Sivas SRR | 7d7bae3 | 2019-05-29 00:31:14 -0500 | [diff] [blame] | 1 | *** Settings *** |
| 2 | Documentation Test Redfish LDAP user configuration. |
Sivas SRR | 73379bc | 2019-07-22 10:21:45 -0500 | [diff] [blame] | 3 | |
Sivas SRR | d21c984 | 2019-06-21 05:41:18 -0500 | [diff] [blame] | 4 | Library ../../lib/gen_robot_valid.py |
Sivas SRR | 7d7bae3 | 2019-05-29 00:31:14 -0500 | [diff] [blame] | 5 | Resource ../../lib/resource.robot |
| 6 | Resource ../../lib/bmc_redfish_resource.robot |
| 7 | Resource ../../lib/openbmc_ffdc.robot |
Sivas SRR | f4ec649 | 2019-06-16 01:59:30 -0500 | [diff] [blame] | 8 | Library ../../lib/gen_robot_valid.py |
Prashanth Katti | 3dc8cc3 | 2020-03-04 11:11:01 -0600 | [diff] [blame] | 9 | Resource ../../lib/bmc_network_utils.robot |
Sivas SRR | 7d7bae3 | 2019-05-29 00:31:14 -0500 | [diff] [blame] | 10 | |
| 11 | Suite Setup Suite Setup Execution |
Sivas SRR | 939b4b1 | 2019-06-26 00:01:59 -0500 | [diff] [blame] | 12 | Suite Teardown Run Keywords Restore LDAP Privilege AND Redfish.Logout |
Sivas SRR | f4ec649 | 2019-06-16 01:59:30 -0500 | [diff] [blame] | 13 | Test Teardown FFDC On Test Case Fail |
Sivas SRR | 7d7bae3 | 2019-05-29 00:31:14 -0500 | [diff] [blame] | 14 | |
Sivas SRR | 9358b5c | 2019-06-06 04:57:03 -0500 | [diff] [blame] | 15 | Force Tags LDAP_Test |
| 16 | |
Sivas SRR | f4ec649 | 2019-06-16 01:59:30 -0500 | [diff] [blame] | 17 | *** Variables *** |
Sivas SRR | 873de8e | 2019-09-26 00:37:53 -0500 | [diff] [blame] | 18 | ${old_ldap_privilege} ${EMPTY} |
Sivas SRR | d21c984 | 2019-06-21 05:41:18 -0500 | [diff] [blame] | 19 | &{old_account_service} &{EMPTY} |
Sivas SRR | 873de8e | 2019-09-26 00:37:53 -0500 | [diff] [blame] | 20 | &{old_ldap_config} &{EMPTY} |
| 21 | ${hostname} ${EMPTY} |
Prashanth Katti | 3dc8cc3 | 2020-03-04 11:11:01 -0600 | [diff] [blame] | 22 | ${test_ip} 10.6.6.6 |
| 23 | ${test_mask} 255.255.255.0 |
Sivas SRR | f4ec649 | 2019-06-16 01:59:30 -0500 | [diff] [blame] | 24 | |
Sivas SRR | 7d7bae3 | 2019-05-29 00:31:14 -0500 | [diff] [blame] | 25 | ** Test Cases ** |
| 26 | |
Sivas SRR | b1b8575 | 2019-07-04 01:28:28 -0500 | [diff] [blame] | 27 | Verify LDAP Configuration Created |
Sivas SRR | 6f8ac5d | 2019-08-27 01:09:52 -0500 | [diff] [blame] | 28 | [Documentation] Verify that LDAP configuration created. |
Sivas SRR | b1b8575 | 2019-07-04 01:28:28 -0500 | [diff] [blame] | 29 | [Tags] Verify_LDAP_Configuration_Created |
| 30 | |
| 31 | Create LDAP Configuration |
| 32 | # Call 'Get LDAP Configuration' to verify that LDAP configuration exists. |
| 33 | Get LDAP Configuration ${LDAP_TYPE} |
| 34 | Sleep 10s |
| 35 | Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD} |
| 36 | Redfish.Logout |
| 37 | Redfish.Login |
| 38 | |
| 39 | |
| 40 | Verify LDAP Service Disable |
Sivas SRR | 6f8ac5d | 2019-08-27 01:09:52 -0500 | [diff] [blame] | 41 | [Documentation] Verify that LDAP is disabled and that LDAP user cannot |
| 42 | ... login. |
Sivas SRR | b1b8575 | 2019-07-04 01:28:28 -0500 | [diff] [blame] | 43 | [Tags] Verify_LDAP_Service_Disable |
| 44 | |
| 45 | Redfish.Patch ${REDFISH_BASE_URI}AccountService |
| 46 | ... body={'${LDAP_TYPE}': {'ServiceEnabled': ${False}}} |
| 47 | Sleep 15s |
| 48 | ${resp}= Run Keyword And Return Status Redfish.Login ${LDAP_USER} |
| 49 | ... ${LDAP_USER_PASSWORD} |
George Keishing | 333bb72 | 2019-12-11 11:40:49 -0600 | [diff] [blame] | 50 | Should Be Equal ${resp} ${False} |
| 51 | ... msg=LDAP user was able to login even though the LDAP service was disabled. |
Sivas SRR | b1b8575 | 2019-07-04 01:28:28 -0500 | [diff] [blame] | 52 | Redfish.Logout |
| 53 | Redfish.Login |
| 54 | # Enabling LDAP so that LDAP user works. |
| 55 | Redfish.Patch ${REDFISH_BASE_URI}AccountService |
| 56 | ... body={'${LDAP_TYPE}': {'ServiceEnabled': ${True}}} |
| 57 | Redfish.Logout |
| 58 | Redfish.Login |
| 59 | |
| 60 | |
Sivas SRR | 73379bc | 2019-07-22 10:21:45 -0500 | [diff] [blame] | 61 | Verify LDAP Login With ServiceEnabled |
Sivas SRR | 6f8ac5d | 2019-08-27 01:09:52 -0500 | [diff] [blame] | 62 | [Documentation] Verify that LDAP Login with ServiceEnabled. |
Sivas SRR | 73379bc | 2019-07-22 10:21:45 -0500 | [diff] [blame] | 63 | [Tags] Verify_LDAP_Login_With_ServiceEnabled |
| 64 | |
| 65 | Disable Other LDAP |
| 66 | # Actual service enablement. |
| 67 | Redfish.Patch ${REDFISH_BASE_URI}AccountService |
| 68 | ... body={'${LDAP_TYPE}': {'ServiceEnabled': ${True}}} |
| 69 | Sleep 15s |
| 70 | # After update, LDAP login. |
| 71 | Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD} |
| 72 | Redfish.Logout |
| 73 | Redfish.Login |
| 74 | |
| 75 | |
| 76 | Verify LDAP Login With Correct AuthenticationType |
Sivas SRR | 6f8ac5d | 2019-08-27 01:09:52 -0500 | [diff] [blame] | 77 | [Documentation] Verify that LDAP Login with right AuthenticationType. |
Sivas SRR | 73379bc | 2019-07-22 10:21:45 -0500 | [diff] [blame] | 78 | [Tags] Verify_LDAP_Login_With_Correct_AuthenticationType |
| 79 | |
| 80 | Redfish.Patch ${REDFISH_BASE_URI}AccountService |
| 81 | ... body={'${ldap_type}': {'Authentication': {'AuthenticationType':'UsernameAndPassword'}}} |
| 82 | Sleep 15s |
| 83 | # After update, LDAP login. |
| 84 | Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD} |
| 85 | Redfish.Logout |
| 86 | Redfish.Login |
| 87 | |
| 88 | |
| 89 | Verify LDAP Config Update With Incorrect AuthenticationType |
Sivas SRR | 6f8ac5d | 2019-08-27 01:09:52 -0500 | [diff] [blame] | 90 | [Documentation] Verify that invalid AuthenticationType is not updated. |
Sivas SRR | 73379bc | 2019-07-22 10:21:45 -0500 | [diff] [blame] | 91 | [Tags] Verify_LDAP_Update_With_Incorrect_AuthenticationType |
| 92 | |
George Keishing | 2d0804e | 2019-12-12 22:27:05 -0600 | [diff] [blame] | 93 | ${body}= Catenate {'${ldap_type}': {'Authentication': {'AuthenticationType':'KerberosKeytab'}}} |
Prashanth Katti | 7d38a09 | 2020-01-10 06:01:09 -0600 | [diff] [blame] | 94 | |
Sivas SRR | 73379bc | 2019-07-22 10:21:45 -0500 | [diff] [blame] | 95 | Redfish.Patch ${REDFISH_BASE_URI}AccountService |
Prashanth Katti | 7d38a09 | 2020-01-10 06:01:09 -0600 | [diff] [blame] | 96 | ... body=${body} valid_status_codes=[400] |
Sivas SRR | 73379bc | 2019-07-22 10:21:45 -0500 | [diff] [blame] | 97 | |
| 98 | |
| 99 | Verify LDAP Login With Correct LDAP URL |
| 100 | [Documentation] Verify LDAP Login with right LDAP URL. |
| 101 | [Tags] Verify_LDAP_Login_With_Correct_LDAP_URL |
| 102 | |
| 103 | Config LDAP URL ${LDAP_SERVER_URI} |
