1*** Settings *** 2 3Documentation Test OpenBMC GUI "LDAP" sub-menu of "Security and access". 4 5Resource ../../lib/gui_resource.robot 6Resource ../../../lib/bmc_ldap_utils.robot 7 8Suite Setup Suite Setup Execution 9Suite Teardown Close Browser 10 11 12*** Variables *** 13 14${xpath_ldap_heading} //h1[text()="LDAP"] 15${xpath_enable_ldap_checkbox} //*[@data-test-id='ldap-checkbox-ldapAuthenticationEnabled']//following-sibling::label 16${xpath_secure_ldap_checkbox} //*[@data-test-id='ldap-checkbox-secureLdapEnabled'] 17${xpath_service_radio_button} //*[@data-test-id="ldap-radio-activeDirectoryEnabled"] 18${xpath_add_role_group_button} //button[contains(text(),'Add role group')] 19${xpath_ldap_url} //*[@data-test-id='ldap-input-serverUri'] 20${xpath_ldap_bind_dn} //*[@data-test-id='ldap-input-bindDn'] 21${xpath_ldap_password} //*[@id='bind-password'] 22${xpath_ldap_base_dn} //*[@data-test-id='ldap-input-baseDn'] 23${xpath_ldap_save_settings} //*[@data-test-id='ldap-button-saveSettings'] 24${xpath_select_refresh_button} //*[text()[contains(.,"Refresh")]] 25${xpath_add_group_name} //*[@id="role-group-name"] 26${xpath_add_group_Privilege} //*[@id="privilege"] 27${xpath_add_privilege_button} //button[text()=" Add "] 28${xpath_delete_group_button} //*[@title="Delete"] 29${xpath_delete_button} //button[text()="Delete"] 30 31 32${incorrect_ip} 1.2.3.4 33 34*** Test Cases *** 35 36Verify Navigation To LDAP Page 37 [Documentation] Verify navigation to LDAP page. 38 [Tags] Verify_Navigation_To_LDAP_Page 39 40 Page Should Contain Element ${xpath_ldap_heading} 41 42 43Verify Existence Of All Sections In LDAP Page 44 [Documentation] Verify existence of all sections in LDAP page. 45 [Tags] Verify_Existence_Of_All_Sections_In_LDAP_Page 46 47 Page Should Contain Settings 48 Page Should Contain Role groups 49 50 51Verify Existence Of All Buttons In LDAP Page 52 [Documentation] Verify existence of all buttons in LDAP page. 53 [Tags] Verify_Existence_Of_All_Buttons_In_LDAP_Page 54 55 # Buttons under settings section. 56 Page Should Contain Element ${xpath_service_radio_button} 57 Page Should Contain Element ${xpath_save_settings_button} 58 59 # Buttons under role groups section. 60 Page Should Contain Element ${xpath_add_role_group_button} 61 62 63Verify Existence Of All Checkboxes In LDAP Page 64 [Documentation] Verify existence of all checkboxes in LDAP page. 65 [Tags] Verify_Existence_Of_All_Checkboxes_In_LDAP_Page 66 67 # Checkboxes under settings section. 68 Page Should Contain Element ${xpath_enable_ldap_checkbox} 69 Page Should Contain Element ${xpath_secure_ldap_checkbox} 70 71 72Verify LDAP Configurations Editable 73 [Documentation] Verify LDAP configurations are editable. 74 [Tags] Verify_LDAP_Configurations_Editable 75 76 Create LDAP Configuration ${LDAP_SERVER_URI} ${LDAP_TYPE} ${LDAP_BIND_DN} 77 ... ${LDAP_BIND_DN_PASSWORD} ${LDAP_BASE_DN} 78 Wait Until Page Contains Element ${xpath_ldap_url} 79 Textfield Value Should Be ${xpath_ldap_url} ${LDAP_SERVER_URI} 80 Textfield Value Should Be ${xpath_ldap_bind_dn} ${LDAP_BIND_DN} 81 Textfield Value Should Be ${xpath_ldap_password} ${empty} 82 Textfield Value Should Be ${xpath_ldap_base_dn} ${LDAP_BASE_DN} 83 84 85Verify Create LDAP Configuration 86 [Documentation] Verify created LDAP configuration. 87 [Tags] Verify_Created_LDAP_Configuration 88 [Teardown] Run Keywords Redfish.Logout AND Redfish.Login 89 90 Create LDAP Configuration 91 Get LDAP Configuration ${LDAP_TYPE} 92 Redfish.Logout 93 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD} 94 95 96Verify LDAP Config Update With Incorrect LDAP IP Address 97 [Documentation] Verify that LDAP login fails with incorrect LDAP IP Address. 