Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / openbmc-test-automation / 73a86ac2de57fe7f381bcf2055a93a4cc3f75d49 / . / redfish / account_service / test_ldap_configuration.robot
blob: fbe04450b0ea6b7d579d796efbd0dc6a9e645313 [file] [log] [blame]
Sivas SRR7d7bae32019-05-29 00:31:14 -0500[diff] [blame]1*** Settings ***
2Documentation Test Redfish LDAP user configuration.
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]3
Sivas SRRd21c9842019-06-21 05:41:18 -0500[diff] [blame]4Library ../../lib/gen_robot_valid.py
Sivas SRR7d7bae32019-05-29 00:31:14 -0500[diff] [blame]5Resource ../../lib/resource.robot
6Resource ../../lib/bmc_redfish_resource.robot
7Resource ../../lib/openbmc_ffdc.robot
Sivas SRRf4ec6492019-06-16 01:59:30 -0500[diff] [blame]8Library ../../lib/gen_robot_valid.py
Sivas SRR7d7bae32019-05-29 00:31:14 -0500[diff] [blame]9
10Suite Setup Suite Setup Execution
Sivas SRR939b4b12019-06-26 00:01:59 -0500[diff] [blame]11Suite Teardown Run Keywords Restore LDAP Privilege AND Redfish.Logout
Sivas SRRf4ec6492019-06-16 01:59:30 -0500[diff] [blame]12Test Teardown FFDC On Test Case Fail
Sivas SRR7d7bae32019-05-29 00:31:14 -0500[diff] [blame]13
Sivas SRR9358b5c2019-06-06 04:57:03 -0500[diff] [blame]14Force Tags LDAP_Test
15
Sivas SRRf4ec6492019-06-16 01:59:30 -0500[diff] [blame]16*** Variables ***
Sivas SRR873de8e2019-09-26 00:37:53 -0500[diff] [blame]17${old_ldap_privilege} ${EMPTY}
Sivas SRRd21c9842019-06-21 05:41:18 -0500[diff] [blame]18&{old_account_service} &{EMPTY}
Sivas SRR873de8e2019-09-26 00:37:53 -0500[diff] [blame]19&{old_ldap_config} &{EMPTY}
20${hostname} ${EMPTY}
Sivas SRRf4ec6492019-06-16 01:59:30 -0500[diff] [blame]21
Sivas SRR7d7bae32019-05-29 00:31:14 -0500[diff] [blame]22** Test Cases **
23
Sivas SRRb1b85752019-07-04 01:28:28 -0500[diff] [blame]24Verify LDAP Configuration Created
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]25 [Documentation] Verify that LDAP configuration created.
Sivas SRRb1b85752019-07-04 01:28:28 -0500[diff] [blame]26 [Tags] Verify_LDAP_Configuration_Created
27
28 Create LDAP Configuration
29 # Call 'Get LDAP Configuration' to verify that LDAP configuration exists.
30 Get LDAP Configuration ${LDAP_TYPE}
31 Sleep 10s
32 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
33 Redfish.Logout
34 Redfish.Login
35
36
37Verify LDAP Service Disable
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]38 [Documentation] Verify that LDAP is disabled and that LDAP user cannot
39 ... login.
Sivas SRRb1b85752019-07-04 01:28:28 -0500[diff] [blame]40 [Tags] Verify_LDAP_Service_Disable
41
42 Redfish.Patch ${REDFISH_BASE_URI}AccountService
43 ... body={'${LDAP_TYPE}': {'ServiceEnabled': ${False}}}
44 Sleep 15s
45 ${resp}= Run Keyword And Return Status Redfish.Login ${LDAP_USER}
46 ... ${LDAP_USER_PASSWORD}
47 Should Be Equal ${resp} ${False} msg=LDAP user was able to login even though the LDAP service was disabled.
48 Redfish.Logout
49 Redfish.Login
50 # Enabling LDAP so that LDAP user works.
51 Redfish.Patch ${REDFISH_BASE_URI}AccountService
52 ... body={'${LDAP_TYPE}': {'ServiceEnabled': ${True}}}
53 Redfish.Logout
54 Redfish.Login
55
56
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]57Verify LDAP Login With ServiceEnabled
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]58 [Documentation] Verify that LDAP Login with ServiceEnabled.
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]59 [Tags] Verify_LDAP_Login_With_ServiceEnabled
60
61 Disable Other LDAP
62 # Actual service enablement.
63 Redfish.Patch ${REDFISH_BASE_URI}AccountService
64 ... body={'${LDAP_TYPE}': {'ServiceEnabled': ${True}}}
65 Sleep 15s
66 # After update, LDAP login.
67 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
68 Redfish.Logout
69 Redfish.Login
70
71
72Verify LDAP Login With Correct AuthenticationType
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]73 [Documentation] Verify that LDAP Login with right AuthenticationType.
