Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / openbmc-test-automation / dd8e7d80da0bce307c1ebe989db12dee8a025b4c / . / redfish / account_service / test_ldap_configuration.robot
blob: eac05e765f58fe87acc6deff57572dd2e5ee5175 [file] [log] [blame]
Sivas SRR7d7bae32019-05-29 00:31:14 -0500[diff] [blame]1*** Settings ***
2Documentation Test Redfish LDAP user configuration.
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]3
Sivas SRRd21c9842019-06-21 05:41:18 -0500[diff] [blame]4Library ../../lib/gen_robot_valid.py
Sivas SRR7d7bae32019-05-29 00:31:14 -0500[diff] [blame]5Resource ../../lib/resource.robot
6Resource ../../lib/bmc_redfish_resource.robot
7Resource ../../lib/openbmc_ffdc.robot
Sivas SRRf4ec6492019-06-16 01:59:30 -0500[diff] [blame]8Library ../../lib/gen_robot_valid.py
Sivas SRR7d7bae32019-05-29 00:31:14 -0500[diff] [blame]9
10Suite Setup Suite Setup Execution
Sivas SRR939b4b12019-06-26 00:01:59 -0500[diff] [blame]11Suite Teardown Run Keywords Restore LDAP Privilege AND Redfish.Logout
Sivas SRRf4ec6492019-06-16 01:59:30 -0500[diff] [blame]12Test Teardown FFDC On Test Case Fail
Sivas SRR7d7bae32019-05-29 00:31:14 -0500[diff] [blame]13
Sivas SRR9358b5c2019-06-06 04:57:03 -0500[diff] [blame]14Force Tags LDAP_Test
15
Sivas SRRf4ec6492019-06-16 01:59:30 -0500[diff] [blame]16*** Variables ***
Sivas SRR873de8e2019-09-26 00:37:53 -0500[diff] [blame]17${old_ldap_privilege} ${EMPTY}
Sivas SRRd21c9842019-06-21 05:41:18 -0500[diff] [blame]18&{old_account_service} &{EMPTY}
Sivas SRR873de8e2019-09-26 00:37:53 -0500[diff] [blame]19&{old_ldap_config} &{EMPTY}
20${hostname} ${EMPTY}
Sivas SRRf4ec6492019-06-16 01:59:30 -0500[diff] [blame]21
Sivas SRR7d7bae32019-05-29 00:31:14 -0500[diff] [blame]22** Test Cases **
23
Sivas SRRb1b85752019-07-04 01:28:28 -0500[diff] [blame]24Verify LDAP Configuration Created
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]25 [Documentation] Verify that LDAP configuration created.
Sivas SRRb1b85752019-07-04 01:28:28 -0500[diff] [blame]26 [Tags] Verify_LDAP_Configuration_Created
27
28 Create LDAP Configuration
29 # Call 'Get LDAP Configuration' to verify that LDAP configuration exists.
30 Get LDAP Configuration ${LDAP_TYPE}
31 Sleep 10s
32 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
33 Redfish.Logout
34 Redfish.Login
35
36
37Verify LDAP Service Disable
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]38 [Documentation] Verify that LDAP is disabled and that LDAP user cannot
39 ... login.
Sivas SRRb1b85752019-07-04 01:28:28 -0500[diff] [blame]40 [Tags] Verify_LDAP_Service_Disable
41
42 Redfish.Patch ${REDFISH_BASE_URI}AccountService
43 ... body={'${LDAP_TYPE}': {'ServiceEnabled': ${False}}}
44 Sleep 15s
45 ${resp}= Run Keyword And Return Status Redfish.Login ${LDAP_USER}
46 ... ${LDAP_USER_PASSWORD}
George Keishing333bb722019-12-11 11:40:49 -0600[diff] [blame]47 Should Be Equal ${resp} ${False}
48 ... msg=LDAP user was able to login even though the LDAP service was disabled.
Sivas SRRb1b85752019-07-04 01:28:28 -0500[diff] [blame]49 Redfish.Logout
50 Redfish.Login
51 # Enabling LDAP so that LDAP user works.
52 Redfish.Patch ${REDFISH_BASE_URI}AccountService
53 ... body={'${LDAP_TYPE}': {'ServiceEnabled': ${True}}}
54 Redfish.Logout
55 Redfish.Login
56
57
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]58Verify LDAP Login With ServiceEnabled
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]59 [Documentation] Verify that LDAP Login with ServiceEnabled.
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]60 [Tags] Verify_LDAP_Login_With_ServiceEnabled
61
62 Disable Other LDAP
63 # Actual service enablement.
64 Redfish.Patch ${REDFISH_BASE_URI}AccountService
65 ... body={'${LDAP_TYPE}': {'ServiceEnabled': ${True}}}
66 Sleep 15s
67 # After update, LDAP login.
