| *** Settings *** |
| Documentation Test Redfish service root login security. |
| |
| Resource ../../lib/resource.robot |
| Resource ../../lib/bmc_redfish_resource.robot |
| Resource ../../lib/openbmc_ffdc.robot |
| |
| Test Teardown FFDC On Test Case Fail |
| Test Setup Printn |
| |
| *** Variables *** |
| |
| ${LOGIN_SESSION_COUNT} ${50} |
| |
| &{header_requirements} Strict-Transport-Security=max-age=31536000; includeSubdomains; preload |
| ... X-Frame-Options=DENY |
| ... Pragma=no-cache |
| ... Cache-Control=no-Store,no-Cache |
| ... Content-Security-Policy=default-src 'none'; img-src 'self' data:; font-src 'self'; style-src 'self'; script-src 'self'; connect-src 'self' wss:; form-action 'none'; frame-ancestors 'none'; object-src 'none'; base-uri 'none' |
| ... X-XSS-Protection=1; mode=block |
| ... X-Content-Type-Options=nosniff |
| |
| *** Test Cases *** |
| |
| Redfish Login With Invalid Credentials |
| [Documentation] Login to BMC web using invalid credential. |
| [Tags] Redfish_Login_With_Invalid_Credentials |
| [Template] Login And Verify Redfish Response |
| |
| # Username Password Expect status |
| ${OPENBMC_USERNAME} deadpassword InvalidCredentialsError |
| groot ${OPENBMC_PASSWORD} InvalidCredentialsError |
| ${EMPTY} ${OPENBMC_PASSWORD} SessionCreationError |
| ${OPENBMC_USERNAME} ${EMPTY} SessionCreationError |
| ${EMPTY} ${EMPTY} SessionCreationError |
| |
| |
| Redfish Login Using Unsecured HTTP |
| [Documentation] Login to BMC web through http unsecured. |
| [Tags] Redfish_Login_Using_Unsecured_HTTP |
| |
| Create Session openbmc http://${OPENBMC_HOST} |
| ${data}= Create Dictionary |
| ... UserName=${OPENBMC_USERNAME} Password=${OPENBMC_PASSWORD} |
| |
| ${headers}= Create Dictionary Content-Type=application/json |
| |
| Run Keyword And Expect Error *Connection refused* |
| ... POST On Session openbmc /redfish/v1/SessionService/Sessions |
| ... data=${data} headers=${headers} |
| |
| |
| Redfish Login Using HTTPS Wrong Port 80 Protocol |
| [Documentation] Login to BMC web through wrong protocol port 80. |
| [Tags] Redfish_Login_Using_HTTPS_Wrong_Port_80_Protocol |
| |
| Create Session openbmc https://${OPENBMC_HOST}:80 |
| ${data}= Create Dictionary |
| ... UserName=${OPENBMC_USERNAME} Password=${OPENBMC_PASSWORD} |
| |
| ${headers}= Create Dictionary Content-Type=application/json |
| |
| Run Keyword And Expect Error *Connection refused* |
| ... POST On Session openbmc /redfish/v1/SessionService/Sessions |
| ... data=${data} headers=${headers} |
| |
| |
| Create Multiple Login Sessions And Verify |
| [Documentation] Create 50 login instances and verify. |
| [Tags] Create_Multiple_Login_Sessions_And_Verify |
| [Teardown] Run Keyword And Ignore Error Multiple Session Cleanup |
| |
| Redfish.Login |
| # Example: |
| # { |
| # 'key': 'L0XEsZAXpNdF147jJaOD', |
| # 'location': '/redfish/v1/SessionService/Sessions/qWn2JOJSOs' |
| # } |
| ${saved_session_info}= Get Redfish Session Info |
| |
| # Sessions book keeping for cleanup once done. |
| ${session_list}= Create List |
| Set Test Variable ${session_list} |
| |
| Repeat Keyword ${LOGIN_SESSION_COUNT} times Create New Login Session |
| |
| # Update the redfish session object with the first login key and location |
| # and verify if it is still working. |
| Redfish.Set Session Key ${saved_session_info["key"]} |
| Redfish.Set Session Location ${saved_session_info["location"]} |
| Redfish.Get ${saved_session_info["location"]} |
| |
| |
| Attempt Login With Expired Session |
| [Documentation] Authenticate to redfish, then log out and attempt to |
