1*** Settings *** 2 3Documentation Test OpenBMC GUI "LDAP" sub-menu of "Security and access". 4 5Resource ../../lib/gui_resource.robot 6Resource ../../../lib/bmc_ldap_utils.robot 7 8Suite Setup Suite Setup Execution 9Suite Teardown Close Browser 10 11Force Tags LDAP_Sub_Menu 12 13*** Variables *** 14 15${xpath_ldap_heading} //h1[text()="LDAP"] 16${xpath_enable_ldap_checkbox} //*[@data-test-id='ldap-checkbox-ldapAuthenticationEnabled'] 17${xpath_secure_ldap_checkbox} //*[@data-test-id='ldap-checkbox-secureLdapEnabled'] 18${xpath_service_radio_button} //*[@data-test-id="ldap-radio-activeDirectoryEnabled"] 19${xpath_add_role_group_button} //button[contains(text(),'Add role group')] 20${xpath_ldap_url} //*[@data-test-id='ldap-input-serverUri'] 21${xpath_ldap_bind_dn} //*[@data-test-id='ldap-input-bindDn'] 22${xpath_ldap_password} //*[@id='bind-password'] 23${xpath_ldap_base_dn} //*[@data-test-id='ldap-input-baseDn'] 24${xpath_ldap_save_settings} //*[@data-test-id='ldap-button-saveSettings'] 25${xpath_select_refresh_button} //*[text()[contains(.,"Refresh")]] 26${xpath_add_group_name} //*[@id="role-group-name"] 27${xpath_add_group_Privilege} //*[@id="privilege"] 28${xpath_add_privilege_button} //button[text()=" Add "] 29${xpath_delete_group_button} //*[@title="Delete"] 30${xpath_delete_button} //button[text()="Delete"] 31 32 33${incorrect_ip} 1.2.3.4 34${wrong_ldap_port} 135 35 36*** Test Cases *** 37 38Verify Navigation To LDAP Page 39 [Documentation] Verify navigation to LDAP page. 40 [Tags] Verify_Navigation_To_LDAP_Page 41 42 Page Should Contain Element ${xpath_ldap_heading} 43 44 45Verify Existence Of All Sections In LDAP Page 46 [Documentation] Verify existence of all sections in LDAP page. 47 [Tags] Verify_Existence_Of_All_Sections_In_LDAP_Page 48 49 Page Should Contain Settings 50 Page Should Contain Role groups 51 52 53Verify Existence Of All Buttons In LDAP Page 54 [Documentation] Verify existence of all buttons in LDAP page. 55 [Tags] Verify_Existence_Of_All_Buttons_In_LDAP_Page 56 57 # Buttons under settings section. 58 Page Should Contain Element ${xpath_service_radio_button} 59 Page Should Contain Element ${xpath_save_settings_button} 60 61 # Buttons under role groups section. 62 Page Should Contain Element ${xpath_add_role_group_button} 63 64 65Verify Existence Of All Checkboxes In LDAP Page 66 [Documentation] Verify existence of all checkboxes in LDAP page. 67 [Tags] Verify_Existence_Of_All_Checkboxes_In_LDAP_Page 68 69 # Checkboxes under settings section. 70 Page Should Contain Element ${xpath_enable_ldap_checkbox} 71 Page Should Contain Element ${xpath_secure_ldap_checkbox} 72 73 74Verify LDAP Configurations Editable 75 [Documentation] Verify LDAP configurations are editable. 76 [Tags] Verify_LDAP_Configurations_Editable 77 [Setup] Redfish.Login 78 [Teardown] Redfish.Logout 79 80 Create LDAP Configuration ${LDAP_SERVER_URI} ${LDAP_TYPE} ${LDAP_BIND_DN} 81 ... ${LDAP_BIND_DN_PASSWORD} ${LDAP_BASE_DN} 82 Wait Until Page Contains Element ${xpath_ldap_url} 83 Textfield Value Should Be ${xpath_ldap_url} ${LDAP_SERVER_URI} 84 Textfield Value Should Be ${xpath_ldap_bind_dn} ${LDAP_BIND_DN} 85 Textfield Value Should Be ${xpath_ldap_password} ${empty} 86 Textfield Value Should Be ${xpath_ldap_base_dn} ${LDAP_BASE_DN} 87 88 89Verify Create LDAP Configuration 90 [Documentation] Verify created LDAP configuration. 91 [Tags] Verify_Create_LDAP_Configuration 92 [Teardown] Run Keywords Redfish.Logout AND Redfish.Login 93 94 Create LDAP Configuration 95 Get LDAP Configuration ${LDAP_TYPE} 96 Redfish.Logout 97 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD} 98 99 100Verify LDAP Config Update With Incorrect LDAP IP Address 101 [Documentation] Verify that LDAP login fails with incorrect LDAP IP Address. 