Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / openbmc-test-automation / c8ed753e29cd6af46b00bb82e20c3d70b40b65c3 / . / redfish / account_service / test_ldap_configuration.robot
blob: 3c079260d5974daf11d9a84c2f37c984b3ee1c70 [file] [log] [blame]
Sivas SRR7d7bae32019-05-29 00:31:14 -0500[diff] [blame]1*** Settings ***
2Documentation Test Redfish LDAP user configuration.
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]3
Sivas SRRd21c9842019-06-21 05:41:18 -0500[diff] [blame]4Library ../../lib/gen_robot_valid.py
Sivas SRR7d7bae32019-05-29 00:31:14 -0500[diff] [blame]5Resource ../../lib/resource.robot
6Resource ../../lib/bmc_redfish_resource.robot
7Resource ../../lib/openbmc_ffdc.robot
Sivas SRRf4ec6492019-06-16 01:59:30 -0500[diff] [blame]8Library ../../lib/gen_robot_valid.py
Sivas SRR7d7bae32019-05-29 00:31:14 -0500[diff] [blame]9
10Suite Setup Suite Setup Execution
Sivas SRR939b4b12019-06-26 00:01:59 -0500[diff] [blame]11Suite Teardown Run Keywords Restore LDAP Privilege AND Redfish.Logout
Sivas SRRf4ec6492019-06-16 01:59:30 -0500[diff] [blame]12Test Teardown FFDC On Test Case Fail
Sivas SRR7d7bae32019-05-29 00:31:14 -0500[diff] [blame]13
Sivas SRR9358b5c2019-06-06 04:57:03 -0500[diff] [blame]14Force Tags LDAP_Test
15
Sivas SRRf4ec6492019-06-16 01:59:30 -0500[diff] [blame]16*** Variables ***
Sivas SRR873de8e2019-09-26 00:37:53 -0500[diff] [blame]17${old_ldap_privilege} ${EMPTY}
Sivas SRRd21c9842019-06-21 05:41:18 -0500[diff] [blame]18&{old_account_service} &{EMPTY}
Sivas SRR873de8e2019-09-26 00:37:53 -0500[diff] [blame]19&{old_ldap_config} &{EMPTY}
20${hostname} ${EMPTY}
Sivas SRRf4ec6492019-06-16 01:59:30 -0500[diff] [blame]21
Sivas SRR7d7bae32019-05-29 00:31:14 -0500[diff] [blame]22** Test Cases **
23
Sivas SRRb1b85752019-07-04 01:28:28 -0500[diff] [blame]24Verify LDAP Configuration Created
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]25 [Documentation] Verify that LDAP configuration created.
Sivas SRRb1b85752019-07-04 01:28:28 -0500[diff] [blame]26 [Tags] Verify_LDAP_Configuration_Created
27
28 Create LDAP Configuration
29 # Call 'Get LDAP Configuration' to verify that LDAP configuration exists.
30 Get LDAP Configuration ${LDAP_TYPE}
31 Sleep 10s
32 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
33 Redfish.Logout
34 Redfish.Login
35
36
37Verify LDAP Service Disable
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]38 [Documentation] Verify that LDAP is disabled and that LDAP user cannot
39 ... login.
Sivas SRRb1b85752019-07-04 01:28:28 -0500[diff] [blame]40 [Tags] Verify_LDAP_Service_Disable
41
42 Redfish.Patch ${REDFISH_BASE_URI}AccountService
43 ... body={'${LDAP_TYPE}': {'ServiceEnabled': ${False}}}
44 Sleep 15s
45 ${resp}= Run Keyword And Return Status Redfish.Login ${LDAP_USER}
46 ... ${LDAP_USER_PASSWORD}
George Keishing333bb722019-12-11 11:40:49 -0600[diff] [blame]47 Should Be Equal ${resp} ${False}
48 ... msg=LDAP user was able to login even though the LDAP service was disabled.
Sivas SRRb1b85752019-07-04 01:28:28 -0500[diff] [blame]49 Redfish.Logout
50 Redfish.Login
51 # Enabling LDAP so that LDAP user works.
52 Redfish.Patch ${REDFISH_BASE_URI}AccountService
53 ... body={'${LDAP_TYPE}': {'ServiceEnabled': ${True}}}
54 Redfish.Logout
55 Redfish.Login
56
57
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]58Verify LDAP Login With ServiceEnabled
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]59 [Documentation] Verify that LDAP Login with ServiceEnabled.
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]60 [Tags] Verify_LDAP_Login_With_ServiceEnabled
61
62 Disable Other LDAP
63 # Actual service enablement.
64 Redfish.Patch ${REDFISH_BASE_URI}AccountService
65 ... body={'${LDAP_TYPE}': {'ServiceEnabled': ${True}}}
66 Sleep 15s
67 # After update, LDAP login.
68 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
69 Redfish.Logout
70 Redfish.Login
71
72
73Verify LDAP Login With Correct AuthenticationType
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]74 [Documentation] Verify that LDAP Login with right AuthenticationType.
