1*** Settings *** 2 3Documentation Test OpenBMC GUI "LDAP" sub-menu of "Security and access". 4 5Resource ../../lib/gui_resource.robot 6Resource ../../../lib/bmc_ldap_utils.robot 7 8Suite Setup Suite Setup Execution 9Suite Teardown Close Browser 10 11 12*** Variables *** 13 14${xpath_ldap_heading} //h1[text()="LDAP"] 15${xpath_enable_ldap_checkbox} //*[@data-test-id='ldap-checkbox-ldapAuthenticationEnabled']//following-sibling::label 16${xpath_secure_ldap_checkbox} //*[@data-test-id='ldap-checkbox-secureLdapEnabled'] 17${xpath_service_radio_button} //*[@data-test-id="ldap-radio-activeDirectoryEnabled"] 18${xpath_add_role_group_button} //button[contains(text(),'Add role group')] 19${xpath_ldap_url} //*[@data-test-id='ldap-input-serverUri'] 20${xpath_ldap_bind_dn} //*[@data-test-id='ldap-input-bindDn'] 21${xpath_ldap_password} //*[@id='bind-password'] 22${xpath_ldap_base_dn} //*[@data-test-id='ldap-input-baseDn'] 23${xpath_ldap_save_settings} //*[@data-test-id='ldap-button-saveSettings'] 24${xpath_select_refresh_button} //*[text()[contains(.,"Refresh")]] 25${xpath_add_group_name} //*[@id="role-group-name"] 26${xpath_add_group_Privilege} //*[@id="privilege"] 27${xpath_add_privilege_button} //button[text()=" Add "] 28${xpath_delete_group_button} //*[@title="Delete"] 29${xpath_delete_button} //button[text()="Delete"] 30 31 32${incorrect_ip} 1.2.3.4 33${wrong_ldap_port} 135 34 35*** Test Cases *** 36 37Verify Navigation To LDAP Page 38 [Documentation] Verify navigation to LDAP page. 39 [Tags] Verify_Navigation_To_LDAP_Page 40 41 Page Should Contain Element ${xpath_ldap_heading} 42 43 44Verify Existence Of All Sections In LDAP Page 45 [Documentation] Verify existence of all sections in LDAP page. 46 [Tags] Verify_Existence_Of_All_Sections_In_LDAP_Page 47 48 Page Should Contain Settings 49 Page Should Contain Role groups 50 51 52Verify Existence Of All Buttons In LDAP Page 53 [Documentation] Verify existence of all buttons in LDAP page. 54 [Tags] Verify_Existence_Of_All_Buttons_In_LDAP_Page 55 56 # Buttons under settings section. 57 Page Should Contain Element ${xpath_service_radio_button} 58 Page Should Contain Element ${xpath_save_settings_button} 59 60 # Buttons under role groups section. 61 Page Should Contain Element ${xpath_add_role_group_button} 62 63 64Verify Existence Of All Checkboxes In LDAP Page 65 [Documentation] Verify existence of all checkboxes in LDAP page. 66 [Tags] Verify_Existence_Of_All_Checkboxes_In_LDAP_Page 67 68 # Checkboxes under settings section. 69 Page Should Contain Element ${xpath_enable_ldap_checkbox} 70 Page Should Contain Element ${xpath_secure_ldap_checkbox} 71 72 73Verify LDAP Configurations Editable 74 [Documentation] Verify LDAP configurations are editable. 75 [Tags] Verify_LDAP_Configurations_Editable 76 77 Create LDAP Configuration ${LDAP_SERVER_URI} ${LDAP_TYPE} ${LDAP_BIND_DN} 78 ... ${LDAP_BIND_DN_PASSWORD} ${LDAP_BASE_DN} 79 Wait Until Page Contains Element ${xpath_ldap_url} 80 Textfield Value Should Be ${xpath_ldap_url} ${LDAP_SERVER_URI} 81 Textfield Value Should Be ${xpath_ldap_bind_dn} ${LDAP_BIND_DN} 82 Textfield Value Should Be ${xpath_ldap_password} ${empty} 83 Textfield Value Should Be ${xpath_ldap_base_dn} ${LDAP_BASE_DN} 84 85 86Verify Create LDAP Configuration 87 [Documentation] Verify created LDAP configuration. 88 [Tags] Verify_Create_LDAP_Configuration 89 [Teardown] Run Keywords Redfish.Logout AND Redfish.Login 90 91 Create LDAP Configuration 92 Get LDAP Configuration ${LDAP_TYPE} 93 Redfish.Logout 94 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD} 95 96 97Verify LDAP Config Update With Incorrect LDAP IP Address 98 [Documentation] Verify that LDAP login fails with incorrect LDAP IP Address. 