blob: d4f50e20e32f9e80da0b96fa24567a7bb0fa436d [file] [log] [blame]
Sivas SRR7d7bae32019-05-29 00:31:14 -05001*** Settings ***
2Documentation Test Redfish LDAP user configuration.
Sivas SRR73379bc2019-07-22 10:21:45 -05003
Sivas SRRd21c9842019-06-21 05:41:18 -05004Library ../../lib/gen_robot_valid.py
Sivas SRR7d7bae32019-05-29 00:31:14 -05005Resource ../../lib/resource.robot
6Resource ../../lib/bmc_redfish_resource.robot
7Resource ../../lib/openbmc_ffdc.robot
Sivas SRRf4ec6492019-06-16 01:59:30 -05008Library ../../lib/gen_robot_valid.py
Prashanth Katti3dc8cc32020-03-04 11:11:01 -06009Resource ../../lib/bmc_network_utils.robot
Sivas SRR7d7bae32019-05-29 00:31:14 -050010
11Suite Setup Suite Setup Execution
Sivas SRR939b4b12019-06-26 00:01:59 -050012Suite Teardown Run Keywords Restore LDAP Privilege AND Redfish.Logout
Sivas SRRf4ec6492019-06-16 01:59:30 -050013Test Teardown FFDC On Test Case Fail
Sivas SRR7d7bae32019-05-29 00:31:14 -050014
Sivas SRR9358b5c2019-06-06 04:57:03 -050015Force Tags LDAP_Test
16
Sivas SRRf4ec6492019-06-16 01:59:30 -050017*** Variables ***
Sivas SRR873de8e2019-09-26 00:37:53 -050018${old_ldap_privilege} ${EMPTY}
Sivas SRRd21c9842019-06-21 05:41:18 -050019&{old_account_service} &{EMPTY}
Sivas SRR873de8e2019-09-26 00:37:53 -050020&{old_ldap_config} &{EMPTY}
21${hostname} ${EMPTY}
Prashanth Katti3dc8cc32020-03-04 11:11:01 -060022${test_ip} 10.6.6.6
23${test_mask} 255.255.255.0
Sivas SRRf4ec6492019-06-16 01:59:30 -050024
Sivas SRR7d7bae32019-05-29 00:31:14 -050025** Test Cases **
26
Sivas SRRb1b85752019-07-04 01:28:28 -050027Verify LDAP Configuration Created
Sivas SRR6f8ac5d2019-08-27 01:09:52 -050028 [Documentation] Verify that LDAP configuration created.
Sivas SRRb1b85752019-07-04 01:28:28 -050029 [Tags] Verify_LDAP_Configuration_Created
30
31 Create LDAP Configuration
32 # Call 'Get LDAP Configuration' to verify that LDAP configuration exists.
33 Get LDAP Configuration ${LDAP_TYPE}
34 Sleep 10s
35 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
36 Redfish.Logout
37 Redfish.Login
38
39
40Verify LDAP Service Disable
Sivas SRR6f8ac5d2019-08-27 01:09:52 -050041 [Documentation] Verify that LDAP is disabled and that LDAP user cannot
42 ... login.
Sivas SRRb1b85752019-07-04 01:28:28 -050043 [Tags] Verify_LDAP_Service_Disable
44
45 Redfish.Patch ${REDFISH_BASE_URI}AccountService
46 ... body={'${LDAP_TYPE}': {'ServiceEnabled': ${False}}}
47 Sleep 15s
48 ${resp}= Run Keyword And Return Status Redfish.Login ${LDAP_USER}
49 ... ${LDAP_USER_PASSWORD}
George Keishing333bb722019-12-11 11:40:49 -060050 Should Be Equal ${resp} ${False}
51 ... msg=LDAP user was able to login even though the LDAP service was disabled.
Sivas SRRb1b85752019-07-04 01:28:28 -050052 Redfish.Logout
53 Redfish.Login
54 # Enabling LDAP so that LDAP user works.
55 Redfish.Patch ${REDFISH_BASE_URI}AccountService
56 ... body={'${LDAP_TYPE}': {'ServiceEnabled': ${True}}}
57 Redfish.Logout
58 Redfish.Login
59
60
Sivas SRR73379bc2019-07-22 10:21:45 -050061Verify LDAP Login With ServiceEnabled
Sivas SRR6f8ac5d2019-08-27 01:09:52 -050062 [Documentation] Verify that LDAP Login with ServiceEnabled.
Sivas SRR73379bc2019-07-22 10:21:45 -050063 [Tags] Verify_LDAP_Login_With_ServiceEnabled
64
65 Disable Other LDAP
66 # Actual service enablement.
67 Redfish.Patch ${REDFISH_BASE_URI}AccountService
68 ... body={'${LDAP_TYPE}': {'ServiceEnabled': ${True}}}
69 Sleep 15s
70 # After update, LDAP login.
71 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
72 Redfish.Logout
73 Redfish.Login
74
75
76Verify LDAP Login With Correct AuthenticationType
Sivas SRR6f8ac5d2019-08-27 01:09:52 -050077 [Documentation] Verify that LDAP Login with right AuthenticationType.
Sivas SRR73379bc2019-07-22 10:21:45 -050078 [Tags] Verify_LDAP_Login_With_Correct_AuthenticationType
79
80 Redfish.Patch ${REDFISH_BASE_URI}AccountService
81 ... body={'${ldap_type}': {'Authentication': {'AuthenticationType':'UsernameAndPassword'}}}
82 Sleep 15s
83 # After update, LDAP login.
84 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
85 Redfish.Logout
86 Redfish.Login
87
88
89Verify LDAP Config Update With Incorrect AuthenticationType
Sivas SRR6f8ac5d2019-08-27 01:09:52 -050090 [Documentation] Verify that invalid AuthenticationType is not updated.
Sivas SRR73379bc2019-07-22 10:21:45 -050091 [Tags] Verify_LDAP_Update_With_Incorrect_AuthenticationType
92
George Keishing2d0804e2019-12-12 22:27:05 -060093 ${body}= Catenate {'${ldap_type}': {'Authentication': {'AuthenticationType':'KerberosKeytab'}}}
Prashanth Katti7d38a092020-01-10 06:01:09 -060094
Sivas SRR73379bc2019-07-22 10:21:45 -050095 Redfish.Patch ${REDFISH_BASE_URI}AccountService
Prashanth Katti7d38a092020-01-10 06:01:09 -060096 ... body=${body} valid_status_codes=[400]
Sivas SRR73379bc2019-07-22 10:21:45 -050097
98
99Verify LDAP Login With Correct LDAP URL
100 [Documentation] Verify LDAP Login with right LDAP URL.
