1*** Settings *** 2Documentation Test root user expire password. 3 4Resource ../lib/resource.robot 5Resource ../gui/lib/gui_resource.robot 6Resource ../lib/ipmi_client.robot 7Resource ../lib/bmc_redfish_utils.robot 8Library ../lib/bmc_ssh_utils.py 9Library SSHLibrary 10 11Test Setup Set Account Lockout Threshold 12 13Test Tags BMC_Expire_Password 14 15*** Variables *** 16 17# If user re-tries more than 5 time incorrectly, the user gets locked for 5 minutes. 18${default_lockout_duration} ${300} 19${admin_user} admin_user 20${default_adminuser_passwd} AdminUser1 21${admin_password} AdminUser2 22 23 24*** Test Cases *** 25 26Expire Root Password And Check IPMI Access Fails 27 [Documentation] Expire root user password and expect an error while access via IPMI. 28 [Tags] Expire_Root_Password_And_Check_IPMI_Access_Fails 29 [Teardown] Test Teardown Execution 30 31 Expire Password ${OPENBMC_USERNAME} 32 33 ${status}= Run Keyword And Return Status Run External IPMI Standard Command lan print -v 34 Should Be Equal ${status} ${False} 35 36 37Expire Root Password And Check SSH Access Fails 38 [Documentation] Expire root user password and expect an error while access via SSH. 39 [Tags] Expire_Root_Password_And_Check_SSH_Access_Fails 40 [Teardown] Test Teardown Execution 41 42 Expire Password ${OPENBMC_USERNAME} 43 44 ${status}= Run Keyword And Return Status 45 ... Open Connection And Log In ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} 46 Should Be Equal ${status} ${False} 47 48 49Expire And Change Root User Password And Access Via SSH 50 [Documentation] Expire and change root user password and access via SSH. 51 [Tags] Expire_And_Change_Root_User_Password_And_Access_Via_SSH 52 [Teardown] Run Keywords Wait Until Keyword Succeeds 1 min 10 sec 53 ... Restore Default Password For Root User AND FFDC On Test Case Fail 54 55 Expire Password ${OPENBMC_USERNAME} 56 57 Redfish.Login 58 # Change to a valid password. 59 ${resp}= Redfish.Patch /redfish/v1/AccountService/Accounts/${OPENBMC_USERNAME} 60 ... body={'Password': '0penBmc123'} valid_status_codes=[${HTTP_OK}] 61 62 # Verify login with the new password through SSH. 63 Open Connection And Log In ${OPENBMC_USERNAME} 0penBmc123 64 65 66Expire Root Password And Update Bad Password Length Via Redfish 67 [Documentation] Expire root password and update bad password via Redfish and expect an error. 68 [Tags] Expire_Root_Password_And_Update_Bad_Password_Length_Via_Redfish 69 [Teardown] Run Keywords Wait Until Keyword Succeeds 1 min 10 sec 70 ... Restore Default Password For Root User AND FFDC On Test Case Fail 71 72 Expire Password ${OPENBMC_USERNAME} 73 74 Redfish.Login 75 ${status}= Run Keyword And Return Status 76 ... Redfish.Patch /redfish/v1/AccountService/Accounts/${OPENBMC_USERNAME} 77 ... body={'Password': '0penBmc0penBmc0penBmc'} 78 Should Be Equal ${status} ${False} 79 80 81Expire And Change Root User Password Via Redfish And Verify 82 [Documentation] Expire and change root user password via Redfish and verify. 83 [Tags] Expire_And_Change_Root_User_Password_Via_Redfish_And_Verify 84 [Teardown] Run Keywords FFDC On Test Case Fail AND 85 ... Wait Until Keyword Succeeds 1 min 10 sec 86 ... Restore Default Password For Root User 87 88 Expire Password ${OPENBMC_USERNAME} 89 90 Verify User Password Expired Using Redfish ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} 91 # Change to a valid password. 92 Redfish.Patch /redfish/v1/AccountService/Accounts/${OPENBMC_USERNAME} 93 ... body={'Password': '0penBmc123'} 94 Redfish.Logout 95 96 # Verify login with the new password. 