1*** Settings ***
2
3Documentation  Test OpenBMC GUI "LDAP" sub-menu of "Security and access".
4
5Resource        ../../lib/gui_resource.robot
6Resource        ../../../lib/bmc_ldap_utils.robot
7
8Suite Setup     Suite Setup Execution
9Suite Teardown  Close Browser
10
11Force Tags      LDAP_Sub_Menu
12
13*** Variables ***
14
15${xpath_ldap_heading}                   //h1[text()="LDAP"]
16${xpath_enable_ldap_checkbox}           //*[@data-test-id='ldap-checkbox-ldapAuthenticationEnabled']
17${xpath_secure_ldap_checkbox}           //*[@data-test-id='ldap-checkbox-secureLdapEnabled']
18${xpath_service_radio_button}           //*[@data-test-id="ldap-radio-activeDirectoryEnabled"]
19${xpath_add_role_group_button}          //button[contains(text(),'Add role group')]
20${xpath_ldap_url}                       //*[@data-test-id='ldap-input-serverUri']
21${xpath_ldap_bind_dn}                   //*[@data-test-id='ldap-input-bindDn']
22${xpath_ldap_password}                  //*[@id='bind-password']
23${xpath_ldap_base_dn}                   //*[@data-test-id='ldap-input-baseDn']
24${xpath_ldap_save_settings}             //*[@data-test-id='ldap-button-saveSettings']
25${xpath_select_refresh_button}          //*[text()[contains(.,"Refresh")]]
26${xpath_add_group_name}                 //*[@id="role-group-name"]
27${xpath_add_group_Privilege}            //*[@id="privilege"]
28${xpath_add_privilege_button}           //button[text()=" Add "]
29${xpath_delete_group_button}            //*[@title="Delete"]
30${xpath_delete_button}                  //button[text()="Delete"]
31
32
33${incorrect_ip}     1.2.3.4
34${wrong_ldap_port}  135
35
36*** Test Cases ***
37
38Verify Navigation To LDAP Page
39    [Documentation]  Verify navigation to LDAP page.
40    [Tags]  Verify_Navigation_To_LDAP_Page
41
42    Page Should Contain Element  ${xpath_ldap_heading}
43
44
45Verify Existence Of All Sections In LDAP Page
46    [Documentation]  Verify existence of all sections in LDAP page.
47    [Tags]  Verify_Existence_Of_All_Sections_In_LDAP_Page
48
49    Page Should Contain  Settings
50    Page Should Contain  Role groups
51
52
53Verify Existence Of All Buttons In LDAP Page
54    [Documentation]  Verify existence of all buttons in LDAP page.
55    [Tags]  Verify_Existence_Of_All_Buttons_In_LDAP_Page
56
57    # Buttons under settings section.
58    Page Should Contain Element  ${xpath_service_radio_button}
59    Page Should Contain Element  ${xpath_save_settings_button}
60
61    # Buttons under role groups section.
62    Page Should Contain Element  ${xpath_add_role_group_button}
63
64
65Verify Existence Of All Checkboxes In LDAP Page
66    [Documentation]  Verify existence of all checkboxes in LDAP page.
67    [Tags]  Verify_Existence_Of_All_Checkboxes_In_LDAP_Page
68
69    # Checkboxes under settings section.
70    Page Should Contain Element  ${xpath_enable_ldap_checkbox}
71    Page Should Contain Element  ${xpath_secure_ldap_checkbox}
72
73
74Verify LDAP Configurations Editable
75    [Documentation]  Verify LDAP configurations are editable.
76    [Tags]  Verify_LDAP_Configurations_Editable
77    [Setup]  Redfish.Login
78    [Teardown]  Redfish.Logout
79
80    Create LDAP Configuration  ${LDAP_SERVER_URI}  ${LDAP_TYPE}  ${LDAP_BIND_DN}
81    ...  ${LDAP_BIND_DN_PASSWORD}  ${LDAP_BASE_DN}
82    Wait Until Page Contains Element  ${xpath_ldap_url}
83    Textfield Value Should Be  ${xpath_ldap_url}  ${LDAP_SERVER_URI}
84    Textfield Value Should Be  ${xpath_ldap_bind_dn}  ${LDAP_BIND_DN}
85    Textfield Value Should Be  ${xpath_ldap_password}  ${empty}
86    Textfield Value Should Be  ${xpath_ldap_base_dn}  ${LDAP_BASE_DN}
87
88
89Verify Create LDAP Configuration
90    [Documentation]  Verify created LDAP configuration.
