Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / openbmc-test-automation / cde694c5aae0ca63a2dbd646c4b9e1e5728beb1a / . / redfish / account_service / test_ldap_configuration.robot
blob: 7880b0306ece8f6ce9850ab11a296f4faa54f2a7 [file] [log] [blame]
Sivas SRR7d7bae32019-05-29 00:31:14 -0500[diff] [blame]1*** Settings ***
2Documentation Test Redfish LDAP user configuration.
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]3
Sivas SRRd21c9842019-06-21 05:41:18 -0500[diff] [blame]4Library ../../lib/gen_robot_valid.py
Sivas SRR7d7bae32019-05-29 00:31:14 -0500[diff] [blame]5Resource ../../lib/resource.robot
6Resource ../../lib/bmc_redfish_resource.robot
7Resource ../../lib/openbmc_ffdc.robot
Sivas SRRf4ec6492019-06-16 01:59:30 -0500[diff] [blame]8Library ../../lib/gen_robot_valid.py
Sivas SRR7d7bae32019-05-29 00:31:14 -0500[diff] [blame]9
10Suite Setup Suite Setup Execution
Sivas SRR939b4b12019-06-26 00:01:59 -0500[diff] [blame]11Suite Teardown Run Keywords Restore LDAP Privilege AND Redfish.Logout
Sivas SRRf4ec6492019-06-16 01:59:30 -0500[diff] [blame]12Test Teardown FFDC On Test Case Fail
Sivas SRR7d7bae32019-05-29 00:31:14 -0500[diff] [blame]13
Sivas SRR9358b5c2019-06-06 04:57:03 -0500[diff] [blame]14Force Tags LDAP_Test
15
Sivas SRRf4ec6492019-06-16 01:59:30 -0500[diff] [blame]16*** Variables ***
17${old_ldap_privilege} ${EMPTY}
Sivas SRRd21c9842019-06-21 05:41:18 -0500[diff] [blame]18&{old_account_service} &{EMPTY}
Sivas SRRb1b85752019-07-04 01:28:28 -0500[diff] [blame]19&{old_ldap_config} &{EMPTY}
Sivas SRRf4ec6492019-06-16 01:59:30 -0500[diff] [blame]20
Sivas SRR7d7bae32019-05-29 00:31:14 -0500[diff] [blame]21** Test Cases **
22
Sivas SRRb1b85752019-07-04 01:28:28 -0500[diff] [blame]23Verify LDAP Configuration Created
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]24 [Documentation] Verify that LDAP configuration created.
Sivas SRRb1b85752019-07-04 01:28:28 -0500[diff] [blame]25 [Tags] Verify_LDAP_Configuration_Created
26
27 Create LDAP Configuration
28 # Call 'Get LDAP Configuration' to verify that LDAP configuration exists.
29 Get LDAP Configuration ${LDAP_TYPE}
30 Sleep 10s
31 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
32 Redfish.Logout
33 Redfish.Login
34
35
36Verify LDAP Service Disable
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]37 [Documentation] Verify that LDAP is disabled and that LDAP user cannot
38 ... login.
Sivas SRRb1b85752019-07-04 01:28:28 -0500[diff] [blame]39 [Tags] Verify_LDAP_Service_Disable
40
41 Redfish.Patch ${REDFISH_BASE_URI}AccountService
42 ... body={'${LDAP_TYPE}': {'ServiceEnabled': ${False}}}
43 Sleep 15s
44 ${resp}= Run Keyword And Return Status Redfish.Login ${LDAP_USER}
45 ... ${LDAP_USER_PASSWORD}
46 Should Be Equal ${resp} ${False} msg=LDAP user was able to login even though the LDAP service was disabled.
47 Redfish.Logout
48 Redfish.Login
49 # Enabling LDAP so that LDAP user works.
50 Redfish.Patch ${REDFISH_BASE_URI}AccountService
51 ... body={'${LDAP_TYPE}': {'ServiceEnabled': ${True}}}
52 Redfish.Logout
53 Redfish.Login
54
55
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]56Verify LDAP Login With ServiceEnabled
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]57 [Documentation] Verify that LDAP Login with ServiceEnabled.
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]58 [Tags] Verify_LDAP_Login_With_ServiceEnabled
59
60 Disable Other LDAP
61 # Actual service enablement.
62 Redfish.Patch ${REDFISH_BASE_URI}AccountService
63 ... body={'${LDAP_TYPE}': {'ServiceEnabled': ${True}}}
64 Sleep 15s
65 # After update, LDAP login.
66 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
67 Redfish.Logout
68 Redfish.Login
69
70
71Verify LDAP Login With Correct AuthenticationType
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]72 [Documentation] Verify that LDAP Login with right AuthenticationType.
