1*** Settings ***
2
3Documentation  Test OpenBMC GUI "LDAP" sub-menu of "Security and access".
4
5Resource        ../../lib/gui_resource.robot
6Resource        ../../../lib/bmc_ldap_utils.robot
7
8Suite Setup     Suite Setup Execution
9Suite Teardown  Close Browser
10
11
12*** Variables ***
13
14${xpath_ldap_heading}                   //h1[text()="LDAP"]
15${xpath_enable_ldap_checkbox}           //*[@data-test-id='ldap-checkbox-ldapAuthenticationEnabled']//following-sibling::label
16${xpath_secure_ldap_checkbox}           //*[@data-test-id='ldap-checkbox-secureLdapEnabled']
17${xpath_service_radio_button}           //*[@data-test-id="ldap-radio-activeDirectoryEnabled"]
18${xpath_add_role_group_button}          //button[contains(text(),'Add role group')]
19${xpath_ldap_url}                       //*[@data-test-id='ldap-input-serverUri']
20${xpath_ldap_bind_dn}                   //*[@data-test-id='ldap-input-bindDn']
21${xpath_ldap_password}                  //*[@id='bind-password']
22${xpath_ldap_base_dn}                   //*[@data-test-id='ldap-input-baseDn']
23${xpath_ldap_save_settings}             //*[@data-test-id='ldap-button-saveSettings']
24${xpath_select_refresh_button}          //*[text()[contains(.,"Refresh")]]
25${xpath_add_group_name}                 //*[@id="role-group-name"]
26${xpath_add_group_Privilege}            //*[@id="privilege"]
27${xpath_add_privilege_button}           //button[text()=" Add "]
28${xpath_delete_group_button}            //*[@title="Delete"]
29${xpath_delete_button}                  //button[text()="Delete"]
30
31
32${incorrect_ip}     1.2.3.4
33
34*** Test Cases ***
35
36Verify Navigation To LDAP Page
37    [Documentation]  Verify navigation to LDAP page.
38    [Tags]  Verify_Navigation_To_LDAP_Page
39
40    Page Should Contain Element  ${xpath_ldap_heading}
41
42
43Verify Existence Of All Sections In LDAP Page
44    [Documentation]  Verify existence of all sections in LDAP page.
45    [Tags]  Verify_Existence_Of_All_Sections_In_LDAP_Page
46
47    Page Should Contain  Settings
48    Page Should Contain  Role groups
49
50
51Verify Existence Of All Buttons In LDAP Page
52    [Documentation]  Verify existence of all buttons in LDAP page.
53    [Tags]  Verify_Existence_Of_All_Buttons_In_LDAP_Page
54
55    # Buttons under settings section.
56    Page Should Contain Element  ${xpath_service_radio_button}
57    Page Should Contain Element  ${xpath_save_settings_button}
58
59    # Buttons under role groups section.
60    Page Should Contain Element  ${xpath_add_role_group_button}
61
62
63Verify Existence Of All Checkboxes In LDAP Page
64    [Documentation]  Verify existence of all checkboxes in LDAP page.
65    [Tags]  Verify_Existence_Of_All_Checkboxes_In_LDAP_Page
66
67    # Checkboxes under settings section.
68    Page Should Contain Element  ${xpath_enable_ldap_checkbox}
69    Page Should Contain Element  ${xpath_secure_ldap_checkbox}
70
71
72Verify LDAP Configurations Editable
73    [Documentation]  Verify LDAP configurations are editable.
74    [Tags]  Verify_LDAP_Configurations_Editable
75
76    Create LDAP Configuration  ${LDAP_SERVER_URI}  ${LDAP_TYPE}  ${LDAP_BIND_DN}
77    ...  ${LDAP_BIND_DN_PASSWORD}  ${LDAP_BASE_DN}
78    Wait Until Page Contains Element  ${xpath_ldap_url}
79    Textfield Value Should Be  ${xpath_ldap_url}  ${LDAP_SERVER_URI}
80    Textfield Value Should Be  ${xpath_ldap_bind_dn}  ${LDAP_BIND_DN}
81    Textfield Value Should Be  ${xpath_ldap_password}  ${empty}
82    Textfield Value Should Be  ${xpath_ldap_base_dn}  ${LDAP_BASE_DN}
83
84
85Verify Create LDAP Configuration
86    [Documentation]  Verify created LDAP configuration.
87    [Tags]  Verify_Created_LDAP_Configuration
88    [Teardown]  Run Keywords  Redfish.Logout  AND  Redfish.Login
89
90    Create LDAP Configuration
91    Get LDAP Configuration  ${LDAP_TYPE}
92    Redfish.Logout
93    Redfish.Login  ${LDAP_USER}  ${LDAP_USER_PASSWORD}
94
95
96Verify LDAP Config Update With Incorrect LDAP IP Address
97    [Documentation]  Verify that LDAP login fails with incorrect LDAP IP Address.
