1*** Settings ***
2
3Documentation  Test OpenBMC GUI "LDAP" sub-menu of "Security and access".
4
5Resource        ../../lib/gui_resource.robot
6Resource        ../../../lib/bmc_ldap_utils.robot
7
8Suite Setup     Suite Setup Execution
9Suite Teardown  Close Browser
10
11
12*** Variables ***
13
14${xpath_ldap_heading}                   //h1[text()="LDAP"]
15${xpath_enable_ldap_checkbox}           //*[@data-test-id='ldap-checkbox-ldapAuthenticationEnabled']
16${xpath_secure_ldap_checkbox}           //*[@data-test-id='ldap-checkbox-secureLdapEnabled']
17${xpath_service_radio_button}           //*[@data-test-id="ldap-radio-activeDirectoryEnabled"]
18${xpath_add_role_group_button}          //button[contains(text(),'Add role group')]
19${xpath_ldap_url}                       //*[@data-test-id='ldap-input-serverUri']
20${xpath_ldap_bind_dn}                   //*[@data-test-id='ldap-input-bindDn']
21${xpath_ldap_password}                  //*[@id='bind-password']
22${xpath_ldap_base_dn}                   //*[@data-test-id='ldap-input-baseDn']
23${xpath_ldap_save_settings}             //*[@data-test-id='ldap-button-saveSettings']
24${xpath_select_refresh_button}          //*[text()[contains(.,"Refresh")]]
25${xpath_add_group_name}                 //*[@id="role-group-name"]
26${xpath_add_group_Privilege}            //*[@id="privilege"]
27${xpath_add_privilege_button}           //button[text()=" Add "]
28${xpath_delete_group_button}            //*[@title="Delete"]
29${xpath_delete_button}                  //button[text()="Delete"]
30
31
32${incorrect_ip}     1.2.3.4
33${wrong_ldap_port}  135
34
35*** Test Cases ***
36
37Verify Navigation To LDAP Page
38    [Documentation]  Verify navigation to LDAP page.
39    [Tags]  Verify_Navigation_To_LDAP_Page
40
41    Page Should Contain Element  ${xpath_ldap_heading}
42
43
44Verify Existence Of All Sections In LDAP Page
45    [Documentation]  Verify existence of all sections in LDAP page.
46    [Tags]  Verify_Existence_Of_All_Sections_In_LDAP_Page
47
48    Page Should Contain  Settings
49    Page Should Contain  Role groups
50
51
52Verify Existence Of All Buttons In LDAP Page
53    [Documentation]  Verify existence of all buttons in LDAP page.
54    [Tags]  Verify_Existence_Of_All_Buttons_In_LDAP_Page
55
56    # Buttons under settings section.
57    Page Should Contain Element  ${xpath_service_radio_button}
58    Page Should Contain Element  ${xpath_save_settings_button}
59
60    # Buttons under role groups section.
61    Page Should Contain Element  ${xpath_add_role_group_button}
62
63
64Verify Existence Of All Checkboxes In LDAP Page
65    [Documentation]  Verify existence of all checkboxes in LDAP page.
66    [Tags]  Verify_Existence_Of_All_Checkboxes_In_LDAP_Page
67
68    # Checkboxes under settings section.
69    Page Should Contain Element  ${xpath_enable_ldap_checkbox}
70    Page Should Contain Element  ${xpath_secure_ldap_checkbox}
71
72
73Verify LDAP Configurations Editable
74    [Documentation]  Verify LDAP configurations are editable.
75    [Tags]  Verify_LDAP_Configurations_Editable
76    [Setup]  Redfish.Login
77    [Teardown]  Redfish.Logout
78
79    Create LDAP Configuration  ${LDAP_SERVER_URI}  ${LDAP_TYPE}  ${LDAP_BIND_DN}
80    ...  ${LDAP_BIND_DN_PASSWORD}  ${LDAP_BASE_DN}
81    Wait Until Page Contains Element  ${xpath_ldap_url}
82    Textfield Value Should Be  ${xpath_ldap_url}  ${LDAP_SERVER_URI}
83    Textfield Value Should Be  ${xpath_ldap_bind_dn}  ${LDAP_BIND_DN}
84    Textfield Value Should Be  ${xpath_ldap_password}  ${empty}
85    Textfield Value Should Be  ${xpath_ldap_base_dn}  ${LDAP_BASE_DN}
86
87
88Verify Create LDAP Configuration
89    [Documentation]  Verify created LDAP configuration.