91    [Tags]  Verify_Create_LDAP_Configuration
92    [Teardown]  Run Keywords  Redfish.Logout  AND  Redfish.Login
93
94    Create LDAP Configuration
95    Get LDAP Configuration  ${LDAP_TYPE}
96    Redfish.Logout
97    Redfish.Login  ${LDAP_USER}  ${LDAP_USER_PASSWORD}
98
99
100Verify LDAP Config Update With Incorrect LDAP IP Address
101    [Documentation]  Verify that LDAP login fails with incorrect LDAP IP Address.
102    [Tags]  Verify_LDAP_Config_Update_With_Incorrect_LDAP_IP_Address
103    [Setup]  Redfish.Login
104    [Teardown]  Run Keywords  Redfish.Logout  AND  Redfish.Login
105
106    Create LDAP Configuration  ${incorrect_ip}   ${LDAP_TYPE}  ${LDAP_BIND_DN}
107    ...  ${LDAP_BIND_DN_PASSWORD}  ${LDAP_BASE_DN}  ${LDAP_MODE}
108
109    Get LDAP Configuration  ${LDAP_TYPE}
110    Redfish.Logout
111
112    ${resp}=  Run Keyword And Return Status
113    ...  Redfish.Login  ${LDAP_USER}  ${LDAP_USER_PASSWORD}
114    Should Be Equal  ${resp}  ${False}
115    ...  msg=LDAP user was able to login though the incorrect LDAP IP Address.
116
117
118Verify LDAP Service Disable
119    [Documentation]  Verify that LDAP user cannot login when LDAP service is disabled.
120    [Tags]  Verify_LDAP_Service_Disable
121    [Teardown]  Run Keywords  Redfish.Logout  AND  Redfish.Login
122
123    ${status}=  Run Keyword And Return Status
124    ...  Checkbox Should Be Selected  ${xpath_enable_ldap_checkbox}
125
126    Run Keyword If  ${status} == ${True}
127    ...  Click Element At Coordinates  ${xpath_enable_ldap_checkbox}  0  0
128
129    Checkbox Should Not Be Selected  ${xpath_enable_ldap_checkbox}
130    Click Element  ${xpath_ldap_save_settings}
131    Wait Until Page Contains  Successfully saved Open LDAP settings
132    Click Element  ${xpath_refresh_button}
133    Wait Until Page Contains Element  ${xpath_ldap_heading}
134    Redfish.Logout
135
136    ${resp}=  Run Keyword And Return Status
137    ...  Redfish.Login  ${LDAP_USER}  ${LDAP_USER_PASSWORD}
138    Should Be Equal  ${resp}  ${False}
139    ...  msg=LDAP user was able to login even though the LDAP service was disabled.
140
141
142Verify LDAP User With Admin Privilege
143    [Documentation]  Verify that LDAP user with administrator privilege is able to do BMC reboot.
144    [Tags]  Verify_LDAP_User_With_Admin_Privilege
145    [Teardown]  Run Keywords  Redfish.Login  AND  Delete LDAP Role Group  ${GROUP_NAME}
146
147    Update LDAP Configuration with LDAP User Role And Group  ${GROUP_NAME}  ${GROUP_PRIVILEGE}
148    Redfish.Login  ${LDAP_USER}  ${LDAP_USER_PASSWORD}
149    Redfish OBMC Reboot (off)
150    Redfish.Logout
151
152
153Verify Enabling LDAP
154     [Documentation]  Verify that LDAP can be enabled from disabled state.