97 Redfish.Login ${OPENBMC_USERNAME} 0penBmc123 98 99 100Verify Error While Creating User With Expired Password 101 [Documentation] Expire root password and expect an error while creating new user. 102 [Tags] Verify_Error_While_Creating_User_With_Expired_Password 103 [Teardown] Run Keywords Wait Until Keyword Succeeds 1 min 10 sec 104 ... Restore Default Password For Root User AND FFDC On Test Case Fail 105 106 Expire Password ${OPENBMC_USERNAME} 107 108 Verify User Password Expired Using Redfish ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} 109 Redfish.Login 110 ${payload}= Create Dictionary 111 ... UserName=admin_user Password=TestPwd123 RoleId=Administrator Enabled=${True} 112 Redfish.Post /redfish/v1/AccountService/Accounts/ body=&{payload} 113 ... valid_status_codes=[${HTTP_FORBIDDEN}] 114 115 116Expire And Change Root Password Via GUI 117 [Documentation] Expire and change root password via GUI. 118 [Tags] Expire_And_Change_Root_Password_Via_GUI 119 [Setup] Launch Browser And Login GUI 120 [Teardown] Run Keywords Logout GUI AND Close Browser 121 ... AND Restore Default Password For Root User AND FFDC On Test Case Fail 122 123 Expire Password ${OPENBMC_USERNAME} 124 125 Wait Until Page Contains Element ${xpath_root_button_menu} 126 Click Element ${xpath_root_button_menu} 127 Click Element ${xpath_profile_settings} 128 Wait Until Page Contains Change password 129 130 # Change valid password. 131 Input Text ${xpath_input_password} 0penBmc123 132 Input Text ${xpath_input_confirm_password} 0penBmc123 133 Click Button ${xpath_profile_save_button} 134 Wait Until Page Contains Successfully saved account settings. 135 Wait Until Page Does Not Contain Successfully saved account settings. timeout=20 136 Logout GUI 137 138 # Verify valid password. 139 Login GUI ${OPENBMC_USERNAME} 0penBmc123 140 Redfish.Login ${OPENBMC_USERNAME} 0penBmc123 141 142 143Verify Maximum Failed Attempts And Check Root User Account Locked 144 [Documentation] Verify maximum failed attempts and locks out root user account. 145 [Tags] Verify_Maximum_Failed_Attempts_And_Check_Root_User_Account_Locked 146 [Setup] Set Account Lockout Threshold account_lockout_threshold=${5} 147 148 # Make maximum failed login attempts. 149 Repeat Keyword ${5} times 150 ... Run Keyword And Expect Error InvalidCredentialsError* Redfish.Login root 0penBmc123 151 152 # Verify that legitimate login fails due to lockout. 153 Run Keyword And Expect Error InvalidCredentialsError* 154 ... Redfish.Login ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} 155 156 # Wait for lockout duration to expire and then verify that login works. 157 Sleep ${default_lockout_duration}s 158 Redfish.Login 159 Redfish.Logout 160 161Verify New Password Persistency After BMC Reboot 162 [Documentation] Verify new password persistency after BMC reboot. 163 [Tags] Verify_New_Password_Persistency_After_BMC_Reboot 164 [Teardown] Test Teardown Execution 165 166 Redfish.Login 167 168 # Make sure the user account in question does not already exist. 169 Redfish.Delete /redfish/v1/AccountService/Accounts/admin_user 170 ... valid_status_codes=[${HTTP_OK}, ${HTTP_NOT_FOUND}] 171 172 # Create specified user. 173 ${payload}= Create Dictionary 174 ... UserName=admin_user Password=TestPwd123 RoleId=Administrator Enabled=${True} 175 Redfish.Post /redfish/v1/AccountService/Accounts/ body=&{payload} 176 ... valid_status_codes=[${HTTP_CREATED}] 177 Redfish.Logout 178 179 Redfish.Login admin_user TestPwd123 180 181 # Change to a valid password. 182 Redfish.Patch /redfish/v1/AccountService/Accounts/admin_user 183 ... body={'Password': '0penBmc123'} 184 185 # Reboot BMC and verify persistency. 