1*** Settings *** 2 3Documentation Test OpenBMC GUI "LDAP" sub-menu of "Security and access". 4 5Resource ../../lib/gui_resource.robot 6Resource ../../../lib/bmc_ldap_utils.robot 7 8Suite Setup Suite Setup Execution 9Suite Teardown Close Browser 10 11 12*** Variables *** 13 14${xpath_ldap_heading} //h1[text()="LDAP"] 15${xpath_enable_ldap_checkbox} //*[@data-test-id='ldap-checkbox-ldapAuthenticationEnabled']//following-sibling::label 16${xpath_secure_ldap_checkbox} //*[@data-test-id='ldap-checkbox-secureLdapEnabled'] 17${xpath_service_radio_button} //*[@data-test-id="ldap-radio-activeDirectoryEnabled"] 18${xpath_add_role_group_button} //button[contains(text(),'Add role group')] 19${xpath_ldap_url} //*[@data-test-id='ldap-input-serverUri'] 20${xpath_ldap_bind_dn} //*[@data-test-id='ldap-input-bindDn'] 21${xpath_ldap_password} //*[@id='bind-password'] 22${xpath_ldap_base_dn} //*[@data-test-id='ldap-input-baseDn'] 23${xpath_ldap_save_settings} //*[@data-test-id='ldap-button-saveSettings'] 24${xpath_select_refresh_button} //*[text()[contains(.,"Refresh")]] 25${xpath_add_group_name} //*[@id="role-group-name"] 26${xpath_add_group_Privilege} //*[@id="privilege"] 27${xpath_add_privilege_button} //button[text()=" Add "] 28${xpath_delete_group_button} //*[@title="Delete"] 29${xpath_delete_button} //button[text()="Delete"] 30 31 32${incorrect_ip} 1.2.3.4 33${wrong_ldap_port} 135 34 35*** Test Cases *** 36 37Verify Navigation To LDAP Page 38 [Documentation] Verify navigation to LDAP page. 39 [Tags] Verify_Navigation_To_LDAP_Page 40 41 Page Should Contain Element ${xpath_ldap_heading} 42 43 44Verify Existence Of All Sections In LDAP Page 45 [Documentation] Verify existence of all sections in LDAP page. 46 [Tags] Verify_Existence_Of_All_Sections_In_LDAP_Page 47 48 Page Should Contain Settings 49 Page Should Contain Role groups 50 51 52Verify Existence Of All Buttons In LDAP Page 53 [Documentation] Verify existence of all buttons in LDAP page. 54 [Tags] Verify_Existence_Of_All_Buttons_In_LDAP_Page 55 56 # Buttons under settings section. 57 Page Should Contain Element ${xpath_service_radio_button} 58 Page Should Contain Element ${xpath_save_settings_button} 59 60 # Buttons under role groups section. 61 Page Should Contain Element ${xpath_add_role_group_button} 62 63 64Verify Existence Of All Checkboxes In LDAP Page 65 [Documentation] Verify existence of all checkboxes in LDAP page. 66 [Tags] Verify_Existence_Of_All_Checkboxes_In_LDAP_Page 67 68 # Checkboxes under settings section. 69 Page Should Contain Element ${xpath_enable_ldap_checkbox} 70 Page Should Contain Element ${xpath_secure_ldap_checkbox} 71 72 73Verify LDAP Configurations Editable 74 [Documentation] Verify LDAP configurations are editable. 75 [Tags] Verify_LDAP_Configurations_Editable 76 77 Create LDAP Configuration ${LDAP_SERVER_URI} ${LDAP_TYPE} ${LDAP_BIND_DN} 78 ... ${LDAP_BIND_DN_PASSWORD} ${LDAP_BASE_DN} 79 Wait Until Page Contains Element ${xpath_ldap_url} 80 Textfield Value Should Be ${xpath_ldap_url} ${LDAP_SERVER_URI} 81 Textfield Value Should Be ${xpath_ldap_bind_dn} ${LDAP_BIND_DN} 82 Textfield Value Should Be ${xpath_ldap_password} ${empty} 83 Textfield Value Should Be ${xpath_ldap_base_dn} ${LDAP_BASE_DN} 84 85 86Verify Create LDAP Configuration 87 [Documentation] Verify created LDAP configuration. 88 [Tags] Verify_Create_LDAP_Configuration 89 [Teardown] Run Keywords Redfish.Logout AND Redfish.Login 90 91 Create LDAP Configuration 92 Get LDAP Configuration ${LDAP_TYPE} 93 Redfish.Logout 94 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD} 95 96 97Verify LDAP Config Update With Incorrect LDAP IP Address 98 [Documentation] Verify that LDAP login fails with incorrect LDAP IP Address. 