASE_URI}AccountService
Michael Walsh39c00512019-07-17 10:54:06 -0500[diff] [blame]193 Rprint Vars old_account_service
Prashanth Katti12e20402022-01-12 05:19:23 -0600[diff] [blame]194
195 # Create LDAP user and create session using LDAP user.
196 Update LDAP Configuration with LDAP User Role And Group ${LDAP_TYPE}
197 ... Administrator ${GROUP_NAME}
198
199 # Clear existing Redfish sessions.
200 Redfish.Logout
201
202 # Login using LDAP user.
203 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
204
205 # Set Account Lockout attributes using LDAP user.
Sivas SRRd21c9842019-06-21 05:41:18 -0500[diff] [blame]206 Redfish.Patch ${REDFISH_BASE_URI}AccountService
207 ... body=[('AccountLockoutDuration', 0)]
208 Redfish.Patch ${REDFISH_BASE_URI}AccountService
209 ... body=[('AccountLockoutThreshold', 0)]
210
211
Sivas SRR939b4b12019-06-26 00:01:59 -0500[diff] [blame]212Verify LDAP User With Read Privilege Able To Check Inventory
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]213 [Documentation] Verify that LDAP user with read privilege able to
Sivas SRR939b4b12019-06-26 00:01:59 -0500[diff] [blame]214 ... read firmware inventory.
215 [Tags] Verify_LDAP_User_With_Read_Privilege_Able_To_Check_Inventory
216 [Teardown] Run Keywords FFDC On Test Case Fail AND Restore LDAP Privilege
217 [Template] Set Read Privilege And Check Firmware Inventory
218
Prashanth Kattiedce4a92020-01-16 07:28:39 -0600[diff] [blame]219 ReadOnly
Sivas SRR939b4b12019-06-26 00:01:59 -0500[diff] [blame]220
221
222Verify LDAP User With Read Privilege Should Not Do Host Poweron
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]223 [Documentation] Verify that LDAP user with read privilege should not be
Sivas SRR939b4b12019-06-26 00:01:59 -0500[diff] [blame]224 ... allowed to power on the host.
225 [Tags] Verify_LDAP_User_With_Read_Privilege_Should_Not_Do_Host_Poweron
226 [Teardown] Run Keywords FFDC On Test Case Fail AND Restore LDAP Privilege
227 [Template] Set Read Privilege And Check Poweron
228
Prashanth Kattiedce4a92020-01-16 07:28:39 -0600[diff] [blame]229 ReadOnly
Sivas SRR939b4b12019-06-26 00:01:59 -0500[diff] [blame]230
231
Sivas SRRe9a47862019-08-05 07:13:43 -0500[diff] [blame]232Update LDAP Group Name And Verify Operations
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]233 [Documentation] Verify that LDAP group name update and able to do right
234 ... operations.
Sivas SRRe9a47862019-08-05 07:13:43 -0500[diff] [blame]235 [Tags] Update_LDAP_Group_Name_And_Verify_Operations
236 [Template] Update LDAP Config And Verify Set Host Name
237 [Teardown] Restore LDAP Privilege
238
239 # group_name group_privilege valid_status_codes
Anves Kumar rayankula9954c4c2020-07-31 05:49:16 -0500[diff] [blame]240 ${GROUP_NAME} Administrator [${HTTP_OK}, ${HTTP_NO_CONTENT}]
Prashanth Kattic5d07062021-07-07 03:05:37 -0500[diff] [blame]241 ${GROUP_NAME} Operator [${HTTP_OK}, ${HTTP_NO_CONTENT}]
Prashanth Kattiedce4a92020-01-16 07:28:39 -0600[diff] [blame]242 ${GROUP_NAME} ReadOnly [${HTTP_UNAUTHORIZED}, ${HTTP_FORBIDDEN}]
243 ${GROUP_NAME} NoAccess [${HTTP_UNAUTHORIZED}, ${HTTP_FORBIDDEN}]
Sivas SRRe9a47862019-08-05 07:13:43 -0500[diff] [blame]244 Invalid_LDAP_Group_Name Administrator [${HTTP_UNAUTHORIZED}, ${HTTP_FORBIDDEN}]
245 Invalid_LDAP_Group_Name Operator [${HTTP_UNAUTHORIZED}, ${HTTP_FORBIDDEN}]
Prashanth Kattiedce4a92020-01-16 07:28:39 -0600[diff] [blame]246 Invalid_LDAP_Group_Name ReadOnly [${HTTP_UNAUTHORIZED}, ${HTTP_FORBIDDEN}]
247 Invalid_LDAP_Group_Name NoAccess [${HTTP_UNAUTHORIZED}, ${HTTP_FORBIDDEN}]
Sivas SRRe9a47862019-08-05 07:13:43 -0500[diff] [blame]248
249
Sivas SRRa031d2d2019-08-16 07:49:52 -0500[diff] [blame]250Verify LDAP BaseDN Update And LDAP Login
251 [Documentation] Update LDAP BaseDN of LDAP configuration and verify
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]252 ... that LDAP login works.
Sivas SRRa031d2d2019-08-16 07:49:52 -0500[diff] [blame]253 [Tags] Verify_LDAP_BaseDN_Update_And_LDAP_Login
254
255
256 ${body}= Catenate {'${LDAP_TYPE}': { 'LDAPService': {'SearchSettings':
257 ... {'BaseDistinguishedNames': ['${LDAP_BASE_DN}']}}}}
258 Redfish.Patch ${REDFISH_BASE_URI}AccountService body=${body}
259 Sleep 15s
260 Redfish Verify LDAP Login
261
262
263Verify LDAP BindDN Update And LDAP Login
264 [Documentation] Update LDAP BindDN of LDAP configuration and verify
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]265 ... that LDAP login works.