| 104 | |
| 105 | |
| 106 | Verify LDAP Config Update With Incorrect LDAP URL |
Sivas SRR | 6f8ac5d | 2019-08-27 01:09:52 -0500 | [diff] [blame] | 107 | [Documentation] Verify that LDAP Login fails with invalid LDAP URL. |
Sivas SRR | 73379bc | 2019-07-22 10:21:45 -0500 | [diff] [blame] | 108 | [Tags] Verify_LDAP_Config_Update_With_Incorrect_LDAP_URL |
| 109 | [Teardown] Run Keywords Restore LDAP URL AND |
| 110 | ... FFDC On Test Case Fail |
| 111 | |
Prashanth Katti | 7d38a09 | 2020-01-10 06:01:09 -0600 | [diff] [blame] | 112 | Config LDAP URL ldap://1.2.3.4/ ${FALSE} |
Sivas SRR | 73379bc | 2019-07-22 10:21:45 -0500 | [diff] [blame] | 113 | |
Sivas SRR | 7d7bae3 | 2019-05-29 00:31:14 -0500 | [diff] [blame] | 114 | Verify LDAP Configuration Exist |
Sivas SRR | 6f8ac5d | 2019-08-27 01:09:52 -0500 | [diff] [blame] | 115 | [Documentation] Verify that LDAP configuration is available. |
Sivas SRR | 7d7bae3 | 2019-05-29 00:31:14 -0500 | [diff] [blame] | 116 | [Tags] Verify_LDAP_Configuration_Exist |
Sivas SRR | 73379bc | 2019-07-22 10:21:45 -0500 | [diff] [blame] | 117 | |
Sivas SRR | 7d7bae3 | 2019-05-29 00:31:14 -0500 | [diff] [blame] | 118 | ${resp}= Redfish.Get Attribute ${REDFISH_BASE_URI}AccountService |
| 119 | ... ${LDAP_TYPE} default=${EMPTY} |
| 120 | Should Not Be Empty ${resp} msg=LDAP configuration is not defined. |
| 121 | |
| 122 | |
| 123 | Verify LDAP User Login |
Sivas SRR | 6f8ac5d | 2019-08-27 01:09:52 -0500 | [diff] [blame] | 124 | [Documentation] Verify that LDAP user able to login into BMC. |
Sivas SRR | 7d7bae3 | 2019-05-29 00:31:14 -0500 | [diff] [blame] | 125 | [Tags] Verify_LDAP_User_Login |
Sivas SRR | 73379bc | 2019-07-22 10:21:45 -0500 | [diff] [blame] | 126 | |
| 127 | Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD} |
Sivas SRR | 939b4b1 | 2019-06-26 00:01:59 -0500 | [diff] [blame] | 128 | Redfish.Logout |
| 129 | Redfish.Login |
Sivas SRR | 7d7bae3 | 2019-05-29 00:31:14 -0500 | [diff] [blame] | 130 | |
| 131 | |
| 132 | Verify LDAP Service Available |
Sivas SRR | 6f8ac5d | 2019-08-27 01:09:52 -0500 | [diff] [blame] | 133 | [Documentation] Verify that LDAP service is available. |
Sivas SRR | 7d7bae3 | 2019-05-29 00:31:14 -0500 | [diff] [blame] | 134 | [Tags] Verify_LDAP_Service_Available |
Sivas SRR | 73379bc | 2019-07-22 10:21:45 -0500 | [diff] [blame] | 135 | |
Sivas SRR | 7d7bae3 | 2019-05-29 00:31:14 -0500 | [diff] [blame] | 136 | @{ldap_configuration}= Get LDAP Configuration ${LDAP_TYPE} |
| 137 | Should Contain ${ldap_configuration} LDAPService |
| 138 | ... msg=LDAPService is not available. |
| 139 | |
| 140 | |
Sivas SRR | 108f9d3 | 2019-06-03 10:05:34 -0500 | [diff] [blame] | 141 | Verify LDAP Login Works After BMC Reboot |
Sivas SRR | 6f8ac5d | 2019-08-27 01:09:52 -0500 | [diff] [blame] | 142 | [Documentation] Verify that LDAP login works after BMC reboot. |
Sivas SRR | 108f9d3 | 2019-06-03 10:05:34 -0500 | [diff] [blame] | 143 | [Tags] Verify_LDAP_Login_Works_After_BMC_Reboot |
Sivas SRR | 73379bc | 2019-07-22 10:21:45 -0500 | [diff] [blame] | 144 | |
Sivas SRR | 108f9d3 | 2019-06-03 10:05:34 -0500 | [diff] [blame] | 145 | Redfish OBMC Reboot (off) |
| 146 | Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD} |
| 147 | Redfish.Logout |
Sivas SRR | 939b4b1 | 2019-06-26 00:01:59 -0500 | [diff] [blame] | 148 | Redfish.Login |
Sivas SRR | 108f9d3 | 2019-06-03 10:05:34 -0500 | [diff] [blame] | 149 | |
| 150 | |
| 151 | Verify LDAP User With Admin Privilege Able To Do BMC Reboot |
Sivas SRR | 6f8ac5d | 2019-08-27 01:09:52 -0500 | [diff] [blame] | 152 | [Documentation] Verify that LDAP user with administrator privilege able to do BMC reboot. |
Sivas SRR | 108f9d3 | 2019-06-03 10:05:34 -0500 | [diff] [blame] | 153 | [Tags] Verify_LDAP_User_With_Admin_Privilege_Able_To_Do_BMC_Reboot |
| 154 | |
Sivas SRR | 73379bc | 2019-07-22 10:21:45 -0500 | [diff] [blame] | 155 | |
Sivas SRR | 108f9d3 | 2019-06-03 10:05:34 -0500 | [diff] [blame] | 156 | Update LDAP Configuration with LDAP User Role And Group ${LDAP_TYPE} |
| 157 | ... ${GROUP_PRIVILEGE} ${GROUP_NAME} |
| 158 | Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD} |
| 159 | # With LDAP user and with right privilege trying to do BMC reboot. |
| 160 | Redfish OBMC Reboot (off) |
| 161 | Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD} |
| 162 | Redfish.Logout |
Sivas SRR | 939b4b1 | 2019-06-26 00:01:59 -0500 | [diff] [blame] | 163 | Redfish.Login |
Sivas SRR | 108f9d3 | 2019-06-03 10:05:34 -0500 | [diff] [blame] | 164 | |
| 165 | |
Sivas SRR | 2b83ec0 | 2019-07-12 11:30:20 -0500 | [diff] [blame] | 166 | Verify LDAP User With Operator Privilege Able To Do Host Poweroff |
Sivas SRR | 6f8ac5d | 2019-08-27 01:09:52 -0500 | [diff] [blame] | 167 | [Documentation] Verify that LDAP user with operator privilege can do host |
| 168 | ... power off. |
Sivas SRR | 2b83ec0 | 2019-07-12 11:30:20 -0500 | [diff] [blame] | 169 | [Tags] Verify_LDAP_User_With_Operator_Privilege_Able_To_Do_Host_Poweroff |
Sivas SRR | f4ec649 | 2019-06-16 01:59:30 -0500 | [diff] [blame] | 170 | [Teardown] Restore LDAP Privilege |
| 171 | |
Sivas SRR | f4ec649 | 2019-06-16 01:59:30 -0500 | [diff] [blame] | 172 | Update LDAP Configuration with LDAP User Role And Group ${LDAP_TYPE} |
| 173 | ... Operator ${GROUP_NAME} |
Sivas SRR | f4ec649 | 2019-06-16 01:59:30 -0500 | [diff] [blame] | 174 | |
Sivas SRR | f4ec649 | 2019-06-16 01:59:30 -0500 | [diff] [blame] | 175 | Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD} |
Sivas SRR | 2b83ec0 | 2019-07-12 11:30:20 -0500 | [diff] [blame] | 176 | # Verify that the LDAP user with operator privilege is able to power the system off. |
| 177 | Redfish.Post ${REDFISH_POWER_URI} |
Sivas SRR | 3d82b3c | 2019-07-12 12:20:04 -0500 | [diff] [blame] | 178 | ... body={'ResetType': 'ForceOff'} valid_status_codes=[200] |
Sivas SRR | f4ec649 | 2019-06-16 01:59:30 -0500 | [diff] [blame] | 179 | Redfish.Logout |
Sivas SRR | 939b4b1 | 2019-06-26 00:01:59 -0500 | [diff] [blame] | 180 | Redfish.Login |
Sivas SRR | f4ec649 | 2019-06-16 01:59:30 -0500 | [diff] [blame] | 181 | |
| 182 | |
Sivas SRR | d21c984 | 2019-06-21 05:41:18 -0500 | [diff] [blame] | 183 | Verify AccountLockout Attributes Set To Zero |
Sivas SRR | 6f8ac5d | 2019-08-27 01:09:52 -0500 | [diff] [blame] | 184 | [Documentation] Verify that attribute AccountLockoutDuration and |
Sivas SRR | d21c984 | 2019-06-21 05:41:18 -0500 | [diff] [blame] | 185 | ... AccountLockoutThreshold are set to 0. |
