Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / openbmc-test-automation / c5d65841c973191a6bf1d3f9e34e3f71daa70b79 / . / redfish / account_service / test_ldap_configuration.robot
blob: 7141d20f0a5dd462776ed306184350973a80b363 [file] [log] [blame]
Sivas SRR7d7bae32019-05-29 00:31:14 -0500[diff] [blame]1*** Settings ***
2Documentation Test Redfish LDAP user configuration.
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]3
Sivas SRRd21c9842019-06-21 05:41:18 -0500[diff] [blame]4Library ../../lib/gen_robot_valid.py
Sivas SRR7d7bae32019-05-29 00:31:14 -0500[diff] [blame]5Resource ../../lib/resource.robot
6Resource ../../lib/bmc_redfish_resource.robot
7Resource ../../lib/openbmc_ffdc.robot
Sivas SRRf4ec6492019-06-16 01:59:30 -0500[diff] [blame]8Library ../../lib/gen_robot_valid.py
Sivas SRR7d7bae32019-05-29 00:31:14 -0500[diff] [blame]9
10Suite Setup Suite Setup Execution
Sivas SRR939b4b12019-06-26 00:01:59 -0500[diff] [blame]11Suite Teardown Run Keywords Restore LDAP Privilege AND Redfish.Logout
Sivas SRRf4ec6492019-06-16 01:59:30 -0500[diff] [blame]12Test Teardown FFDC On Test Case Fail
Sivas SRR7d7bae32019-05-29 00:31:14 -0500[diff] [blame]13
Sivas SRR9358b5c2019-06-06 04:57:03 -0500[diff] [blame]14Force Tags LDAP_Test
15
Sivas SRRf4ec6492019-06-16 01:59:30 -0500[diff] [blame]16*** Variables ***
17${old_ldap_privilege} ${EMPTY}
Sivas SRRd21c9842019-06-21 05:41:18 -0500[diff] [blame]18&{old_account_service} &{EMPTY}
Sivas SRRb1b85752019-07-04 01:28:28 -0500[diff] [blame]19&{old_ldap_config} &{EMPTY}
Sivas SRRf4ec6492019-06-16 01:59:30 -0500[diff] [blame]20
Sivas SRR7d7bae32019-05-29 00:31:14 -0500[diff] [blame]21** Test Cases **
22
Sivas SRRb1b85752019-07-04 01:28:28 -0500[diff] [blame]23Verify LDAP Configuration Created
24 [Documentation] Verify LDAP configuration created.
25 [Tags] Verify_LDAP_Configuration_Created
26
27 Create LDAP Configuration
28 # Call 'Get LDAP Configuration' to verify that LDAP configuration exists.
29 Get LDAP Configuration ${LDAP_TYPE}
30 Sleep 10s
31 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
32 Redfish.Logout
33 Redfish.Login
34
35
36Verify LDAP Service Disable
37 [Documentation] Verify LDAP is disabled and that LDAP user cannot login.
38 [Tags] Verify_LDAP_Service_Disable
39
40 Redfish.Patch ${REDFISH_BASE_URI}AccountService
41 ... body={'${LDAP_TYPE}': {'ServiceEnabled': ${False}}}
42 Sleep 15s
43 ${resp}= Run Keyword And Return Status Redfish.Login ${LDAP_USER}
44 ... ${LDAP_USER_PASSWORD}
45 Should Be Equal ${resp} ${False} msg=LDAP user was able to login even though the LDAP service was disabled.
46 Redfish.Logout
47 Redfish.Login
48 # Enabling LDAP so that LDAP user works.
49 Redfish.Patch ${REDFISH_BASE_URI}AccountService
50 ... body={'${LDAP_TYPE}': {'ServiceEnabled': ${True}}}
51 Redfish.Logout
52 Redfish.Login
53
54
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]55Verify LDAP Login With ServiceEnabled
56 [Documentation] Verify LDAP Login with ServiceEnabled.
57 [Tags] Verify_LDAP_Login_With_ServiceEnabled
58
59 Disable Other LDAP
60 # Actual service enablement.
61 Redfish.Patch ${REDFISH_BASE_URI}AccountService
62 ... body={'${LDAP_TYPE}': {'ServiceEnabled': ${True}}}
63 Sleep 15s
64 # After update, LDAP login.