Sivas SRRa031d2d2019-08-16 07:49:52 -0500[diff] [blame]266 [Tags] Verify_LDAP_BindDN_Update_And_LDAP_Login
267
268 ${body}= Catenate {'${LDAP_TYPE}': { 'Authentication':
269 ... {'AuthenticationType':'UsernameAndPassword', 'Username':
270 ... '${LDAP_BIND_DN}'}}}
271 Redfish.Patch ${REDFISH_BASE_URI}AccountService body=${body}
272 Sleep 15s
273 Redfish Verify LDAP Login
274
275
276Verify LDAP BindDN Password Update And LDAP Login
277 [Documentation] Update LDAP BindDN password of LDAP configuration and
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]278 ... verify that LDAP login works.
George Keishing0c8100f2022-01-13 00:24:57 -0600[diff] [blame]279 [Tags] Verify_LDAP_BindDN_Password_Update_And_LDAP_Login
Sivas SRRa031d2d2019-08-16 07:49:52 -0500[diff] [blame]280
281
282 ${body}= Catenate {'${LDAP_TYPE}': { 'Authentication':
283 ... {'AuthenticationType':'UsernameAndPassword', 'Password':
284 ... '${LDAP_BIND_DN_PASSWORD}'}}}
285 Redfish.Patch ${REDFISH_BASE_URI}AccountService body=${body}
286 Sleep 15s
287 Redfish Verify LDAP Login
288
289
290Verify LDAP Type Update And LDAP Login
291 [Documentation] Update LDAP type of LDAP configuration and verify
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]292 ... that LDAP login works.
Sivas SRRa031d2d2019-08-16 07:49:52 -0500[diff] [blame]293 [Tags] Verify_LDAP_Type_Update_And_LDAP_Login
294
295 Disable Other LDAP
296 Redfish.Patch ${REDFISH_BASE_URI}AccountService
297 ... body={'${LDAP_TYPE}': {'ServiceEnabled': ${True}}}
298 Sleep 15s
299 Redfish Verify LDAP Login
300
301
George Keishing5236ec52022-01-31 12:07:58 -0600[diff] [blame]302Verify LDAP Authorization With Null Privilege
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]303 [Documentation] Verify the failure of LDAP authorization with empty
304 ... privilege.
305 [Tags] Verify_LDAP_Authorization_With_Null_Privilege
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]306 [Teardown] Restore LDAP Privilege
307
308 Update LDAP Config And Verify Set Host Name ${GROUP_NAME} ${EMPTY}
309 ... [${HTTP_FORBIDDEN}]
310
311
George Keishing5236ec52022-01-31 12:07:58 -0600[diff] [blame]312Verify LDAP Authorization With Invalid Privilege
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]313 [Documentation] Verify that LDAP user authorization with wrong privilege
314 ... fails.
315 [Tags] Verify_LDAP_Authorization_With_Invalid_Privilege
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]316 [Teardown] Restore LDAP Privilege
317
318 Update LDAP Config And Verify Set Host Name ${GROUP_NAME}
319 ... Invalid_Privilege [${HTTP_FORBIDDEN}]
320
321
322Verify LDAP Login With Invalid Data
323 [Documentation] Verify that LDAP login with Invalid LDAP data and
324 ... right LDAP user fails.
325 [Tags] Verify_LDAP_Login_With_Invalid_Data
326 [Teardown] Run Keywords FFDC On Test Case Fail AND
327 ... Create LDAP Configuration
328
329 Create LDAP Configuration ${LDAP_TYPE} Invalid_LDAP_Server_URI
330 ... Invalid_LDAP_BIND_DN LDAP_BIND_DN_PASSWORD
331 ... Invalid_LDAP_BASE_DN
332 Sleep 15s
333 Redfish Verify LDAP Login ${False}
334
335
336Verify LDAP Config Creation Without BASE_DN
337 [Documentation] Verify that LDAP login with LDAP configuration
338 ... created without BASE_DN fails.
339 [Tags] Verify_LDAP_Config_Creation_Without_BASE_DN
340 [Teardown] Run Keywords FFDC On Test Case Fail AND
341 ... Create LDAP Configuration
342
343 Create LDAP Configuration ${LDAP_TYPE} Invalid_LDAP_Server_URI
344 ... Invalid_LDAP_BIND_DN LDAP_BIND_DN_PASSWORD ${EMPTY}
345 Sleep 15s
346 Redfish Verify LDAP Login ${False}
347
348
349Verify LDAP Authentication Without Password
350 [Documentation] Verify that LDAP user authentication without LDAP
351 ... user password fails.
352 [Tags] Verify_LDAP_Authentication_Without_Password
Anves Kumar rayankula5bf342e2020-06-25 08:35:34 -0500[diff] [blame]353 [Teardown] Run Keywords Redfish.Logout AND Redfish.Login
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]354
355 ${status}= Run Keyword And Return Status Redfish.Login ${LDAP_USER}
356 Valid Value status [${False}]
357
358
Sivas SRRcde694c2019-09-09 12:20:34 -0500[diff] [blame]359Verify LDAP Login With Invalid BASE_DN
360 [Documentation] Verify that LDAP login with invalid BASE_DN and
361 ... valid LDAP user fails.
362 [Tags] Verify_LDAP_Login_With_Invalid_BASE_DN
363 [Teardown] Run Keywords FFDC On Test Case Fail AND
364 ... Create LDAP Configuration
365
366 Create LDAP Configuration ${LDAP_TYPE} ${LDAP_SERVER_URI}
367 ... ${LDAP_BIND_DN} ${LDAP_BIND_DN_PASSWORD} Invalid_LDAP_BASE_DN
368 Sleep 15s
369 Redfish Verify LDAP Login ${False}
370
371
372Verify LDAP Login With Invalid BIND_DN_PASSWORD
373 [Documentation] Verify that LDAP login with invalid BIND_DN_PASSWORD and
374 ... valid LDAP user fails.
