1*** Settings *** 2Documentation Test Redfish LDAP user configuration. 3 4Library ../../lib/gen_robot_valid.py 5Resource ../../lib/resource.robot 6Resource ../../lib/bmc_redfish_resource.robot 7Resource ../../lib/openbmc_ffdc.robot 8Library ../../lib/gen_robot_valid.py 9Resource ../../lib/bmc_network_utils.robot 10 11Suite Setup Suite Setup Execution 12Suite Teardown Run Keywords Restore LDAP Privilege AND Redfish.Logout 13Test Teardown FFDC On Test Case Fail 14 15Force Tags LDAP_Test 16 17*** Variables *** 18${old_ldap_privilege} ${EMPTY} 19&{old_account_service} &{EMPTY} 20&{old_ldap_config} &{EMPTY} 21${hostname} ${EMPTY} 22${test_ip} 10.6.6.6 23${test_mask} 255.255.255.0 24 25** Test Cases ** 26 27Verify LDAP Configuration Created 28 [Documentation] Verify that LDAP configuration created. 29 [Tags] Verify_LDAP_Configuration_Created 30 31 Create LDAP Configuration 32 # Call 'Get LDAP Configuration' to verify that LDAP configuration exists. 33 Get LDAP Configuration ${LDAP_TYPE} 34 Sleep 10s 35 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD} 36 Redfish.Logout 37 Redfish.Login 38 39 40Verify LDAP Service Disable 41 [Documentation] Verify that LDAP is disabled and that LDAP user cannot 42 ... login. 43 [Tags] Verify_LDAP_Service_Disable 44 45 Redfish.Patch ${REDFISH_BASE_URI}AccountService 46 ... body={'${LDAP_TYPE}': {'ServiceEnabled': ${False}}} 47 Sleep 15s 48 ${resp}= Run Keyword And Return Status Redfish.Login ${LDAP_USER} 49 ... ${LDAP_USER_PASSWORD} 50 Should Be Equal ${resp} ${False} 51 ... msg=LDAP user was able to login even though the LDAP service was disabled. 52 Redfish.Logout 53 Redfish.Login 54 # Enabling LDAP so that LDAP user works. 55 Redfish.Patch ${REDFISH_BASE_URI}AccountService 56 ... body={'${LDAP_TYPE}': {'ServiceEnabled': ${True}}} 57 Redfish.Logout 58 Redfish.Login 59 60 61Verify LDAP Login With ServiceEnabled 62 [Documentation] Verify that LDAP Login with ServiceEnabled. 63 [Tags] Verify_LDAP_Login_With_ServiceEnabled 64 65 Disable Other LDAP 66 # Actual service enablement. 67 Redfish.Patch ${REDFISH_BASE_URI}AccountService 68 ... body={'${LDAP_TYPE}': {'ServiceEnabled': ${True}}} 69 Sleep 15s 70 # After update, LDAP login. 71 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD} 72 Redfish.Logout 73 Redfish.Login 74 75 76Verify LDAP Login With Correct AuthenticationType 77 [Documentation] Verify that LDAP Login with right AuthenticationType. 78 [Tags] Verify_LDAP_Login_With_Correct_AuthenticationType 79 80 Redfish.Patch ${REDFISH_BASE_URI}AccountService 81 ... body={'${ldap_type}': {'Authentication': {'AuthenticationType':'UsernameAndPassword'}}} 82 Sleep 15s 83 # After update, LDAP login. 84 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD} 85 Redfish.Logout 86 Redfish.Login 87 88 89Verify LDAP Config Update With Incorrect AuthenticationType 90 [Documentation] Verify that invalid AuthenticationType is not updated. 91 [Tags] Verify_LDAP_Update_With_Incorrect_AuthenticationType 92 93 ${body}= Catenate {'${ldap_type}': {'Authentication': {'AuthenticationType':'KerberosKeytab'}}} 94 95 Redfish.Patch ${REDFISH_BASE_URI}AccountService 96 ... body=${body} valid_status_codes=[400] 97 98 99Verify LDAP Login With Correct LDAP URL 100 [Documentation] Verify LDAP Login with right LDAP URL. 101 [Tags] Verify_LDAP_Login_With_Correct_LDAP_URL 102 103 Config LDAP URL ${LDAP_SERVER_URI} 104 105 106Verify LDAP Config Update With Incorrect LDAP URL 107 [Documentation] Verify that LDAP Login fails with invalid LDAP URL. 108 [Tags] Verify_LDAP_Config_Update_With_Incorrect_LDAP_URL 109 [Teardown] Run Keywords Restore LDAP URL AND 110 ... FFDC On Test Case Fail 111 112 Config LDAP URL ldap://1.2.3.4/ ${FALSE} 113 114Verify LDAP Configuration Exist 115 [Documentation] Verify that LDAP configuration is available. 116 [Tags] Verify_LDAP_Configuration_Exist 117 118 ${resp}= Redfish.Get Attribute ${REDFISH_BASE_URI}AccountService 119 ... ${LDAP_TYPE} default=${EMPTY} 120 Should Not Be Empty ${resp} msg=LDAP configuration is not defined. 