65 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
66 Redfish.Logout
67 Redfish.Login
68
69
70Verify LDAP Login With Correct AuthenticationType
71 [Documentation] Verify LDAP Login with right AuthenticationType.
72 [Tags] Verify_LDAP_Login_With_Correct_AuthenticationType
73
74 Redfish.Patch ${REDFISH_BASE_URI}AccountService
75 ... body={'${ldap_type}': {'Authentication': {'AuthenticationType':'UsernameAndPassword'}}}
76 Sleep 15s
77 # After update, LDAP login.
78 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
79 Redfish.Logout
80 Redfish.Login
81
82
83Verify LDAP Config Update With Incorrect AuthenticationType
84 [Documentation] Verify invalid AuthenticationType is not updated.
85 [Tags] Verify_LDAP_Update_With_Incorrect_AuthenticationType
86
87 Redfish.Patch ${REDFISH_BASE_URI}AccountService
88 ... body={'${ldap_type}': {'Authentication': {'AuthenticationType':'KerberosKeytab'}}} valid_status_codes=[400]
89
90
91Verify LDAP Login With Correct LDAP URL
92 [Documentation] Verify LDAP Login with right LDAP URL.
93 [Tags] Verify_LDAP_Login_With_Correct_LDAP_URL
94
95 Config LDAP URL ${LDAP_SERVER_URI}
96
97
98Verify LDAP Config Update With Incorrect LDAP URL
99 [Documentation] Verify LDAP Login fails with invalid LDAP URL.
100 [Tags] Verify_LDAP_Config_Update_With_Incorrect_LDAP_URL
101 [Teardown] Run Keywords Restore LDAP URL AND
102 ... FFDC On Test Case Fail
103
104 Config LDAP URL "ldap://1.2.3.4"
105
106
Sivas SRR7d7bae32019-05-29 00:31:14 -0500[diff] [blame]107Verify LDAP Configuration Exist
108 [Documentation] Verify LDAP configuration is available.
109 [Tags] Verify_LDAP_Configuration_Exist
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]110
Sivas SRR7d7bae32019-05-29 00:31:14 -0500[diff] [blame]111 ${resp}= Redfish.Get Attribute ${REDFISH_BASE_URI}AccountService
112 ... ${LDAP_TYPE} default=${EMPTY}
113 Should Not Be Empty ${resp} msg=LDAP configuration is not defined.
114
115
116Verify LDAP User Login
117 [Documentation] Verify LDAP user able to login into BMC.
118 [Tags] Verify_LDAP_User_Login
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]119
120 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
Sivas SRR939b4b12019-06-26 00:01:59 -0500[diff] [blame]121 Redfish.Logout
122 Redfish.Login
Sivas SRR7d7bae32019-05-29 00:31:14 -0500[diff] [blame]123
124
125Verify LDAP Service Available
126 [Documentation] Verify LDAP service is available.
127 [Tags] Verify_LDAP_Service_Available
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]128
Sivas SRR7d7bae32019-05-29 00:31:14 -0500[diff] [blame]129 @{ldap_configuration}= Get LDAP Configuration ${LDAP_TYPE}
130 Should Contain ${ldap_configuration} LDAPService
131 ... msg=LDAPService is not available.
132
133
Sivas SRR108f9d32019-06-03 10:05:34 -0500[diff] [blame]134Verify LDAP Login Works After BMC Reboot
135 [Documentation] Verify LDAP login works after BMC reboot.
136 [Tags] Verify_LDAP_Login_Works_After_BMC_Reboot
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]137
Sivas SRR108f9d32019-06-03 10:05:34 -0500[diff] [blame]138 Redfish OBMC Reboot (off)
139 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
140 Redfish.Logout
Sivas SRR939b4b12019-06-26 00:01:59 -0500[diff] [blame]141 Redfish.Login
Sivas SRR108f9d32019-06-03 10:05:34 -0500[diff] [blame]142
143
144Verify LDAP User With Admin Privilege Able To Do BMC Reboot
145 [Documentation] Verify LDAP user with administrator privilege able to do BMC reboot.