98 [Tags] Verify_LDAP_Config_Update_With_Incorrect_LDAP_IP_Address 99 [Teardown] Run Keywords Redfish.Logout AND Redfish.Login 100 101 Create LDAP Configuration ${incorrect_ip} ${LDAP_TYPE} ${LDAP_BIND_DN} 102 ... ${LDAP_BIND_DN_PASSWORD} ${LDAP_BASE_DN} ${LDAP_MODE} 103 104 Get LDAP Configuration ${LDAP_TYPE} 105 Redfish.Logout 106 107 ${resp}= Run Keyword And Return Status 108 ... Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD} 109 Should Be Equal ${resp} ${False} 110 ... msg=LDAP user was able to login though the incorrect LDAP IP Address. 111 112 113Verify LDAP Service Disable 114 [Documentation] Verify that LDAP user cannot login when LDAP service is disabled. 115 [Tags] Verify_LDAP_Service_Disable 116 [Teardown] Run Keywords Redfish.Logout AND Redfish.Login 117 118 ${status}= Run Keyword And Return Status 119 ... Checkbox Should Be Selected ${xpath_enable_ldap_checkbox} 120 121 Run Keyword If ${status} == ${True} 122 ... Click Element At Coordinates ${xpath_enable_ldap_checkbox} 0 0 123 124 Checkbox Should Not Be Selected ${xpath_enable_ldap_checkbox} 125 Click Element ${xpath_ldap_save_settings} 126 Wait Until Page Contains Successfully saved Open LDAP settings 127 Click Element ${xpath_refresh_button} 128 Wait Until Page Contains Element ${xpath_ldap_heading} 129 Redfish.Logout 130 131 ${resp}= Run Keyword And Return Status 132 ... Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD} 133 Should Be Equal ${resp} ${False} 134 ... msg=LDAP user was able to login even though the LDAP service was disabled. 135 136 137Verify LDAP User With Admin Privilege 138 [Documentation] Verify that LDAP user with administrator privilege is able to do BMC reboot. 139 [Tags] Verify_LDAP_User_With_Admin_Privilege 140 [Teardown] Run Keywords Redfish.Login AND Delete LDAP Role Group ${GROUP_NAME} 141 142 Update LDAP Configuration with LDAP User Role And Group ${GROUP_NAME} ${GROUP_PRIVILEGE} 143 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD} 144 Redfish OBMC Reboot (off) 145 Redfish.Logout 146 147 148Verify Enabling LDAP 149 [Documentation] Verify that LDAP can be enabled from disabled state. 150 [Tags] Verify_Enabling_LDAP 151 152 Disable LDAP Configuration 153 Create LDAP Configuration 154 155 156Read Network Configuration Via Different User Roles And Verify Using GUI 157 [Documentation] Read network configuration via different user roles and verify. 158 [Tags] Read_Network_Configuration_Via_Different_User_Roles_And_Verify_Using_GUI 159 [Template] Update LDAP User Role And Read Network Configuration Via GUI 160 161 # group_name user_role valid_status_code 162 ${GROUP_NAME} Administrator ${HTTP_OK} 163 ${GROUP_NAME} Operator ${HTTP_OK} 164 ${GROUP_NAME} ReadOnly ${HTTP_OK} 165 ${GROUP_NAME} NoAccess ${HTTP_FORBIDDEN} 166 167 168*** Keywords *** 169 170Suite Setup Execution 171 [Documentation] Do test case setup tasks. 172 173 Launch Browser And Login GUI 174 175 # Navigate to https://xx.xx.xx.xx/#/security-and-access/ldap LDAP page. 176 Click Element ${xpath_secuity_and_accesss_menu} 177 Click Element ${xpath_ldap_sub_menu} 178 Wait Until Keyword Succeeds 30 sec 10 sec Location Should Contain ldap 179 Wait Until Element Is Enabled ${xpath_enable_ldap_checkbox} timeout=10s 180 181 Valid Value LDAP_TYPE valid_values=["ActiveDirectory", "LDAP"] 182 Valid Value LDAP_USER 183 Valid Value LDAP_USER_PASSWORD 184 Valid Value GROUP_PRIVILEGE 185 Valid Value GROUP_NAME 186 Valid Value LDAP_SERVER_URI 187 Valid Value LDAP_BIND_DN_PASSWORD 188 Valid Value LDAP_BIND_DN 189 Valid Value LDAP_BASE_DN 190 Valid Value LDAP_MODE valid_values=["secure", "nonsecure"] 191 192 193Create LDAP Configuration 194 [Documentation] Create LDAP configuration. 