| 186 | [Teardown] Run Keywords Restore AccountLockout Attributes AND |
| 187 | ... FFDC On Test Case Fail |
| 188 | [Tags] Verify_AccountLockout_Attributes_Set_To_Zero |
Sivas SRR | 73379bc | 2019-07-22 10:21:45 -0500 | [diff] [blame] | 189 | |
Sivas SRR | d21c984 | 2019-06-21 05:41:18 -0500 | [diff] [blame] | 190 | ${old_account_service}= Redfish.Get Properties |
| 191 | ... ${REDFISH_BASE_URI}AccountService |
Michael Walsh | 39c0051 | 2019-07-17 10:54:06 -0500 | [diff] [blame] | 192 | Rprint Vars old_account_service |
Sivas SRR | d21c984 | 2019-06-21 05:41:18 -0500 | [diff] [blame] | 193 | Redfish.Patch ${REDFISH_BASE_URI}AccountService |
| 194 | ... body=[('AccountLockoutDuration', 0)] |
| 195 | Redfish.Patch ${REDFISH_BASE_URI}AccountService |
| 196 | ... body=[('AccountLockoutThreshold', 0)] |
| 197 | |
| 198 | |
Sivas SRR | 939b4b1 | 2019-06-26 00:01:59 -0500 | [diff] [blame] | 199 | Verify LDAP User With Read Privilege Able To Check Inventory |
Sivas SRR | 6f8ac5d | 2019-08-27 01:09:52 -0500 | [diff] [blame] | 200 | [Documentation] Verify that LDAP user with read privilege able to |
Sivas SRR | 939b4b1 | 2019-06-26 00:01:59 -0500 | [diff] [blame] | 201 | ... read firmware inventory. |
| 202 | [Tags] Verify_LDAP_User_With_Read_Privilege_Able_To_Check_Inventory |
| 203 | [Teardown] Run Keywords FFDC On Test Case Fail AND Restore LDAP Privilege |
| 204 | [Template] Set Read Privilege And Check Firmware Inventory |
| 205 | |
Prashanth Katti | edce4a9 | 2020-01-16 07:28:39 -0600 | [diff] [blame] | 206 | ReadOnly |
Sivas SRR | 939b4b1 | 2019-06-26 00:01:59 -0500 | [diff] [blame] | 207 | |
| 208 | |
| 209 | Verify LDAP User With Read Privilege Should Not Do Host Poweron |
Sivas SRR | 6f8ac5d | 2019-08-27 01:09:52 -0500 | [diff] [blame] | 210 | [Documentation] Verify that LDAP user with read privilege should not be |
Sivas SRR | 939b4b1 | 2019-06-26 00:01:59 -0500 | [diff] [blame] | 211 | ... allowed to power on the host. |
| 212 | [Tags] Verify_LDAP_User_With_Read_Privilege_Should_Not_Do_Host_Poweron |
| 213 | [Teardown] Run Keywords FFDC On Test Case Fail AND Restore LDAP Privilege |
| 214 | [Template] Set Read Privilege And Check Poweron |
| 215 | |
Prashanth Katti | edce4a9 | 2020-01-16 07:28:39 -0600 | [diff] [blame] | 216 | ReadOnly |
Sivas SRR | 939b4b1 | 2019-06-26 00:01:59 -0500 | [diff] [blame] | 217 | |
| 218 | |
Sivas SRR | e9a4786 | 2019-08-05 07:13:43 -0500 | [diff] [blame] | 219 | Update LDAP Group Name And Verify Operations |
Sivas SRR | 6f8ac5d | 2019-08-27 01:09:52 -0500 | [diff] [blame] | 220 | [Documentation] Verify that LDAP group name update and able to do right |
| 221 | ... operations. |
Sivas SRR | e9a4786 | 2019-08-05 07:13:43 -0500 | [diff] [blame] | 222 | [Tags] Update_LDAP_Group_Name_And_Verify_Operations |
| 223 | [Template] Update LDAP Config And Verify Set Host Name |
| 224 | [Teardown] Restore LDAP Privilege |
| 225 | |
| 226 | # group_name group_privilege valid_status_codes |
Anves Kumar rayankula | 9954c4c | 2020-07-31 05:49:16 -0500 | [diff] [blame] | 227 | ${GROUP_NAME} Administrator [${HTTP_OK}, ${HTTP_NO_CONTENT}] |
Sivas SRR | e9a4786 | 2019-08-05 07:13:43 -0500 | [diff] [blame] | 228 | ${GROUP_NAME} Operator [${HTTP_UNAUTHORIZED}, ${HTTP_FORBIDDEN}] |
Prashanth Katti | edce4a9 | 2020-01-16 07:28:39 -0600 | [diff] [blame] | 229 | ${GROUP_NAME} ReadOnly [${HTTP_UNAUTHORIZED}, ${HTTP_FORBIDDEN}] |
| 230 | ${GROUP_NAME} NoAccess [${HTTP_UNAUTHORIZED}, ${HTTP_FORBIDDEN}] |
Sivas SRR | e9a4786 | 2019-08-05 07:13:43 -0500 | [diff] [blame] | 231 | Invalid_LDAP_Group_Name Administrator [${HTTP_UNAUTHORIZED}, ${HTTP_FORBIDDEN}] |
| 232 | Invalid_LDAP_Group_Name Operator [${HTTP_UNAUTHORIZED}, ${HTTP_FORBIDDEN}] |
Prashanth Katti | edce4a9 | 2020-01-16 07:28:39 -0600 | [diff] [blame] | 233 | Invalid_LDAP_Group_Name ReadOnly [${HTTP_UNAUTHORIZED}, ${HTTP_FORBIDDEN}] |
| 234 | Invalid_LDAP_Group_Name NoAccess [${HTTP_UNAUTHORIZED}, ${HTTP_FORBIDDEN}] |
Sivas SRR | e9a4786 | 2019-08-05 07:13:43 -0500 | [diff] [blame] | 235 | |
| 236 | |
Sivas SRR | a031d2d | 2019-08-16 07:49:52 -0500 | [diff] [blame] | 237 | Verify LDAP BaseDN Update And LDAP Login |
| 238 | [Documentation] Update LDAP BaseDN of LDAP configuration and verify |
Sivas SRR | 6f8ac5d | 2019-08-27 01:09:52 -0500 | [diff] [blame] | 239 | ... that LDAP login works. |
Sivas SRR | a031d2d | 2019-08-16 07:49:52 -0500 | [diff] [blame] | 240 | [Tags] Verify_LDAP_BaseDN_Update_And_LDAP_Login |
| 241 | |
| 242 | |
| 243 | ${body}= Catenate {'${LDAP_TYPE}': { 'LDAPService': {'SearchSettings': |
| 244 | ... {'BaseDistinguishedNames': ['${LDAP_BASE_DN}']}}}} |
| 245 | Redfish.Patch ${REDFISH_BASE_URI}AccountService body=${body} |
| 246 | Sleep 15s |
| 247 | Redfish Verify LDAP Login |
| 248 | |
| 249 | |
| 250 | Verify LDAP BindDN Update And LDAP Login |
| 251 | [Documentation] Update LDAP BindDN of LDAP configuration and verify |
Sivas SRR | 6f8ac5d | 2019-08-27 01:09:52 -0500 | [diff] [blame] | 252 | ... that LDAP login works. |
Sivas SRR | a031d2d | 2019-08-16 07:49:52 -0500 | [diff] [blame] | 253 | [Tags] Verify_LDAP_BindDN_Update_And_LDAP_Login |
| 254 | |
| 255 | ${body}= Catenate {'${LDAP_TYPE}': { 'Authentication': |
| 256 | ... {'AuthenticationType':'UsernameAndPassword', 'Username': |
| 257 | ... '${LDAP_BIND_DN}'}}} |
| 258 | Redfish.Patch ${REDFISH_BASE_URI}AccountService body=${body} |
| 259 | Sleep 15s |
| 260 | Redfish Verify LDAP Login |
| 261 | |
| 262 | |
| 263 | Verify LDAP BindDN Password Update And LDAP Login |
| 264 | [Documentation] Update LDAP BindDN password of LDAP configuration and |
Sivas SRR | 6f8ac5d | 2019-08-27 01:09:52 -0500 | [diff] [blame] | 265 | ... verify that LDAP login works. |
Sivas SRR | a031d2d | 2019-08-16 07:49:52 -0500 | [diff] [blame] | 266 | [Tags] Verify_LDAP_BindDN_Passsword_Update_And_LDAP_Login |
| 267 | |
| 268 | |
| 269 | ${body}= Catenate {'${LDAP_TYPE}': { 'Authentication': |
| 270 | ... {'AuthenticationType':'UsernameAndPassword', 'Password': |
| 271 | ... '${LDAP_BIND_DN_PASSWORD}'}}} |
| 272 | Redfish.Patch ${REDFISH_BASE_URI}AccountService body=${body} |
| 273 | Sleep 15s |
| 274 | Redfish Verify LDAP Login |
| 275 | |
| 276 | |
| 277 | Verify LDAP Type Update And LDAP Login |
| 278 | [Documentation] Update LDAP type of LDAP configuration and verify |
Sivas SRR | 6f8ac5d | 2019-08-27 01:09:52 -0500 | [diff] [blame] | 279 | ... that LDAP login works. |
