Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / openbmc-test-automation / aa8cda9fe12e5a82c4c1f3d613588fba78460928 / . / redfish / account_service / test_ldap_configuration.robot
blob: f10678aec1069cf6a986ee028fcd9147ce4cb0b5 [file] [log] [blame]
Sivas SRR7d7bae32019-05-29 00:31:14 -0500[diff] [blame]1*** Settings ***
2Documentation Test Redfish LDAP user configuration.
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]3
Sivas SRRd21c9842019-06-21 05:41:18 -0500[diff] [blame]4Library ../../lib/gen_robot_valid.py
Sivas SRR7d7bae32019-05-29 00:31:14 -0500[diff] [blame]5Resource ../../lib/resource.robot
6Resource ../../lib/bmc_redfish_resource.robot
7Resource ../../lib/openbmc_ffdc.robot
nagarjunb2200108dc2022-07-12 21:50:45 +0530[diff] [blame]8Resource ../../lib/utils.robot
Sivas SRRf4ec6492019-06-16 01:59:30 -0500[diff] [blame]9Library ../../lib/gen_robot_valid.py
Prashanth Katti3dc8cc32020-03-04 11:11:01 -0600[diff] [blame]10Resource ../../lib/bmc_network_utils.robot
Anves Kumar rayankula04bc48c2021-07-08 23:33:37 -0500[diff] [blame]11Resource ../../lib/bmc_ldap_utils.robot
Sivas SRR7d7bae32019-05-29 00:31:14 -0500[diff] [blame]12
13Suite Setup Suite Setup Execution
nagarjunb2200108dc2022-07-12 21:50:45 +0530[diff] [blame]14Suite Teardown LDAP Suite Teardown Execution
15Test Teardown Run Keywords Redfish.Login AND FFDC On Test Case Fail
Sivas SRR9358b5c2019-06-06 04:57:03 -0500[diff] [blame]16Force Tags LDAP_Test
17
Sivas SRRf4ec6492019-06-16 01:59:30 -0500[diff] [blame]18*** Variables ***
Nagarjun B1b821612021-12-06 22:52:04 +0530[diff] [blame]19${old_ldap_privilege} Administrator
Sivas SRRd21c9842019-06-21 05:41:18 -0500[diff] [blame]20&{old_account_service} &{EMPTY}
Sivas SRR873de8e2019-09-26 00:37:53 -0500[diff] [blame]21&{old_ldap_config} &{EMPTY}
22${hostname} ${EMPTY}
Prashanth Katti3dc8cc32020-03-04 11:11:01 -0600[diff] [blame]23${test_ip} 10.6.6.6
24${test_mask} 255.255.255.0
Sivas SRRf4ec6492019-06-16 01:59:30 -0500[diff] [blame]25
Sivas SRR7d7bae32019-05-29 00:31:14 -0500[diff] [blame]26** Test Cases **
27
Sivas SRRb1b85752019-07-04 01:28:28 -0500[diff] [blame]28Verify LDAP Configuration Created
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]29 [Documentation] Verify that LDAP configuration created.
Sivas SRRb1b85752019-07-04 01:28:28 -0500[diff] [blame]30 [Tags] Verify_LDAP_Configuration_Created
31
32 Create LDAP Configuration
33 # Call 'Get LDAP Configuration' to verify that LDAP configuration exists.
34 Get LDAP Configuration ${LDAP_TYPE}
35 Sleep 10s
36 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
37 Redfish.Logout
Sivas SRRb1b85752019-07-04 01:28:28 -0500[diff] [blame]38
39
40Verify LDAP Service Disable
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]41 [Documentation] Verify that LDAP is disabled and that LDAP user cannot
42 ... login.
Sivas SRRb1b85752019-07-04 01:28:28 -0500[diff] [blame]43 [Tags] Verify_LDAP_Service_Disable
44
45 Redfish.Patch ${REDFISH_BASE_URI}AccountService
46 ... body={'${LDAP_TYPE}': {'ServiceEnabled': ${False}}}
47 Sleep 15s
48 ${resp}= Run Keyword And Return Status Redfish.Login ${LDAP_USER}
49 ... ${LDAP_USER_PASSWORD}
George Keishing333bb722019-12-11 11:40:49 -0600[diff] [blame]50 Should Be Equal ${resp} ${False}
51 ... msg=LDAP user was able to login even though the LDAP service was disabled.
Sivas SRRb1b85752019-07-04 01:28:28 -0500[diff] [blame]52 Redfish.Logout
53 Redfish.Login
54 # Enabling LDAP so that LDAP user works.
55 Redfish.Patch ${REDFISH_BASE_URI}AccountService
56 ... body={'${LDAP_TYPE}': {'ServiceEnabled': ${True}}}
57 Redfish.Logout
Sivas SRRb1b85752019-07-04 01:28:28 -0500[diff] [blame]58
59
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]60Verify LDAP Login With ServiceEnabled
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]61 [Documentation] Verify that LDAP Login with ServiceEnabled.
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]62 [Tags] Verify_LDAP_Login_With_ServiceEnabled
63
64 Disable Other LDAP
65 # Actual service enablement.
66 Redfish.Patch ${REDFISH_BASE_URI}AccountService
67 ... body={'${LDAP_TYPE}': {'ServiceEnabled': ${True}}}
68 Sleep 15s
69 # After update, LDAP login.
70 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
71 Redfish.Logout
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]72
73
74Verify LDAP Login With Correct AuthenticationType
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]75 [Documentation] Verify that LDAP Login with right AuthenticationType.
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]76 [Tags] Verify_LDAP_Login_With_Correct_AuthenticationType
77
78 Redfish.Patch ${REDFISH_BASE_URI}AccountService
79 ... body={'${ldap_type}': {'Authentication': {'AuthenticationType':'UsernameAndPassword'}}}
80 Sleep 15s
81 # After update, LDAP login.
82 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
83 Redfish.Logout
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]84
85
86Verify LDAP Config Update With Incorrect AuthenticationType
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]87 [Documentation] Verify that invalid AuthenticationType is not updated.
George Keishing5236ec52022-01-31 12:07:58 -0600[diff] [blame]88 [Tags] Verify_LDAP_Config_Update_With_Incorrect_AuthenticationType
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]89
George Keishing2d0804e2019-12-12 22:27:05 -0600[diff] [blame]90 ${body}= Catenate {'${ldap_type}': {'Authentication': {'AuthenticationType':'KerberosKeytab'}}}
Prashanth Katti7d38a092020-01-10 06:01:09 -0600[diff] [blame]91
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]92 Redfish.Patch ${REDFISH_BASE_URI}AccountService
Prashanth Katti7d38a092020-01-10 06:01:09 -0600[diff] [blame]93 ... body=${body} valid_status_codes=[400]
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]94
95
96Verify LDAP Login With Correct LDAP URL
97 [Documentation] Verify LDAP Login with right LDAP URL.
98 [Tags] Verify_LDAP_Login_With_Correct_LDAP_URL
99
100 Config LDAP URL ${LDAP_SERVER_URI}
101
102
103Verify LDAP Config Update With Incorrect LDAP URL
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]104 [Documentation] Verify that LDAP Login fails with invalid LDAP URL.
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]105 [Tags] Verify_LDAP_Config_Update_With_Incorrect_LDAP_URL
106 [Teardown] Run Keywords Restore LDAP URL AND
107 ... FFDC On Test Case Fail
108
Prashanth Katti7d38a092020-01-10 06:01:09 -0600[diff] [blame]109 Config LDAP URL ldap://1.2.3.4/ ${FALSE}
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]110
Sivas SRR7d7bae32019-05-29 00:31:14 -0500[diff] [blame]111Verify LDAP Configuration Exist
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]112 [Documentation] Verify that LDAP configuration is available.
Sivas SRR7d7bae32019-05-29 00:31:14 -0500[diff] [blame]113 [Tags] Verify_LDAP_Configuration_Exist
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]114
Sivas SRR7d7bae32019-05-29 00:31:14 -0500[diff] [blame]115 ${resp}= Redfish.Get Attribute ${REDFISH_BASE_URI}AccountService
116 ... ${LDAP_TYPE} default=${EMPTY}
117 Should Not Be Empty ${resp} msg=LDAP configuration is not defined.
118
119
120Verify LDAP User Login
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]121 [Documentation] Verify that LDAP user able to login into BMC.
