Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / openbmc-test-automation / 7c075e967d2bb8d36aa3247c5bb49466ef3fbe7f / . / redfish / account_service / test_ldap_configuration.robot
blob: 2cb31eec8dcb79265f9712aacd1fe8aacf52c546 [file] [log] [blame]
Sivas SRR7d7bae32019-05-29 00:31:14 -0500[diff] [blame]1*** Settings ***
2Documentation Test Redfish LDAP user configuration.
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]3
Sivas SRRd21c9842019-06-21 05:41:18 -0500[diff] [blame]4Library ../../lib/gen_robot_valid.py
Sivas SRR7d7bae32019-05-29 00:31:14 -0500[diff] [blame]5Resource ../../lib/resource.robot
6Resource ../../lib/bmc_redfish_resource.robot
7Resource ../../lib/openbmc_ffdc.robot
Sivas SRRf4ec6492019-06-16 01:59:30 -0500[diff] [blame]8Library ../../lib/gen_robot_valid.py
Prashanth Katti3dc8cc32020-03-04 11:11:01 -0600[diff] [blame]9Resource ../../lib/bmc_network_utils.robot
Sivas SRR7d7bae32019-05-29 00:31:14 -0500[diff] [blame]10
11Suite Setup Suite Setup Execution
Sivas SRR939b4b12019-06-26 00:01:59 -0500[diff] [blame]12Suite Teardown Run Keywords Restore LDAP Privilege AND Redfish.Logout
Sivas SRRf4ec6492019-06-16 01:59:30 -0500[diff] [blame]13Test Teardown FFDC On Test Case Fail
Sivas SRR7d7bae32019-05-29 00:31:14 -0500[diff] [blame]14
Sivas SRR9358b5c2019-06-06 04:57:03 -0500[diff] [blame]15Force Tags LDAP_Test
16
Sivas SRRf4ec6492019-06-16 01:59:30 -0500[diff] [blame]17*** Variables ***
Sivas SRR873de8e2019-09-26 00:37:53 -0500[diff] [blame]18${old_ldap_privilege} ${EMPTY}
Sivas SRRd21c9842019-06-21 05:41:18 -0500[diff] [blame]19&{old_account_service} &{EMPTY}
Sivas SRR873de8e2019-09-26 00:37:53 -0500[diff] [blame]20&{old_ldap_config} &{EMPTY}
21${hostname} ${EMPTY}
Prashanth Katti3dc8cc32020-03-04 11:11:01 -0600[diff] [blame]22${test_ip} 10.6.6.6
23${test_mask} 255.255.255.0
24${test_gw} 10.6.6.1
Sivas SRRf4ec6492019-06-16 01:59:30 -0500[diff] [blame]25
Sivas SRR7d7bae32019-05-29 00:31:14 -0500[diff] [blame]26** Test Cases **
27
Sivas SRRb1b85752019-07-04 01:28:28 -0500[diff] [blame]28Verify LDAP Configuration Created
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]29 [Documentation] Verify that LDAP configuration created.
Sivas SRRb1b85752019-07-04 01:28:28 -0500[diff] [blame]30 [Tags] Verify_LDAP_Configuration_Created
31
32 Create LDAP Configuration
33 # Call 'Get LDAP Configuration' to verify that LDAP configuration exists.
34 Get LDAP Configuration ${LDAP_TYPE}
35 Sleep 10s
36 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
37 Redfish.Logout
38 Redfish.Login
39
40
41Verify LDAP Service Disable
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]42 [Documentation] Verify that LDAP is disabled and that LDAP user cannot
43 ... login.
Sivas SRRb1b85752019-07-04 01:28:28 -0500[diff] [blame]44 [Tags] Verify_LDAP_Service_Disable
45
46 Redfish.Patch ${REDFISH_BASE_URI}AccountService
47 ... body={'${LDAP_TYPE}': {'ServiceEnabled': ${False}}}
48 Sleep 15s
49 ${resp}= Run Keyword And Return Status Redfish.Login ${LDAP_USER}
50 ... ${LDAP_USER_PASSWORD}
George Keishing333bb722019-12-11 11:40:49 -0600[diff] [blame]51 Should Be Equal ${resp} ${False}
52 ... msg=LDAP user was able to login even though the LDAP service was disabled.
Sivas SRRb1b85752019-07-04 01:28:28 -0500[diff] [blame]53 Redfish.Logout
54 Redfish.Login
55 # Enabling LDAP so that LDAP user works.
56 Redfish.Patch ${REDFISH_BASE_URI}AccountService
57 ... body={'${LDAP_TYPE}': {'ServiceEnabled': ${True}}}
58 Redfish.Logout
59 Redfish.Login
60
61
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]62Verify LDAP Login With ServiceEnabled
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]63 [Documentation] Verify that LDAP Login with ServiceEnabled.
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]64 [Tags] Verify_LDAP_Login_With_ServiceEnabled
65
66 Disable Other LDAP
67 # Actual service enablement.
68 Redfish.Patch ${REDFISH_BASE_URI}AccountService
69 ... body={'${LDAP_TYPE}': {'ServiceEnabled': ${True}}}
70 Sleep 15s
71 # After update, LDAP login.
72 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
73 Redfish.Logout
74 Redfish.Login
75
76
77Verify LDAP Login With Correct AuthenticationType
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]78 [Documentation] Verify that LDAP Login with right AuthenticationType.
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]79 [Tags] Verify_LDAP_Login_With_Correct_AuthenticationType
80
81 Redfish.Patch ${REDFISH_BASE_URI}AccountService
82 ... body={'${ldap_type}': {'Authentication': {'AuthenticationType':'UsernameAndPassword'}}}
83 Sleep 15s
84 # After update, LDAP login.
85 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
86 Redfish.Logout
87 Redfish.Login
88
89
90Verify LDAP Config Update With Incorrect AuthenticationType
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]91 [Documentation] Verify that invalid AuthenticationType is not updated.
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]92 [Tags] Verify_LDAP_Update_With_Incorrect_AuthenticationType
93
George Keishing2d0804e2019-12-12 22:27:05 -0600[diff] [blame]94 ${body}= Catenate {'${ldap_type}': {'Authentication': {'AuthenticationType':'KerberosKeytab'}}}
Prashanth Katti7d38a092020-01-10 06:01:09 -0600[diff] [blame]95
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]96 Redfish.Patch ${REDFISH_BASE_URI}AccountService
Prashanth Katti7d38a092020-01-10 06:01:09 -0600[diff] [blame]97 ... body=${body} valid_status_codes=[400]
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]98
99
100Verify LDAP Login With Correct LDAP URL
101 [Documentation] Verify LDAP Login with right LDAP URL.
