Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / openbmc-test-automation / 4fc2415d777835e5dfd2704137a848be9c10a254 / . / redfish / account_service / test_ldap_configuration.robot
blob: 074dc17c0165c2e2773876e4b8358646d3c4e9a7 [file] [log] [blame]
Sivas SRR7d7bae32019-05-29 00:31:14 -0500[diff] [blame]1*** Settings ***
2Documentation Test Redfish LDAP user configuration.
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]3
Sivas SRRd21c9842019-06-21 05:41:18 -0500[diff] [blame]4Library ../../lib/gen_robot_valid.py
Sivas SRR7d7bae32019-05-29 00:31:14 -0500[diff] [blame]5Resource ../../lib/bmc_redfish_resource.robot
nagarjunb2200108dc2022-07-12 21:50:45 +0530[diff] [blame]6Resource ../../lib/utils.robot
George Keishingdb553df2022-12-15 10:53:04 -0600[diff] [blame]7Resource ../../lib/openbmc_ffdc.robot
Prashanth Katti3dc8cc32020-03-04 11:11:01 -0600[diff] [blame]8Resource ../../lib/bmc_network_utils.robot
Anves Kumar rayankula04bc48c2021-07-08 23:33:37 -0500[diff] [blame]9Resource ../../lib/bmc_ldap_utils.robot
Sivas SRR7d7bae32019-05-29 00:31:14 -0500[diff] [blame]10
11Suite Setup Suite Setup Execution
nagarjunb2200108dc2022-07-12 21:50:45 +0530[diff] [blame]12Suite Teardown LDAP Suite Teardown Execution
13Test Teardown Run Keywords Redfish.Login AND FFDC On Test Case Fail
Matt Fischer6fb70d92023-10-24 19:06:33 -0600[diff] [blame]14Test Tags Ldap_Configuration
Sivas SRR9358b5c2019-06-06 04:57:03 -0500[diff] [blame]15
Sivas SRRf4ec6492019-06-16 01:59:30 -0500[diff] [blame]16*** Variables ***
Nagarjun B1b821612021-12-06 22:52:04 +0530[diff] [blame]17${old_ldap_privilege} Administrator
Sivas SRRd21c9842019-06-21 05:41:18 -0500[diff] [blame]18&{old_account_service} &{EMPTY}
Sivas SRR873de8e2019-09-26 00:37:53 -0500[diff] [blame]19&{old_ldap_config} &{EMPTY}
20${hostname} ${EMPTY}
Prashanth Katti3dc8cc32020-03-04 11:11:01 -0600[diff] [blame]21${test_ip} 10.6.6.6
22${test_mask} 255.255.255.0
Sivas SRRf4ec6492019-06-16 01:59:30 -0500[diff] [blame]23
Sivas SRR7d7bae32019-05-29 00:31:14 -0500[diff] [blame]24** Test Cases **
25
Sivas SRRb1b85752019-07-04 01:28:28 -0500[diff] [blame]26Verify LDAP Configuration Created
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]27 [Documentation] Verify that LDAP configuration created.
Sivas SRRb1b85752019-07-04 01:28:28 -0500[diff] [blame]28 [Tags] Verify_LDAP_Configuration_Created
29
30 Create LDAP Configuration
31 # Call 'Get LDAP Configuration' to verify that LDAP configuration exists.
32 Get LDAP Configuration ${LDAP_TYPE}
33 Sleep 10s
34 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
35 Redfish.Logout
Sivas SRRb1b85752019-07-04 01:28:28 -0500[diff] [blame]36
37
ganesanb628874f2023-05-12 01:11:43 +0000[diff] [blame]38Verify Redfish LDAP Service Disable
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]39 [Documentation] Verify that LDAP is disabled and that LDAP user cannot
40 ... login.
ganesanb628874f2023-05-12 01:11:43 +0000[diff] [blame]41 [Tags] Verify_Redfish_LDAP_Service_Disable
Sivas SRRb1b85752019-07-04 01:28:28 -0500[diff] [blame]42
43 Redfish.Patch ${REDFISH_BASE_URI}AccountService
44 ... body={'${LDAP_TYPE}': {'ServiceEnabled': ${False}}}
Sweta Potthuri1361cd02025-03-10 04:27:56 -0500[diff] [blame]45 ... valid_status_codes=[${HTTP_OK},${HTTP_NO_CONTENT}]
Sivas SRRb1b85752019-07-04 01:28:28 -0500[diff] [blame]46 Sleep 15s
47 ${resp}= Run Keyword And Return Status Redfish.Login ${LDAP_USER}
48 ... ${LDAP_USER_PASSWORD}
George Keishing333bb722019-12-11 11:40:49 -0600[diff] [blame]49 Should Be Equal ${resp} ${False}
50 ... msg=LDAP user was able to login even though the LDAP service was disabled.
Sivas SRRb1b85752019-07-04 01:28:28 -0500[diff] [blame]51 Redfish.Logout
52 Redfish.Login
53 # Enabling LDAP so that LDAP user works.
54 Redfish.Patch ${REDFISH_BASE_URI}AccountService
55 ... body={'${LDAP_TYPE}': {'ServiceEnabled': ${True}}}
Sweta Potthuri1361cd02025-03-10 04:27:56 -0500[diff] [blame]56 ... valid_status_codes=[${HTTP_OK},${HTTP_NO_CONTENT}]
Sivas SRRb1b85752019-07-04 01:28:28 -0500[diff] [blame]57 Redfish.Logout
Sivas SRRb1b85752019-07-04 01:28:28 -0500[diff] [blame]58
59
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]60Verify LDAP Login With ServiceEnabled
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]61 [Documentation] Verify that LDAP Login with ServiceEnabled.
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]62 [Tags] Verify_LDAP_Login_With_ServiceEnabled
63
64 Disable Other LDAP
65 # Actual service enablement.
66 Redfish.Patch ${REDFISH_BASE_URI}AccountService
67 ... body={'${LDAP_TYPE}': {'ServiceEnabled': ${True}}}
Sweta Potthuri1361cd02025-03-10 04:27:56 -0500[diff] [blame]68 ... valid_status_codes=[${HTTP_OK},${HTTP_NO_CONTENT}]
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]69 Sleep 15s
70 # After update, LDAP login.
71 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
72 Redfish.Logout
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]73
74
75Verify LDAP Login With Correct AuthenticationType
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]76 [Documentation] Verify that LDAP Login with right AuthenticationType.
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]77 [Tags] Verify_LDAP_Login_With_Correct_AuthenticationType
78
79 Redfish.Patch ${REDFISH_BASE_URI}AccountService
80 ... body={'${ldap_type}': {'Authentication': {'AuthenticationType':'UsernameAndPassword'}}}
Sweta Potthuri1361cd02025-03-10 04:27:56 -0500[diff] [blame]81 ... valid_status_codes=[${HTTP_OK},${HTTP_NO_CONTENT}]
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]82 Sleep 15s
83 # After update, LDAP login.
84 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
85 Redfish.Logout
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]86
87
88Verify LDAP Config Update With Incorrect AuthenticationType
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]89 [Documentation] Verify that invalid AuthenticationType is not updated.
George Keishing5236ec52022-01-31 12:07:58 -0600[diff] [blame]90 [Tags] Verify_LDAP_Config_Update_With_Incorrect_AuthenticationType
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]91
George Keishing2d0804e2019-12-12 22:27:05 -0600[diff] [blame]92 ${body}= Catenate {'${ldap_type}': {'Authentication': {'AuthenticationType':'KerberosKeytab'}}}
Prashanth Katti7d38a092020-01-10 06:01:09 -0600[diff] [blame]93
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]94 Redfish.Patch ${REDFISH_BASE_URI}AccountService
Prashanth Katti7d38a092020-01-10 06:01:09 -0600[diff] [blame]95 ... body=${body} valid_status_codes=[400]
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]96
97
98Verify LDAP Login With Correct LDAP URL
99 [Documentation] Verify LDAP Login with right LDAP URL.
