1*** Settings ***
2Documentation     Test root user expire password.
3
4Resource          ../lib/resource.robot
5Resource          ../lib/bmc_redfish_resource.robot
6Resource          ../lib/ipmi_client.robot
7Library           ../lib/bmc_ssh_utils.py
8Library           SSHLibrary
9
10Suite Setup       Suite Setup Execution
11Suite Teardown    Suite Teardown Execution
12
13Test Teardown     Test Teardown Execution
14
15*** Test Cases ***
16
17Expire Root Password And Check IPMI Access Fails
18    [Documentation]   Expire root user password and expect an error while access via IPMI.
19    [Tags]  Expire_Root_Password_And_Check_IPMI_Access_Fails
20
21    Open Connection And Log In  ${OPENBMC_USERNAME}  ${OPENBMC_PASSWORD}
22
23    ${output}  ${stderr}  ${rc}=  BMC Execute Command  passwd --expire ${OPENBMC_USERNAME}
24    Should Contain  ${output}  password expiry information changed
25
26    ${status}=  Run Keyword And Return Status   Run External IPMI Standard Command  lan print -v
27    Should Be Equal  ${status}  ${False}
28
29
30Expire Root Password And Check SSH Access Fails
31    [Documentation]   Expire root user password and expect an error while access via SSH.
32    [Tags]  Expire_Root_Password_And_Check_SSH_Access_Fails
33
34    Open Connection And Log In  ${OPENBMC_USERNAME}  ${OPENBMC_PASSWORD}
35    ${output}  ${stderr}  ${rc}=  BMC Execute Command  passwd --expire ${OPENBMC_USERNAME}
36    Should Contain  ${output}  password expiry information changed
37
38    ${status}=  Run Keyword And Return Status
39    ...  Open Connection And Log In  ${OPENBMC_USERNAME}  ${OPENBMC_PASSWORD}
40    Should Be Equal  ${status}  ${False}
41
42
43Expire And Change Root User Password And Access Via SSH
44    [Documentation]   Expire and change root user password and access via SSH.
45    [Tags]  Expire_Root_User_Password_And_Access_Via_SSH
46    [Teardown]  Run Keywords  Wait Until Keyword Succeeds  1 min  10 sec
47    ...  Restore Default Password For Root User  AND  FFDC On Test Case Fail
48
49    Open Connection And Log In  ${OPENBMC_USERNAME}  ${OPENBMC_PASSWORD}
50
51    ${output}  ${stderr}  ${rc}=  BMC Execute Command  passwd --expire ${OPENBMC_USERNAME}
52    Should Contain  ${output}  password expiry information changed
53
54    Redfish.Login
55    # Change to a valid password.
56    ${resp}=  Redfish.Patch  /redfish/v1/AccountService/Accounts/${OPENBMC_USERNAME}
57    ...  body={'Password': '0penBmc123'}  valid_status_codes=[${HTTP_OK}]
58
59    # Verify login with the new password through SSH.
60    Open Connection And Log In  ${OPENBMC_USERNAME}  0penBmc123
61
62
63Expire Root Password And Update Bad Password Length Via Redfish
64   [Documentation]  Expire root password and update bad password via Redfish and expect an error.
65   [Tags]  Expire_Root_Password_And_Update_Bad_Password_Length_Via_Redfish
66   [Teardown]  Run Keywords  Wait Until Keyword Succeeds  1 min  10 sec
67   ...  Restore Default Password For Root User  AND  FFDC On Test Case Fail
68
69   Open Connection And Log In  ${OPENBMC_USERNAME}  ${OPENBMC_PASSWORD}
70   ${output}  ${stderr}  ${rc}=  BMC Execute Command  passwd --expire ${OPENBMC_USERNAME}
71   Should Contain  ${output}  password expiry information changed
72
73   Redfish.Login
74   ${status}=  Run Keyword And Return Status
75   ...  Redfish.Patch  /redfish/v1/AccountService/Accounts/${OPENBMC_USERNAME}
76   ...  body={'Password': '0penBmc0penBmc0penBmc'}
77   Should Be Equal  ${status}  ${False}
78
79
80Expire And Change Root User Password Via Redfish And Verify
81   [Documentation]   Expire and change root user password via Redfish and verify.