99 [Tags] Verify_LDAP_Config_Update_With_Incorrect_LDAP_IP_Address 100 [Teardown] Run Keywords Redfish.Logout AND Redfish.Login 101 102 Create LDAP Configuration ${incorrect_ip} ${LDAP_TYPE} ${LDAP_BIND_DN} 103 ... ${LDAP_BIND_DN_PASSWORD} ${LDAP_BASE_DN} ${LDAP_MODE} 104 105 Get LDAP Configuration ${LDAP_TYPE} 106 Redfish.Logout 107 108 ${resp}= Run Keyword And Return Status 109 ... Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD} 110 Should Be Equal ${resp} ${False} 111 ... msg=LDAP user was able to login though the incorrect LDAP IP Address. 112 113 114Verify LDAP Service Disable 115 [Documentation] Verify that LDAP user cannot login when LDAP service is disabled. 116 [Tags] Verify_LDAP_Service_Disable 117 [Teardown] Run Keywords Redfish.Logout AND Redfish.Login 118 119 ${status}= Run Keyword And Return Status 120 ... Checkbox Should Be Selected ${xpath_enable_ldap_checkbox} 121 122 Run Keyword If ${status} == ${True} 123 ... Click Element At Coordinates ${xpath_enable_ldap_checkbox} 0 0 124 125 Checkbox Should Not Be Selected ${xpath_enable_ldap_checkbox} 126 Click Element ${xpath_ldap_save_settings} 127 Wait Until Page Contains Successfully saved Open LDAP settings 128 Click Element ${xpath_refresh_button} 129 Wait Until Page Contains Element ${xpath_ldap_heading} 130 Redfish.Logout 131 132 ${resp}= Run Keyword And Return Status 133 ... Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD} 134 Should Be Equal ${resp} ${False} 135 ... msg=LDAP user was able to login even though the LDAP service was disabled. 136 137 138Verify LDAP User With Admin Privilege 139 [Documentation] Verify that LDAP user with administrator privilege is able to do BMC reboot. 140 [Tags] Verify_LDAP_User_With_Admin_Privilege 141 [Teardown] Run Keywords Redfish.Login AND Delete LDAP Role Group ${GROUP_NAME} 142 143 Update LDAP Configuration with LDAP User Role And Group ${GROUP_NAME} ${GROUP_PRIVILEGE} 144 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD} 145 Redfish OBMC Reboot (off) 146 Redfish.Logout 147 148 149Verify Enabling LDAP 150 [Documentation] Verify that LDAP can be enabled from disabled state. 151 [Tags] Verify_Enabling_LDAP 152 153 Disable LDAP Configuration 154 Create LDAP Configuration 155 156 157Read Network Configuration Via Different User Roles And Verify Using GUI 158 [Documentation] Read network configuration via different user roles and verify. 159 [Tags] Read_Network_Configuration_Via_Different_User_Roles_And_Verify_Using_GUI 160 [Template] Update LDAP User Role And Read Network Configuration Via GUI 161 162 # group_name user_role valid_status_code 163 ${GROUP_NAME} Administrator ${HTTP_OK} 164 ${GROUP_NAME} Operator ${HTTP_OK} 165 ${GROUP_NAME} ReadOnly ${HTTP_OK} 166 ${GROUP_NAME} NoAccess ${HTTP_FORBIDDEN} 167 168 169Verify LDAP Login Fails On Wrong LDAP Port 170 [Documentation] Verify that LDAP login fails when wrong port is entered in LDAP URL. 171 [Tags] Verify_LDAP_Login_Fails_On_Wrong_LDAP_Port 172 [Teardown] Run Keywords Redfish.Logout AND Redfish.Login 173 174 ${ldap_uri_wrong_port}= Catenate SEPARATOR=: ${LDAP_SERVER_URI} ${wrong_ldap_port} 175 Create LDAP Configuration ${ldap_uri_wrong_port} ${LDAP_TYPE} ${LDAP_BIND_DN} 176 ... ${LDAP_BIND_DN_PASSWORD} ${LDAP_BASE_DN} ${LDAP_MODE} 177 178 Get LDAP Configuration ${LDAP_TYPE} 179 Redfish.Logout 180 181 ${resp}= Run Keyword And Return Status 182 ... Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD} 183 Should Be Equal ${resp} ${False} 184 ... msg=LDAP user was able to login though the wrong port in LDAP URL 185 186*** Keywords *** 187 188Suite Setup Execution 189 [Documentation] Do test case setup tasks. 