commit 91e597178fd8aaec18c8f20a2a06a22d5b4d0c28
author Prashanth Katti <prkatti1@in.ibm.com> Tue Apr 14 08:12:09 2020 -0500
committer George Keishing <gkeishin@in.ibm.com> Wed May 13 16:45:31 2020 +0000
tree 58347b9a3e286521f6043ccbf0ecff28370d7ba2
parent 966a4c5c4a22f87e711cddb958ce7b58f185f14b

Added new security test cases

Signed-off-by: Prashanth Katti <prkatti1@in.ibm.com>
Change-Id: Iba88cdafc6dd879d03e5dea001c8074a42558a90

security/test_bmc_connections.robot

diff --git a/security/test_bmc_connections.robot b/security/test_bmc_connections.robot
index d785d8d..d82ac8a 100644
--- a/security/test_bmc_connections.robot
+++ b/security/test_bmc_connections.robot
@@ -62,9 +62,42 @@
 
     SSHLibrary.Open Connection  ${OPENBMC_HOST}
     ${status}=   Run Keyword And Return Status  SSHLibrary.Login  ${OPENBMC_USERNAME}  ${OPENBMC_PASSWORD}
+
     Should Be Equal  ${status}  ${False}
 
 
+Test Post Without Auth Token Fails
+    [Documentation]  Send post method without auth token and verify it throws an error.
+    [Tags]   Test_Post_Without_Auth_Token_Fails
+
+    ${user_info}=  Create Dictionary  UserName=test_user  Password=TestPwd123  RoleId=Operator  Enabled=${True}
+    Redfish.Post  /redfish/v1/AccountService/Accounts/  body=&{user_info}
+    ...  valid_status_codes=[${HTTP_UNAUTHORIZED}, ${HTTP_FORBIDDEN}]
+
+
+Flood Post Without Auth Token And Check Stability Of BMC
+    [Documentation]  Flood post method without auth token and check BMC stability.
+    [Tags]  Flood_Post_Without_Auth_Token_And_Check_Stability_Of_BMC
+
+    @{status_list}=  Create List
+    ${user_info}=  Create Dictionary  UserName=test_user  Password=TestPwd123  RoleId=Operator  Enabled=${True}
+
+    FOR  ${i}  IN RANGE  ${1}  ${iterations}
+        Log To Console  ${i}th iteration
+        Run Keyword And Ignore Error
+        ...  Redfish.Post   /redfish/v1/AccountService/Accounts/  body=&{user_info}
+
+        # Every 100th iteration, check BMC allows post with auth token.
+        ${status}=  Run Keyword If  ${i} % 100 == 0  Run Keyword And Return Status
+        ...  Login And Create User
+        Run Keyword If  ${status} == False  Append To List  ${status_list}  ${status}
+    END
+    ${verify_count}=  Evaluate  ${iterations}/100
+    ${fail_count}=  Get Length  ${status_list}
+
+    Should Be Equal  ${fail_count}  0  msg=Post operation failed ${fail_count} times in ${verify_count} attempts
+
+
 *** Keywords ***
 
 Login And Configure Hostname
@@ -77,3 +110,13 @@
     Redfish.patch  ${REDFISH_NW_PROTOCOL_URI}  body={'HostName': '${hostname}'}
     ...  valid_status_codes=[${HTTP_OK}, ${HTTP_NO_CONTENT}]
 
+
+Login And Create User
+    [Documentation]  Login and create user
+
+    [Teardown]  Redfish.Logout
+
+    Redfish.Login
+
+    ${user_info}=  Create Dictionary  UserName=test_user  Password=TestPwd123  RoleId=Operator  Enabled=${True}
+    Redfish.Post  /redfish/v1/AccountService/Accounts/  body=&{user_info}  valid_status_codes=[${HTTP_OK}]