102 [Tags] Verify_LDAP_Login_With_Correct_LDAP_URL
103
104 Config LDAP URL ${LDAP_SERVER_URI}
105
106
107Verify LDAP Config Update With Incorrect LDAP URL
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]108 [Documentation] Verify that LDAP Login fails with invalid LDAP URL.
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]109 [Tags] Verify_LDAP_Config_Update_With_Incorrect_LDAP_URL
110 [Teardown] Run Keywords Restore LDAP URL AND
111 ... FFDC On Test Case Fail
112
Prashanth Katti7d38a092020-01-10 06:01:09 -0600[diff] [blame]113 Config LDAP URL ldap://1.2.3.4/ ${FALSE}
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]114
Sivas SRR7d7bae32019-05-29 00:31:14 -0500[diff] [blame]115Verify LDAP Configuration Exist
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]116 [Documentation] Verify that LDAP configuration is available.
Sivas SRR7d7bae32019-05-29 00:31:14 -0500[diff] [blame]117 [Tags] Verify_LDAP_Configuration_Exist
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]118
Sivas SRR7d7bae32019-05-29 00:31:14 -0500[diff] [blame]119 ${resp}= Redfish.Get Attribute ${REDFISH_BASE_URI}AccountService
120 ... ${LDAP_TYPE} default=${EMPTY}
121 Should Not Be Empty ${resp} msg=LDAP configuration is not defined.
122
123
124Verify LDAP User Login
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]125 [Documentation] Verify that LDAP user able to login into BMC.
Sivas SRR7d7bae32019-05-29 00:31:14 -0500[diff] [blame]126 [Tags] Verify_LDAP_User_Login
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]127
128 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
Sivas SRR939b4b12019-06-26 00:01:59 -0500[diff] [blame]129 Redfish.Logout
130 Redfish.Login
Sivas SRR7d7bae32019-05-29 00:31:14 -0500[diff] [blame]131
132
133Verify LDAP Service Available
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]134 [Documentation] Verify that LDAP service is available.
Sivas SRR7d7bae32019-05-29 00:31:14 -0500[diff] [blame]135 [Tags] Verify_LDAP_Service_Available
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]136
Sivas SRR7d7bae32019-05-29 00:31:14 -0500[diff] [blame]137 @{ldap_configuration}= Get LDAP Configuration ${LDAP_TYPE}
138 Should Contain ${ldap_configuration} LDAPService
139 ... msg=LDAPService is not available.
140
141
Sivas SRR108f9d32019-06-03 10:05:34 -0500[diff] [blame]142Verify LDAP Login Works After BMC Reboot
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]143 [Documentation] Verify that LDAP login works after BMC reboot.
Sivas SRR108f9d32019-06-03 10:05:34 -0500[diff] [blame]144 [Tags] Verify_LDAP_Login_Works_After_BMC_Reboot
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]145
Sivas SRR108f9d32019-06-03 10:05:34 -0500[diff] [blame]146 Redfish OBMC Reboot (off)
147 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
148 Redfish.Logout
Sivas SRR939b4b12019-06-26 00:01:59 -0500[diff] [blame]149 Redfish.Login
Sivas SRR108f9d32019-06-03 10:05:34 -0500[diff] [blame]150
151
152Verify LDAP User With Admin Privilege Able To Do BMC Reboot
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]153 [Documentation] Verify that LDAP user with administrator privilege able to do BMC reboot.
Sivas SRR108f9d32019-06-03 10:05:34 -0500[diff] [blame]154 [Tags] Verify_LDAP_User_With_Admin_Privilege_Able_To_Do_BMC_Reboot
155
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]156
Sivas SRR108f9d32019-06-03 10:05:34 -0500[diff] [blame]157 Update LDAP Configuration with LDAP User Role And Group ${LDAP_TYPE}
158 ... ${GROUP_PRIVILEGE} ${GROUP_NAME}
159 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
160 # With LDAP user and with right privilege trying to do BMC reboot.
161 Redfish OBMC Reboot (off)
162 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
163 Redfish.Logout
Sivas SRR939b4b12019-06-26 00:01:59 -0500[diff] [blame]164 Redfish.Login
Sivas SRR108f9d32019-06-03 10:05:34 -0500[diff] [blame]165
166
Sivas SRR2b83ec02019-07-12 11:30:20 -0500[diff] [blame]167Verify LDAP User With Operator Privilege Able To Do Host Poweroff
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]168 [Documentation] Verify that LDAP user with operator privilege can do host
169 ... power off.
Sivas SRR2b83ec02019-07-12 11:30:20 -0500[diff] [blame]170 [Tags] Verify_LDAP_User_With_Operator_Privilege_Able_To_Do_Host_Poweroff
Sivas SRRf4ec6492019-06-16 01:59:30 -0500[diff] [blame]171 [Teardown] Restore LDAP Privilege
172
Sivas SRRf4ec6492019-06-16 01:59:30 -0500[diff] [blame]173 Update LDAP Configuration with LDAP User Role And Group ${LDAP_TYPE}
174 ... Operator ${GROUP_NAME}
Sivas SRRf4ec6492019-06-16 01:59:30 -0500[diff] [blame]175
Sivas SRRf4ec6492019-06-16 01:59:30 -0500[diff] [blame]176 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
Sivas SRR2b83ec02019-07-12 11:30:20 -0500[diff] [blame]177 # Verify that the LDAP user with operator privilege is able to power the system off.
178 Redfish.Post ${REDFISH_POWER_URI}
Sivas SRR3d82b3c2019-07-12 12:20:04 -0500[diff] [blame]179 ... body={'ResetType': 'ForceOff'} valid_status_codes=[200]
Sivas SRRf4ec6492019-06-16 01:59:30 -0500[diff] [blame]180 Redfish.Logout
Sivas SRR939b4b12019-06-26 00:01:59 -0500[diff] [blame]181 Redfish.Login
Sivas SRRf4ec6492019-06-16 01:59:30 -0500[diff] [blame]182
183
Sivas SRRd21c9842019-06-21 05:41:18 -0500[diff] [blame]184Verify AccountLockout Attributes Set To Zero
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]185 [Documentation] Verify that attribute AccountLockoutDuration and
Sivas SRRd21c9842019-06-21 05:41:18 -0500[diff] [blame]186 ... AccountLockoutThreshold are set to 0.
