1*** Settings *** 2Documentation Test root user expire password. 3 4Resource ../lib/resource.robot 5Resource ../gui/lib/gui_resource.robot 6Resource ../lib/ipmi_client.robot 7Resource ../lib/bmc_redfish_utils.robot 8Library ../lib/bmc_ssh_utils.py 9Library SSHLibrary 10 11Test Setup Set Account Lockout Threshold 12 13Test Tags BMC_Expire_Password 14 15*** Variables *** 16 17# If user re-tries more than 5 time incorrectly, the user gets locked for 5 minutes. 18${default_lockout_duration} ${300} 19${defaultlockout_threshold} ${5} 20${admin_user} admin_user 21${default_adminuser_passwd} AdminUser1 22${admin_password} AdminUser2 23${invalid_password} abcd12345 24 25 26*** Test Cases *** 27 28Expire Root Password And Check IPMI Access Fails 29 [Documentation] Expire root user password and expect an error while access via IPMI. 30 [Tags] Expire_Root_Password_And_Check_IPMI_Access_Fails 31 [Teardown] Test Teardown Execution 32 33 Expire Password ${OPENBMC_USERNAME} 34 35 ${status}= Run Keyword And Return Status Run External IPMI Standard Command lan print -v 36 Should Be Equal ${status} ${False} 37 38 39Expire Root Password And Check SSH Access Fails 40 [Documentation] Expire root user password and expect an error while access via SSH. 41 [Tags] Expire_Root_Password_And_Check_SSH_Access_Fails 42 [Teardown] Test Teardown Execution 43 44 Expire Password ${OPENBMC_USERNAME} 45 46 ${status}= Run Keyword And Return Status 47 ... Open Connection And Log In ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} 48 Should Be Equal ${status} ${False} 49 50 51Expire And Change Root User Password And Access Via SSH 52 [Documentation] Expire and change root user password and access via SSH. 53 [Tags] Expire_And_Change_Root_User_Password_And_Access_Via_SSH 54 [Teardown] Run Keywords Wait Until Keyword Succeeds 1 min 10 sec 55 ... Restore Default Password For Root User AND FFDC On Test Case Fail 56 57 Expire Password ${OPENBMC_USERNAME} 58 59 Redfish.Login 60 # Change to a valid password. 61 ${resp}= Redfish.Patch /redfish/v1/AccountService/Accounts/${OPENBMC_USERNAME} 62 ... body={'Password': '0penBmc123'} valid_status_codes=[${HTTP_OK}] 63 64 # Verify login with the new password through SSH. 65 Open Connection And Log In ${OPENBMC_USERNAME} 0penBmc123 66 67 68Expire Root Password And Update Bad Password Length Via Redfish 69 [Documentation] Expire root password and update bad password via Redfish and expect an error. 70 [Tags] Expire_Root_Password_And_Update_Bad_Password_Length_Via_Redfish 71 [Teardown] Run Keywords Wait Until Keyword Succeeds 1 min 10 sec 72 ... Restore Default Password For Root User AND FFDC On Test Case Fail 73 74 Expire Password ${OPENBMC_USERNAME} 75 76 Redfish.Login 77 ${status}= Run Keyword And Return Status 78 ... Redfish.Patch /redfish/v1/AccountService/Accounts/${OPENBMC_USERNAME} 79 ... body={'Password': '0penBmc0penBmc0penBmc'} 80 Should Be Equal ${status} ${False} 81 82 83Expire And Change Root User Password Via Redfish And Verify 84 [Documentation] Expire and change root user password via Redfish and verify. 85 [Tags] Expire_And_Change_Root_User_Password_Via_Redfish_And_Verify 86 [Teardown] Run Keywords FFDC On Test Case Fail AND 87 ... Wait Until Keyword Succeeds 1 min 10 sec 88 ... Restore Default Password For Root User 89 90 Expire Password ${OPENBMC_USERNAME} 91 92 Verify User Password Expired Using Redfish ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} 93 # Change to a valid password. 94 Redfish.Patch /redfish/v1/AccountService/Accounts/${OPENBMC_USERNAME} 95 ... body={'Password': '0penBmc123'} 96 Redfish.Logout 97 98 # Verify login with the new password. 