Sivas SRR7d7bae32019-05-29 00:31:14 -0500[diff] [blame]122 [Tags] Verify_LDAP_User_Login
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]123
124 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
Sivas SRR939b4b12019-06-26 00:01:59 -0500[diff] [blame]125 Redfish.Logout
Sivas SRR7d7bae32019-05-29 00:31:14 -0500[diff] [blame]126
127
128Verify LDAP Service Available
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]129 [Documentation] Verify that LDAP service is available.
Sivas SRR7d7bae32019-05-29 00:31:14 -0500[diff] [blame]130 [Tags] Verify_LDAP_Service_Available
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]131
Sivas SRR7d7bae32019-05-29 00:31:14 -0500[diff] [blame]132 @{ldap_configuration}= Get LDAP Configuration ${LDAP_TYPE}
133 Should Contain ${ldap_configuration} LDAPService
134 ... msg=LDAPService is not available.
135
136
Sivas SRR108f9d32019-06-03 10:05:34 -0500[diff] [blame]137Verify LDAP Login Works After BMC Reboot
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]138 [Documentation] Verify that LDAP login works after BMC reboot.
Sivas SRR108f9d32019-06-03 10:05:34 -0500[diff] [blame]139 [Tags] Verify_LDAP_Login_Works_After_BMC_Reboot
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]140
Sivas SRR108f9d32019-06-03 10:05:34 -0500[diff] [blame]141 Redfish OBMC Reboot (off)
142 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
143 Redfish.Logout
144
145
146Verify LDAP User With Admin Privilege Able To Do BMC Reboot
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]147 [Documentation] Verify that LDAP user with administrator privilege able to do BMC reboot.
Sivas SRR108f9d32019-06-03 10:05:34 -0500[diff] [blame]148 [Tags] Verify_LDAP_User_With_Admin_Privilege_Able_To_Do_BMC_Reboot
149
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]150
Sivas SRR108f9d32019-06-03 10:05:34 -0500[diff] [blame]151 Update LDAP Configuration with LDAP User Role And Group ${LDAP_TYPE}
152 ... ${GROUP_PRIVILEGE} ${GROUP_NAME}
153 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
154 # With LDAP user and with right privilege trying to do BMC reboot.
155 Redfish OBMC Reboot (off)
156 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
157 Redfish.Logout
158
159
Sivas SRR2b83ec02019-07-12 11:30:20 -0500[diff] [blame]160Verify LDAP User With Operator Privilege Able To Do Host Poweroff
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]161 [Documentation] Verify that LDAP user with operator privilege can do host
162 ... power off.
Sivas SRR2b83ec02019-07-12 11:30:20 -0500[diff] [blame]163 [Tags] Verify_LDAP_User_With_Operator_Privilege_Able_To_Do_Host_Poweroff
Sivas SRRf4ec6492019-06-16 01:59:30 -0500[diff] [blame]164 [Teardown] Restore LDAP Privilege
165
Sivas SRRf4ec6492019-06-16 01:59:30 -0500[diff] [blame]166 Update LDAP Configuration with LDAP User Role And Group ${LDAP_TYPE}
167 ... Operator ${GROUP_NAME}
Sivas SRRf4ec6492019-06-16 01:59:30 -0500[diff] [blame]168
Sivas SRRf4ec6492019-06-16 01:59:30 -0500[diff] [blame]169 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
Sivas SRR2b83ec02019-07-12 11:30:20 -0500[diff] [blame]170 # Verify that the LDAP user with operator privilege is able to power the system off.
171 Redfish.Post ${REDFISH_POWER_URI}
Sivas SRR3d82b3c2019-07-12 12:20:04 -0500[diff] [blame]172 ... body={'ResetType': 'ForceOff'} valid_status_codes=[200]
Sivas SRRf4ec6492019-06-16 01:59:30 -0500[diff] [blame]173 Redfish.Logout
Sivas SRR939b4b12019-06-26 00:01:59 -0500[diff] [blame]174 Redfish.Login
Sivas SRRf4ec6492019-06-16 01:59:30 -0500[diff] [blame]175
176
Prashanth Katti12e20402022-01-12 05:19:23 -0600[diff] [blame]177Verify AccountLockout Attributes Set To Zero By LDAP User
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]178 [Documentation] Verify that attribute AccountLockoutDuration and
Prashanth Katti12e20402022-01-12 05:19:23 -0600[diff] [blame]179 ... AccountLockoutThreshold are set to 0 by LDAP user.
Sivas SRRd21c9842019-06-21 05:41:18 -0500[diff] [blame]180 [Teardown] Run Keywords Restore AccountLockout Attributes AND
181 ... FFDC On Test Case Fail
Prashanth Katti12e20402022-01-12 05:19:23 -0600[diff] [blame]182 [Tags] Verify_AccountLockout_Attributes_Set_To_Zero_By_LDAP_User
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]183
Sivas SRRd21c9842019-06-21 05:41:18 -0500[diff] [blame]184 ${old_account_service}= Redfish.Get Properties
185 ... ${REDFISH_BASE_URI}AccountService
Michael Walsh39c00512019-07-17 10:54:06 -0500[diff] [blame]186 Rprint Vars old_account_service
Prashanth Katti12e20402022-01-12 05:19:23 -0600[diff] [blame]187
188 # Create LDAP user and create session using LDAP user.
189 Update LDAP Configuration with LDAP User Role And Group ${LDAP_TYPE}
190 ... Administrator ${GROUP_NAME}
191
192 # Clear existing Redfish sessions.
193 Redfish.Logout
194
195 # Login using LDAP user.
196 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
197
198 # Set Account Lockout attributes using LDAP user.
Sivas SRRd21c9842019-06-21 05:41:18 -0500[diff] [blame]199 Redfish.Patch ${REDFISH_BASE_URI}AccountService
200 ... body=[('AccountLockoutDuration', 0)]
201 Redfish.Patch ${REDFISH_BASE_URI}AccountService
202 ... body=[('AccountLockoutThreshold', 0)]
203
204
Sivas SRR939b4b12019-06-26 00:01:59 -0500[diff] [blame]205Verify LDAP User With Read Privilege Able To Check Inventory
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]206 [Documentation] Verify that LDAP user with read privilege able to
Sivas SRR939b4b12019-06-26 00:01:59 -0500[diff] [blame]207 ... read firmware inventory.
208 [Tags] Verify_LDAP_User_With_Read_Privilege_Able_To_Check_Inventory
209 [Teardown] Run Keywords FFDC On Test Case Fail AND Restore LDAP Privilege
210 [Template] Set Read Privilege And Check Firmware Inventory
211
Prashanth Kattiedce4a92020-01-16 07:28:39 -0600[diff] [blame]212 ReadOnly
Sivas SRR939b4b12019-06-26 00:01:59 -0500[diff] [blame]213
214
215Verify LDAP User With Read Privilege Should Not Do Host Poweron
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]216 [Documentation] Verify that LDAP user with read privilege should not be
Sivas SRR939b4b12019-06-26 00:01:59 -0500[diff] [blame]217 ... allowed to power on the host.
218 [Tags] Verify_LDAP_User_With_Read_Privilege_Should_Not_Do_Host_Poweron
219 [Teardown] Run Keywords FFDC On Test Case Fail AND Restore LDAP Privilege
220 [Template] Set Read Privilege And Check Poweron
221
Prashanth Kattiedce4a92020-01-16 07:28:39 -0600[diff] [blame]222 ReadOnly
Sivas SRR939b4b12019-06-26 00:01:59 -0500[diff] [blame]223
224
Sivas SRRe9a47862019-08-05 07:13:43 -0500[diff] [blame]225Update LDAP Group Name And Verify Operations
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]226 [Documentation] Verify that LDAP group name update and able to do right
227 ... operations.