68 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
69 Redfish.Logout
70 Redfish.Login
71
72
73Verify LDAP Login With Correct AuthenticationType
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]74 [Documentation] Verify that LDAP Login with right AuthenticationType.
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]75 [Tags] Verify_LDAP_Login_With_Correct_AuthenticationType
76
77 Redfish.Patch ${REDFISH_BASE_URI}AccountService
78 ... body={'${ldap_type}': {'Authentication': {'AuthenticationType':'UsernameAndPassword'}}}
79 Sleep 15s
80 # After update, LDAP login.
81 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
82 Redfish.Logout
83 Redfish.Login
84
85
86Verify LDAP Config Update With Incorrect AuthenticationType
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]87 [Documentation] Verify that invalid AuthenticationType is not updated.
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]88 [Tags] Verify_LDAP_Update_With_Incorrect_AuthenticationType
89
90 Redfish.Patch ${REDFISH_BASE_URI}AccountService
91 ... body={'${ldap_type}': {'Authentication': {'AuthenticationType':'KerberosKeytab'}}} valid_status_codes=[400]
92
93
94Verify LDAP Login With Correct LDAP URL
95 [Documentation] Verify LDAP Login with right LDAP URL.
96 [Tags] Verify_LDAP_Login_With_Correct_LDAP_URL
97
98 Config LDAP URL ${LDAP_SERVER_URI}
99
100
101Verify LDAP Config Update With Incorrect LDAP URL
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]102 [Documentation] Verify that LDAP Login fails with invalid LDAP URL.
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]103 [Tags] Verify_LDAP_Config_Update_With_Incorrect_LDAP_URL
104 [Teardown] Run Keywords Restore LDAP URL AND
105 ... FFDC On Test Case Fail
106
107 Config LDAP URL "ldap://1.2.3.4"
108
109
Sivas SRR7d7bae32019-05-29 00:31:14 -0500[diff] [blame]110Verify LDAP Configuration Exist
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]111 [Documentation] Verify that LDAP configuration is available.
Sivas SRR7d7bae32019-05-29 00:31:14 -0500[diff] [blame]112 [Tags] Verify_LDAP_Configuration_Exist
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]113
Sivas SRR7d7bae32019-05-29 00:31:14 -0500[diff] [blame]114 ${resp}= Redfish.Get Attribute ${REDFISH_BASE_URI}AccountService
115 ... ${LDAP_TYPE} default=${EMPTY}
116 Should Not Be Empty ${resp} msg=LDAP configuration is not defined.
117
118
119Verify LDAP User Login
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]120 [Documentation] Verify that LDAP user able to login into BMC.
Sivas SRR7d7bae32019-05-29 00:31:14 -0500[diff] [blame]121 [Tags] Verify_LDAP_User_Login
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]122
123 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
Sivas SRR939b4b12019-06-26 00:01:59 -0500[diff] [blame]124 Redfish.Logout
125 Redfish.Login
Sivas SRR7d7bae32019-05-29 00:31:14 -0500[diff] [blame]126
127
128Verify LDAP Service Available
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]129 [Documentation] Verify that LDAP service is available.
Sivas SRR7d7bae32019-05-29 00:31:14 -0500[diff] [blame]130 [Tags] Verify_LDAP_Service_Available
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]131
Sivas SRR7d7bae32019-05-29 00:31:14 -0500[diff] [blame]132 @{ldap_configuration}= Get LDAP Configuration ${LDAP_TYPE}
133 Should Contain ${ldap_configuration} LDAPService
134 ... msg=LDAPService is not available.
135
136
Sivas SRR108f9d32019-06-03 10:05:34 -0500[diff] [blame]137Verify LDAP Login Works After BMC Reboot
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]138 [Documentation] Verify that LDAP login works after BMC reboot.
Sivas SRR108f9d32019-06-03 10:05:34 -0500[diff] [blame]139 [Tags] Verify_LDAP_Login_Works_After_BMC_Reboot
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]140
Sivas SRR108f9d32019-06-03 10:05:34 -0500[diff] [blame]141 Redfish OBMC Reboot (off)
142 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
143 Redfish.Logout
Sivas SRR939b4b12019-06-26 00:01:59 -0500[diff] [blame]144 Redfish.Login
Sivas SRR108f9d32019-06-03 10:05:34 -0500[diff] [blame]145
146
147Verify LDAP User With Admin Privilege Able To Do BMC Reboot
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]148 [Documentation] Verify that LDAP user with administrator privilege able to do BMC reboot.
Sivas SRR108f9d32019-06-03 10:05:34 -0500[diff] [blame]149 [Tags] Verify_LDAP_User_With_Admin_Privilege_Able_To_Do_BMC_Reboot
150
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]151
Sivas SRR108f9d32019-06-03 10:05:34 -0500[diff] [blame]152 Update LDAP Configuration with LDAP User Role And Group ${LDAP_TYPE}
153 ... ${GROUP_PRIVILEGE} ${GROUP_NAME}
154 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
155 # With LDAP user and with right privilege trying to do BMC reboot.
