1*** Settings *** 2Documentation Test Redfish LDAP user configuration. 3 4Library ../../lib/gen_robot_valid.py 5Resource ../../lib/bmc_redfish_resource.robot 6Resource ../../lib/utils.robot 7Resource ../../lib/openbmc_ffdc.robot 8Resource ../../lib/bmc_network_utils.robot 9Resource ../../lib/bmc_ldap_utils.robot 10 11Suite Setup Suite Setup Execution 12Suite Teardown LDAP Suite Teardown Execution 13Test Teardown Run Keywords Redfish.Login AND FFDC On Test Case Fail 14Force Tags Ldap_Configuration 15 16*** Variables *** 17${old_ldap_privilege} Administrator 18&{old_account_service} &{EMPTY} 19&{old_ldap_config} &{EMPTY} 20${hostname} ${EMPTY} 21${test_ip} 10.6.6.6 22${test_mask} 255.255.255.0 23 24** Test Cases ** 25 26Verify LDAP Configuration Created 27 [Documentation] Verify that LDAP configuration created. 28 [Tags] Verify_LDAP_Configuration_Created 29 30 Create LDAP Configuration 31 # Call 'Get LDAP Configuration' to verify that LDAP configuration exists. 32 Get LDAP Configuration ${LDAP_TYPE} 33 Sleep 10s 34 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD} 35 Redfish.Logout 36 37 38Verify Redfish LDAP Service Disable 39 [Documentation] Verify that LDAP is disabled and that LDAP user cannot 40 ... login. 41 [Tags] Verify_Redfish_LDAP_Service_Disable 42 43 Redfish.Patch ${REDFISH_BASE_URI}AccountService 44 ... body={'${LDAP_TYPE}': {'ServiceEnabled': ${False}}} 45 Sleep 15s 46 ${resp}= Run Keyword And Return Status Redfish.Login ${LDAP_USER} 47 ... ${LDAP_USER_PASSWORD} 48 Should Be Equal ${resp} ${False} 49 ... msg=LDAP user was able to login even though the LDAP service was disabled. 50 Redfish.Logout 51 Redfish.Login 52 # Enabling LDAP so that LDAP user works. 53 Redfish.Patch ${REDFISH_BASE_URI}AccountService 54 ... body={'${LDAP_TYPE}': {'ServiceEnabled': ${True}}} 55 Redfish.Logout 56 57 58Verify LDAP Login With ServiceEnabled 59 [Documentation] Verify that LDAP Login with ServiceEnabled. 60 [Tags] Verify_LDAP_Login_With_ServiceEnabled 61 62 Disable Other LDAP 63 # Actual service enablement. 64 Redfish.Patch ${REDFISH_BASE_URI}AccountService 65 ... body={'${LDAP_TYPE}': {'ServiceEnabled': ${True}}} 66 Sleep 15s 67 # After update, LDAP login. 68 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD} 69 Redfish.Logout 70 71 72Verify LDAP Login With Correct AuthenticationType 73 [Documentation] Verify that LDAP Login with right AuthenticationType. 74 [Tags] Verify_LDAP_Login_With_Correct_AuthenticationType 75 76 Redfish.Patch ${REDFISH_BASE_URI}AccountService 77 ... body={'${ldap_type}': {'Authentication': {'AuthenticationType':'UsernameAndPassword'}}} 78 Sleep 15s 79 # After update, LDAP login. 80 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD} 81 Redfish.Logout 82 83 84Verify LDAP Config Update With Incorrect AuthenticationType 85 [Documentation] Verify that invalid AuthenticationType is not updated. 86 [Tags] Verify_LDAP_Config_Update_With_Incorrect_AuthenticationType 87 88 ${body}= Catenate {'${ldap_type}': {'Authentication': {'AuthenticationType':'KerberosKeytab'}}} 89 90 Redfish.Patch ${REDFISH_BASE_URI}AccountService 91 ... body=${body} valid_status_codes=[400] 92 93 94Verify LDAP Login With Correct LDAP URL 95 [Documentation] Verify LDAP Login with right LDAP URL. 96 [Tags] Verify_LDAP_Login_With_Correct_LDAP_URL 97 98 Config LDAP URL ${LDAP_SERVER_URI} 99 100 101Verify LDAP Config Update With Incorrect LDAP URL 102 [Documentation] Verify that LDAP Login fails with invalid LDAP URL. 103 [Tags] Verify_LDAP_Config_Update_With_Incorrect_LDAP_URL 104 [Teardown] Run Keywords Restore LDAP URL AND 105 ... FFDC On Test Case Fail 106 107 Config LDAP URL ldap://1.2.3.4/ ${FALSE} 108 109Verify LDAP Configuration Exist 110 [Documentation] Verify that LDAP configuration is available. 111 [Tags] Verify_LDAP_Configuration_Exist 112 113 ${resp}= Redfish.Get Attribute ${REDFISH_BASE_URI}AccountService 114 ... ${LDAP_TYPE} default=${EMPTY} 115 Should Not Be Empty ${resp} msg=LDAP configuration is not defined. 116 117 118Verify LDAP User Login 119 [Documentation] Verify that LDAP user able to login into BMC. 120 [Tags] Verify_LDAP_User_Login 121 122 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD} 123 Redfish.Logout 124 125 126Verify LDAP Service Available 127 [Documentation] Verify that LDAP service is available. 