1*** Settings *** 2 3Documentation Test OpenBMC GUI "LDAP" sub-menu of "Security and access". 4 5Resource ../../lib/gui_resource.robot 6Resource ../../../lib/bmc_ldap_utils.robot 7 8Suite Setup Suite Setup Execution 9Suite Teardown Close Browser 10 11 12*** Variables *** 13 14${xpath_ldap_heading} //h1[text()="LDAP"] 15${xpath_enable_ldap_checkbox} //*[@data-test-id='ldap-checkbox-ldapAuthenticationEnabled'] 16${xpath_secure_ldap_checkbox} //*[@data-test-id='ldap-checkbox-secureLdapEnabled'] 17${xpath_service_radio_button} //*[@data-test-id="ldap-radio-activeDirectoryEnabled"] 18${xpath_add_role_group_button} //button[contains(text(),'Add role group')] 19${xpath_ldap_url} //*[@data-test-id='ldap-input-serverUri'] 20${xpath_ldap_bind_dn} //*[@data-test-id='ldap-input-bindDn'] 21${xpath_ldap_password} //*[@id='bind-password'] 22${xpath_ldap_base_dn} //*[@data-test-id='ldap-input-baseDn'] 23${xpath_ldap_save_settings} //*[@data-test-id='ldap-button-saveSettings'] 24${xpath_select_refresh_button} //*[text()[contains(.,"Refresh")]] 25${xpath_add_group_name} //*[@id="role-group-name"] 26${xpath_add_group_Privilege} //*[@id="privilege"] 27${xpath_add_privilege_button} //button[text()=" Add "] 28${xpath_delete_group_button} //*[@title="Delete"] 29${xpath_delete_button} //button[text()="Delete"] 30 31 32${incorrect_ip} 1.2.3.4 33${wrong_ldap_port} 135 34 35*** Test Cases *** 36 37Verify Navigation To LDAP Page 38 [Documentation] Verify navigation to LDAP page. 39 [Tags] Verify_Navigation_To_LDAP_Page 40 41 Page Should Contain Element ${xpath_ldap_heading} 42 43 44Verify Existence Of All Sections In LDAP Page 45 [Documentation] Verify existence of all sections in LDAP page. 46 [Tags] Verify_Existence_Of_All_Sections_In_LDAP_Page 47 48 Page Should Contain Settings 49 Page Should Contain Role groups 50 51 52Verify Existence Of All Buttons In LDAP Page 53 [Documentation] Verify existence of all buttons in LDAP page. 54 [Tags] Verify_Existence_Of_All_Buttons_In_LDAP_Page 55 56 # Buttons under settings section. 57 Page Should Contain Element ${xpath_service_radio_button} 58 Page Should Contain Element ${xpath_save_settings_button} 59 60 # Buttons under role groups section. 61 Page Should Contain Element ${xpath_add_role_group_button} 62 63 64Verify Existence Of All Checkboxes In LDAP Page 65 [Documentation] Verify existence of all checkboxes in LDAP page. 66 [Tags] Verify_Existence_Of_All_Checkboxes_In_LDAP_Page 67 68 # Checkboxes under settings section. 69 Page Should Contain Element ${xpath_enable_ldap_checkbox} 70 Page Should Contain Element ${xpath_secure_ldap_checkbox} 71 72 73Verify LDAP Configurations Editable 74 [Documentation] Verify LDAP configurations are editable. 75 [Tags] Verify_LDAP_Configurations_Editable 76 [Setup] Redfish.Login 77 [Teardown] Redfish.Logout 78 79 Create LDAP Configuration ${LDAP_SERVER_URI} ${LDAP_TYPE} ${LDAP_BIND_DN} 80 ... ${LDAP_BIND_DN_PASSWORD} ${LDAP_BASE_DN} 81 Wait Until Page Contains Element ${xpath_ldap_url} 82 Textfield Value Should Be ${xpath_ldap_url} ${LDAP_SERVER_URI} 83 Textfield Value Should Be ${xpath_ldap_bind_dn} ${LDAP_BIND_DN} 84 Textfield Value Should Be ${xpath_ldap_password} ${empty} 85 Textfield Value Should Be ${xpath_ldap_base_dn} ${LDAP_BASE_DN} 86 87 88Verify Create LDAP Configuration 89 [Documentation] Verify created LDAP configuration. 90 [Tags] Verify_Create_LDAP_Configuration 91 [Teardown] Run Keywords Redfish.Logout AND Redfish.Login 92 93 Create LDAP Configuration 94 Get LDAP Configuration ${LDAP_TYPE} 95 Redfish.Logout 96 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD} 97 98 99Verify LDAP Config Update With Incorrect LDAP IP Address 100 [Documentation] Verify that LDAP login fails with incorrect LDAP IP Address. 