102 [Tags] Verify_LDAP_Config_Update_With_Incorrect_LDAP_IP_Address 103 [Teardown] Run Keywords Redfish.Logout AND Redfish.Login 104 105 Create LDAP Configuration ${incorrect_ip} ${LDAP_TYPE} ${LDAP_BIND_DN} 106 ... ${LDAP_BIND_DN_PASSWORD} ${LDAP_BASE_DN} ${LDAP_MODE} 107 108 Get LDAP Configuration ${LDAP_TYPE} 109 Redfish.Logout 110 111 ${resp}= Run Keyword And Return Status 112 ... Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD} 113 Should Be Equal ${resp} ${False} 114 ... msg=LDAP user was able to login though the incorrect LDAP IP Address. 115 116 117Verify LDAP Service Disable 118 [Documentation] Verify that LDAP user cannot login when LDAP service is disabled. 119 [Tags] Verify_LDAP_Service_Disable 120 [Teardown] Run Keywords Redfish.Logout AND Redfish.Login 121 122 ${status}= Run Keyword And Return Status 123 ... Checkbox Should Be Selected ${xpath_enable_ldap_checkbox} 124 125 Run Keyword If ${status} == ${True} 126 ... Click Element At Coordinates ${xpath_enable_ldap_checkbox} 0 0 127 128 Checkbox Should Not Be Selected ${xpath_enable_ldap_checkbox} 129 Click Element ${xpath_ldap_save_settings} 130 Wait Until Page Contains Successfully saved Open LDAP settings 131 Click Element ${xpath_refresh_button} 132 Wait Until Page Contains Element ${xpath_ldap_heading} 133 Redfish.Logout 134 135 ${resp}= Run Keyword And Return Status 136 ... Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD} 137 Should Be Equal ${resp} ${False} 138 ... msg=LDAP user was able to login even though the LDAP service was disabled. 139 140 141Verify LDAP User With Admin Privilege 142 [Documentation] Verify that LDAP user with administrator privilege is able to do BMC reboot. 143 [Tags] Verify_LDAP_User_With_Admin_Privilege 144 [Teardown] Run Keywords Redfish.Login AND Delete LDAP Role Group ${GROUP_NAME} 145 146 Update LDAP Configuration with LDAP User Role And Group ${GROUP_NAME} ${GROUP_PRIVILEGE} 147 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD} 148 Redfish OBMC Reboot (off) 149 Redfish.Logout 150 151 152Verify Enabling LDAP 153 [Documentation] Verify that LDAP can be enabled from disabled state. 154 [Tags] Verify_Enabling_LDAP 155 156 Disable LDAP Configuration 157 Create LDAP Configuration 158 159 160Read Network Configuration Via Different User Roles And Verify Using GUI 161 [Documentation] Read network configuration via different user roles and verify. 162 [Tags] Read_Network_Configuration_Via_Different_User_Roles_And_Verify_Using_GUI 163 [Template] Update LDAP User Role And Read Network Configuration Via GUI 164 165 # group_name user_role valid_status_code 166 ${GROUP_NAME} Administrator ${HTTP_OK} 167 ${GROUP_NAME} Operator ${HTTP_OK} 168 ${GROUP_NAME} ReadOnly ${HTTP_OK} 169 ${GROUP_NAME} NoAccess ${HTTP_FORBIDDEN} 170 171 172Verify LDAP Login Fails On Wrong LDAP Port 173 [Documentation] Verify that LDAP login fails when wrong port is entered in LDAP URL. 174 [Tags] Verify_LDAP_Login_Fails_On_Wrong_LDAP_Port 175 [Teardown] Run Keywords Redfish.Logout AND Redfish.Login 176 177 ${ldap_uri_wrong_port}= Catenate SEPARATOR=: ${LDAP_SERVER_URI} ${wrong_ldap_port} 178 Create LDAP Configuration ${ldap_uri_wrong_port} ${LDAP_TYPE} ${LDAP_BIND_DN} 179 ... ${LDAP_BIND_DN_PASSWORD} ${LDAP_BASE_DN} ${LDAP_MODE} 180 181 Get LDAP Configuration ${LDAP_TYPE} 182 Redfish.Logout 183 184 ${resp}= Run Keyword And Return Status 185 ... Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD} 186 Should Be Equal ${resp} ${False} 187 ... msg=LDAP user was able to login though the wrong port in LDAP URL 188 189*** Keywords *** 190 191Suite Setup Execution 192 [Documentation] Do test case setup tasks. 