Sivas SRRe9a47862019-08-05 07:13:43 -0500[diff] [blame]228 [Tags] Update_LDAP_Group_Name_And_Verify_Operations
229 [Template] Update LDAP Config And Verify Set Host Name
230 [Teardown] Restore LDAP Privilege
231
232 # group_name group_privilege valid_status_codes
Anves Kumar rayankula9954c4c2020-07-31 05:49:16 -0500[diff] [blame]233 ${GROUP_NAME} Administrator [${HTTP_OK}, ${HTTP_NO_CONTENT}]
Prashanth Kattic5d07062021-07-07 03:05:37 -0500[diff] [blame]234 ${GROUP_NAME} Operator [${HTTP_OK}, ${HTTP_NO_CONTENT}]
Prashanth Kattiedce4a92020-01-16 07:28:39 -0600[diff] [blame]235 ${GROUP_NAME} ReadOnly [${HTTP_UNAUTHORIZED}, ${HTTP_FORBIDDEN}]
236 ${GROUP_NAME} NoAccess [${HTTP_UNAUTHORIZED}, ${HTTP_FORBIDDEN}]
Sivas SRRe9a47862019-08-05 07:13:43 -0500[diff] [blame]237 Invalid_LDAP_Group_Name Administrator [${HTTP_UNAUTHORIZED}, ${HTTP_FORBIDDEN}]
238 Invalid_LDAP_Group_Name Operator [${HTTP_UNAUTHORIZED}, ${HTTP_FORBIDDEN}]
Prashanth Kattiedce4a92020-01-16 07:28:39 -0600[diff] [blame]239 Invalid_LDAP_Group_Name ReadOnly [${HTTP_UNAUTHORIZED}, ${HTTP_FORBIDDEN}]
240 Invalid_LDAP_Group_Name NoAccess [${HTTP_UNAUTHORIZED}, ${HTTP_FORBIDDEN}]
Sivas SRRe9a47862019-08-05 07:13:43 -0500[diff] [blame]241
242
Sivas SRRa031d2d2019-08-16 07:49:52 -0500[diff] [blame]243Verify LDAP BaseDN Update And LDAP Login
244 [Documentation] Update LDAP BaseDN of LDAP configuration and verify
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]245 ... that LDAP login works.
Sivas SRRa031d2d2019-08-16 07:49:52 -0500[diff] [blame]246 [Tags] Verify_LDAP_BaseDN_Update_And_LDAP_Login
247
248
249 ${body}= Catenate {'${LDAP_TYPE}': { 'LDAPService': {'SearchSettings':
250 ... {'BaseDistinguishedNames': ['${LDAP_BASE_DN}']}}}}
251 Redfish.Patch ${REDFISH_BASE_URI}AccountService body=${body}
252 Sleep 15s
253 Redfish Verify LDAP Login
254
255
256Verify LDAP BindDN Update And LDAP Login
257 [Documentation] Update LDAP BindDN of LDAP configuration and verify
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]258 ... that LDAP login works.
Sivas SRRa031d2d2019-08-16 07:49:52 -0500[diff] [blame]259 [Tags] Verify_LDAP_BindDN_Update_And_LDAP_Login
260
261 ${body}= Catenate {'${LDAP_TYPE}': { 'Authentication':
262 ... {'AuthenticationType':'UsernameAndPassword', 'Username':
263 ... '${LDAP_BIND_DN}'}}}
264 Redfish.Patch ${REDFISH_BASE_URI}AccountService body=${body}
265 Sleep 15s
266 Redfish Verify LDAP Login
267
268
269Verify LDAP BindDN Password Update And LDAP Login
270 [Documentation] Update LDAP BindDN password of LDAP configuration and
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]271 ... verify that LDAP login works.
George Keishing0c8100f2022-01-13 00:24:57 -0600[diff] [blame]272 [Tags] Verify_LDAP_BindDN_Password_Update_And_LDAP_Login
Sivas SRRa031d2d2019-08-16 07:49:52 -0500[diff] [blame]273
274
275 ${body}= Catenate {'${LDAP_TYPE}': { 'Authentication':
276 ... {'AuthenticationType':'UsernameAndPassword', 'Password':
277 ... '${LDAP_BIND_DN_PASSWORD}'}}}
278 Redfish.Patch ${REDFISH_BASE_URI}AccountService body=${body}
279 Sleep 15s
280 Redfish Verify LDAP Login
281
282
283Verify LDAP Type Update And LDAP Login
284 [Documentation] Update LDAP type of LDAP configuration and verify
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]285 ... that LDAP login works.
Sivas SRRa031d2d2019-08-16 07:49:52 -0500[diff] [blame]286 [Tags] Verify_LDAP_Type_Update_And_LDAP_Login
287
288 Disable Other LDAP
289 Redfish.Patch ${REDFISH_BASE_URI}AccountService
290 ... body={'${LDAP_TYPE}': {'ServiceEnabled': ${True}}}
291 Sleep 15s
292 Redfish Verify LDAP Login
293
294
George Keishing5236ec52022-01-31 12:07:58 -0600[diff] [blame]295Verify LDAP Authorization With Null Privilege
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]296 [Documentation] Verify the failure of LDAP authorization with empty
297 ... privilege.
298 [Tags] Verify_LDAP_Authorization_With_Null_Privilege
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]299 [Teardown] Restore LDAP Privilege
300
301 Update LDAP Config And Verify Set Host Name ${GROUP_NAME} ${EMPTY}
302 ... [${HTTP_FORBIDDEN}]
303
304
George Keishing5236ec52022-01-31 12:07:58 -0600[diff] [blame]305Verify LDAP Authorization With Invalid Privilege
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]306 [Documentation] Verify that LDAP user authorization with wrong privilege
307 ... fails.
308 [Tags] Verify_LDAP_Authorization_With_Invalid_Privilege
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]309 [Teardown] Restore LDAP Privilege
310
311 Update LDAP Config And Verify Set Host Name ${GROUP_NAME}
312 ... Invalid_Privilege [${HTTP_FORBIDDEN}]
313
314
315Verify LDAP Login With Invalid Data
316 [Documentation] Verify that LDAP login with Invalid LDAP data and
317 ... right LDAP user fails.
318 [Tags] Verify_LDAP_Login_With_Invalid_Data
319 [Teardown] Run Keywords FFDC On Test Case Fail AND
nagarjunb2200108dc2022-07-12 21:50:45 +0530[diff] [blame]320 ... Redfish.Login AND
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]321 ... Create LDAP Configuration
322
323 Create LDAP Configuration ${LDAP_TYPE} Invalid_LDAP_Server_URI
324 ... Invalid_LDAP_BIND_DN LDAP_BIND_DN_PASSWORD
325 ... Invalid_LDAP_BASE_DN
326 Sleep 15s
327 Redfish Verify LDAP Login ${False}
328
329
330Verify LDAP Config Creation Without BASE_DN
331 [Documentation] Verify that LDAP login with LDAP configuration
332 ... created without BASE_DN fails.
333 [Tags] Verify_LDAP_Config_Creation_Without_BASE_DN
334 [Teardown] Run Keywords FFDC On Test Case Fail AND
nagarjunb2200108dc2022-07-12 21:50:45 +0530[diff] [blame]335 ... Redfish.Login AND
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]336 ... Create LDAP Configuration
337
338 Create LDAP Configuration ${LDAP_TYPE} Invalid_LDAP_Server_URI
339 ... Invalid_LDAP_BIND_DN LDAP_BIND_DN_PASSWORD ${EMPTY}
340 Sleep 15s
341 Redfish Verify LDAP Login ${False}
342
343
344Verify LDAP Authentication Without Password
345 [Documentation] Verify that LDAP user authentication without LDAP
346 ... user password fails.
347 [Tags] Verify_LDAP_Authentication_Without_Password
Anves Kumar rayankula5bf342e2020-06-25 08:35:34 -0500[diff] [blame]348 [Teardown] Run Keywords Redfish.Logout AND Redfish.Login
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]349
350 ${status}= Run Keyword And Return Status Redfish.Login ${LDAP_USER}
351 Valid Value status [${False}]
352
353
Sivas SRRcde694c2019-09-09 12:20:34 -0500[diff] [blame]354Verify LDAP Login With Invalid BASE_DN
355 [Documentation] Verify that LDAP login with invalid BASE_DN and
356 ... valid LDAP user fails.