128 [Tags] Verify_LDAP_Service_Available 129 130 @{ldap_configuration}= Get LDAP Configuration ${LDAP_TYPE} 131 Should Contain ${ldap_configuration} LDAPService 132 ... msg=LDAPService is not available. 133 134 135Verify LDAP Login Works After BMC Reboot 136 [Documentation] Verify that LDAP login works after BMC reboot. 137 [Tags] Verify_LDAP_Login_Works_After_BMC_Reboot 138 139 Redfish OBMC Reboot (off) 140 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD} 141 Redfish.Logout 142 143 144Verify LDAP User With Admin Privilege Able To Do BMC Reboot 145 [Documentation] Verify that LDAP user with administrator privilege able to do BMC reboot. 146 [Tags] Verify_LDAP_User_With_Admin_Privilege_Able_To_Do_BMC_Reboot 147 148 149 Update LDAP Configuration with LDAP User Role And Group ${LDAP_TYPE} 150 ... ${GROUP_PRIVILEGE} ${GROUP_NAME} 151 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD} 152 # With LDAP user and with right privilege trying to do BMC reboot. 153 Redfish OBMC Reboot (off) 154 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD} 155 Redfish.Logout 156 157 158Verify LDAP User With Operator Privilege Able To Do Host Poweroff 159 [Documentation] Verify that LDAP user with operator privilege can do host 160 ... power off. 161 [Tags] Verify_LDAP_User_With_Operator_Privilege_Able_To_Do_Host_Poweroff 162 [Teardown] Restore LDAP Privilege 163 164 Update LDAP Configuration with LDAP User Role And Group ${LDAP_TYPE} 165 ... Operator ${GROUP_NAME} 166 167 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD} 168 # Verify that the LDAP user with operator privilege is able to power the system off. 169 Redfish.Post ${REDFISH_POWER_URI} 170 ... body={'ResetType': 'ForceOff'} valid_status_codes=[200] 171 Redfish.Logout 172 Redfish.Login 173 174 175Verify AccountLockout Attributes Set To Zero By LDAP User 176 [Documentation] Verify that attribute AccountLockoutDuration and 177 ... AccountLockoutThreshold are set to 0 by LDAP user. 178 [Teardown] Run Keywords Restore AccountLockout Attributes AND 179 ... FFDC On Test Case Fail 180 [Tags] Verify_AccountLockout_Attributes_Set_To_Zero_By_LDAP_User 181 182 ${old_account_service}= Redfish.Get Properties 183 ... ${REDFISH_BASE_URI}AccountService 184 Rprint Vars old_account_service 185 186 # Create LDAP user and create session using LDAP user. 187 Update LDAP Configuration with LDAP User Role And Group ${LDAP_TYPE} 188 ... Administrator ${GROUP_NAME} 189 190 # Clear existing Redfish sessions. 191 Redfish.Logout 192 193 # Login using LDAP user. 194 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD} 195 196 # Set Account Lockout attributes using LDAP user. 197 Redfish.Patch ${REDFISH_BASE_URI}AccountService 198 ... body=[('AccountLockoutDuration', 0)] 199 Redfish.Patch ${REDFISH_BASE_URI}AccountService 200 ... body=[('AccountLockoutThreshold', 0)] 201 202 203Verify LDAP User With Read Privilege Able To Check Inventory 204 [Documentation] Verify that LDAP user with read privilege able to 205 ... read firmware inventory. 206 [Tags] Verify_LDAP_User_With_Read_Privilege_Able_To_Check_Inventory 207 [Teardown] Run Keywords FFDC On Test Case Fail AND Restore LDAP Privilege 208 [Template] Set Read Privilege And Check Firmware Inventory 209 210 ReadOnly 211 212 213Verify LDAP User With Read Privilege Should Not Do Host Poweron 214 [Documentation] Verify that LDAP user with read privilege should not be 215 ... allowed to power on the host. 216 [Tags] Verify_LDAP_User_With_Read_Privilege_Should_Not_Do_Host_Poweron 217 [Teardown] Run Keywords FFDC On Test Case Fail AND Restore LDAP Privilege 218 [Template] Set Read Privilege And Check Poweron 219 220 ReadOnly 221 222 223Update LDAP Group Name And Verify Operations 224 [Documentation] Verify that LDAP group name update and able to do right 225 ... operations. 