156 Redfish OBMC Reboot (off)
157 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
158 Redfish.Logout
Sivas SRR939b4b12019-06-26 00:01:59 -0500[diff] [blame]159 Redfish.Login
Sivas SRR108f9d32019-06-03 10:05:34 -0500[diff] [blame]160
161
Sivas SRR2b83ec02019-07-12 11:30:20 -0500[diff] [blame]162Verify LDAP User With Operator Privilege Able To Do Host Poweroff
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]163 [Documentation] Verify that LDAP user with operator privilege can do host
164 ... power off.
Sivas SRR2b83ec02019-07-12 11:30:20 -0500[diff] [blame]165 [Tags] Verify_LDAP_User_With_Operator_Privilege_Able_To_Do_Host_Poweroff
Sivas SRRf4ec6492019-06-16 01:59:30 -0500[diff] [blame]166 [Teardown] Restore LDAP Privilege
167
Sivas SRRf4ec6492019-06-16 01:59:30 -0500[diff] [blame]168 Update LDAP Configuration with LDAP User Role And Group ${LDAP_TYPE}
169 ... Operator ${GROUP_NAME}
Sivas SRRf4ec6492019-06-16 01:59:30 -0500[diff] [blame]170
Sivas SRRf4ec6492019-06-16 01:59:30 -0500[diff] [blame]171 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
Sivas SRR2b83ec02019-07-12 11:30:20 -0500[diff] [blame]172 # Verify that the LDAP user with operator privilege is able to power the system off.
173 Redfish.Post ${REDFISH_POWER_URI}
Sivas SRR3d82b3c2019-07-12 12:20:04 -0500[diff] [blame]174 ... body={'ResetType': 'ForceOff'} valid_status_codes=[200]
Sivas SRRf4ec6492019-06-16 01:59:30 -0500[diff] [blame]175 Redfish.Logout
Sivas SRR939b4b12019-06-26 00:01:59 -0500[diff] [blame]176 Redfish.Login
Sivas SRRf4ec6492019-06-16 01:59:30 -0500[diff] [blame]177
178
Sivas SRRd21c9842019-06-21 05:41:18 -0500[diff] [blame]179Verify AccountLockout Attributes Set To Zero
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]180 [Documentation] Verify that attribute AccountLockoutDuration and
Sivas SRRd21c9842019-06-21 05:41:18 -0500[diff] [blame]181 ... AccountLockoutThreshold are set to 0.
182 [Teardown] Run Keywords Restore AccountLockout Attributes AND
183 ... FFDC On Test Case Fail
184 [Tags] Verify_AccountLockout_Attributes_Set_To_Zero
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]185
Sivas SRRd21c9842019-06-21 05:41:18 -0500[diff] [blame]186 ${old_account_service}= Redfish.Get Properties
187 ... ${REDFISH_BASE_URI}AccountService
Michael Walsh39c00512019-07-17 10:54:06 -0500[diff] [blame]188 Rprint Vars old_account_service
Sivas SRRd21c9842019-06-21 05:41:18 -0500[diff] [blame]189 Redfish.Patch ${REDFISH_BASE_URI}AccountService
190 ... body=[('AccountLockoutDuration', 0)]
191 Redfish.Patch ${REDFISH_BASE_URI}AccountService
192 ... body=[('AccountLockoutThreshold', 0)]
193
194
Sivas SRR939b4b12019-06-26 00:01:59 -0500[diff] [blame]195Verify LDAP User With Read Privilege Able To Check Inventory
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]196 [Documentation] Verify that LDAP user with read privilege able to
Sivas SRR939b4b12019-06-26 00:01:59 -0500[diff] [blame]197 ... read firmware inventory.
198 [Tags] Verify_LDAP_User_With_Read_Privilege_Able_To_Check_Inventory
199 [Teardown] Run Keywords FFDC On Test Case Fail AND Restore LDAP Privilege
200 [Template] Set Read Privilege And Check Firmware Inventory
201
202 User
203 Callback
204
205
206Verify LDAP User With Read Privilege Should Not Do Host Poweron
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]207 [Documentation] Verify that LDAP user with read privilege should not be
Sivas SRR939b4b12019-06-26 00:01:59 -0500[diff] [blame]208 ... allowed to power on the host.
209 [Tags] Verify_LDAP_User_With_Read_Privilege_Should_Not_Do_Host_Poweron
210 [Teardown] Run Keywords FFDC On Test Case Fail AND Restore LDAP Privilege
211 [Template] Set Read Privilege And Check Poweron
212
213 User
214 Callback
215
216
Sivas SRRe9a47862019-08-05 07:13:43 -0500[diff] [blame]217Update LDAP Group Name And Verify Operations
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]218 [Documentation] Verify that LDAP group name update and able to do right
219 ... operations.