101 [Tags] Verify_LDAP_Config_Update_With_Incorrect_LDAP_IP_Address 102 [Teardown] Run Keywords Redfish.Logout AND Redfish.Login 103 104 Create LDAP Configuration ${incorrect_ip} ${LDAP_TYPE} ${LDAP_BIND_DN} 105 ... ${LDAP_BIND_DN_PASSWORD} ${LDAP_BASE_DN} ${LDAP_MODE} 106 107 Get LDAP Configuration ${LDAP_TYPE} 108 Redfish.Logout 109 110 ${resp}= Run Keyword And Return Status 111 ... Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD} 112 Should Be Equal ${resp} ${False} 113 ... msg=LDAP user was able to login though the incorrect LDAP IP Address. 114 115 116Verify LDAP Service Disable 117 [Documentation] Verify that LDAP user cannot login when LDAP service is disabled. 118 [Tags] Verify_LDAP_Service_Disable 119 [Teardown] Run Keywords Redfish.Logout AND Redfish.Login 120 121 ${status}= Run Keyword And Return Status 122 ... Checkbox Should Be Selected ${xpath_enable_ldap_checkbox} 123 124 Run Keyword If ${status} == ${True} 125 ... Click Element At Coordinates ${xpath_enable_ldap_checkbox} 0 0 126 127 Checkbox Should Not Be Selected ${xpath_enable_ldap_checkbox} 128 Click Element ${xpath_ldap_save_settings} 129 Wait Until Page Contains Successfully saved Open LDAP settings 130 Click Element ${xpath_refresh_button} 131 Wait Until Page Contains Element ${xpath_ldap_heading} 132 Redfish.Logout 133 134 ${resp}= Run Keyword And Return Status 135 ... Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD} 136 Should Be Equal ${resp} ${False} 137 ... msg=LDAP user was able to login even though the LDAP service was disabled. 138 139 140Verify LDAP User With Admin Privilege 141 [Documentation] Verify that LDAP user with administrator privilege is able to do BMC reboot. 142 [Tags] Verify_LDAP_User_With_Admin_Privilege 143 [Teardown] Run Keywords Redfish.Login AND Delete LDAP Role Group ${GROUP_NAME} 144 145 Update LDAP Configuration with LDAP User Role And Group ${GROUP_NAME} ${GROUP_PRIVILEGE} 146 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD} 147 Redfish OBMC Reboot (off) 148 Redfish.Logout 149 150 151Verify Enabling LDAP 152 [Documentation] Verify that LDAP can be enabled from disabled state. 153 [Tags] Verify_Enabling_LDAP 154 155 Disable LDAP Configuration 156 Create LDAP Configuration 157 158 159Read Network Configuration Via Different User Roles And Verify Using GUI 160 [Documentation] Read network configuration via different user roles and verify. 161 [Tags] Read_Network_Configuration_Via_Different_User_Roles_And_Verify_Using_GUI 162 [Template] Update LDAP User Role And Read Network Configuration Via GUI 163 164 # group_name user_role valid_status_code 165 ${GROUP_NAME} Administrator ${HTTP_OK} 166 ${GROUP_NAME} Operator ${HTTP_OK} 167 ${GROUP_NAME} ReadOnly ${HTTP_OK} 168 ${GROUP_NAME} NoAccess ${HTTP_FORBIDDEN} 169 170 171Verify LDAP Login Fails On Wrong LDAP Port 172 [Documentation] Verify that LDAP login fails when wrong port is entered in LDAP URL. 173 [Tags] Verify_LDAP_Login_Fails_On_Wrong_LDAP_Port 174 [Teardown] Run Keywords Redfish.Logout AND Redfish.Login 175 176 ${ldap_uri_wrong_port}= Catenate SEPARATOR=: ${LDAP_SERVER_URI} ${wrong_ldap_port} 177 Create LDAP Configuration ${ldap_uri_wrong_port} ${LDAP_TYPE} ${LDAP_BIND_DN} 178 ... ${LDAP_BIND_DN_PASSWORD} ${LDAP_BASE_DN} ${LDAP_MODE} 179 180 Get LDAP Configuration ${LDAP_TYPE} 181 Redfish.Logout 182 183 ${resp}= Run Keyword And Return Status 184 ... Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD} 185 Should Be Equal ${resp} ${False} 186 ... msg=LDAP user was able to login though the wrong port in LDAP URL 187 188*** Keywords *** 189 190Suite Setup Execution 191 [Documentation] Do test case setup tasks. 