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]75 [Tags] Verify_LDAP_Login_With_Correct_AuthenticationType
76
77 Redfish.Patch ${REDFISH_BASE_URI}AccountService
78 ... body={'${ldap_type}': {'Authentication': {'AuthenticationType':'UsernameAndPassword'}}}
79 Sleep 15s
80 # After update, LDAP login.
81 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
82 Redfish.Logout
83 Redfish.Login
84
85
86Verify LDAP Config Update With Incorrect AuthenticationType
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]87 [Documentation] Verify that invalid AuthenticationType is not updated.
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]88 [Tags] Verify_LDAP_Update_With_Incorrect_AuthenticationType
89
George Keishing2d0804e2019-12-12 22:27:05 -0600[diff] [blame]90 ${body}= Catenate {'${ldap_type}': {'Authentication': {'AuthenticationType':'KerberosKeytab'}}}
91 ... valid_status_codes=[400]
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]92 Redfish.Patch ${REDFISH_BASE_URI}AccountService
George Keishing2d0804e2019-12-12 22:27:05 -0600[diff] [blame]93 ... body=${body}
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]94
95
96Verify LDAP Login With Correct LDAP URL
97 [Documentation] Verify LDAP Login with right LDAP URL.
98 [Tags] Verify_LDAP_Login_With_Correct_LDAP_URL
99
100 Config LDAP URL ${LDAP_SERVER_URI}
101
102
103Verify LDAP Config Update With Incorrect LDAP URL
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]104 [Documentation] Verify that LDAP Login fails with invalid LDAP URL.
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]105 [Tags] Verify_LDAP_Config_Update_With_Incorrect_LDAP_URL
106 [Teardown] Run Keywords Restore LDAP URL AND
107 ... FFDC On Test Case Fail
108
109 Config LDAP URL "ldap://1.2.3.4"
110
111
Sivas SRR7d7bae32019-05-29 00:31:14 -0500[diff] [blame]112Verify LDAP Configuration Exist
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]113 [Documentation] Verify that LDAP configuration is available.
Sivas SRR7d7bae32019-05-29 00:31:14 -0500[diff] [blame]114 [Tags] Verify_LDAP_Configuration_Exist
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]115
Sivas SRR7d7bae32019-05-29 00:31:14 -0500[diff] [blame]116 ${resp}= Redfish.Get Attribute ${REDFISH_BASE_URI}AccountService
117 ... ${LDAP_TYPE} default=${EMPTY}
118 Should Not Be Empty ${resp} msg=LDAP configuration is not defined.
119
120
121Verify LDAP User Login
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]122 [Documentation] Verify that LDAP user able to login into BMC.
Sivas SRR7d7bae32019-05-29 00:31:14 -0500[diff] [blame]123 [Tags] Verify_LDAP_User_Login
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]124
125 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
Sivas SRR939b4b12019-06-26 00:01:59 -0500[diff] [blame]126 Redfish.Logout
127 Redfish.Login
Sivas SRR7d7bae32019-05-29 00:31:14 -0500[diff] [blame]128
129
130Verify LDAP Service Available
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]131 [Documentation] Verify that LDAP service is available.
Sivas SRR7d7bae32019-05-29 00:31:14 -0500[diff] [blame]132 [Tags] Verify_LDAP_Service_Available
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]133
Sivas SRR7d7bae32019-05-29 00:31:14 -0500[diff] [blame]134 @{ldap_configuration}= Get LDAP Configuration ${LDAP_TYPE}
135 Should Contain ${ldap_configuration} LDAPService
136 ... msg=LDAPService is not available.
137
138
Sivas SRR108f9d32019-06-03 10:05:34 -0500[diff] [blame]139Verify LDAP Login Works After BMC Reboot
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]140 [Documentation] Verify that LDAP login works after BMC reboot.
Sivas SRR108f9d32019-06-03 10:05:34 -0500[diff] [blame]141 [Tags] Verify_LDAP_Login_Works_After_BMC_Reboot
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]142
Sivas SRR108f9d32019-06-03 10:05:34 -0500[diff] [blame]143 Redfish OBMC Reboot (off)
144 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
145 Redfish.Logout
Sivas SRR939b4b12019-06-26 00:01:59 -0500[diff] [blame]146 Redfish.Login
Sivas SRR108f9d32019-06-03 10:05:34 -0500[diff] [blame]147
148
149Verify LDAP User With Admin Privilege Able To Do BMC Reboot
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]150 [Documentation] Verify that LDAP user with administrator privilege able to do BMC reboot.
Sivas SRR108f9d32019-06-03 10:05:34 -0500[diff] [blame]151 [Tags] Verify_LDAP_User_With_Admin_Privilege_Able_To_Do_BMC_Reboot
152
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]153
Sivas SRR108f9d32019-06-03 10:05:34 -0500[diff] [blame]154 Update LDAP Configuration with LDAP User Role And Group ${LDAP_TYPE}
155 ... ${GROUP_PRIVILEGE} ${GROUP_NAME}
156 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
157 # With LDAP user and with right privilege trying to do BMC reboot.
