Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / openbmc-test-automation / 39c0051801d3c4c9fa4999dd1dd70a0f60aa96ef / . / redfish / account_service / test_ldap_configuration.robot
blob: 8acc5d949e299d95e9307e1b9ad3f243f3664328 [file] [log] [blame]
Sivas SRR7d7bae32019-05-29 00:31:14 -0500[diff] [blame]1*** Settings ***
2Documentation Test Redfish LDAP user configuration.
3
Sivas SRRd21c9842019-06-21 05:41:18 -0500[diff] [blame]4Library ../../lib/gen_robot_valid.py
Sivas SRR7d7bae32019-05-29 00:31:14 -0500[diff] [blame]5Resource ../../lib/resource.robot
6Resource ../../lib/bmc_redfish_resource.robot
7Resource ../../lib/openbmc_ffdc.robot
Sivas SRRf4ec6492019-06-16 01:59:30 -0500[diff] [blame]8Library ../../lib/gen_robot_valid.py
Sivas SRR7d7bae32019-05-29 00:31:14 -0500[diff] [blame]9
10Suite Setup Suite Setup Execution
Sivas SRR939b4b12019-06-26 00:01:59 -0500[diff] [blame]11Suite Teardown Run Keywords Restore LDAP Privilege AND Redfish.Logout
Sivas SRRf4ec6492019-06-16 01:59:30 -0500[diff] [blame]12Test Teardown FFDC On Test Case Fail
Sivas SRR7d7bae32019-05-29 00:31:14 -0500[diff] [blame]13
Sivas SRR9358b5c2019-06-06 04:57:03 -0500[diff] [blame]14Force Tags LDAP_Test
15
Sivas SRRf4ec6492019-06-16 01:59:30 -0500[diff] [blame]16*** Variables ***
17${old_ldap_privilege} ${EMPTY}
Sivas SRRd21c9842019-06-21 05:41:18 -0500[diff] [blame]18&{old_account_service} &{EMPTY}
Sivas SRRf4ec6492019-06-16 01:59:30 -0500[diff] [blame]19
Sivas SRR7d7bae32019-05-29 00:31:14 -0500[diff] [blame]20** Test Cases **
21
22Verify LDAP Configuration Exist
23 [Documentation] Verify LDAP configuration is available.
24 [Tags] Verify_LDAP_Configuration_Exist
25
26 ${resp}= Redfish.Get Attribute ${REDFISH_BASE_URI}AccountService
27 ... ${LDAP_TYPE} default=${EMPTY}
28 Should Not Be Empty ${resp} msg=LDAP configuration is not defined.
29
30
31Verify LDAP User Login
32 [Documentation] Verify LDAP user able to login into BMC.
33 [Tags] Verify_LDAP_User_Login
34
35 ${resp}= Run Keyword And Return Status Redfish.Login ${LDAP_USER}
36 ... ${LDAP_USER_PASSWORD}
37 Should Be Equal ${resp} ${True} msg=LDAP user is not able to login.
Sivas SRR939b4b12019-06-26 00:01:59 -0500[diff] [blame]38 Redfish.Logout
39 Redfish.Login
Sivas SRR7d7bae32019-05-29 00:31:14 -0500[diff] [blame]40
41
42Verify LDAP Service Available
43 [Documentation] Verify LDAP service is available.
44 [Tags] Verify_LDAP_Service_Available
45
46 @{ldap_configuration}= Get LDAP Configuration ${LDAP_TYPE}
47 Should Contain ${ldap_configuration} LDAPService
48 ... msg=LDAPService is not available.
49
50
Sivas SRR108f9d32019-06-03 10:05:34 -0500[diff] [blame]51Verify LDAP Login Works After BMC Reboot
52 [Documentation] Verify LDAP login works after BMC reboot.