121 122 123Verify LDAP User Login 124 [Documentation] Verify that LDAP user able to login into BMC. 125 [Tags] Verify_LDAP_User_Login 126 127 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD} 128 Redfish.Logout 129 Redfish.Login 130 131 132Verify LDAP Service Available 133 [Documentation] Verify that LDAP service is available. 134 [Tags] Verify_LDAP_Service_Available 135 136 @{ldap_configuration}= Get LDAP Configuration ${LDAP_TYPE} 137 Should Contain ${ldap_configuration} LDAPService 138 ... msg=LDAPService is not available. 139 140 141Verify LDAP Login Works After BMC Reboot 142 [Documentation] Verify that LDAP login works after BMC reboot. 143 [Tags] Verify_LDAP_Login_Works_After_BMC_Reboot 144 145 Redfish OBMC Reboot (off) 146 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD} 147 Redfish.Logout 148 Redfish.Login 149 150 151Verify LDAP User With Admin Privilege Able To Do BMC Reboot 152 [Documentation] Verify that LDAP user with administrator privilege able to do BMC reboot. 153 [Tags] Verify_LDAP_User_With_Admin_Privilege_Able_To_Do_BMC_Reboot 154 155 156 Update LDAP Configuration with LDAP User Role And Group ${LDAP_TYPE} 157 ... ${GROUP_PRIVILEGE} ${GROUP_NAME} 158 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD} 159 # With LDAP user and with right privilege trying to do BMC reboot. 160 Redfish OBMC Reboot (off) 161 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD} 162 Redfish.Logout 163 Redfish.Login 164 165 166Verify LDAP User With Operator Privilege Able To Do Host Poweroff 167 [Documentation] Verify that LDAP user with operator privilege can do host 168 ... power off. 169 [Tags] Verify_LDAP_User_With_Operator_Privilege_Able_To_Do_Host_Poweroff 170 [Teardown] Restore LDAP Privilege 171 172 Update LDAP Configuration with LDAP User Role And Group ${LDAP_TYPE} 173 ... Operator ${GROUP_NAME} 174 175 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD} 176 # Verify that the LDAP user with operator privilege is able to power the system off. 177 Redfish.Post ${REDFISH_POWER_URI} 178 ... body={'ResetType': 'ForceOff'} valid_status_codes=[200] 179 Redfish.Logout 180 Redfish.Login 181 182 183Verify AccountLockout Attributes Set To Zero 184 [Documentation] Verify that attribute AccountLockoutDuration and 185 ... AccountLockoutThreshold are set to 0. 186 [Teardown] Run Keywords Restore AccountLockout Attributes AND 187 ... FFDC On Test Case Fail 188 [Tags] Verify_AccountLockout_Attributes_Set_To_Zero 189 190 ${old_account_service}= Redfish.Get Properties 191 ... ${REDFISH_BASE_URI}AccountService 192 Rprint Vars old_account_service 193 Redfish.Patch ${REDFISH_BASE_URI}AccountService 194 ... body=[('AccountLockoutDuration', 0)] 195 Redfish.Patch ${REDFISH_BASE_URI}AccountService 196 ... body=[('AccountLockoutThreshold', 0)] 197 198 199Verify LDAP User With Read Privilege Able To Check Inventory 200 [Documentation] Verify that LDAP user with read privilege able to 201 ... read firmware inventory. 202 [Tags] Verify_LDAP_User_With_Read_Privilege_Able_To_Check_Inventory 203 [Teardown] Run Keywords FFDC On Test Case Fail AND Restore LDAP Privilege 204 [Template] Set Read Privilege And Check Firmware Inventory 205 206 ReadOnly 207 208 209Verify LDAP User With Read Privilege Should Not Do Host Poweron 210 [Documentation] Verify that LDAP user with read privilege should not be 211 ... allowed to power on the host. 212 [Tags] Verify_LDAP_User_With_Read_Privilege_Should_Not_Do_Host_Poweron 213 [Teardown] Run Keywords FFDC On Test Case Fail AND Restore LDAP Privilege 214 [Template] Set Read Privilege And Check Poweron 215 216 ReadOnly 217 218 219Update LDAP Group Name And Verify Operations 220 [Documentation] Verify that LDAP group name update and able to do right 221 ... operations. 