101 [Tags] Verify_LDAP_Login_With_Correct_LDAP_URL
102
103 Config LDAP URL ${LDAP_SERVER_URI}
104
105
106Verify LDAP Config Update With Incorrect LDAP URL
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500107 [Documentation] Verify that LDAP Login fails with invalid LDAP URL.
Sivas SRR73379bc2019-07-22 10:21:45 -0500108 [Tags] Verify_LDAP_Config_Update_With_Incorrect_LDAP_URL
109 [Teardown] Run Keywords Restore LDAP URL AND
110 ... FFDC On Test Case Fail
111
Prashanth Katti7d38a092020-01-10 06:01:09 -0600112 Config LDAP URL ldap://1.2.3.4/ ${FALSE}
Sivas SRR73379bc2019-07-22 10:21:45 -0500113
Sivas SRR7d7bae32019-05-29 00:31:14 -0500114Verify LDAP Configuration Exist
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500115 [Documentation] Verify that LDAP configuration is available.
Sivas SRR7d7bae32019-05-29 00:31:14 -0500116 [Tags] Verify_LDAP_Configuration_Exist
Sivas SRR73379bc2019-07-22 10:21:45 -0500117
Sivas SRR7d7bae32019-05-29 00:31:14 -0500118 ${resp}= Redfish.Get Attribute ${REDFISH_BASE_URI}AccountService
119 ... ${LDAP_TYPE} default=${EMPTY}
120 Should Not Be Empty ${resp} msg=LDAP configuration is not defined.
121
122
123Verify LDAP User Login
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500124 [Documentation] Verify that LDAP user able to login into BMC.
Sivas SRR7d7bae32019-05-29 00:31:14 -0500125 [Tags] Verify_LDAP_User_Login
Sivas SRR73379bc2019-07-22 10:21:45 -0500126
127 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
Sivas SRR939b4b12019-06-26 00:01:59 -0500128 Redfish.Logout
129 Redfish.Login
Sivas SRR7d7bae32019-05-29 00:31:14 -0500130
131
132Verify LDAP Service Available
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500133 [Documentation] Verify that LDAP service is available.
Sivas SRR7d7bae32019-05-29 00:31:14 -0500134 [Tags] Verify_LDAP_Service_Available
Sivas SRR73379bc2019-07-22 10:21:45 -0500135
Sivas SRR7d7bae32019-05-29 00:31:14 -0500136 @{ldap_configuration}= Get LDAP Configuration ${LDAP_TYPE}
137 Should Contain ${ldap_configuration} LDAPService
138 ... msg=LDAPService is not available.
139
140
Sivas SRR108f9d32019-06-03 10:05:34 -0500141Verify LDAP Login Works After BMC Reboot
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500142 [Documentation] Verify that LDAP login works after BMC reboot.
Sivas SRR108f9d32019-06-03 10:05:34 -0500143 [Tags] Verify_LDAP_Login_Works_After_BMC_Reboot
Sivas SRR73379bc2019-07-22 10:21:45 -0500144
Sivas SRR108f9d32019-06-03 10:05:34 -0500145 Redfish OBMC Reboot (off)
146 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
147 Redfish.Logout
Sivas SRR939b4b12019-06-26 00:01:59 -0500148 Redfish.Login
Sivas SRR108f9d32019-06-03 10:05:34 -0500149
150
151Verify LDAP User With Admin Privilege Able To Do BMC Reboot
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500152 [Documentation] Verify that LDAP user with administrator privilege able to do BMC reboot.
Sivas SRR108f9d32019-06-03 10:05:34 -0500153 [Tags] Verify_LDAP_User_With_Admin_Privilege_Able_To_Do_BMC_Reboot
154
Sivas SRR73379bc2019-07-22 10:21:45 -0500155
Sivas SRR108f9d32019-06-03 10:05:34 -0500156 Update LDAP Configuration with LDAP User Role And Group ${LDAP_TYPE}
157 ... ${GROUP_PRIVILEGE} ${GROUP_NAME}
158 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
159 # With LDAP user and with right privilege trying to do BMC reboot.
160 Redfish OBMC Reboot (off)
161 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
162 Redfish.Logout
Sivas SRR939b4b12019-06-26 00:01:59 -0500163 Redfish.Login
Sivas SRR108f9d32019-06-03 10:05:34 -0500164
165
Sivas SRR2b83ec02019-07-12 11:30:20 -0500166Verify LDAP User With Operator Privilege Able To Do Host Poweroff
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500167 [Documentation] Verify that LDAP user with operator privilege can do host
168 ... power off.
Sivas SRR2b83ec02019-07-12 11:30:20 -0500169 [Tags] Verify_LDAP_User_With_Operator_Privilege_Able_To_Do_Host_Poweroff
Sivas SRRf4ec6492019-06-16 01:59:30 -0500170 [Teardown] Restore LDAP Privilege
171
Sivas SRRf4ec6492019-06-16 01:59:30 -0500172 Update LDAP Configuration with LDAP User Role And Group ${LDAP_TYPE}
173 ... Operator ${GROUP_NAME}
Sivas SRRf4ec6492019-06-16 01:59:30 -0500174
Sivas SRRf4ec6492019-06-16 01:59:30 -0500175 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
Sivas SRR2b83ec02019-07-12 11:30:20 -0500176 # Verify that the LDAP user with operator privilege is able to power the system off.
177 Redfish.Post ${REDFISH_POWER_URI}
Sivas SRR3d82b3c2019-07-12 12:20:04 -0500178 ... body={'ResetType': 'ForceOff'} valid_status_codes=[200]
Sivas SRRf4ec6492019-06-16 01:59:30 -0500179 Redfish.Logout
Sivas SRR939b4b12019-06-26 00:01:59 -0500180 Redfish.Login
Sivas SRRf4ec6492019-06-16 01:59:30 -0500181
182
Sivas SRRd21c9842019-06-21 05:41:18 -0500183Verify AccountLockout Attributes Set To Zero
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500184 [Documentation] Verify that attribute AccountLockoutDuration and
Sivas SRRd21c9842019-06-21 05:41:18 -0500185 ... AccountLockoutThreshold are set to 0.