146 [Tags] Verify_LDAP_User_With_Admin_Privilege_Able_To_Do_BMC_Reboot
147
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]148
Sivas SRR108f9d32019-06-03 10:05:34 -0500[diff] [blame]149 Update LDAP Configuration with LDAP User Role And Group ${LDAP_TYPE}
150 ... ${GROUP_PRIVILEGE} ${GROUP_NAME}
151 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
152 # With LDAP user and with right privilege trying to do BMC reboot.
153 Redfish OBMC Reboot (off)
154 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
155 Redfish.Logout
Sivas SRR939b4b12019-06-26 00:01:59 -0500[diff] [blame]156 Redfish.Login
Sivas SRR108f9d32019-06-03 10:05:34 -0500[diff] [blame]157
158
Sivas SRR2b83ec02019-07-12 11:30:20 -0500[diff] [blame]159Verify LDAP User With Operator Privilege Able To Do Host Poweroff
160 [Documentation] Verify LDAP user with operator privilege can do host power off.
161 [Tags] Verify_LDAP_User_With_Operator_Privilege_Able_To_Do_Host_Poweroff
Sivas SRRf4ec6492019-06-16 01:59:30 -0500[diff] [blame]162 [Teardown] Restore LDAP Privilege
163
Sivas SRRf4ec6492019-06-16 01:59:30 -0500[diff] [blame]164 Update LDAP Configuration with LDAP User Role And Group ${LDAP_TYPE}
165 ... Operator ${GROUP_NAME}
Sivas SRRf4ec6492019-06-16 01:59:30 -0500[diff] [blame]166
Sivas SRRf4ec6492019-06-16 01:59:30 -0500[diff] [blame]167 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
Sivas SRR2b83ec02019-07-12 11:30:20 -0500[diff] [blame]168 # Verify that the LDAP user with operator privilege is able to power the system off.
169 Redfish.Post ${REDFISH_POWER_URI}
Sivas SRR3d82b3c2019-07-12 12:20:04 -0500[diff] [blame]170 ... body={'ResetType': 'ForceOff'} valid_status_codes=[200]
Sivas SRRf4ec6492019-06-16 01:59:30 -0500[diff] [blame]171 Redfish.Logout
Sivas SRR939b4b12019-06-26 00:01:59 -0500[diff] [blame]172 Redfish.Login
Sivas SRRf4ec6492019-06-16 01:59:30 -0500[diff] [blame]173
174
Sivas SRRd21c9842019-06-21 05:41:18 -0500[diff] [blame]175Verify AccountLockout Attributes Set To Zero
176 [Documentation] Verify attribute AccountLockoutDuration and
177 ... AccountLockoutThreshold are set to 0.
178 [Teardown] Run Keywords Restore AccountLockout Attributes AND
179 ... FFDC On Test Case Fail
180 [Tags] Verify_AccountLockout_Attributes_Set_To_Zero
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]181
Sivas SRRd21c9842019-06-21 05:41:18 -0500[diff] [blame]182 ${old_account_service}= Redfish.Get Properties
183 ... ${REDFISH_BASE_URI}AccountService
Michael Walsh39c00512019-07-17 10:54:06 -0500[diff] [blame]184 Rprint Vars old_account_service
Sivas SRRd21c9842019-06-21 05:41:18 -0500[diff] [blame]185 Redfish.Patch ${REDFISH_BASE_URI}AccountService
186 ... body=[('AccountLockoutDuration', 0)]
187 Redfish.Patch ${REDFISH_BASE_URI}AccountService
188 ... body=[('AccountLockoutThreshold', 0)]
189
190
Sivas SRR939b4b12019-06-26 00:01:59 -0500[diff] [blame]191Verify LDAP User With Read Privilege Able To Check Inventory
192 [Documentation] Verify LDAP user with read privilege able to
193 ... read firmware inventory.
194 [Tags] Verify_LDAP_User_With_Read_Privilege_Able_To_Check_Inventory
195 [Teardown] Run Keywords FFDC On Test Case Fail AND Restore LDAP Privilege
196 [Template] Set Read Privilege And Check Firmware Inventory
197
198 User
199 Callback
200
201
202Verify LDAP User With Read Privilege Should Not Do Host Poweron
203 [Documentation] Verify LDAP user with read privilege should not be
204 ... allowed to power on the host.