99 [Tags] Verify_LDAP_Config_Update_With_Incorrect_LDAP_IP_Address 100 [Teardown] Run Keywords Redfish.Logout AND Redfish.Login 101 102 Create LDAP Configuration ${incorrect_ip} ${LDAP_TYPE} ${LDAP_BIND_DN} 103 ... ${LDAP_BIND_DN_PASSWORD} ${LDAP_BASE_DN} ${LDAP_MODE} 104 105 Get LDAP Configuration ${LDAP_TYPE} 106 Redfish.Logout 107 108 ${resp}= Run Keyword And Return Status 109 ... Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD} 110 Should Be Equal ${resp} ${False} 111 ... msg=LDAP user was able to login though the incorrect LDAP IP Address. 112 113 114Verify LDAP Service Disable 115 [Documentation] Verify that LDAP user cannot login when LDAP service is disabled. 116 [Tags] Verify_LDAP_Service_Disable 117 [Teardown] Run Keywords Redfish.Logout AND Redfish.Login 118 119 ${status}= Run Keyword And Return Status 120 ... Checkbox Should Be Selected ${xpath_enable_ldap_checkbox} 121 122 Run Keyword If ${status} == ${True} 123 ... Click Element At Coordinates ${xpath_enable_ldap_checkbox} 0 0 124 125 Checkbox Should Not Be Selected ${xpath_enable_ldap_checkbox} 126 Click Element ${xpath_ldap_save_settings} 127 Wait Until Page Contains Successfully saved Open LDAP settings 128 Click Element ${xpath_refresh_button} 129 Wait Until Page Contains Element ${xpath_ldap_heading} 130 Redfish.Logout 131 132 ${resp}= Run Keyword And Return Status 133 ... Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD} 134 Should Be Equal ${resp} ${False} 135 ... msg=LDAP user was able to login even though the LDAP service was disabled. 136 137 138Verify LDAP User With Admin Privilege 139 [Documentation] Verify that LDAP user with administrator privilege is able to do BMC reboot. 140 [Tags] Verify_LDAP_User_With_Admin_Privilege 141 [Teardown] Run Keywords Redfish.Login AND Delete LDAP Role Group ${GROUP_NAME} 142 143 Update LDAP Configuration with LDAP User Role And Group ${GROUP_NAME} ${GROUP_PRIVILEGE} 144 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD} 145 Redfish OBMC Reboot (off) 146 Redfish.Logout 147 148 149Verify Enabling LDAP 150 [Documentation] Verify that LDAP can be enabled from disabled state. 151 [Tags] Verify_Enabling_LDAP 152 153 Disable LDAP Configuration 154 Create LDAP Configuration 155 156 157Read Network Configuration Via Different User Roles And Verify Using GUI 158 [Documentation] Read network configuration via different user roles and verify. 159 [Tags] Read_Network_Configuration_Via_Different_User_Roles_And_Verify_Using_GUI 160 [Template] Update LDAP User Role And Read Network Configuration Via GUI 161 162 # group_name user_role valid_status_code 163 ${GROUP_NAME} Administrator ${HTTP_OK} 164 ${GROUP_NAME} Operator ${HTTP_OK} 165 ${GROUP_NAME} ReadOnly ${HTTP_OK} 166 ${GROUP_NAME} NoAccess ${HTTP_FORBIDDEN} 167 168 169Verify LDAP Login Fails On Wrong LDAP Port 170 [Documentation] Verify that LDAP login fails when wrong port is entered in LDAP URL. 171 [Tags] Verify_LDAP_Login_Fails_On_Wrong_LDAP_Port 172 [Teardown] Run Keywords Redfish.Logout AND Redfish.Login 173 174 ${ldap_uri_wrong_port}= Catenate SEPARATOR=: ${LDAP_SERVER_URI} ${wrong_ldap_port} 175 Create LDAP Configuration ${ldap_uri_wrong_port} ${LDAP_TYPE} ${LDAP_BIND_DN} 176 ... ${LDAP_BIND_DN_PASSWORD} ${LDAP_BASE_DN} ${LDAP_MODE} 177 178 Get LDAP Configuration ${LDAP_TYPE} 179 Redfish.Logout 180 181 ${resp}= Run Keyword And Return Status 182 ... Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD} 183 Should Be Equal ${resp} ${False} 184 ... msg=LDAP user was able to login though the wrong port in LDAP URL 185 186*** Keywords *** 187 188Suite Setup Execution 189 [Documentation] Do test case setup tasks. 