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]74 [Tags] Verify_LDAP_Login_With_Correct_AuthenticationType
75
76 Redfish.Patch ${REDFISH_BASE_URI}AccountService
77 ... body={'${ldap_type}': {'Authentication': {'AuthenticationType':'UsernameAndPassword'}}}
78 Sleep 15s
79 # After update, LDAP login.
80 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
81 Redfish.Logout
82 Redfish.Login
83
84
85Verify LDAP Config Update With Incorrect AuthenticationType
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]86 [Documentation] Verify that invalid AuthenticationType is not updated.
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]87 [Tags] Verify_LDAP_Update_With_Incorrect_AuthenticationType
88
89 Redfish.Patch ${REDFISH_BASE_URI}AccountService
90 ... body={'${ldap_type}': {'Authentication': {'AuthenticationType':'KerberosKeytab'}}} valid_status_codes=[400]
91
92
93Verify LDAP Login With Correct LDAP URL
94 [Documentation] Verify LDAP Login with right LDAP URL.
95 [Tags] Verify_LDAP_Login_With_Correct_LDAP_URL
96
97 Config LDAP URL ${LDAP_SERVER_URI}
98
99
100Verify LDAP Config Update With Incorrect LDAP URL
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]101 [Documentation] Verify that LDAP Login fails with invalid LDAP URL.
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]102 [Tags] Verify_LDAP_Config_Update_With_Incorrect_LDAP_URL
103 [Teardown] Run Keywords Restore LDAP URL AND
104 ... FFDC On Test Case Fail
105
106 Config LDAP URL "ldap://1.2.3.4"
107
108
Sivas SRR7d7bae32019-05-29 00:31:14 -0500[diff] [blame]109Verify LDAP Configuration Exist
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]110 [Documentation] Verify that LDAP configuration is available.
Sivas SRR7d7bae32019-05-29 00:31:14 -0500[diff] [blame]111 [Tags] Verify_LDAP_Configuration_Exist
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]112
Sivas SRR7d7bae32019-05-29 00:31:14 -0500[diff] [blame]113 ${resp}= Redfish.Get Attribute ${REDFISH_BASE_URI}AccountService
114 ... ${LDAP_TYPE} default=${EMPTY}
115 Should Not Be Empty ${resp} msg=LDAP configuration is not defined.
116
117
118Verify LDAP User Login
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]119 [Documentation] Verify that LDAP user able to login into BMC.
Sivas SRR7d7bae32019-05-29 00:31:14 -0500[diff] [blame]120 [Tags] Verify_LDAP_User_Login
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]121
122 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
Sivas SRR939b4b12019-06-26 00:01:59 -0500[diff] [blame]123 Redfish.Logout
124 Redfish.Login
Sivas SRR7d7bae32019-05-29 00:31:14 -0500[diff] [blame]125
126
127Verify LDAP Service Available
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]128 [Documentation] Verify that LDAP service is available.
Sivas SRR7d7bae32019-05-29 00:31:14 -0500[diff] [blame]129 [Tags] Verify_LDAP_Service_Available
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]130
Sivas SRR7d7bae32019-05-29 00:31:14 -0500[diff] [blame]131 @{ldap_configuration}= Get LDAP Configuration ${LDAP_TYPE}
132 Should Contain ${ldap_configuration} LDAPService
133 ... msg=LDAPService is not available.
134
135
Sivas SRR108f9d32019-06-03 10:05:34 -0500[diff] [blame]136Verify LDAP Login Works After BMC Reboot
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]137 [Documentation] Verify that LDAP login works after BMC reboot.
Sivas SRR108f9d32019-06-03 10:05:34 -0500[diff] [blame]138 [Tags] Verify_LDAP_Login_Works_After_BMC_Reboot
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]139
Sivas SRR108f9d32019-06-03 10:05:34 -0500[diff] [blame]140 Redfish OBMC Reboot (off)
141 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
142 Redfish.Logout
Sivas SRR939b4b12019-06-26 00:01:59 -0500[diff] [blame]143 Redfish.Login
Sivas SRR108f9d32019-06-03 10:05:34 -0500[diff] [blame]144
145
146Verify LDAP User With Admin Privilege Able To Do BMC Reboot
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]147 [Documentation] Verify that LDAP user with administrator privilege able to do BMC reboot.
Sivas SRR108f9d32019-06-03 10:05:34 -0500[diff] [blame]148 [Tags] Verify_LDAP_User_With_Admin_Privilege_Able_To_Do_BMC_Reboot
149
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]150
Sivas SRR108f9d32019-06-03 10:05:34 -0500[diff] [blame]151 Update LDAP Configuration with LDAP User Role And Group ${LDAP_TYPE}
152 ... ${GROUP_PRIVILEGE} ${GROUP_NAME}
153 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
154 # With LDAP user and with right privilege trying to do BMC reboot.