Sivas SRRe9a47862019-08-05 07:13:43 -0500[diff] [blame]220 [Tags] Update_LDAP_Group_Name_And_Verify_Operations
221 [Template] Update LDAP Config And Verify Set Host Name
222 [Teardown] Restore LDAP Privilege
223
224 # group_name group_privilege valid_status_codes
225 ${GROUP_NAME} Administrator [${HTTP_OK}]
226 ${GROUP_NAME} Operator [${HTTP_UNAUTHORIZED}, ${HTTP_FORBIDDEN}]
227 ${GROUP_NAME} User [${HTTP_UNAUTHORIZED}, ${HTTP_FORBIDDEN}]
228 ${GROUP_NAME} Callback [${HTTP_UNAUTHORIZED}, ${HTTP_FORBIDDEN}]
229 Invalid_LDAP_Group_Name Administrator [${HTTP_UNAUTHORIZED}, ${HTTP_FORBIDDEN}]
230 Invalid_LDAP_Group_Name Operator [${HTTP_UNAUTHORIZED}, ${HTTP_FORBIDDEN}]
231 Invalid_LDAP_Group_Name User [${HTTP_UNAUTHORIZED}, ${HTTP_FORBIDDEN}]
232 Invalid_LDAP_Group_Name Callback [${HTTP_UNAUTHORIZED}, ${HTTP_FORBIDDEN}]
233
234
Sivas SRRa031d2d2019-08-16 07:49:52 -0500[diff] [blame]235Verify LDAP BaseDN Update And LDAP Login
236 [Documentation] Update LDAP BaseDN of LDAP configuration and verify
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]237 ... that LDAP login works.
Sivas SRRa031d2d2019-08-16 07:49:52 -0500[diff] [blame]238 [Tags] Verify_LDAP_BaseDN_Update_And_LDAP_Login
239
240
241 ${body}= Catenate {'${LDAP_TYPE}': { 'LDAPService': {'SearchSettings':
242 ... {'BaseDistinguishedNames': ['${LDAP_BASE_DN}']}}}}
243 Redfish.Patch ${REDFISH_BASE_URI}AccountService body=${body}
244 Sleep 15s
245 Redfish Verify LDAP Login
246
247
248Verify LDAP BindDN Update And LDAP Login
249 [Documentation] Update LDAP BindDN of LDAP configuration and verify
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]250 ... that LDAP login works.
Sivas SRRa031d2d2019-08-16 07:49:52 -0500[diff] [blame]251 [Tags] Verify_LDAP_BindDN_Update_And_LDAP_Login
252
253 ${body}= Catenate {'${LDAP_TYPE}': { 'Authentication':
254 ... {'AuthenticationType':'UsernameAndPassword', 'Username':
255 ... '${LDAP_BIND_DN}'}}}
256 Redfish.Patch ${REDFISH_BASE_URI}AccountService body=${body}
257 Sleep 15s
258 Redfish Verify LDAP Login
259
260
261Verify LDAP BindDN Password Update And LDAP Login
262 [Documentation] Update LDAP BindDN password of LDAP configuration and
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]263 ... verify that LDAP login works.
Sivas SRRa031d2d2019-08-16 07:49:52 -0500[diff] [blame]264 [Tags] Verify_LDAP_BindDN_Passsword_Update_And_LDAP_Login
265
266
267 ${body}= Catenate {'${LDAP_TYPE}': { 'Authentication':
268 ... {'AuthenticationType':'UsernameAndPassword', 'Password':
269 ... '${LDAP_BIND_DN_PASSWORD}'}}}
270 Redfish.Patch ${REDFISH_BASE_URI}AccountService body=${body}
271 Sleep 15s
272 Redfish Verify LDAP Login
273
274
275Verify LDAP Type Update And LDAP Login
276 [Documentation] Update LDAP type of LDAP configuration and verify
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]277 ... that LDAP login works.
Sivas SRRa031d2d2019-08-16 07:49:52 -0500[diff] [blame]278 [Tags] Verify_LDAP_Type_Update_And_LDAP_Login
279
280 Disable Other LDAP
281 Redfish.Patch ${REDFISH_BASE_URI}AccountService
282 ... body={'${LDAP_TYPE}': {'ServiceEnabled': ${True}}}
283 Sleep 15s
284 Redfish Verify LDAP Login
285
286
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]287Verify Authorization With Null Privilege
288 [Documentation] Verify the failure of LDAP authorization with empty
289 ... privilege.
290 [Tags] Verify_LDAP_Authorization_With_Null_Privilege
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]291 [Teardown] Restore LDAP Privilege
292
293 Update LDAP Config And Verify Set Host Name ${GROUP_NAME} ${EMPTY}
294 ... [${HTTP_FORBIDDEN}]
295
296
297Verify Authorization With Invalid Privilege
298 [Documentation] Verify that LDAP user authorization with wrong privilege
299 ... fails.