187 [Teardown] Run Keywords Restore AccountLockout Attributes AND
188 ... FFDC On Test Case Fail
189 [Tags] Verify_AccountLockout_Attributes_Set_To_Zero
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]190
Sivas SRRd21c9842019-06-21 05:41:18 -0500[diff] [blame]191 ${old_account_service}= Redfish.Get Properties
192 ... ${REDFISH_BASE_URI}AccountService
Michael Walsh39c00512019-07-17 10:54:06 -0500[diff] [blame]193 Rprint Vars old_account_service
Sivas SRRd21c9842019-06-21 05:41:18 -0500[diff] [blame]194 Redfish.Patch ${REDFISH_BASE_URI}AccountService
195 ... body=[('AccountLockoutDuration', 0)]
196 Redfish.Patch ${REDFISH_BASE_URI}AccountService
197 ... body=[('AccountLockoutThreshold', 0)]
198
199
Sivas SRR939b4b12019-06-26 00:01:59 -0500[diff] [blame]200Verify LDAP User With Read Privilege Able To Check Inventory
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]201 [Documentation] Verify that LDAP user with read privilege able to
Sivas SRR939b4b12019-06-26 00:01:59 -0500[diff] [blame]202 ... read firmware inventory.
203 [Tags] Verify_LDAP_User_With_Read_Privilege_Able_To_Check_Inventory
204 [Teardown] Run Keywords FFDC On Test Case Fail AND Restore LDAP Privilege
205 [Template] Set Read Privilege And Check Firmware Inventory
206
Prashanth Kattiedce4a92020-01-16 07:28:39 -0600[diff] [blame]207 ReadOnly
Sivas SRR939b4b12019-06-26 00:01:59 -0500[diff] [blame]208
209
210Verify LDAP User With Read Privilege Should Not Do Host Poweron
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]211 [Documentation] Verify that LDAP user with read privilege should not be
Sivas SRR939b4b12019-06-26 00:01:59 -0500[diff] [blame]212 ... allowed to power on the host.
213 [Tags] Verify_LDAP_User_With_Read_Privilege_Should_Not_Do_Host_Poweron
214 [Teardown] Run Keywords FFDC On Test Case Fail AND Restore LDAP Privilege
215 [Template] Set Read Privilege And Check Poweron
216
Prashanth Kattiedce4a92020-01-16 07:28:39 -0600[diff] [blame]217 ReadOnly
Sivas SRR939b4b12019-06-26 00:01:59 -0500[diff] [blame]218
219
Sivas SRRe9a47862019-08-05 07:13:43 -0500[diff] [blame]220Update LDAP Group Name And Verify Operations
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]221 [Documentation] Verify that LDAP group name update and able to do right
222 ... operations.
Sivas SRRe9a47862019-08-05 07:13:43 -0500[diff] [blame]223 [Tags] Update_LDAP_Group_Name_And_Verify_Operations
224 [Template] Update LDAP Config And Verify Set Host Name
225 [Teardown] Restore LDAP Privilege
226
227 # group_name group_privilege valid_status_codes
228 ${GROUP_NAME} Administrator [${HTTP_OK}]
229 ${GROUP_NAME} Operator [${HTTP_UNAUTHORIZED}, ${HTTP_FORBIDDEN}]
Prashanth Kattiedce4a92020-01-16 07:28:39 -0600[diff] [blame]230 ${GROUP_NAME} ReadOnly [${HTTP_UNAUTHORIZED}, ${HTTP_FORBIDDEN}]
231 ${GROUP_NAME} NoAccess [${HTTP_UNAUTHORIZED}, ${HTTP_FORBIDDEN}]
Sivas SRRe9a47862019-08-05 07:13:43 -0500[diff] [blame]232 Invalid_LDAP_Group_Name Administrator [${HTTP_UNAUTHORIZED}, ${HTTP_FORBIDDEN}]
233 Invalid_LDAP_Group_Name Operator [${HTTP_UNAUTHORIZED}, ${HTTP_FORBIDDEN}]
Prashanth Kattiedce4a92020-01-16 07:28:39 -0600[diff] [blame]234 Invalid_LDAP_Group_Name ReadOnly [${HTTP_UNAUTHORIZED}, ${HTTP_FORBIDDEN}]
235 Invalid_LDAP_Group_Name NoAccess [${HTTP_UNAUTHORIZED}, ${HTTP_FORBIDDEN}]
Sivas SRRe9a47862019-08-05 07:13:43 -0500[diff] [blame]236
237
Sivas SRRa031d2d2019-08-16 07:49:52 -0500[diff] [blame]238Verify LDAP BaseDN Update And LDAP Login
239 [Documentation] Update LDAP BaseDN of LDAP configuration and verify
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]240 ... that LDAP login works.
Sivas SRRa031d2d2019-08-16 07:49:52 -0500[diff] [blame]241 [Tags] Verify_LDAP_BaseDN_Update_And_LDAP_Login
242
243
244 ${body}= Catenate {'${LDAP_TYPE}': { 'LDAPService': {'SearchSettings':
245 ... {'BaseDistinguishedNames': ['${LDAP_BASE_DN}']}}}}
246 Redfish.Patch ${REDFISH_BASE_URI}AccountService body=${body}
247 Sleep 15s
248 Redfish Verify LDAP Login
249
250
251Verify LDAP BindDN Update And LDAP Login
252 [Documentation] Update LDAP BindDN of LDAP configuration and verify
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]253 ... that LDAP login works.
Sivas SRRa031d2d2019-08-16 07:49:52 -0500[diff] [blame]254 [Tags] Verify_LDAP_BindDN_Update_And_LDAP_Login
255
256 ${body}= Catenate {'${LDAP_TYPE}': { 'Authentication':
257 ... {'AuthenticationType':'UsernameAndPassword', 'Username':
258 ... '${LDAP_BIND_DN}'}}}
259 Redfish.Patch ${REDFISH_BASE_URI}AccountService body=${body}
260 Sleep 15s
261 Redfish Verify LDAP Login
262
263
264Verify LDAP BindDN Password Update And LDAP Login
265 [Documentation] Update LDAP BindDN password of LDAP configuration and
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]266 ... verify that LDAP login works.
Sivas SRRa031d2d2019-08-16 07:49:52 -0500[diff] [blame]267 [Tags] Verify_LDAP_BindDN_Passsword_Update_And_LDAP_Login
268
269
270 ${body}= Catenate {'${LDAP_TYPE}': { 'Authentication':
271 ... {'AuthenticationType':'UsernameAndPassword', 'Password':
272 ... '${LDAP_BIND_DN_PASSWORD}'}}}
273 Redfish.Patch ${REDFISH_BASE_URI}AccountService body=${body}
274 Sleep 15s
275 Redfish Verify LDAP Login
276
277
278Verify LDAP Type Update And LDAP Login
279 [Documentation] Update LDAP type of LDAP configuration and verify
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]280 ... that LDAP login works.