226 [Tags] Update_LDAP_Group_Name_And_Verify_Operations 227 [Template] Update LDAP Config And Verify Set Host Name 228 [Teardown] Restore LDAP Privilege 229 230 # group_name group_privilege valid_status_codes 231 ${GROUP_NAME} Administrator [${HTTP_OK}, ${HTTP_NO_CONTENT}] 232 ${GROUP_NAME} Operator [${HTTP_OK}, ${HTTP_NO_CONTENT}] 233 ${GROUP_NAME} ReadOnly [${HTTP_UNAUTHORIZED}, ${HTTP_FORBIDDEN}] 234 Invalid_LDAP_Group_Name Administrator [${HTTP_UNAUTHORIZED}, ${HTTP_FORBIDDEN}] 235 Invalid_LDAP_Group_Name Operator [${HTTP_UNAUTHORIZED}, ${HTTP_FORBIDDEN}] 236 Invalid_LDAP_Group_Name ReadOnly [${HTTP_UNAUTHORIZED}, ${HTTP_FORBIDDEN}] 237 238 239Verify LDAP BaseDN Update And LDAP Login 240 [Documentation] Update LDAP BaseDN of LDAP configuration and verify 241 ... that LDAP login works. 242 [Tags] Verify_LDAP_BaseDN_Update_And_LDAP_Login 243 244 245 ${body}= Catenate {'${LDAP_TYPE}': { 'LDAPService': {'SearchSettings': 246 ... {'BaseDistinguishedNames': ['${LDAP_BASE_DN}']}}}} 247 Redfish.Patch ${REDFISH_BASE_URI}AccountService body=${body} 248 Sleep 15s 249 Redfish Verify LDAP Login 250 251 252Verify LDAP BindDN Update And LDAP Login 253 [Documentation] Update LDAP BindDN of LDAP configuration and verify 254 ... that LDAP login works. 255 [Tags] Verify_LDAP_BindDN_Update_And_LDAP_Login 256 257 ${body}= Catenate {'${LDAP_TYPE}': { 'Authentication': 258 ... {'AuthenticationType':'UsernameAndPassword', 'Username': 259 ... '${LDAP_BIND_DN}'}}} 260 Redfish.Patch ${REDFISH_BASE_URI}AccountService body=${body} 261 Sleep 15s 262 Redfish Verify LDAP Login 263 264 265Verify LDAP BindDN Password Update And LDAP Login 266 [Documentation] Update LDAP BindDN password of LDAP configuration and 267 ... verify that LDAP login works. 268 [Tags] Verify_LDAP_BindDN_Password_Update_And_LDAP_Login 269 270 271 ${body}= Catenate {'${LDAP_TYPE}': { 'Authentication': 272 ... {'AuthenticationType':'UsernameAndPassword', 'Password': 273 ... '${LDAP_BIND_DN_PASSWORD}'}}} 274 Redfish.Patch ${REDFISH_BASE_URI}AccountService body=${body} 275 Sleep 15s 276 Redfish Verify LDAP Login 277 278 279Verify LDAP Type Update And LDAP Login 280 [Documentation] Update LDAP type of LDAP configuration and verify 281 ... that LDAP login works. 282 [Tags] Verify_LDAP_Type_Update_And_LDAP_Login 283 284 Disable Other LDAP 285 Redfish.Patch ${REDFISH_BASE_URI}AccountService 286 ... body={'${LDAP_TYPE}': {'ServiceEnabled': ${True}}} 287 Sleep 15s 288 Redfish Verify LDAP Login 289 290 291Verify LDAP Authorization With Null Privilege 292 [Documentation] Verify the failure of LDAP authorization with empty 293 ... privilege. 294 [Tags] Verify_LDAP_Authorization_With_Null_Privilege 295 [Teardown] Restore LDAP Privilege 296 297 Update LDAP Config And Verify Set Host Name ${GROUP_NAME} ${EMPTY} 298 ... [${HTTP_FORBIDDEN}] 299 300 301Verify LDAP Authorization With Invalid Privilege 302 [Documentation] Verify that LDAP user authorization with wrong privilege 303 ... fails. 304 [Tags] Verify_LDAP_Authorization_With_Invalid_Privilege 305 [Teardown] Restore LDAP Privilege 306 307 Update LDAP Config And Verify Set Host Name ${GROUP_NAME} 308 ... Invalid_Privilege [${HTTP_FORBIDDEN}] 309 310 311Verify LDAP Login With Invalid Data 312 [Documentation] Verify that LDAP login with Invalid LDAP data and 313 ... right LDAP user fails. 314 [Tags] Verify_LDAP_Login_With_Invalid_Data 315 [Teardown] Run Keywords FFDC On Test Case Fail AND 316 ... Redfish.Login AND 317 ... Create LDAP Configuration 318 319 Create LDAP Configuration ${LDAP_TYPE} Invalid_LDAP_Server_URI 320 ... Invalid_LDAP_BIND_DN LDAP_BIND_DN_PASSWORD 321 ... Invalid_LDAP_BASE_DN 322 Sleep 15s 323 Redfish Verify LDAP Login ${False} 324 325 326Verify LDAP Config Creation Without BASE DN 327 [Documentation] Verify that LDAP login with LDAP configuration 328 ... created without BASE_DN fails. 329 [Tags] Verify_LDAP_Config_Creation_Without_BASE_DN 330 [Teardown] Run Keywords FFDC On Test Case Fail AND 331 ... Redfish.Login AND 332 ... Create LDAP Configuration 333 334 Create LDAP Configuration ${LDAP_TYPE} Invalid_LDAP_Server_URI 335 ... Invalid_LDAP_BIND_DN LDAP_BIND_DN_PASSWORD ${EMPTY} 336 Sleep 15s 337 Redfish Verify LDAP Login ${False} 338 339 340Verify LDAP Authentication Without Password 341 [Documentation] Verify that LDAP user authentication without LDAP 342 ... user password fails. 