375 [Tags] Verify_LDAP_Login_With_Invalid_BIND_DN_PASSWORD
376 [Teardown] Run Keywords FFDC On Test Case Fail AND
377 ... Create LDAP Configuration
378
379 Create LDAP Configuration ${LDAP_TYPE} ${LDAP_SERVER_URI}
380 ... ${LDAP_BIND_DN} INVALID_LDAP_BIND_DN_PASSWORD ${LDAP_BASE_DN}
381 Sleep 15s
382 Redfish Verify LDAP Login ${False}
383
384
385Verify LDAP Login With Invalid BASE_DN And Invalid BIND_DN
386 [Documentation] Verify that LDAP login with invalid BASE_DN and invalid
387 ... BIND_DN and valid LDAP user fails.
388 [Tags] Verify_LDAP_Login_With_Invalid_BASE_DN_And_Invalid_BIND_DN
389 [Teardown] Run Keywords FFDC On Test Case Fail AND
390 ... Create LDAP Configuration
391
392 Create LDAP Configuration ${LDAP_TYPE} ${LDAP_SERVER_URI}
393 ... INVALID_LDAP_BIND_DN ${LDAP_BIND_DN_PASSWORD} INVALID_LDAP_BASE_DN
394 Sleep 15s
395 Redfish Verify LDAP Login ${False}
396
397
398Verify Group Name And Group Privilege Able To Modify
399 [Documentation] Verify that LDAP group name and group privilege able to
400 ... modify.
401 [Tags] Verify_Group_Name_And_Group_Privilege_Able_To_Modify
Sivas SRR873de8e2019-09-26 00:37:53 -0500[diff] [blame]402 [Setup] Update LDAP Configuration with LDAP User Role And Group
Sivas SRRcde694c2019-09-09 12:20:34 -0500[diff] [blame]403 ... ${LDAP_TYPE} Operator ${GROUP_NAME}
404
405 Update LDAP Configuration with LDAP User Role And Group ${LDAP_TYPE}
406 ... Administrator ${GROUP_NAME}
407
408
409Verify LDAP Login With Invalid BIND_DN
410 [Documentation] Verify that LDAP login with invalid BIND_DN and
411 ... valid LDAP user fails.
412 [Tags] Verify_LDAP_Login_With_Invalid_BIND_DN
413 [Teardown] Run Keywords FFDC On Test Case Fail AND
414 ... Create LDAP Configuration
415
416 Create LDAP Configuration ${LDAP_TYPE} ${LDAP_SERVER_URI}
417 ... Invalid_LDAP_BIND_DN ${LDAP_BIND_DN_PASSWORD} ${LDAP_BASE_DN}
418 Sleep 15s
419 Redfish Verify LDAP Login ${False}
420
421
422Verify LDAP Authentication With Invalid LDAP User
423 [Documentation] Verify that LDAP user authentication for user not exist
424 ... in LDAP server and fails.
425 [Tags] Verify_LDAP_Authentication_With_Invalid_LDAP_User
Anves Kumar rayankula9954c4c2020-07-31 05:49:16 -0500[diff] [blame]426 [Teardown] Run Keywords Redfish.Logout AND Redfish.Login
Sivas SRRcde694c2019-09-09 12:20:34 -0500[diff] [blame]427
428 ${status}= Run Keyword And Return Status Redfish.Login INVALID_LDAP_USER
429 ... ${LDAP_USER_PASSWORD}
430 Valid Value status [${False}]
431
432
Prashanth Kattife798812020-01-31 07:04:26 -0600[diff] [blame]433Update LDAP User Roles And Verify Host Poweroff Operation
434 [Documentation] Update LDAP user roles and verify host poweroff operation.
435 [Tags] Update_LDAP_User_Roles_And_Verify_Host_Poweroff_Operation
436 [Teardown] Restore LDAP Privilege
437
438 [Template] Update LDAP User Role And Host Poweroff
439 # ldap_type group_privilege group_name valid_status_codes
440
441 # Verify LDAP user with NoAccess privilege not able to do host poweroff.
442 ${LDAP_TYPE} NoAccess ${GROUP_NAME} ${HTTP_FORBIDDEN}
443
444 # Verify LDAP user with ReadOnly privilege not able to do host poweroff.
445 ${LDAP_TYPE} ReadOnly ${GROUP_NAME} ${HTTP_FORBIDDEN}
446
447 # Verify LDAP user with Operator privilege able to do host poweroff.
448 ${LDAP_TYPE} Operator ${GROUP_NAME} ${HTTP_OK}
449
450 # Verify LDAP user with Administrator privilege able to do host poweroff.
451 ${LDAP_TYPE} Administrator ${GROUP_NAME} ${HTTP_OK}
452
453
Prashanth Kattia4f79292020-02-20 03:34:01 -0600[diff] [blame]454Update LDAP User Roles And Verify Host Poweron Operation
455 [Documentation] Update LDAP user roles and verify host poweron operation.
456 [Tags] Update_LDAP_User_Roles_And_Verify_Host_Poweron_Operation
457 [Teardown] Restore LDAP Privilege
458
459 [Template] Update LDAP User Role And Host Poweron
460 # ldap_type group_privilege group_name valid_status_codes
461
462 # Verify LDAP user with NoAccess privilege not able to do host poweron.
463 ${LDAP_TYPE} NoAccess ${GROUP_NAME} ${HTTP_FORBIDDEN}
464
465 # Verify LDAP user with ReadOnly privilege not able to do host poweron.
466 ${LDAP_TYPE} ReadOnly ${GROUP_NAME} ${HTTP_FORBIDDEN}
467
468 # Verify LDAP user with Operator privilege able to do host poweron.
469 ${LDAP_TYPE} Operator ${GROUP_NAME} ${HTTP_OK}
470
471 # Verify LDAP user with Administrator privilege able to do host poweron.
472 ${LDAP_TYPE} Administrator ${GROUP_NAME} ${HTTP_OK}
473
474
Prashanth Katti3dc8cc32020-03-04 11:11:01 -0600[diff] [blame]475Configure IP Address Via Different User Roles And Verify
476 [Documentation] Configure IP address via different user roles and verify.