Sivas SRRa031d2d2019-08-16 07:49:52 -0500[diff] [blame]281 [Tags] Verify_LDAP_Type_Update_And_LDAP_Login
282
283 Disable Other LDAP
284 Redfish.Patch ${REDFISH_BASE_URI}AccountService
285 ... body={'${LDAP_TYPE}': {'ServiceEnabled': ${True}}}
286 Sleep 15s
287 Redfish Verify LDAP Login
288
289
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]290Verify Authorization With Null Privilege
291 [Documentation] Verify the failure of LDAP authorization with empty
292 ... privilege.
293 [Tags] Verify_LDAP_Authorization_With_Null_Privilege
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]294 [Teardown] Restore LDAP Privilege
295
296 Update LDAP Config And Verify Set Host Name ${GROUP_NAME} ${EMPTY}
297 ... [${HTTP_FORBIDDEN}]
298
299
300Verify Authorization With Invalid Privilege
301 [Documentation] Verify that LDAP user authorization with wrong privilege
302 ... fails.
303 [Tags] Verify_LDAP_Authorization_With_Invalid_Privilege
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]304 [Teardown] Restore LDAP Privilege
305
306 Update LDAP Config And Verify Set Host Name ${GROUP_NAME}
307 ... Invalid_Privilege [${HTTP_FORBIDDEN}]
308
309
310Verify LDAP Login With Invalid Data
311 [Documentation] Verify that LDAP login with Invalid LDAP data and
312 ... right LDAP user fails.
313 [Tags] Verify_LDAP_Login_With_Invalid_Data
314 [Teardown] Run Keywords FFDC On Test Case Fail AND
315 ... Create LDAP Configuration
316
317 Create LDAP Configuration ${LDAP_TYPE} Invalid_LDAP_Server_URI
318 ... Invalid_LDAP_BIND_DN LDAP_BIND_DN_PASSWORD
319 ... Invalid_LDAP_BASE_DN
320 Sleep 15s
321 Redfish Verify LDAP Login ${False}
322
323
324Verify LDAP Config Creation Without BASE_DN
325 [Documentation] Verify that LDAP login with LDAP configuration
326 ... created without BASE_DN fails.
327 [Tags] Verify_LDAP_Config_Creation_Without_BASE_DN
328 [Teardown] Run Keywords FFDC On Test Case Fail AND
329 ... Create LDAP Configuration
330
331 Create LDAP Configuration ${LDAP_TYPE} Invalid_LDAP_Server_URI
332 ... Invalid_LDAP_BIND_DN LDAP_BIND_DN_PASSWORD ${EMPTY}
333 Sleep 15s
334 Redfish Verify LDAP Login ${False}
335
336
337Verify LDAP Authentication Without Password
338 [Documentation] Verify that LDAP user authentication without LDAP
339 ... user password fails.
340 [Tags] Verify_LDAP_Authentication_Without_Password
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]341
342 ${status}= Run Keyword And Return Status Redfish.Login ${LDAP_USER}
343 Valid Value status [${False}]
344
345
Sivas SRRcde694c2019-09-09 12:20:34 -0500[diff] [blame]346Verify LDAP Login With Invalid BASE_DN
347 [Documentation] Verify that LDAP login with invalid BASE_DN and
348 ... valid LDAP user fails.
349 [Tags] Verify_LDAP_Login_With_Invalid_BASE_DN
350 [Teardown] Run Keywords FFDC On Test Case Fail AND
351 ... Create LDAP Configuration
352
353 Create LDAP Configuration ${LDAP_TYPE} ${LDAP_SERVER_URI}
354 ... ${LDAP_BIND_DN} ${LDAP_BIND_DN_PASSWORD} Invalid_LDAP_BASE_DN
355 Sleep 15s
356 Redfish Verify LDAP Login ${False}
357
358
359Verify LDAP Login With Invalid BIND_DN_PASSWORD
360 [Documentation] Verify that LDAP login with invalid BIND_DN_PASSWORD and
361 ... valid LDAP user fails.
362 [Tags] Verify_LDAP_Login_With_Invalid_BIND_DN_PASSWORD
363 [Teardown] Run Keywords FFDC On Test Case Fail AND
364 ... Create LDAP Configuration
365
366 Create LDAP Configuration ${LDAP_TYPE} ${LDAP_SERVER_URI}
367 ... ${LDAP_BIND_DN} INVALID_LDAP_BIND_DN_PASSWORD ${LDAP_BASE_DN}
368 Sleep 15s
369 Redfish Verify LDAP Login ${False}
370
371
372Verify LDAP Login With Invalid BASE_DN And Invalid BIND_DN
373 [Documentation] Verify that LDAP login with invalid BASE_DN and invalid
374 ... BIND_DN and valid LDAP user fails.
375 [Tags] Verify_LDAP_Login_With_Invalid_BASE_DN_And_Invalid_BIND_DN
376 [Teardown] Run Keywords FFDC On Test Case Fail AND
377 ... Create LDAP Configuration
378
379 Create LDAP Configuration ${LDAP_TYPE} ${LDAP_SERVER_URI}
380 ... INVALID_LDAP_BIND_DN ${LDAP_BIND_DN_PASSWORD} INVALID_LDAP_BASE_DN
381 Sleep 15s
382 Redfish Verify LDAP Login ${False}
383
384
385Verify Group Name And Group Privilege Able To Modify
386 [Documentation] Verify that LDAP group name and group privilege able to
387 ... modify.
388 [Tags] Verify_Group_Name_And_Group_Privilege_Able_To_Modify
Sivas SRR873de8e2019-09-26 00:37:53 -0500[diff] [blame]389 [Setup] Update LDAP Configuration with LDAP User Role And Group
Sivas SRRcde694c2019-09-09 12:20:34 -0500[diff] [blame]390 ... ${LDAP_TYPE} Operator ${GROUP_NAME}
391
392 Update LDAP Configuration with LDAP User Role And Group ${LDAP_TYPE}
393 ... Administrator ${GROUP_NAME}
394
395
396Verify LDAP Login With Invalid BIND_DN
397 [Documentation] Verify that LDAP login with invalid BIND_DN and
398 ... valid LDAP user fails.