222 [Tags] Update_LDAP_Group_Name_And_Verify_Operations 223 [Template] Update LDAP Config And Verify Set Host Name 224 [Teardown] Restore LDAP Privilege 225 226 # group_name group_privilege valid_status_codes 227 ${GROUP_NAME} Administrator [${HTTP_OK}] 228 ${GROUP_NAME} Operator [${HTTP_UNAUTHORIZED}, ${HTTP_FORBIDDEN}] 229 ${GROUP_NAME} ReadOnly [${HTTP_UNAUTHORIZED}, ${HTTP_FORBIDDEN}] 230 ${GROUP_NAME} NoAccess [${HTTP_UNAUTHORIZED}, ${HTTP_FORBIDDEN}] 231 Invalid_LDAP_Group_Name Administrator [${HTTP_UNAUTHORIZED}, ${HTTP_FORBIDDEN}] 232 Invalid_LDAP_Group_Name Operator [${HTTP_UNAUTHORIZED}, ${HTTP_FORBIDDEN}] 233 Invalid_LDAP_Group_Name ReadOnly [${HTTP_UNAUTHORIZED}, ${HTTP_FORBIDDEN}] 234 Invalid_LDAP_Group_Name NoAccess [${HTTP_UNAUTHORIZED}, ${HTTP_FORBIDDEN}] 235 236 237Verify LDAP BaseDN Update And LDAP Login 238 [Documentation] Update LDAP BaseDN of LDAP configuration and verify 239 ... that LDAP login works. 240 [Tags] Verify_LDAP_BaseDN_Update_And_LDAP_Login 241 242 243 ${body}= Catenate {'${LDAP_TYPE}': { 'LDAPService': {'SearchSettings': 244 ... {'BaseDistinguishedNames': ['${LDAP_BASE_DN}']}}}} 245 Redfish.Patch ${REDFISH_BASE_URI}AccountService body=${body} 246 Sleep 15s 247 Redfish Verify LDAP Login 248 249 250Verify LDAP BindDN Update And LDAP Login 251 [Documentation] Update LDAP BindDN of LDAP configuration and verify 252 ... that LDAP login works. 253 [Tags] Verify_LDAP_BindDN_Update_And_LDAP_Login 254 255 ${body}= Catenate {'${LDAP_TYPE}': { 'Authentication': 256 ... {'AuthenticationType':'UsernameAndPassword', 'Username': 257 ... '${LDAP_BIND_DN}'}}} 258 Redfish.Patch ${REDFISH_BASE_URI}AccountService body=${body} 259 Sleep 15s 260 Redfish Verify LDAP Login 261 262 263Verify LDAP BindDN Password Update And LDAP Login 264 [Documentation] Update LDAP BindDN password of LDAP configuration and 265 ... verify that LDAP login works. 266 [Tags] Verify_LDAP_BindDN_Passsword_Update_And_LDAP_Login 267 268 269 ${body}= Catenate {'${LDAP_TYPE}': { 'Authentication': 270 ... {'AuthenticationType':'UsernameAndPassword', 'Password': 271 ... '${LDAP_BIND_DN_PASSWORD}'}}} 272 Redfish.Patch ${REDFISH_BASE_URI}AccountService body=${body} 273 Sleep 15s 274 Redfish Verify LDAP Login 275 276 277Verify LDAP Type Update And LDAP Login 278 [Documentation] Update LDAP type of LDAP configuration and verify 279 ... that LDAP login works. 280 [Tags] Verify_LDAP_Type_Update_And_LDAP_Login 281 282 Disable Other LDAP 283 Redfish.Patch ${REDFISH_BASE_URI}AccountService 284 ... body={'${LDAP_TYPE}': {'ServiceEnabled': ${True}}} 285 Sleep 15s 286 Redfish Verify LDAP Login 287 288 289Verify Authorization With Null Privilege 290 [Documentation] Verify the failure of LDAP authorization with empty 291 ... privilege. 292 [Tags] Verify_LDAP_Authorization_With_Null_Privilege 293 [Teardown] Restore LDAP Privilege 294 295 Update LDAP Config And Verify Set Host Name ${GROUP_NAME} ${EMPTY} 296 ... [${HTTP_FORBIDDEN}] 297 298 299Verify Authorization With Invalid Privilege 300 [Documentation] Verify that LDAP user authorization with wrong privilege 301 ... fails. 302 [Tags] Verify_LDAP_Authorization_With_Invalid_Privilege 303 [Teardown] Restore LDAP Privilege 304 305 Update LDAP Config And Verify Set Host Name ${GROUP_NAME} 306 ... Invalid_Privilege [${HTTP_FORBIDDEN}] 307 308 309Verify LDAP Login With Invalid Data 310 [Documentation] Verify that LDAP login with Invalid LDAP data and 311 ... right LDAP user fails. 312 [Tags] Verify_LDAP_Login_With_Invalid_Data 313 [Teardown] Run Keywords FFDC On Test Case Fail AND 314 ... Create LDAP Configuration 315 316 Create LDAP Configuration ${LDAP_TYPE} Invalid_LDAP_Server_URI 317 ... Invalid_LDAP_BIND_DN LDAP_BIND_DN_PASSWORD 318 ... Invalid_LDAP_BASE_DN 319 Sleep 15s 320 Redfish Verify LDAP Login ${False} 321 322 323Verify LDAP Config Creation Without BASE_DN 324 [Documentation] Verify that LDAP login with LDAP configuration 325 ... created without BASE_DN fails. 326 [Tags] Verify_LDAP_Config_Creation_Without_BASE_DN 327 [Teardown] Run Keywords FFDC On Test Case Fail AND 328 ... Create LDAP Configuration 329 330 Create LDAP Configuration ${LDAP_TYPE} Invalid_LDAP_Server_URI 331 ... Invalid_LDAP_BIND_DN LDAP_BIND_DN_PASSWORD ${EMPTY} 332 Sleep 15s 333 Redfish Verify LDAP Login ${False} 334 335 336Verify LDAP Authentication Without Password 337 [Documentation] Verify that LDAP user authentication without LDAP 338 ... user password fails. 