192 193 Launch Browser And Login GUI 194 195 # Navigate to https://xx.xx.xx.xx/#/security-and-access/ldap LDAP page. 196 Click Element ${xpath_secuity_and_accesss_menu} 197 Click Element ${xpath_ldap_sub_menu} 198 Wait Until Keyword Succeeds 30 sec 10 sec Location Should Contain ldap 199 Wait Until Element Is Not Visible ${xpath_page_loading_progress_bar} timeout=30 200 Wait Until Element Is Enabled ${xpath_enable_ldap_checkbox} timeout=10s 201 202 Valid Value LDAP_TYPE valid_values=["ActiveDirectory", "LDAP"] 203 Valid Value LDAP_USER 204 Valid Value LDAP_USER_PASSWORD 205 Valid Value GROUP_PRIVILEGE 206 Valid Value GROUP_NAME 207 Valid Value LDAP_SERVER_URI 208 Valid Value LDAP_BIND_DN_PASSWORD 209 Valid Value LDAP_BIND_DN 210 Valid Value LDAP_BASE_DN 211 Valid Value LDAP_MODE valid_values=["secure", "nonsecure"] 212 213 214Create LDAP Configuration 215 [Documentation] Create LDAP configuration. 216 [Arguments] ${ldap_server_uri}=${LDAP_SERVER_URI} ${ldap_servicetype}=${LDAP_TYPE} 217 ... ${ldap_bind_dn}=${LDAP_BIND_DN} ${ldap_bind_dn_password}=${LDAP_BIND_DN_PASSWORD} 218 ... ${ldap_base_dn}=${LDAP_BASE_DN} ${ldap_mode}=${LDAP_MODE} 219 220 # Description of argument(s): 221 # ldap_server_uri LDAP server uri (e.g. ldap://XX.XX.XX.XX). 222 # ldap_type The LDAP type ("ActiveDirectory" or "LDAP"). 223 # ldap_bind_dn The LDAP bind distinguished name. 224 # ldap_bind_dn_password The LDAP bind distinguished name password. 225 # ldap_base_dn The LDAP base distinguished name. 226 227 # Clearing existing LDAP configuration by disabling it. 228 Redfish.Patch ${REDFISH_BASE_URI}AccountService 229 ... body={'${LDAP_TYPE}': {'ServiceEnabled': ${False}}} 230 231 # Wait for GUI to reflect LDAP disabled status. 232 Run Keywords Refresh GUI AND Sleep 10s 233 234 Click Element At Coordinates ${xpath_enable_ldap_checkbox} 0 0 235 ${radio_buttons}= Get WebElements ${xpath_service_radio_button} 236 237 Run Keyword If '${ldap_service_type}' == 'LDAP' 238 ... Click Element At Coordinates ${radio_buttons}[${0}] 0 0 239 ... ELSE Click Element At Coordinates ${radio_buttons}[${1}] 0 0 240 241 Wait Until Page Contains Element ${xpath_ldap_url} 242 Run Keyword If '${ldap_mode}' == 'secure' 243 ... Click Element At Coordinates ${xpath_secure_ldap_checkbox} 0 0 244 245 Input Text ${xpath_ldap_url} ${ldap_server_uri} 246 Input Text ${xpath_ldap_bind_dn} ${ldap_bind_dn} 247 Input Text ${xpath_ldap_password} ${ldap_bind_dn_password} 248 Input Text ${xpath_ldap_base_dn} ${ldap_base_dn} 249 Click Element ${xpath_ldap_save_settings} 250 251 Run Keyword If '${ldap_service_type}'=='LDAP' 252 ... Wait Until Page Contains Successfully saved Open LDAP settings 253 ... ELSE 254 ... Wait Until Page Contains Successfully saved Active Directory settings 255 256 Click Element ${xpath_refresh_button} 257 Wait Until Page Contains Element ${xpath_ldap_heading} 258 259 260Get LDAP Configuration 261 [Documentation] Retrieve LDAP Configuration. 262 [Arguments] ${ldap_type} 263 264 # Description of argument(s): 265 # ldap_type The LDAP type ("ActiveDirectory" or "LDAP"). 266 267 ${radio_buttons}= Get WebElements ${xpath_service_radio_button} 268 269 ${status}= Run Keyword And Return Status 270 ... Run Keyword If '${ldap_type}'=='LDAP' 271 ... Checkbox Should Be Selected ${radio_buttons}[${0}] 272 ... ELSE 273 ... Checkbox Should Be Selected ${radio_buttons}[${1}] 274 Should Be Equal ${status} ${True} 275 276 277Update LDAP Configuration With LDAP User Role And Group 278 [Documentation] Update LDAP configuration update with LDAP user role and group. 279 [Arguments] ${group_name} ${group_privilege} 280 281 # Description of argument(s): 282 # group_name The group name of LDAP user. 283 # group_privilege The group privilege for LDAP user 284 # (e.g. "Administrator", "Operator", "ReadOnly" or "NoAcccess"). 285 286 Create LDAP Configuration 287 Click Element ${xpath_add_role_group_button} 288 Input Text ${xpath_add_group_name} ${group_name} 289 Select From List By Value ${xpath_add_group_Privilege} ${group_privilege} 290 Click Element ${xpath_add_privilege_button} 291 292 # Verify group name after adding. 