399 [Tags] Verify_LDAP_Login_With_Invalid_BIND_DN
400 [Teardown] Run Keywords FFDC On Test Case Fail AND
401 ... Create LDAP Configuration
402
403 Create LDAP Configuration ${LDAP_TYPE} ${LDAP_SERVER_URI}
404 ... Invalid_LDAP_BIND_DN ${LDAP_BIND_DN_PASSWORD} ${LDAP_BASE_DN}
405 Sleep 15s
406 Redfish Verify LDAP Login ${False}
407
408
409Verify LDAP Authentication With Invalid LDAP User
410 [Documentation] Verify that LDAP user authentication for user not exist
411 ... in LDAP server and fails.
412 [Tags] Verify_LDAP_Authentication_With_Invalid_LDAP_User
Sivas SRRcde694c2019-09-09 12:20:34 -0500[diff] [blame]413
414 ${status}= Run Keyword And Return Status Redfish.Login INVALID_LDAP_USER
415 ... ${LDAP_USER_PASSWORD}
416 Valid Value status [${False}]
417
418
Prashanth Kattife798812020-01-31 07:04:26 -0600[diff] [blame]419Update LDAP User Roles And Verify Host Poweroff Operation
420 [Documentation] Update LDAP user roles and verify host poweroff operation.
421 [Tags] Update_LDAP_User_Roles_And_Verify_Host_Poweroff_Operation
422 [Teardown] Restore LDAP Privilege
423
424 [Template] Update LDAP User Role And Host Poweroff
425 # ldap_type group_privilege group_name valid_status_codes
426
427 # Verify LDAP user with NoAccess privilege not able to do host poweroff.
428 ${LDAP_TYPE} NoAccess ${GROUP_NAME} ${HTTP_FORBIDDEN}
429
430 # Verify LDAP user with ReadOnly privilege not able to do host poweroff.
431 ${LDAP_TYPE} ReadOnly ${GROUP_NAME} ${HTTP_FORBIDDEN}
432
433 # Verify LDAP user with Operator privilege able to do host poweroff.
434 ${LDAP_TYPE} Operator ${GROUP_NAME} ${HTTP_OK}
435
436 # Verify LDAP user with Administrator privilege able to do host poweroff.
437 ${LDAP_TYPE} Administrator ${GROUP_NAME} ${HTTP_OK}
438
439
Prashanth Kattia4f79292020-02-20 03:34:01 -0600[diff] [blame]440Update LDAP User Roles And Verify Host Poweron Operation
441 [Documentation] Update LDAP user roles and verify host poweron operation.
442 [Tags] Update_LDAP_User_Roles_And_Verify_Host_Poweron_Operation
443 [Teardown] Restore LDAP Privilege
444
445 [Template] Update LDAP User Role And Host Poweron
446 # ldap_type group_privilege group_name valid_status_codes
447
448 # Verify LDAP user with NoAccess privilege not able to do host poweron.
449 ${LDAP_TYPE} NoAccess ${GROUP_NAME} ${HTTP_FORBIDDEN}
450
451 # Verify LDAP user with ReadOnly privilege not able to do host poweron.
452 ${LDAP_TYPE} ReadOnly ${GROUP_NAME} ${HTTP_FORBIDDEN}
453
454 # Verify LDAP user with Operator privilege able to do host poweron.
455 ${LDAP_TYPE} Operator ${GROUP_NAME} ${HTTP_OK}
456
457 # Verify LDAP user with Administrator privilege able to do host poweron.
458 ${LDAP_TYPE} Administrator ${GROUP_NAME} ${HTTP_OK}
459
460
Prashanth Katti3dc8cc32020-03-04 11:11:01 -0600[diff] [blame]461Configure IP Address Via Different User Roles And Verify
462 [Documentation] Configure IP address via different user roles and verify.
463 [Tags] Configure_IP_Address_Via_Different_User_Roles_And_Verify
464 [Teardown] Restore LDAP Privilege
465
466 [Template] Update LDAP User Role And Configure IP Address
467 # Verify LDAP user with Administrator privilege is able to configure IP address.
468 ${LDAP_TYPE} Administrator ${GROUP_NAME} ${HTTP_OK}
469
470 # Verify LDAP user with ReadOnly privilege is forbidden to configure IP address.
471 ${LDAP_TYPE} ReadOnly ${GROUP_NAME} ${HTTP_FORBIDDEN}
472
473 # Verify LDAP user with NoAccess privilege is forbidden to configure IP address.
Prashanth Katti67e06202020-05-20 06:16:51 -0500[diff] [blame]474 ${LDAP_TYPE} NoAccess ${GROUP_NAME} ${HTTP_FORBIDDEN}
Prashanth Katti3dc8cc32020-03-04 11:11:01 -0600[diff] [blame]475
476 # Verify LDAP user with Operator privilege is able to configure IP address.
477 ${LDAP_TYPE} Operator ${GROUP_NAME} ${HTTP_OK}
478
479
Prashanth Kattif90c4742020-03-18 11:08:47 -0500[diff] [blame]480Delete IP Address Via Different User Roles And Verify
481 [Documentation] Delete IP address via different user roles and verify.
482 [Tags] Delete_IP_Address_Via_Different_User_Roles_And_Verify
483 [Teardown] Run Keywords Restore LDAP Privilege AND FFDC On Test Case Fail
484
485 [Template] Update LDAP User Role And Delete IP Address
486 # Verify LDAP user with Administrator privilege is able to delete IP address.
487 ${LDAP_TYPE} Administrator ${GROUP_NAME} ${HTTP_OK}
488
489 # Verify LDAP user with ReadOnly privilege is forbidden to delete IP address.
490 ${LDAP_TYPE} ReadOnly ${GROUP_NAME} ${HTTP_FORBIDDEN}
491
492 # Verify LDAP user with NoAccess privilege is forbidden to delete IP address.
Prashanth Katti67e06202020-05-20 06:16:51 -0500[diff] [blame]493 ${LDAP_TYPE} NoAccess ${GROUP_NAME} ${HTTP_FORBIDDEN}
Prashanth Kattif90c4742020-03-18 11:08:47 -0500[diff] [blame]494
495 # Verify LDAP user with Operator privilege is able to delete IP address.
496 ${LDAP_TYPE} Operator ${GROUP_NAME} ${HTTP_OK}
497
498
Prashanth Katti67e06202020-05-20 06:16:51 -0500[diff] [blame]499Read Network Configuration Via Different User Roles And Verify
500 [Documentation] Read network configuraton via different user roles and verify.