477 [Tags] Configure_IP_Address_Via_Different_User_Roles_And_Verify
478 [Teardown] Restore LDAP Privilege
479
480 [Template] Update LDAP User Role And Configure IP Address
481 # Verify LDAP user with Administrator privilege is able to configure IP address.
482 ${LDAP_TYPE} Administrator ${GROUP_NAME} ${HTTP_OK}
483
484 # Verify LDAP user with ReadOnly privilege is forbidden to configure IP address.
485 ${LDAP_TYPE} ReadOnly ${GROUP_NAME} ${HTTP_FORBIDDEN}
486
487 # Verify LDAP user with NoAccess privilege is forbidden to configure IP address.
Prashanth Katti67e06202020-05-20 06:16:51 -0500[diff] [blame]488 ${LDAP_TYPE} NoAccess ${GROUP_NAME} ${HTTP_FORBIDDEN}
Prashanth Katti3dc8cc32020-03-04 11:11:01 -0600[diff] [blame]489
490 # Verify LDAP user with Operator privilege is able to configure IP address.
Sweta Potthurif4c86a02022-02-02 10:11:22 -0600[diff] [blame]491 ${LDAP_TYPE} Operator ${GROUP_NAME} ${HTTP_FORBIDDEN}
Prashanth Katti3dc8cc32020-03-04 11:11:01 -0600[diff] [blame]492
493
Prashanth Kattif90c4742020-03-18 11:08:47 -0500[diff] [blame]494Delete IP Address Via Different User Roles And Verify
495 [Documentation] Delete IP address via different user roles and verify.
496 [Tags] Delete_IP_Address_Via_Different_User_Roles_And_Verify
497 [Teardown] Run Keywords Restore LDAP Privilege AND FFDC On Test Case Fail
498
499 [Template] Update LDAP User Role And Delete IP Address
500 # Verify LDAP user with Administrator privilege is able to delete IP address.
501 ${LDAP_TYPE} Administrator ${GROUP_NAME} ${HTTP_OK}
502
503 # Verify LDAP user with ReadOnly privilege is forbidden to delete IP address.
504 ${LDAP_TYPE} ReadOnly ${GROUP_NAME} ${HTTP_FORBIDDEN}
505
506 # Verify LDAP user with NoAccess privilege is forbidden to delete IP address.
Prashanth Katti67e06202020-05-20 06:16:51 -0500[diff] [blame]507 ${LDAP_TYPE} NoAccess ${GROUP_NAME} ${HTTP_FORBIDDEN}
Prashanth Kattif90c4742020-03-18 11:08:47 -0500[diff] [blame]508
509 # Verify LDAP user with Operator privilege is able to delete IP address.
Sweta Potthurif4c86a02022-02-02 10:11:22 -0600[diff] [blame]510 ${LDAP_TYPE} Operator ${GROUP_NAME} ${HTTP_FORBIDDEN}
Prashanth Kattif90c4742020-03-18 11:08:47 -0500[diff] [blame]511
512
Prashanth Katti67e06202020-05-20 06:16:51 -0500[diff] [blame]513Read Network Configuration Via Different User Roles And Verify
David Shaw8e6d4ee2020-06-12 10:03:59 -0500[diff] [blame]514 [Documentation] Read network configuration via different user roles and verify.
George Keishing5236ec52022-01-31 12:07:58 -0600[diff] [blame]515 [Tags] Read_Network_Configuration_Via_Different_User_Roles_And_Verify
Prashanth Katti67e06202020-05-20 06:16:51 -0500[diff] [blame]516 [Teardown] Restore LDAP Privilege
517
518 [Template] Update LDAP User Role And Read Network Configuration
519 ${LDAP_TYPE} Administrator ${GROUP_NAME} ${HTTP_OK}
520
521 ${LDAP_TYPE} ReadOnly ${GROUP_NAME} ${HTTP_OK}
522
523 ${LDAP_TYPE} NoAccess ${GROUP_NAME} ${HTTP_FORBIDDEN}
524
525 ${LDAP_TYPE} Operator ${GROUP_NAME} ${HTTP_OK}
526
527
Sivas SRR7d7bae32019-05-29 00:31:14 -0500[diff] [blame]528*** Keywords ***
Sivas SRRd21c9842019-06-21 05:41:18 -0500[diff] [blame]529
Sivas SRRa031d2d2019-08-16 07:49:52 -0500[diff] [blame]530Redfish Verify LDAP Login
531 [Documentation] LDAP user log into BMC.
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]532 [Arguments] ${valid_status}=${True}
533
534 # Description of argument(s):
535 # valid_status Expected status of LDAP login ("True" or "False").
Sivas SRRa031d2d2019-08-16 07:49:52 -0500[diff] [blame]536
537 # According to our repo coding rules, Redfish.Login is to be done in Suite
538 # Setup and Redfish.Logout is to be done in Suite Teardown. For any
539 # deviation from this rule (such as in this keyword), the deviant code
540 # must take steps to restore us to our original logged-in state.
541
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]542 ${status}= Run Keyword And Return Status Redfish.Login ${LDAP_USER}
543 ... ${LDAP_USER_PASSWORD}
544 Valid Value status [${valid_status}]
Sivas SRRa031d2d2019-08-16 07:49:52 -0500[diff] [blame]545 Redfish.Logout
546 Redfish.Login
547
548
Sivas SRRe9a47862019-08-05 07:13:43 -0500[diff] [blame]549Update LDAP Config And Verify Set Host Name
550 [Documentation] Update LDAP config and verify by attempting to set host name.
551 [Arguments] ${group_name} ${group_privilege}=Administrator
552 ... ${valid_status_codes}=[${HTTP_OK}]
Nagarjun B1b821612021-12-06 22:52:04 +0530[diff] [blame]553 [Teardown] Run Keyword If '${group_privilege}'=='NoAccess' Redfish.Login
554 ... ELSE Run Keywords Redfish.Logout AND Redfish.Login
George Keishing538f1742022-03-14 05:00:55 -0500[diff] [blame]555
Sivas SRRe9a47862019-08-05 07:13:43 -0500[diff] [blame]556 # Description of argument(s):
557 # group_name The group name of user.