100 [Tags] Verify_LDAP_Login_With_Correct_LDAP_URL
101
102 Config LDAP URL ${LDAP_SERVER_URI}
103
104
105Verify LDAP Config Update With Incorrect LDAP URL
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]106 [Documentation] Verify that LDAP Login fails with invalid LDAP URL.
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]107 [Tags] Verify_LDAP_Config_Update_With_Incorrect_LDAP_URL
108 [Teardown] Run Keywords Restore LDAP URL AND
109 ... FFDC On Test Case Fail
110
Prashanth Katti7d38a092020-01-10 06:01:09 -0600[diff] [blame]111 Config LDAP URL ldap://1.2.3.4/ ${FALSE}
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]112
Sivas SRR7d7bae32019-05-29 00:31:14 -0500[diff] [blame]113Verify LDAP Configuration Exist
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]114 [Documentation] Verify that LDAP configuration is available.
Sivas SRR7d7bae32019-05-29 00:31:14 -0500[diff] [blame]115 [Tags] Verify_LDAP_Configuration_Exist
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]116
Sivas SRR7d7bae32019-05-29 00:31:14 -0500[diff] [blame]117 ${resp}= Redfish.Get Attribute ${REDFISH_BASE_URI}AccountService
118 ... ${LDAP_TYPE} default=${EMPTY}
119 Should Not Be Empty ${resp} msg=LDAP configuration is not defined.
120
121
122Verify LDAP User Login
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]123 [Documentation] Verify that LDAP user able to login into BMC.
Sivas SRR7d7bae32019-05-29 00:31:14 -0500[diff] [blame]124 [Tags] Verify_LDAP_User_Login
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]125
126 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
Sivas SRR939b4b12019-06-26 00:01:59 -0500[diff] [blame]127 Redfish.Logout
Sivas SRR7d7bae32019-05-29 00:31:14 -0500[diff] [blame]128
129
130Verify LDAP Service Available
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]131 [Documentation] Verify that LDAP service is available.
Sivas SRR7d7bae32019-05-29 00:31:14 -0500[diff] [blame]132 [Tags] Verify_LDAP_Service_Available
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]133
Sivas SRR7d7bae32019-05-29 00:31:14 -0500[diff] [blame]134 @{ldap_configuration}= Get LDAP Configuration ${LDAP_TYPE}
135 Should Contain ${ldap_configuration} LDAPService
136 ... msg=LDAPService is not available.
137
138
Sivas SRR108f9d32019-06-03 10:05:34 -0500[diff] [blame]139Verify LDAP Login Works After BMC Reboot
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]140 [Documentation] Verify that LDAP login works after BMC reboot.
Sivas SRR108f9d32019-06-03 10:05:34 -0500[diff] [blame]141 [Tags] Verify_LDAP_Login_Works_After_BMC_Reboot
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]142
Sivas SRR108f9d32019-06-03 10:05:34 -0500[diff] [blame]143 Redfish OBMC Reboot (off)
144 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
145 Redfish.Logout
146
147
148Verify LDAP User With Admin Privilege Able To Do BMC Reboot
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]149 [Documentation] Verify that LDAP user with administrator privilege able to do BMC reboot.
Sivas SRR108f9d32019-06-03 10:05:34 -0500[diff] [blame]150 [Tags] Verify_LDAP_User_With_Admin_Privilege_Able_To_Do_BMC_Reboot
151
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]152
Sivas SRR108f9d32019-06-03 10:05:34 -0500[diff] [blame]153 Update LDAP Configuration with LDAP User Role And Group ${LDAP_TYPE}
154 ... ${GROUP_PRIVILEGE} ${GROUP_NAME}
155 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
156 # With LDAP user and with right privilege trying to do BMC reboot.
157 Redfish OBMC Reboot (off)
158 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
159 Redfish.Logout
160
161
Sivas SRR2b83ec02019-07-12 11:30:20 -0500[diff] [blame]162Verify LDAP User With Operator Privilege Able To Do Host Poweroff
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]163 [Documentation] Verify that LDAP user with operator privilege can do host
164 ... power off.
Sivas SRR2b83ec02019-07-12 11:30:20 -0500[diff] [blame]165 [Tags] Verify_LDAP_User_With_Operator_Privilege_Able_To_Do_Host_Poweroff
Sivas SRRf4ec6492019-06-16 01:59:30 -0500[diff] [blame]166 [Teardown] Restore LDAP Privilege
167
Sivas SRRf4ec6492019-06-16 01:59:30 -0500[diff] [blame]168 Update LDAP Configuration with LDAP User Role And Group ${LDAP_TYPE}
169 ... Operator ${GROUP_NAME}
Sivas SRRf4ec6492019-06-16 01:59:30 -0500[diff] [blame]170
Sivas SRRf4ec6492019-06-16 01:59:30 -0500[diff] [blame]171 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
Sivas SRR2b83ec02019-07-12 11:30:20 -0500[diff] [blame]172 # Verify that the LDAP user with operator privilege is able to power the system off.
173 Redfish.Post ${REDFISH_POWER_URI}
Sivas SRR3d82b3c2019-07-12 12:20:04 -0500[diff] [blame]174 ... body={'ResetType': 'ForceOff'} valid_status_codes=[200]
Sweta Potthuri1361cd02025-03-10 04:27:56 -0500[diff] [blame]175 ... valid_status_codes=[${HTTP_OK},${HTTP_NO_CONTENT}]
Sivas SRRf4ec6492019-06-16 01:59:30 -0500[diff] [blame]176 Redfish.Logout
Sivas SRR939b4b12019-06-26 00:01:59 -0500[diff] [blame]177 Redfish.Login
Sivas SRRf4ec6492019-06-16 01:59:30 -0500[diff] [blame]178
179
Prashanth Katti12e20402022-01-12 05:19:23 -0600[diff] [blame]180Verify AccountLockout Attributes Set To Zero By LDAP User
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]181 [Documentation] Verify that attribute AccountLockoutDuration and
Prashanth Katti12e20402022-01-12 05:19:23 -0600[diff] [blame]182 ... AccountLockoutThreshold are set to 0 by LDAP user.
Sivas SRRd21c9842019-06-21 05:41:18 -0500[diff] [blame]183 [Teardown] Run Keywords Restore AccountLockout Attributes AND
184 ... FFDC On Test Case Fail
Prashanth Katti12e20402022-01-12 05:19:23 -0600[diff] [blame]185 [Tags] Verify_AccountLockout_Attributes_Set_To_Zero_By_LDAP_User
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]186
Sivas SRRd21c9842019-06-21 05:41:18 -0500[diff] [blame]187 ${old_account_service}= Redfish.Get Properties
188 ... ${REDFISH_BASE_URI}AccountService
Michael Walsh39c00512019-07-17 10:54:06 -0500[diff] [blame]189 Rprint Vars old_account_service
Prashanth Katti12e20402022-01-12 05:19:23 -0600[diff] [blame]190
191 # Create LDAP user and create session using LDAP user.
192 Update LDAP Configuration with LDAP User Role And Group ${LDAP_TYPE}
193 ... Administrator ${GROUP_NAME}
194
195 # Clear existing Redfish sessions.
196 Redfish.Logout
197
198 # Login using LDAP user.
199 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
200
201 # Set Account Lockout attributes using LDAP user.
Sivas SRRd21c9842019-06-21 05:41:18 -0500[diff] [blame]202 Redfish.Patch ${REDFISH_BASE_URI}AccountService
203 ... body=[('AccountLockoutDuration', 0)]
Sweta Potthuri1361cd02025-03-10 04:27:56 -0500[diff] [blame]204 ... valid_status_codes=[${HTTP_OK},${HTTP_NO_CONTENT}]
Sivas SRRd21c9842019-06-21 05:41:18 -0500[diff] [blame]205 Redfish.Patch ${REDFISH_BASE_URI}AccountService
206 ... body=[('AccountLockoutThreshold', 0)]
Sweta Potthuri1361cd02025-03-10 04:27:56 -0500[diff] [blame]207 ... valid_status_codes=[${HTTP_OK},${HTTP_NO_CONTENT}]
Sivas SRRd21c9842019-06-21 05:41:18 -0500[diff] [blame]208
209
Sivas SRR939b4b12019-06-26 00:01:59 -0500[diff] [blame]210Verify LDAP User With Read Privilege Able To Check Inventory
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]211 [Documentation] Verify that LDAP user with read privilege able to
Sivas SRR939b4b12019-06-26 00:01:59 -0500[diff] [blame]212 ... read firmware inventory.