501 [Tags] Read_Network_configuration_Via_Different_User_Roles_And_Verify
502 [Teardown] Restore LDAP Privilege
503
504 [Template] Update LDAP User Role And Read Network Configuration
505 ${LDAP_TYPE} Administrator ${GROUP_NAME} ${HTTP_OK}
506
507 ${LDAP_TYPE} ReadOnly ${GROUP_NAME} ${HTTP_OK}
508
509 ${LDAP_TYPE} NoAccess ${GROUP_NAME} ${HTTP_FORBIDDEN}
510
511 ${LDAP_TYPE} Operator ${GROUP_NAME} ${HTTP_OK}
512
513
Sivas SRR7d7bae32019-05-29 00:31:14 -0500[diff] [blame]514*** Keywords ***
Sivas SRRd21c9842019-06-21 05:41:18 -0500[diff] [blame]515
Sivas SRRa031d2d2019-08-16 07:49:52 -0500[diff] [blame]516Redfish Verify LDAP Login
517 [Documentation] LDAP user log into BMC.
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]518 [Arguments] ${valid_status}=${True}
519
520 # Description of argument(s):
521 # valid_status Expected status of LDAP login ("True" or "False").
Sivas SRRa031d2d2019-08-16 07:49:52 -0500[diff] [blame]522
523 # According to our repo coding rules, Redfish.Login is to be done in Suite
524 # Setup and Redfish.Logout is to be done in Suite Teardown. For any
525 # deviation from this rule (such as in this keyword), the deviant code
526 # must take steps to restore us to our original logged-in state.
527
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]528 ${status}= Run Keyword And Return Status Redfish.Login ${LDAP_USER}
529 ... ${LDAP_USER_PASSWORD}
530 Valid Value status [${valid_status}]
Sivas SRRa031d2d2019-08-16 07:49:52 -0500[diff] [blame]531 Redfish.Logout
532 Redfish.Login
533
534
Sivas SRRe9a47862019-08-05 07:13:43 -0500[diff] [blame]535Update LDAP Config And Verify Set Host Name
536 [Documentation] Update LDAP config and verify by attempting to set host name.
537 [Arguments] ${group_name} ${group_privilege}=Administrator
538 ... ${valid_status_codes}=[${HTTP_OK}]
539
540 # Description of argument(s):
541 # group_name The group name of user.
542 # group_privilege The group privilege ("Administrator",
543 # "Operator", "User" or "Callback").
544 # valid_status_codes Expected return code(s) from patch
545 # operation (e.g. "200") used to update
546 # HostName. See prolog of rest_request
547 # method in redfish_plut.py for details.
548 Update LDAP Configuration with LDAP User Role And Group ${LDAP_TYPE}
549 ... ${group_privilege} ${group_name}
550 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
551 # Verify that the LDAP user in ${group_name} with the given privilege is
552 # allowed to change the hostname.
Sivas SRRe9a47862019-08-05 07:13:43 -0500[diff] [blame]553 Redfish.Patch ${REDFISH_NW_PROTOCOL_URI} body={'HostName': '${hostname}'}
554 ... valid_status_codes=${valid_status_codes}
555 Redfish.Logout
556 Redfish.Login
557
558
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]559Disable Other LDAP
560 [Documentation] Disable other LDAP configuration.
561
562 # First disable other LDAP.
563 ${inverse_ldap_type}= Set Variable If '${LDAP_TYPE}' == 'LDAP' ActiveDirectory LDAP
564 Redfish.Patch ${REDFISH_BASE_URI}AccountService
565 ... body={'${inverse_ldap_type}': {'ServiceEnabled': ${False}}}
566 Sleep 15s
567
568
Sivas SRRb1b85752019-07-04 01:28:28 -0500[diff] [blame]569Create LDAP Configuration
570 [Documentation] Create LDAP configuration.
571 [Arguments] ${ldap_type}=${LDAP_TYPE} ${ldap_server_uri}=${LDAP_SERVER_URI}
572 ... ${ldap_bind_dn}=${LDAP_BIND_DN} ${ldap_bind_dn_password}=${LDAP_BIND_DN_PASSWORD}
573 ... ${ldap_base_dn}=${LDAP_BASE_DN}
574
575 # Description of argument(s):
576 # ldap_type The LDAP type ("ActiveDirectory" or "LDAP").
577 # ldap_server_uri LDAP server uri (e.g. ldap://XX.XX.XX.XX).
578 # ldap_bind_dn The LDAP bind distinguished name.
579 # ldap_bind_dn_password The LDAP bind distinguished name password.
580 # ldap_base_dn The LDAP base distinguished name.
581
George Keishing2d0804e2019-12-12 22:27:05 -0600[diff] [blame]582 ${body}= Catenate {'${ldap_type}':
583 ... {'ServiceEnabled': ${True},
584 ... 'ServiceAddresses': ['${ldap_server_uri}'],
585 ... 'Authentication':
586 ... {'AuthenticationType': 'UsernameAndPassword',
587 ... 'Username':'${ldap_bind_dn}',
588 ... 'Password': '${ldap_bind_dn_password}'},
589 ... 'LDAPService':
590 ... {'SearchSettings':
591 ... {'BaseDistinguishedNames': ['${ldap_base_dn}']}}}}
592
593 Redfish.Patch ${REDFISH_BASE_URI}AccountService body=${body}
Sivas SRRb1b85752019-07-04 01:28:28 -0500[diff] [blame]594 Sleep 15s
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]595
596
597Config LDAP URL
598 [Documentation] Config LDAP URL.
Prashanth Katti7d38a092020-01-10 06:01:09 -0600[diff] [blame]599 [Arguments] ${ldap_server_uri}=${LDAP_SERVER_URI} ${expected_status}=${TRUE}
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]600
601 # Description of argument(s):
602 # ldap_server_uri LDAP server uri (e.g. "ldap://XX.XX.XX.XX/").
603
Sivas SRRb1b85752019-07-04 01:28:28 -0500[diff] [blame]604 Redfish.Patch ${REDFISH_BASE_URI}AccountService
605 ... body={'${ldap_type}': {'ServiceAddresses': ['${ldap_server_uri}']}}
606 Sleep 15s
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]607 # After update, LDAP login.
Prashanth Katti7d38a092020-01-10 06:01:09 -0600[diff] [blame]608 ${status}= Run Keyword And Return Status Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
609 Valid Value status [${expected_status}]
610
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]611 Redfish.Logout
612 Redfish.Login
613
614
615Restore LDAP URL
616 [Documentation] Restore LDAP URL.
617
618 # Restoring the working LDAP server uri.