558 # group_privilege The group privilege ("Administrator",
559 # "Operator", "User" or "Callback").
560 # valid_status_codes Expected return code(s) from patch
561 # operation (e.g. "200") used to update
562 # HostName. See prolog of rest_request
563 # method in redfish_plut.py for details.
564 Update LDAP Configuration with LDAP User Role And Group ${LDAP_TYPE}
565 ... ${group_privilege} ${group_name}
Nagarjun B1b821612021-12-06 22:52:04 +0530[diff] [blame]566
567 Run Keyword If '${group_privilege}'=='NoAccess'
568 ... Run Keyword And Return Verify Redfish Login for LDAP Userrole NoAccess
569
Sivas SRRe9a47862019-08-05 07:13:43 -0500[diff] [blame]570 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
571 # Verify that the LDAP user in ${group_name} with the given privilege is
572 # allowed to change the hostname.
Anves Kumar rayankulaf8533632021-05-31 02:52:19 -0500[diff] [blame]573 Redfish.Patch ${REDFISH_NW_ETH0_URI} body={'HostName': '${hostname}'}
Sivas SRRe9a47862019-08-05 07:13:43 -0500[diff] [blame]574 ... valid_status_codes=${valid_status_codes}
Sivas SRRe9a47862019-08-05 07:13:43 -0500[diff] [blame]575
Nagarjun B1b821612021-12-06 22:52:04 +0530[diff] [blame]576Verify Redfish Login for LDAP Userrole NoAccess
577 [Documentation] Verify Redfish login should not be able to login for LDAP Userrole NoAccess.
578
579 ${status}= Run Keyword And Return Status Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
580 Valid Value status [${False}]
Sivas SRRe9a47862019-08-05 07:13:43 -0500[diff] [blame]581
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]582Disable Other LDAP
583 [Documentation] Disable other LDAP configuration.
584
585 # First disable other LDAP.
586 ${inverse_ldap_type}= Set Variable If '${LDAP_TYPE}' == 'LDAP' ActiveDirectory LDAP
587 Redfish.Patch ${REDFISH_BASE_URI}AccountService
588 ... body={'${inverse_ldap_type}': {'ServiceEnabled': ${False}}}
589 Sleep 15s
590
591
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]592Config LDAP URL
593 [Documentation] Config LDAP URL.
Prashanth Katti7d38a092020-01-10 06:01:09 -0600[diff] [blame]594 [Arguments] ${ldap_server_uri}=${LDAP_SERVER_URI} ${expected_status}=${TRUE}
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]595
596 # Description of argument(s):
597 # ldap_server_uri LDAP server uri (e.g. "ldap://XX.XX.XX.XX/").
598
Sivas SRRb1b85752019-07-04 01:28:28 -0500[diff] [blame]599 Redfish.Patch ${REDFISH_BASE_URI}AccountService
600 ... body={'${ldap_type}': {'ServiceAddresses': ['${ldap_server_uri}']}}
601 Sleep 15s
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]602 # After update, LDAP login.
Prashanth Katti7d38a092020-01-10 06:01:09 -0600[diff] [blame]603 ${status}= Run Keyword And Return Status Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
604 Valid Value status [${expected_status}]
605
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]606 Redfish.Logout
607 Redfish.Login
608
609
610Restore LDAP URL
611 [Documentation] Restore LDAP URL.
612
613 # Restoring the working LDAP server uri.
Sivas SRRb1b85752019-07-04 01:28:28 -0500[diff] [blame]614 Redfish.Patch ${REDFISH_BASE_URI}AccountService
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]615 ... body={'${ldap_type}': {'ServiceAddresses': ['${LDAP_SERVER_URI}']}}
Sivas SRRb1b85752019-07-04 01:28:28 -0500[diff] [blame]616 Sleep 15s
617
618
Sivas SRRd21c9842019-06-21 05:41:18 -0500[diff] [blame]619Restore AccountLockout Attributes
620 [Documentation] Restore AccountLockout Attributes.
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]621
Sivas SRRd21c9842019-06-21 05:41:18 -0500[diff] [blame]622 Return From Keyword If &{old_account_service} == &{EMPTY}
623 Redfish.Patch ${REDFISH_BASE_URI}AccountService
624 ... body=[('AccountLockoutDuration', ${old_account_service['AccountLockoutDuration']})]
625 Redfish.Patch ${REDFISH_BASE_URI}AccountService
626 ... body=[('AccountLockoutDuration', ${old_account_service['AccountLockoutThreshold']})]
627
628
Sivas SRR7d7bae32019-05-29 00:31:14 -0500[diff] [blame]629Suite Setup Execution
630 [Documentation] Do suite setup tasks.
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]631
Michael Walshe7edb222019-08-19 17:39:38 -0500[diff] [blame]632 Valid Value LDAP_TYPE valid_values=["ActiveDirectory", "LDAP"]
633 Valid Value LDAP_USER
634 Valid Value LDAP_USER_PASSWORD
635 Valid Value GROUP_PRIVILEGE
636 Valid Value GROUP_NAME
637 Valid Value LDAP_SERVER_URI
638 Valid Value LDAP_BIND_DN_PASSWORD
639 Valid Value LDAP_BIND_DN
640 Valid Value LDAP_BASE_DN
Sivas SRRe9a47862019-08-05 07:13:43 -0500[diff] [blame]641
Sivas SRRf4ec6492019-06-16 01:59:30 -0500[diff] [blame]642 Redfish.Login
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]643 # Call 'Get LDAP Configuration' to verify that LDAP configuration exists.
