Sivas SRR | 7d7bae3 | 2019-05-29 00:31:14 -0500 | [diff] [blame] | 1 | *** Settings *** |
| 2 | Documentation Test Redfish LDAP user configuration. |
| 3 | |
| 4 | Resource ../../lib/resource.robot |
| 5 | Resource ../../lib/bmc_redfish_resource.robot |
| 6 | Resource ../../lib/openbmc_ffdc.robot |
Sivas SRR | f4ec649 | 2019-06-16 01:59:30 -0500 | [diff] [blame^] | 7 | Library ../../lib/gen_robot_valid.py |
Sivas SRR | 7d7bae3 | 2019-05-29 00:31:14 -0500 | [diff] [blame] | 8 | |
| 9 | Suite Setup Suite Setup Execution |
Sivas SRR | f4ec649 | 2019-06-16 01:59:30 -0500 | [diff] [blame^] | 10 | Suite Teardown Redfish.Logout |
| 11 | Test Teardown FFDC On Test Case Fail |
Sivas SRR | 7d7bae3 | 2019-05-29 00:31:14 -0500 | [diff] [blame] | 12 | |
Sivas SRR | 9358b5c | 2019-06-06 04:57:03 -0500 | [diff] [blame] | 13 | Force Tags LDAP_Test |
| 14 | |
Sivas SRR | f4ec649 | 2019-06-16 01:59:30 -0500 | [diff] [blame^] | 15 | *** Variables *** |
| 16 | ${old_ldap_privilege} ${EMPTY} |
| 17 | |
Sivas SRR | 7d7bae3 | 2019-05-29 00:31:14 -0500 | [diff] [blame] | 18 | ** Test Cases ** |
| 19 | |
| 20 | Verify LDAP Configuration Exist |
| 21 | [Documentation] Verify LDAP configuration is available. |
| 22 | [Tags] Verify_LDAP_Configuration_Exist |
| 23 | |
| 24 | ${resp}= Redfish.Get Attribute ${REDFISH_BASE_URI}AccountService |
| 25 | ... ${LDAP_TYPE} default=${EMPTY} |
| 26 | Should Not Be Empty ${resp} msg=LDAP configuration is not defined. |
| 27 | |
| 28 | |
| 29 | Verify LDAP User Login |
| 30 | [Documentation] Verify LDAP user able to login into BMC. |
| 31 | [Tags] Verify_LDAP_User_Login |
| 32 | |
| 33 | ${resp}= Run Keyword And Return Status Redfish.Login ${LDAP_USER} |
| 34 | ... ${LDAP_USER_PASSWORD} |
| 35 | Should Be Equal ${resp} ${True} msg=LDAP user is not able to login. |
| 36 | redfish.Logout |
| 37 | |
| 38 | |
| 39 | Verify LDAP Service Available |
| 40 | [Documentation] Verify LDAP service is available. |
| 41 | [Tags] Verify_LDAP_Service_Available |
| 42 | |
| 43 | @{ldap_configuration}= Get LDAP Configuration ${LDAP_TYPE} |
| 44 | Should Contain ${ldap_configuration} LDAPService |
| 45 | ... msg=LDAPService is not available. |
| 46 | |
| 47 | |
Sivas SRR | 108f9d3 | 2019-06-03 10:05:34 -0500 | [diff] [blame] | 48 | Verify LDAP Login Works After BMC Reboot |
| 49 | [Documentation] Verify LDAP login works after BMC reboot. |
| 50 | [Tags] Verify_LDAP_Login_Works_After_BMC_Reboot |
| 51 | |
| 52 | Redfish OBMC Reboot (off) |
| 53 | Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD} |
| 54 | Redfish.Logout |
| 55 | |
| 56 | |
| 57 | Verify LDAP User With Admin Privilege Able To Do BMC Reboot |
| 58 | [Documentation] Verify LDAP user with administrator privilege able to do BMC reboot. |
| 59 | [Tags] Verify_LDAP_User_With_Admin_Privilege_Able_To_Do_BMC_Reboot |
| 60 | |
| 61 | |
| 62 | Update LDAP Configuration with LDAP User Role And Group ${LDAP_TYPE} |
| 63 | ... ${GROUP_PRIVILEGE} ${GROUP_NAME} |
| 64 | Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD} |
| 65 | # With LDAP user and with right privilege trying to do BMC reboot. |
| 66 | Redfish OBMC Reboot (off) |
| 67 | Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD} |
| 68 | Redfish.Logout |
| 69 | |
| 70 | |
Sivas SRR | f4ec649 | 2019-06-16 01:59:30 -0500 | [diff] [blame^] | 71 | Verify LDAP User With Operator Privilege Able To Do Host Poweron |
| 72 | [Documentation] Verify LDAP user with operator privilege able to do host up. |
| 73 | [Tags] Verify_LDAP_User_With_Operator_Privilege_Able_To_Do_Host_Poweron |
| 74 | [Teardown] Restore LDAP Privilege |