53 [Tags] Verify_LDAP_Login_Works_After_BMC_Reboot
54
55 Redfish OBMC Reboot (off)
56 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
57 Redfish.Logout
Sivas SRR939b4b12019-06-26 00:01:59 -0500[diff] [blame]58 Redfish.Login
Sivas SRR108f9d32019-06-03 10:05:34 -0500[diff] [blame]59
60
61Verify LDAP User With Admin Privilege Able To Do BMC Reboot
62 [Documentation] Verify LDAP user with administrator privilege able to do BMC reboot.
63 [Tags] Verify_LDAP_User_With_Admin_Privilege_Able_To_Do_BMC_Reboot
64
65
66 Update LDAP Configuration with LDAP User Role And Group ${LDAP_TYPE}
67 ... ${GROUP_PRIVILEGE} ${GROUP_NAME}
68 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
69 # With LDAP user and with right privilege trying to do BMC reboot.
70 Redfish OBMC Reboot (off)
71 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
72 Redfish.Logout
Sivas SRR939b4b12019-06-26 00:01:59 -0500[diff] [blame]73 Redfish.Login
Sivas SRR108f9d32019-06-03 10:05:34 -0500[diff] [blame]74
75
Sivas SRR2b83ec02019-07-12 11:30:20 -0500[diff] [blame]76Verify LDAP User With Operator Privilege Able To Do Host Poweroff
77 [Documentation] Verify LDAP user with operator privilege can do host power off.
78 [Tags] Verify_LDAP_User_With_Operator_Privilege_Able_To_Do_Host_Poweroff
Sivas SRRf4ec6492019-06-16 01:59:30 -0500[diff] [blame]79 [Teardown] Restore LDAP Privilege
80
Sivas SRRf4ec6492019-06-16 01:59:30 -0500[diff] [blame]81 Update LDAP Configuration with LDAP User Role And Group ${LDAP_TYPE}
82 ... Operator ${GROUP_NAME}
Sivas SRRf4ec6492019-06-16 01:59:30 -0500[diff] [blame]83
84 ${ldap_config}= Redfish.Get Properties ${REDFISH_BASE_URI}AccountService
85 ${new_ldap_privilege}= Set Variable
86 ... ${ldap_config["LDAP"]["RemoteRoleMapping"][0]["LocalRole"]}
87 Should Be Equal ${new_ldap_privilege} Operator
88 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
Sivas SRR2b83ec02019-07-12 11:30:20 -0500[diff] [blame]89 # Verify that the LDAP user with operator privilege is able to power the system off.
90 Redfish.Post ${REDFISH_POWER_URI}
Sivas SRR3d82b3c2019-07-12 12:20:04 -0500[diff] [blame]91 ... body={'ResetType': 'ForceOff'} valid_status_codes=[200]
Sivas SRRf4ec6492019-06-16 01:59:30 -0500[diff] [blame]92 Redfish.Logout
Sivas SRR939b4b12019-06-26 00:01:59 -0500[diff] [blame]93 Redfish.Login
Sivas SRRf4ec6492019-06-16 01:59:30 -0500[diff] [blame]94
95
Sivas SRRd21c9842019-06-21 05:41:18 -0500[diff] [blame]96Verify AccountLockout Attributes Set To Zero
97 [Documentation] Verify attribute AccountLockoutDuration and
98 ... AccountLockoutThreshold are set to 0.
99 [Teardown] Run Keywords Restore AccountLockout Attributes AND
100 ... FFDC On Test Case Fail
101 [Tags] Verify_AccountLockout_Attributes_Set_To_Zero
102
103 ${old_account_service}= Redfish.Get Properties
104 ... ${REDFISH_BASE_URI}AccountService
Michael Walsh39c00512019-07-17 10:54:06 -0500[diff] [blame^]105 Rprint Vars old_account_service
Sivas SRRd21c9842019-06-21 05:41:18 -0500[diff] [blame]106 Redfish.Patch ${REDFISH_BASE_URI}AccountService
107 ... body=[('AccountLockoutDuration', 0)]
108 Redfish.Patch ${REDFISH_BASE_URI}AccountService
109 ... body=[('AccountLockoutThreshold', 0)]
110
111
Sivas SRR939b4b12019-06-26 00:01:59 -0500[diff] [blame]112Verify LDAP User With Read Privilege Able To Check Inventory
113 [Documentation] Verify LDAP user with read privilege able to
114 ... read firmware inventory.