357 [Tags] Verify_LDAP_Login_With_Invalid_BASE_DN
358 [Teardown] Run Keywords FFDC On Test Case Fail AND
nagarjunb2200108dc2022-07-12 21:50:45 +0530[diff] [blame]359 ... Redfish.Login AND
Sivas SRRcde694c2019-09-09 12:20:34 -0500[diff] [blame]360 ... Create LDAP Configuration
361
362 Create LDAP Configuration ${LDAP_TYPE} ${LDAP_SERVER_URI}
363 ... ${LDAP_BIND_DN} ${LDAP_BIND_DN_PASSWORD} Invalid_LDAP_BASE_DN
364 Sleep 15s
365 Redfish Verify LDAP Login ${False}
366
367
368Verify LDAP Login With Invalid BIND_DN_PASSWORD
369 [Documentation] Verify that LDAP login with invalid BIND_DN_PASSWORD and
370 ... valid LDAP user fails.
371 [Tags] Verify_LDAP_Login_With_Invalid_BIND_DN_PASSWORD
372 [Teardown] Run Keywords FFDC On Test Case Fail AND
nagarjunb2200108dc2022-07-12 21:50:45 +0530[diff] [blame]373 ... Redfish.Login AND
Sivas SRRcde694c2019-09-09 12:20:34 -0500[diff] [blame]374 ... Create LDAP Configuration
375
376 Create LDAP Configuration ${LDAP_TYPE} ${LDAP_SERVER_URI}
377 ... ${LDAP_BIND_DN} INVALID_LDAP_BIND_DN_PASSWORD ${LDAP_BASE_DN}
378 Sleep 15s
379 Redfish Verify LDAP Login ${False}
380
381
382Verify LDAP Login With Invalid BASE_DN And Invalid BIND_DN
383 [Documentation] Verify that LDAP login with invalid BASE_DN and invalid
384 ... BIND_DN and valid LDAP user fails.
385 [Tags] Verify_LDAP_Login_With_Invalid_BASE_DN_And_Invalid_BIND_DN
386 [Teardown] Run Keywords FFDC On Test Case Fail AND
nagarjunb2200108dc2022-07-12 21:50:45 +0530[diff] [blame]387 ... Redfish.Login AND
Sivas SRRcde694c2019-09-09 12:20:34 -0500[diff] [blame]388 ... Create LDAP Configuration
389
390 Create LDAP Configuration ${LDAP_TYPE} ${LDAP_SERVER_URI}
391 ... INVALID_LDAP_BIND_DN ${LDAP_BIND_DN_PASSWORD} INVALID_LDAP_BASE_DN
392 Sleep 15s
393 Redfish Verify LDAP Login ${False}
394
395
396Verify Group Name And Group Privilege Able To Modify
397 [Documentation] Verify that LDAP group name and group privilege able to
398 ... modify.
399 [Tags] Verify_Group_Name_And_Group_Privilege_Able_To_Modify
Sivas SRR873de8e2019-09-26 00:37:53 -0500[diff] [blame]400 [Setup] Update LDAP Configuration with LDAP User Role And Group
Sivas SRRcde694c2019-09-09 12:20:34 -0500[diff] [blame]401 ... ${LDAP_TYPE} Operator ${GROUP_NAME}
402
403 Update LDAP Configuration with LDAP User Role And Group ${LDAP_TYPE}
404 ... Administrator ${GROUP_NAME}
405
406
407Verify LDAP Login With Invalid BIND_DN
408 [Documentation] Verify that LDAP login with invalid BIND_DN and
409 ... valid LDAP user fails.
410 [Tags] Verify_LDAP_Login_With_Invalid_BIND_DN
411 [Teardown] Run Keywords FFDC On Test Case Fail AND
nagarjunb2200108dc2022-07-12 21:50:45 +0530[diff] [blame]412 ... Redfish.Login AND
Sivas SRRcde694c2019-09-09 12:20:34 -0500[diff] [blame]413 ... Create LDAP Configuration
414
415 Create LDAP Configuration ${LDAP_TYPE} ${LDAP_SERVER_URI}
416 ... Invalid_LDAP_BIND_DN ${LDAP_BIND_DN_PASSWORD} ${LDAP_BASE_DN}
417 Sleep 15s
418 Redfish Verify LDAP Login ${False}
419
420
421Verify LDAP Authentication With Invalid LDAP User
422 [Documentation] Verify that LDAP user authentication for user not exist
423 ... in LDAP server and fails.
424 [Tags] Verify_LDAP_Authentication_With_Invalid_LDAP_User
Anves Kumar rayankula9954c4c2020-07-31 05:49:16 -0500[diff] [blame]425 [Teardown] Run Keywords Redfish.Logout AND Redfish.Login
Sivas SRRcde694c2019-09-09 12:20:34 -0500[diff] [blame]426
427 ${status}= Run Keyword And Return Status Redfish.Login INVALID_LDAP_USER
428 ... ${LDAP_USER_PASSWORD}
429 Valid Value status [${False}]
430
431
Prashanth Kattife798812020-01-31 07:04:26 -0600[diff] [blame]432Update LDAP User Roles And Verify Host Poweroff Operation
433 [Documentation] Update LDAP user roles and verify host poweroff operation.
434 [Tags] Update_LDAP_User_Roles_And_Verify_Host_Poweroff_Operation
435 [Teardown] Restore LDAP Privilege
436
437 [Template] Update LDAP User Role And Host Poweroff
438 # ldap_type group_privilege group_name valid_status_codes
439
440 # Verify LDAP user with NoAccess privilege not able to do host poweroff.
441 ${LDAP_TYPE} NoAccess ${GROUP_NAME} ${HTTP_FORBIDDEN}
442
443 # Verify LDAP user with ReadOnly privilege not able to do host poweroff.
444 ${LDAP_TYPE} ReadOnly ${GROUP_NAME} ${HTTP_FORBIDDEN}
445
446 # Verify LDAP user with Operator privilege able to do host poweroff.
447 ${LDAP_TYPE} Operator ${GROUP_NAME} ${HTTP_OK}
448
449 # Verify LDAP user with Administrator privilege able to do host poweroff.
450 ${LDAP_TYPE} Administrator ${GROUP_NAME} ${HTTP_OK}
451
452
Prashanth Kattia4f79292020-02-20 03:34:01 -0600[diff] [blame]453Update LDAP User Roles And Verify Host Poweron Operation
454 [Documentation] Update LDAP user roles and verify host poweron operation.
455 [Tags] Update_LDAP_User_Roles_And_Verify_Host_Poweron_Operation
456 [Teardown] Restore LDAP Privilege
457
458 [Template] Update LDAP User Role And Host Poweron
459 # ldap_type group_privilege group_name valid_status_codes
460
461 # Verify LDAP user with NoAccess privilege not able to do host poweron.
462 ${LDAP_TYPE} NoAccess ${GROUP_NAME} ${HTTP_FORBIDDEN}
463
464 # Verify LDAP user with ReadOnly privilege not able to do host poweron.
465 ${LDAP_TYPE} ReadOnly ${GROUP_NAME} ${HTTP_FORBIDDEN}
466
467 # Verify LDAP user with Operator privilege able to do host poweron.
468 ${LDAP_TYPE} Operator ${GROUP_NAME} ${HTTP_OK}
469
470 # Verify LDAP user with Administrator privilege able to do host poweron.
471 ${LDAP_TYPE} Administrator ${GROUP_NAME} ${HTTP_OK}
472
473
Prashanth Katti3dc8cc32020-03-04 11:11:01 -0600[diff] [blame]474Configure IP Address Via Different User Roles And Verify
475 [Documentation] Configure IP address via different user roles and verify.
476 [Tags] Configure_IP_Address_Via_Different_User_Roles_And_Verify
477 [Teardown] Restore LDAP Privilege
478
479 [Template] Update LDAP User Role And Configure IP Address
480 # Verify LDAP user with Administrator privilege is able to configure IP address.