193 194 Launch Browser And Login GUI 195 196 # Navigate to https://xx.xx.xx.xx/#/security-and-access/ldap LDAP page. 197 Click Element ${xpath_secuity_and_accesss_menu} 198 Click Element ${xpath_ldap_sub_menu} 199 Wait Until Keyword Succeeds 30 sec 10 sec Location Should Contain ldap 200 Wait Until Element Is Not Visible ${xpath_page_loading_progress_bar} timeout=30 201 Wait Until Element Is Enabled ${xpath_enable_ldap_checkbox} timeout=10s 202 203 Valid Value LDAP_TYPE valid_values=["ActiveDirectory", "LDAP"] 204 Valid Value LDAP_USER 205 Valid Value LDAP_USER_PASSWORD 206 Valid Value GROUP_PRIVILEGE 207 Valid Value GROUP_NAME 208 Valid Value LDAP_SERVER_URI 209 Valid Value LDAP_BIND_DN_PASSWORD 210 Valid Value LDAP_BIND_DN 211 Valid Value LDAP_BASE_DN 212 Valid Value LDAP_MODE valid_values=["secure", "nonsecure"] 213 214 215Create LDAP Configuration 216 [Documentation] Create LDAP configuration. 217 [Arguments] ${ldap_server_uri}=${LDAP_SERVER_URI} ${ldap_servicetype}=${LDAP_TYPE} 218 ... ${ldap_bind_dn}=${LDAP_BIND_DN} ${ldap_bind_dn_password}=${LDAP_BIND_DN_PASSWORD} 219 ... ${ldap_base_dn}=${LDAP_BASE_DN} ${ldap_mode}=${LDAP_MODE} 220 221 # Description of argument(s): 222 # ldap_server_uri LDAP server uri (e.g. ldap://XX.XX.XX.XX). 223 # ldap_type The LDAP type ("ActiveDirectory" or "LDAP"). 224 # ldap_bind_dn The LDAP bind distinguished name. 225 # ldap_bind_dn_password The LDAP bind distinguished name password. 226 # ldap_base_dn The LDAP base distinguished name. 227 228 # Clearing existing LDAP configuration by disabling it. 229 Redfish.Patch ${REDFISH_BASE_URI}AccountService 230 ... body={'${LDAP_TYPE}': {'ServiceEnabled': ${False}}} 231 232 # Wait for GUI to reflect LDAP disabled status. 233 Run Keywords Refresh GUI AND Sleep 10s 234 235 Click Element At Coordinates ${xpath_enable_ldap_checkbox} 0 0 236 ${radio_buttons}= Get WebElements ${xpath_service_radio_button} 237 238 Run Keyword If '${ldap_service_type}' == 'LDAP' 239 ... Click Element At Coordinates ${radio_buttons}[${0}] 0 0 240 ... ELSE Click Element At Coordinates ${radio_buttons}[${1}] 0 0 241 242 Wait Until Page Contains Element ${xpath_ldap_url} 243 Run Keyword If '${ldap_mode}' == 'secure' 244 ... Click Element At Coordinates ${xpath_secure_ldap_checkbox} 0 0 245 246 Input Text ${xpath_ldap_url} ${ldap_server_uri} 247 Input Text ${xpath_ldap_bind_dn} ${ldap_bind_dn} 248 Input Text ${xpath_ldap_password} ${ldap_bind_dn_password} 249 Input Text ${xpath_ldap_base_dn} ${ldap_base_dn} 250 Click Element ${xpath_ldap_save_settings} 251 252 Run Keyword If '${ldap_service_type}'=='LDAP' 253 ... Wait Until Page Contains Successfully saved Open LDAP settings 254 ... ELSE 255 ... Wait Until Page Contains Successfully saved Active Directory settings 256 257 Click Element ${xpath_refresh_button} 258 Wait Until Page Contains Element ${xpath_ldap_heading} 259 260 261Get LDAP Configuration 262 [Documentation] Retrieve LDAP Configuration. 263 [Arguments] ${ldap_type} 264 265 # Description of argument(s): 266 # ldap_type The LDAP type ("ActiveDirectory" or "LDAP"). 267 268 ${radio_buttons}= Get WebElements ${xpath_service_radio_button} 269 270 ${status}= Run Keyword And Return Status 271 ... Run Keyword If '${ldap_type}'=='LDAP' 272 ... Checkbox Should Be Selected ${radio_buttons}[${0}] 273 ... ELSE 274 ... Checkbox Should Be Selected ${radio_buttons}[${1}] 275 Should Be Equal ${status} ${True} 276 277 278Update LDAP Configuration With LDAP User Role And Group 279 [Documentation] Update LDAP configuration update with LDAP user role and group. 280 [Arguments] ${group_name} ${group_privilege} 281 282 # Description of argument(s): 283 # group_name The group name of LDAP user. 284 # group_privilege The group privilege for LDAP user 285 # (e.g. "Administrator", "Operator", "ReadOnly" or "NoAcccess"). 286 287 Create LDAP Configuration 288 Click Element ${xpath_add_role_group_button} 289 Input Text ${xpath_add_group_name} ${group_name} 290 Select From List By Value ${xpath_add_group_Privilege} ${group_privilege} 291 Click Element ${xpath_add_privilege_button} 292 293 # Verify group name after adding. 