213 [Tags] Verify_LDAP_User_With_Read_Privilege_Able_To_Check_Inventory
214 [Teardown] Run Keywords FFDC On Test Case Fail AND Restore LDAP Privilege
215 [Template] Set Read Privilege And Check Firmware Inventory
216
Prashanth Kattiedce4a92020-01-16 07:28:39 -0600[diff] [blame]217 ReadOnly
Sivas SRR939b4b12019-06-26 00:01:59 -0500[diff] [blame]218
219
220Verify LDAP User With Read Privilege Should Not Do Host Poweron
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]221 [Documentation] Verify that LDAP user with read privilege should not be
Sivas SRR939b4b12019-06-26 00:01:59 -0500[diff] [blame]222 ... allowed to power on the host.
223 [Tags] Verify_LDAP_User_With_Read_Privilege_Should_Not_Do_Host_Poweron
224 [Teardown] Run Keywords FFDC On Test Case Fail AND Restore LDAP Privilege
225 [Template] Set Read Privilege And Check Poweron
226
Prashanth Kattiedce4a92020-01-16 07:28:39 -0600[diff] [blame]227 ReadOnly
Sivas SRR939b4b12019-06-26 00:01:59 -0500[diff] [blame]228
229
Sivas SRRe9a47862019-08-05 07:13:43 -0500[diff] [blame]230Update LDAP Group Name And Verify Operations
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]231 [Documentation] Verify that LDAP group name update and able to do right
232 ... operations.
Sivas SRRe9a47862019-08-05 07:13:43 -0500[diff] [blame]233 [Tags] Update_LDAP_Group_Name_And_Verify_Operations
234 [Template] Update LDAP Config And Verify Set Host Name
235 [Teardown] Restore LDAP Privilege
236
237 # group_name group_privilege valid_status_codes
Anves Kumar rayankula9954c4c2020-07-31 05:49:16 -0500[diff] [blame]238 ${GROUP_NAME} Administrator [${HTTP_OK}, ${HTTP_NO_CONTENT}]
Prashanth Kattic5d07062021-07-07 03:05:37 -0500[diff] [blame]239 ${GROUP_NAME} Operator [${HTTP_OK}, ${HTTP_NO_CONTENT}]
Prashanth Kattiedce4a92020-01-16 07:28:39 -0600[diff] [blame]240 ${GROUP_NAME} ReadOnly [${HTTP_UNAUTHORIZED}, ${HTTP_FORBIDDEN}]
Sivas SRRe9a47862019-08-05 07:13:43 -0500[diff] [blame]241 Invalid_LDAP_Group_Name Administrator [${HTTP_UNAUTHORIZED}, ${HTTP_FORBIDDEN}]
242 Invalid_LDAP_Group_Name Operator [${HTTP_UNAUTHORIZED}, ${HTTP_FORBIDDEN}]
Prashanth Kattiedce4a92020-01-16 07:28:39 -0600[diff] [blame]243 Invalid_LDAP_Group_Name ReadOnly [${HTTP_UNAUTHORIZED}, ${HTTP_FORBIDDEN}]
Sivas SRRe9a47862019-08-05 07:13:43 -0500[diff] [blame]244
245
Sivas SRRa031d2d2019-08-16 07:49:52 -0500[diff] [blame]246Verify LDAP BaseDN Update And LDAP Login
247 [Documentation] Update LDAP BaseDN of LDAP configuration and verify
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]248 ... that LDAP login works.
Sivas SRRa031d2d2019-08-16 07:49:52 -0500[diff] [blame]249 [Tags] Verify_LDAP_BaseDN_Update_And_LDAP_Login
250
251
252 ${body}= Catenate {'${LDAP_TYPE}': { 'LDAPService': {'SearchSettings':
253 ... {'BaseDistinguishedNames': ['${LDAP_BASE_DN}']}}}}
254 Redfish.Patch ${REDFISH_BASE_URI}AccountService body=${body}
Sweta Potthuri1361cd02025-03-10 04:27:56 -0500[diff] [blame]255 ... valid_status_codes=[${HTTP_OK},${HTTP_NO_CONTENT}]
Sivas SRRa031d2d2019-08-16 07:49:52 -0500[diff] [blame]256 Sleep 15s
257 Redfish Verify LDAP Login
258
259
260Verify LDAP BindDN Update And LDAP Login
261 [Documentation] Update LDAP BindDN of LDAP configuration and verify
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]262 ... that LDAP login works.
Sivas SRRa031d2d2019-08-16 07:49:52 -0500[diff] [blame]263 [Tags] Verify_LDAP_BindDN_Update_And_LDAP_Login
264
265 ${body}= Catenate {'${LDAP_TYPE}': { 'Authentication':
266 ... {'AuthenticationType':'UsernameAndPassword', 'Username':
267 ... '${LDAP_BIND_DN}'}}}
268 Redfish.Patch ${REDFISH_BASE_URI}AccountService body=${body}
Sweta Potthuri1361cd02025-03-10 04:27:56 -0500[diff] [blame]269 ... valid_status_codes=[${HTTP_OK},${HTTP_NO_CONTENT}]
Sivas SRRa031d2d2019-08-16 07:49:52 -0500[diff] [blame]270 Sleep 15s
271 Redfish Verify LDAP Login
272
273
274Verify LDAP BindDN Password Update And LDAP Login
275 [Documentation] Update LDAP BindDN password of LDAP configuration and
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]276 ... verify that LDAP login works.
George Keishing0c8100f2022-01-13 00:24:57 -0600[diff] [blame]277 [Tags] Verify_LDAP_BindDN_Password_Update_And_LDAP_Login
Sivas SRRa031d2d2019-08-16 07:49:52 -0500[diff] [blame]278
279
280 ${body}= Catenate {'${LDAP_TYPE}': { 'Authentication':
281 ... {'AuthenticationType':'UsernameAndPassword', 'Password':
282 ... '${LDAP_BIND_DN_PASSWORD}'}}}
283 Redfish.Patch ${REDFISH_BASE_URI}AccountService body=${body}
Sweta Potthuri1361cd02025-03-10 04:27:56 -0500[diff] [blame]284 ... valid_status_codes=[${HTTP_OK},${HTTP_NO_CONTENT}]
Sivas SRRa031d2d2019-08-16 07:49:52 -0500[diff] [blame]285 Sleep 15s
286 Redfish Verify LDAP Login
287
288
289Verify LDAP Type Update And LDAP Login
290 [Documentation] Update LDAP type of LDAP configuration and verify
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]291 ... that LDAP login works.
Sivas SRRa031d2d2019-08-16 07:49:52 -0500[diff] [blame]292 [Tags] Verify_LDAP_Type_Update_And_LDAP_Login
293
294 Disable Other LDAP
295 Redfish.Patch ${REDFISH_BASE_URI}AccountService
296 ... body={'${LDAP_TYPE}': {'ServiceEnabled': ${True}}}
Sweta Potthuri1361cd02025-03-10 04:27:56 -0500[diff] [blame]297 ... valid_status_codes=[${HTTP_OK},${HTTP_NO_CONTENT}]
Sivas SRRa031d2d2019-08-16 07:49:52 -0500[diff] [blame]298 Sleep 15s
299 Redfish Verify LDAP Login
300
301
George Keishing5236ec52022-01-31 12:07:58 -0600[diff] [blame]302Verify LDAP Authorization With Null Privilege
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]303 [Documentation] Verify the failure of LDAP authorization with empty
304 ... privilege.