186 Redfish OBMC Reboot (off) 187 188 # verify new password 189 Redfish.Login admin_user 0penBmc123 190 191 192Verify Expire And Change Admin User Password Via GUI 193 [Documentation] Force expire admin password and update admin password via GUI. 194 [Tags] Verify_Expire_And_Change_Admin_User_Password_Via_GUI 195 [Setup] Run Keywords Launch Browser And Login GUI AND 196 ... Redfish Create User ${admin_user} ${default_adminuser_passwd} Administrator ${True} 197 [Teardown] Run Keywords Logout GUI AND Close Browser 198 199 Expire Password ${admin_user} 200 201 Logout GUI 202 203 # Verify that admin user should not be able to login with expired password. 204 Login GUI ${admin_user} ${default_adminuser_passwd} 205 206 # Verify error message to update the password. 207 Wait Until Page Contains The password is expired and must be changed. timeout=10 208 209 # Update a valid acceptable password. 210 Input Text ${xpath_input_password} ${admin_password} 211 Input Text ${xpath_input_confirm_password} ${admin_password} 212 Click Button ${xpath_confirm_password_button} 213 Wait Until Page Contains Overview timeout=20 214 215 # Verify valid password. 216 Redfish.Login ${admin_user} ${admin_password} 217 218 219Expire Admin Password And Check IPMI Access Fails 220 [Documentation] Expire admin user password and expect an error while access via IPMI. 221 [Tags] Expire_Admin_Password_And_Check_IPMI_Access_Fails 222 [Setup] Redfish Create User ${admin_user} ${default_adminuser_passwd} Administrator ${True} 223 224 Expire Password ${admin_user} 225 226 ${status}= Run Keyword And Return Status Run External IPMI Standard Command lan print -v 227 Should Be Equal ${status} ${False} 228 229 230Verify Expire Admin Password And Update Bad Password Length Via Redfish 231 [Documentation] Expire admin password and update bad password with more than 20 characters 232 ... via Redfish and expect an error. 233 [Tags] Verify_Expire_Admin_Password_And_Update_Bad_Password_Length_Via_Redfish 234 [Setup] Redfish Create User ${admin_user} ${default_adminuser_passwd} Administrator ${True} 235 236 Expire Password ${admin_user} 237 238 Redfish.Login 239 240 Set Password Via Redfish 0penBmc0penBmc0penBmc ${False} 241 242 243Verify Error While Creating User With Expired Admin Password 244 [Documentation] Expire admin password and expect an error while creating new user. 245 [Tags] Verify_Error_While_Creating_User_With_Expired_Admin_Password 246 [Teardown] Restore Default Password For Admin User 247 248 Expire Password ${admin_user} 249 250 Verify User Password Expired Using Redfish ${admin_user} ${default_adminuser_passwd} 251 252 # Create new user with expired admin password and expect an error. 253 ${payload}= Create Dictionary 254 ... UserName=admin_user1 Password=TestPwd123 RoleId=Administrator Enabled=${True} 255 Redfish.Post /redfish/v1/AccountService/Accounts/ body=&{payload} 256 ... valid_status_codes=[${HTTP_FORBIDDEN}] 257 258 259Verify New Admin Password Persistency After BMC Reboot 260 [Documentation] Verify new admin password persistency after BMC reboot. 261 [Tags] Verify_New_Admin_Password_Persistency_After_BMC_Reboot 262 [Setup] Redfish Create User ${admin_user} ${default_adminuser_passwd} Administrator ${True} 263 [Teardown] Restore Default Password For Admin User 264 265 Expire Password ${admin_user} 266 267 Set Password Via Redfish ${admin_password} ${True} 268 269 # Reboot BMC. 270 Redfish OBMC Reboot (off) stack_mode=skip 271 272 # Verify password is persisted after bmc reboot. 