294 ${ldap_group_name}= Get LDAP Privilege And Group Name Via Redfish 295 List Should Contain Value ${ldap_group_name} ${group_name} 296 297 298Delete LDAP Role Group 299 [Documentation] Delete LDAP role group. 300 [Arguments] ${group_name} 301 302 # Description of argument(s): 303 # group_name The group name of LDAP user. 304 305 # Verify given group name is exist before deleting. 306 ${ldap_group_name}= Get LDAP Privilege And Group Name Via Redfish 307 List Should Contain Value ${ldap_group_name} ${group_name} msg=${group_name} not available. 308 309 ${get_groupname_index}= Get Index From List ${ldap_group_name} ${group_name} 310 ${delete_group_elements}= Get WebElements ${xpath_delete_group_button} 311 Click Element ${delete_group_elements}[${get_groupname_index}] 312 Click Element ${xpath_delete_button} 313 314 # Verify group name after deleting. 315 ${ldap_group_name}= Get LDAP Privilege And Group Name Via Redfish 316 List Should Not Contain Value ${ldap_group_name} ${group_name} msg=${group_name} not available. 317 318 319Disable LDAP Configuration 320 [Documentation] Disable LDAP configuration on BMC. 321 322 ${status}= Run Keyword And Return Status 323 ... Checkbox Should Be Selected ${xpath_enable_ldap_checkbox} 324 325 Run Keyword If ${status} == ${True} 326 ... Click Element At Coordinates ${xpath_enable_ldap_checkbox} 0 0 327 328 Checkbox Should Not Be Selected ${xpath_enable_ldap_checkbox} 329 Click Element ${xpath_ldap_save_settings} 330 Wait Until Page Contains Successfully saved Open LDAP settings 331 Click Element ${xpath_refresh_button} 332 Wait Until Page Contains Element ${xpath_ldap_heading} 333 334 335Login BMC And Navigate To LDAP Page 336 [Documentation] Login BMC and navigate to ldap page. 337 [Arguments] ${username}=${OPENBMC_USERNAME} ${password}=${OPENBMC_PASSWORD} 338 339 # Description of argument(s): 340 # username The username to be used for login. 341 # password The password to be used for login. 342 343 Login GUI ${username} ${password} 344 # Navigate to https://xx.xx.xx.xx/#/security-and-access/ldap LDAP page. 345 Click Element ${xpath_secuity_and_accesss_menu} 346 Click Element ${xpath_ldap_sub_menu} 347 Wait Until Keyword Succeeds 30 sec 10 sec Location Should Contain ldap 348 349 350Update LDAP User Role And Read Network Configuration Via GUI 351 [Documentation] Update LDAP user role and read network configuration via GUI. 352 [Arguments] ${group_name} ${user_role} ${valid_status_codes} 353 [Teardown] Run Keywords Logout GUI AND Login BMC And Navigate To LDAP Page 354 ... AND Delete LDAP Role Group ${group_name} 355 356 # Description of argument(s): 357 # group_privilege The group privilege ("Administrator", "Operator", "ReadOnly" or "NoAccess"). 358 # group_name The group name of user. 359 # valid_status_code The expected valid status code. 360 361 362 Update LDAP Configuration with LDAP User Role And Group ${group_name} ${user_role} 363 Logout GUI 364 Login GUI ${LDAP_USER} ${LDAP_USER_PASSWORD} 365 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD} 366 367 Click Element ${xpath_server_configuration} 368 Click Element ${xpath_select_network_settings} 369 Wait Until Keyword Succeeds 30 sec 10 sec Location Should Contain network-settings 370 371 ${resp}= Redfish.Get ${REDFISH_NW_ETH0_URI} valid_status_codes=[${valid_status_codes}] 372 Return From Keyword If ${valid_status_codes} == ${HTTP_FORBIDDEN} 373 374 ${host_name}= Redfish.Get Attribute ${REDFISH_NW_PROTOCOL_URI} HostName 375 Textfield Value Should Be ${xpath_hostname_input} ${host_name} 376 377 ${mac_address}= Redfish.Get Attribute ${REDFISH_NW_ETH0_URI} MACAddress 378 Textfield Value Should Be ${xpath_mac_address_input} ${mac_address} 379 380