205 [Tags] Verify_LDAP_User_With_Read_Privilege_Should_Not_Do_Host_Poweron
206 [Teardown] Run Keywords FFDC On Test Case Fail AND Restore LDAP Privilege
207 [Template] Set Read Privilege And Check Poweron
208
209 User
210 Callback
211
212
Sivas SRRe9a47862019-08-05 07:13:43 -0500[diff] [blame]213Update LDAP Group Name And Verify Operations
214 [Documentation] Verify LDAP group name update and able to do right operations.
215 [Tags] Update_LDAP_Group_Name_And_Verify_Operations
216 [Template] Update LDAP Config And Verify Set Host Name
217 [Teardown] Restore LDAP Privilege
218
219 # group_name group_privilege valid_status_codes
220 ${GROUP_NAME} Administrator [${HTTP_OK}]
221 ${GROUP_NAME} Operator [${HTTP_UNAUTHORIZED}, ${HTTP_FORBIDDEN}]
222 ${GROUP_NAME} User [${HTTP_UNAUTHORIZED}, ${HTTP_FORBIDDEN}]
223 ${GROUP_NAME} Callback [${HTTP_UNAUTHORIZED}, ${HTTP_FORBIDDEN}]
224 Invalid_LDAP_Group_Name Administrator [${HTTP_UNAUTHORIZED}, ${HTTP_FORBIDDEN}]
225 Invalid_LDAP_Group_Name Operator [${HTTP_UNAUTHORIZED}, ${HTTP_FORBIDDEN}]
226 Invalid_LDAP_Group_Name User [${HTTP_UNAUTHORIZED}, ${HTTP_FORBIDDEN}]
227 Invalid_LDAP_Group_Name Callback [${HTTP_UNAUTHORIZED}, ${HTTP_FORBIDDEN}]
228
229
Sivas SRRa031d2d2019-08-16 07:49:52 -0500[diff] [blame]230Verify LDAP BaseDN Update And LDAP Login
231 [Documentation] Update LDAP BaseDN of LDAP configuration and verify
232 ... LDAP login works.
233 [Tags] Verify_LDAP_BaseDN_Update_And_LDAP_Login
234
235
236 ${body}= Catenate {'${LDAP_TYPE}': { 'LDAPService': {'SearchSettings':
237 ... {'BaseDistinguishedNames': ['${LDAP_BASE_DN}']}}}}
238 Redfish.Patch ${REDFISH_BASE_URI}AccountService body=${body}
239 Sleep 15s
240 Redfish Verify LDAP Login
241
242
243Verify LDAP BindDN Update And LDAP Login
244 [Documentation] Update LDAP BindDN of LDAP configuration and verify
245 ... LDAP login works.
246 [Tags] Verify_LDAP_BindDN_Update_And_LDAP_Login
247
248 ${body}= Catenate {'${LDAP_TYPE}': { 'Authentication':
249 ... {'AuthenticationType':'UsernameAndPassword', 'Username':
250 ... '${LDAP_BIND_DN}'}}}
251 Redfish.Patch ${REDFISH_BASE_URI}AccountService body=${body}
252 Sleep 15s
253 Redfish Verify LDAP Login
254
255
256Verify LDAP BindDN Password Update And LDAP Login
257 [Documentation] Update LDAP BindDN password of LDAP configuration and
258 ... verify LDAP login works.
259 [Tags] Verify_LDAP_BindDN_Passsword_Update_And_LDAP_Login
260
261
262 ${body}= Catenate {'${LDAP_TYPE}': { 'Authentication':
263 ... {'AuthenticationType':'UsernameAndPassword', 'Password':
264 ... '${LDAP_BIND_DN_PASSWORD}'}}}
265 Redfish.Patch ${REDFISH_BASE_URI}AccountService body=${body}
266 Sleep 15s
267 Redfish Verify LDAP Login
268
269
270Verify LDAP Type Update And LDAP Login
271 [Documentation] Update LDAP type of LDAP configuration and verify
272 ... LDAP login works.