155     [Tags]  Verify_Enabling_LDAP
156
157     Disable LDAP Configuration
158     Create LDAP Configuration
159
160
161Read Network Configuration Via Different User Roles And Verify Using GUI
162    [Documentation]  Read network configuration via different user roles and verify.
163    [Tags]  Read_Network_Configuration_Via_Different_User_Roles_And_Verify_Using_GUI
164    [Template]  Update LDAP User Role And Read Network Configuration Via GUI
165
166    # group_name     user_role      valid_status_code
167    ${GROUP_NAME}    Administrator  ${HTTP_OK}
168    ${GROUP_NAME}    Operator       ${HTTP_OK}
169    ${GROUP_NAME}    ReadOnly       ${HTTP_OK}
170    ${GROUP_NAME}    NoAccess       ${HTTP_FORBIDDEN}
171
172
173Verify LDAP Login Fails On Wrong LDAP Port
174    [Documentation]  Verify that LDAP login fails when wrong port is entered in LDAP URL.
175    [Tags]  Verify_LDAP_Login_Fails_On_Wrong_LDAP_Port
176    [Teardown]  Run Keywords  Redfish.Logout  AND  Redfish.Login
177
178    ${ldap_uri_wrong_port}=  Catenate  SEPARATOR=:  ${LDAP_SERVER_URI}  ${wrong_ldap_port}
179    Create LDAP Configuration  ${ldap_uri_wrong_port}  ${LDAP_TYPE}  ${LDAP_BIND_DN}
180    ...  ${LDAP_BIND_DN_PASSWORD}  ${LDAP_BASE_DN}  ${LDAP_MODE}
181
182    Get LDAP Configuration  ${LDAP_TYPE}
183    Redfish.Logout
184
185    ${resp}=  Run Keyword And Return Status
186    ...  Redfish.Login  ${LDAP_USER}  ${LDAP_USER_PASSWORD}
187    Should Be Equal  ${resp}  ${False}
188    ...  msg=LDAP user was able to login though the wrong port in LDAP URL
189
190*** Keywords ***
191
192Suite Setup Execution
193    [Documentation]  Do test case setup tasks.
194
195    Launch Browser And Login GUI
196
197    # Navigate to https://xx.xx.xx.xx/#/security-and-access/ldap  LDAP page.
198    Click Element  ${xpath_secuity_and_accesss_menu}
199    Click Element  ${xpath_ldap_sub_menu}
200    Wait Until Keyword Succeeds  30 sec  10 sec  Location Should Contain  ldap
201    Wait Until Element Is Not Visible   ${xpath_page_loading_progress_bar}  timeout=30
202    Wait Until Element Is Enabled  ${xpath_enable_ldap_checkbox}  timeout=10s
203
204    Valid Value  LDAP_TYPE  valid_values=["ActiveDirectory", "LDAP"]
205    Valid Value  LDAP_USER
206    Valid Value  LDAP_USER_PASSWORD
207    Valid Value  GROUP_PRIVILEGE
208    Valid Value  GROUP_NAME
209    Valid Value  LDAP_SERVER_URI
210    Valid Value  LDAP_BIND_DN_PASSWORD
211    Valid Value  LDAP_BIND_DN
212    Valid Value  LDAP_BASE_DN
213    Valid Value  LDAP_MODE  valid_values=["secure", "nonsecure"]
214
215
216Create LDAP Configuration
217    [Documentation]  Create LDAP configuration.
218    [Arguments]  ${ldap_server_uri}=${LDAP_SERVER_URI}  ${ldap_servicetype}=${LDAP_TYPE}
219    ...  ${ldap_bind_dn}=${LDAP_BIND_DN}  ${ldap_bind_dn_password}=${LDAP_BIND_DN_PASSWORD}
220    ...  ${ldap_base_dn}=${LDAP_BASE_DN}  ${ldap_mode}=${LDAP_MODE}
221
222    # Description of argument(s):
223    # ldap_server_uri        LDAP server uri (e.g. ldap://XX.XX.XX.XX).
224    # ldap_type              The LDAP type ("ActiveDirectory" or "LDAP").