90    [Tags]  Verify_Create_LDAP_Configuration
91    [Teardown]  Run Keywords  Redfish.Logout  AND  Redfish.Login
92
93    Create LDAP Configuration
94    Get LDAP Configuration  ${LDAP_TYPE}
95    Redfish.Logout
96    Redfish.Login  ${LDAP_USER}  ${LDAP_USER_PASSWORD}
97
98
99Verify LDAP Config Update With Incorrect LDAP IP Address
100    [Documentation]  Verify that LDAP login fails with incorrect LDAP IP Address.
101    [Tags]  Verify_LDAP_Config_Update_With_Incorrect_LDAP_IP_Address
102    [Teardown]  Run Keywords  Redfish.Logout  AND  Redfish.Login
103
104    Create LDAP Configuration  ${incorrect_ip}   ${LDAP_TYPE}  ${LDAP_BIND_DN}
105    ...  ${LDAP_BIND_DN_PASSWORD}  ${LDAP_BASE_DN}  ${LDAP_MODE}
106
107    Get LDAP Configuration  ${LDAP_TYPE}
108    Redfish.Logout
109
110    ${resp}=  Run Keyword And Return Status
111    ...  Redfish.Login  ${LDAP_USER}  ${LDAP_USER_PASSWORD}
112    Should Be Equal  ${resp}  ${False}
113    ...  msg=LDAP user was able to login though the incorrect LDAP IP Address.
114
115
116Verify LDAP Service Disable
117    [Documentation]  Verify that LDAP user cannot login when LDAP service is disabled.
118    [Tags]  Verify_LDAP_Service_Disable
119    [Teardown]  Run Keywords  Redfish.Logout  AND  Redfish.Login
120
121    ${status}=  Run Keyword And Return Status
122    ...  Checkbox Should Be Selected  ${xpath_enable_ldap_checkbox}
123
124    Run Keyword If  ${status} == ${True}
125    ...  Click Element At Coordinates  ${xpath_enable_ldap_checkbox}  0  0
126
127    Checkbox Should Not Be Selected  ${xpath_enable_ldap_checkbox}
128    Click Element  ${xpath_ldap_save_settings}
129    Wait Until Page Contains  Successfully saved Open LDAP settings
130    Click Element  ${xpath_refresh_button}
131    Wait Until Page Contains Element  ${xpath_ldap_heading}
132    Redfish.Logout
133
134    ${resp}=  Run Keyword And Return Status
135    ...  Redfish.Login  ${LDAP_USER}  ${LDAP_USER_PASSWORD}
136    Should Be Equal  ${resp}  ${False}
137    ...  msg=LDAP user was able to login even though the LDAP service was disabled.
138
139
140Verify LDAP User With Admin Privilege
141    [Documentation]  Verify that LDAP user with administrator privilege is able to do BMC reboot.
142    [Tags]  Verify_LDAP_User_With_Admin_Privilege
143    [Teardown]  Run Keywords  Redfish.Login  AND  Delete LDAP Role Group  ${GROUP_NAME}
144
145    Update LDAP Configuration with LDAP User Role And Group  ${GROUP_NAME}  ${GROUP_PRIVILEGE}
146    Redfish.Login  ${LDAP_USER}  ${LDAP_USER_PASSWORD}
147    Redfish OBMC Reboot (off)
148    Redfish.Logout
149
150
151Verify Enabling LDAP
152     [Documentation]  Verify that LDAP can be enabled from disabled state.