273 [Tags] Verify_LDAP_Type_Update_And_LDAP_Login
274
275 Disable Other LDAP
276 Redfish.Patch ${REDFISH_BASE_URI}AccountService
277 ... body={'${LDAP_TYPE}': {'ServiceEnabled': ${True}}}
278 Sleep 15s
279 Redfish Verify LDAP Login
280
281
Sivas SRR7d7bae32019-05-29 00:31:14 -0500[diff] [blame]282*** Keywords ***
Sivas SRRd21c9842019-06-21 05:41:18 -0500[diff] [blame]283
Sivas SRRa031d2d2019-08-16 07:49:52 -0500[diff] [blame]284Redfish Verify LDAP Login
285 [Documentation] LDAP user log into BMC.
286
287 # According to our repo coding rules, Redfish.Login is to be done in Suite
288 # Setup and Redfish.Logout is to be done in Suite Teardown. For any
289 # deviation from this rule (such as in this keyword), the deviant code
290 # must take steps to restore us to our original logged-in state.
291
292 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
293 Redfish.Logout
294 Redfish.Login
295
296
Sivas SRRe9a47862019-08-05 07:13:43 -0500[diff] [blame]297Update LDAP Config And Verify Set Host Name
298 [Documentation] Update LDAP config and verify by attempting to set host name.
299 [Arguments] ${group_name} ${group_privilege}=Administrator
300 ... ${valid_status_codes}=[${HTTP_OK}]
301
302 # Description of argument(s):
303 # group_name The group name of user.
304 # group_privilege The group privilege ("Administrator",
305 # "Operator", "User" or "Callback").
306 # valid_status_codes Expected return code(s) from patch
307 # operation (e.g. "200") used to update
308 # HostName. See prolog of rest_request
309 # method in redfish_plut.py for details.
310 Update LDAP Configuration with LDAP User Role And Group ${LDAP_TYPE}
311 ... ${group_privilege} ${group_name}
312 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
313 # Verify that the LDAP user in ${group_name} with the given privilege is
314 # allowed to change the hostname.
315 ${hostname}= Redfish_Utils.Get Attribute ${REDFISH_NW_PROTOCOL_URI} HostName
316 Redfish.Patch ${REDFISH_NW_PROTOCOL_URI} body={'HostName': '${hostname}'}
317 ... valid_status_codes=${valid_status_codes}
318 Redfish.Logout
319 Redfish.Login
320
321
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]322Disable Other LDAP
323 [Documentation] Disable other LDAP configuration.
324
325 # First disable other LDAP.
326 ${inverse_ldap_type}= Set Variable If '${LDAP_TYPE}' == 'LDAP' ActiveDirectory LDAP
327 Redfish.Patch ${REDFISH_BASE_URI}AccountService
328 ... body={'${inverse_ldap_type}': {'ServiceEnabled': ${False}}}
329 Sleep 15s
330
331
Sivas SRRb1b85752019-07-04 01:28:28 -0500[diff] [blame]332Create LDAP Configuration
333 [Documentation] Create LDAP configuration.
334 [Arguments] ${ldap_type}=${LDAP_TYPE} ${ldap_server_uri}=${LDAP_SERVER_URI}
335 ... ${ldap_bind_dn}=${LDAP_BIND_DN} ${ldap_bind_dn_password}=${LDAP_BIND_DN_PASSWORD}
336 ... ${ldap_base_dn}=${LDAP_BASE_DN}
337
338 # Description of argument(s):
339 # ldap_type The LDAP type ("ActiveDirectory" or "LDAP").
340 # ldap_server_uri LDAP server uri (e.g. ldap://XX.XX.XX.XX).
341 # ldap_bind_dn The LDAP bind distinguished name.
342 # ldap_bind_dn_password The LDAP bind distinguished name password.
343 # ldap_base_dn The LDAP base distinguished name.
344
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]345 Disable Other LDAP
Sivas SRRb1b85752019-07-04 01:28:28 -0500[diff] [blame]346 Redfish.Patch ${REDFISH_BASE_URI}AccountService
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]347 ... body={'${ldap_type}': {'ServiceEnabled': ${True}, 'ServiceAddresses': ['${ldap_server_uri}'], 'Authentication': {'AuthenticationType':'UsernameAndPassword', 'Username':'${ldap_bind_dn}', 'Password':'${ldap_bind_dn_password}'}, 'LDAPService': {'SearchSettings': {'BaseDistinguishedNames': ['${ldap_base_dn}']}}}}
Sivas SRRb1b85752019-07-04 01:28:28 -0500[diff] [blame]348 Sleep 15s
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]349
350
351Config LDAP URL
352 [Documentation] Config LDAP URL.