195 [Arguments] ${ldap_server_uri}=${LDAP_SERVER_URI} ${ldap_servicetype}=${LDAP_TYPE} 196 ... ${ldap_bind_dn}=${LDAP_BIND_DN} ${ldap_bind_dn_password}=${LDAP_BIND_DN_PASSWORD} 197 ... ${ldap_base_dn}=${LDAP_BASE_DN} ${ldap_mode}=${LDAP_MODE} 198 199 # Description of argument(s): 200 # ldap_server_uri LDAP server uri (e.g. ldap://XX.XX.XX.XX). 201 # ldap_type The LDAP type ("ActiveDirectory" or "LDAP"). 202 # ldap_bind_dn The LDAP bind distinguished name. 203 # ldap_bind_dn_password The LDAP bind distinguished name password. 204 # ldap_base_dn The LDAP base distinguished name. 205 206 # Clearing existing LDAP configuration by disabling it. 207 Redfish.Patch ${REDFISH_BASE_URI}AccountService 208 ... body={'${LDAP_TYPE}': {'ServiceEnabled': ${False}}} 209 210 # Wait for GUI to reflect LDAP disabled status. 211 Run Keywords Refresh GUI AND Sleep 10s 212 213 Click Element ${xpath_enable_ldap_checkbox} 214 ${radio_buttons}= Get WebElements ${xpath_service_radio_button} 215 216 Run Keyword If '${ldap_service_type}' == 'LDAP' 217 ... Click Element At Coordinates ${radio_buttons}[${0}] 0 0 218 ... ELSE Click Element At Coordinates ${radio_buttons}[${1}] 0 0 219 220 Wait Until Page Contains Element ${xpath_ldap_url} 221 Run Keyword If '${ldap_mode}' == 'secure' 222 ... Click Element At Coordinates ${xpath_secure_ldap_checkbox} 0 0 223 224 Input Text ${xpath_ldap_url} ${ldap_server_uri} 225 Input Text ${xpath_ldap_bind_dn} ${ldap_bind_dn} 226 Input Text ${xpath_ldap_password} ${ldap_bind_dn_password} 227 Input Text ${xpath_ldap_base_dn} ${ldap_base_dn} 228 Click Element ${xpath_ldap_save_settings} 229 230 Run Keyword If '${ldap_service_type}'=='LDAP' 231 ... Wait Until Page Contains Successfully saved Open LDAP settings 232 ... ELSE 233 ... Wait Until Page Contains Successfully saved Active Directory settings 234 235 Click Element ${xpath_refresh_button} 236 Wait Until Page Contains Element ${xpath_ldap_heading} 237 238 239Get LDAP Configuration 240 [Documentation] Retrieve LDAP Configuration. 241 [Arguments] ${ldap_type} 242 243 # Description of argument(s): 244 # ldap_type The LDAP type ("ActiveDirectory" or "LDAP"). 245 246 ${radio_buttons}= Get WebElements ${xpath_service_radio_button} 247 248 ${status}= Run Keyword And Return Status 249 ... Run Keyword If '${ldap_type}'=='LDAP' 250 ... Checkbox Should Be Selected ${radio_buttons}[${0}] 251 ... ELSE 252 ... Checkbox Should Be Selected ${radio_buttons}[${1}] 253 Should Be Equal ${status} ${True} 254 255 256Update LDAP Configuration With LDAP User Role And Group 257 [Documentation] Update LDAP configuration update with LDAP user role and group. 258 [Arguments] ${group_name} ${group_privilege} 259 260 # Description of argument(s): 261 # group_name The group name of LDAP user. 262 # group_privilege The group privilege for LDAP user 263 # (e.g. "Administrator", "Operator", "ReadOnly" or "NoAcccess"). 264 265 Create LDAP Configuration 266 Click Element ${xpath_add_role_group_button} 267 Input Text ${xpath_add_group_name} ${group_name} 268 Select From List By Value ${xpath_add_group_Privilege} ${group_privilege} 269 Click Element ${xpath_add_privilege_button} 270 271 # Verify group name after adding. 272 ${ldap_group_name}= Get LDAP Privilege And Group Name Via Redfish 273 List Should Contain Value ${ldap_group_name} ${group_name} 274 275 276Delete LDAP Role Group 277 [Documentation] Delete LDAP role group. 