155 Redfish OBMC Reboot (off)
156 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
157 Redfish.Logout
Sivas SRR939b4b12019-06-26 00:01:59 -0500[diff] [blame]158 Redfish.Login
Sivas SRR108f9d32019-06-03 10:05:34 -0500[diff] [blame]159
160
Sivas SRR2b83ec02019-07-12 11:30:20 -0500[diff] [blame]161Verify LDAP User With Operator Privilege Able To Do Host Poweroff
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]162 [Documentation] Verify that LDAP user with operator privilege can do host
163 ... power off.
Sivas SRR2b83ec02019-07-12 11:30:20 -0500[diff] [blame]164 [Tags] Verify_LDAP_User_With_Operator_Privilege_Able_To_Do_Host_Poweroff
Sivas SRRf4ec6492019-06-16 01:59:30 -0500[diff] [blame]165 [Teardown] Restore LDAP Privilege
166
Sivas SRRf4ec6492019-06-16 01:59:30 -0500[diff] [blame]167 Update LDAP Configuration with LDAP User Role And Group ${LDAP_TYPE}
168 ... Operator ${GROUP_NAME}
Sivas SRRf4ec6492019-06-16 01:59:30 -0500[diff] [blame]169
Sivas SRRf4ec6492019-06-16 01:59:30 -0500[diff] [blame]170 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
Sivas SRR2b83ec02019-07-12 11:30:20 -0500[diff] [blame]171 # Verify that the LDAP user with operator privilege is able to power the system off.
172 Redfish.Post ${REDFISH_POWER_URI}
Sivas SRR3d82b3c2019-07-12 12:20:04 -0500[diff] [blame]173 ... body={'ResetType': 'ForceOff'} valid_status_codes=[200]
Sivas SRRf4ec6492019-06-16 01:59:30 -0500[diff] [blame]174 Redfish.Logout
Sivas SRR939b4b12019-06-26 00:01:59 -0500[diff] [blame]175 Redfish.Login
Sivas SRRf4ec6492019-06-16 01:59:30 -0500[diff] [blame]176
177
Sivas SRRd21c9842019-06-21 05:41:18 -0500[diff] [blame]178Verify AccountLockout Attributes Set To Zero
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]179 [Documentation] Verify that attribute AccountLockoutDuration and
Sivas SRRd21c9842019-06-21 05:41:18 -0500[diff] [blame]180 ... AccountLockoutThreshold are set to 0.
181 [Teardown] Run Keywords Restore AccountLockout Attributes AND
182 ... FFDC On Test Case Fail
183 [Tags] Verify_AccountLockout_Attributes_Set_To_Zero
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]184
Sivas SRRd21c9842019-06-21 05:41:18 -0500[diff] [blame]185 ${old_account_service}= Redfish.Get Properties
186 ... ${REDFISH_BASE_URI}AccountService
Michael Walsh39c00512019-07-17 10:54:06 -0500[diff] [blame]187 Rprint Vars old_account_service
Sivas SRRd21c9842019-06-21 05:41:18 -0500[diff] [blame]188 Redfish.Patch ${REDFISH_BASE_URI}AccountService
189 ... body=[('AccountLockoutDuration', 0)]
190 Redfish.Patch ${REDFISH_BASE_URI}AccountService
191 ... body=[('AccountLockoutThreshold', 0)]
192
193
Sivas SRR939b4b12019-06-26 00:01:59 -0500[diff] [blame]194Verify LDAP User With Read Privilege Able To Check Inventory
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]195 [Documentation] Verify that LDAP user with read privilege able to
Sivas SRR939b4b12019-06-26 00:01:59 -0500[diff] [blame]196 ... read firmware inventory.
197 [Tags] Verify_LDAP_User_With_Read_Privilege_Able_To_Check_Inventory
198 [Teardown] Run Keywords FFDC On Test Case Fail AND Restore LDAP Privilege
199 [Template] Set Read Privilege And Check Firmware Inventory
200
201 User
202 Callback
203
204
205Verify LDAP User With Read Privilege Should Not Do Host Poweron
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]206 [Documentation] Verify that LDAP user with read privilege should not be
Sivas SRR939b4b12019-06-26 00:01:59 -0500[diff] [blame]207 ... allowed to power on the host.
208 [Tags] Verify_LDAP_User_With_Read_Privilege_Should_Not_Do_Host_Poweron
209 [Teardown] Run Keywords FFDC On Test Case Fail AND Restore LDAP Privilege
210 [Template] Set Read Privilege And Check Poweron
211
212 User
213 Callback
214
215
Sivas SRRe9a47862019-08-05 07:13:43 -0500[diff] [blame]216Update LDAP Group Name And Verify Operations
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]217 [Documentation] Verify that LDAP group name update and able to do right
218 ... operations.