158 Redfish OBMC Reboot (off)
159 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
160 Redfish.Logout
Sivas SRR939b4b12019-06-26 00:01:59 -0500[diff] [blame]161 Redfish.Login
Sivas SRR108f9d32019-06-03 10:05:34 -0500[diff] [blame]162
163
Sivas SRR2b83ec02019-07-12 11:30:20 -0500[diff] [blame]164Verify LDAP User With Operator Privilege Able To Do Host Poweroff
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]165 [Documentation] Verify that LDAP user with operator privilege can do host
166 ... power off.
Sivas SRR2b83ec02019-07-12 11:30:20 -0500[diff] [blame]167 [Tags] Verify_LDAP_User_With_Operator_Privilege_Able_To_Do_Host_Poweroff
Sivas SRRf4ec6492019-06-16 01:59:30 -0500[diff] [blame]168 [Teardown] Restore LDAP Privilege
169
Sivas SRRf4ec6492019-06-16 01:59:30 -0500[diff] [blame]170 Update LDAP Configuration with LDAP User Role And Group ${LDAP_TYPE}
171 ... Operator ${GROUP_NAME}
Sivas SRRf4ec6492019-06-16 01:59:30 -0500[diff] [blame]172
Sivas SRRf4ec6492019-06-16 01:59:30 -0500[diff] [blame]173 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
Sivas SRR2b83ec02019-07-12 11:30:20 -0500[diff] [blame]174 # Verify that the LDAP user with operator privilege is able to power the system off.
175 Redfish.Post ${REDFISH_POWER_URI}
Sivas SRR3d82b3c2019-07-12 12:20:04 -0500[diff] [blame]176 ... body={'ResetType': 'ForceOff'} valid_status_codes=[200]
Sivas SRRf4ec6492019-06-16 01:59:30 -0500[diff] [blame]177 Redfish.Logout
Sivas SRR939b4b12019-06-26 00:01:59 -0500[diff] [blame]178 Redfish.Login
Sivas SRRf4ec6492019-06-16 01:59:30 -0500[diff] [blame]179
180
Sivas SRRd21c9842019-06-21 05:41:18 -0500[diff] [blame]181Verify AccountLockout Attributes Set To Zero
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]182 [Documentation] Verify that attribute AccountLockoutDuration and
Sivas SRRd21c9842019-06-21 05:41:18 -0500[diff] [blame]183 ... AccountLockoutThreshold are set to 0.
184 [Teardown] Run Keywords Restore AccountLockout Attributes AND
185 ... FFDC On Test Case Fail
186 [Tags] Verify_AccountLockout_Attributes_Set_To_Zero
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]187
Sivas SRRd21c9842019-06-21 05:41:18 -0500[diff] [blame]188 ${old_account_service}= Redfish.Get Properties
189 ... ${REDFISH_BASE_URI}AccountService
Michael Walsh39c00512019-07-17 10:54:06 -0500[diff] [blame]190 Rprint Vars old_account_service
Sivas SRRd21c9842019-06-21 05:41:18 -0500[diff] [blame]191 Redfish.Patch ${REDFISH_BASE_URI}AccountService
192 ... body=[('AccountLockoutDuration', 0)]
193 Redfish.Patch ${REDFISH_BASE_URI}AccountService
194 ... body=[('AccountLockoutThreshold', 0)]
195
196
Sivas SRR939b4b12019-06-26 00:01:59 -0500[diff] [blame]197Verify LDAP User With Read Privilege Able To Check Inventory
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]198 [Documentation] Verify that LDAP user with read privilege able to
Sivas SRR939b4b12019-06-26 00:01:59 -0500[diff] [blame]199 ... read firmware inventory.
200 [Tags] Verify_LDAP_User_With_Read_Privilege_Able_To_Check_Inventory
201 [Teardown] Run Keywords FFDC On Test Case Fail AND Restore LDAP Privilege
202 [Template] Set Read Privilege And Check Firmware Inventory
203
204 User
205 Callback
206
207
208Verify LDAP User With Read Privilege Should Not Do Host Poweron
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]209 [Documentation] Verify that LDAP user with read privilege should not be
Sivas SRR939b4b12019-06-26 00:01:59 -0500[diff] [blame]210 ... allowed to power on the host.
211 [Tags] Verify_LDAP_User_With_Read_Privilege_Should_Not_Do_Host_Poweron
212 [Teardown] Run Keywords FFDC On Test Case Fail AND Restore LDAP Privilege
213 [Template] Set Read Privilege And Check Poweron
214
215 User
216 Callback
217
218
Sivas SRRe9a47862019-08-05 07:13:43 -0500[diff] [blame]219Update LDAP Group Name And Verify Operations
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]220 [Documentation] Verify that LDAP group name update and able to do right
221 ... operations.