481 ${LDAP_TYPE} Administrator ${GROUP_NAME} ${HTTP_OK}
482
483 # Verify LDAP user with ReadOnly privilege is forbidden to configure IP address.
484 ${LDAP_TYPE} ReadOnly ${GROUP_NAME} ${HTTP_FORBIDDEN}
485
486 # Verify LDAP user with NoAccess privilege is forbidden to configure IP address.
Prashanth Katti67e06202020-05-20 06:16:51 -0500[diff] [blame]487 ${LDAP_TYPE} NoAccess ${GROUP_NAME} ${HTTP_FORBIDDEN}
Prashanth Katti3dc8cc32020-03-04 11:11:01 -0600[diff] [blame]488
489 # Verify LDAP user with Operator privilege is able to configure IP address.
Sweta Potthurif4c86a02022-02-02 10:11:22 -0600[diff] [blame]490 ${LDAP_TYPE} Operator ${GROUP_NAME} ${HTTP_FORBIDDEN}
Prashanth Katti3dc8cc32020-03-04 11:11:01 -0600[diff] [blame]491
492
Prashanth Kattif90c4742020-03-18 11:08:47 -0500[diff] [blame]493Delete IP Address Via Different User Roles And Verify
494 [Documentation] Delete IP address via different user roles and verify.
495 [Tags] Delete_IP_Address_Via_Different_User_Roles_And_Verify
496 [Teardown] Run Keywords Restore LDAP Privilege AND FFDC On Test Case Fail
497
498 [Template] Update LDAP User Role And Delete IP Address
499 # Verify LDAP user with Administrator privilege is able to delete IP address.
500 ${LDAP_TYPE} Administrator ${GROUP_NAME} ${HTTP_OK}
501
502 # Verify LDAP user with ReadOnly privilege is forbidden to delete IP address.
503 ${LDAP_TYPE} ReadOnly ${GROUP_NAME} ${HTTP_FORBIDDEN}
504
505 # Verify LDAP user with NoAccess privilege is forbidden to delete IP address.
Prashanth Katti67e06202020-05-20 06:16:51 -0500[diff] [blame]506 ${LDAP_TYPE} NoAccess ${GROUP_NAME} ${HTTP_FORBIDDEN}
Prashanth Kattif90c4742020-03-18 11:08:47 -0500[diff] [blame]507
508 # Verify LDAP user with Operator privilege is able to delete IP address.
Sweta Potthurif4c86a02022-02-02 10:11:22 -0600[diff] [blame]509 ${LDAP_TYPE} Operator ${GROUP_NAME} ${HTTP_FORBIDDEN}
Prashanth Kattif90c4742020-03-18 11:08:47 -0500[diff] [blame]510
511
Prashanth Katti67e06202020-05-20 06:16:51 -0500[diff] [blame]512Read Network Configuration Via Different User Roles And Verify
David Shaw8e6d4ee2020-06-12 10:03:59 -0500[diff] [blame]513 [Documentation] Read network configuration via different user roles and verify.
George Keishing5236ec52022-01-31 12:07:58 -0600[diff] [blame]514 [Tags] Read_Network_Configuration_Via_Different_User_Roles_And_Verify
Prashanth Katti67e06202020-05-20 06:16:51 -0500[diff] [blame]515 [Teardown] Restore LDAP Privilege
516
517 [Template] Update LDAP User Role And Read Network Configuration
518 ${LDAP_TYPE} Administrator ${GROUP_NAME} ${HTTP_OK}
519
520 ${LDAP_TYPE} ReadOnly ${GROUP_NAME} ${HTTP_OK}
521
522 ${LDAP_TYPE} NoAccess ${GROUP_NAME} ${HTTP_FORBIDDEN}
523
524 ${LDAP_TYPE} Operator ${GROUP_NAME} ${HTTP_OK}
525
Sweta Potthuriaa8cda92022-10-19 04:45:08 -0500[diff] [blame^]526Switch LDAP Type And Verify Login Fails
527 [Documentation] Switch LDAP type and verify login fails.
528 [Tags] Switch_LDAP_Type_And_Verify_Login_Fails
529
530 # Check Login with LDAP Type is working
531 Create LDAP Configuration
532 Redfish Verify LDAP Login
533
534 # Disable the LDAP Type from OpenLDAP to ActiveDirectory or vice-versa
535 Redfish.Patch ${REDFISH_BASE_URI}AccountService
536 ... body={'${LDAP_TYPE}': {'ServiceEnabled': ${False}}}
537
538 # Enable the inverse LDAP type
539 Disable Other LDAP ${True}
540 Create LDAP Configuration ${LDAP_TYPE_1} ${LDAP_SERVER_URI_1} ${LDAP_BIND_DN_1} ${LDAP_BIND_DN_PASSWORD_1} ${LDAP_BASE_DN_1}
541 Redfish.Logout
542 Sleep 10s
543
544 # Check if Login works via Inverse LDAP
545 Redfish.Login ${LDAP_USER_1} ${LDAP_USER_PASSWORD_1}
546 Redfish.Logout
547 Sleep 10s
548
549 # Login using LDAP type must fail
550 Redfish Verify LDAP Login ${False}
551 Redfish.Logout
Prashanth Katti67e06202020-05-20 06:16:51 -0500[diff] [blame]552
Sivas SRR7d7bae32019-05-29 00:31:14 -0500[diff] [blame]553*** Keywords ***
Sivas SRRd21c9842019-06-21 05:41:18 -0500[diff] [blame]554
Sivas SRRa031d2d2019-08-16 07:49:52 -0500[diff] [blame]555Redfish Verify LDAP Login
556 [Documentation] LDAP user log into BMC.
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]557 [Arguments] ${valid_status}=${True}
558
559 # Description of argument(s):
560 # valid_status Expected status of LDAP login ("True" or "False").
Sivas SRRa031d2d2019-08-16 07:49:52 -0500[diff] [blame]561
562 # According to our repo coding rules, Redfish.Login is to be done in Suite
563 # Setup and Redfish.Logout is to be done in Suite Teardown. For any
564 # deviation from this rule (such as in this keyword), the deviant code
565 # must take steps to restore us to our original logged-in state.
566
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]567 ${status}= Run Keyword And Return Status Redfish.Login ${LDAP_USER}
568 ... ${LDAP_USER_PASSWORD}
569 Valid Value status [${valid_status}]
Sivas SRRa031d2d2019-08-16 07:49:52 -0500[diff] [blame]570 Redfish.Logout
571 Redfish.Login
572
573
Sivas SRRe9a47862019-08-05 07:13:43 -0500[diff] [blame]574Update LDAP Config And Verify Set Host Name
575 [Documentation] Update LDAP config and verify by attempting to set host name.
576 [Arguments] ${group_name} ${group_privilege}=Administrator
577 ... ${valid_status_codes}=[${HTTP_OK}]
Nagarjun B1b821612021-12-06 22:52:04 +0530[diff] [blame]578 [Teardown] Run Keyword If '${group_privilege}'=='NoAccess' Redfish.Login
579 ... ELSE Run Keywords Redfish.Logout AND Redfish.Login
George Keishing538f1742022-03-14 05:00:55 -0500[diff] [blame]580
Sivas SRRe9a47862019-08-05 07:13:43 -0500[diff] [blame]581 # Description of argument(s):
582 # group_name The group name of user.
583 # group_privilege The group privilege ("Administrator",
584 # "Operator", "User" or "Callback").
585 # valid_status_codes Expected return code(s) from patch
586 # operation (e.g. "200") used to update
587 # HostName. See prolog of rest_request
nagarjunb2200108dc2022-07-12 21:50:45 +0530[diff] [blame]588 # method in redfish_plus.py for details.
Sivas SRRe9a47862019-08-05 07:13:43 -0500[diff] [blame]589 Update LDAP Configuration with LDAP User Role And Group ${LDAP_TYPE}
590 ... ${group_privilege} ${group_name}
Nagarjun B1b821612021-12-06 22:52:04 +0530[diff] [blame]591
592 Run Keyword If '${group_privilege}'=='NoAccess'
593 ... Run Keyword And Return Verify Redfish Login for LDAP Userrole NoAccess
594
Sivas SRRe9a47862019-08-05 07:13:43 -0500[diff] [blame]595 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
596 # Verify that the LDAP user in ${group_name} with the given privilege is
597 # allowed to change the hostname.