300 [Tags] Verify_LDAP_Authorization_With_Invalid_Privilege
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]301 [Teardown] Restore LDAP Privilege
302
303 Update LDAP Config And Verify Set Host Name ${GROUP_NAME}
304 ... Invalid_Privilege [${HTTP_FORBIDDEN}]
305
306
307Verify LDAP Login With Invalid Data
308 [Documentation] Verify that LDAP login with Invalid LDAP data and
309 ... right LDAP user fails.
310 [Tags] Verify_LDAP_Login_With_Invalid_Data
311 [Teardown] Run Keywords FFDC On Test Case Fail AND
312 ... Create LDAP Configuration
313
314 Create LDAP Configuration ${LDAP_TYPE} Invalid_LDAP_Server_URI
315 ... Invalid_LDAP_BIND_DN LDAP_BIND_DN_PASSWORD
316 ... Invalid_LDAP_BASE_DN
317 Sleep 15s
318 Redfish Verify LDAP Login ${False}
319
320
321Verify LDAP Config Creation Without BASE_DN
322 [Documentation] Verify that LDAP login with LDAP configuration
323 ... created without BASE_DN fails.
324 [Tags] Verify_LDAP_Config_Creation_Without_BASE_DN
325 [Teardown] Run Keywords FFDC On Test Case Fail AND
326 ... Create LDAP Configuration
327
328 Create LDAP Configuration ${LDAP_TYPE} Invalid_LDAP_Server_URI
329 ... Invalid_LDAP_BIND_DN LDAP_BIND_DN_PASSWORD ${EMPTY}
330 Sleep 15s
331 Redfish Verify LDAP Login ${False}
332
333
334Verify LDAP Authentication Without Password
335 [Documentation] Verify that LDAP user authentication without LDAP
336 ... user password fails.
337 [Tags] Verify_LDAP_Authentication_Without_Password
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]338
339 ${status}= Run Keyword And Return Status Redfish.Login ${LDAP_USER}
340 Valid Value status [${False}]
341
342
Sivas SRRcde694c2019-09-09 12:20:34 -0500[diff] [blame]343Verify LDAP Login With Invalid BASE_DN
344 [Documentation] Verify that LDAP login with invalid BASE_DN and
345 ... valid LDAP user fails.
346 [Tags] Verify_LDAP_Login_With_Invalid_BASE_DN
347 [Teardown] Run Keywords FFDC On Test Case Fail AND
348 ... Create LDAP Configuration
349
350 Create LDAP Configuration ${LDAP_TYPE} ${LDAP_SERVER_URI}
351 ... ${LDAP_BIND_DN} ${LDAP_BIND_DN_PASSWORD} Invalid_LDAP_BASE_DN
352 Sleep 15s
353 Redfish Verify LDAP Login ${False}
354
355
356Verify LDAP Login With Invalid BIND_DN_PASSWORD
357 [Documentation] Verify that LDAP login with invalid BIND_DN_PASSWORD and
358 ... valid LDAP user fails.
359 [Tags] Verify_LDAP_Login_With_Invalid_BIND_DN_PASSWORD
360 [Teardown] Run Keywords FFDC On Test Case Fail AND
361 ... Create LDAP Configuration
362
363 Create LDAP Configuration ${LDAP_TYPE} ${LDAP_SERVER_URI}
364 ... ${LDAP_BIND_DN} INVALID_LDAP_BIND_DN_PASSWORD ${LDAP_BASE_DN}
365 Sleep 15s
366 Redfish Verify LDAP Login ${False}
367
368
369Verify LDAP Login With Invalid BASE_DN And Invalid BIND_DN
370 [Documentation] Verify that LDAP login with invalid BASE_DN and invalid
371 ... BIND_DN and valid LDAP user fails.
372 [Tags] Verify_LDAP_Login_With_Invalid_BASE_DN_And_Invalid_BIND_DN
373 [Teardown] Run Keywords FFDC On Test Case Fail AND
374 ... Create LDAP Configuration
375
376 Create LDAP Configuration ${LDAP_TYPE} ${LDAP_SERVER_URI}
377 ... INVALID_LDAP_BIND_DN ${LDAP_BIND_DN_PASSWORD} INVALID_LDAP_BASE_DN
378 Sleep 15s
379 Redfish Verify LDAP Login ${False}
380
381
382Verify Group Name And Group Privilege Able To Modify
383 [Documentation] Verify that LDAP group name and group privilege able to
384 ... modify.
385 [Tags] Verify_Group_Name_And_Group_Privilege_Able_To_Modify
Sivas SRR873de8e2019-09-26 00:37:53 -0500[diff] [blame]386 [Setup] Update LDAP Configuration with LDAP User Role And Group
Sivas SRRcde694c2019-09-09 12:20:34 -0500[diff] [blame]387 ... ${LDAP_TYPE} Operator ${GROUP_NAME}
388
389 Update LDAP Configuration with LDAP User Role And Group ${LDAP_TYPE}
390 ... Administrator ${GROUP_NAME}
391
392
393Verify LDAP Login With Invalid BIND_DN
394 [Documentation] Verify that LDAP login with invalid BIND_DN and
395 ... valid LDAP user fails.