644 Get LDAP Configuration ${LDAP_TYPE}
Prashanth Kattife798812020-01-31 07:04:26 -0600[diff] [blame]645 Set Suite Variable ${old_ldap_privilege}
Sivas SRRcde694c2019-09-09 12:20:34 -0500[diff] [blame]646 Disable Other LDAP
Sivas SRR873de8e2019-09-26 00:37:53 -0500[diff] [blame]647 Create LDAP Configuration
648 ${hostname}= Redfish.Get Attribute ${REDFISH_NW_PROTOCOL_URI} HostName
Sivas SRR7d7bae32019-05-29 00:31:14 -0500[diff] [blame]649
650
Sivas SRR939b4b12019-06-26 00:01:59 -0500[diff] [blame]651Set Read Privilege And Check Firmware Inventory
652 [Documentation] Set read privilege and check firmware inventory.
653 [Arguments] ${read_privilege}
654
655 # Description of argument(s):
656 # read_privilege The read privilege role (e.g. "User" / "Callback").
657
658 Update LDAP Configuration with LDAP User Role And Group ${LDAP_TYPE}
659 ... ${read_privilege} ${GROUP_NAME}
660
661 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
662 # Verify that the LDAP user with read privilege is able to read inventory.
663 ${resp}= Redfish.Get /redfish/v1/UpdateService/FirmwareInventory
664 Should Be True ${resp.dict["Members@odata.count"]} >= ${1}
665 Length Should Be ${resp.dict["Members"]} ${resp.dict["Members@odata.count"]}
Sivas SRRd21c9842019-06-21 05:41:18 -0500[diff] [blame]666 Redfish.Logout
Sivas SRR939b4b12019-06-26 00:01:59 -0500[diff] [blame]667 Redfish.Login
668
669
670Set Read Privilege And Check Poweron
671 [Documentation] Set read privilege and power on should not be possible.
672 [Arguments] ${read_privilege}
673
674 # Description of argument(s):
675 # read_privilege The read privilege role (e.g. "User" / "Callback").
676
677 Update LDAP Configuration with LDAP User Role And Group ${LDAP_TYPE}
678 ... ${read_privilege} ${GROUP_NAME}
679 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
680 Redfish.Post ${REDFISH_POWER_URI}
681 ... body={'ResetType': 'On'} valid_status_codes=[401, 403]
682 Redfish.Logout
683 Redfish.Login
Sivas SRRd21c9842019-06-21 05:41:18 -0500[diff] [blame]684
685
Sivas SRR7d7bae32019-05-29 00:31:14 -0500[diff] [blame]686Get LDAP Configuration
687 [Documentation] Retrieve LDAP Configuration.
688 [Arguments] ${ldap_type}
689
690 # Description of argument(s):
691 # ldap_type The LDAP type ("ActiveDirectory" or "LDAP").
692
693 ${ldap_config}= Redfish.Get Properties ${REDFISH_BASE_URI}AccountService
694 [Return] ${ldap_config["${ldap_type}"]}
Sivas SRR108f9d32019-06-03 10:05:34 -0500[diff] [blame]695
696
697Update LDAP Configuration with LDAP User Role And Group
698 [Documentation] Update LDAP configuration update with LDAP user Role and group.
699 [Arguments] ${ldap_type} ${group_privilege} ${group_name}
700
701 # Description of argument(s):
702 # ldap_type The LDAP type ("ActiveDirectory" or "LDAP").
703 # group_privilege The group privilege ("Administrator", "Operator", "User" or "Callback").
704 # group_name The group name of user.
705
706 ${local_role_remote_group}= Create Dictionary LocalRole=${group_privilege} RemoteGroup=${group_name}
707 ${remote_role_mapping}= Create List ${local_role_remote_group}
708 ${ldap_data}= Create Dictionary RemoteRoleMapping=${remote_role_mapping}
709 ${payload}= Create Dictionary ${ldap_type}=${ldap_data}
710 Redfish.Patch ${REDFISH_BASE_URI}AccountService body=&{payload}
Sivas SRR939b4b12019-06-26 00:01:59 -0500[diff] [blame]711 # Provide adequate time for LDAP daemon to restart after the update.
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]712 Sleep 15s
Sivas SRR108f9d32019-06-03 10:05:34 -0500[diff] [blame]713
Sivas SRRf4ec6492019-06-16 01:59:30 -0500[diff] [blame]714
715Get LDAP Privilege
716 [Documentation] Get LDAP privilege and return it.
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]717
Sivas SRRf4ec6492019-06-16 01:59:30 -0500[diff] [blame]718 ${ldap_config}= Get LDAP Configuration ${LDAP_TYPE}
Sivas SRRe9a47862019-08-05 07:13:43 -0500[diff] [blame]719 ${num_list_entries}= Get Length ${ldap_config["RemoteRoleMapping"]}
720 Return From Keyword If ${num_list_entries} == ${0} @{EMPTY}
721
Sivas SRRf4ec6492019-06-16 01:59:30 -0500[diff] [blame]722 [Return] ${ldap_config["RemoteRoleMapping"][0]["LocalRole"]}
723
724
725Restore LDAP Privilege
726 [Documentation] Restore the LDAP privilege to its original value.
George Keishing538f1742022-03-14 05:00:55 -0500[diff] [blame]727
Nagarjun B1b821612021-12-06 22:52:04 +0530[diff] [blame]728 Redfish.Login
Anves Kumar rayankula5bf342e2020-06-25 08:35:34 -0500[diff] [blame]729 Return From Keyword If '${old_ldap_privilege}' == '${EMPTY}' or '${old_ldap_privilege}' == '[]'
Sivas SRR939b4b12019-06-26 00:01:59 -0500[diff] [blame]730 # Log back in to restore the original privilege.
Sivas SRRf4ec6492019-06-16 01:59:30 -0500[diff] [blame]731 Update LDAP Configuration with LDAP User Role And Group ${LDAP_TYPE}
732 ... ${old_ldap_privilege} ${GROUP_NAME}
Prashanth Kattife798812020-01-31 07:04:26 -0600[diff] [blame]733
734 Sleep 18s
735
Nagarjun B1b821612021-12-06 22:52:04 +0530[diff] [blame]736Verify Host Power Status
737 [Documentation] Verify the Host power status and do host power on/off respectively.