Sivas SRRb1b85752019-07-04 01:28:28 -0500[diff] [blame]619 Redfish.Patch ${REDFISH_BASE_URI}AccountService
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]620 ... body={'${ldap_type}': {'ServiceAddresses': ['${LDAP_SERVER_URI}']}}
Sivas SRRb1b85752019-07-04 01:28:28 -0500[diff] [blame]621 Sleep 15s
622
623
Sivas SRRd21c9842019-06-21 05:41:18 -0500[diff] [blame]624Restore AccountLockout Attributes
625 [Documentation] Restore AccountLockout Attributes.
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]626
Sivas SRRd21c9842019-06-21 05:41:18 -0500[diff] [blame]627 Return From Keyword If &{old_account_service} == &{EMPTY}
628 Redfish.Patch ${REDFISH_BASE_URI}AccountService
629 ... body=[('AccountLockoutDuration', ${old_account_service['AccountLockoutDuration']})]
630 Redfish.Patch ${REDFISH_BASE_URI}AccountService
631 ... body=[('AccountLockoutDuration', ${old_account_service['AccountLockoutThreshold']})]
632
633
Sivas SRR7d7bae32019-05-29 00:31:14 -0500[diff] [blame]634Suite Setup Execution
635 [Documentation] Do suite setup tasks.
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]636
Michael Walshe7edb222019-08-19 17:39:38 -0500[diff] [blame]637 Valid Value LDAP_TYPE valid_values=["ActiveDirectory", "LDAP"]
638 Valid Value LDAP_USER
639 Valid Value LDAP_USER_PASSWORD
640 Valid Value GROUP_PRIVILEGE
641 Valid Value GROUP_NAME
642 Valid Value LDAP_SERVER_URI
643 Valid Value LDAP_BIND_DN_PASSWORD
644 Valid Value LDAP_BIND_DN
645 Valid Value LDAP_BASE_DN
Sivas SRRe9a47862019-08-05 07:13:43 -0500[diff] [blame]646
Sivas SRRf4ec6492019-06-16 01:59:30 -0500[diff] [blame]647 Redfish.Login
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]648 # Call 'Get LDAP Configuration' to verify that LDAP configuration exists.
649 Get LDAP Configuration ${LDAP_TYPE}
Sivas SRR939b4b12019-06-26 00:01:59 -0500[diff] [blame]650 ${old_ldap_privilege}= Get LDAP Privilege
Prashanth Kattife798812020-01-31 07:04:26 -0600[diff] [blame]651 Set Suite Variable ${old_ldap_privilege}
Sivas SRRcde694c2019-09-09 12:20:34 -0500[diff] [blame]652 Disable Other LDAP
Sivas SRR873de8e2019-09-26 00:37:53 -0500[diff] [blame]653 Create LDAP Configuration
654 ${hostname}= Redfish.Get Attribute ${REDFISH_NW_PROTOCOL_URI} HostName
Sivas SRR7d7bae32019-05-29 00:31:14 -0500[diff] [blame]655
656
Sivas SRR939b4b12019-06-26 00:01:59 -0500[diff] [blame]657Set Read Privilege And Check Firmware Inventory
658 [Documentation] Set read privilege and check firmware inventory.
659 [Arguments] ${read_privilege}
660
661 # Description of argument(s):
662 # read_privilege The read privilege role (e.g. "User" / "Callback").
663
664 Update LDAP Configuration with LDAP User Role And Group ${LDAP_TYPE}
665 ... ${read_privilege} ${GROUP_NAME}
666
667 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
668 # Verify that the LDAP user with read privilege is able to read inventory.
669 ${resp}= Redfish.Get /redfish/v1/UpdateService/FirmwareInventory
670 Should Be True ${resp.dict["Members@odata.count"]} >= ${1}
671 Length Should Be ${resp.dict["Members"]} ${resp.dict["Members@odata.count"]}
Sivas SRRd21c9842019-06-21 05:41:18 -0500[diff] [blame]672 Redfish.Logout
Sivas SRR939b4b12019-06-26 00:01:59 -0500[diff] [blame]673 Redfish.Login
674
675
676Set Read Privilege And Check Poweron
677 [Documentation] Set read privilege and power on should not be possible.
678 [Arguments] ${read_privilege}
679
680 # Description of argument(s):
681 # read_privilege The read privilege role (e.g. "User" / "Callback").
682
683 Update LDAP Configuration with LDAP User Role And Group ${LDAP_TYPE}
684 ... ${read_privilege} ${GROUP_NAME}
685 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
686 Redfish.Post ${REDFISH_POWER_URI}
687 ... body={'ResetType': 'On'} valid_status_codes=[401, 403]
688 Redfish.Logout
689 Redfish.Login
Sivas SRRd21c9842019-06-21 05:41:18 -0500[diff] [blame]690
691
Sivas SRR7d7bae32019-05-29 00:31:14 -0500[diff] [blame]692Get LDAP Configuration
693 [Documentation] Retrieve LDAP Configuration.
694 [Arguments] ${ldap_type}
695
696 # Description of argument(s):
697 # ldap_type The LDAP type ("ActiveDirectory" or "LDAP").
698
699 ${ldap_config}= Redfish.Get Properties ${REDFISH_BASE_URI}AccountService
700 [Return] ${ldap_config["${ldap_type}"]}
Sivas SRR108f9d32019-06-03 10:05:34 -0500[diff] [blame]701
702
703Update LDAP Configuration with LDAP User Role And Group
704 [Documentation] Update LDAP configuration update with LDAP user Role and group.
705 [Arguments] ${ldap_type} ${group_privilege} ${group_name}
706
707 # Description of argument(s):
708 # ldap_type The LDAP type ("ActiveDirectory" or "LDAP").
709 # group_privilege The group privilege ("Administrator", "Operator", "User" or "Callback").
710 # group_name The group name of user.
711
712 ${local_role_remote_group}= Create Dictionary LocalRole=${group_privilege} RemoteGroup=${group_name}
713 ${remote_role_mapping}= Create List ${local_role_remote_group}
714 ${ldap_data}= Create Dictionary RemoteRoleMapping=${remote_role_mapping}
715 ${payload}= Create Dictionary ${ldap_type}=${ldap_data}
716 Redfish.Patch ${REDFISH_BASE_URI}AccountService body=&{payload}
Sivas SRR939b4b12019-06-26 00:01:59 -0500[diff] [blame]717 # Provide adequate time for LDAP daemon to restart after the update.
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]718 Sleep 15s
Sivas SRR108f9d32019-06-03 10:05:34 -0500[diff] [blame]719
Sivas SRRf4ec6492019-06-16 01:59:30 -0500[diff] [blame]720
721Get LDAP Privilege
722 [Documentation] Get LDAP privilege and return it.