Anves Kumar rayankulaf8533632021-05-31 02:52:19 -0500[diff] [blame]598 Redfish.Patch ${REDFISH_NW_ETH0_URI} body={'HostName': '${hostname}'}
Sivas SRRe9a47862019-08-05 07:13:43 -0500[diff] [blame]599 ... valid_status_codes=${valid_status_codes}
Sivas SRRe9a47862019-08-05 07:13:43 -0500[diff] [blame]600
Nagarjun B1b821612021-12-06 22:52:04 +0530[diff] [blame]601Verify Redfish Login for LDAP Userrole NoAccess
602 [Documentation] Verify Redfish login should not be able to login for LDAP Userrole NoAccess.
603
604 ${status}= Run Keyword And Return Status Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
605 Valid Value status [${False}]
Sivas SRRe9a47862019-08-05 07:13:43 -0500[diff] [blame]606
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]607Disable Other LDAP
608 [Documentation] Disable other LDAP configuration.
Sweta Potthuriaa8cda92022-10-19 04:45:08 -0500[diff] [blame^]609 [Arguments] ${service_state}=${False}
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]610
611 # First disable other LDAP.
612 ${inverse_ldap_type}= Set Variable If '${LDAP_TYPE}' == 'LDAP' ActiveDirectory LDAP
613 Redfish.Patch ${REDFISH_BASE_URI}AccountService
Sweta Potthuriaa8cda92022-10-19 04:45:08 -0500[diff] [blame^]614 ... body={'${inverse_ldap_type}': {'ServiceEnabled': ${service_state}}}
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]615 Sleep 15s
616
617
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]618Config LDAP URL
619 [Documentation] Config LDAP URL.
Prashanth Katti7d38a092020-01-10 06:01:09 -0600[diff] [blame]620 [Arguments] ${ldap_server_uri}=${LDAP_SERVER_URI} ${expected_status}=${TRUE}
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]621
622 # Description of argument(s):
623 # ldap_server_uri LDAP server uri (e.g. "ldap://XX.XX.XX.XX/").
624
Sivas SRRb1b85752019-07-04 01:28:28 -0500[diff] [blame]625 Redfish.Patch ${REDFISH_BASE_URI}AccountService
626 ... body={'${ldap_type}': {'ServiceAddresses': ['${ldap_server_uri}']}}
627 Sleep 15s
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]628 # After update, LDAP login.
Prashanth Katti7d38a092020-01-10 06:01:09 -0600[diff] [blame]629 ${status}= Run Keyword And Return Status Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
630 Valid Value status [${expected_status}]
631
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]632 Redfish.Logout
633 Redfish.Login
634
635
636Restore LDAP URL
637 [Documentation] Restore LDAP URL.
638
639 # Restoring the working LDAP server uri.
Sivas SRRb1b85752019-07-04 01:28:28 -0500[diff] [blame]640 Redfish.Patch ${REDFISH_BASE_URI}AccountService
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]641 ... body={'${ldap_type}': {'ServiceAddresses': ['${LDAP_SERVER_URI}']}}
Sivas SRRb1b85752019-07-04 01:28:28 -0500[diff] [blame]642 Sleep 15s
643
644
Sivas SRRd21c9842019-06-21 05:41:18 -0500[diff] [blame]645Restore AccountLockout Attributes
646 [Documentation] Restore AccountLockout Attributes.
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]647
Sivas SRRd21c9842019-06-21 05:41:18 -0500[diff] [blame]648 Return From Keyword If &{old_account_service} == &{EMPTY}
649 Redfish.Patch ${REDFISH_BASE_URI}AccountService
650 ... body=[('AccountLockoutDuration', ${old_account_service['AccountLockoutDuration']})]
651 Redfish.Patch ${REDFISH_BASE_URI}AccountService
652 ... body=[('AccountLockoutDuration', ${old_account_service['AccountLockoutThreshold']})]
653
654
Sivas SRR7d7bae32019-05-29 00:31:14 -0500[diff] [blame]655Suite Setup Execution
656 [Documentation] Do suite setup tasks.
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]657
Michael Walshe7edb222019-08-19 17:39:38 -0500[diff] [blame]658 Valid Value LDAP_TYPE valid_values=["ActiveDirectory", "LDAP"]
659 Valid Value LDAP_USER
660 Valid Value LDAP_USER_PASSWORD
661 Valid Value GROUP_PRIVILEGE
662 Valid Value GROUP_NAME
663 Valid Value LDAP_SERVER_URI
664 Valid Value LDAP_BIND_DN_PASSWORD
665 Valid Value LDAP_BIND_DN
666 Valid Value LDAP_BASE_DN
Sivas SRRe9a47862019-08-05 07:13:43 -0500[diff] [blame]667
Sivas SRRf4ec6492019-06-16 01:59:30 -0500[diff] [blame]668 Redfish.Login
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]669 # Call 'Get LDAP Configuration' to verify that LDAP configuration exists.
670 Get LDAP Configuration ${LDAP_TYPE}
Prashanth Kattife798812020-01-31 07:04:26 -0600[diff] [blame]671 Set Suite Variable ${old_ldap_privilege}
Sivas SRRcde694c2019-09-09 12:20:34 -0500[diff] [blame]672 Disable Other LDAP
Sivas SRR873de8e2019-09-26 00:37:53 -0500[diff] [blame]673 Create LDAP Configuration
674 ${hostname}= Redfish.Get Attribute ${REDFISH_NW_PROTOCOL_URI} HostName
Sivas SRR7d7bae32019-05-29 00:31:14 -0500[diff] [blame]675
676
nagarjunb2200108dc2022-07-12 21:50:45 +0530[diff] [blame]677LDAP Suite Teardown Execution
678 [Documentation] Restore ldap configuration, delete unused redfish session.
679
680 Restore LDAP Privilege
681 Redfish.Logout
682 Run Keyword And Ignore Error Delete All Redfish Sessions
683
684
Sivas SRR939b4b12019-06-26 00:01:59 -0500[diff] [blame]685Set Read Privilege And Check Firmware Inventory
686 [Documentation] Set read privilege and check firmware inventory.
687 [Arguments] ${read_privilege}
688
689 # Description of argument(s):
690 # read_privilege The read privilege role (e.g. "User" / "Callback").
691
692 Update LDAP Configuration with LDAP User Role And Group ${LDAP_TYPE}
693 ... ${read_privilege} ${GROUP_NAME}
694
695 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
696 # Verify that the LDAP user with read privilege is able to read inventory.
697 ${resp}= Redfish.Get /redfish/v1/UpdateService/FirmwareInventory
698 Should Be True ${resp.dict["Members@odata.count"]} >= ${1}
699 Length Should Be ${resp.dict["Members"]} ${resp.dict["Members@odata.count"]}
Sivas SRRd21c9842019-06-21 05:41:18 -0500[diff] [blame]700 Redfish.Logout
Sivas SRR939b4b12019-06-26 00:01:59 -0500[diff] [blame]701 Redfish.Login
702
703
704Set Read Privilege And Check Poweron
705 [Documentation] Set read privilege and power on should not be possible.
706 [Arguments] ${read_privilege}
707
708 # Description of argument(s):
709 # read_privilege The read privilege role (e.g. "User" / "Callback").
710
711 Update LDAP Configuration with LDAP User Role And Group ${LDAP_TYPE}
712 ... ${read_privilege} ${GROUP_NAME}
713 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
714 Redfish.Post ${REDFISH_POWER_URI}
715 ... body={'ResetType': 'On'} valid_status_codes=[401, 403]
716 Redfish.Logout
717 Redfish.Login
Sivas SRRd21c9842019-06-21 05:41:18 -0500[diff] [blame]718
719
Sivas SRR7d7bae32019-05-29 00:31:14 -0500[diff] [blame]720Get LDAP Configuration
721 [Documentation] Retrieve LDAP Configuration.
722 [Arguments] ${ldap_type}
723
724 # Description of argument(s):
725 # ldap_type The LDAP type ("ActiveDirectory" or "LDAP").
