Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / openbmc-test-automation / 939b4b1904c9da640ca8dccb0502cb78232425f4 / . / redfish / account_service / test_ldap_configuration.robot
blob: a719dd495ba2b6d0cd0511a99bcfac07d438f274 [file] [log] [blame]
Sivas SRR7d7bae32019-05-29 00:31:14 -0500[diff] [blame]1*** Settings ***
2Documentation Test Redfish LDAP user configuration.
3
Sivas SRRd21c9842019-06-21 05:41:18 -0500[diff] [blame]4Library ../../lib/gen_robot_valid.py
Sivas SRR7d7bae32019-05-29 00:31:14 -0500[diff] [blame]5Resource ../../lib/resource.robot
6Resource ../../lib/bmc_redfish_resource.robot
7Resource ../../lib/openbmc_ffdc.robot
Sivas SRRf4ec6492019-06-16 01:59:30 -0500[diff] [blame]8Library ../../lib/gen_robot_valid.py
Sivas SRR7d7bae32019-05-29 00:31:14 -0500[diff] [blame]9
10Suite Setup Suite Setup Execution
Sivas SRR939b4b12019-06-26 00:01:59 -0500[diff] [blame^]11Suite Teardown Run Keywords Restore LDAP Privilege AND Redfish.Logout
Sivas SRRf4ec6492019-06-16 01:59:30 -0500[diff] [blame]12Test Teardown FFDC On Test Case Fail
Sivas SRR7d7bae32019-05-29 00:31:14 -0500[diff] [blame]13
Sivas SRR9358b5c2019-06-06 04:57:03 -0500[diff] [blame]14Force Tags LDAP_Test
15
Sivas SRRf4ec6492019-06-16 01:59:30 -0500[diff] [blame]16*** Variables ***
17${old_ldap_privilege} ${EMPTY}
Sivas SRRd21c9842019-06-21 05:41:18 -0500[diff] [blame]18&{old_account_service} &{EMPTY}
Sivas SRRf4ec6492019-06-16 01:59:30 -0500[diff] [blame]19
Sivas SRR7d7bae32019-05-29 00:31:14 -0500[diff] [blame]20** Test Cases **
21
22Verify LDAP Configuration Exist
23 [Documentation] Verify LDAP configuration is available.
24 [Tags] Verify_LDAP_Configuration_Exist
25
26 ${resp}= Redfish.Get Attribute ${REDFISH_BASE_URI}AccountService
27 ... ${LDAP_TYPE} default=${EMPTY}
28 Should Not Be Empty ${resp} msg=LDAP configuration is not defined.
29
30
31Verify LDAP User Login
32 [Documentation] Verify LDAP user able to login into BMC.
33 [Tags] Verify_LDAP_User_Login
34
35 ${resp}= Run Keyword And Return Status Redfish.Login ${LDAP_USER}
36 ... ${LDAP_USER_PASSWORD}
37 Should Be Equal ${resp} ${True} msg=LDAP user is not able to login.
Sivas SRR939b4b12019-06-26 00:01:59 -0500[diff] [blame^]38 Redfish.Logout
39 Redfish.Login
Sivas SRR7d7bae32019-05-29 00:31:14 -0500[diff] [blame]40
41
42Verify LDAP Service Available
43 [Documentation] Verify LDAP service is available.
44 [Tags] Verify_LDAP_Service_Available
45
46 @{ldap_configuration}= Get LDAP Configuration ${LDAP_TYPE}
47 Should Contain ${ldap_configuration} LDAPService
48 ... msg=LDAPService is not available.
49
50
Sivas SRR108f9d32019-06-03 10:05:34 -0500[diff] [blame]51Verify LDAP Login Works After BMC Reboot
52 [Documentation] Verify LDAP login works after BMC reboot.
53 [Tags] Verify_LDAP_Login_Works_After_BMC_Reboot
54
55 Redfish OBMC Reboot (off)
56 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
57 Redfish.Logout
Sivas SRR939b4b12019-06-26 00:01:59 -0500[diff] [blame^]58 Redfish.Login
Sivas SRR108f9d32019-06-03 10:05:34 -0500[diff] [blame]59
60
61Verify LDAP User With Admin Privilege Able To Do BMC Reboot
62 [Documentation] Verify LDAP user with administrator privilege able to do BMC reboot.
63 [Tags] Verify_LDAP_User_With_Admin_Privilege_Able_To_Do_BMC_Reboot
64
65
66 Update LDAP Configuration with LDAP User Role And Group ${LDAP_TYPE}
67 ... ${GROUP_PRIVILEGE} ${GROUP_NAME}
68 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
69 # With LDAP user and with right privilege trying to do BMC reboot.
70 Redfish OBMC Reboot (off)
71 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
72 Redfish.Logout
Sivas SRR939b4b12019-06-26 00:01:59 -0500[diff] [blame^]73 Redfish.Login
Sivas SRR108f9d32019-06-03 10:05:34 -0500[diff] [blame]74
75
Sivas SRRf4ec6492019-06-16 01:59:30 -0500[diff] [blame]76Verify LDAP User With Operator Privilege Able To Do Host Poweron
Sivas SRR939b4b12019-06-26 00:01:59 -0500[diff] [blame^]77 [Documentation] Verify LDAP user with operator privilege can do host power on.