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]73 [Tags] Verify_LDAP_Login_With_Correct_AuthenticationType
74
75 Redfish.Patch ${REDFISH_BASE_URI}AccountService
76 ... body={'${ldap_type}': {'Authentication': {'AuthenticationType':'UsernameAndPassword'}}}
77 Sleep 15s
78 # After update, LDAP login.
79 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
80 Redfish.Logout
81 Redfish.Login
82
83
84Verify LDAP Config Update With Incorrect AuthenticationType
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]85 [Documentation] Verify that invalid AuthenticationType is not updated.
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]86 [Tags] Verify_LDAP_Update_With_Incorrect_AuthenticationType
87
88 Redfish.Patch ${REDFISH_BASE_URI}AccountService
89 ... body={'${ldap_type}': {'Authentication': {'AuthenticationType':'KerberosKeytab'}}} valid_status_codes=[400]
90
91
92Verify LDAP Login With Correct LDAP URL
93 [Documentation] Verify LDAP Login with right LDAP URL.
94 [Tags] Verify_LDAP_Login_With_Correct_LDAP_URL
95
96 Config LDAP URL ${LDAP_SERVER_URI}
97
98
99Verify LDAP Config Update With Incorrect LDAP URL
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]100 [Documentation] Verify that LDAP Login fails with invalid LDAP URL.
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]101 [Tags] Verify_LDAP_Config_Update_With_Incorrect_LDAP_URL
102 [Teardown] Run Keywords Restore LDAP URL AND
103 ... FFDC On Test Case Fail
104
105 Config LDAP URL "ldap://1.2.3.4"
106
107
Sivas SRR7d7bae32019-05-29 00:31:14 -0500[diff] [blame]108Verify LDAP Configuration Exist
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]109 [Documentation] Verify that LDAP configuration is available.
Sivas SRR7d7bae32019-05-29 00:31:14 -0500[diff] [blame]110 [Tags] Verify_LDAP_Configuration_Exist
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]111
Sivas SRR7d7bae32019-05-29 00:31:14 -0500[diff] [blame]112 ${resp}= Redfish.Get Attribute ${REDFISH_BASE_URI}AccountService
113 ... ${LDAP_TYPE} default=${EMPTY}
114 Should Not Be Empty ${resp} msg=LDAP configuration is not defined.
115
116
117Verify LDAP User Login
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]118 [Documentation] Verify that LDAP user able to login into BMC.
Sivas SRR7d7bae32019-05-29 00:31:14 -0500[diff] [blame]119 [Tags] Verify_LDAP_User_Login
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]120
121 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
Sivas SRR939b4b12019-06-26 00:01:59 -0500[diff] [blame]122 Redfish.Logout
123 Redfish.Login
Sivas SRR7d7bae32019-05-29 00:31:14 -0500[diff] [blame]124
125
126Verify LDAP Service Available
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]127 [Documentation] Verify that LDAP service is available.
Sivas SRR7d7bae32019-05-29 00:31:14 -0500[diff] [blame]128 [Tags] Verify_LDAP_Service_Available
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]129
Sivas SRR7d7bae32019-05-29 00:31:14 -0500[diff] [blame]130 @{ldap_configuration}= Get LDAP Configuration ${LDAP_TYPE}
131 Should Contain ${ldap_configuration} LDAPService
132 ... msg=LDAPService is not available.
133
134
Sivas SRR108f9d32019-06-03 10:05:34 -0500[diff] [blame]135Verify LDAP Login Works After BMC Reboot
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]136 [Documentation] Verify that LDAP login works after BMC reboot.
Sivas SRR108f9d32019-06-03 10:05:34 -0500[diff] [blame]137 [Tags] Verify_LDAP_Login_Works_After_BMC_Reboot
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]138
Sivas SRR108f9d32019-06-03 10:05:34 -0500[diff] [blame]139 Redfish OBMC Reboot (off)
140 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
141 Redfish.Logout
Sivas SRR939b4b12019-06-26 00:01:59 -0500[diff] [blame]142 Redfish.Login
Sivas SRR108f9d32019-06-03 10:05:34 -0500[diff] [blame]143
144
145Verify LDAP User With Admin Privilege Able To Do BMC Reboot
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]146 [Documentation] Verify that LDAP user with administrator privilege able to do BMC reboot.
Sivas SRR108f9d32019-06-03 10:05:34 -0500[diff] [blame]147 [Tags] Verify_LDAP_User_With_Admin_Privilege_Able_To_Do_BMC_Reboot
148
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]149
Sivas SRR108f9d32019-06-03 10:05:34 -0500[diff] [blame]150 Update LDAP Configuration with LDAP User Role And Group ${LDAP_TYPE}
151 ... ${GROUP_PRIVILEGE} ${GROUP_NAME}
152 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
153 # With LDAP user and with right privilege trying to do BMC reboot.