| ... use the session. |
| [Tags] Attempt_Login_With_Expired_Session |
| |
| Redfish.Login |
| ${saved_session_info}= Get Redfish Session Info |
| Redfish.Logout |
| |
| # Attempt login with expired session. |
| # By default 60 minutes of inactivity closes the session. |
| Redfish.Set Session Key ${saved_session_info["key"]} |
| Redfish.Set Session Location ${saved_session_info["location"]} |
| |
| Redfish.Get ${saved_session_info["location"]} valid_status_codes=[${HTTP_UNAUTHORIZED}] |
| |
| |
| Login And Verify HTTP Response Header |
| [Documentation] Login and verify redfish HTTP response header. |
| [Tags] Login_And_Verify_HTTP_Response_Header |
| |
| # Example of HTTP redfish response header. |
| # Strict-Transport-Security: max-age=31536000; includeSubdomains; preload |
| # X-Frame-Options: DENY |
| # Pragma: no-cache |
| # Cache-Control: no-Store,no-Cache |
| # Content-Security-Policy: default-src 'self'; img-src 'self' data: |
| # X-XSS-Protection: 1; mode=block |
| # X-Content-Type-Options: nosniff |
| |
| Rprint Vars header_requirements fmt=1 |
| |
| Redfish.Login |
| ${resp}= Redfish.Get /redfish/v1/SessionService/Sessions |
| |
| # The getheaders() method returns the headers as a list of tuples: |
| # headers: |
| # [Strict-Transport-Security]: max-age=31536000; includeSubdomains; preload |
| # [X-Frame-Options]: DENY |
| # [Pragma]: no-cache |
| # [Cache-Control]: no-Store,no-Cache |
| # [Content-Security-Policy]: default-src 'self'; img-src 'self' data: |
| # [X-XSS-Protection]: 1; mode=block |
| # [X-Content-Type-Options]: nosniff |
| # [X-UA-Compatible]: IE=11 |
| # [Content-Type]: application/json |
| # [Server]: iBMC |
| # [Date]: Tue, 16 Apr 2019 17:49:46 GMT |
| # [Content-Length]: 2177 |
| |
| ${headers}= Key Value List To Dict ${resp.getheaders()} |
| Rprint Vars headers fmt=1 |
| |
| Dictionary Should Contain Sub Dictionary ${headers} ${header_requirements} |
| |
| |
| *** Keywords *** |
| |
| Login And Verify Redfish Response |
| [Documentation] Login and verify redfish response. |
| [Arguments] ${username} ${password} ${expected_response} |
| |
| # Description of arguments: |
| # expected_response Expected REST status. |
| # username The username to be used to connect to the server. |
| # password The password to be used to connect to the server. |
| |
| # The redfish object may preserve a valid username or password from the |
| # last failed login attempt. If we then try to login with a null username |
| # or password value, the redfish object may prefer the preserved value. |
| # Since we're testing bad path, we wish to avoid this scenario so we will |
| # clear these values. |
| |
| Redfish.Set Username ${EMPTY} |
| Redfish.Set Password ${EMPTY} |
| |
| ${msg}= Run Keyword And Expect Error * Redfish.Login ${username} ${password} |
| |
| # redfish package version <=3.1.6 default response is InvalidCredentialsError. |
| Should Contain Any ${msg} InvalidCredentialsError ${expected_response} |
| |
| |
| Create New Login Session |
| [Documentation] Multiple login session keys. |
| |
| Redfish.Login |
| ${session_info}= Get Redfish Session Info |
| |
| # Append the session location to the list. |
| # ['/redfish/v1/SessionService/Sessions/uDzihgDecs', |
| # '/redfish/v1/SessionService/Sessions/PaHF5brPPd'] |
| Append To List ${session_list} ${session_info["location"]} |
| |
| |
| Multiple Session Cleanup |
| [Documentation] Do the teardown for multiple sessions. |
| |
| FFDC On Test Case Fail |
| |
| FOR ${item} IN @{session_list} |
| Redfish.Delete ${item} |
| END |