99 Redfish.Login ${OPENBMC_USERNAME} 0penBmc123 100 101 102Verify Error While Creating User With Expired Password 103 [Documentation] Expire root password and expect an error while creating new user. 104 [Tags] Verify_Error_While_Creating_User_With_Expired_Password 105 [Teardown] Run Keywords Wait Until Keyword Succeeds 1 min 10 sec 106 ... Restore Default Password For Root User AND FFDC On Test Case Fail 107 108 Expire Password ${OPENBMC_USERNAME} 109 110 Verify User Password Expired Using Redfish ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} 111 Redfish.Login 112 ${payload}= Create Dictionary 113 ... UserName=admin_user Password=TestPwd123 RoleId=Administrator Enabled=${True} 114 Redfish.Post /redfish/v1/AccountService/Accounts/ body=&{payload} 115 ... valid_status_codes=[${HTTP_FORBIDDEN}] 116 117 118Expire And Change Root Password Via GUI 119 [Documentation] Expire and change root password via GUI. 120 [Tags] Expire_And_Change_Root_Password_Via_GUI 121 [Setup] Launch Browser And Login GUI 122 [Teardown] Run Keywords Logout GUI AND Close Browser 123 ... AND Restore Default Password For Root User AND FFDC On Test Case Fail 124 125 Expire Password ${OPENBMC_USERNAME} 126 127 Wait Until Page Contains Element ${xpath_root_button_menu} 128 Click Element ${xpath_root_button_menu} 129 Click Element ${xpath_profile_settings} 130 Wait Until Page Contains Change password 131 132 # Change valid password. 133 Input Text ${xpath_input_password} 0penBmc123 134 Input Text ${xpath_input_confirm_password} 0penBmc123 135 Click Button ${xpath_profile_save_button} 136 Wait Until Page Contains Successfully saved account settings. 137 Wait Until Page Does Not Contain Successfully saved account settings. timeout=20 138 Logout GUI 139 140 # Verify valid password. 141 Login GUI ${OPENBMC_USERNAME} 0penBmc123 142 Redfish.Login ${OPENBMC_USERNAME} 0penBmc123 143 144 145Verify Maximum Failed Attempts And Check Root User Account Locked 146 [Documentation] Verify maximum failed attempts and locks out root user account. 147 [Tags] Verify_Maximum_Failed_Attempts_And_Check_Root_User_Account_Locked 148 [Setup] Set Account Lockout Threshold account_lockout_threshold=${5} 149 150 # Make maximum failed login attempts. 151 Repeat Keyword ${5} times 152 ... Run Keyword And Expect Error InvalidCredentialsError* Redfish.Login root 0penBmc123 153 154 # Verify that legitimate login fails due to lockout. 155 Run Keyword And Expect Error InvalidCredentialsError* 156 ... Redfish.Login ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} 157 158 # Wait for lockout duration to expire and then verify that login works. 159 Sleep ${default_lockout_duration}s 160 Redfish.Login 161 Redfish.Logout 162 163Verify New Password Persistency After BMC Reboot 164 [Documentation] Verify new password persistency after BMC reboot. 165 [Tags] Verify_New_Password_Persistency_After_BMC_Reboot 166 [Teardown] Test Teardown Execution 167 168 Redfish.Login 169 170 # Make sure the user account in question does not already exist. 171 Redfish.Delete /redfish/v1/AccountService/Accounts/admin_user 172 ... valid_status_codes=[${HTTP_OK}, ${HTTP_NOT_FOUND}] 173 174 # Create specified user. 175 ${payload}= Create Dictionary 176 ... UserName=admin_user Password=TestPwd123 RoleId=Administrator Enabled=${True} 177 Redfish.Post /redfish/v1/AccountService/Accounts/ body=&{payload} 178 ... valid_status_codes=[${HTTP_CREATED}] 179 Redfish.Logout 180 181 Redfish.Login admin_user TestPwd123 182 183 # Change to a valid password. 184 Redfish.Patch /redfish/v1/AccountService/Accounts/admin_user 185 ... body={'Password': '0penBmc123'} 186 187 # Reboot BMC and verify persistency. 188 Redfish OBMC Reboot (off) 189 190 # verify new password 191 Redfish.Login admin_user 0penBmc123 192 193 194Verify Expire And Change Admin User Password Via GUI 195 [Documentation] Force expire admin password and update admin password via GUI. 196 [Tags] Verify_Expire_And_Change_Admin_User_Password_Via_GUI 197 [Setup] Run Keywords Launch Browser And Login GUI AND 198 ... Redfish Create User ${admin_user} ${default_adminuser_passwd} Administrator ${True} 199 [Teardown] Run Keywords Logout GUI AND Close Browser 200 201 Expire Password ${admin_user} 202 203 Logout GUI 204 205 # Verify that admin user should not be able to login with expired password. 206 Login GUI ${admin_user} ${default_adminuser_passwd} 207 208 # Verify error message to update the password. 