154 Redfish OBMC Reboot (off)
155 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
156 Redfish.Logout
Sivas SRR939b4b12019-06-26 00:01:59 -0500[diff] [blame]157 Redfish.Login
Sivas SRR108f9d32019-06-03 10:05:34 -0500[diff] [blame]158
159
Sivas SRR2b83ec02019-07-12 11:30:20 -0500[diff] [blame]160Verify LDAP User With Operator Privilege Able To Do Host Poweroff
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]161 [Documentation] Verify that LDAP user with operator privilege can do host
162 ... power off.
Sivas SRR2b83ec02019-07-12 11:30:20 -0500[diff] [blame]163 [Tags] Verify_LDAP_User_With_Operator_Privilege_Able_To_Do_Host_Poweroff
Sivas SRRf4ec6492019-06-16 01:59:30 -0500[diff] [blame]164 [Teardown] Restore LDAP Privilege
165
Sivas SRRf4ec6492019-06-16 01:59:30 -0500[diff] [blame]166 Update LDAP Configuration with LDAP User Role And Group ${LDAP_TYPE}
167 ... Operator ${GROUP_NAME}
Sivas SRRf4ec6492019-06-16 01:59:30 -0500[diff] [blame]168
Sivas SRRf4ec6492019-06-16 01:59:30 -0500[diff] [blame]169 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
Sivas SRR2b83ec02019-07-12 11:30:20 -0500[diff] [blame]170 # Verify that the LDAP user with operator privilege is able to power the system off.
171 Redfish.Post ${REDFISH_POWER_URI}
Sivas SRR3d82b3c2019-07-12 12:20:04 -0500[diff] [blame]172 ... body={'ResetType': 'ForceOff'} valid_status_codes=[200]
Sivas SRRf4ec6492019-06-16 01:59:30 -0500[diff] [blame]173 Redfish.Logout
Sivas SRR939b4b12019-06-26 00:01:59 -0500[diff] [blame]174 Redfish.Login
Sivas SRRf4ec6492019-06-16 01:59:30 -0500[diff] [blame]175
176
Sivas SRRd21c9842019-06-21 05:41:18 -0500[diff] [blame]177Verify AccountLockout Attributes Set To Zero
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]178 [Documentation] Verify that attribute AccountLockoutDuration and
Sivas SRRd21c9842019-06-21 05:41:18 -0500[diff] [blame]179 ... AccountLockoutThreshold are set to 0.
180 [Teardown] Run Keywords Restore AccountLockout Attributes AND
181 ... FFDC On Test Case Fail
182 [Tags] Verify_AccountLockout_Attributes_Set_To_Zero
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]183
Sivas SRRd21c9842019-06-21 05:41:18 -0500[diff] [blame]184 ${old_account_service}= Redfish.Get Properties
185 ... ${REDFISH_BASE_URI}AccountService
Michael Walsh39c00512019-07-17 10:54:06 -0500[diff] [blame]186 Rprint Vars old_account_service
Sivas SRRd21c9842019-06-21 05:41:18 -0500[diff] [blame]187 Redfish.Patch ${REDFISH_BASE_URI}AccountService
188 ... body=[('AccountLockoutDuration', 0)]
189 Redfish.Patch ${REDFISH_BASE_URI}AccountService
190 ... body=[('AccountLockoutThreshold', 0)]
191
192
Sivas SRR939b4b12019-06-26 00:01:59 -0500[diff] [blame]193Verify LDAP User With Read Privilege Able To Check Inventory
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]194 [Documentation] Verify that LDAP user with read privilege able to
Sivas SRR939b4b12019-06-26 00:01:59 -0500[diff] [blame]195 ... read firmware inventory.
196 [Tags] Verify_LDAP_User_With_Read_Privilege_Able_To_Check_Inventory
197 [Teardown] Run Keywords FFDC On Test Case Fail AND Restore LDAP Privilege
198 [Template] Set Read Privilege And Check Firmware Inventory
199
200 User
201 Callback
202
203
204Verify LDAP User With Read Privilege Should Not Do Host Poweron
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]205 [Documentation] Verify that LDAP user with read privilege should not be
Sivas SRR939b4b12019-06-26 00:01:59 -0500[diff] [blame]206 ... allowed to power on the host.
207 [Tags] Verify_LDAP_User_With_Read_Privilege_Should_Not_Do_Host_Poweron
208 [Teardown] Run Keywords FFDC On Test Case Fail AND Restore LDAP Privilege
209 [Template] Set Read Privilege And Check Poweron
210
211 User
212 Callback
213
214
Sivas SRRe9a47862019-08-05 07:13:43 -0500[diff] [blame]215Update LDAP Group Name And Verify Operations
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]216 [Documentation] Verify that LDAP group name update and able to do right
217 ... operations.