353 [Arguments] ${ldap_server_uri}=${LDAP_SERVER_URI}
354
355 # Description of argument(s):
356 # ldap_server_uri LDAP server uri (e.g. "ldap://XX.XX.XX.XX/").
357
Sivas SRRb1b85752019-07-04 01:28:28 -0500[diff] [blame]358 Redfish.Patch ${REDFISH_BASE_URI}AccountService
359 ... body={'${ldap_type}': {'ServiceAddresses': ['${ldap_server_uri}']}}
360 Sleep 15s
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]361 # After update, LDAP login.
362 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
363 Redfish.Logout
364 Redfish.Login
365
366
367Restore LDAP URL
368 [Documentation] Restore LDAP URL.
369
370 # Restoring the working LDAP server uri.
Sivas SRRb1b85752019-07-04 01:28:28 -0500[diff] [blame]371 Redfish.Patch ${REDFISH_BASE_URI}AccountService
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]372 ... body={'${ldap_type}': {'ServiceAddresses': ['${LDAP_SERVER_URI}']}}
Sivas SRRb1b85752019-07-04 01:28:28 -0500[diff] [blame]373 Sleep 15s
374
375
Sivas SRRd21c9842019-06-21 05:41:18 -0500[diff] [blame]376Restore AccountLockout Attributes
377 [Documentation] Restore AccountLockout Attributes.
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]378
Sivas SRRd21c9842019-06-21 05:41:18 -0500[diff] [blame]379 Return From Keyword If &{old_account_service} == &{EMPTY}
380 Redfish.Patch ${REDFISH_BASE_URI}AccountService
381 ... body=[('AccountLockoutDuration', ${old_account_service['AccountLockoutDuration']})]
382 Redfish.Patch ${REDFISH_BASE_URI}AccountService
383 ... body=[('AccountLockoutDuration', ${old_account_service['AccountLockoutThreshold']})]
384
385
Sivas SRR7d7bae32019-05-29 00:31:14 -0500[diff] [blame]386Suite Setup Execution
387 [Documentation] Do suite setup tasks.
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]388
Michael Walshe7edb222019-08-19 17:39:38 -0500[diff] [blame]389 Valid Value LDAP_TYPE valid_values=["ActiveDirectory", "LDAP"]
390 Valid Value LDAP_USER
391 Valid Value LDAP_USER_PASSWORD
392 Valid Value GROUP_PRIVILEGE
393 Valid Value GROUP_NAME
394 Valid Value LDAP_SERVER_URI
395 Valid Value LDAP_BIND_DN_PASSWORD
396 Valid Value LDAP_BIND_DN
397 Valid Value LDAP_BASE_DN
Sivas SRRe9a47862019-08-05 07:13:43 -0500[diff] [blame]398
Sivas SRRf4ec6492019-06-16 01:59:30 -0500[diff] [blame]399 Redfish.Login
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]400 # Call 'Get LDAP Configuration' to verify that LDAP configuration exists.
401 Get LDAP Configuration ${LDAP_TYPE}
Sivas SRR939b4b12019-06-26 00:01:59 -0500[diff] [blame]402 ${old_ldap_privilege}= Get LDAP Privilege
Sivas SRR7d7bae32019-05-29 00:31:14 -0500[diff] [blame]403
404
Sivas SRR939b4b12019-06-26 00:01:59 -0500[diff] [blame]405Set Read Privilege And Check Firmware Inventory
406 [Documentation] Set read privilege and check firmware inventory.
407 [Arguments] ${read_privilege}
408
409 # Description of argument(s):
410 # read_privilege The read privilege role (e.g. "User" / "Callback").
411
412 Update LDAP Configuration with LDAP User Role And Group ${LDAP_TYPE}
413 ... ${read_privilege} ${GROUP_NAME}
414
415 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
416 # Verify that the LDAP user with read privilege is able to read inventory.