738 [Arguments] ${expected_power_status}
739
740 ${power_status}= Redfish.Get Attribute /redfish/v1/Chassis/${CHASSIS_ID} PowerState
741 Return From Keyword If '${power_status}' == '${expected_power_status}'
742
743 Run Keyword If '${power_status}' == 'Off' Redfish Power On
744 ... ELSE Redfish Power Off
Prashanth Kattife798812020-01-31 07:04:26 -0600[diff] [blame]745
746Update LDAP User Role And Host Poweroff
747 [Documentation] Update LDAP user role and do host poweroff.
748 [Arguments] ${ldap_type} ${group_privilege} ${group_name} ${valid_status_code}
Prashanth Kattia4f79292020-02-20 03:34:01 -0600[diff] [blame]749 [Teardown] Run Keywords Redfish.Logout AND Redfish.Login
Prashanth Kattife798812020-01-31 07:04:26 -0600[diff] [blame]750
751 # Description of argument(s):
752 # ldap_type The LDAP type ("ActiveDirectory" or "LDAP").
753 # group_privilege The group privilege ("Administrator", "Operator", "ReadOnly" or "NoAccess").
754 # group_name The group name of user.
755 # valid_status_code The expected valid status code.
756
Nagarjun B1b821612021-12-06 22:52:04 +0530[diff] [blame]757 # check Host state and do the power on/off if needed.
758 Verify Host Power Status On
759
Prashanth Kattife798812020-01-31 07:04:26 -0600[diff] [blame]760 Update LDAP Configuration with LDAP User Role And Group ${ldap_type}
761 ... ${group_privilege} ${group_name}
762
763 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
764
765 Redfish.Post ${REDFISH_POWER_URI}
766 ... body={'ResetType': 'ForceOff'} valid_status_codes=[${valid_status_code}]
767
Prashanth Kattia4f79292020-02-20 03:34:01 -0600[diff] [blame]768Update LDAP User Role And Host Poweron
769 [Documentation] Update LDAP user role and do host poweron.
770 [Arguments] ${ldap_type} ${group_privilege} ${group_name} ${valid_status_code}
771 [Teardown] Run Keywords Redfish.Logout AND Redfish.Login
772
773 # Description of argument(s):
774 # ldap_type The LDAP type ("ActiveDirectory" or "LDAP").
775 # group_privilege The group privilege ("Administrator", "Operator", "ReadOnly" or "NoAccess").
776 # group_name The group name of user.
777 # valid_status_code The expected valid status code.
778
Nagarjun B1b821612021-12-06 22:52:04 +0530[diff] [blame]779 # check Host state and do the power on/off if needed.
780 Verify Host Power Status Off
781
Prashanth Kattia4f79292020-02-20 03:34:01 -0600[diff] [blame]782 Update LDAP Configuration with LDAP User Role And Group ${ldap_type}
783 ... ${group_privilege} ${group_name}
784
785 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
786
787 Redfish.Post ${REDFISH_POWER_URI}
788 ... body={'ResetType': 'On'} valid_status_codes=[${valid_status_code}]
Prashanth Katti3dc8cc32020-03-04 11:11:01 -0600[diff] [blame]789
790
791Update LDAP User Role And Configure IP Address
792 [Documentation] Update LDAP user role and configure IP address.
793 [Arguments] ${ldap_type} ${group_privilege} ${group_name} ${valid_status_code}=${HTTP_OK}
794 [Teardown] Run Keywords Redfish.Logout AND Redfish.Login AND Delete IP Address ${test_ip}
795
796 # Description of argument(s):
797 # ldap_type The LDAP type ("ActiveDirectory" or "LDAP").
798 # group_privilege The group privilege ("Administrator", "Operator", "ReadOnly" or "NoAccess").
799 # group_name The group name of user.
800 # valid_status_code The expected valid status code.
801
802 Update LDAP Configuration with LDAP User Role And Group ${ldap_type}
803 ... ${group_privilege} ${group_name}
804
805 Redfish.Logout
806
807 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
808
Anves Kumar rayankula5bf342e2020-06-25 08:35:34 -0500[diff] [blame]809 ${test_gateway}= Get BMC Default Gateway
810
Prashanth Kattic2d06df2021-07-12 01:33:53 -0500[diff] [blame]811 Run Keyword If '${group_privilege}' == 'NoAccess'
812 ... Add IP Address With NoAccess User ${test_ip} ${test_mask} ${test_gateway} ${valid_status_code}
813 ... ELSE
814 ... Add IP Address ${test_ip} ${test_mask} ${test_gateway} ${valid_status_code}
Prashanth Kattif90c4742020-03-18 11:08:47 -0500[diff] [blame]815
816
817Update LDAP User Role And Delete IP Address
818 [Documentation] Update LDAP user role and delete IP address.
819 [Arguments] ${ldap_type} ${group_privilege} ${group_name} ${valid_status_code}=${HTTP_OK}
820 [Teardown] Run Keywords Redfish.Logout AND Redfish.Login AND Delete IP Address ${test_ip}
821
822 # Description of argument(s):
823 # ldap_type The LDAP type ("ActiveDirectory" or "LDAP").
824 # group_privilege The group privilege ("Administrator", "Operator", "ReadOnly" or "NoAccess").
825 # group_name The group name of user.
826 # valid_status_code The expected valid status code.
827
Anves Kumar rayankula5bf342e2020-06-25 08:35:34 -0500[diff] [blame]828 ${test_gateway}= Get BMC Default Gateway
829
Prashanth Kattif90c4742020-03-18 11:08:47 -0500[diff] [blame]830 # Configure IP address before deleting via LDAP user roles.
