1*** Settings *** 2 3Documentation Test OpenBMC GUI "LDAP" sub-menu of "Security and access". 4 5Resource ../../lib/gui_resource.robot 6Resource ../../../lib/bmc_ldap_utils.robot 7 8Suite Setup Suite Setup Execution 9Suite Teardown Close Browser 10 11Force Tags LDAP_Sub_Menu 12 13*** Variables *** 14 15${xpath_ldap_heading} //h1[text()="LDAP"] 16${xpath_enable_ldap_checkbox} //*[@data-test-id='ldap-checkbox-ldapAuthenticationEnabled'] 17${xpath_secure_ldap_checkbox} //*[@data-test-id='ldap-checkbox-secureLdapEnabled'] 18${xpath_service_radio_button} //*[@data-test-id="ldap-radio-activeDirectoryEnabled"] 19${xpath_add_role_group_button} //button[contains(text(),'Add role group')] 20${xpath_ldap_url} //*[@data-test-id='ldap-input-serverUri'] 21${xpath_ldap_bind_dn} //*[@data-test-id='ldap-input-bindDn'] 22${xpath_ldap_password} //*[@id='bind-password'] 23${xpath_ldap_base_dn} //*[@data-test-id='ldap-input-baseDn'] 24${xpath_ldap_save_settings} //*[@data-test-id='ldap-button-saveSettings'] 25${xpath_select_refresh_button} //*[text()[contains(.,"Refresh")]] 26${xpath_add_group_name} //*[@id="role-group-name"] 27${xpath_add_group_Privilege} //*[@id="privilege"] 28${xpath_add_privilege_button} //button[text()=" Add "] 29${xpath_delete_group_button} //*[@title="Delete"] 30${xpath_delete_button} //button[text()="Delete"] 31 32 33${incorrect_ip} 1.2.3.4 34${wrong_ldap_port} 135 35 36*** Test Cases *** 37 38Verify Navigation To LDAP Page 39 [Documentation] Verify navigation to LDAP page. 40 [Tags] Verify_Navigation_To_LDAP_Page 41 42 Page Should Contain Element ${xpath_ldap_heading} 43 44 45Verify Existence Of All Sections In LDAP Page 46 [Documentation] Verify existence of all sections in LDAP page. 47 [Tags] Verify_Existence_Of_All_Sections_In_LDAP_Page 48 49 Page Should Contain Settings 50 Page Should Contain Role groups 51 52 53Verify Existence Of All Buttons In LDAP Page 54 [Documentation] Verify existence of all buttons in LDAP page. 55 [Tags] Verify_Existence_Of_All_Buttons_In_LDAP_Page 56 57 # Buttons under settings section. 58 Page Should Contain Element ${xpath_service_radio_button} 59 Page Should Contain Element ${xpath_save_settings_button} 60 61 # Buttons under role groups section. 62 Page Should Contain Element ${xpath_add_role_group_button} 63 64 65Verify Existence Of All Checkboxes In LDAP Page 66 [Documentation] Verify existence of all checkboxes in LDAP page. 67 [Tags] Verify_Existence_Of_All_Checkboxes_In_LDAP_Page 68 69 # Checkboxes under settings section. 70 Page Should Contain Element ${xpath_enable_ldap_checkbox} 71 Page Should Contain Element ${xpath_secure_ldap_checkbox} 72 73 74Verify LDAP Configurations Editable 75 [Documentation] Verify LDAP configurations are editable. 76 [Tags] Verify_LDAP_Configurations_Editable 77 [Setup] Redfish.Login 78 [Teardown] Redfish.Logout 79 80 Create LDAP Configuration ${LDAP_SERVER_URI} ${LDAP_TYPE} ${LDAP_BIND_DN} 81 ... ${LDAP_BIND_DN_PASSWORD} ${LDAP_BASE_DN} 82 Wait Until Page Contains Element ${xpath_ldap_url} 83 Textfield Value Should Be ${xpath_ldap_url} ${LDAP_SERVER_URI} 84 Textfield Value Should Be ${xpath_ldap_bind_dn} ${LDAP_BIND_DN} 85 Textfield Value Should Be ${xpath_ldap_password} ${empty} 86 Textfield Value Should Be ${xpath_ldap_base_dn} ${LDAP_BASE_DN} 87 88 89Verify Create LDAP Configuration 90 [Documentation] Verify created LDAP configuration. 91 [Tags] Verify_Create_LDAP_Configuration 92 [Teardown] Run Keywords Redfish.Logout AND Redfish.Login 93 94 Create LDAP Configuration 95 Get LDAP Configuration ${LDAP_TYPE} 96 Redfish.Logout 97 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD} 98 99 100Verify LDAP Config Update With Incorrect LDAP IP Address 101 [Documentation] Verify that LDAP login fails with incorrect LDAP IP Address. 