1*** Settings *** 2Documentation Test root user expire password. 3 4Resource ../lib/resource.robot 5Resource ../gui/lib/resource.robot 6Resource ../lib/ipmi_client.robot 7Library ../lib/bmc_ssh_utils.py 8Library SSHLibrary 9 10Test Setup Set Account Lockout Threshold 11 12*** Variables *** 13 14# If user re-tries more than 5 time incorrectly, the user gets locked for 5 minutes. 15${default_lockout_duration} ${300} 16 17 18*** Test Cases *** 19 20Expire Root Password And Check IPMI Access Fails 21 [Documentation] Expire root user password and expect an error while access via IPMI. 22 [Tags] Expire_Root_Password_And_Check_IPMI_Access_Fails 23 [Teardown] Test Teardown Execution 24 25 Open Connection And Log In ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} 26 27 ${output} ${stderr} ${rc}= BMC Execute Command passwd --expire ${OPENBMC_USERNAME} 28 Should Contain ${output} password expiry information changed 29 30 ${status}= Run Keyword And Return Status Run External IPMI Standard Command lan print -v 31 Should Be Equal ${status} ${False} 32 33 34Expire Root Password And Check SSH Access Fails 35 [Documentation] Expire root user password and expect an error while access via SSH. 36 [Tags] Expire_Root_Password_And_Check_SSH_Access_Fails 37 [Teardown] Test Teardown Execution 38 39 Open Connection And Log In ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} 40 ${output} ${stderr} ${rc}= BMC Execute Command passwd --expire ${OPENBMC_USERNAME} 41 Should Contain ${output} password expiry information changed 42 43 ${status}= Run Keyword And Return Status 44 ... Open Connection And Log In ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} 45 Should Be Equal ${status} ${False} 46 47 48Expire And Change Root User Password And Access Via SSH 49 [Documentation] Expire and change root user password and access via SSH. 50 [Tags] Expire_Root_User_Password_And_Access_Via_SSH 51 [Teardown] Run Keywords Wait Until Keyword Succeeds 1 min 10 sec 52 ... Restore Default Password For Root User AND FFDC On Test Case Fail 53 54 Open Connection And Log In ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} 55 56 ${output} ${stderr} ${rc}= BMC Execute Command passwd --expire ${OPENBMC_USERNAME} 57 Should Contain ${output} password expiry information changed 58 59 Redfish.Login 60 # Change to a valid password. 61 ${resp}= Redfish.Patch /redfish/v1/AccountService/Accounts/${OPENBMC_USERNAME} 62 ... body={'Password': '0penBmc123'} valid_status_codes=[${HTTP_OK}] 63 64 # Verify login with the new password through SSH. 65 Open Connection And Log In ${OPENBMC_USERNAME} 0penBmc123 66 67 68Expire Root Password And Update Bad Password Length Via Redfish 69 [Documentation] Expire root password and update bad password via Redfish and expect an error. 70 [Tags] Expire_Root_Password_And_Update_Bad_Password_Length_Via_Redfish 71 [Teardown] Run Keywords Wait Until Keyword Succeeds 1 min 10 sec 72 ... Restore Default Password For Root User AND FFDC On Test Case Fail 73 74 Open Connection And Log In ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} 75 ${output} ${stderr} ${rc}= BMC Execute Command passwd --expire ${OPENBMC_USERNAME} 76 Should Contain ${output} password expiry information changed 77 78 Redfish.Login 79 ${status}= Run Keyword And Return Status 80 ... Redfish.Patch /redfish/v1/AccountService/Accounts/${OPENBMC_USERNAME} 81 ... body={'Password': '0penBmc0penBmc0penBmc'} 82 Should Be Equal ${status} ${False} 83 84 85Expire And Change Root User Password Via Redfish And Verify 86 [Documentation] Expire and change root user password via Redfish and verify. 87 [Tags] Expire_And_Change_Root_User_Password_Via_Redfish_And_Verify 88 [Teardown] Run Keywords FFDC On Test Case Fail AND 89 ... Wait Until Keyword Succeeds 1 min 10 sec 90 ... Restore Default Password For Root User 91 92 Open Connection And Log In ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} 93 94 ${output} ${stderr} ${rc}= BMC Execute Command passwd --expire ${OPENBMC_USERNAME} 95 Should Contain ${output} password expiry information changed 96 97 Redfish.Login 98 Verify Root Password Expired 99 # Change to a valid password. 100 Redfish.Patch /redfish/v1/AccountService/Accounts/${OPENBMC_USERNAME} 101 ... body={'Password': '0penBmc123'} 102 Redfish.Logout 103 104 # Verify login with the new password. 