396 [Tags] Verify_LDAP_Login_With_Invalid_BIND_DN
397 [Teardown] Run Keywords FFDC On Test Case Fail AND
398 ... Create LDAP Configuration
399
400 Create LDAP Configuration ${LDAP_TYPE} ${LDAP_SERVER_URI}
401 ... Invalid_LDAP_BIND_DN ${LDAP_BIND_DN_PASSWORD} ${LDAP_BASE_DN}
402 Sleep 15s
403 Redfish Verify LDAP Login ${False}
404
405
406Verify LDAP Authentication With Invalid LDAP User
407 [Documentation] Verify that LDAP user authentication for user not exist
408 ... in LDAP server and fails.
409 [Tags] Verify_LDAP_Authentication_With_Invalid_LDAP_User
Sivas SRRcde694c2019-09-09 12:20:34 -0500[diff] [blame]410
411 ${status}= Run Keyword And Return Status Redfish.Login INVALID_LDAP_USER
412 ... ${LDAP_USER_PASSWORD}
413 Valid Value status [${False}]
414
415
Sivas SRR7d7bae32019-05-29 00:31:14 -0500[diff] [blame]416*** Keywords ***
Sivas SRRd21c9842019-06-21 05:41:18 -0500[diff] [blame]417
Sivas SRRa031d2d2019-08-16 07:49:52 -0500[diff] [blame]418Redfish Verify LDAP Login
419 [Documentation] LDAP user log into BMC.
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]420 [Arguments] ${valid_status}=${True}
421
422 # Description of argument(s):
423 # valid_status Expected status of LDAP login ("True" or "False").
Sivas SRRa031d2d2019-08-16 07:49:52 -0500[diff] [blame]424
425 # According to our repo coding rules, Redfish.Login is to be done in Suite
426 # Setup and Redfish.Logout is to be done in Suite Teardown. For any
427 # deviation from this rule (such as in this keyword), the deviant code
428 # must take steps to restore us to our original logged-in state.
429
Sivas SRR6f8ac5d2019-08-27 01:09:52 -0500[diff] [blame]430 ${status}= Run Keyword And Return Status Redfish.Login ${LDAP_USER}
431 ... ${LDAP_USER_PASSWORD}
432 Valid Value status [${valid_status}]
Sivas SRRa031d2d2019-08-16 07:49:52 -0500[diff] [blame]433 Redfish.Logout
434 Redfish.Login
435
436
Sivas SRRe9a47862019-08-05 07:13:43 -0500[diff] [blame]437Update LDAP Config And Verify Set Host Name
438 [Documentation] Update LDAP config and verify by attempting to set host name.
439 [Arguments] ${group_name} ${group_privilege}=Administrator
440 ... ${valid_status_codes}=[${HTTP_OK}]
441
442 # Description of argument(s):
443 # group_name The group name of user.
444 # group_privilege The group privilege ("Administrator",
445 # "Operator", "User" or "Callback").
446 # valid_status_codes Expected return code(s) from patch
447 # operation (e.g. "200") used to update
448 # HostName. See prolog of rest_request
449 # method in redfish_plut.py for details.
450 Update LDAP Configuration with LDAP User Role And Group ${LDAP_TYPE}
451 ... ${group_privilege} ${group_name}
452 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
453 # Verify that the LDAP user in ${group_name} with the given privilege is
454 # allowed to change the hostname.
Sivas SRRe9a47862019-08-05 07:13:43 -0500[diff] [blame]455 Redfish.Patch ${REDFISH_NW_PROTOCOL_URI} body={'HostName': '${hostname}'}
456 ... valid_status_codes=${valid_status_codes}
457 Redfish.Logout
458 Redfish.Login
459
460
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]461Disable Other LDAP
462 [Documentation] Disable other LDAP configuration.
463
464 # First disable other LDAP.
465 ${inverse_ldap_type}= Set Variable If '${LDAP_TYPE}' == 'LDAP' ActiveDirectory LDAP
466 Redfish.Patch ${REDFISH_BASE_URI}AccountService
467 ... body={'${inverse_ldap_type}': {'ServiceEnabled': ${False}}}
468 Sleep 15s
469
470
Sivas SRRb1b85752019-07-04 01:28:28 -0500[diff] [blame]471Create LDAP Configuration
472 [Documentation] Create LDAP configuration.
473 [Arguments] ${ldap_type}=${LDAP_TYPE} ${ldap_server_uri}=${LDAP_SERVER_URI}
474 ... ${ldap_bind_dn}=${LDAP_BIND_DN} ${ldap_bind_dn_password}=${LDAP_BIND_DN_PASSWORD}
475 ... ${ldap_base_dn}=${LDAP_BASE_DN}
476
477 # Description of argument(s):
478 # ldap_type The LDAP type ("ActiveDirectory" or "LDAP").