102 [Tags] Verify_LDAP_Config_Update_With_Incorrect_LDAP_IP_Address 103 [Setup] Redfish.Login 104 [Teardown] Run Keywords Redfish.Logout AND Redfish.Login 105 106 Create LDAP Configuration ${incorrect_ip} ${LDAP_TYPE} ${LDAP_BIND_DN} 107 ... ${LDAP_BIND_DN_PASSWORD} ${LDAP_BASE_DN} ${LDAP_MODE} 108 109 Get LDAP Configuration ${LDAP_TYPE} 110 Redfish.Logout 111 112 ${resp}= Run Keyword And Return Status 113 ... Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD} 114 Should Be Equal ${resp} ${False} 115 ... msg=LDAP user was able to login though the incorrect LDAP IP Address. 116 117 118Verify LDAP Service Disable 119 [Documentation] Verify that LDAP user cannot login when LDAP service is disabled. 120 [Tags] Verify_LDAP_Service_Disable 121 [Teardown] Run Keywords Redfish.Logout AND Redfish.Login 122 123 ${status}= Run Keyword And Return Status 124 ... Checkbox Should Be Selected ${xpath_enable_ldap_checkbox} 125 126 Run Keyword If ${status} == ${True} 127 ... Click Element At Coordinates ${xpath_enable_ldap_checkbox} 0 0 128 129 Checkbox Should Not Be Selected ${xpath_enable_ldap_checkbox} 130 Click Element ${xpath_ldap_save_settings} 131 Wait Until Page Contains Successfully saved Open LDAP settings 132 Click Element ${xpath_refresh_button} 133 Wait Until Page Contains Element ${xpath_ldap_heading} 134 Redfish.Logout 135 136 ${resp}= Run Keyword And Return Status 137 ... Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD} 138 Should Be Equal ${resp} ${False} 139 ... msg=LDAP user was able to login even though the LDAP service was disabled. 140 141 142Verify LDAP User With Admin Privilege 143 [Documentation] Verify that LDAP user with administrator privilege is able to do BMC reboot. 144 [Tags] Verify_LDAP_User_With_Admin_Privilege 145 [Teardown] Run Keywords Redfish.Login AND Delete LDAP Role Group ${GROUP_NAME} 146 147 Update LDAP Configuration with LDAP User Role And Group ${GROUP_NAME} ${GROUP_PRIVILEGE} 148 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD} 149 Redfish OBMC Reboot (off) 150 Redfish.Logout 151 152 153Verify Enabling LDAP 154 [Documentation] Verify that LDAP can be enabled from disabled state. 155 [Tags] Verify_Enabling_LDAP 156 157 Disable LDAP Configuration 158 Create LDAP Configuration 159 160 161Read Network Configuration Via Different User Roles And Verify Using GUI 162 [Documentation] Read network configuration via different user roles and verify. 163 [Tags] Read_Network_Configuration_Via_Different_User_Roles_And_Verify_Using_GUI 164 [Template] Update LDAP User Role And Read Network Configuration Via GUI 165 166 # group_name user_role valid_status_code 167 ${GROUP_NAME} Administrator ${HTTP_OK} 168 ${GROUP_NAME} Operator ${HTTP_OK} 169 ${GROUP_NAME} ReadOnly ${HTTP_OK} 170 ${GROUP_NAME} NoAccess ${HTTP_FORBIDDEN} 171 172 173Verify LDAP Login Fails On Wrong LDAP Port 174 [Documentation] Verify that LDAP login fails when wrong port is entered in LDAP URL. 175 [Tags] Verify_LDAP_Login_Fails_On_Wrong_LDAP_Port 176 [Teardown] Run Keywords Redfish.Logout AND Redfish.Login 177 178 ${ldap_uri_wrong_port}= Catenate SEPARATOR=: ${LDAP_SERVER_URI} ${wrong_ldap_port} 179 Create LDAP Configuration ${ldap_uri_wrong_port} ${LDAP_TYPE} ${LDAP_BIND_DN} 180 ... ${LDAP_BIND_DN_PASSWORD} ${LDAP_BASE_DN} ${LDAP_MODE} 181 182 Get LDAP Configuration ${LDAP_TYPE} 183 Redfish.Logout 184 185 ${resp}= Run Keyword And Return Status 186 ... Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD} 187 Should Be Equal ${resp} ${False} 188 ... msg=LDAP user was able to login though the wrong port in LDAP URL 189 190*** Keywords *** 191 192Suite Setup Execution 193 [Documentation] Do test case setup tasks. 