Sivas SRRe9a47862019-08-05 07:13:43 -0500[diff] [blame]219 [Tags] Update_LDAP_Group_Name_And_Verify_Operations
220 [Template] Update LDAP Config And Verify Set Host Name
221 [Teardown] Restore LDAP Privilege
222
223 # group_name group_privilege valid_status_codes
224 ${GROUP_NAME} Administrator [${HTTP_OK}]
225 ${GROUP_NAME} Operator [${HTTP_UNAUTHORIZED}, ${HTTP_FORBIDDEN}]
226 ${GROUP_NAME} User [${HTTP_UNAUTHORIZED}, ${HTTP_FORBIDDEN}]
227 ${GROUP_NAME} Callback [${HTTP_UNAUTHORIZED}, ${HTTP_FORBIDDEN}]
228 Invalid_LDAP_Group_Name Administrator [${HTTP_UNAUTHORIZED}, ${HTTP_FORBIDDEN}]
229 Invalid_LDAP_Group_Name Operator [${HTTP_UNAUTHORIZED}, ${HTTP_FORBIDDEN}]
230 Invalid_LDAP_Group_Name User [${HTTP_UNAUTHORIZED}, ${HTTP_FORBIDDEN}]
231 Invalid_LDAP_Group_Name Callback [${HTTP_UNAUTHORIZED}, ${HTTP_FORBIDDEN}]
232
233
Sivas SRRa031d2d2019-08-16 07:49:52 -0500[diff] [blame]234Verify LDAP BaseDN Update And LDAP Login
235 [Documentation] Update LDAP BaseDN of LDAP configuration and verify
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]236 ... that LDAP login works.
Sivas SRRa031d2d2019-08-16 07:49:52 -0500[diff] [blame]237 [Tags] Verify_LDAP_BaseDN_Update_And_LDAP_Login
238
239
240 ${body}= Catenate {'${LDAP_TYPE}': { 'LDAPService': {'SearchSettings':
241 ... {'BaseDistinguishedNames': ['${LDAP_BASE_DN}']}}}}
242 Redfish.Patch ${REDFISH_BASE_URI}AccountService body=${body}
243 Sleep 15s
244 Redfish Verify LDAP Login
245
246
247Verify LDAP BindDN Update And LDAP Login
248 [Documentation] Update LDAP BindDN of LDAP configuration and verify
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]249 ... that LDAP login works.
Sivas SRRa031d2d2019-08-16 07:49:52 -0500[diff] [blame]250 [Tags] Verify_LDAP_BindDN_Update_And_LDAP_Login
251
252 ${body}= Catenate {'${LDAP_TYPE}': { 'Authentication':
253 ... {'AuthenticationType':'UsernameAndPassword', 'Username':
254 ... '${LDAP_BIND_DN}'}}}
255 Redfish.Patch ${REDFISH_BASE_URI}AccountService body=${body}
256 Sleep 15s
257 Redfish Verify LDAP Login
258
259
260Verify LDAP BindDN Password Update And LDAP Login
261 [Documentation] Update LDAP BindDN password of LDAP configuration and
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]262 ... verify that LDAP login works.
Sivas SRRa031d2d2019-08-16 07:49:52 -0500[diff] [blame]263 [Tags] Verify_LDAP_BindDN_Passsword_Update_And_LDAP_Login
264
265
266 ${body}= Catenate {'${LDAP_TYPE}': { 'Authentication':
267 ... {'AuthenticationType':'UsernameAndPassword', 'Password':
268 ... '${LDAP_BIND_DN_PASSWORD}'}}}
269 Redfish.Patch ${REDFISH_BASE_URI}AccountService body=${body}
270 Sleep 15s
271 Redfish Verify LDAP Login
272
273
274Verify LDAP Type Update And LDAP Login
275 [Documentation] Update LDAP type of LDAP configuration and verify
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]276 ... that LDAP login works.
Sivas SRRa031d2d2019-08-16 07:49:52 -0500[diff] [blame]277 [Tags] Verify_LDAP_Type_Update_And_LDAP_Login
278
279 Disable Other LDAP
280 Redfish.Patch ${REDFISH_BASE_URI}AccountService
281 ... body={'${LDAP_TYPE}': {'ServiceEnabled': ${True}}}
282 Sleep 15s
283 Redfish Verify LDAP Login
284
285
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]286Verify Authorization With Null Privilege
287 [Documentation] Verify the failure of LDAP authorization with empty
288 ... privilege.
289 [Tags] Verify_LDAP_Authorization_With_Null_Privilege
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]290 [Teardown] Restore LDAP Privilege
291
292 Update LDAP Config And Verify Set Host Name ${GROUP_NAME} ${EMPTY}
293 ... [${HTTP_FORBIDDEN}]
294
295
296Verify Authorization With Invalid Privilege
297 [Documentation] Verify that LDAP user authorization with wrong privilege
298 ... fails.