343 [Tags] Verify_LDAP_Authentication_Without_Password 344 [Teardown] Run Keywords Redfish.Logout AND Redfish.Login 345 346 ${status}= Run Keyword And Return Status Redfish.Login ${LDAP_USER} 347 Valid Value status [${False}] 348 349 350Verify LDAP Login With Invalid BASE DN 351 [Documentation] Verify that LDAP login with invalid BASE_DN and 352 ... valid LDAP user fails. 353 [Tags] Verify_LDAP_Login_With_Invalid_BASE_DN 354 [Teardown] Run Keywords FFDC On Test Case Fail AND 355 ... Redfish.Login AND 356 ... Create LDAP Configuration 357 358 Create LDAP Configuration ${LDAP_TYPE} ${LDAP_SERVER_URI} 359 ... ${LDAP_BIND_DN} ${LDAP_BIND_DN_PASSWORD} Invalid_LDAP_BASE_DN 360 Sleep 15s 361 Redfish Verify LDAP Login ${False} 362 363 364Verify LDAP Login With Invalid BIND_DN_PASSWORD 365 [Documentation] Verify that LDAP login with invalid BIND_DN_PASSWORD and 366 ... valid LDAP user fails. 367 [Tags] Verify_LDAP_Login_With_Invalid_BIND_DN_PASSWORD 368 [Teardown] Run Keywords FFDC On Test Case Fail AND 369 ... Redfish.Login AND 370 ... Create LDAP Configuration 371 372 Create LDAP Configuration ${LDAP_TYPE} ${LDAP_SERVER_URI} 373 ... ${LDAP_BIND_DN} INVALID_LDAP_BIND_DN_PASSWORD ${LDAP_BASE_DN} 374 Sleep 15s 375 Redfish Verify LDAP Login ${False} 376 377 378Verify LDAP Login With Invalid BASE DN And Invalid BIND DN 379 [Documentation] Verify that LDAP login with invalid BASE_DN and invalid 380 ... BIND_DN and valid LDAP user fails. 381 [Tags] Verify_LDAP_Login_With_Invalid_BASE_DN_And_Invalid_BIND_DN 382 [Teardown] Run Keywords FFDC On Test Case Fail AND 383 ... Redfish.Login AND 384 ... Create LDAP Configuration 385 386 Create LDAP Configuration ${LDAP_TYPE} ${LDAP_SERVER_URI} 387 ... INVALID_LDAP_BIND_DN ${LDAP_BIND_DN_PASSWORD} INVALID_LDAP_BASE_DN 388 Sleep 15s 389 Redfish Verify LDAP Login ${False} 390 391 392Verify Group Name And Group Privilege Able To Modify 393 [Documentation] Verify that LDAP group name and group privilege able to 394 ... modify. 395 [Tags] Verify_Group_Name_And_Group_Privilege_Able_To_Modify 396 [Setup] Update LDAP Configuration with LDAP User Role And Group 397 ... ${LDAP_TYPE} Operator ${GROUP_NAME} 398 399 Update LDAP Configuration with LDAP User Role And Group ${LDAP_TYPE} 400 ... Administrator ${GROUP_NAME} 401 402 403Verify LDAP Login With Invalid BIND DN 404 [Documentation] Verify that LDAP login with invalid BIND_DN and 405 ... valid LDAP user fails. 406 [Tags] Verify_LDAP_Login_With_Invalid_BIND_DN 407 [Teardown] Run Keywords FFDC On Test Case Fail AND 408 ... Redfish.Login AND 409 ... Create LDAP Configuration 410 411 Create LDAP Configuration ${LDAP_TYPE} ${LDAP_SERVER_URI} 412 ... Invalid_LDAP_BIND_DN ${LDAP_BIND_DN_PASSWORD} ${LDAP_BASE_DN} 413 Sleep 15s 414 Redfish Verify LDAP Login ${False} 415 416 417Verify LDAP Authentication With Invalid LDAP User 418 [Documentation] Verify that LDAP user authentication for user not exist 419 ... in LDAP server and fails. 420 [Tags] Verify_LDAP_Authentication_With_Invalid_LDAP_User 421 [Teardown] Run Keywords Redfish.Logout AND Redfish.Login 422 423 ${status}= Run Keyword And Return Status Redfish.Login INVALID_LDAP_USER 424 ... ${LDAP_USER_PASSWORD} 425 Valid Value status [${False}] 426 427 428Update LDAP User Roles And Verify Host Poweroff Operation 429 [Documentation] Update LDAP user roles and verify host poweroff operation. 430 [Tags] Update_LDAP_User_Roles_And_Verify_Host_Poweroff_Operation 431 [Teardown] Restore LDAP Privilege 432 433 [Template] Update LDAP User Role And Host Poweroff 434 # ldap_type group_privilege group_name valid_status_codes 435 436 # Verify LDAP user with ReadOnly privilege not able to do host poweroff. 437 ${LDAP_TYPE} ReadOnly ${GROUP_NAME} ${HTTP_FORBIDDEN} 438 439 # Verify LDAP user with Operator privilege able to do host poweroff. 440 ${LDAP_TYPE} Operator ${GROUP_NAME} ${HTTP_OK} 441 442 # Verify LDAP user with Administrator privilege able to do host poweroff. 443 ${LDAP_TYPE} Administrator ${GROUP_NAME} ${HTTP_OK} 444 445 446Update LDAP User Roles And Verify Host Poweron Operation 447 [Documentation] Update LDAP user roles and verify host poweron operation. 