194 195 Launch Browser And Login GUI 196 197 # Navigate to https://xx.xx.xx.xx/#/security-and-access/ldap LDAP page. 198 Click Element ${xpath_secuity_and_accesss_menu} 199 Click Element ${xpath_ldap_sub_menu} 200 Wait Until Keyword Succeeds 30 sec 10 sec Location Should Contain ldap 201 Wait Until Element Is Not Visible ${xpath_page_loading_progress_bar} timeout=30 202 Wait Until Element Is Enabled ${xpath_enable_ldap_checkbox} timeout=10s 203 204 Valid Value LDAP_TYPE valid_values=["ActiveDirectory", "LDAP"] 205 Valid Value LDAP_USER 206 Valid Value LDAP_USER_PASSWORD 207 Valid Value GROUP_PRIVILEGE 208 Valid Value GROUP_NAME 209 Valid Value LDAP_SERVER_URI 210 Valid Value LDAP_BIND_DN_PASSWORD 211 Valid Value LDAP_BIND_DN 212 Valid Value LDAP_BASE_DN 213 Valid Value LDAP_MODE valid_values=["secure", "nonsecure"] 214 215 216Create LDAP Configuration 217 [Documentation] Create LDAP configuration. 218 [Arguments] ${ldap_server_uri}=${LDAP_SERVER_URI} ${ldap_servicetype}=${LDAP_TYPE} 219 ... ${ldap_bind_dn}=${LDAP_BIND_DN} ${ldap_bind_dn_password}=${LDAP_BIND_DN_PASSWORD} 220 ... ${ldap_base_dn}=${LDAP_BASE_DN} ${ldap_mode}=${LDAP_MODE} 221 222 # Description of argument(s): 223 # ldap_server_uri LDAP server uri (e.g. ldap://XX.XX.XX.XX). 224 # ldap_type The LDAP type ("ActiveDirectory" or "LDAP"). 225 # ldap_bind_dn The LDAP bind distinguished name. 226 # ldap_bind_dn_password The LDAP bind distinguished name password. 227 # ldap_base_dn The LDAP base distinguished name. 228 229 # Clearing existing LDAP configuration by disabling it. 230 Redfish.Patch ${REDFISH_BASE_URI}AccountService 231 ... body={'${LDAP_TYPE}': {'ServiceEnabled': ${False}}} 232 233 # Wait for GUI to reflect LDAP disabled status. 234 Run Keywords Refresh GUI AND Sleep 10s 235 236 Click Element At Coordinates ${xpath_enable_ldap_checkbox} 0 0 237 ${radio_buttons}= Get WebElements ${xpath_service_radio_button} 238 239 Run Keyword If '${ldap_service_type}' == 'LDAP' 240 ... Click Element At Coordinates ${radio_buttons}[${0}] 0 0 241 ... ELSE Click Element At Coordinates ${radio_buttons}[${1}] 0 0 242 243 Wait Until Page Contains Element ${xpath_ldap_url} 244 Run Keyword If '${ldap_mode}' == 'secure' 245 ... Click Element At Coordinates ${xpath_secure_ldap_checkbox} 0 0 246 247 Input Text ${xpath_ldap_url} ${ldap_server_uri} 248 Input Text ${xpath_ldap_bind_dn} ${ldap_bind_dn} 249 Input Text ${xpath_ldap_password} ${ldap_bind_dn_password} 250 Input Text ${xpath_ldap_base_dn} ${ldap_base_dn} 251 Click Element ${xpath_ldap_save_settings} 252 253 Run Keyword If '${ldap_service_type}'=='LDAP' 254 ... Wait Until Page Contains Successfully saved Open LDAP settings 255 ... ELSE 256 ... Wait Until Page Contains Successfully saved Active Directory settings 257 258 Click Element ${xpath_refresh_button} 259 Wait Until Page Contains Element ${xpath_ldap_heading} 260 261 262Get LDAP Configuration 263 [Documentation] Retrieve LDAP Configuration. 264 [Arguments] ${ldap_type} 265 266 # Description of argument(s): 267 # ldap_type The LDAP type ("ActiveDirectory" or "LDAP"). 268 269 ${radio_buttons}= Get WebElements ${xpath_service_radio_button} 270 271 ${status}= Run Keyword And Return Status 272 ... Run Keyword If '${ldap_type}'=='LDAP' 273 ... Checkbox Should Be Selected ${radio_buttons}[${0}] 274 ... ELSE 275 ... Checkbox Should Be Selected ${radio_buttons}[${1}] 276 Should Be Equal ${status} ${True} 277 278 279Update LDAP Configuration With LDAP User Role And Group 280 [Documentation] Update LDAP configuration update with LDAP user role and group. 281 [Arguments] ${group_name} ${group_privilege} 282 283 # Description of argument(s): 284 # group_name The group name of LDAP user. 285 # group_privilege The group privilege for LDAP user 286 # (e.g. "Administrator", "Operator", "ReadOnly" or "NoAcccess"). 287 288 Create LDAP Configuration 289 Click Element ${xpath_add_role_group_button} 290 Input Text ${xpath_add_group_name} ${group_name} 291 Select From List By Value ${xpath_add_group_Privilege} ${group_privilege} 292 Click Element ${xpath_add_privilege_button} 293 294 # Verify group name after adding. 