Sivas SRRe9a47862019-08-05 07:13:43 -0500[diff] [blame]222 [Tags] Update_LDAP_Group_Name_And_Verify_Operations
223 [Template] Update LDAP Config And Verify Set Host Name
224 [Teardown] Restore LDAP Privilege
225
226 # group_name group_privilege valid_status_codes
227 ${GROUP_NAME} Administrator [${HTTP_OK}]
228 ${GROUP_NAME} Operator [${HTTP_UNAUTHORIZED}, ${HTTP_FORBIDDEN}]
229 ${GROUP_NAME} User [${HTTP_UNAUTHORIZED}, ${HTTP_FORBIDDEN}]
230 ${GROUP_NAME} Callback [${HTTP_UNAUTHORIZED}, ${HTTP_FORBIDDEN}]
231 Invalid_LDAP_Group_Name Administrator [${HTTP_UNAUTHORIZED}, ${HTTP_FORBIDDEN}]
232 Invalid_LDAP_Group_Name Operator [${HTTP_UNAUTHORIZED}, ${HTTP_FORBIDDEN}]
233 Invalid_LDAP_Group_Name User [${HTTP_UNAUTHORIZED}, ${HTTP_FORBIDDEN}]
234 Invalid_LDAP_Group_Name Callback [${HTTP_UNAUTHORIZED}, ${HTTP_FORBIDDEN}]
235
236
Sivas SRRa031d2d2019-08-16 07:49:52 -0500[diff] [blame]237Verify LDAP BaseDN Update And LDAP Login
238 [Documentation] Update LDAP BaseDN of LDAP configuration and verify
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]239 ... that LDAP login works.
Sivas SRRa031d2d2019-08-16 07:49:52 -0500[diff] [blame]240 [Tags] Verify_LDAP_BaseDN_Update_And_LDAP_Login
241
242
243 ${body}= Catenate {'${LDAP_TYPE}': { 'LDAPService': {'SearchSettings':
244 ... {'BaseDistinguishedNames': ['${LDAP_BASE_DN}']}}}}
245 Redfish.Patch ${REDFISH_BASE_URI}AccountService body=${body}
246 Sleep 15s
247 Redfish Verify LDAP Login
248
249
250Verify LDAP BindDN Update And LDAP Login
251 [Documentation] Update LDAP BindDN of LDAP configuration and verify
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]252 ... that LDAP login works.
Sivas SRRa031d2d2019-08-16 07:49:52 -0500[diff] [blame]253 [Tags] Verify_LDAP_BindDN_Update_And_LDAP_Login
254
255 ${body}= Catenate {'${LDAP_TYPE}': { 'Authentication':
256 ... {'AuthenticationType':'UsernameAndPassword', 'Username':
257 ... '${LDAP_BIND_DN}'}}}
258 Redfish.Patch ${REDFISH_BASE_URI}AccountService body=${body}
259 Sleep 15s
260 Redfish Verify LDAP Login
261
262
263Verify LDAP BindDN Password Update And LDAP Login
264 [Documentation] Update LDAP BindDN password of LDAP configuration and
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]265 ... verify that LDAP login works.
Sivas SRRa031d2d2019-08-16 07:49:52 -0500[diff] [blame]266 [Tags] Verify_LDAP_BindDN_Passsword_Update_And_LDAP_Login
267
268
269 ${body}= Catenate {'${LDAP_TYPE}': { 'Authentication':
270 ... {'AuthenticationType':'UsernameAndPassword', 'Password':
271 ... '${LDAP_BIND_DN_PASSWORD}'}}}
272 Redfish.Patch ${REDFISH_BASE_URI}AccountService body=${body}
273 Sleep 15s
274 Redfish Verify LDAP Login
275
276
277Verify LDAP Type Update And LDAP Login
278 [Documentation] Update LDAP type of LDAP configuration and verify
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]279 ... that LDAP login works.
Sivas SRRa031d2d2019-08-16 07:49:52 -0500[diff] [blame]280 [Tags] Verify_LDAP_Type_Update_And_LDAP_Login
281
282 Disable Other LDAP
283 Redfish.Patch ${REDFISH_BASE_URI}AccountService
284 ... body={'${LDAP_TYPE}': {'ServiceEnabled': ${True}}}
285 Sleep 15s
286 Redfish Verify LDAP Login
287
288
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]289Verify Authorization With Null Privilege
290 [Documentation] Verify the failure of LDAP authorization with empty
291 ... privilege.
292 [Tags] Verify_LDAP_Authorization_With_Null_Privilege
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]293 [Teardown] Restore LDAP Privilege
294
295 Update LDAP Config And Verify Set Host Name ${GROUP_NAME} ${EMPTY}
296 ... [${HTTP_FORBIDDEN}]
297
298
299Verify Authorization With Invalid Privilege
300 [Documentation] Verify that LDAP user authorization with wrong privilege
301 ... fails.