153     [Tags]  Verify_Enabling_LDAP
154
155     Disable LDAP Configuration
156     Create LDAP Configuration
157
158
159Read Network Configuration Via Different User Roles And Verify Using GUI
160    [Documentation]  Read network configuration via different user roles and verify.
161    [Tags]  Read_Network_Configuration_Via_Different_User_Roles_And_Verify_Using_GUI
162    [Template]  Update LDAP User Role And Read Network Configuration Via GUI
163
164    # group_name     user_role      valid_status_code
165    ${GROUP_NAME}    Administrator  ${HTTP_OK}
166    ${GROUP_NAME}    Operator       ${HTTP_OK}
167    ${GROUP_NAME}    ReadOnly       ${HTTP_OK}
168    ${GROUP_NAME}    NoAccess       ${HTTP_FORBIDDEN}
169
170
171Verify LDAP Login Fails On Wrong LDAP Port
172    [Documentation]  Verify that LDAP login fails when wrong port is entered in LDAP URL.
173    [Tags]  Verify_LDAP_Login_Fails_On_Wrong_LDAP_Port
174    [Teardown]  Run Keywords  Redfish.Logout  AND  Redfish.Login
175
176    ${ldap_uri_wrong_port}=  Catenate  SEPARATOR=:  ${LDAP_SERVER_URI}  ${wrong_ldap_port}
177    Create LDAP Configuration  ${ldap_uri_wrong_port}  ${LDAP_TYPE}  ${LDAP_BIND_DN}
178    ...  ${LDAP_BIND_DN_PASSWORD}  ${LDAP_BASE_DN}  ${LDAP_MODE}
179
180    Get LDAP Configuration  ${LDAP_TYPE}
181    Redfish.Logout
182
183    ${resp}=  Run Keyword And Return Status
184    ...  Redfish.Login  ${LDAP_USER}  ${LDAP_USER_PASSWORD}
185    Should Be Equal  ${resp}  ${False}
186    ...  msg=LDAP user was able to login though the wrong port in LDAP URL
187
188*** Keywords ***
189
190Suite Setup Execution
191    [Documentation]  Do test case setup tasks.
192
193    Launch Browser And Login GUI
194
195    # Navigate to https://xx.xx.xx.xx/#/security-and-access/ldap  LDAP page.
196    Click Element  ${xpath_secuity_and_accesss_menu}
197    Click Element  ${xpath_ldap_sub_menu}
198    Wait Until Keyword Succeeds  30 sec  10 sec  Location Should Contain  ldap
199    Wait Until Element Is Not Visible   ${xpath_page_loading_progress_bar}  timeout=30
200    Wait Until Element Is Enabled  ${xpath_enable_ldap_checkbox}  timeout=10s
201
202    Valid Value  LDAP_TYPE  valid_values=["ActiveDirectory", "LDAP"]
203    Valid Value  LDAP_USER
204    Valid Value  LDAP_USER_PASSWORD
205    Valid Value  GROUP_PRIVILEGE
206    Valid Value  GROUP_NAME
207    Valid Value  LDAP_SERVER_URI
208    Valid Value  LDAP_BIND_DN_PASSWORD
209    Valid Value  LDAP_BIND_DN
210    Valid Value  LDAP_BASE_DN
211    Valid Value  LDAP_MODE  valid_values=["secure", "nonsecure"]
212
213
214Create LDAP Configuration
215    [Documentation]  Create LDAP configuration.
216    [Arguments]  ${ldap_server_uri}=${LDAP_SERVER_URI}  ${ldap_servicetype}=${LDAP_TYPE}
217    ...  ${ldap_bind_dn}=${LDAP_BIND_DN}  ${ldap_bind_dn_password}=${LDAP_BIND_DN_PASSWORD}
218    ...  ${ldap_base_dn}=${LDAP_BASE_DN}  ${ldap_mode}=${LDAP_MODE}
219
220    # Description of argument(s):
221    # ldap_server_uri        LDAP server uri (e.g. ldap://XX.XX.XX.XX).
222    # ldap_type              The LDAP type ("ActiveDirectory" or "LDAP").
223    # ldap_bind_dn           The LDAP bind distinguished name.