186 [Teardown] Run Keywords Restore AccountLockout Attributes AND
187 ... FFDC On Test Case Fail
188 [Tags] Verify_AccountLockout_Attributes_Set_To_Zero
Sivas SRR73379bc2019-07-22 10:21:45 -0500189
Sivas SRRd21c9842019-06-21 05:41:18 -0500190 ${old_account_service}= Redfish.Get Properties
191 ... ${REDFISH_BASE_URI}AccountService
Michael Walsh39c00512019-07-17 10:54:06 -0500192 Rprint Vars old_account_service
Sivas SRRd21c9842019-06-21 05:41:18 -0500193 Redfish.Patch ${REDFISH_BASE_URI}AccountService
194 ... body=[('AccountLockoutDuration', 0)]
195 Redfish.Patch ${REDFISH_BASE_URI}AccountService
196 ... body=[('AccountLockoutThreshold', 0)]
197
198
Sivas SRR939b4b12019-06-26 00:01:59 -0500199Verify LDAP User With Read Privilege Able To Check Inventory
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500200 [Documentation] Verify that LDAP user with read privilege able to
Sivas SRR939b4b12019-06-26 00:01:59 -0500201 ... read firmware inventory.
202 [Tags] Verify_LDAP_User_With_Read_Privilege_Able_To_Check_Inventory
203 [Teardown] Run Keywords FFDC On Test Case Fail AND Restore LDAP Privilege
204 [Template] Set Read Privilege And Check Firmware Inventory
205
Prashanth Kattiedce4a92020-01-16 07:28:39 -0600206 ReadOnly
Sivas SRR939b4b12019-06-26 00:01:59 -0500207
208
209Verify LDAP User With Read Privilege Should Not Do Host Poweron
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500210 [Documentation] Verify that LDAP user with read privilege should not be
Sivas SRR939b4b12019-06-26 00:01:59 -0500211 ... allowed to power on the host.
212 [Tags] Verify_LDAP_User_With_Read_Privilege_Should_Not_Do_Host_Poweron
213 [Teardown] Run Keywords FFDC On Test Case Fail AND Restore LDAP Privilege
214 [Template] Set Read Privilege And Check Poweron
215
Prashanth Kattiedce4a92020-01-16 07:28:39 -0600216 ReadOnly
Sivas SRR939b4b12019-06-26 00:01:59 -0500217
218
Sivas SRRe9a47862019-08-05 07:13:43 -0500219Update LDAP Group Name And Verify Operations
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500220 [Documentation] Verify that LDAP group name update and able to do right
221 ... operations.
Sivas SRRe9a47862019-08-05 07:13:43 -0500222 [Tags] Update_LDAP_Group_Name_And_Verify_Operations
223 [Template] Update LDAP Config And Verify Set Host Name
224 [Teardown] Restore LDAP Privilege
225
226 # group_name group_privilege valid_status_codes
Anves Kumar rayankula9954c4c2020-07-31 05:49:16 -0500227 ${GROUP_NAME} Administrator [${HTTP_OK}, ${HTTP_NO_CONTENT}]
Sivas SRRe9a47862019-08-05 07:13:43 -0500228 ${GROUP_NAME} Operator [${HTTP_UNAUTHORIZED}, ${HTTP_FORBIDDEN}]
Prashanth Kattiedce4a92020-01-16 07:28:39 -0600229 ${GROUP_NAME} ReadOnly [${HTTP_UNAUTHORIZED}, ${HTTP_FORBIDDEN}]
230 ${GROUP_NAME} NoAccess [${HTTP_UNAUTHORIZED}, ${HTTP_FORBIDDEN}]
Sivas SRRe9a47862019-08-05 07:13:43 -0500231 Invalid_LDAP_Group_Name Administrator [${HTTP_UNAUTHORIZED}, ${HTTP_FORBIDDEN}]
232 Invalid_LDAP_Group_Name Operator [${HTTP_UNAUTHORIZED}, ${HTTP_FORBIDDEN}]
Prashanth Kattiedce4a92020-01-16 07:28:39 -0600233 Invalid_LDAP_Group_Name ReadOnly [${HTTP_UNAUTHORIZED}, ${HTTP_FORBIDDEN}]
234 Invalid_LDAP_Group_Name NoAccess [${HTTP_UNAUTHORIZED}, ${HTTP_FORBIDDEN}]
Sivas SRRe9a47862019-08-05 07:13:43 -0500235
236
Sivas SRRa031d2d2019-08-16 07:49:52 -0500237Verify LDAP BaseDN Update And LDAP Login
238 [Documentation] Update LDAP BaseDN of LDAP configuration and verify
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500239 ... that LDAP login works.
Sivas SRRa031d2d2019-08-16 07:49:52 -0500240 [Tags] Verify_LDAP_BaseDN_Update_And_LDAP_Login
241
242
243 ${body}= Catenate {'${LDAP_TYPE}': { 'LDAPService': {'SearchSettings':
244 ... {'BaseDistinguishedNames': ['${LDAP_BASE_DN}']}}}}
245 Redfish.Patch ${REDFISH_BASE_URI}AccountService body=${body}
246 Sleep 15s
247 Redfish Verify LDAP Login
248
249
250Verify LDAP BindDN Update And LDAP Login
251 [Documentation] Update LDAP BindDN of LDAP configuration and verify
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500252 ... that LDAP login works.
Sivas SRRa031d2d2019-08-16 07:49:52 -0500253 [Tags] Verify_LDAP_BindDN_Update_And_LDAP_Login
254
255 ${body}= Catenate {'${LDAP_TYPE}': { 'Authentication':
256 ... {'AuthenticationType':'UsernameAndPassword', 'Username':
257 ... '${LDAP_BIND_DN}'}}}
258 Redfish.Patch ${REDFISH_BASE_URI}AccountService body=${body}
259 Sleep 15s
260 Redfish Verify LDAP Login
261
262
263Verify LDAP BindDN Password Update And LDAP Login
264 [Documentation] Update LDAP BindDN password of LDAP configuration and
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500265 ... verify that LDAP login works.
Sivas SRRa031d2d2019-08-16 07:49:52 -0500266 [Tags] Verify_LDAP_BindDN_Passsword_Update_And_LDAP_Login
267
268
269 ${body}= Catenate {'${LDAP_TYPE}': { 'Authentication':
270 ... {'AuthenticationType':'UsernameAndPassword', 'Password':
271 ... '${LDAP_BIND_DN_PASSWORD}'}}}
272 Redfish.Patch ${REDFISH_BASE_URI}AccountService body=${body}
273 Sleep 15s
274 Redfish Verify LDAP Login
275
276
277Verify LDAP Type Update And LDAP Login
278 [Documentation] Update LDAP type of LDAP configuration and verify
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500279 ... that LDAP login works.
Sivas SRRa031d2d2019-08-16 07:49:52 -0500280 [Tags] Verify_LDAP_Type_Update_And_LDAP_Login
281
282 Disable Other LDAP
283 Redfish.Patch ${REDFISH_BASE_URI}AccountService
284 ... body={'${LDAP_TYPE}': {'ServiceEnabled': ${True}}}
285 Sleep 15s
286 Redfish Verify LDAP Login
287
288
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500289Verify Authorization With Null Privilege
290 [Documentation] Verify the failure of LDAP authorization with empty
291 ... privilege.