115 [Tags] Verify_LDAP_User_With_Read_Privilege_Able_To_Check_Inventory
116 [Teardown] Run Keywords FFDC On Test Case Fail AND Restore LDAP Privilege
117 [Template] Set Read Privilege And Check Firmware Inventory
118
119 User
120 Callback
121
122
123Verify LDAP User With Read Privilege Should Not Do Host Poweron
124 [Documentation] Verify LDAP user with read privilege should not be
125 ... allowed to power on the host.
126 [Tags] Verify_LDAP_User_With_Read_Privilege_Should_Not_Do_Host_Poweron
127 [Teardown] Run Keywords FFDC On Test Case Fail AND Restore LDAP Privilege
128 [Template] Set Read Privilege And Check Poweron
129
130 User
131 Callback
132
133
Sivas SRR7d7bae32019-05-29 00:31:14 -0500[diff] [blame]134*** Keywords ***
Sivas SRRd21c9842019-06-21 05:41:18 -0500[diff] [blame]135
136Restore AccountLockout Attributes
137 [Documentation] Restore AccountLockout Attributes.
138
139 Return From Keyword If &{old_account_service} == &{EMPTY}
140 Redfish.Patch ${REDFISH_BASE_URI}AccountService
141 ... body=[('AccountLockoutDuration', ${old_account_service['AccountLockoutDuration']})]
142 Redfish.Patch ${REDFISH_BASE_URI}AccountService
143 ... body=[('AccountLockoutDuration', ${old_account_service['AccountLockoutThreshold']})]
144
145
Sivas SRR7d7bae32019-05-29 00:31:14 -0500[diff] [blame]146Suite Setup Execution
147 [Documentation] Do suite setup tasks.
148
Sivas SRRd21c9842019-06-21 05:41:18 -0500[diff] [blame]149 Rvalid Value LDAP_TYPE valid_values=["ActiveDirectory", "LDAP"]
Sivas SRRf4ec6492019-06-16 01:59:30 -0500[diff] [blame]150 Rvalid Value LDAP_USER
151 Rvalid Value LDAP_USER_PASSWORD
152 Rvalid Value GROUP_PRIVILEGE
153 Rvalid Value GROUP_NAME
154 Redfish.Login
155 # Call 'Get LDAP Configuration' to verify that LDAP configuration exists.
Sivas SRR7d7bae32019-05-29 00:31:14 -0500[diff] [blame]156 Get LDAP Configuration ${LDAP_TYPE}
Sivas SRR939b4b12019-06-26 00:01:59 -0500[diff] [blame]157 ${old_ldap_privilege}= Get LDAP Privilege
Sivas SRR7d7bae32019-05-29 00:31:14 -0500[diff] [blame]158
159
Sivas SRR939b4b12019-06-26 00:01:59 -0500[diff] [blame]160Set Read Privilege And Check Firmware Inventory
161 [Documentation] Set read privilege and check firmware inventory.
162 [Arguments] ${read_privilege}
163
164 # Description of argument(s):
165 # read_privilege The read privilege role (e.g. "User" / "Callback").
166
167 Update LDAP Configuration with LDAP User Role And Group ${LDAP_TYPE}
168 ... ${read_privilege} ${GROUP_NAME}
169
170 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
171 # Verify that the LDAP user with read privilege is able to read inventory.