Sivas SRR | a031d2d | 2019-08-16 07:49:52 -0500 | [diff] [blame] | 280 | [Tags] Verify_LDAP_Type_Update_And_LDAP_Login |
| 281 | |
| 282 | Disable Other LDAP |
| 283 | Redfish.Patch ${REDFISH_BASE_URI}AccountService |
| 284 | ... body={'${LDAP_TYPE}': {'ServiceEnabled': ${True}}} |
| 285 | Sleep 15s |
| 286 | Redfish Verify LDAP Login |
| 287 | |
| 288 | |
Sivas SRR | 6f8ac5d | 2019-08-27 01:09:52 -0500 | [diff] [blame] | 289 | Verify Authorization With Null Privilege |
| 290 | [Documentation] Verify the failure of LDAP authorization with empty |
| 291 | ... privilege. |
| 292 | [Tags] Verify_LDAP_Authorization_With_Null_Privilege |
Sivas SRR | 6f8ac5d | 2019-08-27 01:09:52 -0500 | [diff] [blame] | 293 | [Teardown] Restore LDAP Privilege |
| 294 | |
| 295 | Update LDAP Config And Verify Set Host Name ${GROUP_NAME} ${EMPTY} |
| 296 | ... [${HTTP_FORBIDDEN}] |
| 297 | |
| 298 | |
| 299 | Verify Authorization With Invalid Privilege |
| 300 | [Documentation] Verify that LDAP user authorization with wrong privilege |
| 301 | ... fails. |
| 302 | [Tags] Verify_LDAP_Authorization_With_Invalid_Privilege |
Sivas SRR | 6f8ac5d | 2019-08-27 01:09:52 -0500 | [diff] [blame] | 303 | [Teardown] Restore LDAP Privilege |
| 304 | |
| 305 | Update LDAP Config And Verify Set Host Name ${GROUP_NAME} |
| 306 | ... Invalid_Privilege [${HTTP_FORBIDDEN}] |
| 307 | |
| 308 | |
| 309 | Verify LDAP Login With Invalid Data |
| 310 | [Documentation] Verify that LDAP login with Invalid LDAP data and |
| 311 | ... right LDAP user fails. |
| 312 | [Tags] Verify_LDAP_Login_With_Invalid_Data |
| 313 | [Teardown] Run Keywords FFDC On Test Case Fail AND |
| 314 | ... Create LDAP Configuration |
| 315 | |
| 316 | Create LDAP Configuration ${LDAP_TYPE} Invalid_LDAP_Server_URI |
| 317 | ... Invalid_LDAP_BIND_DN LDAP_BIND_DN_PASSWORD |
| 318 | ... Invalid_LDAP_BASE_DN |
| 319 | Sleep 15s |
| 320 | Redfish Verify LDAP Login ${False} |
| 321 | |
| 322 | |
| 323 | Verify LDAP Config Creation Without BASE_DN |
| 324 | [Documentation] Verify that LDAP login with LDAP configuration |
| 325 | ... created without BASE_DN fails. |
| 326 | [Tags] Verify_LDAP_Config_Creation_Without_BASE_DN |
| 327 | [Teardown] Run Keywords FFDC On Test Case Fail AND |
| 328 | ... Create LDAP Configuration |
| 329 | |
| 330 | Create LDAP Configuration ${LDAP_TYPE} Invalid_LDAP_Server_URI |
| 331 | ... Invalid_LDAP_BIND_DN LDAP_BIND_DN_PASSWORD ${EMPTY} |
| 332 | Sleep 15s |
| 333 | Redfish Verify LDAP Login ${False} |
| 334 | |
| 335 | |
| 336 | Verify LDAP Authentication Without Password |
| 337 | [Documentation] Verify that LDAP user authentication without LDAP |
| 338 | ... user password fails. |
| 339 | [Tags] Verify_LDAP_Authentication_Without_Password |
Anves Kumar rayankula | 5bf342e | 2020-06-25 08:35:34 -0500 | [diff] [blame] | 340 | [Teardown] Run Keywords Redfish.Logout AND Redfish.Login |
Sivas SRR | 6f8ac5d | 2019-08-27 01:09:52 -0500 | [diff] [blame] | 341 | |
| 342 | ${status}= Run Keyword And Return Status Redfish.Login ${LDAP_USER} |
| 343 | Valid Value status [${False}] |
| 344 | |
| 345 | |
Sivas SRR | cde694c | 2019-09-09 12:20:34 -0500 | [diff] [blame] | 346 | Verify LDAP Login With Invalid BASE_DN |
| 347 | [Documentation] Verify that LDAP login with invalid BASE_DN and |
| 348 | ... valid LDAP user fails. |
| 349 | [Tags] Verify_LDAP_Login_With_Invalid_BASE_DN |
| 350 | [Teardown] Run Keywords FFDC On Test Case Fail AND |
| 351 | ... Create LDAP Configuration |
| 352 | |
| 353 | Create LDAP Configuration ${LDAP_TYPE} ${LDAP_SERVER_URI} |
| 354 | ... ${LDAP_BIND_DN} ${LDAP_BIND_DN_PASSWORD} Invalid_LDAP_BASE_DN |
| 355 | Sleep 15s |
| 356 | Redfish Verify LDAP Login ${False} |
| 357 | |
| 358 | |
| 359 | Verify LDAP Login With Invalid BIND_DN_PASSWORD |
| 360 | [Documentation] Verify that LDAP login with invalid BIND_DN_PASSWORD and |
| 361 | ... valid LDAP user fails. |
| 362 | [Tags] Verify_LDAP_Login_With_Invalid_BIND_DN_PASSWORD |
| 363 | [Teardown] Run Keywords FFDC On Test Case Fail AND |
| 364 | ... Create LDAP Configuration |
| 365 | |
| 366 | Create LDAP Configuration ${LDAP_TYPE} ${LDAP_SERVER_URI} |
| 367 | ... ${LDAP_BIND_DN} INVALID_LDAP_BIND_DN_PASSWORD ${LDAP_BASE_DN} |
| 368 | Sleep 15s |
| 369 | Redfish Verify LDAP Login ${False} |
| 370 | |
| 371 | |
| 372 | Verify LDAP Login With Invalid BASE_DN And Invalid BIND_DN |
| 373 | [Documentation] Verify that LDAP login with invalid BASE_DN and invalid |
| 374 | ... BIND_DN and valid LDAP user fails. |
| 375 | [Tags] Verify_LDAP_Login_With_Invalid_BASE_DN_And_Invalid_BIND_DN |
| 376 | [Teardown] Run Keywords FFDC On Test Case Fail AND |
| 377 | ... Create LDAP Configuration |
| 378 | |
| 379 | Create LDAP Configuration ${LDAP_TYPE} ${LDAP_SERVER_URI} |
| 380 | ... INVALID_LDAP_BIND_DN ${LDAP_BIND_DN_PASSWORD} INVALID_LDAP_BASE_DN |
| 381 | Sleep 15s |
| 382 | Redfish Verify LDAP Login ${False} |
| 383 | |
| 384 | |
| 385 | Verify Group Name And Group Privilege Able To Modify |
| 386 | [Documentation] Verify that LDAP group name and group privilege able to |
| 387 | ... modify. |
| 388 | [Tags] Verify_Group_Name_And_Group_Privilege_Able_To_Modify |
Sivas SRR | 873de8e | 2019-09-26 00:37:53 -0500 | [diff] [blame] | 389 | [Setup] Update LDAP Configuration with LDAP User Role And Group |
Sivas SRR | cde694c | 2019-09-09 12:20:34 -0500 | [diff] [blame] | 390 | ... ${LDAP_TYPE} Operator ${GROUP_NAME} |
| 391 | |
| 392 | Update LDAP Configuration with LDAP User Role And Group ${LDAP_TYPE} |
| 393 | ... Administrator ${GROUP_NAME} |
| 394 | |
| 395 | |
| 396 | Verify LDAP Login With Invalid BIND_DN |
| 397 | [Documentation] Verify that LDAP login with invalid BIND_DN and |
| 398 | ... valid LDAP user fails. |
| 399 | [Tags] Verify_LDAP_Login_With_Invalid_BIND_DN |
| 400 | [Teardown] Run Keywords FFDC On Test Case Fail AND |
| 401 | ... Create LDAP Configuration |
| 402 | |
| 403 | Create LDAP Configuration ${LDAP_TYPE} ${LDAP_SERVER_URI} |
| 404 | ... Invalid_LDAP_BIND_DN ${LDAP_BIND_DN_PASSWORD} ${LDAP_BASE_DN} |
| 405 | Sleep 15s |
| 406 | Redfish Verify LDAP Login ${False} |
| 407 | |
| 408 | |
| 409 | Verify LDAP Authentication With Invalid LDAP User |
| 410 | [Documentation] Verify that LDAP user authentication for user not exist |
| 411 | ... in LDAP server and fails. |
| 412 | [Tags] Verify_LDAP_Authentication_With_Invalid_LDAP_User |
Anves Kumar rayankula | 9954c4c | 2020-07-31 05:49:16 -0500 | [diff] [blame] | 413 | [Teardown] Run Keywords Redfish.Logout AND Redfish.Login |