292 [Tags] Verify_LDAP_Authorization_With_Null_Privilege
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500293 [Teardown] Restore LDAP Privilege
294
295 Update LDAP Config And Verify Set Host Name ${GROUP_NAME} ${EMPTY}
296 ... [${HTTP_FORBIDDEN}]
297
298
299Verify Authorization With Invalid Privilege
300 [Documentation] Verify that LDAP user authorization with wrong privilege
301 ... fails.
302 [Tags] Verify_LDAP_Authorization_With_Invalid_Privilege
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500303 [Teardown] Restore LDAP Privilege
304
305 Update LDAP Config And Verify Set Host Name ${GROUP_NAME}
306 ... Invalid_Privilege [${HTTP_FORBIDDEN}]
307
308
309Verify LDAP Login With Invalid Data
310 [Documentation] Verify that LDAP login with Invalid LDAP data and
311 ... right LDAP user fails.
312 [Tags] Verify_LDAP_Login_With_Invalid_Data
313 [Teardown] Run Keywords FFDC On Test Case Fail AND
314 ... Create LDAP Configuration
315
316 Create LDAP Configuration ${LDAP_TYPE} Invalid_LDAP_Server_URI
317 ... Invalid_LDAP_BIND_DN LDAP_BIND_DN_PASSWORD
318 ... Invalid_LDAP_BASE_DN
319 Sleep 15s
320 Redfish Verify LDAP Login ${False}
321
322
323Verify LDAP Config Creation Without BASE_DN
324 [Documentation] Verify that LDAP login with LDAP configuration
325 ... created without BASE_DN fails.
326 [Tags] Verify_LDAP_Config_Creation_Without_BASE_DN
327 [Teardown] Run Keywords FFDC On Test Case Fail AND
328 ... Create LDAP Configuration
329
330 Create LDAP Configuration ${LDAP_TYPE} Invalid_LDAP_Server_URI
331 ... Invalid_LDAP_BIND_DN LDAP_BIND_DN_PASSWORD ${EMPTY}
332 Sleep 15s
333 Redfish Verify LDAP Login ${False}
334
335
336Verify LDAP Authentication Without Password
337 [Documentation] Verify that LDAP user authentication without LDAP
338 ... user password fails.
339 [Tags] Verify_LDAP_Authentication_Without_Password
Anves Kumar rayankula5bf342e2020-06-25 08:35:34 -0500340 [Teardown] Run Keywords Redfish.Logout AND Redfish.Login
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500341
342 ${status}= Run Keyword And Return Status Redfish.Login ${LDAP_USER}
343 Valid Value status [${False}]
344
345
Sivas SRRcde694c2019-09-09 12:20:34 -0500346Verify LDAP Login With Invalid BASE_DN
347 [Documentation] Verify that LDAP login with invalid BASE_DN and
348 ... valid LDAP user fails.
349 [Tags] Verify_LDAP_Login_With_Invalid_BASE_DN
350 [Teardown] Run Keywords FFDC On Test Case Fail AND
351 ... Create LDAP Configuration
352
353 Create LDAP Configuration ${LDAP_TYPE} ${LDAP_SERVER_URI}
354 ... ${LDAP_BIND_DN} ${LDAP_BIND_DN_PASSWORD} Invalid_LDAP_BASE_DN
355 Sleep 15s
356 Redfish Verify LDAP Login ${False}
357
358
359Verify LDAP Login With Invalid BIND_DN_PASSWORD
360 [Documentation] Verify that LDAP login with invalid BIND_DN_PASSWORD and
361 ... valid LDAP user fails.
362 [Tags] Verify_LDAP_Login_With_Invalid_BIND_DN_PASSWORD
363 [Teardown] Run Keywords FFDC On Test Case Fail AND
364 ... Create LDAP Configuration
365
366 Create LDAP Configuration ${LDAP_TYPE} ${LDAP_SERVER_URI}
367 ... ${LDAP_BIND_DN} INVALID_LDAP_BIND_DN_PASSWORD ${LDAP_BASE_DN}
368 Sleep 15s
369 Redfish Verify LDAP Login ${False}
370
371
372Verify LDAP Login With Invalid BASE_DN And Invalid BIND_DN
373 [Documentation] Verify that LDAP login with invalid BASE_DN and invalid
374 ... BIND_DN and valid LDAP user fails.
375 [Tags] Verify_LDAP_Login_With_Invalid_BASE_DN_And_Invalid_BIND_DN
376 [Teardown] Run Keywords FFDC On Test Case Fail AND
377 ... Create LDAP Configuration
378
379 Create LDAP Configuration ${LDAP_TYPE} ${LDAP_SERVER_URI}
380 ... INVALID_LDAP_BIND_DN ${LDAP_BIND_DN_PASSWORD} INVALID_LDAP_BASE_DN
381 Sleep 15s
382 Redfish Verify LDAP Login ${False}
383
384
385Verify Group Name And Group Privilege Able To Modify
386 [Documentation] Verify that LDAP group name and group privilege able to
387 ... modify.
388 [Tags] Verify_Group_Name_And_Group_Privilege_Able_To_Modify
Sivas SRR873de8e2019-09-26 00:37:53 -0500389 [Setup] Update LDAP Configuration with LDAP User Role And Group
Sivas SRRcde694c2019-09-09 12:20:34 -0500390 ... ${LDAP_TYPE} Operator ${GROUP_NAME}
391
392 Update LDAP Configuration with LDAP User Role And Group ${LDAP_TYPE}
393 ... Administrator ${GROUP_NAME}
394
395
396Verify LDAP Login With Invalid BIND_DN
397 [Documentation] Verify that LDAP login with invalid BIND_DN and
398 ... valid LDAP user fails.
399 [Tags] Verify_LDAP_Login_With_Invalid_BIND_DN
400 [Teardown] Run Keywords FFDC On Test Case Fail AND
401 ... Create LDAP Configuration
402
403 Create LDAP Configuration ${LDAP_TYPE} ${LDAP_SERVER_URI}
404 ... Invalid_LDAP_BIND_DN ${LDAP_BIND_DN_PASSWORD} ${LDAP_BASE_DN}
405 Sleep 15s
406 Redfish Verify LDAP Login ${False}
407
408
409Verify LDAP Authentication With Invalid LDAP User
410 [Documentation] Verify that LDAP user authentication for user not exist
411 ... in LDAP server and fails.