299 [Tags] Verify_LDAP_Authorization_With_Invalid_Privilege
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]300 [Teardown] Restore LDAP Privilege
301
302 Update LDAP Config And Verify Set Host Name ${GROUP_NAME}
303 ... Invalid_Privilege [${HTTP_FORBIDDEN}]
304
305
306Verify LDAP Login With Invalid Data
307 [Documentation] Verify that LDAP login with Invalid LDAP data and
308 ... right LDAP user fails.
309 [Tags] Verify_LDAP_Login_With_Invalid_Data
310 [Teardown] Run Keywords FFDC On Test Case Fail AND
311 ... Create LDAP Configuration
312
313 Create LDAP Configuration ${LDAP_TYPE} Invalid_LDAP_Server_URI
314 ... Invalid_LDAP_BIND_DN LDAP_BIND_DN_PASSWORD
315 ... Invalid_LDAP_BASE_DN
316 Sleep 15s
317 Redfish Verify LDAP Login ${False}
318
319
320Verify LDAP Config Creation Without BASE_DN
321 [Documentation] Verify that LDAP login with LDAP configuration
322 ... created without BASE_DN fails.
323 [Tags] Verify_LDAP_Config_Creation_Without_BASE_DN
324 [Teardown] Run Keywords FFDC On Test Case Fail AND
325 ... Create LDAP Configuration
326
327 Create LDAP Configuration ${LDAP_TYPE} Invalid_LDAP_Server_URI
328 ... Invalid_LDAP_BIND_DN LDAP_BIND_DN_PASSWORD ${EMPTY}
329 Sleep 15s
330 Redfish Verify LDAP Login ${False}
331
332
333Verify LDAP Authentication Without Password
334 [Documentation] Verify that LDAP user authentication without LDAP
335 ... user password fails.
336 [Tags] Verify_LDAP_Authentication_Without_Password
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]337
338 ${status}= Run Keyword And Return Status Redfish.Login ${LDAP_USER}
339 Valid Value status [${False}]
340
341
Sivas SRRcde694c2019-09-09 12:20:34 -0500[diff] [blame]342Verify LDAP Login With Invalid BASE_DN
343 [Documentation] Verify that LDAP login with invalid BASE_DN and
344 ... valid LDAP user fails.
345 [Tags] Verify_LDAP_Login_With_Invalid_BASE_DN
346 [Teardown] Run Keywords FFDC On Test Case Fail AND
347 ... Create LDAP Configuration
348
349 Create LDAP Configuration ${LDAP_TYPE} ${LDAP_SERVER_URI}
350 ... ${LDAP_BIND_DN} ${LDAP_BIND_DN_PASSWORD} Invalid_LDAP_BASE_DN
351 Sleep 15s
352 Redfish Verify LDAP Login ${False}
353
354
355Verify LDAP Login With Invalid BIND_DN_PASSWORD
356 [Documentation] Verify that LDAP login with invalid BIND_DN_PASSWORD and
357 ... valid LDAP user fails.
358 [Tags] Verify_LDAP_Login_With_Invalid_BIND_DN_PASSWORD
359 [Teardown] Run Keywords FFDC On Test Case Fail AND
360 ... Create LDAP Configuration
361
362 Create LDAP Configuration ${LDAP_TYPE} ${LDAP_SERVER_URI}
363 ... ${LDAP_BIND_DN} INVALID_LDAP_BIND_DN_PASSWORD ${LDAP_BASE_DN}
364 Sleep 15s
365 Redfish Verify LDAP Login ${False}
366
367
368Verify LDAP Login With Invalid BASE_DN And Invalid BIND_DN
369 [Documentation] Verify that LDAP login with invalid BASE_DN and invalid
370 ... BIND_DN and valid LDAP user fails.
371 [Tags] Verify_LDAP_Login_With_Invalid_BASE_DN_And_Invalid_BIND_DN
372 [Teardown] Run Keywords FFDC On Test Case Fail AND
373 ... Create LDAP Configuration
374
375 Create LDAP Configuration ${LDAP_TYPE} ${LDAP_SERVER_URI}
376 ... INVALID_LDAP_BIND_DN ${LDAP_BIND_DN_PASSWORD} INVALID_LDAP_BASE_DN
377 Sleep 15s
378 Redfish Verify LDAP Login ${False}
379
380
381Verify Group Name And Group Privilege Able To Modify
382 [Documentation] Verify that LDAP group name and group privilege able to
383 ... modify.
384 [Tags] Verify_Group_Name_And_Group_Privilege_Able_To_Modify
Sivas SRR873de8e2019-09-26 00:37:53 -0500[diff] [blame]385 [Setup] Update LDAP Configuration with LDAP User Role And Group
Sivas SRRcde694c2019-09-09 12:20:34 -0500[diff] [blame]386 ... ${LDAP_TYPE} Operator ${GROUP_NAME}
387
388 Update LDAP Configuration with LDAP User Role And Group ${LDAP_TYPE}
389 ... Administrator ${GROUP_NAME}
390
391
392Verify LDAP Login With Invalid BIND_DN
393 [Documentation] Verify that LDAP login with invalid BIND_DN and
394 ... valid LDAP user fails.
