Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / openbmc-test-automation / b9f2bd2f235f7cb2a2648f0488b1c3381b6f2ff2 / . / lib / user_utils.robot
blob: 3f02ad15daad78e5a552ce77c4baf1e80edd6c5a [file] [log] [blame]
Sivas SRR1d3e4be2018-11-20 07:35:50 -0600[diff] [blame]1*** Settings ***
2Documentation OpenBMC user management keywords.
3
4Resource ../lib/rest_client.robot
Sivas SRR1d3e4be2018-11-20 07:35:50 -0600[diff] [blame]5Resource ../lib/utils.robot
6Library SSHLibrary
7
Sivas SRR1d3e4be2018-11-20 07:35:50 -0600[diff] [blame]8*** Keywords ***
9
Sivas SRR1d3e4be2018-11-20 07:35:50 -0600[diff] [blame]10Create Group And Privilege
11 [Documentation] Create group and privilege for users.
12 [Arguments] ${user_group} ${user_privilege}
13
14 # Description of argument(s):
Sivas SRR396cf142018-12-04 07:06:27 -0600[diff] [blame]15 # user_group User group.
Sivas SRR1d3e4be2018-11-20 07:35:50 -0600[diff] [blame]16 # user_privilege User privilege like priv-admin, priv-user.
17
18 @{ldap_parm_list}= Create List ${user_group} ${user_privilege}
19
20 ${data}= Create Dictionary data=@{ldap_parm_list}
21
22 ${resp}= OpenBMC Post Request
23 ... ${BMC_USER_URI}ldap/action/Create data=${data}
24 Should Be Equal As Strings ${resp.status_code} ${HTTP_OK}
25 ... msg=Updating the new root password failed. RC=${resp.status_code}.
26
27
28Create Privilege
29 [Documentation] Create privilege as priv-admin.
30 [Arguments] ${user_privilege}
31
Sivas SRR396cf142018-12-04 07:06:27 -0600[diff] [blame]32 Create Group And Privilege ${group_name}=${GROUP_NAME} ${user_privilege}
Sivas SRR1d3e4be2018-11-20 07:35:50 -0600[diff] [blame]33 ${bmc_user_uris}= Read Properties ${BMC_USER_URI}ldap/enumerate
34 # Sample output:
35 # "data": {
36 # "/xyz/openbmc_project/user/ldap/13": {
37 # "GroupName": "redfish",
38 # "Privilege": "priv-admin"
39 # },
40 # "/xyz/openbmc_project/user/ldap/15": {
41 # "GroupName": "openldapgroup",
42 # "Privilege": "priv-admin"
43 # },
44 # "/xyz/openbmc_project/user/ldap/config": {
45 # "LDAPBaseDN": "dc=ldap,dc=com",
46 # "LDAPBindDN": "cn=Administrator,dc=ldap,dc=com",
47 # "LDAPSearchScope": "xyz.openbmc_project.User.Ldap.Config.SearchScope.sub",
Steven Sombar217402f2019-02-19 13:16:25 -0600[diff] [blame]48 # "LDAPServerURI": "ldaps://xxx.xxx.xxx.xxx/",
Sivas SRR1d3e4be2018-11-20 07:35:50 -0600[diff] [blame]49 # "LDAPType": "xyz.openbmc_project.User.Ldap.Config.Type.OpenLdap"
50 # }
51 #}
52
53 ${bmc_user_uris}= Convert To String ${bmc_user_uris}
54 Should Contain ${bmc_user_uris} ${user_privilege}
55 ... msg=Could not create ${user_privilege} privilege.
56
57
58Suite Setup Execution
59 [Documentation] Do the initial suite setup.
60
61 # Validating external user parameters.
62 Should Not Be Empty ${LDAP_SERVER_URI}
63 Should Not Be Empty ${LDAP_BIND_DN}
64 Should Not Be Empty ${LDAP_BASE_DN}
65 Should Not Be Empty ${LDAP_BIND_DN_PASSWORD}
66 Should Not Be Empty ${LDAP_SEARCH_SCOPE}
67 Should Not Be Empty ${LDAP_SERVER_TYPE}
68
69Check LDAP Service Running
70 [Documentation] Check LDAP service running in BMC.
71
72 BMC Execute Command systemctl | grep -in ldap
73
74
75Configure LDAP Server On BMC
76 [Documentation] Configure LDAP Server On BMC.
77
78 @{ldap_parm_list}= Create List
79 ... ${LDAP_SERVER_URI} ${LDAP_BIND_DN}
80 ... ${LDAP_BASE_DN} ${LDAP_BIND_DN_PASSWORD} ${LDAP_SEARCH_SCOPE}
81 ... ${LDAP_SERVER_TYPE}
82
83 ${data}= Create Dictionary data=@{ldap_parm_list}
84
85 ${resp}= OpenBMC Post Request
86 ... ${BMC_LDAP_URI}/action/CreateConfig data=${data}
87 Should Be Equal As Strings ${resp.status_code} ${HTTP_OK}
88
89
90Check LDAP Config File Generated
91 [Documentation] Check LDAP file nslcd.conf generated.