305 [Tags] Verify_LDAP_Authorization_With_Null_Privilege
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]306 [Teardown] Restore LDAP Privilege
307
308 Update LDAP Config And Verify Set Host Name ${GROUP_NAME} ${EMPTY}
309 ... [${HTTP_FORBIDDEN}]
310
311
George Keishing5236ec52022-01-31 12:07:58 -0600[diff] [blame]312Verify LDAP Authorization With Invalid Privilege
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]313 [Documentation] Verify that LDAP user authorization with wrong privilege
314 ... fails.
315 [Tags] Verify_LDAP_Authorization_With_Invalid_Privilege
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]316 [Teardown] Restore LDAP Privilege
317
318 Update LDAP Config And Verify Set Host Name ${GROUP_NAME}
319 ... Invalid_Privilege [${HTTP_FORBIDDEN}]
320
321
322Verify LDAP Login With Invalid Data
323 [Documentation] Verify that LDAP login with Invalid LDAP data and
324 ... right LDAP user fails.
325 [Tags] Verify_LDAP_Login_With_Invalid_Data
326 [Teardown] Run Keywords FFDC On Test Case Fail AND
nagarjunb2200108dc2022-07-12 21:50:45 +0530[diff] [blame]327 ... Redfish.Login AND
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]328 ... Create LDAP Configuration
329
330 Create LDAP Configuration ${LDAP_TYPE} Invalid_LDAP_Server_URI
331 ... Invalid_LDAP_BIND_DN LDAP_BIND_DN_PASSWORD
332 ... Invalid_LDAP_BASE_DN
333 Sleep 15s
334 Redfish Verify LDAP Login ${False}
335
336
ganesanb628874f2023-05-12 01:11:43 +0000[diff] [blame]337Verify LDAP Config Creation Without BASE DN
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]338 [Documentation] Verify that LDAP login with LDAP configuration
339 ... created without BASE_DN fails.
340 [Tags] Verify_LDAP_Config_Creation_Without_BASE_DN
341 [Teardown] Run Keywords FFDC On Test Case Fail AND
nagarjunb2200108dc2022-07-12 21:50:45 +0530[diff] [blame]342 ... Redfish.Login AND
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]343 ... Create LDAP Configuration
344
345 Create LDAP Configuration ${LDAP_TYPE} Invalid_LDAP_Server_URI
346 ... Invalid_LDAP_BIND_DN LDAP_BIND_DN_PASSWORD ${EMPTY}
347 Sleep 15s
348 Redfish Verify LDAP Login ${False}
349
350
351Verify LDAP Authentication Without Password
352 [Documentation] Verify that LDAP user authentication without LDAP
353 ... user password fails.
354 [Tags] Verify_LDAP_Authentication_Without_Password
Anves Kumar rayankula5bf342e2020-06-25 08:35:34 -0500[diff] [blame]355 [Teardown] Run Keywords Redfish.Logout AND Redfish.Login
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]356
357 ${status}= Run Keyword And Return Status Redfish.Login ${LDAP_USER}
358 Valid Value status [${False}]
359
360
ganesanb628874f2023-05-12 01:11:43 +0000[diff] [blame]361Verify LDAP Login With Invalid BASE DN
Sivas SRRcde694c2019-09-09 12:20:34 -0500[diff] [blame]362 [Documentation] Verify that LDAP login with invalid BASE_DN and
363 ... valid LDAP user fails.
364 [Tags] Verify_LDAP_Login_With_Invalid_BASE_DN
365 [Teardown] Run Keywords FFDC On Test Case Fail AND
nagarjunb2200108dc2022-07-12 21:50:45 +0530[diff] [blame]366 ... Redfish.Login AND
Sivas SRRcde694c2019-09-09 12:20:34 -0500[diff] [blame]367 ... Create LDAP Configuration
368
369 Create LDAP Configuration ${LDAP_TYPE} ${LDAP_SERVER_URI}
370 ... ${LDAP_BIND_DN} ${LDAP_BIND_DN_PASSWORD} Invalid_LDAP_BASE_DN
371 Sleep 15s
372 Redfish Verify LDAP Login ${False}
373
374
375Verify LDAP Login With Invalid BIND_DN_PASSWORD
376 [Documentation] Verify that LDAP login with invalid BIND_DN_PASSWORD and
377 ... valid LDAP user fails.
378 [Tags] Verify_LDAP_Login_With_Invalid_BIND_DN_PASSWORD
379 [Teardown] Run Keywords FFDC On Test Case Fail AND
nagarjunb2200108dc2022-07-12 21:50:45 +0530[diff] [blame]380 ... Redfish.Login AND
Sivas SRRcde694c2019-09-09 12:20:34 -0500[diff] [blame]381 ... Create LDAP Configuration
382
383 Create LDAP Configuration ${LDAP_TYPE} ${LDAP_SERVER_URI}
384 ... ${LDAP_BIND_DN} INVALID_LDAP_BIND_DN_PASSWORD ${LDAP_BASE_DN}
385 Sleep 15s
386 Redfish Verify LDAP Login ${False}
387
388
ganesanb628874f2023-05-12 01:11:43 +0000[diff] [blame]389Verify LDAP Login With Invalid BASE DN And Invalid BIND DN
Sivas SRRcde694c2019-09-09 12:20:34 -0500[diff] [blame]390 [Documentation] Verify that LDAP login with invalid BASE_DN and invalid
391 ... BIND_DN and valid LDAP user fails.
392 [Tags] Verify_LDAP_Login_With_Invalid_BASE_DN_And_Invalid_BIND_DN
393 [Teardown] Run Keywords FFDC On Test Case Fail AND
nagarjunb2200108dc2022-07-12 21:50:45 +0530[diff] [blame]394 ... Redfish.Login AND
Sivas SRRcde694c2019-09-09 12:20:34 -0500[diff] [blame]395 ... Create LDAP Configuration
396
397 Create LDAP Configuration ${LDAP_TYPE} ${LDAP_SERVER_URI}
398 ... INVALID_LDAP_BIND_DN ${LDAP_BIND_DN_PASSWORD} INVALID_LDAP_BASE_DN
399 Sleep 15s
400 Redfish Verify LDAP Login ${False}
401
402
403Verify Group Name And Group Privilege Able To Modify
404 [Documentation] Verify that LDAP group name and group privilege able to
405 ... modify.
406 [Tags] Verify_Group_Name_And_Group_Privilege_Able_To_Modify
Sivas SRR873de8e2019-09-26 00:37:53 -0500[diff] [blame]407 [Setup] Update LDAP Configuration with LDAP User Role And Group
Sivas SRRcde694c2019-09-09 12:20:34 -0500[diff] [blame]408 ... ${LDAP_TYPE} Operator ${GROUP_NAME}
409
410 Update LDAP Configuration with LDAP User Role And Group ${LDAP_TYPE}
411 ... Administrator ${GROUP_NAME}
412
413
ganesanb628874f2023-05-12 01:11:43 +0000[diff] [blame]414Verify LDAP Login With Invalid BIND DN
Sivas SRRcde694c2019-09-09 12:20:34 -0500[diff] [blame]415 [Documentation] Verify that LDAP login with invalid BIND_DN and
416 ... valid LDAP user fails.
417 [Tags] Verify_LDAP_Login_With_Invalid_BIND_DN
418 [Teardown] Run Keywords FFDC On Test Case Fail AND
nagarjunb2200108dc2022-07-12 21:50:45 +0530[diff] [blame]419 ... Redfish.Login AND
Sivas SRRcde694c2019-09-09 12:20:34 -0500[diff] [blame]420 ... Create LDAP Configuration
421
422 Create LDAP Configuration ${LDAP_TYPE} ${LDAP_SERVER_URI}
423 ... Invalid_LDAP_BIND_DN ${LDAP_BIND_DN_PASSWORD} ${LDAP_BASE_DN}
424 Sleep 15s
425 Redfish Verify LDAP Login ${False}
426
427
428Verify LDAP Authentication With Invalid LDAP User
429 [Documentation] Verify that LDAP user authentication for user not exist
430 ... in LDAP server and fails.