412 [Tags] Verify_LDAP_Authentication_With_Invalid_LDAP_User
Anves Kumar rayankula9954c4c2020-07-31 05:49:16 -0500413 [Teardown] Run Keywords Redfish.Logout AND Redfish.Login
Sivas SRRcde694c2019-09-09 12:20:34 -0500414
415 ${status}= Run Keyword And Return Status Redfish.Login INVALID_LDAP_USER
416 ... ${LDAP_USER_PASSWORD}
417 Valid Value status [${False}]
418
419
Prashanth Kattife798812020-01-31 07:04:26 -0600420Update LDAP User Roles And Verify Host Poweroff Operation
421 [Documentation] Update LDAP user roles and verify host poweroff operation.
422 [Tags] Update_LDAP_User_Roles_And_Verify_Host_Poweroff_Operation
423 [Teardown] Restore LDAP Privilege
424
425 [Template] Update LDAP User Role And Host Poweroff
426 # ldap_type group_privilege group_name valid_status_codes
427
428 # Verify LDAP user with NoAccess privilege not able to do host poweroff.
429 ${LDAP_TYPE} NoAccess ${GROUP_NAME} ${HTTP_FORBIDDEN}
430
431 # Verify LDAP user with ReadOnly privilege not able to do host poweroff.
432 ${LDAP_TYPE} ReadOnly ${GROUP_NAME} ${HTTP_FORBIDDEN}
433
434 # Verify LDAP user with Operator privilege able to do host poweroff.
435 ${LDAP_TYPE} Operator ${GROUP_NAME} ${HTTP_OK}
436
437 # Verify LDAP user with Administrator privilege able to do host poweroff.
438 ${LDAP_TYPE} Administrator ${GROUP_NAME} ${HTTP_OK}
439
440
Prashanth Kattia4f79292020-02-20 03:34:01 -0600441Update LDAP User Roles And Verify Host Poweron Operation
442 [Documentation] Update LDAP user roles and verify host poweron operation.
443 [Tags] Update_LDAP_User_Roles_And_Verify_Host_Poweron_Operation
444 [Teardown] Restore LDAP Privilege
445
446 [Template] Update LDAP User Role And Host Poweron
447 # ldap_type group_privilege group_name valid_status_codes
448
449 # Verify LDAP user with NoAccess privilege not able to do host poweron.
450 ${LDAP_TYPE} NoAccess ${GROUP_NAME} ${HTTP_FORBIDDEN}
451
452 # Verify LDAP user with ReadOnly privilege not able to do host poweron.
453 ${LDAP_TYPE} ReadOnly ${GROUP_NAME} ${HTTP_FORBIDDEN}
454
455 # Verify LDAP user with Operator privilege able to do host poweron.
456 ${LDAP_TYPE} Operator ${GROUP_NAME} ${HTTP_OK}
457
458 # Verify LDAP user with Administrator privilege able to do host poweron.
459 ${LDAP_TYPE} Administrator ${GROUP_NAME} ${HTTP_OK}
460
461
Prashanth Katti3dc8cc32020-03-04 11:11:01 -0600462Configure IP Address Via Different User Roles And Verify
463 [Documentation] Configure IP address via different user roles and verify.
464 [Tags] Configure_IP_Address_Via_Different_User_Roles_And_Verify
465 [Teardown] Restore LDAP Privilege
466
467 [Template] Update LDAP User Role And Configure IP Address
468 # Verify LDAP user with Administrator privilege is able to configure IP address.
469 ${LDAP_TYPE} Administrator ${GROUP_NAME} ${HTTP_OK}
470
471 # Verify LDAP user with ReadOnly privilege is forbidden to configure IP address.
472 ${LDAP_TYPE} ReadOnly ${GROUP_NAME} ${HTTP_FORBIDDEN}
473
474 # Verify LDAP user with NoAccess privilege is forbidden to configure IP address.
Prashanth Katti67e06202020-05-20 06:16:51 -0500475 ${LDAP_TYPE} NoAccess ${GROUP_NAME} ${HTTP_FORBIDDEN}
Prashanth Katti3dc8cc32020-03-04 11:11:01 -0600476
477 # Verify LDAP user with Operator privilege is able to configure IP address.
478 ${LDAP_TYPE} Operator ${GROUP_NAME} ${HTTP_OK}
479
480
Prashanth Kattif90c4742020-03-18 11:08:47 -0500481Delete IP Address Via Different User Roles And Verify
482 [Documentation] Delete IP address via different user roles and verify.
483 [Tags] Delete_IP_Address_Via_Different_User_Roles_And_Verify
484 [Teardown] Run Keywords Restore LDAP Privilege AND FFDC On Test Case Fail
485
486 [Template] Update LDAP User Role And Delete IP Address
487 # Verify LDAP user with Administrator privilege is able to delete IP address.
488 ${LDAP_TYPE} Administrator ${GROUP_NAME} ${HTTP_OK}
489
490 # Verify LDAP user with ReadOnly privilege is forbidden to delete IP address.
491 ${LDAP_TYPE} ReadOnly ${GROUP_NAME} ${HTTP_FORBIDDEN}
492
493 # Verify LDAP user with NoAccess privilege is forbidden to delete IP address.
Prashanth Katti67e06202020-05-20 06:16:51 -0500494 ${LDAP_TYPE} NoAccess ${GROUP_NAME} ${HTTP_FORBIDDEN}
Prashanth Kattif90c4742020-03-18 11:08:47 -0500495
496 # Verify LDAP user with Operator privilege is able to delete IP address.
497 ${LDAP_TYPE} Operator ${GROUP_NAME} ${HTTP_OK}
498
499
Prashanth Katti67e06202020-05-20 06:16:51 -0500500Read Network Configuration Via Different User Roles And Verify
David Shaw8e6d4ee2020-06-12 10:03:59 -0500501 [Documentation] Read network configuration via different user roles and verify.
Prashanth Katti67e06202020-05-20 06:16:51 -0500502 [Tags] Read_Network_configuration_Via_Different_User_Roles_And_Verify
503 [Teardown] Restore LDAP Privilege
504
505 [Template] Update LDAP User Role And Read Network Configuration
506 ${LDAP_TYPE} Administrator ${GROUP_NAME} ${HTTP_OK}
507
508 ${LDAP_TYPE} ReadOnly ${GROUP_NAME} ${HTTP_OK}
509
510 ${LDAP_TYPE} NoAccess ${GROUP_NAME} ${HTTP_FORBIDDEN}
511
512 ${LDAP_TYPE} Operator ${GROUP_NAME} ${HTTP_OK}
513
514
Sivas SRR7d7bae32019-05-29 00:31:14 -0500515*** Keywords ***
Sivas SRRd21c9842019-06-21 05:41:18 -0500516
Sivas SRRa031d2d2019-08-16 07:49:52 -0500517Redfish Verify LDAP Login
518 [Documentation] LDAP user log into BMC.