417 ${resp}= Redfish.Get /redfish/v1/UpdateService/FirmwareInventory
418 Should Be True ${resp.dict["Members@odata.count"]} >= ${1}
419 Length Should Be ${resp.dict["Members"]} ${resp.dict["Members@odata.count"]}
Sivas SRRd21c9842019-06-21 05:41:18 -0500[diff] [blame]420 Redfish.Logout
Sivas SRR939b4b12019-06-26 00:01:59 -0500[diff] [blame]421 Redfish.Login
422
423
424Set Read Privilege And Check Poweron
425 [Documentation] Set read privilege and power on should not be possible.
426 [Arguments] ${read_privilege}
427
428 # Description of argument(s):
429 # read_privilege The read privilege role (e.g. "User" / "Callback").
430
431 Update LDAP Configuration with LDAP User Role And Group ${LDAP_TYPE}
432 ... ${read_privilege} ${GROUP_NAME}
433 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
434 Redfish.Post ${REDFISH_POWER_URI}
435 ... body={'ResetType': 'On'} valid_status_codes=[401, 403]
436 Redfish.Logout
437 Redfish.Login
Sivas SRRd21c9842019-06-21 05:41:18 -0500[diff] [blame]438
439
Sivas SRR7d7bae32019-05-29 00:31:14 -0500[diff] [blame]440Get LDAP Configuration
441 [Documentation] Retrieve LDAP Configuration.
442 [Arguments] ${ldap_type}
443
444 # Description of argument(s):
445 # ldap_type The LDAP type ("ActiveDirectory" or "LDAP").
446
447 ${ldap_config}= Redfish.Get Properties ${REDFISH_BASE_URI}AccountService
448 [Return] ${ldap_config["${ldap_type}"]}
Sivas SRR108f9d32019-06-03 10:05:34 -0500[diff] [blame]449
450
451Update LDAP Configuration with LDAP User Role And Group
452 [Documentation] Update LDAP configuration update with LDAP user Role and group.
453 [Arguments] ${ldap_type} ${group_privilege} ${group_name}
454
455 # Description of argument(s):
456 # ldap_type The LDAP type ("ActiveDirectory" or "LDAP").
457 # group_privilege The group privilege ("Administrator", "Operator", "User" or "Callback").
458 # group_name The group name of user.
459
460 ${local_role_remote_group}= Create Dictionary LocalRole=${group_privilege} RemoteGroup=${group_name}
461 ${remote_role_mapping}= Create List ${local_role_remote_group}
462 ${ldap_data}= Create Dictionary RemoteRoleMapping=${remote_role_mapping}
463 ${payload}= Create Dictionary ${ldap_type}=${ldap_data}
464 Redfish.Patch ${REDFISH_BASE_URI}AccountService body=&{payload}
Sivas SRR939b4b12019-06-26 00:01:59 -0500[diff] [blame]465 # Provide adequate time for LDAP daemon to restart after the update.
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]466 Sleep 15s
Sivas SRR108f9d32019-06-03 10:05:34 -0500[diff] [blame]467
Sivas SRRf4ec6492019-06-16 01:59:30 -0500[diff] [blame]468
469Get LDAP Privilege
470 [Documentation] Get LDAP privilege and return it.
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]471
Sivas SRRf4ec6492019-06-16 01:59:30 -0500[diff] [blame]472 ${ldap_config}= Get LDAP Configuration ${LDAP_TYPE}
Sivas SRRe9a47862019-08-05 07:13:43 -0500[diff] [blame]473 ${num_list_entries}= Get Length ${ldap_config["RemoteRoleMapping"]}
474 Return From Keyword If ${num_list_entries} == ${0} @{EMPTY}
475
Sivas SRRf4ec6492019-06-16 01:59:30 -0500[diff] [blame]476 [Return] ${ldap_config["RemoteRoleMapping"][0]["LocalRole"]}
477
478
479Restore LDAP Privilege
480 [Documentation] Restore the LDAP privilege to its original value.
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]481
Sivas SRR939b4b12019-06-26 00:01:59 -0500[diff] [blame]482 Return From Keyword If '${old_ldap_privilege}' == '${EMPTY}'
483 # Log back in to restore the original privilege.
Sivas SRRf4ec6492019-06-16 01:59:30 -0500[diff] [blame]484 Update LDAP Configuration with LDAP User Role And Group ${LDAP_TYPE}
485 ... ${old_ldap_privilege} ${GROUP_NAME}