339 [Tags] Verify_LDAP_Authentication_Without_Password 340 [Teardown] Run Keywords Redfish.Logout AND Redfish.Login 341 342 ${status}= Run Keyword And Return Status Redfish.Login ${LDAP_USER} 343 Valid Value status [${False}] 344 345 346Verify LDAP Login With Invalid BASE_DN 347 [Documentation] Verify that LDAP login with invalid BASE_DN and 348 ... valid LDAP user fails. 349 [Tags] Verify_LDAP_Login_With_Invalid_BASE_DN 350 [Teardown] Run Keywords FFDC On Test Case Fail AND 351 ... Create LDAP Configuration 352 353 Create LDAP Configuration ${LDAP_TYPE} ${LDAP_SERVER_URI} 354 ... ${LDAP_BIND_DN} ${LDAP_BIND_DN_PASSWORD} Invalid_LDAP_BASE_DN 355 Sleep 15s 356 Redfish Verify LDAP Login ${False} 357 358 359Verify LDAP Login With Invalid BIND_DN_PASSWORD 360 [Documentation] Verify that LDAP login with invalid BIND_DN_PASSWORD and 361 ... valid LDAP user fails. 362 [Tags] Verify_LDAP_Login_With_Invalid_BIND_DN_PASSWORD 363 [Teardown] Run Keywords FFDC On Test Case Fail AND 364 ... Create LDAP Configuration 365 366 Create LDAP Configuration ${LDAP_TYPE} ${LDAP_SERVER_URI} 367 ... ${LDAP_BIND_DN} INVALID_LDAP_BIND_DN_PASSWORD ${LDAP_BASE_DN} 368 Sleep 15s 369 Redfish Verify LDAP Login ${False} 370 371 372Verify LDAP Login With Invalid BASE_DN And Invalid BIND_DN 373 [Documentation] Verify that LDAP login with invalid BASE_DN and invalid 374 ... BIND_DN and valid LDAP user fails. 375 [Tags] Verify_LDAP_Login_With_Invalid_BASE_DN_And_Invalid_BIND_DN 376 [Teardown] Run Keywords FFDC On Test Case Fail AND 377 ... Create LDAP Configuration 378 379 Create LDAP Configuration ${LDAP_TYPE} ${LDAP_SERVER_URI} 380 ... INVALID_LDAP_BIND_DN ${LDAP_BIND_DN_PASSWORD} INVALID_LDAP_BASE_DN 381 Sleep 15s 382 Redfish Verify LDAP Login ${False} 383 384 385Verify Group Name And Group Privilege Able To Modify 386 [Documentation] Verify that LDAP group name and group privilege able to 387 ... modify. 388 [Tags] Verify_Group_Name_And_Group_Privilege_Able_To_Modify 389 [Setup] Update LDAP Configuration with LDAP User Role And Group 390 ... ${LDAP_TYPE} Operator ${GROUP_NAME} 391 392 Update LDAP Configuration with LDAP User Role And Group ${LDAP_TYPE} 393 ... Administrator ${GROUP_NAME} 394 395 396Verify LDAP Login With Invalid BIND_DN 397 [Documentation] Verify that LDAP login with invalid BIND_DN and 398 ... valid LDAP user fails. 399 [Tags] Verify_LDAP_Login_With_Invalid_BIND_DN 400 [Teardown] Run Keywords FFDC On Test Case Fail AND 401 ... Create LDAP Configuration 402 403 Create LDAP Configuration ${LDAP_TYPE} ${LDAP_SERVER_URI} 404 ... Invalid_LDAP_BIND_DN ${LDAP_BIND_DN_PASSWORD} ${LDAP_BASE_DN} 405 Sleep 15s 406 Redfish Verify LDAP Login ${False} 407 408 409Verify LDAP Authentication With Invalid LDAP User 410 [Documentation] Verify that LDAP user authentication for user not exist 411 ... in LDAP server and fails. 412 [Tags] Verify_LDAP_Authentication_With_Invalid_LDAP_User 413 414 ${status}= Run Keyword And Return Status Redfish.Login INVALID_LDAP_USER 415 ... ${LDAP_USER_PASSWORD} 416 Valid Value status [${False}] 417 418 419Update LDAP User Roles And Verify Host Poweroff Operation 420 [Documentation] Update LDAP user roles and verify host poweroff operation. 421 [Tags] Update_LDAP_User_Roles_And_Verify_Host_Poweroff_Operation 422 [Teardown] Restore LDAP Privilege 423 424 [Template] Update LDAP User Role And Host Poweroff 425 # ldap_type group_privilege group_name valid_status_codes 426 427 # Verify LDAP user with NoAccess privilege not able to do host poweroff. 428 ${LDAP_TYPE} NoAccess ${GROUP_NAME} ${HTTP_FORBIDDEN} 429 430 # Verify LDAP user with ReadOnly privilege not able to do host poweroff. 431 ${LDAP_TYPE} ReadOnly ${GROUP_NAME} ${HTTP_FORBIDDEN} 432 433 # Verify LDAP user with Operator privilege able to do host poweroff. 434 ${LDAP_TYPE} Operator ${GROUP_NAME} ${HTTP_OK} 435 436 # Verify LDAP user with Administrator privilege able to do host poweroff. 437 ${LDAP_TYPE} Administrator ${GROUP_NAME} ${HTTP_OK} 438 439 440Update LDAP User Roles And Verify Host Poweron Operation 441 [Documentation] Update LDAP user roles and verify host poweron operation. 