395 [Tags] Verify_LDAP_Login_With_Invalid_BIND_DN
396 [Teardown] Run Keywords FFDC On Test Case Fail AND
397 ... Create LDAP Configuration
398
399 Create LDAP Configuration ${LDAP_TYPE} ${LDAP_SERVER_URI}
400 ... Invalid_LDAP_BIND_DN ${LDAP_BIND_DN_PASSWORD} ${LDAP_BASE_DN}
401 Sleep 15s
402 Redfish Verify LDAP Login ${False}
403
404
405Verify LDAP Authentication With Invalid LDAP User
406 [Documentation] Verify that LDAP user authentication for user not exist
407 ... in LDAP server and fails.
408 [Tags] Verify_LDAP_Authentication_With_Invalid_LDAP_User
Sivas SRRcde694c2019-09-09 12:20:34 -0500[diff] [blame]409
410 ${status}= Run Keyword And Return Status Redfish.Login INVALID_LDAP_USER
411 ... ${LDAP_USER_PASSWORD}
412 Valid Value status [${False}]
413
414
Sivas SRR7d7bae32019-05-29 00:31:14 -0500[diff] [blame]415*** Keywords ***
Sivas SRRd21c9842019-06-21 05:41:18 -0500[diff] [blame]416
Sivas SRRa031d2d2019-08-16 07:49:52 -0500[diff] [blame]417Redfish Verify LDAP Login
418 [Documentation] LDAP user log into BMC.
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]419 [Arguments] ${valid_status}=${True}
420
421 # Description of argument(s):
422 # valid_status Expected status of LDAP login ("True" or "False").
Sivas SRRa031d2d2019-08-16 07:49:52 -0500[diff] [blame]423
424 # According to our repo coding rules, Redfish.Login is to be done in Suite
425 # Setup and Redfish.Logout is to be done in Suite Teardown. For any
426 # deviation from this rule (such as in this keyword), the deviant code
427 # must take steps to restore us to our original logged-in state.
428
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]429 ${status}= Run Keyword And Return Status Redfish.Login ${LDAP_USER}
430 ... ${LDAP_USER_PASSWORD}
431 Valid Value status [${valid_status}]
Sivas SRRa031d2d2019-08-16 07:49:52 -0500[diff] [blame]432 Redfish.Logout
433 Redfish.Login
434
435
Sivas SRRe9a47862019-08-05 07:13:43 -0500[diff] [blame]436Update LDAP Config And Verify Set Host Name
437 [Documentation] Update LDAP config and verify by attempting to set host name.
438 [Arguments] ${group_name} ${group_privilege}=Administrator
439 ... ${valid_status_codes}=[${HTTP_OK}]
440
441 # Description of argument(s):
442 # group_name The group name of user.
443 # group_privilege The group privilege ("Administrator",
444 # "Operator", "User" or "Callback").
445 # valid_status_codes Expected return code(s) from patch
446 # operation (e.g. "200") used to update
447 # HostName. See prolog of rest_request
448 # method in redfish_plut.py for details.
449 Update LDAP Configuration with LDAP User Role And Group ${LDAP_TYPE}
450 ... ${group_privilege} ${group_name}
451 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
452 # Verify that the LDAP user in ${group_name} with the given privilege is
453 # allowed to change the hostname.
Sivas SRRe9a47862019-08-05 07:13:43 -0500[diff] [blame]454 Redfish.Patch ${REDFISH_NW_PROTOCOL_URI} body={'HostName': '${hostname}'}
455 ... valid_status_codes=${valid_status_codes}
456 Redfish.Logout
457 Redfish.Login
458
459
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]460Disable Other LDAP
461 [Documentation] Disable other LDAP configuration.
462
463 # First disable other LDAP.
464 ${inverse_ldap_type}= Set Variable If '${LDAP_TYPE}' == 'LDAP' ActiveDirectory LDAP
465 Redfish.Patch ${REDFISH_BASE_URI}AccountService
466 ... body={'${inverse_ldap_type}': {'ServiceEnabled': ${False}}}
467 Sleep 15s
468
469
Sivas SRRb1b85752019-07-04 01:28:28 -0500[diff] [blame]470Create LDAP Configuration
471 [Documentation] Create LDAP configuration.
472 [Arguments] ${ldap_type}=${LDAP_TYPE} ${ldap_server_uri}=${LDAP_SERVER_URI}
473 ... ${ldap_bind_dn}=${LDAP_BIND_DN} ${ldap_bind_dn_password}=${LDAP_BIND_DN_PASSWORD}
474 ... ${ldap_base_dn}=${LDAP_BASE_DN}
475
476 # Description of argument(s):
477 # ldap_type The LDAP type ("ActiveDirectory" or "LDAP").
