Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / openbmc-test-automation / 6f88c5e2440be38de9773724a7512c383034fa66 / . / redfish / account_service / test_ldap_configuration.robot
blob: 79ce2e450ed8657885bf223cb42e4fec7a427372 [file] [log] [blame]
Sivas SRR7d7bae32019-05-29 00:31:14 -0500[diff] [blame]1*** Settings ***
2Documentation Test Redfish LDAP user configuration.
3
Sivas SRRd21c9842019-06-21 05:41:18 -0500[diff] [blame]4Library ../../lib/gen_robot_valid.py
Sivas SRR7d7bae32019-05-29 00:31:14 -0500[diff] [blame]5Resource ../../lib/resource.robot
6Resource ../../lib/bmc_redfish_resource.robot
7Resource ../../lib/openbmc_ffdc.robot
Sivas SRRf4ec6492019-06-16 01:59:30 -0500[diff] [blame]8Library ../../lib/gen_robot_valid.py
Sivas SRR7d7bae32019-05-29 00:31:14 -0500[diff] [blame]9
10Suite Setup Suite Setup Execution
Sivas SRRf4ec6492019-06-16 01:59:30 -0500[diff] [blame]11Suite Teardown Redfish.Logout
12Test Teardown FFDC On Test Case Fail
Sivas SRR7d7bae32019-05-29 00:31:14 -0500[diff] [blame]13
Sivas SRR9358b5c2019-06-06 04:57:03 -0500[diff] [blame]14Force Tags LDAP_Test
15
Sivas SRRf4ec6492019-06-16 01:59:30 -0500[diff] [blame]16*** Variables ***
17${old_ldap_privilege} ${EMPTY}
Sivas SRRd21c9842019-06-21 05:41:18 -0500[diff] [blame]18&{old_account_service} &{EMPTY}
Sivas SRRf4ec6492019-06-16 01:59:30 -0500[diff] [blame]19
Sivas SRR7d7bae32019-05-29 00:31:14 -0500[diff] [blame]20** Test Cases **
21
22Verify LDAP Configuration Exist
23 [Documentation] Verify LDAP configuration is available.
24 [Tags] Verify_LDAP_Configuration_Exist
25
26 ${resp}= Redfish.Get Attribute ${REDFISH_BASE_URI}AccountService
27 ... ${LDAP_TYPE} default=${EMPTY}
28 Should Not Be Empty ${resp} msg=LDAP configuration is not defined.
29
30
31Verify LDAP User Login
32 [Documentation] Verify LDAP user able to login into BMC.
33 [Tags] Verify_LDAP_User_Login
34
35 ${resp}= Run Keyword And Return Status Redfish.Login ${LDAP_USER}
36 ... ${LDAP_USER_PASSWORD}
37 Should Be Equal ${resp} ${True} msg=LDAP user is not able to login.
38 redfish.Logout
39
40
41Verify LDAP Service Available
42 [Documentation] Verify LDAP service is available.
43 [Tags] Verify_LDAP_Service_Available
44
45 @{ldap_configuration}= Get LDAP Configuration ${LDAP_TYPE}
46 Should Contain ${ldap_configuration} LDAPService
47 ... msg=LDAPService is not available.
48
49
Sivas SRR108f9d32019-06-03 10:05:34 -0500[diff] [blame]50Verify LDAP Login Works After BMC Reboot
51 [Documentation] Verify LDAP login works after BMC reboot.
52 [Tags] Verify_LDAP_Login_Works_After_BMC_Reboot
53
54 Redfish OBMC Reboot (off)
55 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
56 Redfish.Logout
57
58
59Verify LDAP User With Admin Privilege Able To Do BMC Reboot
60 [Documentation] Verify LDAP user with administrator privilege able to do BMC reboot.
61 [Tags] Verify_LDAP_User_With_Admin_Privilege_Able_To_Do_BMC_Reboot
62
63
64 Update LDAP Configuration with LDAP User Role And Group ${LDAP_TYPE}
65 ... ${GROUP_PRIVILEGE} ${GROUP_NAME}
66 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
67 # With LDAP user and with right privilege trying to do BMC reboot.
68 Redfish OBMC Reboot (off)
69 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
70 Redfish.Logout
71
72
Sivas SRRf4ec6492019-06-16 01:59:30 -0500[diff] [blame]73Verify LDAP User With Operator Privilege Able To Do Host Poweron
74 [Documentation] Verify LDAP user with operator privilege able to do host up.
75 [Tags] Verify_LDAP_User_With_Operator_Privilege_Able_To_Do_Host_Poweron
76 [Teardown] Restore LDAP Privilege
77
78 ${old_ldap_privilege}= Get LDAP Privilege
79 Update LDAP Configuration with LDAP User Role And Group ${LDAP_TYPE}
80 ... Operator ${GROUP_NAME}
81 # Provide adequate time for LDAP daemon to restart after the update.
82 Sleep 10s
83
84 ${ldap_config}= Redfish.Get Properties ${REDFISH_BASE_URI}AccountService
85 ${new_ldap_privilege}= Set Variable
86 ... ${ldap_config["LDAP"]["RemoteRoleMapping"][0]["LocalRole"]}
87 Should Be Equal ${new_ldap_privilege} Operator
88 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
89 # Verify that the LDAP user with operator privilege is able to power the system on.