Anves Kumar rayankula5bf342e2020-06-25 08:35:34 -0500[diff] [blame]831 Add IP Address ${test_ip} ${test_mask} ${test_gateway}
Prashanth Kattif90c4742020-03-18 11:08:47 -0500[diff] [blame]832
833 Update LDAP Configuration with LDAP User Role And Group ${ldap_type}
834 ... ${group_privilege} ${group_name}
835
836 Redfish.Logout
837
838 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
839
Prashanth Kattic2d06df2021-07-12 01:33:53 -0500[diff] [blame]840 Run Keyword If '${group_privilege}' == 'NoAccess'
841 ... Delete IP Address With NoAccess User ${test_ip} ${valid_status_code}
842 ... ELSE
843 ... Delete IP Address ${test_ip} ${valid_status_code}
Prashanth Katti67e06202020-05-20 06:16:51 -0500[diff] [blame]844
845
846Update LDAP User Role And Read Network Configuration
847 [Documentation] Update LDAP user role and read network configuration.
848 [Arguments] ${ldap_type} ${group_privilege} ${group_name} ${valid_status_code}=${HTTP_OK}
849 [Teardown] Run Keywords Redfish.Logout AND Redfish.Login
850
851 # Description of argument(s):
852 # ldap_type The LDAP type ("ActiveDirectory" or "LDAP").
853 # group_privilege The group privilege ("Administrator", "Operator", "ReadOnly" or "NoAccess").
854 # group_name The group name of user.
855 # valid_status_code The expected valid status code.
856
857 Update LDAP Configuration with LDAP User Role And Group ${ldap_type}
858 ... ${group_privilege} ${group_name}
859
860 Redfish.Logout
861
862 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
863 Redfish.Get ${REDFISH_NW_ETH0_URI} valid_status_codes=[${valid_status_code}]
Anves Kumar rayankula5bf342e2020-06-25 08:35:34 -0500[diff] [blame]864
Prashanth Kattic2d06df2021-07-12 01:33:53 -0500[diff] [blame]865
866Add IP Address With NoAccess User
867 [Documentation] Add IP Address To BMC.
868 [Arguments] ${ip} ${subnet_mask} ${gateway}
869 ... ${valid_status_codes}=${HTTP_OK}
870
871 # Description of argument(s):
872 # ip IP address to be added (e.g. "10.7.7.7").
873 # subnet_mask Subnet mask for the IP to be added
874 # (e.g. "255.255.0.0").
875 # gateway Gateway for the IP to be added (e.g. "10.7.7.1").
876 # valid_status_codes Expected return code from patch operation
877 # (e.g. "200"). See prolog of rest_request
878 # method in redfish_plus.py for details.
879
880 # Logout from LDAP user.
881 Redfish.Logout
882
883 # Login with local user.
884 Redfish.Login
885
886 ${empty_dict}= Create Dictionary
887 ${ip_data}= Create Dictionary Address=${ip}
888 ... SubnetMask=${subnet_mask} Gateway=${gateway}
889
890 ${patch_list}= Create List
891 ${network_configurations}= Get Network Configuration
892 ${num_entries}= Get Length ${network_configurations}
893
894 FOR ${INDEX} IN RANGE 0 ${num_entries}
895 Append To List ${patch_list} ${empty_dict}
896 END
897
898 ${valid_status_codes}= Run Keyword If '${valid_status_codes}' == '${HTTP_OK}'
899 ... Set Variable ${HTTP_OK},${HTTP_NO_CONTENT}
900 ... ELSE Set Variable ${valid_status_codes}
901
902 # We need not check for existence of IP on BMC while adding.
903 Append To List ${patch_list} ${ip_data}
904 ${data}= Create Dictionary IPv4StaticAddresses=${patch_list}
905
906 ${active_channel_config}= Get Active Channel Config
907 ${ethernet_interface}= Set Variable ${active_channel_config['${CHANNEL_NUMBER}']['name']}
908
909 # Logout from local user.
910 Redfish.Logout
911
912 # Login from LDAP user and check if we can configure IP address.
913 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
914
915 Redfish.patch ${REDFISH_NW_ETH_IFACE}${ethernet_interface} body=&{data}
916 ... valid_status_codes=[${valid_status_codes}]
917
918
919Delete IP Address With NoAccess User
920 [Documentation] Delete IP Address Of BMC.
921 [Arguments] ${ip} ${valid_status_codes}=${HTTP_OK}
922
923 # Description of argument(s):
924 # ip IP address to be deleted (e.g. "10.7.7.7").
925 # valid_status_codes Expected return code from patch operation
926 # (e.g. "200"). See prolog of rest_request
927 # method in redfish_plus.py for details.
928
929 # Logout from LDAP user.
930 Redfish.Logout
931
932 # Login with local user.
933 Redfish.Login
934
935 ${empty_dict}= Create Dictionary
936 ${patch_list}= Create List
937
938 @{network_configurations}= Get Network Configuration
939 FOR ${network_configuration} IN @{network_configurations}
940 Run Keyword If '${network_configuration['Address']}' == '${ip}'
941 ... Append To List ${patch_list} ${null}
942 ... ELSE Append To List ${patch_list} ${empty_dict}
943 END
944
945 ${ip_found}= Run Keyword And Return Status List Should Contain Value
946 ... ${patch_list} ${null} msg=${ip} does not exist on BMC
947 Pass Execution If ${ip_found} == ${False} ${ip} does not exist on BMC
948
949 # Run patch command only if given IP is found on BMC
950 ${data}= Create Dictionary IPv4StaticAddresses=${patch_list}
951
952 ${active_channel_config}= Get Active Channel Config
953 ${ethernet_interface}= Set Variable ${active_channel_config['${CHANNEL_NUMBER}']['name']}
954
955 # Logout from local user.
956 Redfish.Logout
957
958 # Login from LDAP user and check if we can delete IP address.
959 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
960
961 Redfish.patch ${REDFISH_NW_ETH_IFACE}${ethernet_interface} body=&{data}
962 ... valid_status_codes=[${valid_status_codes}]
963
964 # Note: Network restart takes around 15-18s after patch request processing
965 Sleep ${NETWORK_TIMEOUT}s
966 Wait For Host To Ping ${OPENBMC_HOST} ${NETWORK_TIMEOUT}