295 ${ldap_group_name}= Get LDAP Privilege And Group Name Via Redfish 296 List Should Contain Value ${ldap_group_name} ${group_name} 297 298 299Delete LDAP Role Group 300 [Documentation] Delete LDAP role group. 301 [Arguments] ${group_name} 302 303 # Description of argument(s): 304 # group_name The group name of LDAP user. 305 306 # Verify given group name is exist before deleting. 307 ${ldap_group_name}= Get LDAP Privilege And Group Name Via Redfish 308 List Should Contain Value ${ldap_group_name} ${group_name} msg=${group_name} not available. 309 310 ${get_groupname_index}= Get Index From List ${ldap_group_name} ${group_name} 311 ${delete_group_elements}= Get WebElements ${xpath_delete_group_button} 312 Click Element ${delete_group_elements}[${get_groupname_index}] 313 Click Element ${xpath_delete_button} 314 315 # Verify group name after deleting. 316 ${ldap_group_name}= Get LDAP Privilege And Group Name Via Redfish 317 List Should Not Contain Value ${ldap_group_name} ${group_name} msg=${group_name} not available. 318 319 320Disable LDAP Configuration 321 [Documentation] Disable LDAP configuration on BMC. 322 323 ${status}= Run Keyword And Return Status 324 ... Checkbox Should Be Selected ${xpath_enable_ldap_checkbox} 325 326 Run Keyword If ${status} == ${True} 327 ... Click Element At Coordinates ${xpath_enable_ldap_checkbox} 0 0 328 329 Checkbox Should Not Be Selected ${xpath_enable_ldap_checkbox} 330 Click Element ${xpath_ldap_save_settings} 331 Wait Until Page Contains Successfully saved Open LDAP settings 332 Click Element ${xpath_refresh_button} 333 Wait Until Page Contains Element ${xpath_ldap_heading} 334 335 336Login BMC And Navigate To LDAP Page 337 [Documentation] Login BMC and navigate to ldap page. 338 [Arguments] ${username}=${OPENBMC_USERNAME} ${password}=${OPENBMC_PASSWORD} 339 340 # Description of argument(s): 341 # username The username to be used for login. 342 # password The password to be used for login. 343 344 Login GUI ${username} ${password} 345 # Navigate to https://xx.xx.xx.xx/#/security-and-access/ldap LDAP page. 346 Click Element ${xpath_secuity_and_accesss_menu} 347 Click Element ${xpath_ldap_sub_menu} 348 Wait Until Keyword Succeeds 30 sec 10 sec Location Should Contain ldap 349 350 351Update LDAP User Role And Read Network Configuration Via GUI 352 [Documentation] Update LDAP user role and read network configuration via GUI. 353 [Arguments] ${group_name} ${user_role} ${valid_status_codes} 354 [Teardown] Run Keywords Logout GUI AND Login BMC And Navigate To LDAP Page 355 ... AND Delete LDAP Role Group ${group_name} 356 357 # Description of argument(s): 358 # group_privilege The group privilege ("Administrator", "Operator", "ReadOnly" or "NoAccess"). 359 # group_name The group name of user. 360 # valid_status_code The expected valid status code. 361 362 363 Update LDAP Configuration with LDAP User Role And Group ${group_name} ${user_role} 364 Logout GUI 365 Login GUI ${LDAP_USER} ${LDAP_USER_PASSWORD} 366 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD} 367 368 Click Element ${xpath_server_configuration} 369 Click Element ${xpath_select_network_settings} 370 Wait Until Keyword Succeeds 30 sec 10 sec Location Should Contain network-settings 371 372 ${resp}= Redfish.Get ${REDFISH_NW_ETH0_URI} valid_status_codes=[${valid_status_codes}] 373 Return From Keyword If ${valid_status_codes} == ${HTTP_FORBIDDEN} 374 375 ${host_name}= Redfish.Get Attribute ${REDFISH_NW_PROTOCOL_URI} HostName 376 Textfield Value Should Be ${xpath_hostname_input} ${host_name} 377 378 ${mac_address}= Redfish.Get Attribute ${REDFISH_NW_ETH0_URI} MACAddress 379 Textfield Value Should Be ${xpath_mac_address_input} ${mac_address} 380 381