302 [Tags] Verify_LDAP_Authorization_With_Invalid_Privilege
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]303 [Teardown] Restore LDAP Privilege
304
305 Update LDAP Config And Verify Set Host Name ${GROUP_NAME}
306 ... Invalid_Privilege [${HTTP_FORBIDDEN}]
307
308
309Verify LDAP Login With Invalid Data
310 [Documentation] Verify that LDAP login with Invalid LDAP data and
311 ... right LDAP user fails.
312 [Tags] Verify_LDAP_Login_With_Invalid_Data
313 [Teardown] Run Keywords FFDC On Test Case Fail AND
314 ... Create LDAP Configuration
315
316 Create LDAP Configuration ${LDAP_TYPE} Invalid_LDAP_Server_URI
317 ... Invalid_LDAP_BIND_DN LDAP_BIND_DN_PASSWORD
318 ... Invalid_LDAP_BASE_DN
319 Sleep 15s
320 Redfish Verify LDAP Login ${False}
321
322
323Verify LDAP Config Creation Without BASE_DN
324 [Documentation] Verify that LDAP login with LDAP configuration
325 ... created without BASE_DN fails.
326 [Tags] Verify_LDAP_Config_Creation_Without_BASE_DN
327 [Teardown] Run Keywords FFDC On Test Case Fail AND
328 ... Create LDAP Configuration
329
330 Create LDAP Configuration ${LDAP_TYPE} Invalid_LDAP_Server_URI
331 ... Invalid_LDAP_BIND_DN LDAP_BIND_DN_PASSWORD ${EMPTY}
332 Sleep 15s
333 Redfish Verify LDAP Login ${False}
334
335
336Verify LDAP Authentication Without Password
337 [Documentation] Verify that LDAP user authentication without LDAP
338 ... user password fails.
339 [Tags] Verify_LDAP_Authentication_Without_Password
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]340
341 ${status}= Run Keyword And Return Status Redfish.Login ${LDAP_USER}
342 Valid Value status [${False}]
343
344
Sivas SRRcde694c2019-09-09 12:20:34 -0500[diff] [blame]345Verify LDAP Login With Invalid BASE_DN
346 [Documentation] Verify that LDAP login with invalid BASE_DN and
347 ... valid LDAP user fails.
348 [Tags] Verify_LDAP_Login_With_Invalid_BASE_DN
349 [Teardown] Run Keywords FFDC On Test Case Fail AND
350 ... Create LDAP Configuration
351
352 Create LDAP Configuration ${LDAP_TYPE} ${LDAP_SERVER_URI}
353 ... ${LDAP_BIND_DN} ${LDAP_BIND_DN_PASSWORD} Invalid_LDAP_BASE_DN
354 Sleep 15s
355 Redfish Verify LDAP Login ${False}
356
357
358Verify LDAP Login With Invalid BIND_DN_PASSWORD
359 [Documentation] Verify that LDAP login with invalid BIND_DN_PASSWORD and
360 ... valid LDAP user fails.
361 [Tags] Verify_LDAP_Login_With_Invalid_BIND_DN_PASSWORD
362 [Teardown] Run Keywords FFDC On Test Case Fail AND
363 ... Create LDAP Configuration
364
365 Create LDAP Configuration ${LDAP_TYPE} ${LDAP_SERVER_URI}
366 ... ${LDAP_BIND_DN} INVALID_LDAP_BIND_DN_PASSWORD ${LDAP_BASE_DN}
367 Sleep 15s
368 Redfish Verify LDAP Login ${False}
369
370
371Verify LDAP Login With Invalid BASE_DN And Invalid BIND_DN
372 [Documentation] Verify that LDAP login with invalid BASE_DN and invalid
373 ... BIND_DN and valid LDAP user fails.
374 [Tags] Verify_LDAP_Login_With_Invalid_BASE_DN_And_Invalid_BIND_DN
375 [Teardown] Run Keywords FFDC On Test Case Fail AND
376 ... Create LDAP Configuration
377
378 Create LDAP Configuration ${LDAP_TYPE} ${LDAP_SERVER_URI}
379 ... INVALID_LDAP_BIND_DN ${LDAP_BIND_DN_PASSWORD} INVALID_LDAP_BASE_DN
380 Sleep 15s
381 Redfish Verify LDAP Login ${False}
382
383
384Verify Group Name And Group Privilege Able To Modify
385 [Documentation] Verify that LDAP group name and group privilege able to
386 ... modify.
387 [Tags] Verify_Group_Name_And_Group_Privilege_Able_To_Modify
Sivas SRR873de8e2019-09-26 00:37:53 -0500[diff] [blame]388 [Setup] Update LDAP Configuration with LDAP User Role And Group
Sivas SRRcde694c2019-09-09 12:20:34 -0500[diff] [blame]389 ... ${LDAP_TYPE} Operator ${GROUP_NAME}
390
391 Update LDAP Configuration with LDAP User Role And Group ${LDAP_TYPE}
392 ... Administrator ${GROUP_NAME}
393
394
395Verify LDAP Login With Invalid BIND_DN
396 [Documentation] Verify that LDAP login with invalid BIND_DN and
397 ... valid LDAP user fails.