442 [Tags] Update_LDAP_User_Roles_And_Verify_Host_Poweron_Operation 443 [Teardown] Restore LDAP Privilege 444 445 [Template] Update LDAP User Role And Host Poweron 446 # ldap_type group_privilege group_name valid_status_codes 447 448 # Verify LDAP user with NoAccess privilege not able to do host poweron. 449 ${LDAP_TYPE} NoAccess ${GROUP_NAME} ${HTTP_FORBIDDEN} 450 451 # Verify LDAP user with ReadOnly privilege not able to do host poweron. 452 ${LDAP_TYPE} ReadOnly ${GROUP_NAME} ${HTTP_FORBIDDEN} 453 454 # Verify LDAP user with Operator privilege able to do host poweron. 455 ${LDAP_TYPE} Operator ${GROUP_NAME} ${HTTP_OK} 456 457 # Verify LDAP user with Administrator privilege able to do host poweron. 458 ${LDAP_TYPE} Administrator ${GROUP_NAME} ${HTTP_OK} 459 460 461Configure IP Address Via Different User Roles And Verify 462 [Documentation] Configure IP address via different user roles and verify. 463 [Tags] Configure_IP_Address_Via_Different_User_Roles_And_Verify 464 [Teardown] Restore LDAP Privilege 465 466 [Template] Update LDAP User Role And Configure IP Address 467 # Verify LDAP user with Administrator privilege is able to configure IP address. 468 ${LDAP_TYPE} Administrator ${GROUP_NAME} ${HTTP_OK} 469 470 # Verify LDAP user with ReadOnly privilege is forbidden to configure IP address. 471 ${LDAP_TYPE} ReadOnly ${GROUP_NAME} ${HTTP_FORBIDDEN} 472 473 # Verify LDAP user with NoAccess privilege is forbidden to configure IP address. 474 ${LDAP_TYPE} NoAccess ${GROUP_NAME} ${HTTP_FORBIDDEN} 475 476 # Verify LDAP user with Operator privilege is able to configure IP address. 477 ${LDAP_TYPE} Operator ${GROUP_NAME} ${HTTP_OK} 478 479 480Delete IP Address Via Different User Roles And Verify 481 [Documentation] Delete IP address via different user roles and verify. 482 [Tags] Delete_IP_Address_Via_Different_User_Roles_And_Verify 483 [Teardown] Run Keywords Restore LDAP Privilege AND FFDC On Test Case Fail 484 485 [Template] Update LDAP User Role And Delete IP Address 486 # Verify LDAP user with Administrator privilege is able to delete IP address. 487 ${LDAP_TYPE} Administrator ${GROUP_NAME} ${HTTP_OK} 488 489 # Verify LDAP user with ReadOnly privilege is forbidden to delete IP address. 490 ${LDAP_TYPE} ReadOnly ${GROUP_NAME} ${HTTP_FORBIDDEN} 491 492 # Verify LDAP user with NoAccess privilege is forbidden to delete IP address. 493 ${LDAP_TYPE} NoAccess ${GROUP_NAME} ${HTTP_FORBIDDEN} 494 495 # Verify LDAP user with Operator privilege is able to delete IP address. 496 ${LDAP_TYPE} Operator ${GROUP_NAME} ${HTTP_OK} 497 498 499Read Network Configuration Via Different User Roles And Verify 500 [Documentation] Read network configuration via different user roles and verify. 501 [Tags] Read_Network_configuration_Via_Different_User_Roles_And_Verify 502 [Teardown] Restore LDAP Privilege 503 504 [Template] Update LDAP User Role And Read Network Configuration 505 ${LDAP_TYPE} Administrator ${GROUP_NAME} ${HTTP_OK} 506 507 ${LDAP_TYPE} ReadOnly ${GROUP_NAME} ${HTTP_OK} 508 509 ${LDAP_TYPE} NoAccess ${GROUP_NAME} ${HTTP_FORBIDDEN} 510 511 ${LDAP_TYPE} Operator ${GROUP_NAME} ${HTTP_OK} 512 513 514*** Keywords *** 515 516Redfish Verify LDAP Login 517 [Documentation] LDAP user log into BMC. 518 [Arguments] ${valid_status}=${True} 519 520 # Description of argument(s): 521 # valid_status Expected status of LDAP login ("True" or "False"). 522 523 # According to our repo coding rules, Redfish.Login is to be done in Suite 524 # Setup and Redfish.Logout is to be done in Suite Teardown. For any 525 # deviation from this rule (such as in this keyword), the deviant code 526 # must take steps to restore us to our original logged-in state. 527 528 ${status}= Run Keyword And Return Status Redfish.Login ${LDAP_USER} 529 ... ${LDAP_USER_PASSWORD} 530 Valid Value status [${valid_status}] 531 Redfish.Logout 532 Redfish.Login 533 534 535Update LDAP Config And Verify Set Host Name 536 [Documentation] Update LDAP config and verify by attempting to set host name. 537 [Arguments] ${group_name} ${group_privilege}=Administrator 538 ... ${valid_status_codes}=[${HTTP_OK}] 539 540 # Description of argument(s): 541 # group_name The group name of user. 542 # group_privilege The group privilege ("Administrator", 543 # "Operator", "User" or "Callback"). 