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]723
Sivas SRRf4ec6492019-06-16 01:59:30 -0500[diff] [blame]724 ${ldap_config}= Get LDAP Configuration ${LDAP_TYPE}
Sivas SRRe9a47862019-08-05 07:13:43 -0500[diff] [blame]725 ${num_list_entries}= Get Length ${ldap_config["RemoteRoleMapping"]}
726 Return From Keyword If ${num_list_entries} == ${0} @{EMPTY}
727
Sivas SRRf4ec6492019-06-16 01:59:30 -0500[diff] [blame]728 [Return] ${ldap_config["RemoteRoleMapping"][0]["LocalRole"]}
729
730
731Restore LDAP Privilege
732 [Documentation] Restore the LDAP privilege to its original value.
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]733
Sivas SRR939b4b12019-06-26 00:01:59 -0500[diff] [blame]734 Return From Keyword If '${old_ldap_privilege}' == '${EMPTY}'
735 # Log back in to restore the original privilege.
Sivas SRRf4ec6492019-06-16 01:59:30 -0500[diff] [blame]736 Update LDAP Configuration with LDAP User Role And Group ${LDAP_TYPE}
737 ... ${old_ldap_privilege} ${GROUP_NAME}
Prashanth Kattife798812020-01-31 07:04:26 -0600[diff] [blame]738
739 Sleep 18s
740
741
742Update LDAP User Role And Host Poweroff
743 [Documentation] Update LDAP user role and do host poweroff.
744 [Arguments] ${ldap_type} ${group_privilege} ${group_name} ${valid_status_code}
Prashanth Kattia4f79292020-02-20 03:34:01 -0600[diff] [blame]745 [Teardown] Run Keywords Redfish.Logout AND Redfish.Login
Prashanth Kattife798812020-01-31 07:04:26 -0600[diff] [blame]746
747 # Description of argument(s):
748 # ldap_type The LDAP type ("ActiveDirectory" or "LDAP").
749 # group_privilege The group privilege ("Administrator", "Operator", "ReadOnly" or "NoAccess").
750 # group_name The group name of user.
751 # valid_status_code The expected valid status code.
752
753 Update LDAP Configuration with LDAP User Role And Group ${ldap_type}
754 ... ${group_privilege} ${group_name}
755
756 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
757
758 Redfish.Post ${REDFISH_POWER_URI}
759 ... body={'ResetType': 'ForceOff'} valid_status_codes=[${valid_status_code}]
760
Prashanth Kattia4f79292020-02-20 03:34:01 -0600[diff] [blame]761
762Update LDAP User Role And Host Poweron
763 [Documentation] Update LDAP user role and do host poweron.
764 [Arguments] ${ldap_type} ${group_privilege} ${group_name} ${valid_status_code}
765 [Teardown] Run Keywords Redfish.Logout AND Redfish.Login
766
767 # Description of argument(s):
768 # ldap_type The LDAP type ("ActiveDirectory" or "LDAP").
769 # group_privilege The group privilege ("Administrator", "Operator", "ReadOnly" or "NoAccess").
770 # group_name The group name of user.
771 # valid_status_code The expected valid status code.
772
773 Update LDAP Configuration with LDAP User Role And Group ${ldap_type}
774 ... ${group_privilege} ${group_name}
775
776 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
777
778 Redfish.Post ${REDFISH_POWER_URI}
779 ... body={'ResetType': 'On'} valid_status_codes=[${valid_status_code}]
Prashanth Katti3dc8cc32020-03-04 11:11:01 -0600[diff] [blame]780
781
782Update LDAP User Role And Configure IP Address
783 [Documentation] Update LDAP user role and configure IP address.
784 [Arguments] ${ldap_type} ${group_privilege} ${group_name} ${valid_status_code}=${HTTP_OK}
785 [Teardown] Run Keywords Redfish.Logout AND Redfish.Login AND Delete IP Address ${test_ip}
786
787 # Description of argument(s):
788 # ldap_type The LDAP type ("ActiveDirectory" or "LDAP").
789 # group_privilege The group privilege ("Administrator", "Operator", "ReadOnly" or "NoAccess").
790 # group_name The group name of user.
791 # valid_status_code The expected valid status code.
792
793 Update LDAP Configuration with LDAP User Role And Group ${ldap_type}
794 ... ${group_privilege} ${group_name}
795
796 Redfish.Logout
797
798 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
799
800 Add IP Address ${test_ip} ${test_mask} ${test_gw} ${valid_status_code}
Prashanth Kattif90c4742020-03-18 11:08:47 -0500[diff] [blame]801
802
803Update LDAP User Role And Delete IP Address
804 [Documentation] Update LDAP user role and delete IP address.
805 [Arguments] ${ldap_type} ${group_privilege} ${group_name} ${valid_status_code}=${HTTP_OK}
806 [Teardown] Run Keywords Redfish.Logout AND Redfish.Login AND Delete IP Address ${test_ip}
807
808 # Description of argument(s):
809 # ldap_type The LDAP type ("ActiveDirectory" or "LDAP").
810 # group_privilege The group privilege ("Administrator", "Operator", "ReadOnly" or "NoAccess").
811 # group_name The group name of user.
812 # valid_status_code The expected valid status code.
813
814 # Configure IP address before deleting via LDAP user roles.
815 Add IP Address ${test_ip} ${test_mask} ${test_gw}
816
817 Update LDAP Configuration with LDAP User Role And Group ${ldap_type}
818 ... ${group_privilege} ${group_name}
819
820 Redfish.Logout
821
822 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
823
824 Delete IP Address ${test_ip} ${valid_status_code}
Prashanth Katti67e06202020-05-20 06:16:51 -0500[diff] [blame]825
826
827Update LDAP User Role And Read Network Configuration
828 [Documentation] Update LDAP user role and read network configuration.
829 [Arguments] ${ldap_type} ${group_privilege} ${group_name} ${valid_status_code}=${HTTP_OK}
830 [Teardown] Run Keywords Redfish.Logout AND Redfish.Login
831
832 # Description of argument(s):
833 # ldap_type The LDAP type ("ActiveDirectory" or "LDAP").
834 # group_privilege The group privilege ("Administrator", "Operator", "ReadOnly" or "NoAccess").
835 # group_name The group name of user.
836 # valid_status_code The expected valid status code.
837
838 Update LDAP Configuration with LDAP User Role And Group ${ldap_type}
839 ... ${group_privilege} ${group_name}
840
841 Redfish.Logout
842
843 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
844 Redfish.Get ${REDFISH_NW_ETH0_URI} valid_status_codes=[${valid_status_code}]