Sivas SRRe9a47862019-08-05 07:13:43 -0500[diff] [blame]218 [Tags] Update_LDAP_Group_Name_And_Verify_Operations
219 [Template] Update LDAP Config And Verify Set Host Name
220 [Teardown] Restore LDAP Privilege
221
222 # group_name group_privilege valid_status_codes
223 ${GROUP_NAME} Administrator [${HTTP_OK}]
224 ${GROUP_NAME} Operator [${HTTP_UNAUTHORIZED}, ${HTTP_FORBIDDEN}]
225 ${GROUP_NAME} User [${HTTP_UNAUTHORIZED}, ${HTTP_FORBIDDEN}]
226 ${GROUP_NAME} Callback [${HTTP_UNAUTHORIZED}, ${HTTP_FORBIDDEN}]
227 Invalid_LDAP_Group_Name Administrator [${HTTP_UNAUTHORIZED}, ${HTTP_FORBIDDEN}]
228 Invalid_LDAP_Group_Name Operator [${HTTP_UNAUTHORIZED}, ${HTTP_FORBIDDEN}]
229 Invalid_LDAP_Group_Name User [${HTTP_UNAUTHORIZED}, ${HTTP_FORBIDDEN}]
230 Invalid_LDAP_Group_Name Callback [${HTTP_UNAUTHORIZED}, ${HTTP_FORBIDDEN}]
231
232
Sivas SRRa031d2d2019-08-16 07:49:52 -0500[diff] [blame]233Verify LDAP BaseDN Update And LDAP Login
234 [Documentation] Update LDAP BaseDN of LDAP configuration and verify
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]235 ... that LDAP login works.
Sivas SRRa031d2d2019-08-16 07:49:52 -0500[diff] [blame]236 [Tags] Verify_LDAP_BaseDN_Update_And_LDAP_Login
237
238
239 ${body}= Catenate {'${LDAP_TYPE}': { 'LDAPService': {'SearchSettings':
240 ... {'BaseDistinguishedNames': ['${LDAP_BASE_DN}']}}}}
241 Redfish.Patch ${REDFISH_BASE_URI}AccountService body=${body}
242 Sleep 15s
243 Redfish Verify LDAP Login
244
245
246Verify LDAP BindDN Update And LDAP Login
247 [Documentation] Update LDAP BindDN of LDAP configuration and verify
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]248 ... that LDAP login works.
Sivas SRRa031d2d2019-08-16 07:49:52 -0500[diff] [blame]249 [Tags] Verify_LDAP_BindDN_Update_And_LDAP_Login
250
251 ${body}= Catenate {'${LDAP_TYPE}': { 'Authentication':
252 ... {'AuthenticationType':'UsernameAndPassword', 'Username':
253 ... '${LDAP_BIND_DN}'}}}
254 Redfish.Patch ${REDFISH_BASE_URI}AccountService body=${body}
255 Sleep 15s
256 Redfish Verify LDAP Login
257
258
259Verify LDAP BindDN Password Update And LDAP Login
260 [Documentation] Update LDAP BindDN password of LDAP configuration and
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]261 ... verify that LDAP login works.
Sivas SRRa031d2d2019-08-16 07:49:52 -0500[diff] [blame]262 [Tags] Verify_LDAP_BindDN_Passsword_Update_And_LDAP_Login
263
264
265 ${body}= Catenate {'${LDAP_TYPE}': { 'Authentication':
266 ... {'AuthenticationType':'UsernameAndPassword', 'Password':
267 ... '${LDAP_BIND_DN_PASSWORD}'}}}
268 Redfish.Patch ${REDFISH_BASE_URI}AccountService body=${body}
269 Sleep 15s
270 Redfish Verify LDAP Login
271
272
273Verify LDAP Type Update And LDAP Login
274 [Documentation] Update LDAP type of LDAP configuration and verify
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]275 ... that LDAP login works.
Sivas SRRa031d2d2019-08-16 07:49:52 -0500[diff] [blame]276 [Tags] Verify_LDAP_Type_Update_And_LDAP_Login
277
278 Disable Other LDAP
279 Redfish.Patch ${REDFISH_BASE_URI}AccountService
280 ... body={'${LDAP_TYPE}': {'ServiceEnabled': ${True}}}
281 Sleep 15s
282 Redfish Verify LDAP Login
283
284
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]285Verify Authorization With Null Privilege
286 [Documentation] Verify the failure of LDAP authorization with empty
287 ... privilege.
288 [Tags] Verify_LDAP_Authorization_With_Null_Privilege
289 [Setup] Create LDAP Configuration
290 [Teardown] Restore LDAP Privilege
291
292 Update LDAP Config And Verify Set Host Name ${GROUP_NAME} ${EMPTY}
293 ... [${HTTP_FORBIDDEN}]
294
295
296Verify Authorization With Invalid Privilege
297 [Documentation] Verify that LDAP user authorization with wrong privilege
298 ... fails.