Sivas SRR | cde694c | 2019-09-09 12:20:34 -0500 | [diff] [blame] | 414 | |
| 415 | ${status}= Run Keyword And Return Status Redfish.Login INVALID_LDAP_USER |
| 416 | ... ${LDAP_USER_PASSWORD} |
| 417 | Valid Value status [${False}] |
| 418 | |
| 419 | |
Prashanth Katti | fe79881 | 2020-01-31 07:04:26 -0600 | [diff] [blame] | 420 | Update LDAP User Roles And Verify Host Poweroff Operation |
| 421 | [Documentation] Update LDAP user roles and verify host poweroff operation. |
| 422 | [Tags] Update_LDAP_User_Roles_And_Verify_Host_Poweroff_Operation |
| 423 | [Teardown] Restore LDAP Privilege |
| 424 | |
| 425 | [Template] Update LDAP User Role And Host Poweroff |
| 426 | # ldap_type group_privilege group_name valid_status_codes |
| 427 | |
| 428 | # Verify LDAP user with NoAccess privilege not able to do host poweroff. |
| 429 | ${LDAP_TYPE} NoAccess ${GROUP_NAME} ${HTTP_FORBIDDEN} |
| 430 | |
| 431 | # Verify LDAP user with ReadOnly privilege not able to do host poweroff. |
| 432 | ${LDAP_TYPE} ReadOnly ${GROUP_NAME} ${HTTP_FORBIDDEN} |
| 433 | |
| 434 | # Verify LDAP user with Operator privilege able to do host poweroff. |
| 435 | ${LDAP_TYPE} Operator ${GROUP_NAME} ${HTTP_OK} |
| 436 | |
| 437 | # Verify LDAP user with Administrator privilege able to do host poweroff. |
| 438 | ${LDAP_TYPE} Administrator ${GROUP_NAME} ${HTTP_OK} |
| 439 | |
| 440 | |
Prashanth Katti | a4f7929 | 2020-02-20 03:34:01 -0600 | [diff] [blame] | 441 | Update LDAP User Roles And Verify Host Poweron Operation |
| 442 | [Documentation] Update LDAP user roles and verify host poweron operation. |
| 443 | [Tags] Update_LDAP_User_Roles_And_Verify_Host_Poweron_Operation |
| 444 | [Teardown] Restore LDAP Privilege |
| 445 | |
| 446 | [Template] Update LDAP User Role And Host Poweron |
| 447 | # ldap_type group_privilege group_name valid_status_codes |
| 448 | |
| 449 | # Verify LDAP user with NoAccess privilege not able to do host poweron. |
| 450 | ${LDAP_TYPE} NoAccess ${GROUP_NAME} ${HTTP_FORBIDDEN} |
| 451 | |
| 452 | # Verify LDAP user with ReadOnly privilege not able to do host poweron. |
| 453 | ${LDAP_TYPE} ReadOnly ${GROUP_NAME} ${HTTP_FORBIDDEN} |
| 454 | |
| 455 | # Verify LDAP user with Operator privilege able to do host poweron. |
| 456 | ${LDAP_TYPE} Operator ${GROUP_NAME} ${HTTP_OK} |
| 457 | |
| 458 | # Verify LDAP user with Administrator privilege able to do host poweron. |
| 459 | ${LDAP_TYPE} Administrator ${GROUP_NAME} ${HTTP_OK} |
| 460 | |
| 461 | |
Prashanth Katti | 3dc8cc3 | 2020-03-04 11:11:01 -0600 | [diff] [blame] | 462 | Configure IP Address Via Different User Roles And Verify |
| 463 | [Documentation] Configure IP address via different user roles and verify. |
| 464 | [Tags] Configure_IP_Address_Via_Different_User_Roles_And_Verify |
| 465 | [Teardown] Restore LDAP Privilege |
| 466 | |
| 467 | [Template] Update LDAP User Role And Configure IP Address |
| 468 | # Verify LDAP user with Administrator privilege is able to configure IP address. |
| 469 | ${LDAP_TYPE} Administrator ${GROUP_NAME} ${HTTP_OK} |
| 470 | |
| 471 | # Verify LDAP user with ReadOnly privilege is forbidden to configure IP address. |
| 472 | ${LDAP_TYPE} ReadOnly ${GROUP_NAME} ${HTTP_FORBIDDEN} |
| 473 | |
| 474 | # Verify LDAP user with NoAccess privilege is forbidden to configure IP address. |
Prashanth Katti | 67e0620 | 2020-05-20 06:16:51 -0500 | [diff] [blame] | 475 | ${LDAP_TYPE} NoAccess ${GROUP_NAME} ${HTTP_FORBIDDEN} |
Prashanth Katti | 3dc8cc3 | 2020-03-04 11:11:01 -0600 | [diff] [blame] | 476 | |
| 477 | # Verify LDAP user with Operator privilege is able to configure IP address. |
| 478 | ${LDAP_TYPE} Operator ${GROUP_NAME} ${HTTP_OK} |
| 479 | |
| 480 | |
Prashanth Katti | f90c474 | 2020-03-18 11:08:47 -0500 | [diff] [blame] | 481 | Delete IP Address Via Different User Roles And Verify |
| 482 | [Documentation] Delete IP address via different user roles and verify. |
| 483 | [Tags] Delete_IP_Address_Via_Different_User_Roles_And_Verify |
| 484 | [Teardown] Run Keywords Restore LDAP Privilege AND FFDC On Test Case Fail |
| 485 | |
| 486 | [Template] Update LDAP User Role And Delete IP Address |
| 487 | # Verify LDAP user with Administrator privilege is able to delete IP address. |
| 488 | ${LDAP_TYPE} Administrator ${GROUP_NAME} ${HTTP_OK} |
| 489 | |
| 490 | # Verify LDAP user with ReadOnly privilege is forbidden to delete IP address. |
| 491 | ${LDAP_TYPE} ReadOnly ${GROUP_NAME} ${HTTP_FORBIDDEN} |
| 492 | |
| 493 | # Verify LDAP user with NoAccess privilege is forbidden to delete IP address. |
Prashanth Katti | 67e0620 | 2020-05-20 06:16:51 -0500 | [diff] [blame] | 494 | ${LDAP_TYPE} NoAccess ${GROUP_NAME} ${HTTP_FORBIDDEN} |
Prashanth Katti | f90c474 | 2020-03-18 11:08:47 -0500 | [diff] [blame] | 495 | |
| 496 | # Verify LDAP user with Operator privilege is able to delete IP address. |
| 497 | ${LDAP_TYPE} Operator ${GROUP_NAME} ${HTTP_OK} |
| 498 | |
| 499 | |
Prashanth Katti | 67e0620 | 2020-05-20 06:16:51 -0500 | [diff] [blame] | 500 | Read Network Configuration Via Different User Roles And Verify |
David Shaw | 8e6d4ee | 2020-06-12 10:03:59 -0500 | [diff] [blame] | 501 | [Documentation] Read network configuration via different user roles and verify. |
Prashanth Katti | 67e0620 | 2020-05-20 06:16:51 -0500 | [diff] [blame] | 502 | [Tags] Read_Network_configuration_Via_Different_User_Roles_And_Verify |
| 503 | [Teardown] Restore LDAP Privilege |
| 504 | |
| 505 | [Template] Update LDAP User Role And Read Network Configuration |
| 506 | ${LDAP_TYPE} Administrator ${GROUP_NAME} ${HTTP_OK} |
| 507 | |
| 508 | ${LDAP_TYPE} ReadOnly ${GROUP_NAME} ${HTTP_OK} |
| 509 | |
| 510 | ${LDAP_TYPE} NoAccess ${GROUP_NAME} ${HTTP_FORBIDDEN} |
| 511 | |
| 512 | ${LDAP_TYPE} Operator ${GROUP_NAME} ${HTTP_OK} |
| 513 | |
| 514 | |
Sivas SRR | 7d7bae3 | 2019-05-29 00:31:14 -0500 | [diff] [blame] | 515 | *** Keywords *** |
Sivas SRR | d21c984 | 2019-06-21 05:41:18 -0500 | [diff] [blame] | 516 | |
Sivas SRR | a031d2d | 2019-08-16 07:49:52 -0500 | [diff] [blame] | 517 | Redfish Verify LDAP Login |
| 518 | [Documentation] LDAP user log into BMC. |
Sivas SRR | 6f8ac5d | 2019-08-27 01:09:52 -0500 | [diff] [blame] | 519 | [Arguments] ${valid_status}=${True} |
| 520 | |
| 521 | # Description of argument(s): |
| 522 | # valid_status Expected status of LDAP login ("True" or "False"). |
Sivas SRR | a031d2d | 2019-08-16 07:49:52 -0500 | [diff] [blame] | 523 | |