398 [Tags] Verify_LDAP_Login_With_Invalid_BIND_DN
399 [Teardown] Run Keywords FFDC On Test Case Fail AND
400 ... Create LDAP Configuration
401
402 Create LDAP Configuration ${LDAP_TYPE} ${LDAP_SERVER_URI}
403 ... Invalid_LDAP_BIND_DN ${LDAP_BIND_DN_PASSWORD} ${LDAP_BASE_DN}
404 Sleep 15s
405 Redfish Verify LDAP Login ${False}
406
407
408Verify LDAP Authentication With Invalid LDAP User
409 [Documentation] Verify that LDAP user authentication for user not exist
410 ... in LDAP server and fails.
411 [Tags] Verify_LDAP_Authentication_With_Invalid_LDAP_User
Sivas SRRcde694c2019-09-09 12:20:34 -0500[diff] [blame]412
413 ${status}= Run Keyword And Return Status Redfish.Login INVALID_LDAP_USER
414 ... ${LDAP_USER_PASSWORD}
415 Valid Value status [${False}]
416
417
Sivas SRR7d7bae32019-05-29 00:31:14 -0500[diff] [blame]418*** Keywords ***
Sivas SRRd21c9842019-06-21 05:41:18 -0500[diff] [blame]419
Sivas SRRa031d2d2019-08-16 07:49:52 -0500[diff] [blame]420Redfish Verify LDAP Login
421 [Documentation] LDAP user log into BMC.
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]422 [Arguments] ${valid_status}=${True}
423
424 # Description of argument(s):
425 # valid_status Expected status of LDAP login ("True" or "False").
Sivas SRRa031d2d2019-08-16 07:49:52 -0500[diff] [blame]426
427 # According to our repo coding rules, Redfish.Login is to be done in Suite
428 # Setup and Redfish.Logout is to be done in Suite Teardown. For any
429 # deviation from this rule (such as in this keyword), the deviant code
430 # must take steps to restore us to our original logged-in state.
431
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]432 ${status}= Run Keyword And Return Status Redfish.Login ${LDAP_USER}
433 ... ${LDAP_USER_PASSWORD}
434 Valid Value status [${valid_status}]
Sivas SRRa031d2d2019-08-16 07:49:52 -0500[diff] [blame]435 Redfish.Logout
436 Redfish.Login
437
438
Sivas SRRe9a47862019-08-05 07:13:43 -0500[diff] [blame]439Update LDAP Config And Verify Set Host Name
440 [Documentation] Update LDAP config and verify by attempting to set host name.
441 [Arguments] ${group_name} ${group_privilege}=Administrator
442 ... ${valid_status_codes}=[${HTTP_OK}]
443
444 # Description of argument(s):
445 # group_name The group name of user.
446 # group_privilege The group privilege ("Administrator",
447 # "Operator", "User" or "Callback").
448 # valid_status_codes Expected return code(s) from patch
449 # operation (e.g. "200") used to update
450 # HostName. See prolog of rest_request
451 # method in redfish_plut.py for details.
452 Update LDAP Configuration with LDAP User Role And Group ${LDAP_TYPE}
453 ... ${group_privilege} ${group_name}
454 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
455 # Verify that the LDAP user in ${group_name} with the given privilege is
456 # allowed to change the hostname.
Sivas SRRe9a47862019-08-05 07:13:43 -0500[diff] [blame]457 Redfish.Patch ${REDFISH_NW_PROTOCOL_URI} body={'HostName': '${hostname}'}
458 ... valid_status_codes=${valid_status_codes}
459 Redfish.Logout
460 Redfish.Login
461
462
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]463Disable Other LDAP
464 [Documentation] Disable other LDAP configuration.
465
466 # First disable other LDAP.
467 ${inverse_ldap_type}= Set Variable If '${LDAP_TYPE}' == 'LDAP' ActiveDirectory LDAP
468 Redfish.Patch ${REDFISH_BASE_URI}AccountService
469 ... body={'${inverse_ldap_type}': {'ServiceEnabled': ${False}}}
470 Sleep 15s
471
472
Sivas SRRb1b85752019-07-04 01:28:28 -0500[diff] [blame]473Create LDAP Configuration
474 [Documentation] Create LDAP configuration.
475 [Arguments] ${ldap_type}=${LDAP_TYPE} ${ldap_server_uri}=${LDAP_SERVER_URI}
476 ... ${ldap_bind_dn}=${LDAP_BIND_DN} ${ldap_bind_dn_password}=${LDAP_BIND_DN_PASSWORD}
477 ... ${ldap_base_dn}=${LDAP_BASE_DN}
478
479 # Description of argument(s):
480 # ldap_type The LDAP type ("ActiveDirectory" or "LDAP").