190 191 Launch Browser And Login GUI 192 193 # Navigate to https://xx.xx.xx.xx/#/security-and-access/ldap LDAP page. 194 Click Element ${xpath_secuity_and_accesss_menu} 195 Click Element ${xpath_ldap_sub_menu} 196 Wait Until Keyword Succeeds 30 sec 10 sec Location Should Contain ldap 197 Wait Until Element Is Enabled ${xpath_enable_ldap_checkbox} timeout=10s 198 199 Valid Value LDAP_TYPE valid_values=["ActiveDirectory", "LDAP"] 200 Valid Value LDAP_USER 201 Valid Value LDAP_USER_PASSWORD 202 Valid Value GROUP_PRIVILEGE 203 Valid Value GROUP_NAME 204 Valid Value LDAP_SERVER_URI 205 Valid Value LDAP_BIND_DN_PASSWORD 206 Valid Value LDAP_BIND_DN 207 Valid Value LDAP_BASE_DN 208 Valid Value LDAP_MODE valid_values=["secure", "nonsecure"] 209 210 211Create LDAP Configuration 212 [Documentation] Create LDAP configuration. 213 [Arguments] ${ldap_server_uri}=${LDAP_SERVER_URI} ${ldap_servicetype}=${LDAP_TYPE} 214 ... ${ldap_bind_dn}=${LDAP_BIND_DN} ${ldap_bind_dn_password}=${LDAP_BIND_DN_PASSWORD} 215 ... ${ldap_base_dn}=${LDAP_BASE_DN} ${ldap_mode}=${LDAP_MODE} 216 217 # Description of argument(s): 218 # ldap_server_uri LDAP server uri (e.g. ldap://XX.XX.XX.XX). 219 # ldap_type The LDAP type ("ActiveDirectory" or "LDAP"). 220 # ldap_bind_dn The LDAP bind distinguished name. 221 # ldap_bind_dn_password The LDAP bind distinguished name password. 222 # ldap_base_dn The LDAP base distinguished name. 223 224 # Clearing existing LDAP configuration by disabling it. 225 Redfish.Patch ${REDFISH_BASE_URI}AccountService 226 ... body={'${LDAP_TYPE}': {'ServiceEnabled': ${False}}} 227 228 # Wait for GUI to reflect LDAP disabled status. 229 Run Keywords Refresh GUI AND Sleep 10s 230 231 Click Element ${xpath_enable_ldap_checkbox} 232 ${radio_buttons}= Get WebElements ${xpath_service_radio_button} 233 234 Run Keyword If '${ldap_service_type}' == 'LDAP' 235 ... Click Element At Coordinates ${radio_buttons}[${0}] 0 0 236 ... ELSE Click Element At Coordinates ${radio_buttons}[${1}] 0 0 237 238 Wait Until Page Contains Element ${xpath_ldap_url} 239 Run Keyword If '${ldap_mode}' == 'secure' 240 ... Click Element At Coordinates ${xpath_secure_ldap_checkbox} 0 0 241 242 Input Text ${xpath_ldap_url} ${ldap_server_uri} 243 Input Text ${xpath_ldap_bind_dn} ${ldap_bind_dn} 244 Input Text ${xpath_ldap_password} ${ldap_bind_dn_password} 245 Input Text ${xpath_ldap_base_dn} ${ldap_base_dn} 246 Click Element ${xpath_ldap_save_settings} 247 248 Run Keyword If '${ldap_service_type}'=='LDAP' 249 ... Wait Until Page Contains Successfully saved Open LDAP settings 250 ... ELSE 251 ... Wait Until Page Contains Successfully saved Active Directory settings 252 253 Click Element ${xpath_refresh_button} 254 Wait Until Page Contains Element ${xpath_ldap_heading} 255 256 257Get LDAP Configuration 258 [Documentation] Retrieve LDAP Configuration. 259 [Arguments] ${ldap_type} 260 261 # Description of argument(s): 262 # ldap_type The LDAP type ("ActiveDirectory" or "LDAP"). 263 264 ${radio_buttons}= Get WebElements ${xpath_service_radio_button} 265 266 ${status}= Run Keyword And Return Status 267 ... Run Keyword If '${ldap_type}'=='LDAP' 268 ... Checkbox Should Be Selected ${radio_buttons}[${0}] 269 ... ELSE 270 ... Checkbox Should Be Selected ${radio_buttons}[${1}] 271 Should Be Equal ${status} ${True} 272 273 274Update LDAP Configuration With LDAP User Role And Group 275 [Documentation] Update LDAP configuration update with LDAP user role and group. 276 [Arguments] ${group_name} ${group_privilege} 277 278 # Description of argument(s): 279 # group_name The group name of LDAP user. 280 # group_privilege The group privilege for LDAP user 281 # (e.g. "Administrator", "Operator", "ReadOnly" or "NoAcccess"). 282 283 Create LDAP Configuration 284 Click Element ${xpath_add_role_group_button} 285 Input Text ${xpath_add_group_name} ${group_name} 286 Select From List By Value ${xpath_add_group_Privilege} ${group_privilege} 287 Click Element ${xpath_add_privilege_button} 288 289 # Verify group name after adding. 