224    # ldap_bind_dn_password  The LDAP bind distinguished name password.
225    # ldap_base_dn           The LDAP base distinguished name.
226
227    # Clearing existing LDAP configuration by disabling it.
228    Redfish.Patch  ${REDFISH_BASE_URI}AccountService
229    ...  body={'${LDAP_TYPE}': {'ServiceEnabled': ${False}}}
230
231    # Wait for GUI to reflect LDAP disabled status.
232    Run Keywords  Refresh GUI  AND  Sleep  10s
233
234    Click Element At Coordinates  ${xpath_enable_ldap_checkbox}  0  0
235    ${radio_buttons}=  Get WebElements  ${xpath_service_radio_button}
236
237    Run Keyword If  '${ldap_service_type}' == 'LDAP'
238    ...  Click Element At Coordinates  ${radio_buttons}[${0}]  0  0
239    ...  ELSE  Click Element At Coordinates  ${radio_buttons}[${1}]  0  0
240
241    Wait Until Page Contains Element  ${xpath_ldap_url}
242    Run Keyword If  '${ldap_mode}' == 'secure'
243    ...   Click Element At Coordinates  ${xpath_secure_ldap_checkbox}  0  0
244
245    Input Text  ${xpath_ldap_url}  ${ldap_server_uri}
246    Input Text  ${xpath_ldap_bind_dn}  ${ldap_bind_dn}
247    Input Text  ${xpath_ldap_password}  ${ldap_bind_dn_password}
248    Input Text  ${xpath_ldap_base_dn}  ${ldap_base_dn}
249    Click Element  ${xpath_ldap_save_settings}
250
251    Run Keyword If  '${ldap_service_type}'=='LDAP'
252    ...  Wait Until Page Contains  Successfully saved Open LDAP settings
253    ...  ELSE
254    ...  Wait Until Page Contains  Successfully saved Active Directory settings
255
256    Click Element  ${xpath_refresh_button}
257    Wait Until Page Contains Element  ${xpath_ldap_heading}
258
259
260Get LDAP Configuration
261    [Documentation]  Retrieve LDAP Configuration.
262    [Arguments]   ${ldap_type}
263
264    # Description of argument(s):
265    # ldap_type  The LDAP type ("ActiveDirectory" or "LDAP").
266
267    ${radio_buttons}=  Get WebElements  ${xpath_service_radio_button}
268
269    ${status}=  Run Keyword And Return Status
270    ...  Run Keyword If  '${ldap_type}'=='LDAP'
271    ...  Checkbox Should Be Selected  ${radio_buttons}[${0}]
272    ...  ELSE
273    ...  Checkbox Should Be Selected  ${radio_buttons}[${1}]
274    Should Be Equal  ${status}  ${True}
275
276
277Update LDAP Configuration With LDAP User Role And Group
278    [Documentation]  Update LDAP configuration update with LDAP user role and group.
279    [Arguments]  ${group_name}  ${group_privilege}
280
281    # Description of argument(s):
282    # group_name       The group name of LDAP user.
283    # group_privilege  The group privilege for LDAP user
284    #                  (e.g. "Administrator", "Operator", "ReadOnly" or "NoAcccess").
285
286    Create LDAP Configuration
287    Click Element  ${xpath_add_role_group_button}
288    Input Text  ${xpath_add_group_name}  ${group_name}
289    Select From List By Value  ${xpath_add_group_Privilege}  ${group_privilege}
290    Click Element  ${xpath_add_privilege_button}
291
292    # Verify group name after adding.
293    ${ldap_group_name}=  Get LDAP Privilege And Group Name Via Redfish
294    List Should Contain Value  ${ldap_group_name}  ${group_name}
295
296
297Delete LDAP Role Group
298    [Documentation]  Delete LDAP role group.
299    [Arguments]  ${group_name}
300
301    # Description of argument(s):
302    # group_name         The group name of LDAP user.
303
304    #  Verify given group name is exist before deleting.