98    [Tags]  Verify_LDAP_Config_Update_With_Incorrect_LDAP_IP_Address
99    [Teardown]  Run Keywords  Redfish.Logout  AND  Redfish.Login
100
101    Create LDAP Configuration  ${incorrect_ip}   ${LDAP_TYPE}  ${LDAP_BIND_DN}
102    ...  ${LDAP_BIND_DN_PASSWORD}  ${LDAP_BASE_DN}  ${LDAP_MODE}
103
104    Get LDAP Configuration  ${LDAP_TYPE}
105    Redfish.Logout
106
107    ${resp}=  Run Keyword And Return Status
108    ...  Redfish.Login  ${LDAP_USER}  ${LDAP_USER_PASSWORD}
109    Should Be Equal  ${resp}  ${False}
110    ...  msg=LDAP user was able to login though the incorrect LDAP IP Address.
111
112
113Verify LDAP Service Disable
114    [Documentation]  Verify that LDAP user cannot login when LDAP service is disabled.
115    [Tags]  Verify_LDAP_Service_Disable
116    [Teardown]  Run Keywords  Redfish.Logout  AND  Redfish.Login
117
118    ${status}=  Run Keyword And Return Status
119    ...  Checkbox Should Be Selected  ${xpath_enable_ldap_checkbox}
120
121    Run Keyword If  ${status} == ${True}
122    ...  Click Element At Coordinates  ${xpath_enable_ldap_checkbox}  0  0
123
124    Checkbox Should Not Be Selected  ${xpath_enable_ldap_checkbox}
125    Click Element  ${xpath_ldap_save_settings}
126    Wait Until Page Contains  Successfully saved Open LDAP settings
127    Click Element  ${xpath_refresh_button}
128    Wait Until Page Contains Element  ${xpath_ldap_heading}
129    Redfish.Logout
130
131    ${resp}=  Run Keyword And Return Status
132    ...  Redfish.Login  ${LDAP_USER}  ${LDAP_USER_PASSWORD}
133    Should Be Equal  ${resp}  ${False}
134    ...  msg=LDAP user was able to login even though the LDAP service was disabled.
135
136
137Verify LDAP User With Admin Privilege
138    [Documentation]  Verify that LDAP user with administrator privilege is able to do BMC reboot.
139    [Tags]  Verify_LDAP_User_With_Admin_Privilege
140    [Teardown]  Run Keywords  Redfish.Login  AND  Delete LDAP Role Group  ${GROUP_NAME}
141
142    Update LDAP Configuration with LDAP User Role And Group  ${GROUP_NAME}  ${GROUP_PRIVILEGE}
143    Redfish.Login  ${LDAP_USER}  ${LDAP_USER_PASSWORD}
144    Redfish OBMC Reboot (off)
145    Redfish.Logout
146
147
148Verify Enabling LDAP
149     [Documentation]  Verify that LDAP can be enabled from disabled state.
150     [Tags]  Verify_Enabling_LDAP
151
152     Disable LDAP Configuration
153     Create LDAP Configuration
154
155
156Read Network Configuration Via Different User Roles And Verify Using GUI
157    [Documentation]  Read network configuration via different user roles and verify.
158    [Tags]  Read_Network_Configuration_Via_Different_User_Roles_And_Verify_Using_GUI
159    [Template]  Update LDAP User Role And Read Network Configuration Via GUI
160
161    # group_name     user_role      valid_status_code
162    ${GROUP_NAME}    Administrator  ${HTTP_OK}
163    ${GROUP_NAME}    Operator       ${HTTP_OK}
164    ${GROUP_NAME}    ReadOnly       ${HTTP_OK}
165    ${GROUP_NAME}    NoAccess       ${HTTP_FORBIDDEN}
166
167
168*** Keywords ***
169
170Suite Setup Execution
171    [Documentation]  Do test case setup tasks.
172
173    Launch Browser And Login GUI
174
175    # Navigate to https://xx.xx.xx.xx/#/security-and-access/ldap  LDAP page.