290 ${ldap_group_name}= Get LDAP Privilege And Group Name Via Redfish 291 List Should Contain Value ${ldap_group_name} ${group_name} 292 293 294Delete LDAP Role Group 295 [Documentation] Delete LDAP role group. 296 [Arguments] ${group_name} 297 298 # Description of argument(s): 299 # group_name The group name of LDAP user. 300 301 # Verify given group name is exist before deleting. 302 ${ldap_group_name}= Get LDAP Privilege And Group Name Via Redfish 303 List Should Contain Value ${ldap_group_name} ${group_name} msg=${group_name} not available. 304 305 ${get_groupname_index}= Get Index From List ${ldap_group_name} ${group_name} 306 ${delete_group_elements}= Get WebElements ${xpath_delete_group_button} 307 Click Element ${delete_group_elements}[${get_groupname_index}] 308 Click Element ${xpath_delete_button} 309 310 # Verify group name after deleting. 311 ${ldap_group_name}= Get LDAP Privilege And Group Name Via Redfish 312 List Should Not Contain Value ${ldap_group_name} ${group_name} msg=${group_name} not available. 313 314 315Disable LDAP Configuration 316 [Documentation] Disable LDAP configuration on BMC. 317 318 ${status}= Run Keyword And Return Status 319 ... Checkbox Should Be Selected ${xpath_enable_ldap_checkbox} 320 321 Run Keyword If ${status} == ${True} 322 ... Click Element At Coordinates ${xpath_enable_ldap_checkbox} 0 0 323 324 Checkbox Should Not Be Selected ${xpath_enable_ldap_checkbox} 325 Click Element ${xpath_ldap_save_settings} 326 Wait Until Page Contains Successfully saved Open LDAP settings 327 Click Element ${xpath_refresh_button} 328 Wait Until Page Contains Element ${xpath_ldap_heading} 329 330 331Login BMC And Navigate To LDAP Page 332 [Documentation] Login BMC and navigate to ldap page. 333 [Arguments] ${username}=${OPENBMC_USERNAME} ${password}=${OPENBMC_PASSWORD} 334 335 # Description of argument(s): 336 # username The username to be used for login. 337 # password The password to be used for login. 338 339 Login GUI ${username} ${password} 340 # Navigate to https://xx.xx.xx.xx/#/security-and-access/ldap LDAP page. 341 Click Element ${xpath_secuity_and_accesss_menu} 342 Click Element ${xpath_ldap_sub_menu} 343 Wait Until Keyword Succeeds 30 sec 10 sec Location Should Contain ldap 344 345 346Update LDAP User Role And Read Network Configuration Via GUI 347 [Documentation] Update LDAP user role and read network configuration via GUI. 348 [Arguments] ${group_name} ${user_role} ${valid_status_codes} 349 [Teardown] Run Keywords Logout GUI AND Login BMC And Navigate To LDAP Page 350 ... AND Delete LDAP Role Group ${group_name} 351 352 # Description of argument(s): 353 # group_privilege The group privilege ("Administrator", "Operator", "ReadOnly" or "NoAccess"). 354 # group_name The group name of user. 355 # valid_status_code The expected valid status code. 356 357 358 Update LDAP Configuration with LDAP User Role And Group ${group_name} ${user_role} 359 Logout GUI 360 Login GUI ${LDAP_USER} ${LDAP_USER_PASSWORD} 361 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD} 362 363 Click Element ${xpath_server_configuration} 364 Click Element ${xpath_select_network_settings} 365 Wait Until Keyword Succeeds 30 sec 10 sec Location Should Contain network-settings 366 367 ${resp}= Redfish.Get ${REDFISH_NW_ETH0_URI} valid_status_codes=[${valid_status_codes}] 368 Return From Keyword If ${valid_status_codes} == ${HTTP_FORBIDDEN} 369 370 ${host_name}= Redfish.Get Attribute ${REDFISH_NW_PROTOCOL_URI} HostName 371 Textfield Value Should Be ${xpath_hostname_input} ${host_name} 372 373 ${mac_address}= Redfish.Get Attribute ${REDFISH_NW_ETH0_URI} MACAddress 374 Textfield Value Should Be ${xpath_mac_address_input} ${mac_address} 375 376