299 [Tags] Verify_LDAP_Authorization_With_Invalid_Privilege
300 [Setup] Create LDAP Configuration
301 [Teardown] Restore LDAP Privilege
302
303 Update LDAP Config And Verify Set Host Name ${GROUP_NAME}
304 ... Invalid_Privilege [${HTTP_FORBIDDEN}]
305
306
307Verify LDAP Login With Invalid Data
308 [Documentation] Verify that LDAP login with Invalid LDAP data and
309 ... right LDAP user fails.
310 [Tags] Verify_LDAP_Login_With_Invalid_Data
311 [Teardown] Run Keywords FFDC On Test Case Fail AND
312 ... Create LDAP Configuration
313
314 Create LDAP Configuration ${LDAP_TYPE} Invalid_LDAP_Server_URI
315 ... Invalid_LDAP_BIND_DN LDAP_BIND_DN_PASSWORD
316 ... Invalid_LDAP_BASE_DN
317 Sleep 15s
318 Redfish Verify LDAP Login ${False}
319
320
321Verify LDAP Config Creation Without BASE_DN
322 [Documentation] Verify that LDAP login with LDAP configuration
323 ... created without BASE_DN fails.
324 [Tags] Verify_LDAP_Config_Creation_Without_BASE_DN
325 [Teardown] Run Keywords FFDC On Test Case Fail AND
326 ... Create LDAP Configuration
327
328 Create LDAP Configuration ${LDAP_TYPE} Invalid_LDAP_Server_URI
329 ... Invalid_LDAP_BIND_DN LDAP_BIND_DN_PASSWORD ${EMPTY}
330 Sleep 15s
331 Redfish Verify LDAP Login ${False}
332
333
334Verify LDAP Authentication Without Password
335 [Documentation] Verify that LDAP user authentication without LDAP
336 ... user password fails.
337 [Tags] Verify_LDAP_Authentication_Without_Password
338 [Setup] Create LDAP Configuration
339
340 ${status}= Run Keyword And Return Status Redfish.Login ${LDAP_USER}
341 Valid Value status [${False}]
342
343
Sivas SRRcde694c2019-09-09 12:20:34 -0500[diff] [blame^]344Verify LDAP Login With Invalid BASE_DN
345 [Documentation] Verify that LDAP login with invalid BASE_DN and
346 ... valid LDAP user fails.
347 [Tags] Verify_LDAP_Login_With_Invalid_BASE_DN
348 [Teardown] Run Keywords FFDC On Test Case Fail AND
349 ... Create LDAP Configuration
350
351 Create LDAP Configuration ${LDAP_TYPE} ${LDAP_SERVER_URI}
352 ... ${LDAP_BIND_DN} ${LDAP_BIND_DN_PASSWORD} Invalid_LDAP_BASE_DN
353 Sleep 15s
354 Redfish Verify LDAP Login ${False}
355
356
357Verify LDAP Login With Invalid BIND_DN_PASSWORD
358 [Documentation] Verify that LDAP login with invalid BIND_DN_PASSWORD and
359 ... valid LDAP user fails.
360 [Tags] Verify_LDAP_Login_With_Invalid_BIND_DN_PASSWORD
361 [Teardown] Run Keywords FFDC On Test Case Fail AND
362 ... Create LDAP Configuration
363
364 Create LDAP Configuration ${LDAP_TYPE} ${LDAP_SERVER_URI}
365 ... ${LDAP_BIND_DN} INVALID_LDAP_BIND_DN_PASSWORD ${LDAP_BASE_DN}
366 Sleep 15s
367 Redfish Verify LDAP Login ${False}
368
369
370Verify LDAP Login With Invalid BASE_DN And Invalid BIND_DN
371 [Documentation] Verify that LDAP login with invalid BASE_DN and invalid
372 ... BIND_DN and valid LDAP user fails.
373 [Tags] Verify_LDAP_Login_With_Invalid_BASE_DN_And_Invalid_BIND_DN
374 [Teardown] Run Keywords FFDC On Test Case Fail AND
375 ... Create LDAP Configuration
376
377 Create LDAP Configuration ${LDAP_TYPE} ${LDAP_SERVER_URI}
378 ... INVALID_LDAP_BIND_DN ${LDAP_BIND_DN_PASSWORD} INVALID_LDAP_BASE_DN
379 Sleep 15s
380 Redfish Verify LDAP Login ${False}
381
382
383Verify Group Name And Group Privilege Able To Modify
384 [Documentation] Verify that LDAP group name and group privilege able to
385 ... modify.