726
727 ${ldap_config}= Redfish.Get Properties ${REDFISH_BASE_URI}AccountService
728 [Return] ${ldap_config["${ldap_type}"]}
Sivas SRR108f9d32019-06-03 10:05:34 -0500[diff] [blame]729
730
731Update LDAP Configuration with LDAP User Role And Group
732 [Documentation] Update LDAP configuration update with LDAP user Role and group.
733 [Arguments] ${ldap_type} ${group_privilege} ${group_name}
734
735 # Description of argument(s):
736 # ldap_type The LDAP type ("ActiveDirectory" or "LDAP").
737 # group_privilege The group privilege ("Administrator", "Operator", "User" or "Callback").
738 # group_name The group name of user.
739
740 ${local_role_remote_group}= Create Dictionary LocalRole=${group_privilege} RemoteGroup=${group_name}
741 ${remote_role_mapping}= Create List ${local_role_remote_group}
742 ${ldap_data}= Create Dictionary RemoteRoleMapping=${remote_role_mapping}
743 ${payload}= Create Dictionary ${ldap_type}=${ldap_data}
744 Redfish.Patch ${REDFISH_BASE_URI}AccountService body=&{payload}
Sivas SRR939b4b12019-06-26 00:01:59 -0500[diff] [blame]745 # Provide adequate time for LDAP daemon to restart after the update.
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]746 Sleep 15s
Sivas SRR108f9d32019-06-03 10:05:34 -0500[diff] [blame]747
Sivas SRRf4ec6492019-06-16 01:59:30 -0500[diff] [blame]748
749Get LDAP Privilege
750 [Documentation] Get LDAP privilege and return it.
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]751
Sivas SRRf4ec6492019-06-16 01:59:30 -0500[diff] [blame]752 ${ldap_config}= Get LDAP Configuration ${LDAP_TYPE}
Sivas SRRe9a47862019-08-05 07:13:43 -0500[diff] [blame]753 ${num_list_entries}= Get Length ${ldap_config["RemoteRoleMapping"]}
754 Return From Keyword If ${num_list_entries} == ${0} @{EMPTY}
755
Sivas SRRf4ec6492019-06-16 01:59:30 -0500[diff] [blame]756 [Return] ${ldap_config["RemoteRoleMapping"][0]["LocalRole"]}
757
758
759Restore LDAP Privilege
760 [Documentation] Restore the LDAP privilege to its original value.
George Keishing538f1742022-03-14 05:00:55 -0500[diff] [blame]761
Nagarjun B1b821612021-12-06 22:52:04 +0530[diff] [blame]762 Redfish.Login
Anves Kumar rayankula5bf342e2020-06-25 08:35:34 -0500[diff] [blame]763 Return From Keyword If '${old_ldap_privilege}' == '${EMPTY}' or '${old_ldap_privilege}' == '[]'
Sivas SRR939b4b12019-06-26 00:01:59 -0500[diff] [blame]764 # Log back in to restore the original privilege.
Sivas SRRf4ec6492019-06-16 01:59:30 -0500[diff] [blame]765 Update LDAP Configuration with LDAP User Role And Group ${LDAP_TYPE}
766 ... ${old_ldap_privilege} ${GROUP_NAME}
Prashanth Kattife798812020-01-31 07:04:26 -0600[diff] [blame]767
768 Sleep 18s
769
Nagarjun B1b821612021-12-06 22:52:04 +0530[diff] [blame]770Verify Host Power Status
771 [Documentation] Verify the Host power status and do host power on/off respectively.
772 [Arguments] ${expected_power_status}
773
nagarjunb2200108dc2022-07-12 21:50:45 +0530[diff] [blame]774 # Description of argument(s):
775 # expected_power_status State of Host e.g. Off or On.
776
Nagarjun B1b821612021-12-06 22:52:04 +0530[diff] [blame]777 ${power_status}= Redfish.Get Attribute /redfish/v1/Chassis/${CHASSIS_ID} PowerState
778 Return From Keyword If '${power_status}' == '${expected_power_status}'
779
780 Run Keyword If '${power_status}' == 'Off' Redfish Power On
781 ... ELSE Redfish Power Off
Prashanth Kattife798812020-01-31 07:04:26 -0600[diff] [blame]782
783Update LDAP User Role And Host Poweroff
784 [Documentation] Update LDAP user role and do host poweroff.
785 [Arguments] ${ldap_type} ${group_privilege} ${group_name} ${valid_status_code}
Prashanth Kattia4f79292020-02-20 03:34:01 -0600[diff] [blame]786 [Teardown] Run Keywords Redfish.Logout AND Redfish.Login
Prashanth Kattife798812020-01-31 07:04:26 -0600[diff] [blame]787
788 # Description of argument(s):
789 # ldap_type The LDAP type ("ActiveDirectory" or "LDAP").
790 # group_privilege The group privilege ("Administrator", "Operator", "ReadOnly" or "NoAccess").
791 # group_name The group name of user.
792 # valid_status_code The expected valid status code.
793
Nagarjun B1b821612021-12-06 22:52:04 +0530[diff] [blame]794 # check Host state and do the power on/off if needed.
795 Verify Host Power Status On
796
Prashanth Kattife798812020-01-31 07:04:26 -0600[diff] [blame]797 Update LDAP Configuration with LDAP User Role And Group ${ldap_type}
798 ... ${group_privilege} ${group_name}
799
800 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
801
802 Redfish.Post ${REDFISH_POWER_URI}
803 ... body={'ResetType': 'ForceOff'} valid_status_codes=[${valid_status_code}]
804
nagarjunb2200108dc2022-07-12 21:50:45 +0530[diff] [blame]805 Return From Keyword If ${valid_status_code} == ${HTTP_FORBIDDEN}
806 Wait Until Keyword Succeeds 1 min 10 sec Verify Host Power State Off
807
808
Prashanth Kattia4f79292020-02-20 03:34:01 -0600[diff] [blame]809Update LDAP User Role And Host Poweron
810 [Documentation] Update LDAP user role and do host poweron.
811 [Arguments] ${ldap_type} ${group_privilege} ${group_name} ${valid_status_code}
812 [Teardown] Run Keywords Redfish.Logout AND Redfish.Login
813
814 # Description of argument(s):
815 # ldap_type The LDAP type ("ActiveDirectory" or "LDAP").
816 # group_privilege The group privilege ("Administrator", "Operator", "ReadOnly" or "NoAccess").
817 # group_name The group name of user.
818 # valid_status_code The expected valid status code.
819
Nagarjun B1b821612021-12-06 22:52:04 +0530[diff] [blame]820 # check Host state and do the power on/off if needed.
821 Verify Host Power Status Off
822
Prashanth Kattia4f79292020-02-20 03:34:01 -0600[diff] [blame]823 Update LDAP Configuration with LDAP User Role And Group ${ldap_type}
824 ... ${group_privilege} ${group_name}
825
826 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
827
828 Redfish.Post ${REDFISH_POWER_URI}
829 ... body={'ResetType': 'On'} valid_status_codes=[${valid_status_code}]
Prashanth Katti3dc8cc32020-03-04 11:11:01 -0600[diff] [blame]830
nagarjunb2200108dc2022-07-12 21:50:45 +0530[diff] [blame]831 Return From Keyword If ${valid_status_code} == ${HTTP_FORBIDDEN}
832 Verify Host Is Up
833
Prashanth Katti3dc8cc32020-03-04 11:11:01 -0600[diff] [blame]834
835Update LDAP User Role And Configure IP Address
836 [Documentation] Update LDAP user role and configure IP address.
837 [Arguments] ${ldap_type} ${group_privilege} ${group_name} ${valid_status_code}=${HTTP_OK}
838 [Teardown] Run Keywords Redfish.Logout AND Redfish.Login AND Delete IP Address ${test_ip}
839
840 # Description of argument(s):
841 # ldap_type The LDAP type ("ActiveDirectory" or "LDAP").
842 # group_privilege The group privilege ("Administrator", "Operator", "ReadOnly" or "NoAccess").
843 # group_name The group name of user.
