Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / openbmc-test-automation / 1d3e4bed48c5dddc209faebb4f207b68b6f125a5 / . / lib / user_utils.robot
blob: 893dd72a81f134c3176111b48a0a49dd9f1155be [file] [log] [blame]
Sivas SRR1d3e4be2018-11-20 07:35:50 -0600[diff] [blame^]1*** Settings ***
2Documentation OpenBMC user management keywords.
3
4Resource ../lib/rest_client.robot
5Resource ../lib/openbmc_ffdc.robot
6Resource ../lib/utils.robot
7Library SSHLibrary
8
9Test Teardown Test Teardown Execution
10
11*** Variables ****
12
13${test_password} 0penBmc123
14
15*** Keywords ***
16
17Test Teardown Execution
18 [Documentation] Do test teardown task.
19
20 # REST Login to BMC with new "root" password.
21 Initialize OpenBMC REST_PASSWORD=${test_password}
22 Update Root Password
23 Sleep 5 s
24 Delete All Sessions
25
26 # SSH Login to BMC with user default "root" password.
27 SSHLibrary.Open Connection ${OPENBMC_HOST}
28 Login ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD}
29
30 # REST Login to BMC with user default "root" password.
31 Initialize OpenBMC
32
33 FFDC On Test Case Fail
34 Close All Connections
35
36
37Create Group And Privilege
38 [Documentation] Create group and privilege for users.
39 [Arguments] ${user_group} ${user_privilege}
40
41 # Description of argument(s):
42 # user_group User group.
43 # user_privilege User privilege like priv-admin, priv-user.
44
45 @{ldap_parm_list}= Create List ${user_group} ${user_privilege}
46
47 ${data}= Create Dictionary data=@{ldap_parm_list}
48
49 ${resp}= OpenBMC Post Request
50 ... ${BMC_USER_URI}ldap/action/Create data=${data}
51 Should Be Equal As Strings ${resp.status_code} ${HTTP_OK}
52 ... msg=Updating the new root password failed. RC=${resp.status_code}.
53
54
55Create Privilege
56 [Documentation] Create privilege as priv-admin.
57 [Arguments] ${user_privilege}
58
59 Create Group And Privilege ${GROUP_NAME} ${user_privilege}
60 ${bmc_user_uris}= Read Properties ${BMC_USER_URI}ldap/enumerate
61 # Sample output:
62 # "data": {
63 # "/xyz/openbmc_project/user/ldap/13": {
64 # "GroupName": "redfish",
65 # "Privilege": "priv-admin"
66 # },
67 # "/xyz/openbmc_project/user/ldap/15": {
68 # "GroupName": "openldapgroup",
69 # "Privilege": "priv-admin"
70 # },
71 # "/xyz/openbmc_project/user/ldap/config": {
72 # "LDAPBaseDN": "dc=ldap,dc=com",
73 # "LDAPBindDN": "cn=Administrator,dc=ldap,dc=com",
74 # "LDAPSearchScope": "xyz.openbmc_project.User.Ldap.Config.SearchScope.sub",
75 # "LDAPServerURI": "ldaps://fspldaptest.in.ibm.com/",
76 # "LDAPType": "xyz.openbmc_project.User.Ldap.Config.Type.OpenLdap"
77 # }
78 #}
79
80 ${bmc_user_uris}= Convert To String ${bmc_user_uris}
81 Should Contain ${bmc_user_uris} ${user_privilege}
82 ... msg=Could not create ${user_privilege} privilege.
83
84
85Suite Setup Execution
86 [Documentation] Do the initial suite setup.
87
88 # Validating external user parameters.
89 Should Not Be Empty ${LDAP_SERVER_URI}
90 Should Not Be Empty ${LDAP_BIND_DN}
91 Should Not Be Empty ${LDAP_BASE_DN}
92 Should Not Be Empty ${LDAP_BIND_DN_PASSWORD}
93 Should Not Be Empty ${LDAP_SEARCH_SCOPE}
94 Should Not Be Empty ${LDAP_SERVER_TYPE}
95
96Check LDAP Service Running
97 [Documentation] Check LDAP service running in BMC.
98
99 BMC Execute Command systemctl | grep -in ldap
100
101
102Configure LDAP Server On BMC
103 [Documentation] Configure LDAP Server On BMC.
104
105 @{ldap_parm_list}= Create List
106 ... ${LDAP_SERVER_URI} ${LDAP_BIND_DN}
107 ... ${LDAP_BASE_DN} ${LDAP_BIND_DN_PASSWORD} ${LDAP_SEARCH_SCOPE}
108 ... ${LDAP_SERVER_TYPE}
109
110 ${data}= Create Dictionary data=@{ldap_parm_list}
111
112 ${resp}= OpenBMC Post Request
113 ... ${BMC_LDAP_URI}/action/CreateConfig data=${data}
114 Should Be Equal As Strings ${resp.status_code} ${HTTP_OK}
115
116
117Check LDAP Config File Generated
118 [Documentation] Check LDAP file nslcd.conf generated.