209 Wait Until Page Contains The password is expired and must be changed. timeout=10 210 211 # Update a valid acceptable password. 212 Input Text ${xpath_input_password} ${admin_password} 213 Input Text ${xpath_input_confirm_password} ${admin_password} 214 Click Button ${xpath_confirm_password_button} 215 Wait Until Page Contains Overview timeout=20 216 217 # Verify valid password. 218 Redfish.Login ${admin_user} ${admin_password} 219 220 221Expire Admin Password And Check IPMI Access Fails 222 [Documentation] Expire admin user password and expect an error while access via IPMI. 223 [Tags] Expire_Admin_Password_And_Check_IPMI_Access_Fails 224 [Setup] Redfish Create User ${admin_user} ${default_adminuser_passwd} Administrator ${True} 225 226 Expire Password ${admin_user} 227 228 ${status}= Run Keyword And Return Status Run External IPMI Standard Command lan print -v 229 Should Be Equal ${status} ${False} 230 231 232Verify Expire Admin Password And Update Bad Password Length Via Redfish 233 [Documentation] Expire admin password and update bad password with more than 20 characters 234 ... via Redfish and expect an error. 235 [Tags] Verify_Expire_Admin_Password_And_Update_Bad_Password_Length_Via_Redfish 236 [Setup] Redfish Create User ${admin_user} ${default_adminuser_passwd} Administrator ${True} 237 238 Expire Password ${admin_user} 239 240 Redfish.Login 241 242 Set Password Via Redfish 0penBmc0penBmc0penBmc ${False} 243 244 245Verify Error While Creating User With Expired Admin Password 246 [Documentation] Expire admin password and expect an error while creating new user. 247 [Tags] Verify_Error_While_Creating_User_With_Expired_Admin_Password 248 [Teardown] Restore Default Password For Admin User 249 250 Expire Password ${admin_user} 251 252 Verify User Password Expired Using Redfish ${admin_user} ${default_adminuser_passwd} 253 254 # Create new user with expired admin password and expect an error. 255 ${payload}= Create Dictionary 256 ... UserName=admin_user1 Password=TestPwd123 RoleId=Administrator Enabled=${True} 257 Redfish.Post /redfish/v1/AccountService/Accounts/ body=&{payload} 258 ... valid_status_codes=[${HTTP_FORBIDDEN}] 259 260 261Verify New Admin Password Persistency After BMC Reboot 262 [Documentation] Verify new admin password persistency after BMC reboot. 263 [Tags] Verify_New_Admin_Password_Persistency_After_BMC_Reboot 264 [Setup] Redfish Create User ${admin_user} ${default_adminuser_passwd} Administrator ${True} 265 [Teardown] Restore Default Password For Admin User 266 267 Expire Password ${admin_user} 268 269 Set Password Via Redfish ${admin_password} ${True} 270 271 # Reboot BMC. 272 Redfish OBMC Reboot (off) stack_mode=skip 273 274 # Verify password is persisted after bmc reboot. 275 Redfish.Login ${admin_user} ${admin_password} 276 277 278Expire And Change Admin User Password Via Redfish And Verify 279 [Documentation] Expire and change admin user password via Redfish and verify. 280 [Tags] Expire_And_Change_Admin_User_Password_Via_Redfish_And_Verify 281 [Setup] Redfish Create User ${admin_user} ${default_adminuser_passwd} Administrator ${True} 282 [Teardown] Restore Default Password For Admin User 283 284 Expire Password ${admin_user} 285 286 Verify User Password Expired Using Redfish ${admin_user} ${default_adminuser_passwd} 287 288 # Change to a valid password. 289 Set Password Via Redfish AdminUser2 ${True} 290 Redfish.Logout 291 292 # Verify login with the new password. 293 Redfish.Login ${admin_user} AdminUser2 294 295 296Verify Maximum Failed Attempts For Admin User And Check Account Locked 297 [Documentation] Verify maximum failed attempts for admin user 298 ... and check whether admin user account is locked. 299 [Tags] Verify_Maximum_Failed_Attempts_For_Admin_User_And_Check_Account_Locked 300 [Teardown] Run Keywords Set Account Lockout Threshold account_lockout_threshold=${defaultlockout_threshold} 301 ... AND Redfish.Delete /redfish/v1/AccountService/Accounts/${admin_user} 302 ... AND Redfish.Logout 303 304 # Create admin user and set account lockout threshold value. 