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500519 [Arguments] ${valid_status}=${True}
520
521 # Description of argument(s):
522 # valid_status Expected status of LDAP login ("True" or "False").
Sivas SRRa031d2d2019-08-16 07:49:52 -0500523
524 # According to our repo coding rules, Redfish.Login is to be done in Suite
525 # Setup and Redfish.Logout is to be done in Suite Teardown. For any
526 # deviation from this rule (such as in this keyword), the deviant code
527 # must take steps to restore us to our original logged-in state.
528
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500529 ${status}= Run Keyword And Return Status Redfish.Login ${LDAP_USER}
530 ... ${LDAP_USER_PASSWORD}
531 Valid Value status [${valid_status}]
Sivas SRRa031d2d2019-08-16 07:49:52 -0500532 Redfish.Logout
533 Redfish.Login
534
535
Sivas SRRe9a47862019-08-05 07:13:43 -0500536Update LDAP Config And Verify Set Host Name
537 [Documentation] Update LDAP config and verify by attempting to set host name.
538 [Arguments] ${group_name} ${group_privilege}=Administrator
539 ... ${valid_status_codes}=[${HTTP_OK}]
540
541 # Description of argument(s):
542 # group_name The group name of user.
543 # group_privilege The group privilege ("Administrator",
544 # "Operator", "User" or "Callback").
545 # valid_status_codes Expected return code(s) from patch
546 # operation (e.g. "200") used to update
547 # HostName. See prolog of rest_request
548 # method in redfish_plut.py for details.
549 Update LDAP Configuration with LDAP User Role And Group ${LDAP_TYPE}
550 ... ${group_privilege} ${group_name}
551 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
552 # Verify that the LDAP user in ${group_name} with the given privilege is
553 # allowed to change the hostname.
Anves Kumar rayankulaf8533632021-05-31 02:52:19 -0500554 Redfish.Patch ${REDFISH_NW_ETH0_URI} body={'HostName': '${hostname}'}
Sivas SRRe9a47862019-08-05 07:13:43 -0500555 ... valid_status_codes=${valid_status_codes}
556 Redfish.Logout
557 Redfish.Login
558
559
Sivas SRR73379bc2019-07-22 10:21:45 -0500560Disable Other LDAP
561 [Documentation] Disable other LDAP configuration.
562
563 # First disable other LDAP.
564 ${inverse_ldap_type}= Set Variable If '${LDAP_TYPE}' == 'LDAP' ActiveDirectory LDAP
565 Redfish.Patch ${REDFISH_BASE_URI}AccountService
566 ... body={'${inverse_ldap_type}': {'ServiceEnabled': ${False}}}
567 Sleep 15s
568
569
Sivas SRRb1b85752019-07-04 01:28:28 -0500570Create LDAP Configuration
571 [Documentation] Create LDAP configuration.
572 [Arguments] ${ldap_type}=${LDAP_TYPE} ${ldap_server_uri}=${LDAP_SERVER_URI}
573 ... ${ldap_bind_dn}=${LDAP_BIND_DN} ${ldap_bind_dn_password}=${LDAP_BIND_DN_PASSWORD}
574 ... ${ldap_base_dn}=${LDAP_BASE_DN}
575
576 # Description of argument(s):
577 # ldap_type The LDAP type ("ActiveDirectory" or "LDAP").
578 # ldap_server_uri LDAP server uri (e.g. ldap://XX.XX.XX.XX).
579 # ldap_bind_dn The LDAP bind distinguished name.
580 # ldap_bind_dn_password The LDAP bind distinguished name password.
581 # ldap_base_dn The LDAP base distinguished name.
582
George Keishing2d0804e2019-12-12 22:27:05 -0600583 ${body}= Catenate {'${ldap_type}':
584 ... {'ServiceEnabled': ${True},
585 ... 'ServiceAddresses': ['${ldap_server_uri}'],
586 ... 'Authentication':
587 ... {'AuthenticationType': 'UsernameAndPassword',
588 ... 'Username':'${ldap_bind_dn}',
589 ... 'Password': '${ldap_bind_dn_password}'},
590 ... 'LDAPService':
591 ... {'SearchSettings':
592 ... {'BaseDistinguishedNames': ['${ldap_base_dn}']}}}}
593
594 Redfish.Patch ${REDFISH_BASE_URI}AccountService body=${body}
Sivas SRRb1b85752019-07-04 01:28:28 -0500595 Sleep 15s
Sivas SRR73379bc2019-07-22 10:21:45 -0500596
597
598Config LDAP URL
599 [Documentation] Config LDAP URL.
Prashanth Katti7d38a092020-01-10 06:01:09 -0600600 [Arguments] ${ldap_server_uri}=${LDAP_SERVER_URI} ${expected_status}=${TRUE}
Sivas SRR73379bc2019-07-22 10:21:45 -0500601
602 # Description of argument(s):
603 # ldap_server_uri LDAP server uri (e.g. "ldap://XX.XX.XX.XX/").
604
Sivas SRRb1b85752019-07-04 01:28:28 -0500605 Redfish.Patch ${REDFISH_BASE_URI}AccountService
606 ... body={'${ldap_type}': {'ServiceAddresses': ['${ldap_server_uri}']}}
607 Sleep 15s
Sivas SRR73379bc2019-07-22 10:21:45 -0500608 # After update, LDAP login.
Prashanth Katti7d38a092020-01-10 06:01:09 -0600609 ${status}= Run Keyword And Return Status Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
610 Valid Value status [${expected_status}]
611
Sivas SRR73379bc2019-07-22 10:21:45 -0500612 Redfish.Logout
613 Redfish.Login
614
615
616Restore LDAP URL
617 [Documentation] Restore LDAP URL.
618
619 # Restoring the working LDAP server uri.
Sivas SRRb1b85752019-07-04 01:28:28 -0500620 Redfish.Patch ${REDFISH_BASE_URI}AccountService
Sivas SRR73379bc2019-07-22 10:21:45 -0500621 ... body={'${ldap_type}': {'ServiceAddresses': ['${LDAP_SERVER_URI}']}}
Sivas SRRb1b85752019-07-04 01:28:28 -0500622 Sleep 15s
623
624
Sivas SRRd21c9842019-06-21 05:41:18 -0500625Restore AccountLockout Attributes
626 [Documentation] Restore AccountLockout Attributes.