448 [Tags] Update_LDAP_User_Roles_And_Verify_Host_Poweron_Operation 449 [Teardown] Restore LDAP Privilege 450 451 [Template] Update LDAP User Role And Host Poweron 452 # ldap_type group_privilege group_name valid_status_codes 453 454 # Verify LDAP user with ReadOnly privilege not able to do host poweron. 455 ${LDAP_TYPE} ReadOnly ${GROUP_NAME} ${HTTP_FORBIDDEN} 456 457 # Verify LDAP user with Operator privilege able to do host poweron. 458 ${LDAP_TYPE} Operator ${GROUP_NAME} ${HTTP_OK} 459 460 # Verify LDAP user with Administrator privilege able to do host poweron. 461 ${LDAP_TYPE} Administrator ${GROUP_NAME} ${HTTP_OK} 462 463 464Configure IP Address Via Different User Roles And Verify 465 [Documentation] Configure IP address via different user roles and verify. 466 [Tags] Configure_IP_Address_Via_Different_User_Roles_And_Verify 467 [Teardown] Restore LDAP Privilege 468 469 [Template] Update LDAP User Role And Configure IP Address 470 # Verify LDAP user with Administrator privilege is able to configure IP address. 471 ${LDAP_TYPE} Administrator ${GROUP_NAME} ${HTTP_OK} 472 473 # Verify LDAP user with ReadOnly privilege is forbidden to configure IP address. 474 ${LDAP_TYPE} ReadOnly ${GROUP_NAME} ${HTTP_FORBIDDEN} 475 476 # Verify LDAP user with Operator privilege is able to configure IP address. 477 ${LDAP_TYPE} Operator ${GROUP_NAME} ${HTTP_FORBIDDEN} 478 479 480Delete IP Address Via Different User Roles And Verify 481 [Documentation] Delete IP address via different user roles and verify. 482 [Tags] Delete_IP_Address_Via_Different_User_Roles_And_Verify 483 [Teardown] Run Keywords Restore LDAP Privilege AND FFDC On Test Case Fail 484 485 [Template] Update LDAP User Role And Delete IP Address 486 # Verify LDAP user with Administrator privilege is able to delete IP address. 487 ${LDAP_TYPE} Administrator ${GROUP_NAME} ${HTTP_OK} 488 489 # Verify LDAP user with ReadOnly privilege is forbidden to delete IP address. 490 ${LDAP_TYPE} ReadOnly ${GROUP_NAME} ${HTTP_FORBIDDEN} 491 492 # Verify LDAP user with Operator privilege is able to delete IP address. 493 ${LDAP_TYPE} Operator ${GROUP_NAME} ${HTTP_FORBIDDEN} 494 495 496Read Network Configuration Via Different User Roles And Verify 497 [Documentation] Read network configuration via different user roles and verify. 498 [Tags] Read_Network_Configuration_Via_Different_User_Roles_And_Verify 499 [Teardown] Restore LDAP Privilege 500 501 [Template] Update LDAP User Role And Read Network Configuration 502 ${LDAP_TYPE} Administrator ${GROUP_NAME} ${HTTP_OK} 503 504 ${LDAP_TYPE} ReadOnly ${GROUP_NAME} ${HTTP_OK} 505 506 ${LDAP_TYPE} Operator ${GROUP_NAME} ${HTTP_OK} 507 508Switch LDAP Type And Verify Login Fails 509 [Documentation] Switch LDAP type and verify login fails. 510 [Tags] Switch_LDAP_Type_And_Verify_Login_Fails 511 512 # Check Login with LDAP Type is working 513 Create LDAP Configuration 514 Redfish Verify LDAP Login 515 516 # Disable the LDAP Type from OpenLDAP to ActiveDirectory or vice-versa 517 Redfish.Patch ${REDFISH_BASE_URI}AccountService 518 ... body={'${LDAP_TYPE}': {'ServiceEnabled': ${False}}} 519 520 # Enable the inverse LDAP type 521 Disable Other LDAP ${True} 522 Create LDAP Configuration ${LDAP_TYPE_1} ${LDAP_SERVER_URI_1} ${LDAP_BIND_DN_1} ${LDAP_BIND_DN_PASSWORD_1} ${LDAP_BASE_DN_1} 523 Redfish.Logout 524 Sleep 10s 525 526 # Check if Login works via Inverse LDAP 527 Redfish.Login ${LDAP_USER_1} ${LDAP_USER_PASSWORD_1} 528 Redfish.Logout 529 Sleep 10s 530 531 # Login using LDAP type must fail 532 Redfish Verify LDAP Login ${False} 533 Redfish.Logout 534 535*** Keywords *** 536 537Redfish Verify LDAP Login 538 [Documentation] LDAP user log into BMC. 539 [Arguments] ${valid_status}=${True} 540 541 # Description of argument(s): 542 # valid_status Expected status of LDAP login ("True" or "False"). 543 544 # According to our repo coding rules, Redfish.Login is to be done in Suite 545 # Setup and Redfish.Logout is to be done in Suite Teardown. For any 546 # deviation from this rule (such as in this keyword), the deviant code 547 # must take steps to restore us to our original logged-in state. 