225    # ldap_bind_dn           The LDAP bind distinguished name.
226    # ldap_bind_dn_password  The LDAP bind distinguished name password.
227    # ldap_base_dn           The LDAP base distinguished name.
228
229    # Clearing existing LDAP configuration by disabling it.
230    Redfish.Patch  ${REDFISH_BASE_URI}AccountService
231    ...  body={'${LDAP_TYPE}': {'ServiceEnabled': ${False}}}
232
233    # Wait for GUI to reflect LDAP disabled status.
234    Run Keywords  Refresh GUI  AND  Sleep  10s
235
236    Click Element At Coordinates  ${xpath_enable_ldap_checkbox}  0  0
237    ${radio_buttons}=  Get WebElements  ${xpath_service_radio_button}
238
239    Run Keyword If  '${ldap_service_type}' == 'LDAP'
240    ...  Click Element At Coordinates  ${radio_buttons}[${0}]  0  0
241    ...  ELSE  Click Element At Coordinates  ${radio_buttons}[${1}]  0  0
242
243    Wait Until Page Contains Element  ${xpath_ldap_url}
244    Run Keyword If  '${ldap_mode}' == 'secure'
245    ...   Click Element At Coordinates  ${xpath_secure_ldap_checkbox}  0  0
246
247    Input Text  ${xpath_ldap_url}  ${ldap_server_uri}
248    Input Text  ${xpath_ldap_bind_dn}  ${ldap_bind_dn}
249    Input Text  ${xpath_ldap_password}  ${ldap_bind_dn_password}
250    Input Text  ${xpath_ldap_base_dn}  ${ldap_base_dn}
251    Click Element  ${xpath_ldap_save_settings}
252
253    Run Keyword If  '${ldap_service_type}'=='LDAP'
254    ...  Wait Until Page Contains  Successfully saved Open LDAP settings
255    ...  ELSE
256    ...  Wait Until Page Contains  Successfully saved Active Directory settings
257
258    Click Element  ${xpath_refresh_button}
259    Wait Until Page Contains Element  ${xpath_ldap_heading}
260
261
262Get LDAP Configuration
263    [Documentation]  Retrieve LDAP Configuration.
264    [Arguments]   ${ldap_type}
265
266    # Description of argument(s):
267    # ldap_type  The LDAP type ("ActiveDirectory" or "LDAP").
268
269    ${radio_buttons}=  Get WebElements  ${xpath_service_radio_button}
270
271    ${status}=  Run Keyword And Return Status
272    ...  Run Keyword If  '${ldap_type}'=='LDAP'
273    ...  Checkbox Should Be Selected  ${radio_buttons}[${0}]
274    ...  ELSE
275    ...  Checkbox Should Be Selected  ${radio_buttons}[${1}]
276    Should Be Equal  ${status}  ${True}
277
278
279Update LDAP Configuration With LDAP User Role And Group
280    [Documentation]  Update LDAP configuration update with LDAP user role and group.
281    [Arguments]  ${group_name}  ${group_privilege}
282
283    # Description of argument(s):
284    # group_name       The group name of LDAP user.
285    # group_privilege  The group privilege for LDAP user
286    #                  (e.g. "Administrator", "Operator", "ReadOnly" or "NoAcccess").
287
288    Create LDAP Configuration
289    Click Element  ${xpath_add_role_group_button}
290    Input Text  ${xpath_add_group_name}  ${group_name}
291    Select From List By Value  ${xpath_add_group_Privilege}  ${group_privilege}
292    Click Element  ${xpath_add_privilege_button}
293
294    # Verify group name after adding.
295    ${ldap_group_name}=  Get LDAP Privilege And Group Name Via Redfish
296    List Should Contain Value  ${ldap_group_name}  ${group_name}
297
298
299Delete LDAP Role Group
300    [Documentation]  Delete LDAP role group.
301    [Arguments]  ${group_name}
302
303    # Description of argument(s):
304    # group_name         The group name of LDAP user.
305
306    #  Verify given group name is exist before deleting.