386 [Tags] Verify_Group_Name_And_Group_Privilege_Able_To_Modify
387 [Setup] Run Keywords Create LDAP Configuration AND
388 ... Update LDAP Configuration with LDAP User Role And Group
389 ... ${LDAP_TYPE} Operator ${GROUP_NAME}
390
391 Update LDAP Configuration with LDAP User Role And Group ${LDAP_TYPE}
392 ... Administrator ${GROUP_NAME}
393
394
395Verify LDAP Login With Invalid BIND_DN
396 [Documentation] Verify that LDAP login with invalid BIND_DN and
397 ... valid LDAP user fails.
398 [Tags] Verify_LDAP_Login_With_Invalid_BIND_DN
399 [Teardown] Run Keywords FFDC On Test Case Fail AND
400 ... Create LDAP Configuration
401
402 Create LDAP Configuration ${LDAP_TYPE} ${LDAP_SERVER_URI}
403 ... Invalid_LDAP_BIND_DN ${LDAP_BIND_DN_PASSWORD} ${LDAP_BASE_DN}
404 Sleep 15s
405 Redfish Verify LDAP Login ${False}
406
407
408Verify LDAP Authentication With Invalid LDAP User
409 [Documentation] Verify that LDAP user authentication for user not exist
410 ... in LDAP server and fails.
411 [Tags] Verify_LDAP_Authentication_With_Invalid_LDAP_User
412 [Setup] Create LDAP Configuration
413
414 ${status}= Run Keyword And Return Status Redfish.Login INVALID_LDAP_USER
415 ... ${LDAP_USER_PASSWORD}
416 Valid Value status [${False}]
417
418
Sivas SRR7d7bae32019-05-29 00:31:14 -0500[diff] [blame]419*** Keywords ***
Sivas SRRd21c9842019-06-21 05:41:18 -0500[diff] [blame]420
Sivas SRRa031d2d2019-08-16 07:49:52 -0500[diff] [blame]421Redfish Verify LDAP Login
422 [Documentation] LDAP user log into BMC.
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]423 [Arguments] ${valid_status}=${True}
424
425 # Description of argument(s):
426 # valid_status Expected status of LDAP login ("True" or "False").
Sivas SRRa031d2d2019-08-16 07:49:52 -0500[diff] [blame]427
428 # According to our repo coding rules, Redfish.Login is to be done in Suite
429 # Setup and Redfish.Logout is to be done in Suite Teardown. For any
430 # deviation from this rule (such as in this keyword), the deviant code
431 # must take steps to restore us to our original logged-in state.
432
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]433 ${status}= Run Keyword And Return Status Redfish.Login ${LDAP_USER}
434 ... ${LDAP_USER_PASSWORD}
435 Valid Value status [${valid_status}]
Sivas SRRa031d2d2019-08-16 07:49:52 -0500[diff] [blame]436 Redfish.Logout
437 Redfish.Login
438
439
Sivas SRRe9a47862019-08-05 07:13:43 -0500[diff] [blame]440Update LDAP Config And Verify Set Host Name
441 [Documentation] Update LDAP config and verify by attempting to set host name.
442 [Arguments] ${group_name} ${group_privilege}=Administrator
443 ... ${valid_status_codes}=[${HTTP_OK}]
444
445 # Description of argument(s):
446 # group_name The group name of user.
447 # group_privilege The group privilege ("Administrator",
448 # "Operator", "User" or "Callback").
449 # valid_status_codes Expected return code(s) from patch
450 # operation (e.g. "200") used to update
451 # HostName. See prolog of rest_request
452 # method in redfish_plut.py for details.
453 Update LDAP Configuration with LDAP User Role And Group ${LDAP_TYPE}
454 ... ${group_privilege} ${group_name}
455 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
456 # Verify that the LDAP user in ${group_name} with the given privilege is
457 # allowed to change the hostname.
458 ${hostname}= Redfish_Utils.Get Attribute ${REDFISH_NW_PROTOCOL_URI} HostName
459 Redfish.Patch ${REDFISH_NW_PROTOCOL_URI} body={'HostName': '${hostname}'}
460 ... valid_status_codes=${valid_status_codes}
461 Redfish.Logout
462 Redfish.Login
463
464
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]465Disable Other LDAP
466 [Documentation] Disable other LDAP configuration.
467
468 # First disable other LDAP.
469 ${inverse_ldap_type}= Set Variable If '${LDAP_TYPE}' == 'LDAP' ActiveDirectory LDAP
470 Redfish.Patch ${REDFISH_BASE_URI}AccountService
471 ... body={'${inverse_ldap_type}': {'ServiceEnabled': ${False}}}
472 Sleep 15s
473
474
Sivas SRRb1b85752019-07-04 01:28:28 -0500[diff] [blame]475Create LDAP Configuration
476 [Documentation] Create LDAP configuration.
477 [Arguments] ${ldap_type}=${LDAP_TYPE} ${ldap_server_uri}=${LDAP_SERVER_URI}
478 ... ${ldap_bind_dn}=${LDAP_BIND_DN} ${ldap_bind_dn_password}=${LDAP_BIND_DN_PASSWORD}
479 ... ${ldap_base_dn}=${LDAP_BASE_DN}
480
481 # Description of argument(s):
482 # ldap_type The LDAP type ("ActiveDirectory" or "LDAP").