478 # ldap_server_uri LDAP server uri (e.g. ldap://XX.XX.XX.XX).
479 # ldap_bind_dn The LDAP bind distinguished name.
480 # ldap_bind_dn_password The LDAP bind distinguished name password.
481 # ldap_base_dn The LDAP base distinguished name.
482
483 Redfish.Patch ${REDFISH_BASE_URI}AccountService
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]484 ... body={'${ldap_type}': {'ServiceEnabled': ${True}, 'ServiceAddresses': ['${ldap_server_uri}'], 'Authentication': {'AuthenticationType':'UsernameAndPassword', 'Username':'${ldap_bind_dn}', 'Password':'${ldap_bind_dn_password}'}, 'LDAPService': {'SearchSettings': {'BaseDistinguishedNames': ['${ldap_base_dn}']}}}}
Sivas SRRb1b85752019-07-04 01:28:28 -0500[diff] [blame]485 Sleep 15s
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]486
487
488Config LDAP URL
489 [Documentation] Config LDAP URL.
490 [Arguments] ${ldap_server_uri}=${LDAP_SERVER_URI}
491
492 # Description of argument(s):
493 # ldap_server_uri LDAP server uri (e.g. "ldap://XX.XX.XX.XX/").
494
Sivas SRRb1b85752019-07-04 01:28:28 -0500[diff] [blame]495 Redfish.Patch ${REDFISH_BASE_URI}AccountService
496 ... body={'${ldap_type}': {'ServiceAddresses': ['${ldap_server_uri}']}}
497 Sleep 15s
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]498 # After update, LDAP login.
499 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
500 Redfish.Logout
501 Redfish.Login
502
503
504Restore LDAP URL
505 [Documentation] Restore LDAP URL.
506
507 # Restoring the working LDAP server uri.
Sivas SRRb1b85752019-07-04 01:28:28 -0500[diff] [blame]508 Redfish.Patch ${REDFISH_BASE_URI}AccountService
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]509 ... body={'${ldap_type}': {'ServiceAddresses': ['${LDAP_SERVER_URI}']}}
Sivas SRRb1b85752019-07-04 01:28:28 -0500[diff] [blame]510 Sleep 15s
511
512
Sivas SRRd21c9842019-06-21 05:41:18 -0500[diff] [blame]513Restore AccountLockout Attributes
514 [Documentation] Restore AccountLockout Attributes.
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]515
Sivas SRRd21c9842019-06-21 05:41:18 -0500[diff] [blame]516 Return From Keyword If &{old_account_service} == &{EMPTY}
517 Redfish.Patch ${REDFISH_BASE_URI}AccountService
518 ... body=[('AccountLockoutDuration', ${old_account_service['AccountLockoutDuration']})]
519 Redfish.Patch ${REDFISH_BASE_URI}AccountService
520 ... body=[('AccountLockoutDuration', ${old_account_service['AccountLockoutThreshold']})]
521
522
Sivas SRR7d7bae32019-05-29 00:31:14 -0500[diff] [blame]523Suite Setup Execution
524 [Documentation] Do suite setup tasks.
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]525
Michael Walshe7edb222019-08-19 17:39:38 -0500[diff] [blame]526 Valid Value LDAP_TYPE valid_values=["ActiveDirectory", "LDAP"]
527 Valid Value LDAP_USER
528 Valid Value LDAP_USER_PASSWORD
529 Valid Value GROUP_PRIVILEGE
530 Valid Value GROUP_NAME
531 Valid Value LDAP_SERVER_URI
532 Valid Value LDAP_BIND_DN_PASSWORD
533 Valid Value LDAP_BIND_DN
534 Valid Value LDAP_BASE_DN
Sivas SRRe9a47862019-08-05 07:13:43 -0500[diff] [blame]535
Sivas SRRf4ec6492019-06-16 01:59:30 -0500[diff] [blame]536 Redfish.Login
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]537 # Call 'Get LDAP Configuration' to verify that LDAP configuration exists.
538 Get LDAP Configuration ${LDAP_TYPE}
Sivas SRR939b4b12019-06-26 00:01:59 -0500[diff] [blame]539 ${old_ldap_privilege}= Get LDAP Privilege
Sivas SRRcde694c2019-09-09 12:20:34 -0500[diff] [blame]540 Disable Other LDAP
Sivas SRR873de8e2019-09-26 00:37:53 -0500[diff] [blame]541 Create LDAP Configuration
542 ${hostname}= Redfish.Get Attribute ${REDFISH_NW_PROTOCOL_URI} HostName
Sivas SRR7d7bae32019-05-29 00:31:14 -0500[diff] [blame]543
544
Sivas SRR939b4b12019-06-26 00:01:59 -0500[diff] [blame]545Set Read Privilege And Check Firmware Inventory
546 [Documentation] Set read privilege and check firmware inventory.