273 Redfish.Login ${admin_user} ${admin_password} 274 275 276Expire And Change Admin User Password Via Redfish And Verify 277 [Documentation] Expire and change admin user password via Redfish and verify. 278 [Tags] Expire_And_Change_Admin_User_Password_Via_Redfish_And_Verify 279 [Setup] Redfish Create User ${admin_user} ${default_adminuser_passwd} Administrator ${True} 280 [Teardown] Restore Default Password For Admin User 281 282 Expire Password ${admin_user} 283 284 Verify User Password Expired Using Redfish ${admin_user} ${default_adminuser_passwd} 285 286 # Change to a valid password. 287 Set Password Via Redfish AdminUser2 ${True} 288 Redfish.Logout 289 290 # Verify login with the new password. 291 Redfish.Login ${admin_user} AdminUser2 292 293 294*** Keywords *** 295 296Set Account Lockout Threshold 297 [Documentation] Set user account lockout threshold. 298 [Arguments] ${account_lockout_threshold}=${0} ${account_lockout_duration}=${50} 299 300 # Description of argument(s): 301 # account_lockout_threshold Set lockout threshold value. 302 # account_lockout_duration Set lockout duration value. 303 304 Redfish.login 305 ${payload}= Create Dictionary AccountLockoutThreshold=${account_lockout_threshold} 306 ... AccountLockoutDuration=${account_lockout_duration} 307 Redfish.Patch /redfish/v1/AccountService/ body=&{payload} 308 gen_robot_valid.Valid Length OPENBMC_PASSWORD min_length=8 309 Redfish.Logout 310 311Restore Default Password For Root User 312 [Documentation] Restore default password for root user (i.e. 0penBmc). 313 314 # Set default password for root user. 315 Redfish.Patch /redfish/v1/AccountService/Accounts/${OPENBMC_USERNAME} 316 ... body={'Password': '${OPENBMC_PASSWORD}'} valid_status_codes=[${HTTP_OK}] 317 # Verify that root user is able to run Redfish command using default password. 318 Redfish.Logout 319 320 321Test Teardown Execution 322 [Documentation] Do test teardown task. 323 324 Redfish.Login 325 Wait Until Keyword Succeeds 1 min 10 sec Restore Default Password For Root User 326 Redfish.Logout 327 Set Account Lockout Threshold account_lockout_threshold=${5} 328 FFDC On Test Case Fail 329 330 331Expire Password 332 [Documentation] Force expire password. 333 [Arguments] ${username} 334 335 # Description of argument(s): 336 # username User to be created and expire. 337 338 # Expire the password. 339 Open Connection And Log In ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} 340 341 ${output} ${stderr} ${rc}= BMC Execute Command passwd --expire ${username} 342 Should Contain Any ${output} password expiry information changed password changed 343 344 # Example output: 345 # passwd --expire admin 346 # passwd: password changed. 347 348 Close All Connections 349 350 351Restore Default Password For Admin User 352 [Documentation] Restore default password for admin user (i.e. AdminUser1). 353 354 # Set default password for admin user. 355 Redfish.Patch /redfish/v1/AccountService/Accounts/${admin_user} 356 ... body={'Password': '${default_adminuser_passwd}'} valid_status_codes=[${HTTP_OK}] 357 # Verify that admin user is able to run Redfish command using default password. 358 Redfish.Logout 359 360 361Set Password Via Redfish 362 [Documentation] Set new password via redfish. 363 [Arguments] ${new_password} ${expect_result} 364 365 # Description of argument(s): 366 # new_password New password set. 367 # expect_result Expected result (eg:true or false). 368 369 ${status}= Run Keyword And Return Status 370 ... Redfish.Patch /redfish/v1/AccountService/Accounts/${admin_user} 371 ... body={'Password': '${new_password}'} 372 373 Should be Equal ${status} ${expect_result} 374