481 # ldap_server_uri LDAP server uri (e.g. ldap://XX.XX.XX.XX).
482 # ldap_bind_dn The LDAP bind distinguished name.
483 # ldap_bind_dn_password The LDAP bind distinguished name password.
484 # ldap_base_dn The LDAP base distinguished name.
485
George Keishing2d0804e2019-12-12 22:27:05 -0600[diff] [blame]486 ${body}= Catenate {'${ldap_type}':
487 ... {'ServiceEnabled': ${True},
488 ... 'ServiceAddresses': ['${ldap_server_uri}'],
489 ... 'Authentication':
490 ... {'AuthenticationType': 'UsernameAndPassword',
491 ... 'Username':'${ldap_bind_dn}',
492 ... 'Password': '${ldap_bind_dn_password}'},
493 ... 'LDAPService':
494 ... {'SearchSettings':
495 ... {'BaseDistinguishedNames': ['${ldap_base_dn}']}}}}
496
497 Redfish.Patch ${REDFISH_BASE_URI}AccountService body=${body}
Sivas SRRb1b85752019-07-04 01:28:28 -0500[diff] [blame]498 Sleep 15s
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]499
500
501Config LDAP URL
502 [Documentation] Config LDAP URL.
503 [Arguments] ${ldap_server_uri}=${LDAP_SERVER_URI}
504
505 # Description of argument(s):
506 # ldap_server_uri LDAP server uri (e.g. "ldap://XX.XX.XX.XX/").
507
Sivas SRRb1b85752019-07-04 01:28:28 -0500[diff] [blame]508 Redfish.Patch ${REDFISH_BASE_URI}AccountService
509 ... body={'${ldap_type}': {'ServiceAddresses': ['${ldap_server_uri}']}}
510 Sleep 15s
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]511 # After update, LDAP login.
512 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
513 Redfish.Logout
514 Redfish.Login
515
516
517Restore LDAP URL
518 [Documentation] Restore LDAP URL.
519
520 # Restoring the working LDAP server uri.
Sivas SRRb1b85752019-07-04 01:28:28 -0500[diff] [blame]521 Redfish.Patch ${REDFISH_BASE_URI}AccountService
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]522 ... body={'${ldap_type}': {'ServiceAddresses': ['${LDAP_SERVER_URI}']}}
Sivas SRRb1b85752019-07-04 01:28:28 -0500[diff] [blame]523 Sleep 15s
524
525
Sivas SRRd21c9842019-06-21 05:41:18 -0500[diff] [blame]526Restore AccountLockout Attributes
527 [Documentation] Restore AccountLockout Attributes.
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]528
Sivas SRRd21c9842019-06-21 05:41:18 -0500[diff] [blame]529 Return From Keyword If &{old_account_service} == &{EMPTY}
530 Redfish.Patch ${REDFISH_BASE_URI}AccountService
531 ... body=[('AccountLockoutDuration', ${old_account_service['AccountLockoutDuration']})]
532 Redfish.Patch ${REDFISH_BASE_URI}AccountService
533 ... body=[('AccountLockoutDuration', ${old_account_service['AccountLockoutThreshold']})]
534
535
Sivas SRR7d7bae32019-05-29 00:31:14 -0500[diff] [blame]536Suite Setup Execution
537 [Documentation] Do suite setup tasks.
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]538
Michael Walshe7edb222019-08-19 17:39:38 -0500[diff] [blame]539 Valid Value LDAP_TYPE valid_values=["ActiveDirectory", "LDAP"]
540 Valid Value LDAP_USER
541 Valid Value LDAP_USER_PASSWORD
542 Valid Value GROUP_PRIVILEGE
543 Valid Value GROUP_NAME
544 Valid Value LDAP_SERVER_URI
545 Valid Value LDAP_BIND_DN_PASSWORD
546 Valid Value LDAP_BIND_DN
547 Valid Value LDAP_BASE_DN
Sivas SRRe9a47862019-08-05 07:13:43 -0500[diff] [blame]548
Sivas SRRf4ec6492019-06-16 01:59:30 -0500[diff] [blame]549 Redfish.Login
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]550 # Call 'Get LDAP Configuration' to verify that LDAP configuration exists.
551 Get LDAP Configuration ${LDAP_TYPE}
Sivas SRR939b4b12019-06-26 00:01:59 -0500[diff] [blame]552 ${old_ldap_privilege}= Get LDAP Privilege
Sivas SRRcde694c2019-09-09 12:20:34 -0500[diff] [blame]553 Disable Other LDAP
Sivas SRR873de8e2019-09-26 00:37:53 -0500[diff] [blame]554 Create LDAP Configuration
555 ${hostname}= Redfish.Get Attribute ${REDFISH_NW_PROTOCOL_URI} HostName
Sivas SRR7d7bae32019-05-29 00:31:14 -0500[diff] [blame]556
557
Sivas SRR939b4b12019-06-26 00:01:59 -0500[diff] [blame]558Set Read Privilege And Check Firmware Inventory
559 [Documentation] Set read privilege and check firmware inventory.