548 549 ${status}= Run Keyword And Return Status Redfish.Login ${LDAP_USER} 550 ... ${LDAP_USER_PASSWORD} 551 Valid Value status [${valid_status}] 552 Redfish.Logout 553 Redfish.Login 554 555 556Update LDAP Config And Verify Set Host Name 557 [Documentation] Update LDAP config and verify by attempting to set host name. 558 [Arguments] ${group_name} ${group_privilege}=Administrator 559 ... ${valid_status_codes}=[${HTTP_OK}] 560 [Teardown] Run Keywords Redfish.Logout AND Redfish.Login 561 562 # Description of argument(s): 563 # group_name The group name of user. 564 # group_privilege The group privilege ("Administrator", 565 # "Operator", "User" or "Callback"). 566 # valid_status_codes Expected return code(s) from patch 567 # operation (e.g. "200") used to update 568 # HostName. See prolog of rest_request 569 # method in redfish_plus.py for details. 570 Update LDAP Configuration with LDAP User Role And Group ${LDAP_TYPE} 571 ... ${group_privilege} ${group_name} 572 573 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD} 574 # Verify that the LDAP user in ${group_name} with the given privilege is 575 # allowed to change the hostname. 576 Redfish.Patch ${REDFISH_NW_ETH0_URI} body={'HostName': '${hostname}'} 577 ... valid_status_codes=${valid_status_codes} 578 579Disable Other LDAP 580 [Documentation] Disable other LDAP configuration. 581 [Arguments] ${service_state}=${False} 582 583 # First disable other LDAP. 584 ${inverse_ldap_type}= Set Variable If '${LDAP_TYPE}' == 'LDAP' ActiveDirectory LDAP 585 Redfish.Patch ${REDFISH_BASE_URI}AccountService 586 ... body={'${inverse_ldap_type}': {'ServiceEnabled': ${service_state}}} 587 Sleep 15s 588 589 590Config LDAP URL 591 [Documentation] Config LDAP URL. 592 [Arguments] ${ldap_server_uri}=${LDAP_SERVER_URI} ${expected_status}=${TRUE} 593 594 # Description of argument(s): 595 # ldap_server_uri LDAP server uri (e.g. "ldap://XX.XX.XX.XX/"). 596 597 Redfish.Patch ${REDFISH_BASE_URI}AccountService 598 ... body={'${ldap_type}': {'ServiceAddresses': ['${ldap_server_uri}']}} 599 Sleep 15s 600 # After update, LDAP login. 601 ${status}= Run Keyword And Return Status Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD} 602 Valid Value status [${expected_status}] 603 604 Redfish.Logout 605 Redfish.Login 606 607 608Restore LDAP URL 609 [Documentation] Restore LDAP URL. 610 611 # Restoring the working LDAP server uri. 612 Redfish.Patch ${REDFISH_BASE_URI}AccountService 613 ... body={'${ldap_type}': {'ServiceAddresses': ['${LDAP_SERVER_URI}']}} 614 Sleep 15s 615 616 617Restore AccountLockout Attributes 618 [Documentation] Restore AccountLockout Attributes. 619 620 Return From Keyword If &{old_account_service} == &{EMPTY} 621 Redfish.Patch ${REDFISH_BASE_URI}AccountService 622 ... body=[('AccountLockoutDuration', ${old_account_service['AccountLockoutDuration']})] 623 Redfish.Patch ${REDFISH_BASE_URI}AccountService 624 ... body=[('AccountLockoutThreshold', ${old_account_service['AccountLockoutThreshold']})] 625 626 627Suite Setup Execution 628 [Documentation] Do suite setup tasks. 629 630 Valid Value LDAP_TYPE valid_values=["ActiveDirectory", "LDAP"] 631 Valid Value LDAP_USER 632 Valid Value LDAP_USER_PASSWORD 633 Valid Value GROUP_PRIVILEGE 634 Valid Value GROUP_NAME 635 Valid Value LDAP_SERVER_URI 636 Valid Value LDAP_BIND_DN_PASSWORD 637 Valid Value LDAP_BIND_DN 638 Valid Value LDAP_BASE_DN 639 640 Redfish.Login 641 # Call 'Get LDAP Configuration' to verify that LDAP configuration exists. 642 Get LDAP Configuration ${LDAP_TYPE} 643 Set Suite Variable ${old_ldap_privilege} 644 Disable Other LDAP 645 Create LDAP Configuration 646 ${hostname}= Redfish.Get Attribute ${REDFISH_NW_PROTOCOL_URI} HostName 647 648 649LDAP Suite Teardown Execution 650 [Documentation] Restore ldap configuration, delete unused redfish session. 651 652 Restore LDAP Privilege 653 Redfish.Logout 654 Run Keyword And Ignore Error Delete All Redfish Sessions 655 656 657Set Read Privilege And Check Firmware Inventory 658 [Documentation] Set read privilege and check firmware inventory. 659 [Arguments] ${read_privilege} 660 661 # Description of argument(s): 662 # read_privilege The read privilege role (e.g. "User" / "Callback"). 663 664 Update LDAP Configuration with LDAP User Role And Group ${LDAP_TYPE} 665 ... ${read_privilege} ${GROUP_NAME} 666 667 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD} 668 # Verify that the LDAP user with read privilege is able to read inventory. 