Sivas SRR73379bc2019-07-22 10:21:45 -0500627
Sivas SRRd21c9842019-06-21 05:41:18 -0500628 Return From Keyword If &{old_account_service} == &{EMPTY}
629 Redfish.Patch ${REDFISH_BASE_URI}AccountService
630 ... body=[('AccountLockoutDuration', ${old_account_service['AccountLockoutDuration']})]
631 Redfish.Patch ${REDFISH_BASE_URI}AccountService
632 ... body=[('AccountLockoutDuration', ${old_account_service['AccountLockoutThreshold']})]
633
634
Sivas SRR7d7bae32019-05-29 00:31:14 -0500635Suite Setup Execution
636 [Documentation] Do suite setup tasks.
Sivas SRR73379bc2019-07-22 10:21:45 -0500637
Michael Walshe7edb222019-08-19 17:39:38 -0500638 Valid Value LDAP_TYPE valid_values=["ActiveDirectory", "LDAP"]
639 Valid Value LDAP_USER
640 Valid Value LDAP_USER_PASSWORD
641 Valid Value GROUP_PRIVILEGE
642 Valid Value GROUP_NAME
643 Valid Value LDAP_SERVER_URI
644 Valid Value LDAP_BIND_DN_PASSWORD
645 Valid Value LDAP_BIND_DN
646 Valid Value LDAP_BASE_DN
Sivas SRRe9a47862019-08-05 07:13:43 -0500647
Sivas SRRf4ec6492019-06-16 01:59:30 -0500648 Redfish.Login
Sivas SRR73379bc2019-07-22 10:21:45 -0500649 # Call 'Get LDAP Configuration' to verify that LDAP configuration exists.
650 Get LDAP Configuration ${LDAP_TYPE}
Sivas SRR939b4b12019-06-26 00:01:59 -0500651 ${old_ldap_privilege}= Get LDAP Privilege
Prashanth Kattife798812020-01-31 07:04:26 -0600652 Set Suite Variable ${old_ldap_privilege}
Sivas SRRcde694c2019-09-09 12:20:34 -0500653 Disable Other LDAP
Sivas SRR873de8e2019-09-26 00:37:53 -0500654 Create LDAP Configuration
655 ${hostname}= Redfish.Get Attribute ${REDFISH_NW_PROTOCOL_URI} HostName
Sivas SRR7d7bae32019-05-29 00:31:14 -0500656
657
Sivas SRR939b4b12019-06-26 00:01:59 -0500658Set Read Privilege And Check Firmware Inventory
659 [Documentation] Set read privilege and check firmware inventory.
660 [Arguments] ${read_privilege}
661
662 # Description of argument(s):
663 # read_privilege The read privilege role (e.g. "User" / "Callback").
664
665 Update LDAP Configuration with LDAP User Role And Group ${LDAP_TYPE}
666 ... ${read_privilege} ${GROUP_NAME}
667
668 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
669 # Verify that the LDAP user with read privilege is able to read inventory.
670 ${resp}= Redfish.Get /redfish/v1/UpdateService/FirmwareInventory
671 Should Be True ${resp.dict["Members@odata.count"]} >= ${1}
672 Length Should Be ${resp.dict["Members"]} ${resp.dict["Members@odata.count"]}
Sivas SRRd21c9842019-06-21 05:41:18 -0500673 Redfish.Logout
Sivas SRR939b4b12019-06-26 00:01:59 -0500674 Redfish.Login
675
676
677Set Read Privilege And Check Poweron
678 [Documentation] Set read privilege and power on should not be possible.
679 [Arguments] ${read_privilege}
680
681 # Description of argument(s):
682 # read_privilege The read privilege role (e.g. "User" / "Callback").
683
684 Update LDAP Configuration with LDAP User Role And Group ${LDAP_TYPE}
685 ... ${read_privilege} ${GROUP_NAME}
686 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
687 Redfish.Post ${REDFISH_POWER_URI}
688 ... body={'ResetType': 'On'} valid_status_codes=[401, 403]
689 Redfish.Logout
690 Redfish.Login
Sivas SRRd21c9842019-06-21 05:41:18 -0500691
692
Sivas SRR7d7bae32019-05-29 00:31:14 -0500693Get LDAP Configuration
694 [Documentation] Retrieve LDAP Configuration.
695 [Arguments] ${ldap_type}
696
697 # Description of argument(s):
698 # ldap_type The LDAP type ("ActiveDirectory" or "LDAP").
699
700 ${ldap_config}= Redfish.Get Properties ${REDFISH_BASE_URI}AccountService
701 [Return] ${ldap_config["${ldap_type}"]}
Sivas SRR108f9d32019-06-03 10:05:34 -0500702
703
704Update LDAP Configuration with LDAP User Role And Group
705 [Documentation] Update LDAP configuration update with LDAP user Role and group.
706 [Arguments] ${ldap_type} ${group_privilege} ${group_name}
707
708 # Description of argument(s):
709 # ldap_type The LDAP type ("ActiveDirectory" or "LDAP").
710 # group_privilege The group privilege ("Administrator", "Operator", "User" or "Callback").
711 # group_name The group name of user.
712
713 ${local_role_remote_group}= Create Dictionary LocalRole=${group_privilege} RemoteGroup=${group_name}
714 ${remote_role_mapping}= Create List ${local_role_remote_group}
715 ${ldap_data}= Create Dictionary RemoteRoleMapping=${remote_role_mapping}
716 ${payload}= Create Dictionary ${ldap_type}=${ldap_data}
717 Redfish.Patch ${REDFISH_BASE_URI}AccountService body=&{payload}
Sivas SRR939b4b12019-06-26 00:01:59 -0500718 # Provide adequate time for LDAP daemon to restart after the update.
Sivas SRR73379bc2019-07-22 10:21:45 -0500719 Sleep 15s
Sivas SRR108f9d32019-06-03 10:05:34 -0500720
Sivas SRRf4ec6492019-06-16 01:59:30 -0500721
722Get LDAP Privilege
723 [Documentation] Get LDAP privilege and return it.
Sivas SRR73379bc2019-07-22 10:21:45 -0500724
Sivas SRRf4ec6492019-06-16 01:59:30 -0500725 ${ldap_config}= Get LDAP Configuration ${LDAP_TYPE}
Sivas SRRe9a47862019-08-05 07:13:43 -0500726 ${num_list_entries}= Get Length ${ldap_config["RemoteRoleMapping"]}
727 Return From Keyword If ${num_list_entries} == ${0} @{EMPTY}
728
Sivas SRRf4ec6492019-06-16 01:59:30 -0500729 [Return] ${ldap_config["RemoteRoleMapping"][0]["LocalRole"]}
730
731
732Restore LDAP Privilege
733 [Documentation] Restore the LDAP privilege to its original value.