544 # valid_status_codes Expected return code(s) from patch 545 # operation (e.g. "200") used to update 546 # HostName. See prolog of rest_request 547 # method in redfish_plut.py for details. 548 Update LDAP Configuration with LDAP User Role And Group ${LDAP_TYPE} 549 ... ${group_privilege} ${group_name} 550 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD} 551 # Verify that the LDAP user in ${group_name} with the given privilege is 552 # allowed to change the hostname. 553 Redfish.Patch ${REDFISH_NW_PROTOCOL_URI} body={'HostName': '${hostname}'} 554 ... valid_status_codes=${valid_status_codes} 555 Redfish.Logout 556 Redfish.Login 557 558 559Disable Other LDAP 560 [Documentation] Disable other LDAP configuration. 561 562 # First disable other LDAP. 563 ${inverse_ldap_type}= Set Variable If '${LDAP_TYPE}' == 'LDAP' ActiveDirectory LDAP 564 Redfish.Patch ${REDFISH_BASE_URI}AccountService 565 ... body={'${inverse_ldap_type}': {'ServiceEnabled': ${False}}} 566 Sleep 15s 567 568 569Create LDAP Configuration 570 [Documentation] Create LDAP configuration. 571 [Arguments] ${ldap_type}=${LDAP_TYPE} ${ldap_server_uri}=${LDAP_SERVER_URI} 572 ... ${ldap_bind_dn}=${LDAP_BIND_DN} ${ldap_bind_dn_password}=${LDAP_BIND_DN_PASSWORD} 573 ... ${ldap_base_dn}=${LDAP_BASE_DN} 574 575 # Description of argument(s): 576 # ldap_type The LDAP type ("ActiveDirectory" or "LDAP"). 577 # ldap_server_uri LDAP server uri (e.g. ldap://XX.XX.XX.XX). 578 # ldap_bind_dn The LDAP bind distinguished name. 579 # ldap_bind_dn_password The LDAP bind distinguished name password. 580 # ldap_base_dn The LDAP base distinguished name. 581 582 ${body}= Catenate {'${ldap_type}': 583 ... {'ServiceEnabled': ${True}, 584 ... 'ServiceAddresses': ['${ldap_server_uri}'], 585 ... 'Authentication': 586 ... {'AuthenticationType': 'UsernameAndPassword', 587 ... 'Username':'${ldap_bind_dn}', 588 ... 'Password': '${ldap_bind_dn_password}'}, 589 ... 'LDAPService': 590 ... {'SearchSettings': 591 ... {'BaseDistinguishedNames': ['${ldap_base_dn}']}}}} 592 593 Redfish.Patch ${REDFISH_BASE_URI}AccountService body=${body} 594 Sleep 15s 595 596 597Config LDAP URL 598 [Documentation] Config LDAP URL. 599 [Arguments] ${ldap_server_uri}=${LDAP_SERVER_URI} ${expected_status}=${TRUE} 600 601 # Description of argument(s): 602 # ldap_server_uri LDAP server uri (e.g. "ldap://XX.XX.XX.XX/"). 603 604 Redfish.Patch ${REDFISH_BASE_URI}AccountService 605 ... body={'${ldap_type}': {'ServiceAddresses': ['${ldap_server_uri}']}} 606 Sleep 15s 607 # After update, LDAP login. 608 ${status}= Run Keyword And Return Status Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD} 609 Valid Value status [${expected_status}] 610 611 Redfish.Logout 612 Redfish.Login 613 614 615Restore LDAP URL 616 [Documentation] Restore LDAP URL. 617 618 # Restoring the working LDAP server uri. 619 Redfish.Patch ${REDFISH_BASE_URI}AccountService 620 ... body={'${ldap_type}': {'ServiceAddresses': ['${LDAP_SERVER_URI}']}} 621 Sleep 15s 622 623 624Restore AccountLockout Attributes 625 [Documentation] Restore AccountLockout Attributes. 626 627 Return From Keyword If &{old_account_service} == &{EMPTY} 628 Redfish.Patch ${REDFISH_BASE_URI}AccountService 629 ... body=[('AccountLockoutDuration', ${old_account_service['AccountLockoutDuration']})] 630 Redfish.Patch ${REDFISH_BASE_URI}AccountService 631 ... body=[('AccountLockoutDuration', ${old_account_service['AccountLockoutThreshold']})] 632 633 634Suite Setup Execution 635 [Documentation] Do suite setup tasks. 636 637 Valid Value LDAP_TYPE valid_values=["ActiveDirectory", "LDAP"] 638 Valid Value LDAP_USER 639 Valid Value LDAP_USER_PASSWORD 640 Valid Value GROUP_PRIVILEGE 641 Valid Value GROUP_NAME 642 Valid Value LDAP_SERVER_URI 643 Valid Value LDAP_BIND_DN_PASSWORD 644 Valid Value LDAP_BIND_DN 645 Valid Value LDAP_BASE_DN 646 647 Redfish.Login 648 # Call 'Get LDAP Configuration' to verify that LDAP configuration exists. 