479 # ldap_server_uri LDAP server uri (e.g. ldap://XX.XX.XX.XX).
480 # ldap_bind_dn The LDAP bind distinguished name.
481 # ldap_bind_dn_password The LDAP bind distinguished name password.
482 # ldap_base_dn The LDAP base distinguished name.
483
484 Redfish.Patch ${REDFISH_BASE_URI}AccountService
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]485 ... body={'${ldap_type}': {'ServiceEnabled': ${True}, 'ServiceAddresses': ['${ldap_server_uri}'], 'Authentication': {'AuthenticationType':'UsernameAndPassword', 'Username':'${ldap_bind_dn}', 'Password':'${ldap_bind_dn_password}'}, 'LDAPService': {'SearchSettings': {'BaseDistinguishedNames': ['${ldap_base_dn}']}}}}
Sivas SRRb1b85752019-07-04 01:28:28 -0500[diff] [blame]486 Sleep 15s
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]487
488
489Config LDAP URL
490 [Documentation] Config LDAP URL.
491 [Arguments] ${ldap_server_uri}=${LDAP_SERVER_URI}
492
493 # Description of argument(s):
494 # ldap_server_uri LDAP server uri (e.g. "ldap://XX.XX.XX.XX/").
495
Sivas SRRb1b85752019-07-04 01:28:28 -0500[diff] [blame]496 Redfish.Patch ${REDFISH_BASE_URI}AccountService
497 ... body={'${ldap_type}': {'ServiceAddresses': ['${ldap_server_uri}']}}
498 Sleep 15s
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]499 # After update, LDAP login.
500 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
501 Redfish.Logout
502 Redfish.Login
503
504
505Restore LDAP URL
506 [Documentation] Restore LDAP URL.
507
508 # Restoring the working LDAP server uri.
Sivas SRRb1b85752019-07-04 01:28:28 -0500[diff] [blame]509 Redfish.Patch ${REDFISH_BASE_URI}AccountService
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]510 ... body={'${ldap_type}': {'ServiceAddresses': ['${LDAP_SERVER_URI}']}}
Sivas SRRb1b85752019-07-04 01:28:28 -0500[diff] [blame]511 Sleep 15s
512
513
Sivas SRRd21c9842019-06-21 05:41:18 -0500[diff] [blame]514Restore AccountLockout Attributes
515 [Documentation] Restore AccountLockout Attributes.
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]516
Sivas SRRd21c9842019-06-21 05:41:18 -0500[diff] [blame]517 Return From Keyword If &{old_account_service} == &{EMPTY}
518 Redfish.Patch ${REDFISH_BASE_URI}AccountService
519 ... body=[('AccountLockoutDuration', ${old_account_service['AccountLockoutDuration']})]
520 Redfish.Patch ${REDFISH_BASE_URI}AccountService
521 ... body=[('AccountLockoutDuration', ${old_account_service['AccountLockoutThreshold']})]
522
523
Sivas SRR7d7bae32019-05-29 00:31:14 -0500[diff] [blame]524Suite Setup Execution
525 [Documentation] Do suite setup tasks.
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]526
Michael Walshe7edb222019-08-19 17:39:38 -0500[diff] [blame]527 Valid Value LDAP_TYPE valid_values=["ActiveDirectory", "LDAP"]
528 Valid Value LDAP_USER
529 Valid Value LDAP_USER_PASSWORD
530 Valid Value GROUP_PRIVILEGE
531 Valid Value GROUP_NAME
532 Valid Value LDAP_SERVER_URI
533 Valid Value LDAP_BIND_DN_PASSWORD
534 Valid Value LDAP_BIND_DN
535 Valid Value LDAP_BASE_DN
Sivas SRRe9a47862019-08-05 07:13:43 -0500[diff] [blame]536
Sivas SRRf4ec6492019-06-16 01:59:30 -0500[diff] [blame]537 Redfish.Login
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]538 # Call 'Get LDAP Configuration' to verify that LDAP configuration exists.
539 Get LDAP Configuration ${LDAP_TYPE}
Sivas SRR939b4b12019-06-26 00:01:59 -0500[diff] [blame]540 ${old_ldap_privilege}= Get LDAP Privilege
Sivas SRRcde694c2019-09-09 12:20:34 -0500[diff] [blame]541 Disable Other LDAP
Sivas SRR873de8e2019-09-26 00:37:53 -0500[diff] [blame]542 Create LDAP Configuration
543 ${hostname}= Redfish.Get Attribute ${REDFISH_NW_PROTOCOL_URI} HostName
Sivas SRR7d7bae32019-05-29 00:31:14 -0500[diff] [blame]544
545
Sivas SRR939b4b12019-06-26 00:01:59 -0500[diff] [blame]546Set Read Privilege And Check Firmware Inventory
547 [Documentation] Set read privilege and check firmware inventory.