Sivas SRR73379bc2019-07-22 10:21:45 -0500734
Anves Kumar rayankula5bf342e2020-06-25 08:35:34 -0500735 Return From Keyword If '${old_ldap_privilege}' == '${EMPTY}' or '${old_ldap_privilege}' == '[]'
Sivas SRR939b4b12019-06-26 00:01:59 -0500736 # Log back in to restore the original privilege.
Sivas SRRf4ec6492019-06-16 01:59:30 -0500737 Update LDAP Configuration with LDAP User Role And Group ${LDAP_TYPE}
738 ... ${old_ldap_privilege} ${GROUP_NAME}
Prashanth Kattife798812020-01-31 07:04:26 -0600739
740 Sleep 18s
741
742
743Update LDAP User Role And Host Poweroff
744 [Documentation] Update LDAP user role and do host poweroff.
745 [Arguments] ${ldap_type} ${group_privilege} ${group_name} ${valid_status_code}
Prashanth Kattia4f79292020-02-20 03:34:01 -0600746 [Teardown] Run Keywords Redfish.Logout AND Redfish.Login
Prashanth Kattife798812020-01-31 07:04:26 -0600747
748 # Description of argument(s):
749 # ldap_type The LDAP type ("ActiveDirectory" or "LDAP").
750 # group_privilege The group privilege ("Administrator", "Operator", "ReadOnly" or "NoAccess").
751 # group_name The group name of user.
752 # valid_status_code The expected valid status code.
753
754 Update LDAP Configuration with LDAP User Role And Group ${ldap_type}
755 ... ${group_privilege} ${group_name}
756
757 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
758
759 Redfish.Post ${REDFISH_POWER_URI}
760 ... body={'ResetType': 'ForceOff'} valid_status_codes=[${valid_status_code}]
761
Prashanth Kattia4f79292020-02-20 03:34:01 -0600762
763Update LDAP User Role And Host Poweron
764 [Documentation] Update LDAP user role and do host poweron.
765 [Arguments] ${ldap_type} ${group_privilege} ${group_name} ${valid_status_code}
766 [Teardown] Run Keywords Redfish.Logout AND Redfish.Login
767
768 # Description of argument(s):
769 # ldap_type The LDAP type ("ActiveDirectory" or "LDAP").
770 # group_privilege The group privilege ("Administrator", "Operator", "ReadOnly" or "NoAccess").
771 # group_name The group name of user.
772 # valid_status_code The expected valid status code.
773
774 Update LDAP Configuration with LDAP User Role And Group ${ldap_type}
775 ... ${group_privilege} ${group_name}
776
777 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
778
779 Redfish.Post ${REDFISH_POWER_URI}
780 ... body={'ResetType': 'On'} valid_status_codes=[${valid_status_code}]
Prashanth Katti3dc8cc32020-03-04 11:11:01 -0600781
782
783Update LDAP User Role And Configure IP Address
784 [Documentation] Update LDAP user role and configure IP address.
785 [Arguments] ${ldap_type} ${group_privilege} ${group_name} ${valid_status_code}=${HTTP_OK}
786 [Teardown] Run Keywords Redfish.Logout AND Redfish.Login AND Delete IP Address ${test_ip}
787
788 # Description of argument(s):
789 # ldap_type The LDAP type ("ActiveDirectory" or "LDAP").
790 # group_privilege The group privilege ("Administrator", "Operator", "ReadOnly" or "NoAccess").
791 # group_name The group name of user.
792 # valid_status_code The expected valid status code.
793
794 Update LDAP Configuration with LDAP User Role And Group ${ldap_type}
795 ... ${group_privilege} ${group_name}
796
797 Redfish.Logout
798
799 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
800
Anves Kumar rayankula5bf342e2020-06-25 08:35:34 -0500801 ${test_gateway}= Get BMC Default Gateway
802
803 Add IP Address ${test_ip} ${test_mask} ${test_gateway} ${valid_status_code}
Prashanth Kattif90c4742020-03-18 11:08:47 -0500804
805
806Update LDAP User Role And Delete IP Address
807 [Documentation] Update LDAP user role and delete IP address.
808 [Arguments] ${ldap_type} ${group_privilege} ${group_name} ${valid_status_code}=${HTTP_OK}
809 [Teardown] Run Keywords Redfish.Logout AND Redfish.Login AND Delete IP Address ${test_ip}
810
811 # Description of argument(s):
812 # ldap_type The LDAP type ("ActiveDirectory" or "LDAP").
813 # group_privilege The group privilege ("Administrator", "Operator", "ReadOnly" or "NoAccess").
814 # group_name The group name of user.
815 # valid_status_code The expected valid status code.
816
Anves Kumar rayankula5bf342e2020-06-25 08:35:34 -0500817 ${test_gateway}= Get BMC Default Gateway
818
Prashanth Kattif90c4742020-03-18 11:08:47 -0500819 # Configure IP address before deleting via LDAP user roles.
Anves Kumar rayankula5bf342e2020-06-25 08:35:34 -0500820 Add IP Address ${test_ip} ${test_mask} ${test_gateway}
Prashanth Kattif90c4742020-03-18 11:08:47 -0500821
822 Update LDAP Configuration with LDAP User Role And Group ${ldap_type}
823 ... ${group_privilege} ${group_name}
824
825 Redfish.Logout
826
827 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
828
829 Delete IP Address ${test_ip} ${valid_status_code}
Prashanth Katti67e06202020-05-20 06:16:51 -0500830
831
832Update LDAP User Role And Read Network Configuration
833 [Documentation] Update LDAP user role and read network configuration.
834 [Arguments] ${ldap_type} ${group_privilege} ${group_name} ${valid_status_code}=${HTTP_OK}
835 [Teardown] Run Keywords Redfish.Logout AND Redfish.Login
836
837 # Description of argument(s):
838 # ldap_type The LDAP type ("ActiveDirectory" or "LDAP").
839 # group_privilege The group privilege ("Administrator", "Operator", "ReadOnly" or "NoAccess").
840 # group_name The group name of user.
841 # valid_status_code The expected valid status code.
842
843 Update LDAP Configuration with LDAP User Role And Group ${ldap_type}
844 ... ${group_privilege} ${group_name}
845
846 Redfish.Logout
847
848 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
849 Redfish.Get ${REDFISH_NW_ETH0_URI} valid_status_codes=[${valid_status_code}]
Anves Kumar rayankula5bf342e2020-06-25 08:35:34 -0500850