190 191 Launch Browser And Login GUI 192 193 # Navigate to https://xx.xx.xx.xx/#/security-and-access/ldap LDAP page. 194 Click Element ${xpath_secuity_and_accesss_menu} 195 Click Element ${xpath_ldap_sub_menu} 196 Wait Until Keyword Succeeds 30 sec 10 sec Location Should Contain ldap 197 Wait Until Element Is Not Visible ${xpath_page_loading_progress_bar} timeout=30 198 Wait Until Element Is Enabled ${xpath_enable_ldap_checkbox} timeout=10s 199 200 Valid Value LDAP_TYPE valid_values=["ActiveDirectory", "LDAP"] 201 Valid Value LDAP_USER 202 Valid Value LDAP_USER_PASSWORD 203 Valid Value GROUP_PRIVILEGE 204 Valid Value GROUP_NAME 205 Valid Value LDAP_SERVER_URI 206 Valid Value LDAP_BIND_DN_PASSWORD 207 Valid Value LDAP_BIND_DN 208 Valid Value LDAP_BASE_DN 209 Valid Value LDAP_MODE valid_values=["secure", "nonsecure"] 210 211 212Create LDAP Configuration 213 [Documentation] Create LDAP configuration. 214 [Arguments] ${ldap_server_uri}=${LDAP_SERVER_URI} ${ldap_servicetype}=${LDAP_TYPE} 215 ... ${ldap_bind_dn}=${LDAP_BIND_DN} ${ldap_bind_dn_password}=${LDAP_BIND_DN_PASSWORD} 216 ... ${ldap_base_dn}=${LDAP_BASE_DN} ${ldap_mode}=${LDAP_MODE} 217 218 # Description of argument(s): 219 # ldap_server_uri LDAP server uri (e.g. ldap://XX.XX.XX.XX). 220 # ldap_type The LDAP type ("ActiveDirectory" or "LDAP"). 221 # ldap_bind_dn The LDAP bind distinguished name. 222 # ldap_bind_dn_password The LDAP bind distinguished name password. 223 # ldap_base_dn The LDAP base distinguished name. 224 225 # Clearing existing LDAP configuration by disabling it. 226 Redfish.Patch ${REDFISH_BASE_URI}AccountService 227 ... body={'${LDAP_TYPE}': {'ServiceEnabled': ${False}}} 228 229 # Wait for GUI to reflect LDAP disabled status. 230 Run Keywords Refresh GUI AND Sleep 10s 231 232 Click Element ${xpath_enable_ldap_checkbox} 233 ${radio_buttons}= Get WebElements ${xpath_service_radio_button} 234 235 Run Keyword If '${ldap_service_type}' == 'LDAP' 236 ... Click Element At Coordinates ${radio_buttons}[${0}] 0 0 237 ... ELSE Click Element At Coordinates ${radio_buttons}[${1}] 0 0 238 239 Wait Until Page Contains Element ${xpath_ldap_url} 240 Run Keyword If '${ldap_mode}' == 'secure' 241 ... Click Element At Coordinates ${xpath_secure_ldap_checkbox} 0 0 242 243 Input Text ${xpath_ldap_url} ${ldap_server_uri} 244 Input Text ${xpath_ldap_bind_dn} ${ldap_bind_dn} 245 Input Text ${xpath_ldap_password} ${ldap_bind_dn_password} 246 Input Text ${xpath_ldap_base_dn} ${ldap_base_dn} 247 Click Element ${xpath_ldap_save_settings} 248 249 Run Keyword If '${ldap_service_type}'=='LDAP' 250 ... Wait Until Page Contains Successfully saved Open LDAP settings 251 ... ELSE 252 ... Wait Until Page Contains Successfully saved Active Directory settings 253 254 Click Element ${xpath_refresh_button} 255 Wait Until Page Contains Element ${xpath_ldap_heading} 256 257 258Get LDAP Configuration 259 [Documentation] Retrieve LDAP Configuration. 260 [Arguments] ${ldap_type} 261 262 # Description of argument(s): 263 # ldap_type The LDAP type ("ActiveDirectory" or "LDAP"). 264 265 ${radio_buttons}= Get WebElements ${xpath_service_radio_button} 266 267 ${status}= Run Keyword And Return Status 268 ... Run Keyword If '${ldap_type}'=='LDAP' 269 ... Checkbox Should Be Selected ${radio_buttons}[${0}] 270 ... ELSE 271 ... Checkbox Should Be Selected ${radio_buttons}[${1}] 272 Should Be Equal ${status} ${True} 273 274 275Update LDAP Configuration With LDAP User Role And Group 276 [Documentation] Update LDAP configuration update with LDAP user role and group. 277 [Arguments] ${group_name} ${group_privilege} 278 279 # Description of argument(s): 280 # group_name The group name of LDAP user. 281 # group_privilege The group privilege for LDAP user 282 # (e.g. "Administrator", "Operator", "ReadOnly" or "NoAcccess"). 283 284 Create LDAP Configuration 285 Click Element ${xpath_add_role_group_button} 286 Input Text ${xpath_add_group_name} ${group_name} 287 Select From List By Value ${xpath_add_group_Privilege} ${group_privilege} 288 Click Element ${xpath_add_privilege_button} 289 290 # Verify group name after adding. 