Sivas SRRf4ec6492019-06-16 01:59:30 -0500[diff] [blame]78 [Tags] Verify_LDAP_User_With_Operator_Privilege_Able_To_Do_Host_Poweron
79 [Teardown] Restore LDAP Privilege
80
Sivas SRRf4ec6492019-06-16 01:59:30 -0500[diff] [blame]81 Update LDAP Configuration with LDAP User Role And Group ${LDAP_TYPE}
82 ... Operator ${GROUP_NAME}
Sivas SRRf4ec6492019-06-16 01:59:30 -0500[diff] [blame]83
84 ${ldap_config}= Redfish.Get Properties ${REDFISH_BASE_URI}AccountService
85 ${new_ldap_privilege}= Set Variable
86 ... ${ldap_config["LDAP"]["RemoteRoleMapping"][0]["LocalRole"]}
87 Should Be Equal ${new_ldap_privilege} Operator
88 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
89 # Verify that the LDAP user with operator privilege is able to power the system on.
90 Redfish Power On
91 Redfish.Logout
Sivas SRR939b4b12019-06-26 00:01:59 -0500[diff] [blame^]92 Redfish.Login
Sivas SRRf4ec6492019-06-16 01:59:30 -0500[diff] [blame]93
94
Sivas SRRd21c9842019-06-21 05:41:18 -0500[diff] [blame]95Verify AccountLockout Attributes Set To Zero
96 [Documentation] Verify attribute AccountLockoutDuration and
97 ... AccountLockoutThreshold are set to 0.
98 [Teardown] Run Keywords Restore AccountLockout Attributes AND
99 ... FFDC On Test Case Fail
100 [Tags] Verify_AccountLockout_Attributes_Set_To_Zero
101
102 ${old_account_service}= Redfish.Get Properties
103 ... ${REDFISH_BASE_URI}AccountService
104 Rprint Vars old_account_service fmt=terse
105 Redfish.Patch ${REDFISH_BASE_URI}AccountService
106 ... body=[('AccountLockoutDuration', 0)]
107 Redfish.Patch ${REDFISH_BASE_URI}AccountService
108 ... body=[('AccountLockoutThreshold', 0)]
109
110
Sivas SRR939b4b12019-06-26 00:01:59 -0500[diff] [blame^]111Verify LDAP User With Read Privilege Able To Check Inventory
112 [Documentation] Verify LDAP user with read privilege able to
113 ... read firmware inventory.
114 [Tags] Verify_LDAP_User_With_Read_Privilege_Able_To_Check_Inventory
115 [Teardown] Run Keywords FFDC On Test Case Fail AND Restore LDAP Privilege
116 [Template] Set Read Privilege And Check Firmware Inventory
117
118 User
119 Callback
120
121
122Verify LDAP User With Read Privilege Should Not Do Host Poweron
123 [Documentation] Verify LDAP user with read privilege should not be
124 ... allowed to power on the host.
125 [Tags] Verify_LDAP_User_With_Read_Privilege_Should_Not_Do_Host_Poweron
126 [Teardown] Run Keywords FFDC On Test Case Fail AND Restore LDAP Privilege
127 [Template] Set Read Privilege And Check Poweron
128
129 User
130 Callback
131
132
Sivas SRR7d7bae32019-05-29 00:31:14 -0500[diff] [blame]133*** Keywords ***
Sivas SRRd21c9842019-06-21 05:41:18 -0500[diff] [blame]134
135Restore AccountLockout Attributes
136 [Documentation] Restore AccountLockout Attributes.
137
138 Return From Keyword If &{old_account_service} == &{EMPTY}
139 Redfish.Patch ${REDFISH_BASE_URI}AccountService
140 ... body=[('AccountLockoutDuration', ${old_account_service['AccountLockoutDuration']})]
141 Redfish.Patch ${REDFISH_BASE_URI}AccountService
142 ... body=[('AccountLockoutDuration', ${old_account_service['AccountLockoutThreshold']})]
143
144
Sivas SRR7d7bae32019-05-29 00:31:14 -0500[diff] [blame]145Suite Setup Execution
146 [Documentation] Do suite setup tasks.
147
Sivas SRRd21c9842019-06-21 05:41:18 -0500[diff] [blame]148 Rvalid Value LDAP_TYPE valid_values=["ActiveDirectory", "LDAP"]
Sivas SRRf4ec6492019-06-16 01:59:30 -0500[diff] [blame]149 Rvalid Value LDAP_USER
150 Rvalid Value LDAP_USER_PASSWORD
151 Rvalid Value GROUP_PRIVILEGE
152 Rvalid Value GROUP_NAME
153 Redfish.Login
154 # Call 'Get LDAP Configuration' to verify that LDAP configuration exists.