669 ${resp}= Redfish.Get /redfish/v1/UpdateService/FirmwareInventory 670 Should Be True ${resp.dict["Members@odata.count"]} >= ${1} 671 Length Should Be ${resp.dict["Members"]} ${resp.dict["Members@odata.count"]} 672 Redfish.Logout 673 Redfish.Login 674 675 676Set Read Privilege And Check Poweron 677 [Documentation] Set read privilege and power on should not be possible. 678 [Arguments] ${read_privilege} 679 680 # Description of argument(s): 681 # read_privilege The read privilege role (e.g. "User" / "Callback"). 682 683 Update LDAP Configuration with LDAP User Role And Group ${LDAP_TYPE} 684 ... ${read_privilege} ${GROUP_NAME} 685 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD} 686 Redfish.Post ${REDFISH_POWER_URI} 687 ... body={'ResetType': 'On'} valid_status_codes=[401, 403] 688 Redfish.Logout 689 Redfish.Login 690 691 692Get LDAP Configuration 693 [Documentation] Retrieve LDAP Configuration. 694 [Arguments] ${ldap_type} 695 696 # Description of argument(s): 697 # ldap_type The LDAP type ("ActiveDirectory" or "LDAP"). 698 699 ${ldap_config}= Redfish.Get Properties ${REDFISH_BASE_URI}AccountService 700 [Return] ${ldap_config["${ldap_type}"]} 701 702 703Update LDAP Configuration with LDAP User Role And Group 704 [Documentation] Update LDAP configuration update with LDAP user Role and group. 705 [Arguments] ${ldap_type} ${group_privilege} ${group_name} 706 707 # Description of argument(s): 708 # ldap_type The LDAP type ("ActiveDirectory" or "LDAP"). 709 # group_privilege The group privilege ("Administrator", "Operator", "User" or "Callback"). 710 # group_name The group name of user. 711 712 ${local_role_remote_group}= Create Dictionary LocalRole=${group_privilege} RemoteGroup=${group_name} 713 ${remote_role_mapping}= Create List ${local_role_remote_group} 714 ${ldap_data}= Create Dictionary RemoteRoleMapping=${remote_role_mapping} 715 ${payload}= Create Dictionary ${ldap_type}=${ldap_data} 716 Redfish.Patch ${REDFISH_BASE_URI}AccountService body=&{payload} 717 # Provide adequate time for LDAP daemon to restart after the update. 718 Sleep 15s 719 720 721Get LDAP Privilege 722 [Documentation] Get LDAP privilege and return it. 723 724 ${ldap_config}= Get LDAP Configuration ${LDAP_TYPE} 725 ${num_list_entries}= Get Length ${ldap_config["RemoteRoleMapping"]} 726 Return From Keyword If ${num_list_entries} == ${0} @{EMPTY} 727 728 [Return] ${ldap_config["RemoteRoleMapping"][0]["LocalRole"]} 729 730 731Restore LDAP Privilege 732 [Documentation] Restore the LDAP privilege to its original value. 733 734 Redfish.Login 735 Return From Keyword If '${old_ldap_privilege}' == '${EMPTY}' or '${old_ldap_privilege}' == '[]' 736 # Log back in to restore the original privilege. 737 Update LDAP Configuration with LDAP User Role And Group ${LDAP_TYPE} 738 ... ${old_ldap_privilege} ${GROUP_NAME} 739 740 Sleep 18s 741 742Verify Host Power Status 743 [Documentation] Verify the Host power status and do host power on/off respectively. 744 [Arguments] ${expected_power_status} 745 746 # Description of argument(s): 747 # expected_power_status State of Host e.g. Off or On. 748 749 ${power_status}= Redfish.Get Attribute /redfish/v1/Chassis/${CHASSIS_ID} PowerState 750 Return From Keyword If '${power_status}' == '${expected_power_status}' 751 752 Run Keyword If '${power_status}' == 'Off' Redfish Power On 753 ... ELSE Redfish Power Off 754 755Update LDAP User Role And Host Poweroff 756 [Documentation] Update LDAP user role and do host poweroff. 757 [Arguments] ${ldap_type} ${group_privilege} ${group_name} ${valid_status_code} 758 [Teardown] Run Keywords Redfish.Logout AND Redfish.Login 759 760 # Description of argument(s): 761 # ldap_type The LDAP type ("ActiveDirectory" or "LDAP"). 762 # group_privilege The group privilege ("Administrator", "Operator" or "ReadOnly"). 763 # group_name The group name of user. 764 # valid_status_code The expected valid status code. 765 766 # check Host state and do the power on/off if needed. 