90 Redfish Power On
91 Redfish.Logout
92
93
Sivas SRRd21c9842019-06-21 05:41:18 -0500[diff] [blame]94Verify AccountLockout Attributes Set To Zero
95 [Documentation] Verify attribute AccountLockoutDuration and
96 ... AccountLockoutThreshold are set to 0.
97 [Teardown] Run Keywords Restore AccountLockout Attributes AND
98 ... FFDC On Test Case Fail
99 [Tags] Verify_AccountLockout_Attributes_Set_To_Zero
100
101 ${old_account_service}= Redfish.Get Properties
102 ... ${REDFISH_BASE_URI}AccountService
103 Rprint Vars old_account_service fmt=terse
104 Redfish.Patch ${REDFISH_BASE_URI}AccountService
105 ... body=[('AccountLockoutDuration', 0)]
106 Redfish.Patch ${REDFISH_BASE_URI}AccountService
107 ... body=[('AccountLockoutThreshold', 0)]
108
109
Sivas SRR7d7bae32019-05-29 00:31:14 -0500[diff] [blame]110*** Keywords ***
Sivas SRRd21c9842019-06-21 05:41:18 -0500[diff] [blame]111
112Restore AccountLockout Attributes
113 [Documentation] Restore AccountLockout Attributes.
114
115 Return From Keyword If &{old_account_service} == &{EMPTY}
116 Redfish.Patch ${REDFISH_BASE_URI}AccountService
117 ... body=[('AccountLockoutDuration', ${old_account_service['AccountLockoutDuration']})]
118 Redfish.Patch ${REDFISH_BASE_URI}AccountService
119 ... body=[('AccountLockoutDuration', ${old_account_service['AccountLockoutThreshold']})]
120
121
Sivas SRR7d7bae32019-05-29 00:31:14 -0500[diff] [blame]122Suite Setup Execution
123 [Documentation] Do suite setup tasks.
124
Sivas SRRd21c9842019-06-21 05:41:18 -0500[diff] [blame]125 Rvalid Value LDAP_TYPE valid_values=["ActiveDirectory", "LDAP"]
Sivas SRRf4ec6492019-06-16 01:59:30 -0500[diff] [blame]126 Rvalid Value LDAP_USER
127 Rvalid Value LDAP_USER_PASSWORD
128 Rvalid Value GROUP_PRIVILEGE
129 Rvalid Value GROUP_NAME
130 Redfish.Login
131 # Call 'Get LDAP Configuration' to verify that LDAP configuration exists.
Sivas SRR7d7bae32019-05-29 00:31:14 -0500[diff] [blame]132 Get LDAP Configuration ${LDAP_TYPE}
Sivas SRR7d7bae32019-05-29 00:31:14 -0500[diff] [blame]133
134
Sivas SRRd21c9842019-06-21 05:41:18 -0500[diff] [blame]135Test Teardown Execution
136 [Documentation] Do the post test teardown.
137 FFDC On Test Case Fail
138 Redfish.Logout
139
140
Sivas SRR7d7bae32019-05-29 00:31:14 -0500[diff] [blame]141Get LDAP Configuration
142 [Documentation] Retrieve LDAP Configuration.
143 [Arguments] ${ldap_type}
144
145 # Description of argument(s):
146 # ldap_type The LDAP type ("ActiveDirectory" or "LDAP").
147
148 ${ldap_config}= Redfish.Get Properties ${REDFISH_BASE_URI}AccountService
149 [Return] ${ldap_config["${ldap_type}"]}
Sivas SRR108f9d32019-06-03 10:05:34 -0500[diff] [blame]150
151
152Update LDAP Configuration with LDAP User Role And Group
153 [Documentation] Update LDAP configuration update with LDAP user Role and group.
154 [Arguments] ${ldap_type} ${group_privilege} ${group_name}
155
156 # Description of argument(s):
157 # ldap_type The LDAP type ("ActiveDirectory" or "LDAP").
158 # group_privilege The group privilege ("Administrator", "Operator", "User" or "Callback").
159 # group_name The group name of user.
160
161 ${local_role_remote_group}= Create Dictionary LocalRole=${group_privilege} RemoteGroup=${group_name}
162 ${remote_role_mapping}= Create List ${local_role_remote_group}
163 ${ldap_data}= Create Dictionary RemoteRoleMapping=${remote_role_mapping}
164 ${payload}= Create Dictionary ${ldap_type}=${ldap_data}
165 Redfish.Patch ${REDFISH_BASE_URI}AccountService body=&{payload}
166
Sivas SRRf4ec6492019-06-16 01:59:30 -0500[diff] [blame]167
168Get LDAP Privilege
169 [Documentation] Get LDAP privilege and return it.
170
171 ${ldap_config}= Get LDAP Configuration ${LDAP_TYPE}
172 [Return] ${ldap_config["RemoteRoleMapping"][0]["LocalRole"]}
173
174
175Restore LDAP Privilege
176 [Documentation] Restore the LDAP privilege to its original value.
177
178 # Login back to update the original privilege.
179 Redfish.Login
180 Update LDAP Configuration with LDAP User Role And Group ${LDAP_TYPE}
181 ... ${old_ldap_privilege} ${GROUP_NAME}
182 FFDC On Test Case Fail
183 Redfish.Logout