305    ${ldap_group_name}=  Get LDAP Privilege And Group Name Via Redfish
306    List Should Contain Value  ${ldap_group_name}  ${group_name}  msg=${group_name} not available.
307
308    ${get_groupname_index}=  Get Index From List  ${ldap_group_name}  ${group_name}
309    ${delete_group_elements}=  Get WebElements  ${xpath_delete_group_button}
310    Click Element  ${delete_group_elements}[${get_groupname_index}]
311    Click Element  ${xpath_delete_button}
312
313    # Verify group name after deleting.
314    ${ldap_group_name}=  Get LDAP Privilege And Group Name Via Redfish
315    List Should Not Contain Value  ${ldap_group_name}  ${group_name}  msg=${group_name} not available.
316
317
318Disable LDAP Configuration
319    [Documentation]  Disable LDAP configuration on BMC.
320
321    ${status}=  Run Keyword And Return Status
322    ...  Checkbox Should Be Selected  ${xpath_enable_ldap_checkbox}
323
324    Run Keyword If  ${status} == ${True}
325    ...  Click Element At Coordinates  ${xpath_enable_ldap_checkbox}  0  0
326
327    Checkbox Should Not Be Selected  ${xpath_enable_ldap_checkbox}
328    Click Element  ${xpath_ldap_save_settings}
329    Wait Until Page Contains  Successfully saved Open LDAP settings
330    Click Element  ${xpath_refresh_button}
331    Wait Until Page Contains Element  ${xpath_ldap_heading}
332
333
334Login BMC And Navigate To LDAP Page
335    [Documentation]  Login BMC and navigate to ldap page.
336    [Arguments]  ${username}=${OPENBMC_USERNAME}  ${password}=${OPENBMC_PASSWORD}
337
338    # Description of argument(s):
339    # username  The username to be used for login.
340    # password  The password to be used for login.
341
342    Login GUI  ${username}  ${password}
343    # Navigate to https://xx.xx.xx.xx/#/security-and-access/ldap  LDAP page.
344    Click Element  ${xpath_secuity_and_accesss_menu}
345    Click Element  ${xpath_ldap_sub_menu}
346    Wait Until Keyword Succeeds  30 sec  10 sec  Location Should Contain  ldap
347
348
349Update LDAP User Role And Read Network Configuration Via GUI
350    [Documentation]  Update LDAP user role and read network configuration via GUI.
351    [Arguments]  ${group_name}  ${user_role}  ${valid_status_codes}
352    [Teardown]  Run Keywords  Logout GUI  AND  Login BMC And Navigate To LDAP Page
353    ...  AND  Delete LDAP Role Group  ${group_name}
354
355    # Description of argument(s):
356    # group_privilege    The group privilege ("Administrator", "Operator", "ReadOnly" or "NoAccess").
357    # group_name         The group name of user.
358    # valid_status_code  The expected valid status code.
359
360
361    Update LDAP Configuration with LDAP User Role And Group  ${group_name}  ${user_role}
362    Logout GUI
363    Login GUI  ${LDAP_USER}  ${LDAP_USER_PASSWORD}
364    Redfish.Login  ${LDAP_USER}  ${LDAP_USER_PASSWORD}
365
366    Click Element  ${xpath_server_configuration}
367    Click Element  ${xpath_select_network_settings}
368    Wait Until Keyword Succeeds  30 sec  10 sec  Location Should Contain  network-settings
369
370    ${resp}=  Redfish.Get  ${REDFISH_NW_ETH0_URI}  valid_status_codes=[${valid_status_codes}]
371    Return From Keyword If  ${valid_status_codes} == ${HTTP_FORBIDDEN}
372
373    ${host_name}=  Redfish.Get Attribute  ${REDFISH_NW_PROTOCOL_URI}  HostName
374    Textfield Value Should Be  ${xpath_hostname_input}  ${host_name}
375
376    ${mac_address}=  Redfish.Get Attribute  ${REDFISH_NW_ETH0_URI}  MACAddress
377    Textfield Value Should Be  ${xpath_mac_address_input}  ${mac_address}
378
379