92 [Arguments] ${ldap_server_uri}=${LDAP_SERVER_URI}
93
94 # Description of argument(s):
Sivas SRR396cf142018-12-04 07:06:27 -0600[diff] [blame]95 # ldap_server_uri The LDAP server uri (e.g. "ldap://x.x.x.x/" for non-secured or
96 # ""ldaps://x.x.x.x/"" for secured).
Sivas SRR1d3e4be2018-11-20 07:35:50 -0600[diff] [blame]97
98 ${ldap_server_config}= Read Properties ${BMC_USER_URI}ldap/enumerate
99 ${ldap_server_config}= Convert To String ${ldap_server_config}
100 Should Contain ${ldap_server_config} ${ldap_server_uri}
101 ... msg=${ldap_server_uri} is not configured.
102
103
104Delete LDAP Config
105 [Documentation] Delete LDAP Config via REST.
106
107 ${data}= Create Dictionary data=@{EMPTY}
108 ${resp}= OpenBMC Post Request
109 ... ${BMC_LDAP_URI}/config/action/delete data=${data}
110
111 Should Be Equal As Strings ${resp.status_code} ${HTTP_OK}
112
113
114Check LDAP Config File Deleted
115 [Documentation] Check LDAP file nslcd.conf deleted.
116
117 ${ldap_server_config}= Read Properties ${BMC_USER_URI}ldap/enumerate
118 ${ldap_server_config}= Convert To String ${ldap_server_config}
119
120 Should Not Contain ${ldap_server_config} ${LDAP_SERVER_URI}
121 ... msg=${ldap_server_config} is not configured.
122
123
124Modify LDAP Search Scope
125 [Documentation] Modify LDAP search scope parameter in LDAP config.
126 [Arguments] ${search_scope}=${LDAP_SEARCH_SCOPE}
127
128 # Description of argument(s):
129 # search_scope Contains ldap search scope (e.g. "xyz.openbmc_project.User.Ldap.Config.SearchScope.one").
130
131 ${search_scope_dict}= Create Dictionary data=${search_scope}
132 Write Attribute ${BMC_LDAP_URI}/config LDAPSearchScope data=${search_scope_dict}
133 ... verify=${True} expected_value=${search_scope}
134
135
136Modify LDAP Server Type
137 [Documentation] Modify LDAP server type parameter in LDAP config.
138 [Arguments] ${ldap_type}=${LDAP_SERVER_TYPE}
139
140 # Description of argument(s):
141 # ldap_type Contains ldap server type (e.g. "xyz.openbmc_project.User.Ldap.Config.Type.ActiveDirectory").
142
143 ${ldap_type_dict}= Create Dictionary data=${ldap_type}
144 Write Attribute ${BMC_LDAP_URI}/config LDAPType data=${ldap_type_dict}
145 ... verify=${True} expected_value=${ldap_type}
146
147
148Get LDAP Entries
149 [Documentation] Get LDAP entries and return the object list.
150
151 ${ldap_entry_list}= Create List
152 ${resp}= OpenBMC Get Request ${BMC_USER_URI}ldap/enumerate quiet=${1}
153 Return From Keyword If ${resp.status_code} == ${HTTP_NOT_FOUND}
154 ${jsondata}= To JSON ${resp.content}
155
156 :FOR ${entry} IN @{jsondata["data"]}
157 \ Continue For Loop If '${entry.rsplit('/', 1)[1]}' == 'callout'
158 \ Append To List ${ldap_entry_list} ${entry}
159
160 # LDAP entries list.
161 # ['/xyz/openbmc_project/user/ldap/1',
162 # '/xyz/openbmc_project/user/ldap/2']
163 [Return] ${ldap_entry_list}
164
165
166Defined LDAP Group Entry Should Exist
167 [Documentation] Find the matching group and return the entry id.
168 [Arguments] ${user_group}
169
170 # Description of argument(s):
Sivas SRR396cf142018-12-04 07:06:27 -0600[diff] [blame]171 # user_group A space-delimited list of user group (e.g. "Domain Admins").
Sivas SRR1d3e4be2018-11-20 07:35:50 -0600[diff] [blame]172
173 @{ldap_entries}= Get LDAP Entries
174
175 :FOR ${ldap_entry} IN @{ldap_entries}
176 \ ${resp}= Read Properties ${ldap_entry}
177 \ ${status}= Run Keyword And Return Status
178 ... Should Be Equal As Strings ${user_group} ${resp["GroupName"]}
179 \ Return From Keyword If ${status} == ${TRUE} ${ldap_entry}
180
181 Fail No ${user_group} LDAP user group entry found.
182
Sivas SRR396cf142018-12-04 07:06:27 -0600[diff] [blame]183
Sivas SRR1d3e4be2018-11-20 07:35:50 -0600[diff] [blame]184Delete Defined LDAP Group And Privilege
185 [Documentation] Delete LDAP group and its privilege.
186 [Arguments] ${user_group}
187 # user_group(s) contain LDAP user group string. Example: "Domain Admins"
188
189 # Description of argument(s):
190
191 ${ldap_entry_id}= Defined LDAP Group Entry Should Exist ${user_group}
192 ${data}= Create Dictionary data=@{EMPTY}
193 ${resp}= OpenBMC Post Request ${ldap_entry_id}/action/delete data=${data}
194 Should Be Equal As Strings ${resp.status_code} ${HTTP_OK}