291 ${ldap_group_name}= Get LDAP Privilege And Group Name Via Redfish 292 List Should Contain Value ${ldap_group_name} ${group_name} 293 294 295Delete LDAP Role Group 296 [Documentation] Delete LDAP role group. 297 [Arguments] ${group_name} 298 299 # Description of argument(s): 300 # group_name The group name of LDAP user. 301 302 # Verify given group name is exist before deleting. 303 ${ldap_group_name}= Get LDAP Privilege And Group Name Via Redfish 304 List Should Contain Value ${ldap_group_name} ${group_name} msg=${group_name} not available. 305 306 ${get_groupname_index}= Get Index From List ${ldap_group_name} ${group_name} 307 ${delete_group_elements}= Get WebElements ${xpath_delete_group_button} 308 Click Element ${delete_group_elements}[${get_groupname_index}] 309 Click Element ${xpath_delete_button} 310 311 # Verify group name after deleting. 312 ${ldap_group_name}= Get LDAP Privilege And Group Name Via Redfish 313 List Should Not Contain Value ${ldap_group_name} ${group_name} msg=${group_name} not available. 314 315 316Disable LDAP Configuration 317 [Documentation] Disable LDAP configuration on BMC. 318 319 ${status}= Run Keyword And Return Status 320 ... Checkbox Should Be Selected ${xpath_enable_ldap_checkbox} 321 322 Run Keyword If ${status} == ${True} 323 ... Click Element At Coordinates ${xpath_enable_ldap_checkbox} 0 0 324 325 Checkbox Should Not Be Selected ${xpath_enable_ldap_checkbox} 326 Click Element ${xpath_ldap_save_settings} 327 Wait Until Page Contains Successfully saved Open LDAP settings 328 Click Element ${xpath_refresh_button} 329 Wait Until Page Contains Element ${xpath_ldap_heading} 330 331 332Login BMC And Navigate To LDAP Page 333 [Documentation] Login BMC and navigate to ldap page. 334 [Arguments] ${username}=${OPENBMC_USERNAME} ${password}=${OPENBMC_PASSWORD} 335 336 # Description of argument(s): 337 # username The username to be used for login. 338 # password The password to be used for login. 339 340 Login GUI ${username} ${password} 341 # Navigate to https://xx.xx.xx.xx/#/security-and-access/ldap LDAP page. 342 Click Element ${xpath_secuity_and_accesss_menu} 343 Click Element ${xpath_ldap_sub_menu} 344 Wait Until Keyword Succeeds 30 sec 10 sec Location Should Contain ldap 345 346 347Update LDAP User Role And Read Network Configuration Via GUI 348 [Documentation] Update LDAP user role and read network configuration via GUI. 349 [Arguments] ${group_name} ${user_role} ${valid_status_codes} 350 [Teardown] Run Keywords Logout GUI AND Login BMC And Navigate To LDAP Page 351 ... AND Delete LDAP Role Group ${group_name} 352 353 # Description of argument(s): 354 # group_privilege The group privilege ("Administrator", "Operator", "ReadOnly" or "NoAccess"). 355 # group_name The group name of user. 356 # valid_status_code The expected valid status code. 357 358 359 Update LDAP Configuration with LDAP User Role And Group ${group_name} ${user_role} 360 Logout GUI 361 Login GUI ${LDAP_USER} ${LDAP_USER_PASSWORD} 362 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD} 363 364 Click Element ${xpath_server_configuration} 365 Click Element ${xpath_select_network_settings} 366 Wait Until Keyword Succeeds 30 sec 10 sec Location Should Contain network-settings 367 368 ${resp}= Redfish.Get ${REDFISH_NW_ETH0_URI} valid_status_codes=[${valid_status_codes}] 369 Return From Keyword If ${valid_status_codes} == ${HTTP_FORBIDDEN} 370 371 ${host_name}= Redfish.Get Attribute ${REDFISH_NW_PROTOCOL_URI} HostName 372 Textfield Value Should Be ${xpath_hostname_input} ${host_name} 373 374 ${mac_address}= Redfish.Get Attribute ${REDFISH_NW_ETH0_URI} MACAddress 375 Textfield Value Should Be ${xpath_mac_address_input} ${mac_address} 376 377