431 [Tags] Verify_LDAP_Authentication_With_Invalid_LDAP_User
Anves Kumar rayankula9954c4c2020-07-31 05:49:16 -0500[diff] [blame]432 [Teardown] Run Keywords Redfish.Logout AND Redfish.Login
Sivas SRRcde694c2019-09-09 12:20:34 -0500[diff] [blame]433
434 ${status}= Run Keyword And Return Status Redfish.Login INVALID_LDAP_USER
435 ... ${LDAP_USER_PASSWORD}
436 Valid Value status [${False}]
437
438
Prashanth Kattife798812020-01-31 07:04:26 -0600[diff] [blame]439Update LDAP User Roles And Verify Host Poweroff Operation
440 [Documentation] Update LDAP user roles and verify host poweroff operation.
441 [Tags] Update_LDAP_User_Roles_And_Verify_Host_Poweroff_Operation
442 [Teardown] Restore LDAP Privilege
443
444 [Template] Update LDAP User Role And Host Poweroff
445 # ldap_type group_privilege group_name valid_status_codes
446
Prashanth Kattife798812020-01-31 07:04:26 -0600[diff] [blame]447 # Verify LDAP user with ReadOnly privilege not able to do host poweroff.
448 ${LDAP_TYPE} ReadOnly ${GROUP_NAME} ${HTTP_FORBIDDEN}
449
450 # Verify LDAP user with Operator privilege able to do host poweroff.
451 ${LDAP_TYPE} Operator ${GROUP_NAME} ${HTTP_OK}
452
453 # Verify LDAP user with Administrator privilege able to do host poweroff.
454 ${LDAP_TYPE} Administrator ${GROUP_NAME} ${HTTP_OK}
455
456
Prashanth Kattia4f79292020-02-20 03:34:01 -0600[diff] [blame]457Update LDAP User Roles And Verify Host Poweron Operation
458 [Documentation] Update LDAP user roles and verify host poweron operation.
459 [Tags] Update_LDAP_User_Roles_And_Verify_Host_Poweron_Operation
460 [Teardown] Restore LDAP Privilege
461
462 [Template] Update LDAP User Role And Host Poweron
463 # ldap_type group_privilege group_name valid_status_codes
464
Prashanth Kattia4f79292020-02-20 03:34:01 -0600[diff] [blame]465 # Verify LDAP user with ReadOnly privilege not able to do host poweron.
466 ${LDAP_TYPE} ReadOnly ${GROUP_NAME} ${HTTP_FORBIDDEN}
467
468 # Verify LDAP user with Operator privilege able to do host poweron.
469 ${LDAP_TYPE} Operator ${GROUP_NAME} ${HTTP_OK}
470
471 # Verify LDAP user with Administrator privilege able to do host poweron.
472 ${LDAP_TYPE} Administrator ${GROUP_NAME} ${HTTP_OK}
473
474
Prashanth Katti3dc8cc32020-03-04 11:11:01 -0600[diff] [blame]475Configure IP Address Via Different User Roles And Verify
476 [Documentation] Configure IP address via different user roles and verify.
477 [Tags] Configure_IP_Address_Via_Different_User_Roles_And_Verify
478 [Teardown] Restore LDAP Privilege
479
480 [Template] Update LDAP User Role And Configure IP Address
481 # Verify LDAP user with Administrator privilege is able to configure IP address.
482 ${LDAP_TYPE} Administrator ${GROUP_NAME} ${HTTP_OK}
483
484 # Verify LDAP user with ReadOnly privilege is forbidden to configure IP address.
485 ${LDAP_TYPE} ReadOnly ${GROUP_NAME} ${HTTP_FORBIDDEN}
486
Prashanth Katti3dc8cc32020-03-04 11:11:01 -0600[diff] [blame]487 # Verify LDAP user with Operator privilege is able to configure IP address.
Sweta Potthurif4c86a02022-02-02 10:11:22 -0600[diff] [blame]488 ${LDAP_TYPE} Operator ${GROUP_NAME} ${HTTP_FORBIDDEN}
Prashanth Katti3dc8cc32020-03-04 11:11:01 -0600[diff] [blame]489
490
Prashanth Kattif90c4742020-03-18 11:08:47 -0500[diff] [blame]491Delete IP Address Via Different User Roles And Verify
492 [Documentation] Delete IP address via different user roles and verify.
493 [Tags] Delete_IP_Address_Via_Different_User_Roles_And_Verify
494 [Teardown] Run Keywords Restore LDAP Privilege AND FFDC On Test Case Fail
495
496 [Template] Update LDAP User Role And Delete IP Address
497 # Verify LDAP user with Administrator privilege is able to delete IP address.
498 ${LDAP_TYPE} Administrator ${GROUP_NAME} ${HTTP_OK}
499
500 # Verify LDAP user with ReadOnly privilege is forbidden to delete IP address.
501 ${LDAP_TYPE} ReadOnly ${GROUP_NAME} ${HTTP_FORBIDDEN}
502
Prashanth Kattif90c4742020-03-18 11:08:47 -0500[diff] [blame]503 # Verify LDAP user with Operator privilege is able to delete IP address.
Sweta Potthurif4c86a02022-02-02 10:11:22 -0600[diff] [blame]504 ${LDAP_TYPE} Operator ${GROUP_NAME} ${HTTP_FORBIDDEN}
Prashanth Kattif90c4742020-03-18 11:08:47 -0500[diff] [blame]505
506
Prashanth Katti67e06202020-05-20 06:16:51 -0500[diff] [blame]507Read Network Configuration Via Different User Roles And Verify
David Shaw8e6d4ee2020-06-12 10:03:59 -0500[diff] [blame]508 [Documentation] Read network configuration via different user roles and verify.
George Keishing5236ec52022-01-31 12:07:58 -0600[diff] [blame]509 [Tags] Read_Network_Configuration_Via_Different_User_Roles_And_Verify
Prashanth Katti67e06202020-05-20 06:16:51 -0500[diff] [blame]510 [Teardown] Restore LDAP Privilege
511
512 [Template] Update LDAP User Role And Read Network Configuration
513 ${LDAP_TYPE} Administrator ${GROUP_NAME} ${HTTP_OK}
514
515 ${LDAP_TYPE} ReadOnly ${GROUP_NAME} ${HTTP_OK}
516
Prashanth Katti67e06202020-05-20 06:16:51 -0500[diff] [blame]517 ${LDAP_TYPE} Operator ${GROUP_NAME} ${HTTP_OK}
518
Sweta Potthuriaa8cda92022-10-19 04:45:08 -0500[diff] [blame]519Switch LDAP Type And Verify Login Fails
520 [Documentation] Switch LDAP type and verify login fails.
521 [Tags] Switch_LDAP_Type_And_Verify_Login_Fails
522
523 # Check Login with LDAP Type is working
524 Create LDAP Configuration
525 Redfish Verify LDAP Login
526
527 # Disable the LDAP Type from OpenLDAP to ActiveDirectory or vice-versa
528 Redfish.Patch ${REDFISH_BASE_URI}AccountService
529 ... body={'${LDAP_TYPE}': {'ServiceEnabled': ${False}}}
Sweta Potthuri1361cd02025-03-10 04:27:56 -0500[diff] [blame]530 ... valid_status_codes=[${HTTP_OK},${HTTP_NO_CONTENT}]
Sweta Potthuriaa8cda92022-10-19 04:45:08 -0500[diff] [blame]531
532 # Enable the inverse LDAP type
533 Disable Other LDAP ${True}
534 Create LDAP Configuration ${LDAP_TYPE_1} ${LDAP_SERVER_URI_1} ${LDAP_BIND_DN_1} ${LDAP_BIND_DN_PASSWORD_1} ${LDAP_BASE_DN_1}
535 Redfish.Logout
536 Sleep 10s
537
538 # Check if Login works via Inverse LDAP
539 Redfish.Login ${LDAP_USER_1} ${LDAP_USER_PASSWORD_1}
540 Redfish.Logout
541 Sleep 10s
542
543 # Login using LDAP type must fail
544 Redfish Verify LDAP Login ${False}
545 Redfish.Logout
Prashanth Katti67e06202020-05-20 06:16:51 -0500[diff] [blame]546
Sivas SRR7d7bae32019-05-29 00:31:14 -0500[diff] [blame]547*** Keywords ***
Sivas SRRd21c9842019-06-21 05:41:18 -0500[diff] [blame]548
Sivas SRRa031d2d2019-08-16 07:49:52 -0500[diff] [blame]549Redfish Verify LDAP Login
550 [Documentation] LDAP user log into BMC.