172 ${resp}= Redfish.Get /redfish/v1/UpdateService/FirmwareInventory
173 Should Be True ${resp.dict["Members@odata.count"]} >= ${1}
174 Length Should Be ${resp.dict["Members"]} ${resp.dict["Members@odata.count"]}
Sivas SRRd21c9842019-06-21 05:41:18 -0500[diff] [blame]175 Redfish.Logout
Sivas SRR939b4b12019-06-26 00:01:59 -0500[diff] [blame]176 Redfish.Login
177
178
179Set Read Privilege And Check Poweron
180 [Documentation] Set read privilege and power on should not be possible.
181 [Arguments] ${read_privilege}
182
183 # Description of argument(s):
184 # read_privilege The read privilege role (e.g. "User" / "Callback").
185
186 Update LDAP Configuration with LDAP User Role And Group ${LDAP_TYPE}
187 ... ${read_privilege} ${GROUP_NAME}
188 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
189 Redfish.Post ${REDFISH_POWER_URI}
190 ... body={'ResetType': 'On'} valid_status_codes=[401, 403]
191 Redfish.Logout
192 Redfish.Login
Sivas SRRd21c9842019-06-21 05:41:18 -0500[diff] [blame]193
194
Sivas SRR7d7bae32019-05-29 00:31:14 -0500[diff] [blame]195Get LDAP Configuration
196 [Documentation] Retrieve LDAP Configuration.
197 [Arguments] ${ldap_type}
198
199 # Description of argument(s):
200 # ldap_type The LDAP type ("ActiveDirectory" or "LDAP").
201
202 ${ldap_config}= Redfish.Get Properties ${REDFISH_BASE_URI}AccountService
203 [Return] ${ldap_config["${ldap_type}"]}
Sivas SRR108f9d32019-06-03 10:05:34 -0500[diff] [blame]204
205
206Update LDAP Configuration with LDAP User Role And Group
207 [Documentation] Update LDAP configuration update with LDAP user Role and group.
208 [Arguments] ${ldap_type} ${group_privilege} ${group_name}
209
210 # Description of argument(s):
211 # ldap_type The LDAP type ("ActiveDirectory" or "LDAP").
212 # group_privilege The group privilege ("Administrator", "Operator", "User" or "Callback").
213 # group_name The group name of user.
214
215 ${local_role_remote_group}= Create Dictionary LocalRole=${group_privilege} RemoteGroup=${group_name}
216 ${remote_role_mapping}= Create List ${local_role_remote_group}
217 ${ldap_data}= Create Dictionary RemoteRoleMapping=${remote_role_mapping}
218 ${payload}= Create Dictionary ${ldap_type}=${ldap_data}
219 Redfish.Patch ${REDFISH_BASE_URI}AccountService body=&{payload}
Sivas SRR939b4b12019-06-26 00:01:59 -0500[diff] [blame]220 # Provide adequate time for LDAP daemon to restart after the update.
221 Sleep 10s
Sivas SRR108f9d32019-06-03 10:05:34 -0500[diff] [blame]222
Sivas SRRf4ec6492019-06-16 01:59:30 -0500[diff] [blame]223
224Get LDAP Privilege
225 [Documentation] Get LDAP privilege and return it.
226
227 ${ldap_config}= Get LDAP Configuration ${LDAP_TYPE}
228 [Return] ${ldap_config["RemoteRoleMapping"][0]["LocalRole"]}
229
230
231Restore LDAP Privilege
232 [Documentation] Restore the LDAP privilege to its original value.
233
Sivas SRR939b4b12019-06-26 00:01:59 -0500[diff] [blame]234 Return From Keyword If '${old_ldap_privilege}' == '${EMPTY}'
235 # Log back in to restore the original privilege.
Sivas SRRf4ec6492019-06-16 01:59:30 -0500[diff] [blame]236 Update LDAP Configuration with LDAP User Role And Group ${LDAP_TYPE}
237 ... ${old_ldap_privilege} ${GROUP_NAME}