548 [Arguments] ${read_privilege}
549
550 # Description of argument(s):
551 # read_privilege The read privilege role (e.g. "User" / "Callback").
552
553 Update LDAP Configuration with LDAP User Role And Group ${LDAP_TYPE}
554 ... ${read_privilege} ${GROUP_NAME}
555
556 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
557 # Verify that the LDAP user with read privilege is able to read inventory.
558 ${resp}= Redfish.Get /redfish/v1/UpdateService/FirmwareInventory
559 Should Be True ${resp.dict["Members@odata.count"]} >= ${1}
560 Length Should Be ${resp.dict["Members"]} ${resp.dict["Members@odata.count"]}
Sivas SRRd21c9842019-06-21 05:41:18 -0500[diff] [blame]561 Redfish.Logout
Sivas SRR939b4b12019-06-26 00:01:59 -0500[diff] [blame]562 Redfish.Login
563
564
565Set Read Privilege And Check Poweron
566 [Documentation] Set read privilege and power on should not be possible.
567 [Arguments] ${read_privilege}
568
569 # Description of argument(s):
570 # read_privilege The read privilege role (e.g. "User" / "Callback").
571
572 Update LDAP Configuration with LDAP User Role And Group ${LDAP_TYPE}
573 ... ${read_privilege} ${GROUP_NAME}
574 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD}
575 Redfish.Post ${REDFISH_POWER_URI}
576 ... body={'ResetType': 'On'} valid_status_codes=[401, 403]
577 Redfish.Logout
578 Redfish.Login
Sivas SRRd21c9842019-06-21 05:41:18 -0500[diff] [blame]579
580
Sivas SRR7d7bae32019-05-29 00:31:14 -0500[diff] [blame]581Get LDAP Configuration
582 [Documentation] Retrieve LDAP Configuration.
583 [Arguments] ${ldap_type}
584
585 # Description of argument(s):
586 # ldap_type The LDAP type ("ActiveDirectory" or "LDAP").
587
588 ${ldap_config}= Redfish.Get Properties ${REDFISH_BASE_URI}AccountService
589 [Return] ${ldap_config["${ldap_type}"]}
Sivas SRR108f9d32019-06-03 10:05:34 -0500[diff] [blame]590
591
592Update LDAP Configuration with LDAP User Role And Group
593 [Documentation] Update LDAP configuration update with LDAP user Role and group.
594 [Arguments] ${ldap_type} ${group_privilege} ${group_name}
595
596 # Description of argument(s):
597 # ldap_type The LDAP type ("ActiveDirectory" or "LDAP").
598 # group_privilege The group privilege ("Administrator", "Operator", "User" or "Callback").
599 # group_name The group name of user.
600
601 ${local_role_remote_group}= Create Dictionary LocalRole=${group_privilege} RemoteGroup=${group_name}
602 ${remote_role_mapping}= Create List ${local_role_remote_group}
603 ${ldap_data}= Create Dictionary RemoteRoleMapping=${remote_role_mapping}
604 ${payload}= Create Dictionary ${ldap_type}=${ldap_data}
605 Redfish.Patch ${REDFISH_BASE_URI}AccountService body=&{payload}
Sivas SRR939b4b12019-06-26 00:01:59 -0500[diff] [blame]606 # Provide adequate time for LDAP daemon to restart after the update.
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]607 Sleep 15s
Sivas SRR108f9d32019-06-03 10:05:34 -0500[diff] [blame]608
Sivas SRRf4ec6492019-06-16 01:59:30 -0500[diff] [blame]609
610Get LDAP Privilege
611 [Documentation] Get LDAP privilege and return it.
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]612
Sivas SRRf4ec6492019-06-16 01:59:30 -0500[diff] [blame]613 ${ldap_config}= Get LDAP Configuration ${LDAP_TYPE}
Sivas SRRe9a47862019-08-05 07:13:43 -0500[diff] [blame]614 ${num_list_entries}= Get Length ${ldap_config["RemoteRoleMapping"]}
615 Return From Keyword If ${num_list_entries} == ${0} @{EMPTY}
616
Sivas SRRf4ec6492019-06-16 01:59:30 -0500[diff] [blame]617 [Return] ${ldap_config["RemoteRoleMapping"][0]["LocalRole"]}
618
619
620Restore LDAP Privilege
621 [Documentation] Restore the LDAP privilege to its original value.
Sivas SRR73379bc2019-07-22 10:21:45 -0500[diff] [blame]622
Sivas SRR939b4b12019-06-26 00:01:59 -0500[diff] [blame]623 Return From Keyword If '${old_ldap_privilege}' == '${EMPTY}'
624 # Log back in to restore the original privilege.
Sivas SRRf4ec6492019-06-16 01:59:30 -0500[diff] [blame]625 Update LDAP Configuration with LDAP User Role And Group ${LDAP_TYPE}
626 ... ${old_ldap_privilege} ${GROUP_NAME}