176    Click Element  ${xpath_secuity_and_accesss_menu}
177    Click Element  ${xpath_ldap_sub_menu}
178    Wait Until Keyword Succeeds  30 sec  10 sec  Location Should Contain  ldap
179    Wait Until Element Is Enabled  ${xpath_enable_ldap_checkbox}  timeout=10s
180
181    Valid Value  LDAP_TYPE  valid_values=["ActiveDirectory", "LDAP"]
182    Valid Value  LDAP_USER
183    Valid Value  LDAP_USER_PASSWORD
184    Valid Value  GROUP_PRIVILEGE
185    Valid Value  GROUP_NAME
186    Valid Value  LDAP_SERVER_URI
187    Valid Value  LDAP_BIND_DN_PASSWORD
188    Valid Value  LDAP_BIND_DN
189    Valid Value  LDAP_BASE_DN
190    Valid Value  LDAP_MODE  valid_values=["secure", "nonsecure"]
191
192
193Create LDAP Configuration
194    [Documentation]  Create LDAP configuration.
195    [Arguments]  ${ldap_server_uri}=${LDAP_SERVER_URI}  ${ldap_servicetype}=${LDAP_TYPE}
196    ...  ${ldap_bind_dn}=${LDAP_BIND_DN}  ${ldap_bind_dn_password}=${LDAP_BIND_DN_PASSWORD}
197    ...  ${ldap_base_dn}=${LDAP_BASE_DN}  ${ldap_mode}=${LDAP_MODE}
198
199    # Description of argument(s):
200    # ldap_server_uri        LDAP server uri (e.g. ldap://XX.XX.XX.XX).
201    # ldap_type              The LDAP type ("ActiveDirectory" or "LDAP").
202    # ldap_bind_dn           The LDAP bind distinguished name.
203    # ldap_bind_dn_password  The LDAP bind distinguished name password.
204    # ldap_base_dn           The LDAP base distinguished name.
205
206    # Clearing existing LDAP configuration by disabling it.
207    Redfish.Patch  ${REDFISH_BASE_URI}AccountService
208    ...  body={'${LDAP_TYPE}': {'ServiceEnabled': ${False}}}
209
210    # Wait for GUI to reflect LDAP disabled status.
211    Run Keywords  Refresh GUI  AND  Sleep  10s
212
213    Click Element  ${xpath_enable_ldap_checkbox}
214    ${radio_buttons}=  Get WebElements  ${xpath_service_radio_button}
215
216    Run Keyword If  '${ldap_service_type}' == 'LDAP'
217    ...  Click Element At Coordinates  ${radio_buttons}[${0}]  0  0
218    ...  ELSE  Click Element At Coordinates  ${radio_buttons}[${1}]  0  0
219
220    Wait Until Page Contains Element  ${xpath_ldap_url}
221    Run Keyword If  '${ldap_mode}' == 'secure'
222    ...   Click Element At Coordinates  ${xpath_secure_ldap_checkbox}  0  0
223
224    Input Text  ${xpath_ldap_url}  ${ldap_server_uri}
225    Input Text  ${xpath_ldap_bind_dn}  ${ldap_bind_dn}
226    Input Text  ${xpath_ldap_password}  ${ldap_bind_dn_password}
227    Input Text  ${xpath_ldap_base_dn}  ${ldap_base_dn}
228    Click Element  ${xpath_ldap_save_settings}
229
230    Run Keyword If  '${ldap_service_type}'=='LDAP'
231    ...  Wait Until Page Contains  Successfully saved Open LDAP settings
232    ...  ELSE
233    ...  Wait Until Page Contains  Successfully saved Active Directory settings
234
235    Click Element  ${xpath_refresh_button}
236    Wait Until Page Contains Element  ${xpath_ldap_heading}
237
238
239Get LDAP Configuration
240    [Documentation]  Retrieve LDAP Configuration.
241    [Arguments]   ${ldap_type}
242
243    # Description of argument(s):
244    # ldap_type  The LDAP type ("ActiveDirectory" or "LDAP").
245
246    ${radio_buttons}=  Get WebElements  ${xpath_service_radio_button}
247
248    ${status}=  Run Keyword And Return Status
249    ...  Run Keyword If  '${ldap_type}'=='LDAP'
250    ...  Checkbox Should Be Selected  ${radio_buttons}[${0}]
251    ...  ELSE
252    ...  Checkbox Should Be Selected  ${radio_buttons}[${1}]
253    Should Be Equal  ${status}  ${True}
254
255
256Update LDAP Configuration With LDAP User Role And Group
257    [Documentation]  Update LDAP configuration update with LDAP user role and group.
258    [Arguments]  ${group_name}  ${group_privilege}
259
260    # Description of argument(s):
261    # group_name       The group name of LDAP user.
262    # group_privilege  The group privilege for LDAP user
263    #                  (e.g. "Administrator", "Operator", "ReadOnly" or "NoAcccess").
264
265    Create LDAP Configuration
266    Click Element  ${xpath_add_role_group_button}
267    Input Text  ${xpath_add_group_name}  ${group_name}
268    Select From List By Value  ${xpath_add_group_Privilege}  ${group_privilege}
269    Click Element  ${xpath_add_privilege_button}
270
271    # Verify group name after adding.