| 524 | # According to our repo coding rules, Redfish.Login is to be done in Suite |
| 525 | # Setup and Redfish.Logout is to be done in Suite Teardown. For any |
| 526 | # deviation from this rule (such as in this keyword), the deviant code |
| 527 | # must take steps to restore us to our original logged-in state. |
| 528 | |
Sivas SRR | 6f8ac5d | 2019-08-27 01:09:52 -0500 | [diff] [blame] | 529 | ${status}= Run Keyword And Return Status Redfish.Login ${LDAP_USER} |
| 530 | ... ${LDAP_USER_PASSWORD} |
| 531 | Valid Value status [${valid_status}] |
Sivas SRR | a031d2d | 2019-08-16 07:49:52 -0500 | [diff] [blame] | 532 | Redfish.Logout |
| 533 | Redfish.Login |
| 534 | |
| 535 | |
Sivas SRR | e9a4786 | 2019-08-05 07:13:43 -0500 | [diff] [blame] | 536 | Update LDAP Config And Verify Set Host Name |
| 537 | [Documentation] Update LDAP config and verify by attempting to set host name. |
| 538 | [Arguments] ${group_name} ${group_privilege}=Administrator |
| 539 | ... ${valid_status_codes}=[${HTTP_OK}] |
| 540 | |
| 541 | # Description of argument(s): |
| 542 | # group_name The group name of user. |
| 543 | # group_privilege The group privilege ("Administrator", |
| 544 | # "Operator", "User" or "Callback"). |
| 545 | # valid_status_codes Expected return code(s) from patch |
| 546 | # operation (e.g. "200") used to update |
| 547 | # HostName. See prolog of rest_request |
| 548 | # method in redfish_plut.py for details. |
| 549 | Update LDAP Configuration with LDAP User Role And Group ${LDAP_TYPE} |
| 550 | ... ${group_privilege} ${group_name} |
| 551 | Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD} |
| 552 | # Verify that the LDAP user in ${group_name} with the given privilege is |
| 553 | # allowed to change the hostname. |
Anves Kumar rayankula | f853363 | 2021-05-31 02:52:19 -0500 | [diff] [blame] | 554 | Redfish.Patch ${REDFISH_NW_ETH0_URI} body={'HostName': '${hostname}'} |
Sivas SRR | e9a4786 | 2019-08-05 07:13:43 -0500 | [diff] [blame] | 555 | ... valid_status_codes=${valid_status_codes} |
| 556 | Redfish.Logout |
| 557 | Redfish.Login |
| 558 | |
| 559 | |
Sivas SRR | 73379bc | 2019-07-22 10:21:45 -0500 | [diff] [blame] | 560 | Disable Other LDAP |
| 561 | [Documentation] Disable other LDAP configuration. |
| 562 | |
| 563 | # First disable other LDAP. |
| 564 | ${inverse_ldap_type}= Set Variable If '${LDAP_TYPE}' == 'LDAP' ActiveDirectory LDAP |
| 565 | Redfish.Patch ${REDFISH_BASE_URI}AccountService |
| 566 | ... body={'${inverse_ldap_type}': {'ServiceEnabled': ${False}}} |
| 567 | Sleep 15s |
| 568 | |
| 569 | |
Sivas SRR | b1b8575 | 2019-07-04 01:28:28 -0500 | [diff] [blame] | 570 | Create LDAP Configuration |
| 571 | [Documentation] Create LDAP configuration. |
| 572 | [Arguments] ${ldap_type}=${LDAP_TYPE} ${ldap_server_uri}=${LDAP_SERVER_URI} |
| 573 | ... ${ldap_bind_dn}=${LDAP_BIND_DN} ${ldap_bind_dn_password}=${LDAP_BIND_DN_PASSWORD} |
| 574 | ... ${ldap_base_dn}=${LDAP_BASE_DN} |
| 575 | |
| 576 | # Description of argument(s): |
| 577 | # ldap_type The LDAP type ("ActiveDirectory" or "LDAP"). |
| 578 | # ldap_server_uri LDAP server uri (e.g. ldap://XX.XX.XX.XX). |
| 579 | # ldap_bind_dn The LDAP bind distinguished name. |
| 580 | # ldap_bind_dn_password The LDAP bind distinguished name password. |
| 581 | # ldap_base_dn The LDAP base distinguished name. |
| 582 | |
George Keishing | 2d0804e | 2019-12-12 22:27:05 -0600 | [diff] [blame] | 583 | ${body}= Catenate {'${ldap_type}': |
| 584 | ... {'ServiceEnabled': ${True}, |
| 585 | ... 'ServiceAddresses': ['${ldap_server_uri}'], |
| 586 | ... 'Authentication': |
| 587 | ... {'AuthenticationType': 'UsernameAndPassword', |
| 588 | ... 'Username':'${ldap_bind_dn}', |
| 589 | ... 'Password': '${ldap_bind_dn_password}'}, |
| 590 | ... 'LDAPService': |
| 591 | ... {'SearchSettings': |
| 592 | ... {'BaseDistinguishedNames': ['${ldap_base_dn}']}}}} |
| 593 | |
| 594 | Redfish.Patch ${REDFISH_BASE_URI}AccountService body=${body} |
Sivas SRR | b1b8575 | 2019-07-04 01:28:28 -0500 | [diff] [blame] | 595 | Sleep 15s |
Sivas SRR | 73379bc | 2019-07-22 10:21:45 -0500 | [diff] [blame] | 596 | |
| 597 | |
| 598 | Config LDAP URL |
| 599 | [Documentation] Config LDAP URL. |
Prashanth Katti | 7d38a09 | 2020-01-10 06:01:09 -0600 | [diff] [blame] | 600 | [Arguments] ${ldap_server_uri}=${LDAP_SERVER_URI} ${expected_status}=${TRUE} |
Sivas SRR | 73379bc | 2019-07-22 10:21:45 -0500 | [diff] [blame] | 601 | |
| 602 | # Description of argument(s): |
| 603 | # ldap_server_uri LDAP server uri (e.g. "ldap://XX.XX.XX.XX/"). |
| 604 | |
Sivas SRR | b1b8575 | 2019-07-04 01:28:28 -0500 | [diff] [blame] | 605 | Redfish.Patch ${REDFISH_BASE_URI}AccountService |
| 606 | ... body={'${ldap_type}': {'ServiceAddresses': ['${ldap_server_uri}']}} |
| 607 | Sleep 15s |
Sivas SRR | 73379bc | 2019-07-22 10:21:45 -0500 | [diff] [blame] | 608 | # After update, LDAP login. |
Prashanth Katti | 7d38a09 | 2020-01-10 06:01:09 -0600 | [diff] [blame] | 609 | ${status}= Run Keyword And Return Status Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD} |
| 610 | Valid Value status [${expected_status}] |
| 611 | |
Sivas SRR | 73379bc | 2019-07-22 10:21:45 -0500 | [diff] [blame] | 612 | Redfish.Logout |
| 613 | Redfish.Login |
| 614 | |
| 615 | |
| 616 | Restore LDAP URL |
| 617 | [Documentation] Restore LDAP URL. |
| 618 | |
| 619 | # Restoring the working LDAP server uri. |
Sivas SRR | b1b8575 | 2019-07-04 01:28:28 -0500 | [diff] [blame] | 620 | Redfish.Patch ${REDFISH_BASE_URI}AccountService |
Sivas SRR | 73379bc | 2019-07-22 10:21:45 -0500 | [diff] [blame] | 621 | ... body={'${ldap_type}': {'ServiceAddresses': ['${LDAP_SERVER_URI}']}} |
Sivas SRR | b1b8575 | 2019-07-04 01:28:28 -0500 | [diff] [blame] | 622 | Sleep 15s |
| 623 | |
| 624 | |
Sivas SRR | d21c984 | 2019-06-21 05:41:18 -0500 | [diff] [blame] | 625 | Restore AccountLockout Attributes |
| 626 | [Documentation] Restore AccountLockout Attributes. |
Sivas SRR | 73379bc | 2019-07-22 10:21:45 -0500 | [diff] [blame] | 627 | |
Sivas SRR | d21c984 | 2019-06-21 05:41:18 -0500 | [diff] [blame] | 628 | Return From Keyword If &{old_account_service} == &{EMPTY} |
| 629 | Redfish.Patch ${REDFISH_BASE_URI}AccountService |
| 630 | ... body=[('AccountLockoutDuration', ${old_account_service['AccountLockoutDuration']})] |
| 631 | Redfish.Patch ${REDFISH_BASE_URI}AccountService |
| 632 | ... body=[('AccountLockoutDuration', ${old_account_service['AccountLockoutThreshold']})] |