| 75 | |
| 76 | ${old_ldap_privilege}= Get LDAP Privilege |
| 77 | Update LDAP Configuration with LDAP User Role And Group ${LDAP_TYPE} |
| 78 | ... Operator ${GROUP_NAME} |
| 79 | # Provide adequate time for LDAP daemon to restart after the update. |
| 80 | Sleep 10s |
| 81 | |
| 82 | ${ldap_config}= Redfish.Get Properties ${REDFISH_BASE_URI}AccountService |
| 83 | ${new_ldap_privilege}= Set Variable |
| 84 | ... ${ldap_config["LDAP"]["RemoteRoleMapping"][0]["LocalRole"]} |
| 85 | Should Be Equal ${new_ldap_privilege} Operator |
| 86 | Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD} |
| 87 | # Verify that the LDAP user with operator privilege is able to power the system on. |
| 88 | Redfish Power On |
| 89 | Redfish.Logout |
| 90 | |
| 91 | |
Sivas SRR | 7d7bae3 | 2019-05-29 00:31:14 -0500 | [diff] [blame] | 92 | *** Keywords *** |
| 93 | Suite Setup Execution |
| 94 | [Documentation] Do suite setup tasks. |
| 95 | |
Sivas SRR | f4ec649 | 2019-06-16 01:59:30 -0500 | [diff] [blame^] | 96 | Rvalid Value LDAP_TYPE |
| 97 | Rvalid Value LDAP_USER |
| 98 | Rvalid Value LDAP_USER_PASSWORD |
| 99 | Rvalid Value GROUP_PRIVILEGE |
| 100 | Rvalid Value GROUP_NAME |
| 101 | Redfish.Login |
| 102 | # Call 'Get LDAP Configuration' to verify that LDAP configuration exists. |
Sivas SRR | 7d7bae3 | 2019-05-29 00:31:14 -0500 | [diff] [blame] | 103 | Get LDAP Configuration ${LDAP_TYPE} |
Sivas SRR | 7d7bae3 | 2019-05-29 00:31:14 -0500 | [diff] [blame] | 104 | |
| 105 | |
| 106 | Get LDAP Configuration |
| 107 | [Documentation] Retrieve LDAP Configuration. |
| 108 | [Arguments] ${ldap_type} |
| 109 | |
| 110 | # Description of argument(s): |
| 111 | # ldap_type The LDAP type ("ActiveDirectory" or "LDAP"). |
| 112 | |
| 113 | ${ldap_config}= Redfish.Get Properties ${REDFISH_BASE_URI}AccountService |
| 114 | [Return] ${ldap_config["${ldap_type}"]} |
Sivas SRR | 108f9d3 | 2019-06-03 10:05:34 -0500 | [diff] [blame] | 115 | |
| 116 | |
| 117 | Update LDAP Configuration with LDAP User Role And Group |
| 118 | [Documentation] Update LDAP configuration update with LDAP user Role and group. |
| 119 | [Arguments] ${ldap_type} ${group_privilege} ${group_name} |
| 120 | |
| 121 | # Description of argument(s): |
| 122 | # ldap_type The LDAP type ("ActiveDirectory" or "LDAP"). |
| 123 | # group_privilege The group privilege ("Administrator", "Operator", "User" or "Callback"). |
| 124 | # group_name The group name of user. |
| 125 | |
| 126 | ${local_role_remote_group}= Create Dictionary LocalRole=${group_privilege} RemoteGroup=${group_name} |
| 127 | ${remote_role_mapping}= Create List ${local_role_remote_group} |
| 128 | ${ldap_data}= Create Dictionary RemoteRoleMapping=${remote_role_mapping} |
| 129 | ${payload}= Create Dictionary ${ldap_type}=${ldap_data} |
| 130 | Redfish.Patch ${REDFISH_BASE_URI}AccountService body=&{payload} |
| 131 | |
Sivas SRR | f4ec649 | 2019-06-16 01:59:30 -0500 | [diff] [blame^] | 132 | |
| 133 | Get LDAP Privilege |
| 134 | [Documentation] Get LDAP privilege and return it. |
| 135 | |
| 136 | ${ldap_config}= Get LDAP Configuration ${LDAP_TYPE} |
| 137 | [Return] ${ldap_config["RemoteRoleMapping"][0]["LocalRole"]} |
| 138 | |
| 139 | |
| 140 | Restore LDAP Privilege |
| 141 | [Documentation] Restore the LDAP privilege to its original value. |
| 142 | |
| 143 | # Login back to update the original privilege. |
| 144 | Redfish.Login |
| 145 | Update LDAP Configuration with LDAP User Role And Group ${LDAP_TYPE} |
| 146 | ... ${old_ldap_privilege} ${GROUP_NAME} |
| 147 | FFDC On Test Case Fail |
| 148 | Redfish.Logout |