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]551 [Arguments] ${valid_status}=${True}
552
553 # Description of argument(s):
554 # valid_status Expected status of LDAP login ("True" or "False").
Sivas SRRa031d2d2019-08-16 07:49:52 -0500[diff] [blame]555
556 # According to our repo coding rules, Redfish.Login is to be done in Suite
557 # Setup and Redfish.Logout is to be done in Suite Teardown. For any
558 # deviation from this rule (such as in this keyword), the deviant code
559 # must take steps to restore us to our original logged-in state.
560
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]561 ${status}= Run Keyword And Return Status Redfish.Login ${LDAP_USER}
562 ... ${LDAP_USER_PASSWORD}
563 Valid Value status [${valid_status}]
Sivas SRRa031d2d2019-08-16 07:49:52 -0500[diff] [blame]564 Redfish.Logout
565 Redfish.Login
566
567
Sivas SRRe9a47862019-08-05 07:13:43 -0500[diff] [blame]568Update LDAP Config And Verify Set Host Name
569 [Documentation] Update LDAP config and verify by attempting to set host name.
570 [Arguments] ${group_name} ${group_privilege}=Administrator
571 ... ${valid_status_codes}=[${HTTP_OK}]
kothais42b2e302023-11-03 06:56:08 +0000[diff] [blame]572 [Teardown] Run Keywords Redfish.Logout AND Redfish.Login
George Keishing538f1742022-03-14 05:00:55 -0500[diff] [blame]573
Sivas SRRe9a47862019-08-05 07:13:43 -0500[diff] [blame]574 # Description of argument(s):
575 # group_name The group name of user.
576 # group_privilege The group privilege ("Administrator",
577 # "Operator", "User" or "Callback").
578 # valid_status_codes Expected return code(s) from patch
579 # operation (e.g. "200") used to update
580 # HostName. See prolog of rest_request
nagarjunb2200108dc2022-07-12 21:50:45 +0530[diff] [blame]581 # method in redfish_plus.py for details.
Sivas SRRe9a47862019-08-05 07:13:43 -0500[diff] [blame]582 Update LDAP Configuration with LDAP User Role And Group ${LDAP_TYPE}
583 ... ${group_privilege} ${group_name}
Nagarjun B1b821612021-12-06 22:52:04 +0530[diff] [blame]584
Sivas SRRe9a47862019-08-05 07:13:43 -0500[diff] [blame]585 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
586 # Verify that the LDAP user in ${group_name} with the given privilege is
587 # allowed to change the hostname.
Anves Kumar rayankulaf8533632021-05-31 02:52:19 -0500[diff] [blame]588 Redfish.Patch ${REDFISH_NW_ETH0_URI} body={'HostName': '${hostname}'}
Sivas SRRe9a47862019-08-05 07:13:43 -0500[diff] [blame]589 ... valid_status_codes=${valid_status_codes}
Sivas SRRe9a47862019-08-05 07:13:43 -0500[diff] [blame]590
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]591Disable Other LDAP
592 [Documentation] Disable other LDAP configuration.
Sweta Potthuriaa8cda92022-10-19 04:45:08 -0500[diff] [blame]593 [Arguments] ${service_state}=${False}
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]594
595 # First disable other LDAP.
596 ${inverse_ldap_type}= Set Variable If '${LDAP_TYPE}' == 'LDAP' ActiveDirectory LDAP
597 Redfish.Patch ${REDFISH_BASE_URI}AccountService
Sweta Potthuriaa8cda92022-10-19 04:45:08 -0500[diff] [blame]598 ... body={'${inverse_ldap_type}': {'ServiceEnabled': ${service_state}}}
Sweta Potthuri1361cd02025-03-10 04:27:56 -0500[diff] [blame]599 ... valid_status_codes=[${HTTP_OK},${HTTP_NO_CONTENT}]
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]600 Sleep 15s
601
602
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]603Config LDAP URL
604 [Documentation] Config LDAP URL.
Prashanth Katti7d38a092020-01-10 06:01:09 -0600[diff] [blame]605 [Arguments] ${ldap_server_uri}=${LDAP_SERVER_URI} ${expected_status}=${TRUE}
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]606
607 # Description of argument(s):
608 # ldap_server_uri LDAP server uri (e.g. "ldap://XX.XX.XX.XX/").
609
Sivas SRRb1b85752019-07-04 01:28:28 -0500[diff] [blame]610 Redfish.Patch ${REDFISH_BASE_URI}AccountService
611 ... body={'${ldap_type}': {'ServiceAddresses': ['${ldap_server_uri}']}}
Sweta Potthuri1361cd02025-03-10 04:27:56 -0500[diff] [blame]612 ... valid_status_codes=[${HTTP_OK},${HTTP_NO_CONTENT}]
Sivas SRRb1b85752019-07-04 01:28:28 -0500[diff] [blame]613 Sleep 15s
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]614 # After update, LDAP login.
Prashanth Katti7d38a092020-01-10 06:01:09 -0600[diff] [blame]615 ${status}= Run Keyword And Return Status Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
616 Valid Value status [${expected_status}]
617
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]618 Redfish.Logout
619 Redfish.Login
620
621
622Restore LDAP URL
623 [Documentation] Restore LDAP URL.
624
625 # Restoring the working LDAP server uri.
Sivas SRRb1b85752019-07-04 01:28:28 -0500[diff] [blame]626 Redfish.Patch ${REDFISH_BASE_URI}AccountService
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]627 ... body={'${ldap_type}': {'ServiceAddresses': ['${LDAP_SERVER_URI}']}}
Sweta Potthuri1361cd02025-03-10 04:27:56 -0500[diff] [blame]628 ... valid_status_codes=[${HTTP_OK},${HTTP_NO_CONTENT}]
Sivas SRRb1b85752019-07-04 01:28:28 -0500[diff] [blame]629 Sleep 15s
630
631
Sivas SRRd21c9842019-06-21 05:41:18 -0500[diff] [blame]632Restore AccountLockout Attributes
633 [Documentation] Restore AccountLockout Attributes.
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]634
Sivas SRRd21c9842019-06-21 05:41:18 -0500[diff] [blame]635 Return From Keyword If &{old_account_service} == &{EMPTY}
636 Redfish.Patch ${REDFISH_BASE_URI}AccountService
637 ... body=[('AccountLockoutDuration', ${old_account_service['AccountLockoutDuration']})]
Sweta Potthuri1361cd02025-03-10 04:27:56 -0500[diff] [blame]638 ... valid_status_codes=[${HTTP_OK},${HTTP_NO_CONTENT}]
Sivas SRRd21c9842019-06-21 05:41:18 -0500[diff] [blame]639 Redfish.Patch ${REDFISH_BASE_URI}AccountService
Wilson Suen70523a92023-12-28 17:49:02 -0800[diff] [blame]640 ... body=[('AccountLockoutThreshold', ${old_account_service['AccountLockoutThreshold']})]
Sweta Potthuri1361cd02025-03-10 04:27:56 -0500[diff] [blame]641 ... valid_status_codes=[${HTTP_OK},${HTTP_NO_CONTENT}]
Sivas SRRd21c9842019-06-21 05:41:18 -0500[diff] [blame]642
Sivas SRR7d7bae32019-05-29 00:31:14 -0500[diff] [blame]643Suite Setup Execution
644 [Documentation] Do suite setup tasks.