278 [Arguments] ${group_name} 279 280 # Description of argument(s): 281 # group_name The group name of LDAP user. 282 283 # Verify given group name is exist before deleting. 284 ${ldap_group_name}= Get LDAP Privilege And Group Name Via Redfish 285 List Should Contain Value ${ldap_group_name} ${group_name} msg=${group_name} not available. 286 287 ${get_groupname_index}= Get Index From List ${ldap_group_name} ${group_name} 288 ${delete_group_elements}= Get WebElements ${xpath_delete_group_button} 289 Click Element ${delete_group_elements}[${get_groupname_index}] 290 Click Element ${xpath_delete_button} 291 292 # Verify group name after deleting. 293 ${ldap_group_name}= Get LDAP Privilege And Group Name Via Redfish 294 List Should Not Contain Value ${ldap_group_name} ${group_name} msg=${group_name} not available. 295 296 297Disable LDAP Configuration 298 [Documentation] Disable LDAP configuration on BMC. 299 300 ${status}= Run Keyword And Return Status 301 ... Checkbox Should Be Selected ${xpath_enable_ldap_checkbox} 302 303 Run Keyword If ${status} == ${True} 304 ... Click Element At Coordinates ${xpath_enable_ldap_checkbox} 0 0 305 306 Checkbox Should Not Be Selected ${xpath_enable_ldap_checkbox} 307 Click Element ${xpath_ldap_save_settings} 308 Wait Until Page Contains Successfully saved Open LDAP settings 309 Click Element ${xpath_refresh_button} 310 Wait Until Page Contains Element ${xpath_ldap_heading} 311 312 313Login BMC And Navigate To LDAP Page 314 [Documentation] Login BMC and navigate to ldap page. 315 [Arguments] ${username}=${OPENBMC_USERNAME} ${password}=${OPENBMC_PASSWORD} 316 317 # Description of argument(s): 318 # username The username to be used for login. 319 # password The password to be used for login. 320 321 Login GUI ${username} ${password} 322 # Navigate to https://xx.xx.xx.xx/#/security-and-access/ldap LDAP page. 323 Click Element ${xpath_secuity_and_accesss_menu} 324 Click Element ${xpath_ldap_sub_menu} 325 Wait Until Keyword Succeeds 30 sec 10 sec Location Should Contain ldap 326 327 328Update LDAP User Role And Read Network Configuration Via GUI 329 [Documentation] Update LDAP user role and read network configuration via GUI. 330 [Arguments] ${group_name} ${user_role} ${valid_status_codes} 331 [Teardown] Run Keywords Logout GUI AND Login BMC And Navigate To LDAP Page 332 ... AND Delete LDAP Role Group ${group_name} 333 334 # Description of argument(s): 335 # group_privilege The group privilege ("Administrator", "Operator", "ReadOnly" or "NoAccess"). 336 # group_name The group name of user. 337 # valid_status_code The expected valid status code. 338 339 340 Update LDAP Configuration with LDAP User Role And Group ${group_name} ${user_role} 341 Logout GUI 342 Login GUI ${LDAP_USER} ${LDAP_USER_PASSWORD} 343 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD} 344 345 Click Element ${xpath_server_configuration} 346 Click Element ${xpath_select_network_settings} 347 Wait Until Keyword Succeeds 30 sec 10 sec Location Should Contain network-settings 348 349 ${resp}= Redfish.Get ${REDFISH_NW_ETH0_URI} valid_status_codes=[${valid_status_codes}] 350 Return From Keyword If ${valid_status_codes} == ${HTTP_FORBIDDEN} 351 352 ${host_name}= Redfish.Get Attribute ${REDFISH_NW_PROTOCOL_URI} HostName 353 Textfield Value Should Be ${xpath_hostname_input} ${host_name} 354 355 ${mac_address}= Redfish.Get Attribute ${REDFISH_NW_ETH0_URI} MACAddress 356 Textfield Value Should Be ${xpath_mac_address_input} ${mac_address} 357