649 Get LDAP Configuration ${LDAP_TYPE} 650 ${old_ldap_privilege}= Get LDAP Privilege 651 Set Suite Variable ${old_ldap_privilege} 652 Disable Other LDAP 653 Create LDAP Configuration 654 ${hostname}= Redfish.Get Attribute ${REDFISH_NW_PROTOCOL_URI} HostName 655 656 657Set Read Privilege And Check Firmware Inventory 658 [Documentation] Set read privilege and check firmware inventory. 659 [Arguments] ${read_privilege} 660 661 # Description of argument(s): 662 # read_privilege The read privilege role (e.g. "User" / "Callback"). 663 664 Update LDAP Configuration with LDAP User Role And Group ${LDAP_TYPE} 665 ... ${read_privilege} ${GROUP_NAME} 666 667 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD} 668 # Verify that the LDAP user with read privilege is able to read inventory. 669 ${resp}= Redfish.Get /redfish/v1/UpdateService/FirmwareInventory 670 Should Be True ${resp.dict["Members@odata.count"]} >= ${1} 671 Length Should Be ${resp.dict["Members"]} ${resp.dict["Members@odata.count"]} 672 Redfish.Logout 673 Redfish.Login 674 675 676Set Read Privilege And Check Poweron 677 [Documentation] Set read privilege and power on should not be possible. 678 [Arguments] ${read_privilege} 679 680 # Description of argument(s): 681 # read_privilege The read privilege role (e.g. "User" / "Callback"). 682 683 Update LDAP Configuration with LDAP User Role And Group ${LDAP_TYPE} 684 ... ${read_privilege} ${GROUP_NAME} 685 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD} 686 Redfish.Post ${REDFISH_POWER_URI} 687 ... body={'ResetType': 'On'} valid_status_codes=[401, 403] 688 Redfish.Logout 689 Redfish.Login 690 691 692Get LDAP Configuration 693 [Documentation] Retrieve LDAP Configuration. 694 [Arguments] ${ldap_type} 695 696 # Description of argument(s): 697 # ldap_type The LDAP type ("ActiveDirectory" or "LDAP"). 698 699 ${ldap_config}= Redfish.Get Properties ${REDFISH_BASE_URI}AccountService 700 [Return] ${ldap_config["${ldap_type}"]} 701 702 703Update LDAP Configuration with LDAP User Role And Group 704 [Documentation] Update LDAP configuration update with LDAP user Role and group. 705 [Arguments] ${ldap_type} ${group_privilege} ${group_name} 706 707 # Description of argument(s): 708 # ldap_type The LDAP type ("ActiveDirectory" or "LDAP"). 709 # group_privilege The group privilege ("Administrator", "Operator", "User" or "Callback"). 710 # group_name The group name of user. 711 712 ${local_role_remote_group}= Create Dictionary LocalRole=${group_privilege} RemoteGroup=${group_name} 713 ${remote_role_mapping}= Create List ${local_role_remote_group} 714 ${ldap_data}= Create Dictionary RemoteRoleMapping=${remote_role_mapping} 715 ${payload}= Create Dictionary ${ldap_type}=${ldap_data} 716 Redfish.Patch ${REDFISH_BASE_URI}AccountService body=&{payload} 717 # Provide adequate time for LDAP daemon to restart after the update. 718 Sleep 15s 719 720 721Get LDAP Privilege 722 [Documentation] Get LDAP privilege and return it. 723 724 ${ldap_config}= Get LDAP Configuration ${LDAP_TYPE} 725 ${num_list_entries}= Get Length ${ldap_config["RemoteRoleMapping"]} 726 Return From Keyword If ${num_list_entries} == ${0} @{EMPTY} 727 728 [Return] ${ldap_config["RemoteRoleMapping"][0]["LocalRole"]} 729 730 731Restore LDAP Privilege 732 [Documentation] Restore the LDAP privilege to its original value. 733 734 Return From Keyword If '${old_ldap_privilege}' == '${EMPTY}' or '${old_ldap_privilege}' == '[]' 735 # Log back in to restore the original privilege. 736 Update LDAP Configuration with LDAP User Role And Group ${LDAP_TYPE} 737 ... ${old_ldap_privilege} ${GROUP_NAME} 738 739 Sleep 18s 740 741 742Update LDAP User Role And Host Poweroff 743 [Documentation] Update LDAP user role and do host poweroff. 744 [Arguments] ${ldap_type} ${group_privilege} ${group_name} ${valid_status_code} 745 [Teardown] Run Keywords Redfish.Logout AND Redfish.Login 746 747 # Description of argument(s): 748 # ldap_type The LDAP type ("ActiveDirectory" or "LDAP"). 749 # group_privilege The group privilege ("Administrator", "Operator", "ReadOnly" or "NoAccess"). 