105 Redfish.Login ${OPENBMC_USERNAME} 0penBmc123 106 107 108Verify Error While Creating User With Expired Password 109 [Documentation] Expire root password and expect an error while creating new user. 110 [Tags] Verify_Error_While_Creating_User_With_Expired_Password 111 [Teardown] Run Keywords Wait Until Keyword Succeeds 1 min 10 sec 112 ... Restore Default Password For Root User AND FFDC On Test Case Fail 113 114 Open Connection And Log In ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} 115 ${output} ${stderr} ${rc}= BMC Execute Command passwd --expire ${OPENBMC_USERNAME} 116 Should Contain ${output} password expiry information changed 117 118 Verify Root Password Expired 119 Redfish.Login 120 ${payload}= Create Dictionary 121 ... UserName=admin_user Password=TestPwd123 RoleId=Administrator Enabled=${True} 122 Redfish.Post /redfish/v1/AccountService/Accounts/ body=&{payload} 123 ... valid_status_codes=[${HTTP_FORBIDDEN}] 124 125 126Expire And Change Root Password Via GUI 127 [Documentation] Expire and change root password via GUI. 128 [Tags] Expire_And_Change_Root_Password_Via_GUI 129 [Setup] Run Keywords Launch Browser And Login OpenBMC GUI 130 [Teardown] Run Keywords Logout And Close Browser 131 ... AND Restore Default Password For Root User AND FFDC On Test Case Fail 132 133 Open Connection And Log In ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} 134 ${output} ${stderr} ${rc}= BMC Execute Command passwd --expire ${OPENBMC_USERNAME} 135 Should Contain ${output} password expiry information changed 136 137 Click Button ${xpath_button_user_action} 138 Click Element ${xpath_button_profile_settings} 139 Page Should Contain Change password 140 Sleep 2s 141 # Change valid password. 142 Input Text ${xpath_input_password} 0penBmc123 143 Input Text ${xpath_input_confirm_password} 0penBmc123 144 Click Button ${xpath_submit_button} 145 146 # Verify valid password. 147 Open Browser With URL ${obmc_gui_url} 148 Login OpenBMC GUI ${OPENBMC_USERNAME} 0penBmc123 149 Redfish.Login ${OPENBMC_USERNAME} 0penBmc123 150 151 152Verify Maximum Failed Attempts And Check Root User Account Locked 153 [Documentation] Verify maximum failed attempts and locks out root user account. 154 [Tags] Verify_Maximum_Failed_Attempts_And_Check_Root_User_Account_Locked 155 [Setup] Set Account Lockout Threshold account_lockout_threshold=${5} 156 157 # Make maximum failed login attempts. 158 Repeat Keyword ${5} times 159 ... Run Keyword And Expect Error InvalidCredentialsError* Redfish.Login root 0penBmc123 160 161 # Verify that legitimate login fails due to lockout. 162 Run Keyword And Expect Error InvalidCredentialsError* 163 ... Redfish.Login ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} 164 165 # Wait for lockout duration to expire and then verify that login works. 166 Sleep ${default_lockout_duration}s 167 Redfish.Login 168 Redfish.Logout 169 170Verify New Password Persistency After BMC Reboot 171 [Documentation] Verify new password persistency after BMC reboot. 172 [Tags] Verify_New_Password_Persistency_After_BMC_Reboot 173 [Teardown] Test Teardown Execution 174 175 Redfish.Login 176 177 # Make sure the user account in question does not already exist. 178 Redfish.Delete /redfish/v1/AccountService/Accounts/admin_user 179 ... valid_status_codes=[${HTTP_OK}, ${HTTP_NOT_FOUND}] 180 181 # Create specified user. 182 ${payload}= Create Dictionary 183 ... UserName=admin_user Password=TestPwd123 RoleId=Administrator Enabled=${True} 184 Redfish.Post /redfish/v1/AccountService/Accounts/ body=&{payload} 185 ... valid_status_codes=[${HTTP_CREATED}] 186 Redfish.Logout 187 188 Redfish.Login admin_user TestPwd123 189 190 # Change to a valid password. 191 Redfish.Patch /redfish/v1/AccountService/Accounts/admin_user 192 ... body={'Password': '0penBmc123'} 193 194 # Reboot BMC and verify persistency. 195 Redfish OBMC Reboot (off) 196 197 # verify new password 198 Redfish.Login admin_user 0penBmc123 199 200 201*** Keywords *** 202 203Set Account Lockout Threshold 204 [Documentation] Set user account lockout threshold. 205 [Arguments] ${account_lockout_threshold}=${0} 206 207 # Description of argument(s): 208 # account_lockout_threshold Set lockout threshold value. 209 210 Redfish.login 211 Redfish.Patch /redfish/v1/AccountService/ body={"AccountLockoutThreshold":${account_lockout_threshold}} 212 gen_robot_valid.Valid Length OPENBMC_PASSWORD min_length=8 213 Redfish.Logout 214 215Restore Default Password For Root User 216 [Documentation] Restore default password for root user (i.e. 0penBmc). 217 218 # Set default password for root user. 219 Redfish.Patch /redfish/v1/AccountService/Accounts/${OPENBMC_USERNAME} 220 ... body={'Password': '${OPENBMC_PASSWORD}'} valid_status_codes=[${HTTP_OK}] 221 # Verify that root user is able to run Redfish command using default password. 222 Redfish.Logout 223 224 225Test Teardown Execution 226 [Documentation] Do test teardown task. 227 228 Redfish.Login 229 Wait Until Keyword Succeeds 1 min 10 sec Restore Default Password For Root User 230 Redfish.Logout 231 Set Account Lockout Threshold account_lockout_threshold=${5} 232 FFDC On Test Case Fail 233 234 235Verify Root Password Expired 236 [Documentation] Checking whether root password expired or not. 237 238 Create Session openbmc ${AUTH_URI} 239 ${headers}= Create Dictionary Content-Type=application/json 240 @{credentials}= Create List ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} 241 ${data}= Create Dictionary data=@{credentials} 242 ${resp}= Post Request openbmc /login data=${data} headers=${headers} 243 ${json}= To JSON ${resp.content} 244 Should Contain ${json["extendedMessage"]} POST the new password 245 246