293 ${ldap_group_name}= Get LDAP Privilege And Group Name Via Redfish 294 List Should Contain Value ${ldap_group_name} ${group_name} 295 296 297Delete LDAP Role Group 298 [Documentation] Delete LDAP role group. 299 [Arguments] ${group_name} 300 301 # Description of argument(s): 302 # group_name The group name of LDAP user. 303 304 # Verify given group name is exist before deleting. 305 ${ldap_group_name}= Get LDAP Privilege And Group Name Via Redfish 306 List Should Contain Value ${ldap_group_name} ${group_name} msg=${group_name} not available. 307 308 ${get_groupname_index}= Get Index From List ${ldap_group_name} ${group_name} 309 ${delete_group_elements}= Get WebElements ${xpath_delete_group_button} 310 Click Element ${delete_group_elements}[${get_groupname_index}] 311 Click Element ${xpath_delete_button} 312 313 # Verify group name after deleting. 314 ${ldap_group_name}= Get LDAP Privilege And Group Name Via Redfish 315 List Should Not Contain Value ${ldap_group_name} ${group_name} msg=${group_name} not available. 316 317 318Disable LDAP Configuration 319 [Documentation] Disable LDAP configuration on BMC. 320 321 ${status}= Run Keyword And Return Status 322 ... Checkbox Should Be Selected ${xpath_enable_ldap_checkbox} 323 324 Run Keyword If ${status} == ${True} 325 ... Click Element At Coordinates ${xpath_enable_ldap_checkbox} 0 0 326 327 Checkbox Should Not Be Selected ${xpath_enable_ldap_checkbox} 328 Click Element ${xpath_ldap_save_settings} 329 Wait Until Page Contains Successfully saved Open LDAP settings 330 Click Element ${xpath_refresh_button} 331 Wait Until Page Contains Element ${xpath_ldap_heading} 332 333 334Login BMC And Navigate To LDAP Page 335 [Documentation] Login BMC and navigate to ldap page. 336 [Arguments] ${username}=${OPENBMC_USERNAME} ${password}=${OPENBMC_PASSWORD} 337 338 # Description of argument(s): 339 # username The username to be used for login. 340 # password The password to be used for login. 341 342 Login GUI ${username} ${password} 343 # Navigate to https://xx.xx.xx.xx/#/security-and-access/ldap LDAP page. 344 Click Element ${xpath_secuity_and_accesss_menu} 345 Click Element ${xpath_ldap_sub_menu} 346 Wait Until Keyword Succeeds 30 sec 10 sec Location Should Contain ldap 347 348 349Update LDAP User Role And Read Network Configuration Via GUI 350 [Documentation] Update LDAP user role and read network configuration via GUI. 351 [Arguments] ${group_name} ${user_role} ${valid_status_codes} 352 [Teardown] Run Keywords Logout GUI AND Login BMC And Navigate To LDAP Page 353 ... AND Delete LDAP Role Group ${group_name} 354 355 # Description of argument(s): 356 # group_privilege The group privilege ("Administrator", "Operator", "ReadOnly" or "NoAccess"). 357 # group_name The group name of user. 358 # valid_status_code The expected valid status code. 359 360 361 Update LDAP Configuration with LDAP User Role And Group ${group_name} ${user_role} 362 Logout GUI 363 Login GUI ${LDAP_USER} ${LDAP_USER_PASSWORD} 364 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD} 365 366 Click Element ${xpath_server_configuration} 367 Click Element ${xpath_select_network_settings} 368 Wait Until Keyword Succeeds 30 sec 10 sec Location Should Contain network-settings 369 370 ${resp}= Redfish.Get ${REDFISH_NW_ETH0_URI} valid_status_codes=[${valid_status_codes}] 371 Return From Keyword If ${valid_status_codes} == ${HTTP_FORBIDDEN} 372 373 ${host_name}= Redfish.Get Attribute ${REDFISH_NW_PROTOCOL_URI} HostName 374 Textfield Value Should Be ${xpath_hostname_input} ${host_name} 375 376 ${mac_address}= Redfish.Get Attribute ${REDFISH_NW_ETH0_URI} MACAddress 377 Textfield Value Should Be ${xpath_mac_address_input} ${mac_address} 378 379