750 # group_name The group name of user. 751 # valid_status_code The expected valid status code. 752 753 Update LDAP Configuration with LDAP User Role And Group ${ldap_type} 754 ... ${group_privilege} ${group_name} 755 756 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD} 757 758 Redfish.Post ${REDFISH_POWER_URI} 759 ... body={'ResetType': 'ForceOff'} valid_status_codes=[${valid_status_code}] 760 761 762Update LDAP User Role And Host Poweron 763 [Documentation] Update LDAP user role and do host poweron. 764 [Arguments] ${ldap_type} ${group_privilege} ${group_name} ${valid_status_code} 765 [Teardown] Run Keywords Redfish.Logout AND Redfish.Login 766 767 # Description of argument(s): 768 # ldap_type The LDAP type ("ActiveDirectory" or "LDAP"). 769 # group_privilege The group privilege ("Administrator", "Operator", "ReadOnly" or "NoAccess"). 770 # group_name The group name of user. 771 # valid_status_code The expected valid status code. 772 773 Update LDAP Configuration with LDAP User Role And Group ${ldap_type} 774 ... ${group_privilege} ${group_name} 775 776 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD} 777 778 Redfish.Post ${REDFISH_POWER_URI} 779 ... body={'ResetType': 'On'} valid_status_codes=[${valid_status_code}] 780 781 782Update LDAP User Role And Configure IP Address 783 [Documentation] Update LDAP user role and configure IP address. 784 [Arguments] ${ldap_type} ${group_privilege} ${group_name} ${valid_status_code}=${HTTP_OK} 785 [Teardown] Run Keywords Redfish.Logout AND Redfish.Login AND Delete IP Address ${test_ip} 786 787 # Description of argument(s): 788 # ldap_type The LDAP type ("ActiveDirectory" or "LDAP"). 789 # group_privilege The group privilege ("Administrator", "Operator", "ReadOnly" or "NoAccess"). 790 # group_name The group name of user. 791 # valid_status_code The expected valid status code. 792 793 Update LDAP Configuration with LDAP User Role And Group ${ldap_type} 794 ... ${group_privilege} ${group_name} 795 796 Redfish.Logout 797 798 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD} 799 800 ${test_gateway}= Get BMC Default Gateway 801 802 Add IP Address ${test_ip} ${test_mask} ${test_gateway} ${valid_status_code} 803 804 805Update LDAP User Role And Delete IP Address 806 [Documentation] Update LDAP user role and delete IP address. 807 [Arguments] ${ldap_type} ${group_privilege} ${group_name} ${valid_status_code}=${HTTP_OK} 808 [Teardown] Run Keywords Redfish.Logout AND Redfish.Login AND Delete IP Address ${test_ip} 809 810 # Description of argument(s): 811 # ldap_type The LDAP type ("ActiveDirectory" or "LDAP"). 812 # group_privilege The group privilege ("Administrator", "Operator", "ReadOnly" or "NoAccess"). 813 # group_name The group name of user. 814 # valid_status_code The expected valid status code. 815 816 ${test_gateway}= Get BMC Default Gateway 817 818 # Configure IP address before deleting via LDAP user roles. 819 Add IP Address ${test_ip} ${test_mask} ${test_gateway} 820 821 Update LDAP Configuration with LDAP User Role And Group ${ldap_type} 822 ... ${group_privilege} ${group_name} 823 824 Redfish.Logout 825 826 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD} 827 828 Delete IP Address ${test_ip} ${valid_status_code} 829 830 831Update LDAP User Role And Read Network Configuration 832 [Documentation] Update LDAP user role and read network configuration. 833 [Arguments] ${ldap_type} ${group_privilege} ${group_name} ${valid_status_code}=${HTTP_OK} 834 [Teardown] Run Keywords Redfish.Logout AND Redfish.Login 835 836 # Description of argument(s): 837 # ldap_type The LDAP type ("ActiveDirectory" or "LDAP"). 838 # group_privilege The group privilege ("Administrator", "Operator", "ReadOnly" or "NoAccess"). 839 # group_name The group name of user. 840 # valid_status_code The expected valid status code. 841 842 Update LDAP Configuration with LDAP User Role And Group ${ldap_type} 843 ... ${group_privilege} ${group_name} 844 845 Redfish.Logout 846 847 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD} 848 Redfish.Get ${REDFISH_NW_ETH0_URI} valid_status_codes=[${valid_status_code}] 849 850