547 [Arguments] ${read_privilege}
548
549 # Description of argument(s):
550 # read_privilege The read privilege role (e.g. "User" / "Callback").
551
552 Update LDAP Configuration with LDAP User Role And Group ${LDAP_TYPE}
553 ... ${read_privilege} ${GROUP_NAME}
554
555 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
556 # Verify that the LDAP user with read privilege is able to read inventory.
557 ${resp}= Redfish.Get /redfish/v1/UpdateService/FirmwareInventory
558 Should Be True ${resp.dict["Members@odata.count"]} >= ${1}
559 Length Should Be ${resp.dict["Members"]} ${resp.dict["Members@odata.count"]}
Sivas SRRd21c9842019-06-21 05:41:18 -0500[diff] [blame]560 Redfish.Logout
Sivas SRR939b4b12019-06-26 00:01:59 -0500[diff] [blame]561 Redfish.Login
562
563
564Set Read Privilege And Check Poweron
565 [Documentation] Set read privilege and power on should not be possible.
566 [Arguments] ${read_privilege}
567
568 # Description of argument(s):
569 # read_privilege The read privilege role (e.g. "User" / "Callback").
570
571 Update LDAP Configuration with LDAP User Role And Group ${LDAP_TYPE}
572 ... ${read_privilege} ${GROUP_NAME}
573 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
574 Redfish.Post ${REDFISH_POWER_URI}
575 ... body={'ResetType': 'On'} valid_status_codes=[401, 403]
576 Redfish.Logout
577 Redfish.Login
Sivas SRRd21c9842019-06-21 05:41:18 -0500[diff] [blame]578
579
Sivas SRR7d7bae32019-05-29 00:31:14 -0500[diff] [blame]580Get LDAP Configuration
581 [Documentation] Retrieve LDAP Configuration.
582 [Arguments] ${ldap_type}
583
584 # Description of argument(s):
585 # ldap_type The LDAP type ("ActiveDirectory" or "LDAP").
586
587 ${ldap_config}= Redfish.Get Properties ${REDFISH_BASE_URI}AccountService
588 [Return] ${ldap_config["${ldap_type}"]}
Sivas SRR108f9d32019-06-03 10:05:34 -0500[diff] [blame]589
590
591Update LDAP Configuration with LDAP User Role And Group
592 [Documentation] Update LDAP configuration update with LDAP user Role and group.
593 [Arguments] ${ldap_type} ${group_privilege} ${group_name}
594
595 # Description of argument(s):
596 # ldap_type The LDAP type ("ActiveDirectory" or "LDAP").
597 # group_privilege The group privilege ("Administrator", "Operator", "User" or "Callback").
598 # group_name The group name of user.
599
600 ${local_role_remote_group}= Create Dictionary LocalRole=${group_privilege} RemoteGroup=${group_name}
601 ${remote_role_mapping}= Create List ${local_role_remote_group}
602 ${ldap_data}= Create Dictionary RemoteRoleMapping=${remote_role_mapping}
603 ${payload}= Create Dictionary ${ldap_type}=${ldap_data}
604 Redfish.Patch ${REDFISH_BASE_URI}AccountService body=&{payload}
Sivas SRR939b4b12019-06-26 00:01:59 -0500[diff] [blame]605 # Provide adequate time for LDAP daemon to restart after the update.
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]606 Sleep 15s
Sivas SRR108f9d32019-06-03 10:05:34 -0500[diff] [blame]607
Sivas SRRf4ec6492019-06-16 01:59:30 -0500[diff] [blame]608
609Get LDAP Privilege
610 [Documentation] Get LDAP privilege and return it.
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]611
Sivas SRRf4ec6492019-06-16 01:59:30 -0500[diff] [blame]612 ${ldap_config}= Get LDAP Configuration ${LDAP_TYPE}
Sivas SRRe9a47862019-08-05 07:13:43 -0500[diff] [blame]613 ${num_list_entries}= Get Length ${ldap_config["RemoteRoleMapping"]}
614 Return From Keyword If ${num_list_entries} == ${0} @{EMPTY}
615
Sivas SRRf4ec6492019-06-16 01:59:30 -0500[diff] [blame]616 [Return] ${ldap_config["RemoteRoleMapping"][0]["LocalRole"]}
617
618
619Restore LDAP Privilege
620 [Documentation] Restore the LDAP privilege to its original value.
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]621
Sivas SRR939b4b12019-06-26 00:01:59 -0500[diff] [blame]622 Return From Keyword If '${old_ldap_privilege}' == '${EMPTY}'
623 # Log back in to restore the original privilege.
Sivas SRRf4ec6492019-06-16 01:59:30 -0500[diff] [blame]624 Update LDAP Configuration with LDAP User Role And Group ${LDAP_TYPE}
625 ... ${old_ldap_privilege} ${GROUP_NAME}