82   [Tags]  Expire_And_Change_Root_User_Password_Via_Redfish_And_Verify
83   [Teardown]  Run Keywords  FFDC On Test Case Fail  AND
84   ...  Wait Until Keyword Succeeds  1 min  10 sec
85   ...  Restore Default Password For Root User
86
87   Open Connection And Log In  ${OPENBMC_USERNAME}  ${OPENBMC_PASSWORD}
88
89   ${output}  ${stderr}  ${rc}=  BMC Execute Command  passwd --expire ${OPENBMC_USERNAME}
90   Should Contain  ${output}  password expiry information changed
91
92
93   Redfish.Login
94   Verify Root Password Expired
95   # Change to a valid password.
96   Redfish.Patch  /redfish/v1/AccountService/Accounts/${OPENBMC_USERNAME}
97   ...  body={'Password': '0penBmc123'}
98   Redfish.Logout
99
100   # Verify login with the new password.
101   Redfish.Login  ${OPENBMC_USERNAME}  0penBmc123
102
103
104Verify Error While Creating User With Expired Password
105    [Documentation]  Expire root password and expect an error while creating new user.
106    [Tags]  Verify_Error_While_Creating_User_With_Expired_Password
107    [Teardown]  Run Keywords  Wait Until Keyword Succeeds  1 min  10 sec
108    ...  Restore Default Password For Root User  AND  FFDC On Test Case Fail
109
110
111    Open Connection And Log In  ${OPENBMC_USERNAME}  ${OPENBMC_PASSWORD}
112    ${output}  ${stderr}  ${rc}=  BMC Execute Command  passwd --expire ${OPENBMC_USERNAME}
113    Should Contain  ${output}  password expiry information changed
114
115    Verify Root Password Expired
116    Redfish.Login
117    ${payload}=  Create Dictionary
118    ...  UserName=admin_user  Password=TestPwd123  RoleId=Administrator  Enabled=${True}
119    Redfish.Post  /redfish/v1/AccountService/Accounts/  body=&{payload}
120    ...  valid_status_codes=[${HTTP_FORBIDDEN}]
121
122
123*** Keywords ***
124
125Suite Setup Execution
126   [Documentation]  Suite setup  execution.
127
128   Redfish.login
129   Redfish.Patch  /redfish/v1/AccountService/  body={"AccountLockoutThreshold": 0}
130   Valid Length  OPENBMC_PASSWORD  min_length=8
131   Redfish.Logout
132
133Restore Default Password For Root User
134    [Documentation]  Restore default password for root user (i.e. 0penBmc).
135
136    # Set default password for root user.
137    Redfish.Patch  /redfish/v1/AccountService/Accounts/${OPENBMC_USERNAME}
138    ...   body={'Password': '${OPENBMC_PASSWORD}'}  valid_status_codes=[${HTTP_OK}]
139    # Verify that root user is able to run Redfish command using default password.
140    Redfish.Logout
141
142
143Test Teardown Execution
144    [Documentation]  Do test teardown task.
145
146    Redfish.Login
147    Wait Until Keyword Succeeds  1 min  10 sec  Restore Default Password For Root User
148    FFDC On Test Case Fail
149
150
151Suite Teardown Execution
152    [Documentation]  Do suite teardown task.
153
154    Redfish.login
155    Redfish.Patch  /redfish/v1/AccountService/  body={"AccountLockoutThreshold": 5}
156    Redfish.Logout
157
158Verify Root Password Expired
159    [Documentation]  Checking whether root password expired or not.
160
161    Create Session  openbmc  ${AUTH_URI}
162    ${headers}=  Create Dictionary  Content-Type=application/json
163    @{credentials}=  Create List  ${OPENBMC_USERNAME}  ${OPENBMC_PASSWORD}
164    ${data}=  Create Dictionary  data=@{credentials}
165    ${resp}=  Post Request  openbmc  /login  data=${data}  headers=${headers}
166    ${json}=  To JSON  ${resp.content}
167    Should Contain  ${json["extendedMessage"]}  POST the new password
168