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]645
Michael Walshe7edb222019-08-19 17:39:38 -0500[diff] [blame]646 Valid Value LDAP_TYPE valid_values=["ActiveDirectory", "LDAP"]
647 Valid Value LDAP_USER
648 Valid Value LDAP_USER_PASSWORD
649 Valid Value GROUP_PRIVILEGE
650 Valid Value GROUP_NAME
651 Valid Value LDAP_SERVER_URI
652 Valid Value LDAP_BIND_DN_PASSWORD
653 Valid Value LDAP_BIND_DN
654 Valid Value LDAP_BASE_DN
Sivas SRRe9a47862019-08-05 07:13:43 -0500[diff] [blame]655
Sivas SRRf4ec6492019-06-16 01:59:30 -0500[diff] [blame]656 Redfish.Login
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]657 # Call 'Get LDAP Configuration' to verify that LDAP configuration exists.
658 Get LDAP Configuration ${LDAP_TYPE}
Prashanth Kattife798812020-01-31 07:04:26 -0600[diff] [blame]659 Set Suite Variable ${old_ldap_privilege}
Sivas SRRcde694c2019-09-09 12:20:34 -0500[diff] [blame]660 Disable Other LDAP
Sivas SRR873de8e2019-09-26 00:37:53 -0500[diff] [blame]661 Create LDAP Configuration
662 ${hostname}= Redfish.Get Attribute ${REDFISH_NW_PROTOCOL_URI} HostName
Sivas SRR7d7bae32019-05-29 00:31:14 -0500[diff] [blame]663
664
nagarjunb2200108dc2022-07-12 21:50:45 +0530[diff] [blame]665LDAP Suite Teardown Execution
666 [Documentation] Restore ldap configuration, delete unused redfish session.
667
668 Restore LDAP Privilege
669 Redfish.Logout
670 Run Keyword And Ignore Error Delete All Redfish Sessions
671
672
Sivas SRR939b4b12019-06-26 00:01:59 -0500[diff] [blame]673Set Read Privilege And Check Firmware Inventory
674 [Documentation] Set read privilege and check firmware inventory.
675 [Arguments] ${read_privilege}
676
677 # Description of argument(s):
678 # read_privilege The read privilege role (e.g. "User" / "Callback").
679
680 Update LDAP Configuration with LDAP User Role And Group ${LDAP_TYPE}
681 ... ${read_privilege} ${GROUP_NAME}
682
683 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
684 # Verify that the LDAP user with read privilege is able to read inventory.
685 ${resp}= Redfish.Get /redfish/v1/UpdateService/FirmwareInventory
686 Should Be True ${resp.dict["Members@odata.count"]} >= ${1}
687 Length Should Be ${resp.dict["Members"]} ${resp.dict["Members@odata.count"]}
Sivas SRRd21c9842019-06-21 05:41:18 -0500[diff] [blame]688 Redfish.Logout
Sivas SRR939b4b12019-06-26 00:01:59 -0500[diff] [blame]689 Redfish.Login
690
691
692Set Read Privilege And Check Poweron
693 [Documentation] Set read privilege and power on should not be possible.
694 [Arguments] ${read_privilege}
695
696 # Description of argument(s):
697 # read_privilege The read privilege role (e.g. "User" / "Callback").
698
699 Update LDAP Configuration with LDAP User Role And Group ${LDAP_TYPE}
700 ... ${read_privilege} ${GROUP_NAME}
701 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
702 Redfish.Post ${REDFISH_POWER_URI}
703 ... body={'ResetType': 'On'} valid_status_codes=[401, 403]
704 Redfish.Logout
705 Redfish.Login
Sivas SRRd21c9842019-06-21 05:41:18 -0500[diff] [blame]706
707
Sivas SRR7d7bae32019-05-29 00:31:14 -0500[diff] [blame]708Get LDAP Configuration
709 [Documentation] Retrieve LDAP Configuration.
710 [Arguments] ${ldap_type}
711
712 # Description of argument(s):
713 # ldap_type The LDAP type ("ActiveDirectory" or "LDAP").
714
715 ${ldap_config}= Redfish.Get Properties ${REDFISH_BASE_URI}AccountService
George Keishing409df052024-01-17 22:36:14 +0530[diff] [blame]716 RETURN ${ldap_config["${ldap_type}"]}
Sivas SRR108f9d32019-06-03 10:05:34 -0500[diff] [blame]717
718
719Update LDAP Configuration with LDAP User Role And Group
720 [Documentation] Update LDAP configuration update with LDAP user Role and group.
721 [Arguments] ${ldap_type} ${group_privilege} ${group_name}
722
723 # Description of argument(s):
724 # ldap_type The LDAP type ("ActiveDirectory" or "LDAP").
725 # group_privilege The group privilege ("Administrator", "Operator", "User" or "Callback").
726 # group_name The group name of user.
727
728 ${local_role_remote_group}= Create Dictionary LocalRole=${group_privilege} RemoteGroup=${group_name}
729 ${remote_role_mapping}= Create List ${local_role_remote_group}
730 ${ldap_data}= Create Dictionary RemoteRoleMapping=${remote_role_mapping}
731 ${payload}= Create Dictionary ${ldap_type}=${ldap_data}
732 Redfish.Patch ${REDFISH_BASE_URI}AccountService body=&{payload}
Sweta Potthuri1361cd02025-03-10 04:27:56 -0500[diff] [blame]733 ... valid_status_codes=[${HTTP_OK},${HTTP_NO_CONTENT}]
Sivas SRR939b4b12019-06-26 00:01:59 -0500[diff] [blame]734 # Provide adequate time for LDAP daemon to restart after the update.
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]735 Sleep 15s
Sivas SRR108f9d32019-06-03 10:05:34 -0500[diff] [blame]736
Sivas SRRf4ec6492019-06-16 01:59:30 -0500[diff] [blame]737
738Get LDAP Privilege
739 [Documentation] Get LDAP privilege and return it.
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]740
Sivas SRRf4ec6492019-06-16 01:59:30 -0500[diff] [blame]741 ${ldap_config}= Get LDAP Configuration ${LDAP_TYPE}
Sivas SRRe9a47862019-08-05 07:13:43 -0500[diff] [blame]742 ${num_list_entries}= Get Length ${ldap_config["RemoteRoleMapping"]}
743 Return From Keyword If ${num_list_entries} == ${0} @{EMPTY}
744
George Keishing409df052024-01-17 22:36:14 +0530[diff] [blame]745 RETURN ${ldap_config["RemoteRoleMapping"][0]["LocalRole"]}
Sivas SRRf4ec6492019-06-16 01:59:30 -0500[diff] [blame]746
747
748Restore LDAP Privilege
749 [Documentation] Restore the LDAP privilege to its original value.
George Keishing538f1742022-03-14 05:00:55 -0500[diff] [blame]750
Nagarjun B1b821612021-12-06 22:52:04 +0530[diff] [blame]751 Redfish.Login
Anves Kumar rayankula5bf342e2020-06-25 08:35:34 -0500[diff] [blame]752 Return From Keyword If '${old_ldap_privilege}' == '${EMPTY}' or '${old_ldap_privilege}' == '[]'
Sivas SRR939b4b12019-06-26 00:01:59 -0500[diff] [blame]753 # Log back in to restore the original privilege.
Sivas SRRf4ec6492019-06-16 01:59:30 -0500[diff] [blame]754 Update LDAP Configuration with LDAP User Role And Group ${LDAP_TYPE}
755 ... ${old_ldap_privilege} ${GROUP_NAME}
Prashanth Kattife798812020-01-31 07:04:26 -0600[diff] [blame]756
757 Sleep 18s
758
Nagarjun B1b821612021-12-06 22:52:04 +0530[diff] [blame]759Verify Host Power Status
760 [Documentation] Verify the Host power status and do host power on/off respectively.
761 [Arguments] ${expected_power_status}
762
nagarjunb2200108dc2022-07-12 21:50:45 +0530[diff] [blame]763 # Description of argument(s):
764 # expected_power_status State of Host e.g. Off or On.