767 Verify Host Power Status On 768 769 Update LDAP Configuration with LDAP User Role And Group ${ldap_type} 770 ... ${group_privilege} ${group_name} 771 772 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD} 773 774 Redfish.Post ${REDFISH_POWER_URI} 775 ... body={'ResetType': 'ForceOff'} valid_status_codes=[${valid_status_code}] 776 777 Return From Keyword If ${valid_status_code} == ${HTTP_FORBIDDEN} 778 Wait Until Keyword Succeeds 1 min 10 sec Verify Host Power State Off 779 780 781Update LDAP User Role And Host Poweron 782 [Documentation] Update LDAP user role and do host poweron. 783 [Arguments] ${ldap_type} ${group_privilege} ${group_name} ${valid_status_code} 784 [Teardown] Run Keywords Redfish.Logout AND Redfish.Login 785 786 # Description of argument(s): 787 # ldap_type The LDAP type ("ActiveDirectory" or "LDAP"). 788 # group_privilege The group privilege ("Administrator", "Operator" or "ReadOnly"). 789 # group_name The group name of user. 790 # valid_status_code The expected valid status code. 791 792 # check Host state and do the power on/off if needed. 793 Verify Host Power Status Off 794 795 Update LDAP Configuration with LDAP User Role And Group ${ldap_type} 796 ... ${group_privilege} ${group_name} 797 798 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD} 799 800 Redfish.Post ${REDFISH_POWER_URI} 801 ... body={'ResetType': 'On'} valid_status_codes=[${valid_status_code}] 802 803 Return From Keyword If ${valid_status_code} == ${HTTP_FORBIDDEN} 804 Verify Host Is Up 805 806 807Update LDAP User Role And Configure IP Address 808 [Documentation] Update LDAP user role and configure IP address. 809 [Arguments] ${ldap_type} ${group_privilege} ${group_name} ${valid_status_code}=${HTTP_OK} 810 [Teardown] Run Keywords Redfish.Logout AND Redfish.Login AND Delete IP Address ${test_ip} 811 812 # Description of argument(s): 813 # ldap_type The LDAP type ("ActiveDirectory" or "LDAP"). 814 # group_privilege The group privilege ("Administrator", "Operator" or "ReadOnly"). 815 # group_name The group name of user. 816 # valid_status_code The expected valid status code. 817 818 Update LDAP Configuration with LDAP User Role And Group ${ldap_type} 819 ... ${group_privilege} ${group_name} 820 821 Redfish.Logout 822 823 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD} 824 825 ${test_gateway}= Get BMC Default Gateway 826 827 Add IP Address ${test_ip} ${test_mask} ${test_gateway} ${valid_status_code} 828 829 830Update LDAP User Role And Delete IP Address 831 [Documentation] Update LDAP user role and delete IP address. 832 [Arguments] ${ldap_type} ${group_privilege} ${group_name} ${valid_status_code}=${HTTP_OK} 833 [Teardown] Run Keywords Redfish.Logout AND Redfish.Login AND Delete IP Address ${test_ip} 834 835 # Description of argument(s): 836 # ldap_type The LDAP type ("ActiveDirectory" or "LDAP"). 837 # group_privilege The group privilege ("Administrator", "Operator" or "ReadOnly"). 838 # group_name The group name of user. 839 # valid_status_code The expected valid status code. 840 841 ${test_gateway}= Get BMC Default Gateway 842 843 # Configure IP address before deleting via LDAP user roles. 844 Add IP Address ${test_ip} ${test_mask} ${test_gateway} 845 846 Update LDAP Configuration with LDAP User Role And Group ${ldap_type} 847 ... ${group_privilege} ${group_name} 848 849 Redfish.Logout 850 851 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD} 852 853 Delete IP Address ${test_ip} ${valid_status_code} 854 855 856Update LDAP User Role And Read Network Configuration 857 [Documentation] Update LDAP user role and read network configuration. 858 [Arguments] ${ldap_type} ${group_privilege} ${group_name} ${valid_status_code}=${HTTP_OK} 859 [Teardown] Run Keywords Redfish.Logout AND Redfish.Login 860 861 # Description of argument(s): 862 # ldap_type The LDAP type ("ActiveDirectory" or "LDAP"). 863 # group_privilege The group privilege ("Administrator", "Operator" or "ReadOnly"). 864 # group_name The group name of user. 865 # valid_status_code The expected valid status code. 866 867 Update LDAP Configuration with LDAP User Role And Group ${ldap_type} 868 ... ${group_privilege} ${group_name} 869 870 Redfish.Logout 871 872 Redfish.Login ${LDAP_USER} ${LDAP_USER_PASSWORD} 873 Redfish.Get ${REDFISH_NW_ETH0_URI} valid_status_codes=[${valid_status_code}] 874