Sivas SRR7d7bae32019-05-29 00:31:14 -0500[diff] [blame]155 Get LDAP Configuration ${LDAP_TYPE}
Sivas SRR939b4b12019-06-26 00:01:59 -0500[diff] [blame^]156 ${old_ldap_privilege}= Get LDAP Privilege
Sivas SRR7d7bae32019-05-29 00:31:14 -0500[diff] [blame]157
158
Sivas SRR939b4b12019-06-26 00:01:59 -0500[diff] [blame^]159Set Read Privilege And Check Firmware Inventory
160 [Documentation] Set read privilege and check firmware inventory.
161 [Arguments] ${read_privilege}
162
163 # Description of argument(s):
164 # read_privilege The read privilege role (e.g. "User" / "Callback").
165
166 Update LDAP Configuration with LDAP User Role And Group ${LDAP_TYPE}
167 ... ${read_privilege} ${GROUP_NAME}
168
169 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
170 # Verify that the LDAP user with read privilege is able to read inventory.
171 ${resp}= Redfish.Get /redfish/v1/UpdateService/FirmwareInventory
172 Should Be True ${resp.dict["Members@odata.count"]} >= ${1}
173 Length Should Be ${resp.dict["Members"]} ${resp.dict["Members@odata.count"]}
Sivas SRRd21c9842019-06-21 05:41:18 -0500[diff] [blame]174 Redfish.Logout
Sivas SRR939b4b12019-06-26 00:01:59 -0500[diff] [blame^]175 Redfish.Login
176
177
178Set Read Privilege And Check Poweron
179 [Documentation] Set read privilege and power on should not be possible.
180 [Arguments] ${read_privilege}
181
182 # Description of argument(s):
183 # read_privilege The read privilege role (e.g. "User" / "Callback").
184
185 Update LDAP Configuration with LDAP User Role And Group ${LDAP_TYPE}
186 ... ${read_privilege} ${GROUP_NAME}
187 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
188 Redfish.Post ${REDFISH_POWER_URI}
189 ... body={'ResetType': 'On'} valid_status_codes=[401, 403]
190 Redfish.Logout
191 Redfish.Login
Sivas SRRd21c9842019-06-21 05:41:18 -0500[diff] [blame]192
193
Sivas SRR7d7bae32019-05-29 00:31:14 -0500[diff] [blame]194Get LDAP Configuration
195 [Documentation] Retrieve LDAP Configuration.
196 [Arguments] ${ldap_type}
197
198 # Description of argument(s):
199 # ldap_type The LDAP type ("ActiveDirectory" or "LDAP").
200
201 ${ldap_config}= Redfish.Get Properties ${REDFISH_BASE_URI}AccountService
202 [Return] ${ldap_config["${ldap_type}"]}
Sivas SRR108f9d32019-06-03 10:05:34 -0500[diff] [blame]203
204
205Update LDAP Configuration with LDAP User Role And Group
206 [Documentation] Update LDAP configuration update with LDAP user Role and group.
207 [Arguments] ${ldap_type} ${group_privilege} ${group_name}
208
209 # Description of argument(s):
210 # ldap_type The LDAP type ("ActiveDirectory" or "LDAP").
211 # group_privilege The group privilege ("Administrator", "Operator", "User" or "Callback").
212 # group_name The group name of user.
213
214 ${local_role_remote_group}= Create Dictionary LocalRole=${group_privilege} RemoteGroup=${group_name}
215 ${remote_role_mapping}= Create List ${local_role_remote_group}
216 ${ldap_data}= Create Dictionary RemoteRoleMapping=${remote_role_mapping}
217 ${payload}= Create Dictionary ${ldap_type}=${ldap_data}
218 Redfish.Patch ${REDFISH_BASE_URI}AccountService body=&{payload}
Sivas SRR939b4b12019-06-26 00:01:59 -0500[diff] [blame^]219 # Provide adequate time for LDAP daemon to restart after the update.
220 Sleep 10s
Sivas SRR108f9d32019-06-03 10:05:34 -0500[diff] [blame]221
Sivas SRRf4ec6492019-06-16 01:59:30 -0500[diff] [blame]222
223Get LDAP Privilege
224 [Documentation] Get LDAP privilege and return it.
225
226 ${ldap_config}= Get LDAP Configuration ${LDAP_TYPE}
227 [Return] ${ldap_config["RemoteRoleMapping"][0]["LocalRole"]}
228
229
230Restore LDAP Privilege
231 [Documentation] Restore the LDAP privilege to its original value.
232
Sivas SRR939b4b12019-06-26 00:01:59 -0500[diff] [blame^]233 Return From Keyword If '${old_ldap_privilege}' == '${EMPTY}'
234 # Log back in to restore the original privilege.
Sivas SRRf4ec6492019-06-16 01:59:30 -0500[diff] [blame]235 Update LDAP Configuration with LDAP User Role And Group ${LDAP_TYPE}
236 ... ${old_ldap_privilege} ${GROUP_NAME}