483 # ldap_server_uri LDAP server uri (e.g. ldap://XX.XX.XX.XX).
484 # ldap_bind_dn The LDAP bind distinguished name.
485 # ldap_bind_dn_password The LDAP bind distinguished name password.
486 # ldap_base_dn The LDAP base distinguished name.
487
488 Redfish.Patch ${REDFISH_BASE_URI}AccountService
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]489 ... body={'${ldap_type}': {'ServiceEnabled': ${True}, 'ServiceAddresses': ['${ldap_server_uri}'], 'Authentication': {'AuthenticationType':'UsernameAndPassword', 'Username':'${ldap_bind_dn}', 'Password':'${ldap_bind_dn_password}'}, 'LDAPService': {'SearchSettings': {'BaseDistinguishedNames': ['${ldap_base_dn}']}}}}
Sivas SRRb1b85752019-07-04 01:28:28 -0500[diff] [blame]490 Sleep 15s
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]491
492
493Config LDAP URL
494 [Documentation] Config LDAP URL.
495 [Arguments] ${ldap_server_uri}=${LDAP_SERVER_URI}
496
497 # Description of argument(s):
498 # ldap_server_uri LDAP server uri (e.g. "ldap://XX.XX.XX.XX/").
499
Sivas SRRb1b85752019-07-04 01:28:28 -0500[diff] [blame]500 Redfish.Patch ${REDFISH_BASE_URI}AccountService
501 ... body={'${ldap_type}': {'ServiceAddresses': ['${ldap_server_uri}']}}
502 Sleep 15s
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]503 # After update, LDAP login.
504 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
505 Redfish.Logout
506 Redfish.Login
507
508
509Restore LDAP URL
510 [Documentation] Restore LDAP URL.
511
512 # Restoring the working LDAP server uri.
Sivas SRRb1b85752019-07-04 01:28:28 -0500[diff] [blame]513 Redfish.Patch ${REDFISH_BASE_URI}AccountService
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]514 ... body={'${ldap_type}': {'ServiceAddresses': ['${LDAP_SERVER_URI}']}}
Sivas SRRb1b85752019-07-04 01:28:28 -0500[diff] [blame]515 Sleep 15s
516
517
Sivas SRRd21c9842019-06-21 05:41:18 -0500[diff] [blame]518Restore AccountLockout Attributes
519 [Documentation] Restore AccountLockout Attributes.
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]520
Sivas SRRd21c9842019-06-21 05:41:18 -0500[diff] [blame]521 Return From Keyword If &{old_account_service} == &{EMPTY}
522 Redfish.Patch ${REDFISH_BASE_URI}AccountService
523 ... body=[('AccountLockoutDuration', ${old_account_service['AccountLockoutDuration']})]
524 Redfish.Patch ${REDFISH_BASE_URI}AccountService
525 ... body=[('AccountLockoutDuration', ${old_account_service['AccountLockoutThreshold']})]
526
527
Sivas SRR7d7bae32019-05-29 00:31:14 -0500[diff] [blame]528Suite Setup Execution
529 [Documentation] Do suite setup tasks.
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]530
Michael Walshe7edb222019-08-19 17:39:38 -0500[diff] [blame]531 Valid Value LDAP_TYPE valid_values=["ActiveDirectory", "LDAP"]
532 Valid Value LDAP_USER
533 Valid Value LDAP_USER_PASSWORD
534 Valid Value GROUP_PRIVILEGE
535 Valid Value GROUP_NAME
536 Valid Value LDAP_SERVER_URI
537 Valid Value LDAP_BIND_DN_PASSWORD
538 Valid Value LDAP_BIND_DN
539 Valid Value LDAP_BASE_DN
Sivas SRRe9a47862019-08-05 07:13:43 -0500[diff] [blame]540
Sivas SRRf4ec6492019-06-16 01:59:30 -0500[diff] [blame]541 Redfish.Login
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]542 # Call 'Get LDAP Configuration' to verify that LDAP configuration exists.
543 Get LDAP Configuration ${LDAP_TYPE}
Sivas SRR939b4b12019-06-26 00:01:59 -0500[diff] [blame]544 ${old_ldap_privilege}= Get LDAP Privilege
Sivas SRRcde694c2019-09-09 12:20:34 -0500[diff] [blame^]545 Disable Other LDAP
Sivas SRR7d7bae32019-05-29 00:31:14 -0500[diff] [blame]546
547
Sivas SRR939b4b12019-06-26 00:01:59 -0500[diff] [blame]548Set Read Privilege And Check Firmware Inventory
549 [Documentation] Set read privilege and check firmware inventory.