560 [Arguments] ${read_privilege}
561
562 # Description of argument(s):
563 # read_privilege The read privilege role (e.g. "User" / "Callback").
564
565 Update LDAP Configuration with LDAP User Role And Group ${LDAP_TYPE}
566 ... ${read_privilege} ${GROUP_NAME}
567
568 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
569 # Verify that the LDAP user with read privilege is able to read inventory.
570 ${resp}= Redfish.Get /redfish/v1/UpdateService/FirmwareInventory
571 Should Be True ${resp.dict["Members@odata.count"]} >= ${1}
572 Length Should Be ${resp.dict["Members"]} ${resp.dict["Members@odata.count"]}
Sivas SRRd21c9842019-06-21 05:41:18 -0500[diff] [blame]573 Redfish.Logout
Sivas SRR939b4b12019-06-26 00:01:59 -0500[diff] [blame]574 Redfish.Login
575
576
577Set Read Privilege And Check Poweron
578 [Documentation] Set read privilege and power on should not be possible.
579 [Arguments] ${read_privilege}
580
581 # Description of argument(s):
582 # read_privilege The read privilege role (e.g. "User" / "Callback").
583
584 Update LDAP Configuration with LDAP User Role And Group ${LDAP_TYPE}
585 ... ${read_privilege} ${GROUP_NAME}
586 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
587 Redfish.Post ${REDFISH_POWER_URI}
588 ... body={'ResetType': 'On'} valid_status_codes=[401, 403]
589 Redfish.Logout
590 Redfish.Login
Sivas SRRd21c9842019-06-21 05:41:18 -0500[diff] [blame]591
592
Sivas SRR7d7bae32019-05-29 00:31:14 -0500[diff] [blame]593Get LDAP Configuration
594 [Documentation] Retrieve LDAP Configuration.
595 [Arguments] ${ldap_type}
596
597 # Description of argument(s):
598 # ldap_type The LDAP type ("ActiveDirectory" or "LDAP").
599
600 ${ldap_config}= Redfish.Get Properties ${REDFISH_BASE_URI}AccountService
601 [Return] ${ldap_config["${ldap_type}"]}
Sivas SRR108f9d32019-06-03 10:05:34 -0500[diff] [blame]602
603
604Update LDAP Configuration with LDAP User Role And Group
605 [Documentation] Update LDAP configuration update with LDAP user Role and group.
606 [Arguments] ${ldap_type} ${group_privilege} ${group_name}
607
608 # Description of argument(s):
609 # ldap_type The LDAP type ("ActiveDirectory" or "LDAP").
610 # group_privilege The group privilege ("Administrator", "Operator", "User" or "Callback").
611 # group_name The group name of user.
612
613 ${local_role_remote_group}= Create Dictionary LocalRole=${group_privilege} RemoteGroup=${group_name}
614 ${remote_role_mapping}= Create List ${local_role_remote_group}
615 ${ldap_data}= Create Dictionary RemoteRoleMapping=${remote_role_mapping}
616 ${payload}= Create Dictionary ${ldap_type}=${ldap_data}
617 Redfish.Patch ${REDFISH_BASE_URI}AccountService body=&{payload}
Sivas SRR939b4b12019-06-26 00:01:59 -0500[diff] [blame]618 # Provide adequate time for LDAP daemon to restart after the update.
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]619 Sleep 15s
Sivas SRR108f9d32019-06-03 10:05:34 -0500[diff] [blame]620
Sivas SRRf4ec6492019-06-16 01:59:30 -0500[diff] [blame]621
622Get LDAP Privilege
623 [Documentation] Get LDAP privilege and return it.
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]624
Sivas SRRf4ec6492019-06-16 01:59:30 -0500[diff] [blame]625 ${ldap_config}= Get LDAP Configuration ${LDAP_TYPE}
Sivas SRRe9a47862019-08-05 07:13:43 -0500[diff] [blame]626 ${num_list_entries}= Get Length ${ldap_config["RemoteRoleMapping"]}
627 Return From Keyword If ${num_list_entries} == ${0} @{EMPTY}
628
Sivas SRRf4ec6492019-06-16 01:59:30 -0500[diff] [blame]629 [Return] ${ldap_config["RemoteRoleMapping"][0]["LocalRole"]}
630
631
632Restore LDAP Privilege
633 [Documentation] Restore the LDAP privilege to its original value.
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]634
Sivas SRR939b4b12019-06-26 00:01:59 -0500[diff] [blame]635 Return From Keyword If '${old_ldap_privilege}' == '${EMPTY}'
636 # Log back in to restore the original privilege.
Sivas SRRf4ec6492019-06-16 01:59:30 -0500[diff] [blame]637 Update LDAP Configuration with LDAP User Role And Group ${LDAP_TYPE}
638 ... ${old_ldap_privilege} ${GROUP_NAME}