| 633 | |
| 634 | |
Sivas SRR | 7d7bae3 | 2019-05-29 00:31:14 -0500 | [diff] [blame] | 635 | Suite Setup Execution |
| 636 | [Documentation] Do suite setup tasks. |
Sivas SRR | 73379bc | 2019-07-22 10:21:45 -0500 | [diff] [blame] | 637 | |
Michael Walsh | e7edb22 | 2019-08-19 17:39:38 -0500 | [diff] [blame] | 638 | Valid Value LDAP_TYPE valid_values=["ActiveDirectory", "LDAP"] |
| 639 | Valid Value LDAP_USER |
| 640 | Valid Value LDAP_USER_PASSWORD |
| 641 | Valid Value GROUP_PRIVILEGE |
| 642 | Valid Value GROUP_NAME |
| 643 | Valid Value LDAP_SERVER_URI |
| 644 | Valid Value LDAP_BIND_DN_PASSWORD |
| 645 | Valid Value LDAP_BIND_DN |
| 646 | Valid Value LDAP_BASE_DN |
Sivas SRR | e9a4786 | 2019-08-05 07:13:43 -0500 | [diff] [blame] | 647 | |
Sivas SRR | f4ec649 | 2019-06-16 01:59:30 -0500 | [diff] [blame] | 648 | Redfish.Login |
Sivas SRR | 73379bc | 2019-07-22 10:21:45 -0500 | [diff] [blame] | 649 | # Call 'Get LDAP Configuration' to verify that LDAP configuration exists. |
| 650 | Get LDAP Configuration ${LDAP_TYPE} |
Sivas SRR | 939b4b1 | 2019-06-26 00:01:59 -0500 | [diff] [blame] | 651 | ${old_ldap_privilege}= Get LDAP Privilege |
Prashanth Katti | fe79881 | 2020-01-31 07:04:26 -0600 | [diff] [blame] | 652 | Set Suite Variable ${old_ldap_privilege} |
Sivas SRR | cde694c | 2019-09-09 12:20:34 -0500 | [diff] [blame] | 653 | Disable Other LDAP |
Sivas SRR | 873de8e | 2019-09-26 00:37:53 -0500 | [diff] [blame] | 654 | Create LDAP Configuration |
| 655 | ${hostname}= Redfish.Get Attribute ${REDFISH_NW_PROTOCOL_URI} HostName |
Sivas SRR | 7d7bae3 | 2019-05-29 00:31:14 -0500 | [diff] [blame] | 656 | |
| 657 | |
Sivas SRR | 939b4b1 | 2019-06-26 00:01:59 -0500 | [diff] [blame] | 658 | Set Read Privilege And Check Firmware Inventory |
| 659 | [Documentation] Set read privilege and check firmware inventory. |
| 660 | [Arguments] ${read_privilege} |
| 661 | |
| 662 | # Description of argument(s): |
| 663 | # read_privilege The read privilege role (e.g. "User" / "Callback"). |
| 664 | |
| 665 | Update LDAP Configuration with LDAP User Role And Group ${LDAP_TYPE} |
| 666 | ... ${read_privilege} ${GROUP_NAME} |
| 667 | |
| 668 | Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD} |
| 669 | # Verify that the LDAP user with read privilege is able to read inventory. |
| 670 | ${resp}= Redfish.Get /redfish/v1/UpdateService/FirmwareInventory |
| 671 | Should Be True ${resp.dict["Members@odata.count"]} >= ${1} |
| 672 | Length Should Be ${resp.dict["Members"]} ${resp.dict["Members@odata.count"]} |
Sivas SRR | d21c984 | 2019-06-21 05:41:18 -0500 | [diff] [blame] | 673 | Redfish.Logout |
Sivas SRR | 939b4b1 | 2019-06-26 00:01:59 -0500 | [diff] [blame] | 674 | Redfish.Login |
| 675 | |
| 676 | |
| 677 | Set Read Privilege And Check Poweron |
| 678 | [Documentation] Set read privilege and power on should not be possible. |
| 679 | [Arguments] ${read_privilege} |
| 680 | |
| 681 | # Description of argument(s): |
| 682 | # read_privilege The read privilege role (e.g. "User" / "Callback"). |
| 683 | |
| 684 | Update LDAP Configuration with LDAP User Role And Group ${LDAP_TYPE} |
| 685 | ... ${read_privilege} ${GROUP_NAME} |
| 686 | Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD} |
| 687 | Redfish.Post ${REDFISH_POWER_URI} |
| 688 | ... body={'ResetType': 'On'} valid_status_codes=[401, 403] |
| 689 | Redfish.Logout |
| 690 | Redfish.Login |
Sivas SRR | d21c984 | 2019-06-21 05:41:18 -0500 | [diff] [blame] | 691 | |
| 692 | |
Sivas SRR | 7d7bae3 | 2019-05-29 00:31:14 -0500 | [diff] [blame] | 693 | Get LDAP Configuration |
| 694 | [Documentation] Retrieve LDAP Configuration. |
| 695 | [Arguments] ${ldap_type} |
| 696 | |
| 697 | # Description of argument(s): |
| 698 | # ldap_type The LDAP type ("ActiveDirectory" or "LDAP"). |
| 699 | |
| 700 | ${ldap_config}= Redfish.Get Properties ${REDFISH_BASE_URI}AccountService |
| 701 | [Return] ${ldap_config["${ldap_type}"]} |
Sivas SRR | 108f9d3 | 2019-06-03 10:05:34 -0500 | [diff] [blame] | 702 | |
| 703 | |
| 704 | Update LDAP Configuration with LDAP User Role And Group |
| 705 | [Documentation] Update LDAP configuration update with LDAP user Role and group. |
| 706 | [Arguments] ${ldap_type} ${group_privilege} ${group_name} |
| 707 | |
| 708 | # Description of argument(s): |
| 709 | # ldap_type The LDAP type ("ActiveDirectory" or "LDAP"). |
| 710 | # group_privilege The group privilege ("Administrator", "Operator", "User" or "Callback"). |
| 711 | # group_name The group name of user. |
| 712 | |
| 713 | ${local_role_remote_group}= Create Dictionary LocalRole=${group_privilege} RemoteGroup=${group_name} |
| 714 | ${remote_role_mapping}= Create List ${local_role_remote_group} |
| 715 | ${ldap_data}= Create Dictionary RemoteRoleMapping=${remote_role_mapping} |
| 716 | ${payload}= Create Dictionary ${ldap_type}=${ldap_data} |
| 717 | Redfish.Patch ${REDFISH_BASE_URI}AccountService body=&{payload} |
Sivas SRR | 939b4b1 | 2019-06-26 00:01:59 -0500 | [diff] [blame] | 718 | # Provide adequate time for LDAP daemon to restart after the update. |
Sivas SRR | 73379bc | 2019-07-22 10:21:45 -0500 | [diff] [blame] | 719 | Sleep 15s |
Sivas SRR | 108f9d3 | 2019-06-03 10:05:34 -0500 | [diff] [blame] | 720 | |
Sivas SRR | f4ec649 | 2019-06-16 01:59:30 -0500 | [diff] [blame] | 721 | |
| 722 | Get LDAP Privilege |
| 723 | [Documentation] Get LDAP privilege and return it. |
Sivas SRR | 73379bc | 2019-07-22 10:21:45 -0500 | [diff] [blame] | 724 | |
Sivas SRR | f4ec649 | 2019-06-16 01:59:30 -0500 | [diff] [blame] | 725 | ${ldap_config}= Get LDAP Configuration ${LDAP_TYPE} |
Sivas SRR | e9a4786 | 2019-08-05 07:13:43 -0500 | [diff] [blame] | 726 | ${num_list_entries}= Get Length ${ldap_config["RemoteRoleMapping"]} |
| 727 | Return From Keyword If ${num_list_entries} == ${0} @{EMPTY} |
| 728 | |
Sivas SRR | f4ec649 | 2019-06-16 01:59:30 -0500 | [diff] [blame] | 729 | [Return] ${ldap_config["RemoteRoleMapping"][0]["LocalRole"]} |
| 730 | |
| 731 | |
| 732 | Restore LDAP Privilege |
| 733 | [Documentation] Restore the LDAP privilege to its original value. |
Sivas SRR | 73379bc | 2019-07-22 10:21:45 -0500 | [diff] [blame] | 734 | |
Anves Kumar rayankula | 5bf342e | 2020-06-25 08:35:34 -0500 | [diff] [blame] | 735 | Return From Keyword If '${old_ldap_privilege}' == '${EMPTY}' or '${old_ldap_privilege}' == '[]' |
Sivas SRR | 939b4b1 | 2019-06-26 00:01:59 -0500 | [diff] [blame] | 736 | # Log back in to restore the original privilege. |