844 # valid_status_code The expected valid status code.
845
846 Update LDAP Configuration with LDAP User Role And Group ${ldap_type}
847 ... ${group_privilege} ${group_name}
848
849 Redfish.Logout
850
851 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
852
Anves Kumar rayankula5bf342e2020-06-25 08:35:34 -0500[diff] [blame]853 ${test_gateway}= Get BMC Default Gateway
854
Prashanth Kattic2d06df2021-07-12 01:33:53 -0500[diff] [blame]855 Run Keyword If '${group_privilege}' == 'NoAccess'
856 ... Add IP Address With NoAccess User ${test_ip} ${test_mask} ${test_gateway} ${valid_status_code}
857 ... ELSE
858 ... Add IP Address ${test_ip} ${test_mask} ${test_gateway} ${valid_status_code}
Prashanth Kattif90c4742020-03-18 11:08:47 -0500[diff] [blame]859
860
861Update LDAP User Role And Delete IP Address
862 [Documentation] Update LDAP user role and delete IP address.
863 [Arguments] ${ldap_type} ${group_privilege} ${group_name} ${valid_status_code}=${HTTP_OK}
864 [Teardown] Run Keywords Redfish.Logout AND Redfish.Login AND Delete IP Address ${test_ip}
865
866 # Description of argument(s):
867 # ldap_type The LDAP type ("ActiveDirectory" or "LDAP").
868 # group_privilege The group privilege ("Administrator", "Operator", "ReadOnly" or "NoAccess").
869 # group_name The group name of user.
870 # valid_status_code The expected valid status code.
871
Anves Kumar rayankula5bf342e2020-06-25 08:35:34 -0500[diff] [blame]872 ${test_gateway}= Get BMC Default Gateway
873
Prashanth Kattif90c4742020-03-18 11:08:47 -0500[diff] [blame]874 # Configure IP address before deleting via LDAP user roles.
Anves Kumar rayankula5bf342e2020-06-25 08:35:34 -0500[diff] [blame]875 Add IP Address ${test_ip} ${test_mask} ${test_gateway}
Prashanth Kattif90c4742020-03-18 11:08:47 -0500[diff] [blame]876
877 Update LDAP Configuration with LDAP User Role And Group ${ldap_type}
878 ... ${group_privilege} ${group_name}
879
880 Redfish.Logout
881
882 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
883
Prashanth Kattic2d06df2021-07-12 01:33:53 -0500[diff] [blame]884 Run Keyword If '${group_privilege}' == 'NoAccess'
885 ... Delete IP Address With NoAccess User ${test_ip} ${valid_status_code}
886 ... ELSE
887 ... Delete IP Address ${test_ip} ${valid_status_code}
Prashanth Katti67e06202020-05-20 06:16:51 -0500[diff] [blame]888
889
890Update LDAP User Role And Read Network Configuration
891 [Documentation] Update LDAP user role and read network configuration.
892 [Arguments] ${ldap_type} ${group_privilege} ${group_name} ${valid_status_code}=${HTTP_OK}
893 [Teardown] Run Keywords Redfish.Logout AND Redfish.Login
894
895 # Description of argument(s):
896 # ldap_type The LDAP type ("ActiveDirectory" or "LDAP").
897 # group_privilege The group privilege ("Administrator", "Operator", "ReadOnly" or "NoAccess").
898 # group_name The group name of user.
899 # valid_status_code The expected valid status code.
900
901 Update LDAP Configuration with LDAP User Role And Group ${ldap_type}
902 ... ${group_privilege} ${group_name}
903
904 Redfish.Logout
905
906 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
907 Redfish.Get ${REDFISH_NW_ETH0_URI} valid_status_codes=[${valid_status_code}]
Anves Kumar rayankula5bf342e2020-06-25 08:35:34 -0500[diff] [blame]908
Prashanth Kattic2d06df2021-07-12 01:33:53 -0500[diff] [blame]909
910Add IP Address With NoAccess User
911 [Documentation] Add IP Address To BMC.
912 [Arguments] ${ip} ${subnet_mask} ${gateway}
913 ... ${valid_status_codes}=${HTTP_OK}
914
915 # Description of argument(s):
916 # ip IP address to be added (e.g. "10.7.7.7").
917 # subnet_mask Subnet mask for the IP to be added
918 # (e.g. "255.255.0.0").
919 # gateway Gateway for the IP to be added (e.g. "10.7.7.1").
920 # valid_status_codes Expected return code from patch operation
921 # (e.g. "200"). See prolog of rest_request
922 # method in redfish_plus.py for details.
923
924 # Logout from LDAP user.
925 Redfish.Logout
926
927 # Login with local user.
928 Redfish.Login
929
930 ${empty_dict}= Create Dictionary
931 ${ip_data}= Create Dictionary Address=${ip}
932 ... SubnetMask=${subnet_mask} Gateway=${gateway}
933
934 ${patch_list}= Create List
935 ${network_configurations}= Get Network Configuration
936 ${num_entries}= Get Length ${network_configurations}
937
938 FOR ${INDEX} IN RANGE 0 ${num_entries}
939 Append To List ${patch_list} ${empty_dict}
940 END
941
942 ${valid_status_codes}= Run Keyword If '${valid_status_codes}' == '${HTTP_OK}'
943 ... Set Variable ${HTTP_OK},${HTTP_NO_CONTENT}
944 ... ELSE Set Variable ${valid_status_codes}
945
946 # We need not check for existence of IP on BMC while adding.
947 Append To List ${patch_list} ${ip_data}
948 ${data}= Create Dictionary IPv4StaticAddresses=${patch_list}
949
950 ${active_channel_config}= Get Active Channel Config
951 ${ethernet_interface}= Set Variable ${active_channel_config['${CHANNEL_NUMBER}']['name']}
952
953 # Logout from local user.
954 Redfish.Logout
955
956 # Login from LDAP user and check if we can configure IP address.
957 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
958
959 Redfish.patch ${REDFISH_NW_ETH_IFACE}${ethernet_interface} body=&{data}
960 ... valid_status_codes=[${valid_status_codes}]
961
962
963Delete IP Address With NoAccess User
964 [Documentation] Delete IP Address Of BMC.
965 [Arguments] ${ip} ${valid_status_codes}=${HTTP_OK}
966
967 # Description of argument(s):
968 # ip IP address to be deleted (e.g. "10.7.7.7").
969 # valid_status_codes Expected return code from patch operation
970 # (e.g. "200"). See prolog of rest_request
971 # method in redfish_plus.py for details.
972
973 # Logout from LDAP user.
974 Redfish.Logout
975
976 # Login with local user.
977 Redfish.Login
978
979 ${empty_dict}= Create Dictionary
980 ${patch_list}= Create List
981
982 @{network_configurations}= Get Network Configuration
983 FOR ${network_configuration} IN @{network_configurations}
984 Run Keyword If '${network_configuration['Address']}' == '${ip}'
985 ... Append To List ${patch_list} ${null}
986 ... ELSE Append To List ${patch_list} ${empty_dict}
987 END
988
989 ${ip_found}= Run Keyword And Return Status List Should Contain Value
990 ... ${patch_list} ${null} msg=${ip} does not exist on BMC
991 Pass Execution If ${ip_found} == ${False} ${ip} does not exist on BMC
992
993 # Run patch command only if given IP is found on BMC
994 ${data}= Create Dictionary IPv4StaticAddresses=${patch_list}
995
996 ${active_channel_config}= Get Active Channel Config
997 ${ethernet_interface}= Set Variable ${active_channel_config['${CHANNEL_NUMBER}']['name']}
998
999 # Logout from local user.
1000 Redfish.Logout
1001
1002 # Login from LDAP user and check if we can delete IP address.
1003 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
1004
1005 Redfish.patch ${REDFISH_NW_ETH_IFACE}${ethernet_interface} body=&{data}
1006 ... valid_status_codes=[${valid_status_codes}]
1007
1008 # Note: Network restart takes around 15-18s after patch request processing
1009 Sleep ${NETWORK_TIMEOUT}s
1010 Wait For Host To Ping ${OPENBMC_HOST} ${NETWORK_TIMEOUT}