765
Nagarjun B1b821612021-12-06 22:52:04 +0530[diff] [blame]766 ${power_status}= Redfish.Get Attribute /redfish/v1/Chassis/${CHASSIS_ID} PowerState
767 Return From Keyword If '${power_status}' == '${expected_power_status}'
768
769 Run Keyword If '${power_status}' == 'Off' Redfish Power On
770 ... ELSE Redfish Power Off
Prashanth Kattife798812020-01-31 07:04:26 -0600[diff] [blame]771
772Update LDAP User Role And Host Poweroff
773 [Documentation] Update LDAP user role and do host poweroff.
774 [Arguments] ${ldap_type} ${group_privilege} ${group_name} ${valid_status_code}
Prashanth Kattia4f79292020-02-20 03:34:01 -0600[diff] [blame]775 [Teardown] Run Keywords Redfish.Logout AND Redfish.Login
Prashanth Kattife798812020-01-31 07:04:26 -0600[diff] [blame]776
777 # Description of argument(s):
778 # ldap_type The LDAP type ("ActiveDirectory" or "LDAP").
kothais42b2e302023-11-03 06:56:08 +0000[diff] [blame]779 # group_privilege The group privilege ("Administrator", "Operator" or "ReadOnly").
Prashanth Kattife798812020-01-31 07:04:26 -0600[diff] [blame]780 # group_name The group name of user.
781 # valid_status_code The expected valid status code.
782
Nagarjun B1b821612021-12-06 22:52:04 +0530[diff] [blame]783 # check Host state and do the power on/off if needed.
784 Verify Host Power Status On
785
Prashanth Kattife798812020-01-31 07:04:26 -0600[diff] [blame]786 Update LDAP Configuration with LDAP User Role And Group ${ldap_type}
787 ... ${group_privilege} ${group_name}
788
789 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
790
791 Redfish.Post ${REDFISH_POWER_URI}
792 ... body={'ResetType': 'ForceOff'} valid_status_codes=[${valid_status_code}]
793
nagarjunb2200108dc2022-07-12 21:50:45 +0530[diff] [blame]794 Return From Keyword If ${valid_status_code} == ${HTTP_FORBIDDEN}
795 Wait Until Keyword Succeeds 1 min 10 sec Verify Host Power State Off
796
797
Prashanth Kattia4f79292020-02-20 03:34:01 -0600[diff] [blame]798Update LDAP User Role And Host Poweron
799 [Documentation] Update LDAP user role and do host poweron.
800 [Arguments] ${ldap_type} ${group_privilege} ${group_name} ${valid_status_code}
801 [Teardown] Run Keywords Redfish.Logout AND Redfish.Login
802
803 # Description of argument(s):
804 # ldap_type The LDAP type ("ActiveDirectory" or "LDAP").
kothais42b2e302023-11-03 06:56:08 +0000[diff] [blame]805 # group_privilege The group privilege ("Administrator", "Operator" or "ReadOnly").
Prashanth Kattia4f79292020-02-20 03:34:01 -0600[diff] [blame]806 # group_name The group name of user.
807 # valid_status_code The expected valid status code.
808
Nagarjun B1b821612021-12-06 22:52:04 +0530[diff] [blame]809 # check Host state and do the power on/off if needed.
810 Verify Host Power Status Off
811
Prashanth Kattia4f79292020-02-20 03:34:01 -0600[diff] [blame]812 Update LDAP Configuration with LDAP User Role And Group ${ldap_type}
813 ... ${group_privilege} ${group_name}
814
815 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
816
817 Redfish.Post ${REDFISH_POWER_URI}
818 ... body={'ResetType': 'On'} valid_status_codes=[${valid_status_code}]
Prashanth Katti3dc8cc32020-03-04 11:11:01 -0600[diff] [blame]819
nagarjunb2200108dc2022-07-12 21:50:45 +0530[diff] [blame]820 Return From Keyword If ${valid_status_code} == ${HTTP_FORBIDDEN}
821 Verify Host Is Up
822
Prashanth Katti3dc8cc32020-03-04 11:11:01 -0600[diff] [blame]823
824Update LDAP User Role And Configure IP Address
825 [Documentation] Update LDAP user role and configure IP address.
826 [Arguments] ${ldap_type} ${group_privilege} ${group_name} ${valid_status_code}=${HTTP_OK}
827 [Teardown] Run Keywords Redfish.Logout AND Redfish.Login AND Delete IP Address ${test_ip}
828
829 # Description of argument(s):
830 # ldap_type The LDAP type ("ActiveDirectory" or "LDAP").
kothais42b2e302023-11-03 06:56:08 +0000[diff] [blame]831 # group_privilege The group privilege ("Administrator", "Operator" or "ReadOnly").
Prashanth Katti3dc8cc32020-03-04 11:11:01 -0600[diff] [blame]832 # group_name The group name of user.
833 # valid_status_code The expected valid status code.
834
835 Update LDAP Configuration with LDAP User Role And Group ${ldap_type}
836 ... ${group_privilege} ${group_name}
837
838 Redfish.Logout
839
840 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
841
Anves Kumar rayankula5bf342e2020-06-25 08:35:34 -0500[diff] [blame]842 ${test_gateway}= Get BMC Default Gateway
843
kothais42b2e302023-11-03 06:56:08 +0000[diff] [blame]844 Add IP Address ${test_ip} ${test_mask} ${test_gateway} ${valid_status_code}
Prashanth Kattif90c4742020-03-18 11:08:47 -0500[diff] [blame]845
846
847Update LDAP User Role And Delete IP Address
848 [Documentation] Update LDAP user role and delete IP address.
849 [Arguments] ${ldap_type} ${group_privilege} ${group_name} ${valid_status_code}=${HTTP_OK}
850 [Teardown] Run Keywords Redfish.Logout AND Redfish.Login AND Delete IP Address ${test_ip}
851
852 # Description of argument(s):
853 # ldap_type The LDAP type ("ActiveDirectory" or "LDAP").
kothais42b2e302023-11-03 06:56:08 +0000[diff] [blame]854 # group_privilege The group privilege ("Administrator", "Operator" or "ReadOnly").
Prashanth Kattif90c4742020-03-18 11:08:47 -0500[diff] [blame]855 # group_name The group name of user.
856 # valid_status_code The expected valid status code.
857
Anves Kumar rayankula5bf342e2020-06-25 08:35:34 -0500[diff] [blame]858 ${test_gateway}= Get BMC Default Gateway
859
Prashanth Kattif90c4742020-03-18 11:08:47 -0500[diff] [blame]860 # Configure IP address before deleting via LDAP user roles.
Anves Kumar rayankula5bf342e2020-06-25 08:35:34 -0500[diff] [blame]861 Add IP Address ${test_ip} ${test_mask} ${test_gateway}
Prashanth Kattif90c4742020-03-18 11:08:47 -0500[diff] [blame]862
863 Update LDAP Configuration with LDAP User Role And Group ${ldap_type}
864 ... ${group_privilege} ${group_name}
865
866 Redfish.Logout
867
868 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
869
kothais42b2e302023-11-03 06:56:08 +0000[diff] [blame]870 Delete IP Address ${test_ip} ${valid_status_code}
Prashanth Katti67e06202020-05-20 06:16:51 -0500[diff] [blame]871
872
873Update LDAP User Role And Read Network Configuration
874 [Documentation] Update LDAP user role and read network configuration.
875 [Arguments] ${ldap_type} ${group_privilege} ${group_name} ${valid_status_code}=${HTTP_OK}
876 [Teardown] Run Keywords Redfish.Logout AND Redfish.Login
877
878 # Description of argument(s):
879 # ldap_type The LDAP type ("ActiveDirectory" or "LDAP").
kothais42b2e302023-11-03 06:56:08 +0000[diff] [blame]880 # group_privilege The group privilege ("Administrator", "Operator" or "ReadOnly").
Prashanth Katti67e06202020-05-20 06:16:51 -0500[diff] [blame]881 # group_name The group name of user.
882 # valid_status_code The expected valid status code.
883
884 Update LDAP Configuration with LDAP User Role And Group ${ldap_type}
885 ... ${group_privilege} ${group_name}
886
887 Redfish.Logout
888
889 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
890 Redfish.Get ${REDFISH_NW_ETH0_URI} valid_status_codes=[${valid_status_code}]