Sivas SRR | f4ec649 | 2019-06-16 01:59:30 -0500 | [diff] [blame] | 737 | Update LDAP Configuration with LDAP User Role And Group ${LDAP_TYPE} |
| 738 | ... ${old_ldap_privilege} ${GROUP_NAME} |
Prashanth Katti | fe79881 | 2020-01-31 07:04:26 -0600 | [diff] [blame] | 739 | |
| 740 | Sleep 18s |
| 741 | |
| 742 | |
| 743 | Update LDAP User Role And Host Poweroff |
| 744 | [Documentation] Update LDAP user role and do host poweroff. |
| 745 | [Arguments] ${ldap_type} ${group_privilege} ${group_name} ${valid_status_code} |
Prashanth Katti | a4f7929 | 2020-02-20 03:34:01 -0600 | [diff] [blame] | 746 | [Teardown] Run Keywords Redfish.Logout AND Redfish.Login |
Prashanth Katti | fe79881 | 2020-01-31 07:04:26 -0600 | [diff] [blame] | 747 | |
| 748 | # Description of argument(s): |
| 749 | # ldap_type The LDAP type ("ActiveDirectory" or "LDAP"). |
| 750 | # group_privilege The group privilege ("Administrator", "Operator", "ReadOnly" or "NoAccess"). |
| 751 | # group_name The group name of user. |
| 752 | # valid_status_code The expected valid status code. |
| 753 | |
| 754 | Update LDAP Configuration with LDAP User Role And Group ${ldap_type} |
| 755 | ... ${group_privilege} ${group_name} |
| 756 | |
| 757 | Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD} |
| 758 | |
| 759 | Redfish.Post ${REDFISH_POWER_URI} |
| 760 | ... body={'ResetType': 'ForceOff'} valid_status_codes=[${valid_status_code}] |
| 761 | |
Prashanth Katti | a4f7929 | 2020-02-20 03:34:01 -0600 | [diff] [blame] | 762 | |
| 763 | Update LDAP User Role And Host Poweron |
| 764 | [Documentation] Update LDAP user role and do host poweron. |
| 765 | [Arguments] ${ldap_type} ${group_privilege} ${group_name} ${valid_status_code} |
| 766 | [Teardown] Run Keywords Redfish.Logout AND Redfish.Login |
| 767 | |
| 768 | # Description of argument(s): |
| 769 | # ldap_type The LDAP type ("ActiveDirectory" or "LDAP"). |
| 770 | # group_privilege The group privilege ("Administrator", "Operator", "ReadOnly" or "NoAccess"). |
| 771 | # group_name The group name of user. |
| 772 | # valid_status_code The expected valid status code. |
| 773 | |
| 774 | Update LDAP Configuration with LDAP User Role And Group ${ldap_type} |
| 775 | ... ${group_privilege} ${group_name} |
| 776 | |
| 777 | Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD} |
| 778 | |
| 779 | Redfish.Post ${REDFISH_POWER_URI} |
| 780 | ... body={'ResetType': 'On'} valid_status_codes=[${valid_status_code}] |
Prashanth Katti | 3dc8cc3 | 2020-03-04 11:11:01 -0600 | [diff] [blame] | 781 | |
| 782 | |
| 783 | Update LDAP User Role And Configure IP Address |
| 784 | [Documentation] Update LDAP user role and configure IP address. |
| 785 | [Arguments] ${ldap_type} ${group_privilege} ${group_name} ${valid_status_code}=${HTTP_OK} |
| 786 | [Teardown] Run Keywords Redfish.Logout AND Redfish.Login AND Delete IP Address ${test_ip} |
| 787 | |
| 788 | # Description of argument(s): |
| 789 | # ldap_type The LDAP type ("ActiveDirectory" or "LDAP"). |
| 790 | # group_privilege The group privilege ("Administrator", "Operator", "ReadOnly" or "NoAccess"). |
| 791 | # group_name The group name of user. |
| 792 | # valid_status_code The expected valid status code. |
| 793 | |
| 794 | Update LDAP Configuration with LDAP User Role And Group ${ldap_type} |
| 795 | ... ${group_privilege} ${group_name} |
| 796 | |
| 797 | Redfish.Logout |
| 798 | |
| 799 | Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD} |
| 800 | |
Anves Kumar rayankula | 5bf342e | 2020-06-25 08:35:34 -0500 | [diff] [blame] | 801 | ${test_gateway}= Get BMC Default Gateway |
| 802 | |
| 803 | Add IP Address ${test_ip} ${test_mask} ${test_gateway} ${valid_status_code} |
Prashanth Katti | f90c474 | 2020-03-18 11:08:47 -0500 | [diff] [blame] | 804 | |
| 805 | |
| 806 | Update LDAP User Role And Delete IP Address |
| 807 | [Documentation] Update LDAP user role and delete IP address. |
| 808 | [Arguments] ${ldap_type} ${group_privilege} ${group_name} ${valid_status_code}=${HTTP_OK} |
| 809 | [Teardown] Run Keywords Redfish.Logout AND Redfish.Login AND Delete IP Address ${test_ip} |
| 810 | |
| 811 | # Description of argument(s): |
| 812 | # ldap_type The LDAP type ("ActiveDirectory" or "LDAP"). |
| 813 | # group_privilege The group privilege ("Administrator", "Operator", "ReadOnly" or "NoAccess"). |
| 814 | # group_name The group name of user. |
| 815 | # valid_status_code The expected valid status code. |
| 816 | |
Anves Kumar rayankula | 5bf342e | 2020-06-25 08:35:34 -0500 | [diff] [blame] | 817 | ${test_gateway}= Get BMC Default Gateway |
| 818 | |
Prashanth Katti | f90c474 | 2020-03-18 11:08:47 -0500 | [diff] [blame] | 819 | # Configure IP address before deleting via LDAP user roles. |
Anves Kumar rayankula | 5bf342e | 2020-06-25 08:35:34 -0500 | [diff] [blame] | 820 | Add IP Address ${test_ip} ${test_mask} ${test_gateway} |
Prashanth Katti | f90c474 | 2020-03-18 11:08:47 -0500 | [diff] [blame] | 821 | |
| 822 | Update LDAP Configuration with LDAP User Role And Group ${ldap_type} |
| 823 | ... ${group_privilege} ${group_name} |
| 824 | |
| 825 | Redfish.Logout |
| 826 | |
| 827 | Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD} |
| 828 | |
| 829 | Delete IP Address ${test_ip} ${valid_status_code} |
Prashanth Katti | 67e0620 | 2020-05-20 06:16:51 -0500 | [diff] [blame] | 830 | |
| 831 | |
| 832 | Update LDAP User Role And Read Network Configuration |
| 833 | [Documentation] Update LDAP user role and read network configuration. |
| 834 | [Arguments] ${ldap_type} ${group_privilege} ${group_name} ${valid_status_code}=${HTTP_OK} |
| 835 | [Teardown] Run Keywords Redfish.Logout AND Redfish.Login |
| 836 | |
| 837 | # Description of argument(s): |
| 838 | # ldap_type The LDAP type ("ActiveDirectory" or "LDAP"). |
| 839 | # group_privilege The group privilege ("Administrator", "Operator", "ReadOnly" or "NoAccess"). |
| 840 | # group_name The group name of user. |
| 841 | # valid_status_code The expected valid status code. |
| 842 | |
| 843 | Update LDAP Configuration with LDAP User Role And Group ${ldap_type} |
| 844 | ... ${group_privilege} ${group_name} |
| 845 | |
| 846 | Redfish.Logout |
| 847 | |
| 848 | Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD} |
| 849 | Redfish.Get ${REDFISH_NW_ETH0_URI} valid_status_codes=[${valid_status_code}] |
Anves Kumar rayankula | 5bf342e | 2020-06-25 08:35:34 -0500 | [diff] [blame] | 850 | |