550 [Arguments] ${read_privilege}
551
552 # Description of argument(s):
553 # read_privilege The read privilege role (e.g. "User" / "Callback").
554
555 Update LDAP Configuration with LDAP User Role And Group ${LDAP_TYPE}
556 ... ${read_privilege} ${GROUP_NAME}
557
558 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
559 # Verify that the LDAP user with read privilege is able to read inventory.
560 ${resp}= Redfish.Get /redfish/v1/UpdateService/FirmwareInventory
561 Should Be True ${resp.dict["Members@odata.count"]} >= ${1}
562 Length Should Be ${resp.dict["Members"]} ${resp.dict["Members@odata.count"]}
Sivas SRRd21c9842019-06-21 05:41:18 -0500[diff] [blame]563 Redfish.Logout
Sivas SRR939b4b12019-06-26 00:01:59 -0500[diff] [blame]564 Redfish.Login
565
566
567Set Read Privilege And Check Poweron
568 [Documentation] Set read privilege and power on should not be possible.
569 [Arguments] ${read_privilege}
570
571 # Description of argument(s):
572 # read_privilege The read privilege role (e.g. "User" / "Callback").
573
574 Update LDAP Configuration with LDAP User Role And Group ${LDAP_TYPE}
575 ... ${read_privilege} ${GROUP_NAME}
576 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
577 Redfish.Post ${REDFISH_POWER_URI}
578 ... body={'ResetType': 'On'} valid_status_codes=[401, 403]
579 Redfish.Logout
580 Redfish.Login
Sivas SRRd21c9842019-06-21 05:41:18 -0500[diff] [blame]581
582
Sivas SRR7d7bae32019-05-29 00:31:14 -0500[diff] [blame]583Get LDAP Configuration
584 [Documentation] Retrieve LDAP Configuration.
585 [Arguments] ${ldap_type}
586
587 # Description of argument(s):
588 # ldap_type The LDAP type ("ActiveDirectory" or "LDAP").
589
590 ${ldap_config}= Redfish.Get Properties ${REDFISH_BASE_URI}AccountService
591 [Return] ${ldap_config["${ldap_type}"]}
Sivas SRR108f9d32019-06-03 10:05:34 -0500[diff] [blame]592
593
594Update LDAP Configuration with LDAP User Role And Group
595 [Documentation] Update LDAP configuration update with LDAP user Role and group.
596 [Arguments] ${ldap_type} ${group_privilege} ${group_name}
597
598 # Description of argument(s):
599 # ldap_type The LDAP type ("ActiveDirectory" or "LDAP").
600 # group_privilege The group privilege ("Administrator", "Operator", "User" or "Callback").
601 # group_name The group name of user.
602
603 ${local_role_remote_group}= Create Dictionary LocalRole=${group_privilege} RemoteGroup=${group_name}
604 ${remote_role_mapping}= Create List ${local_role_remote_group}
605 ${ldap_data}= Create Dictionary RemoteRoleMapping=${remote_role_mapping}
606 ${payload}= Create Dictionary ${ldap_type}=${ldap_data}
607 Redfish.Patch ${REDFISH_BASE_URI}AccountService body=&{payload}
Sivas SRR939b4b12019-06-26 00:01:59 -0500[diff] [blame]608 # Provide adequate time for LDAP daemon to restart after the update.
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]609 Sleep 15s
Sivas SRR108f9d32019-06-03 10:05:34 -0500[diff] [blame]610
Sivas SRRf4ec6492019-06-16 01:59:30 -0500[diff] [blame]611
612Get LDAP Privilege
613 [Documentation] Get LDAP privilege and return it.
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]614
Sivas SRRf4ec6492019-06-16 01:59:30 -0500[diff] [blame]615 ${ldap_config}= Get LDAP Configuration ${LDAP_TYPE}
Sivas SRRe9a47862019-08-05 07:13:43 -0500[diff] [blame]616 ${num_list_entries}= Get Length ${ldap_config["RemoteRoleMapping"]}
617 Return From Keyword If ${num_list_entries} == ${0} @{EMPTY}
618
Sivas SRRf4ec6492019-06-16 01:59:30 -0500[diff] [blame]619 [Return] ${ldap_config["RemoteRoleMapping"][0]["LocalRole"]}
620
621
622Restore LDAP Privilege
623 [Documentation] Restore the LDAP privilege to its original value.
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]624
Sivas SRR939b4b12019-06-26 00:01:59 -0500[diff] [blame]625 Return From Keyword If '${old_ldap_privilege}' == '${EMPTY}'
626 # Log back in to restore the original privilege.
Sivas SRRf4ec6492019-06-16 01:59:30 -0500[diff] [blame]627 Update LDAP Configuration with LDAP User Role And Group ${LDAP_TYPE}
628 ... ${old_ldap_privilege} ${GROUP_NAME}