305 Redfish Create User ${admin_user} ${default_adminuser_passwd} Administrator ${True} 306 Set Account Lockout Threshold account_lockout_threshold=${5} 307 308 Expire Password ${admin_user} 309 310 Set Password Via Redfish ${admin_password} ${True} 311 312 # Try to login with expired password and check account is locked. 313 Repeat Keyword ${5} times 314 ... Run Keyword And Expect Error InvalidCredentialsError* 315 ... Redfish.Login ${admin_user} ${default_adminuser_passwd} 316 317 # Check whether the admin user locked value is set to true. 318 Redfish.Login 319 ${resp}= Redfish.Get /redfish/v1/AccountService/Accounts/${admin_user} 320 Should Be Equal ${resp.dict["Locked"]} ${True} 321 322 # Verify that login fails with admin user new password due to lockout. 323 Run Keyword And Expect Error InvalidCredentialsError* 324 ... Redfish.Login ${admin_user} ${admin_password} 325 326 # Wait for lockout duration to expire and then verify that login with admin user works. 327 Sleep ${default_lockout_duration}s 328 Redfish.Login ${admin_user} ${admin_password} 329 330 331*** Keywords *** 332 333Set Account Lockout Threshold 334 [Documentation] Set user account lockout threshold. 335 [Arguments] ${account_lockout_threshold}=${0} ${account_lockout_duration}=${50} 336 337 # Description of argument(s): 338 # account_lockout_threshold Set lockout threshold value. 339 # account_lockout_duration Set lockout duration value. 340 341 Redfish.login 342 ${payload}= Create Dictionary AccountLockoutThreshold=${account_lockout_threshold} 343 ... AccountLockoutDuration=${account_lockout_duration} 344 Redfish.Patch /redfish/v1/AccountService/ body=&{payload} 345 gen_robot_valid.Valid Length OPENBMC_PASSWORD min_length=8 346 347 348Restore Default Password For Root User 349 [Documentation] Restore default password for root user (i.e. 0penBmc). 350 351 # Set default password for root user. 352 Redfish.Patch /redfish/v1/AccountService/Accounts/${OPENBMC_USERNAME} 353 ... body={'Password': '${OPENBMC_PASSWORD}'} valid_status_codes=[${HTTP_OK}] 354 # Verify that root user is able to run Redfish command using default password. 355 Redfish.Logout 356 357 358Test Teardown Execution 359 [Documentation] Do test teardown task. 360 361 Redfish.Login 362 Wait Until Keyword Succeeds 1 min 10 sec Restore Default Password For Root User 363 Redfish.Logout 364 Set Account Lockout Threshold account_lockout_threshold=${5} 365 FFDC On Test Case Fail 366 367 368Expire Password 369 [Documentation] Force expire password. 370 [Arguments] ${username} 371 372 # Description of argument(s): 373 # username User to be created and expire. 374 375 # Expire the password. 376 Open Connection And Log In ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} 377 378 ${output} ${stderr} ${rc}= BMC Execute Command passwd --expire ${username} 379 Should Contain Any ${output} password expiry information changed password changed 380 381 # Example output: 382 # passwd --expire admin 383 # passwd: password changed. 384 385 Close All Connections 386 387 388Restore Default Password For Admin User 389 [Documentation] Restore default password for admin user (i.e. AdminUser1). 390 391 # Set default password for admin user. 392 Redfish.Patch /redfish/v1/AccountService/Accounts/${admin_user} 393 ... body={'Password': '${default_adminuser_passwd}'} valid_status_codes=[${HTTP_OK}] 394 # Verify that admin user is able to run Redfish command using default password. 395 Redfish.Logout 396 397 398Set Password Via Redfish 399 [Documentation] Set new password via redfish. 400 [Arguments] ${new_password} ${expect_result} 401 402 # Description of argument(s): 403 # new_password New password set. 404 # expect_result Expected result (eg:true or false). 405 406 ${status}= Run Keyword And Return Status 407 ... Redfish.Patch /redfish/v1/AccountService/Accounts/${admin_user} 408 ... body={'Password': '${new_password}'} 409 410 Should be Equal ${status} ${expect_result} 411