307    ${ldap_group_name}=  Get LDAP Privilege And Group Name Via Redfish
308    List Should Contain Value  ${ldap_group_name}  ${group_name}  msg=${group_name} not available.
309
310    ${get_groupname_index}=  Get Index From List  ${ldap_group_name}  ${group_name}
311    ${delete_group_elements}=  Get WebElements  ${xpath_delete_group_button}
312    Click Element  ${delete_group_elements}[${get_groupname_index}]
313    Click Element  ${xpath_delete_button}
314
315    # Verify group name after deleting.
316    ${ldap_group_name}=  Get LDAP Privilege And Group Name Via Redfish
317    List Should Not Contain Value  ${ldap_group_name}  ${group_name}  msg=${group_name} not available.
318
319
320Disable LDAP Configuration
321    [Documentation]  Disable LDAP configuration on BMC.
322
323    ${status}=  Run Keyword And Return Status
324    ...  Checkbox Should Be Selected  ${xpath_enable_ldap_checkbox}
325
326    Run Keyword If  ${status} == ${True}
327    ...  Click Element At Coordinates  ${xpath_enable_ldap_checkbox}  0  0
328
329    Checkbox Should Not Be Selected  ${xpath_enable_ldap_checkbox}
330    Click Element  ${xpath_ldap_save_settings}
331    Wait Until Page Contains  Successfully saved Open LDAP settings
332    Click Element  ${xpath_refresh_button}
333    Wait Until Page Contains Element  ${xpath_ldap_heading}
334
335
336Login BMC And Navigate To LDAP Page
337    [Documentation]  Login BMC and navigate to ldap page.
338    [Arguments]  ${username}=${OPENBMC_USERNAME}  ${password}=${OPENBMC_PASSWORD}
339
340    # Description of argument(s):
341    # username  The username to be used for login.
342    # password  The password to be used for login.
343
344    Login GUI  ${username}  ${password}
345    # Navigate to https://xx.xx.xx.xx/#/security-and-access/ldap  LDAP page.
346    Click Element  ${xpath_secuity_and_accesss_menu}
347    Click Element  ${xpath_ldap_sub_menu}
348    Wait Until Keyword Succeeds  30 sec  10 sec  Location Should Contain  ldap
349
350
351Update LDAP User Role And Read Network Configuration Via GUI
352    [Documentation]  Update LDAP user role and read network configuration via GUI.
353    [Arguments]  ${group_name}  ${user_role}  ${valid_status_codes}
354    [Teardown]  Run Keywords  Logout GUI  AND  Login BMC And Navigate To LDAP Page
355    ...  AND  Delete LDAP Role Group  ${group_name}
356
357    # Description of argument(s):
358    # group_privilege    The group privilege ("Administrator", "Operator", "ReadOnly" or "NoAccess").
359    # group_name         The group name of user.
360    # valid_status_code  The expected valid status code.
361
362
363    Update LDAP Configuration with LDAP User Role And Group  ${group_name}  ${user_role}
364    Logout GUI
365    Login GUI  ${LDAP_USER}  ${LDAP_USER_PASSWORD}
366    Redfish.Login  ${LDAP_USER}  ${LDAP_USER_PASSWORD}
367
368    Click Element  ${xpath_server_configuration}
369    Click Element  ${xpath_select_network_settings}
370    Wait Until Keyword Succeeds  30 sec  10 sec  Location Should Contain  network-settings
371
372    ${resp}=  Redfish.Get  ${REDFISH_NW_ETH0_URI}  valid_status_codes=[${valid_status_codes}]
373    Return From Keyword If  ${valid_status_codes} == ${HTTP_FORBIDDEN}
374
375    ${host_name}=  Redfish.Get Attribute  ${REDFISH_NW_PROTOCOL_URI}  HostName
376    Textfield Value Should Be  ${xpath_hostname_input}  ${host_name}
377
378    ${mac_address}=  Redfish.Get Attribute  ${REDFISH_NW_ETH0_URI}  MACAddress
379    Textfield Value Should Be  ${xpath_mac_address_input}  ${mac_address}
380
381