272    ${ldap_group_name}=  Get LDAP Privilege And Group Name Via Redfish
273    List Should Contain Value  ${ldap_group_name}  ${group_name}
274
275
276Delete LDAP Role Group
277    [Documentation]  Delete LDAP role group.
278    [Arguments]  ${group_name}
279
280    # Description of argument(s):
281    # group_name         The group name of LDAP user.
282
283    #  Verify given group name is exist before deleting.
284    ${ldap_group_name}=  Get LDAP Privilege And Group Name Via Redfish
285    List Should Contain Value  ${ldap_group_name}  ${group_name}  msg=${group_name} not available.
286
287    ${get_groupname_index}=  Get Index From List  ${ldap_group_name}  ${group_name}
288    ${delete_group_elements}=  Get WebElements  ${xpath_delete_group_button}
289    Click Element  ${delete_group_elements}[${get_groupname_index}]
290    Click Element  ${xpath_delete_button}
291
292    # Verify group name after deleting.
293    ${ldap_group_name}=  Get LDAP Privilege And Group Name Via Redfish
294    List Should Not Contain Value  ${ldap_group_name}  ${group_name}  msg=${group_name} not available.
295
296
297Disable LDAP Configuration
298    [Documentation]  Disable LDAP configuration on BMC.
299
300    ${status}=  Run Keyword And Return Status
301    ...  Checkbox Should Be Selected  ${xpath_enable_ldap_checkbox}
302
303    Run Keyword If  ${status} == ${True}
304    ...  Click Element At Coordinates  ${xpath_enable_ldap_checkbox}  0  0
305
306    Checkbox Should Not Be Selected  ${xpath_enable_ldap_checkbox}
307    Click Element  ${xpath_ldap_save_settings}
308    Wait Until Page Contains  Successfully saved Open LDAP settings
309    Click Element  ${xpath_refresh_button}
310    Wait Until Page Contains Element  ${xpath_ldap_heading}
311
312
313Login BMC And Navigate To LDAP Page
314    [Documentation]  Login BMC and navigate to ldap page.
315    [Arguments]  ${username}=${OPENBMC_USERNAME}  ${password}=${OPENBMC_PASSWORD}
316
317    # Description of argument(s):
318    # username  The username to be used for login.
319    # password  The password to be used for login.
320
321    Login GUI  ${username}  ${password}
322    # Navigate to https://xx.xx.xx.xx/#/security-and-access/ldap  LDAP page.
323    Click Element  ${xpath_secuity_and_accesss_menu}
324    Click Element  ${xpath_ldap_sub_menu}
325    Wait Until Keyword Succeeds  30 sec  10 sec  Location Should Contain  ldap
326
327
328Update LDAP User Role And Read Network Configuration Via GUI
329    [Documentation]  Update LDAP user role and read network configuration via GUI.
330    [Arguments]  ${group_name}  ${user_role}  ${valid_status_codes}
331    [Teardown]  Run Keywords  Logout GUI  AND  Login BMC And Navigate To LDAP Page
332    ...  AND  Delete LDAP Role Group  ${group_name}
333
334    # Description of argument(s):
335    # group_privilege    The group privilege ("Administrator", "Operator", "ReadOnly" or "NoAccess").
336    # group_name         The group name of user.
337    # valid_status_code  The expected valid status code.
338
339
340    Update LDAP Configuration with LDAP User Role And Group  ${group_name}  ${user_role}
341    Logout GUI
342    Login GUI  ${LDAP_USER}  ${LDAP_USER_PASSWORD}
343    Redfish.Login  ${LDAP_USER}  ${LDAP_USER_PASSWORD}
344
345    Click Element  ${xpath_server_configuration}
346    Click Element  ${xpath_select_network_settings}
347    Wait Until Keyword Succeeds  30 sec  10 sec  Location Should Contain  network-settings
348
349    ${resp}=  Redfish.Get  ${REDFISH_NW_ETH0_URI}  valid_status_codes=[${valid_status_codes}]
350    Return From Keyword If  ${valid_status_codes} == ${HTTP_FORBIDDEN}
351
352    ${host_name}=  Redfish.Get Attribute  ${REDFISH_NW_PROTOCOL_URI}  HostName
353    Textfield Value Should Be  ${xpath_hostname_input}  ${host_name}
354
355    ${mac_address}=  Redfish.Get Attribute  ${REDFISH_NW_ETH0_URI}  MACAddress
356    Textfield Value Should Be  ${xpath_mac_address_input}  ${mac_address}
357