119 [Arguments] ${ldap_server_uri}=${LDAP_SERVER_URI}
120
121 # Description of argument(s):
122 # ldap_server_uri The LDAP server uri (e.g. "ldap://x.x.x.x/" for non-secured or ""ldaps://x.x.x.x/"" for secured).
123
124 ${ldap_server_config}= Read Properties ${BMC_USER_URI}ldap/enumerate
125 ${ldap_server_config}= Convert To String ${ldap_server_config}
126 Should Contain ${ldap_server_config} ${ldap_server_uri}
127 ... msg=${ldap_server_uri} is not configured.
128
129
130Delete LDAP Config
131 [Documentation] Delete LDAP Config via REST.
132
133 ${data}= Create Dictionary data=@{EMPTY}
134 ${resp}= OpenBMC Post Request
135 ... ${BMC_LDAP_URI}/config/action/delete data=${data}
136
137 Should Be Equal As Strings ${resp.status_code} ${HTTP_OK}
138
139
140Check LDAP Config File Deleted
141 [Documentation] Check LDAP file nslcd.conf deleted.
142
143 ${ldap_server_config}= Read Properties ${BMC_USER_URI}ldap/enumerate
144 ${ldap_server_config}= Convert To String ${ldap_server_config}
145
146 Should Not Contain ${ldap_server_config} ${LDAP_SERVER_URI}
147 ... msg=${ldap_server_config} is not configured.
148
149
150Modify LDAP Search Scope
151 [Documentation] Modify LDAP search scope parameter in LDAP config.
152 [Arguments] ${search_scope}=${LDAP_SEARCH_SCOPE}
153
154 # Description of argument(s):
155 # search_scope Contains ldap search scope (e.g. "xyz.openbmc_project.User.Ldap.Config.SearchScope.one").
156
157 ${search_scope_dict}= Create Dictionary data=${search_scope}
158 Write Attribute ${BMC_LDAP_URI}/config LDAPSearchScope data=${search_scope_dict}
159 ... verify=${True} expected_value=${search_scope}
160
161
162Modify LDAP Server Type
163 [Documentation] Modify LDAP server type parameter in LDAP config.
164 [Arguments] ${ldap_type}=${LDAP_SERVER_TYPE}
165
166 # Description of argument(s):
167 # ldap_type Contains ldap server type (e.g. "xyz.openbmc_project.User.Ldap.Config.Type.ActiveDirectory").
168
169 ${ldap_type_dict}= Create Dictionary data=${ldap_type}
170 Write Attribute ${BMC_LDAP_URI}/config LDAPType data=${ldap_type_dict}
171 ... verify=${True} expected_value=${ldap_type}
172
173
174Get LDAP Entries
175 [Documentation] Get LDAP entries and return the object list.
176
177 ${ldap_entry_list}= Create List
178 ${resp}= OpenBMC Get Request ${BMC_USER_URI}ldap/enumerate quiet=${1}
179 Return From Keyword If ${resp.status_code} == ${HTTP_NOT_FOUND}
180 ${jsondata}= To JSON ${resp.content}
181
182 :FOR ${entry} IN @{jsondata["data"]}
183 \ Continue For Loop If '${entry.rsplit('/', 1)[1]}' == 'callout'
184 \ Append To List ${ldap_entry_list} ${entry}
185
186 # LDAP entries list.
187 # ['/xyz/openbmc_project/user/ldap/1',
188 # '/xyz/openbmc_project/user/ldap/2']
189 [Return] ${ldap_entry_list}
190
191
192Defined LDAP Group Entry Should Exist
193 [Documentation] Find the matching group and return the entry id.
194 [Arguments] ${user_group}
195
196 # Description of argument(s):
197 # user_group(s) contain LDAP user group string. Example: "Domain Admins"
198
199 @{ldap_entries}= Get LDAP Entries
200
201 :FOR ${ldap_entry} IN @{ldap_entries}
202 \ ${resp}= Read Properties ${ldap_entry}
203 \ ${status}= Run Keyword And Return Status
204 ... Should Be Equal As Strings ${user_group} ${resp["GroupName"]}
205 \ Return From Keyword If ${status} == ${TRUE} ${ldap_entry}
206
207 Fail No ${user_group} LDAP user group entry found.
208
209Delete Defined LDAP Group And Privilege
210 [Documentation] Delete LDAP group and its privilege.
211 [Arguments] ${user_group}
212 # user_group(s) contain LDAP user group string. Example: "Domain Admins"
213
214 # Description of argument(s):
215
216 ${ldap_entry_id}= Defined LDAP Group Entry Should Exist ${user_group}
217 ${data}= Create Dictionary data=@{EMPTY}
218 ${resp}= OpenBMC Post Request ${ldap_entry_id}/action/delete data=${data}
219 Should Be Equal As Strings ${resp.status_code} ${HTTP_OK}