Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / openbmc-test-automation / 0e0e67c2c3286d2dc68373e377e48238f8f517c0 / . / redfish / service_root / test_service_root_security.robot
blob: 0fa3ebe3ef92003a64148673faac11e7325f7d72 [file] [log] [blame]
George Keishing4c394012019-02-01 06:03:02 -0600[diff] [blame]1*** Settings ***
Joy Onyerikwudbfe97d2019-03-11 19:44:56 -0500[diff] [blame]2Documentation Test Redfish service root login security.
3
George Keishing85609902019-02-18 07:24:24 -0600[diff] [blame]4Resource ../../lib/resource.robot
George Keishing4c394012019-02-01 06:03:02 -0600[diff] [blame]5Resource ../../lib/bmc_redfish_resource.robot
George Keishing3298d5c2019-02-12 06:59:25 -0600[diff] [blame]6Resource ../../lib/openbmc_ffdc.robot
7
8Test Teardown FFDC On Test Case Fail
Michael Walshc108e422019-03-28 12:27:18 -0500[diff] [blame]9Test Setup Printn
George Keishing4c394012019-02-01 06:03:02 -0600[diff] [blame]10
George Keishing374e6842019-02-20 08:57:18 -0600[diff] [blame]11*** Variables ***
12
13${LOGIN_SESSION_COUNT} ${50}
14
George Keishing35e0bba2019-06-04 13:10:55 -0500[diff] [blame]15&{header_requirements} Strict-Transport-Security=max-age=31536000; includeSubdomains; preload
16... X-Frame-Options=DENY
17... Pragma=no-cache
18... Cache-Control=no-Store,no-Cache
George Keishingf9248952021-05-28 07:52:37 -0500[diff] [blame]19... Content-Security-Policy=default-src 'none'; img-src 'self' data:; font-src
20... 'self'; style-src 'self'; script-src 'self'; connect-src 'self' wss:
George Keishing35e0bba2019-06-04 13:10:55 -0500[diff] [blame]21... X-XSS-Protection=1; mode=block
22... X-Content-Type-Options=nosniff
George Keishing9edf5bc2019-04-09 15:07:28 -0500[diff] [blame]23
George Keishing4c394012019-02-01 06:03:02 -0600[diff] [blame]24*** Test Cases ***
25
George Keishing5ee33d92019-02-02 12:33:25 -0600[diff] [blame]26Redfish Login With Invalid Credentials
George Keishing4c394012019-02-01 06:03:02 -0600[diff] [blame]27 [Documentation] Login to BMC web using invalid credential.
George Keishing5ee33d92019-02-02 12:33:25 -0600[diff] [blame]28 [Tags] Redfish_Login_With_Invalid_Credentials
George Keishing4c394012019-02-01 06:03:02 -0600[diff] [blame]29 [Template] Login And Verify Redfish Response
30
31 # Expect status Username Password
32 InvalidCredentialsError* ${OPENBMC_USERNAME} deadpassword
33 InvalidCredentialsError* groot ${OPENBMC_PASSWORD}
34 InvalidCredentialsError* ${EMPTY} ${OPENBMC_PASSWORD}
35 InvalidCredentialsError* ${OPENBMC_USERNAME} ${EMPTY}
36 InvalidCredentialsError* ${EMPTY} ${EMPTY}
37
38
George Keishing5ee33d92019-02-02 12:33:25 -0600[diff] [blame]39Redfish Login Using Unsecured HTTP
George Keishinga8116932019-02-05 11:51:47 -0600[diff] [blame]40 [Documentation] Login to BMC web through http unsecured.
George Keishing5ee33d92019-02-02 12:33:25 -0600[diff] [blame]41 [Tags] Redfish_Login_Using_Unsecured_HTTP
George Keishinga8116932019-02-05 11:51:47 -0600[diff] [blame]42
43 Create Session openbmc http://${OPENBMC_HOST}
44 ${data}= Create Dictionary
45 ... UserName=${OPENBMC_USERNAME} Password=${OPENBMC_PASSWORD}
46
47 ${headers}= Create Dictionary Content-Type=application/json
48
49 Run Keyword And Expect Error *Connection refused*
50 ... Post Request openbmc /redfish/v1/SessionService/Sessions
51 ... data=${data} headers=${headers}
52
53
George Keishingb2f07342019-02-09 05:21:45 -0600[diff] [blame]54Redfish Login Using HTTPS Wrong Port 80 Protocol
55 [Documentation] Login to BMC web through wrong protocol port 80.
56 [Tags] Redfish_Login_Using_HTTPS_Wrong_Port_80_Protocol
57
58 Create Session openbmc https://${OPENBMC_HOST}:80
59 ${data}= Create Dictionary
60 ... UserName=${OPENBMC_USERNAME} Password=${OPENBMC_PASSWORD}
61
62 ${headers}= Create Dictionary Content-Type=application/json
63
64 Run Keyword And Expect Error *Connection refused*
65 ... Post Request openbmc /redfish/v1/SessionService/Sessions
66 ... data=${data} headers=${headers}
67
68
George Keishing374e6842019-02-20 08:57:18 -0600[diff] [blame]69Create Multiple Login Sessions And Verify
70 [Documentation] Create 50 login instances and verify.
71 [Tags] Create_Multiple_Login_Sessions_And_Verify
Sushil Singhd1a35ac2020-08-04 11:28:56 -0500[diff] [blame]72 [Teardown] Run Keyword And Ignore Error Multiple Session Cleanup
George Keishing374e6842019-02-20 08:57:18 -0600[diff] [blame]73
George Keishing97c93942019-03-04 12:45:07 -0600[diff] [blame]74 Redfish.Login
George Keishing374e6842019-02-20 08:57:18 -0600[diff] [blame]75 # Example:
76 # {
77 # 'key': 'L0XEsZAXpNdF147jJaOD',
78 # 'location': '/redfish/v1/SessionService/Sessions/qWn2JOJSOs'
79 # }
George Keishing0b9d8ab2019-02-20 14:02:41 -0600[diff] [blame]80 ${saved_session_info}= Get Redfish Session Info
George Keishing374e6842019-02-20 08:57:18 -0600[diff] [blame]81
82 # Sessions book keeping for cleanup once done.
83 ${session_list}= Create List
84 Set Test Variable ${session_list}
85
86 Repeat Keyword ${LOGIN_SESSION_COUNT} times Create New Login Session
87
88 # Update the redfish session object with the first login key and location
89 # and verify if it is still working.
George Keishing97c93942019-03-04 12:45:07 -0600[diff] [blame]90 Redfish.Set Session Key ${saved_session_info["key"]}
91 Redfish.Set Session Location ${saved_session_info["location"]}
92 Redfish.Get ${saved_session_info["location"]}
George Keishing374e6842019-02-20 08:57:18 -0600[diff] [blame]93
94
George Keishing0b9d8ab2019-02-20 14:02:41 -0600[diff] [blame]95Attempt Login With Expired Session
96 [Documentation] Authenticate to redfish, then log out and attempt to
97 ... use the session.
98 [Tags] Attempt_Login_With_Expired_Session
99
George Keishing97c93942019-03-04 12:45:07 -0600[diff] [blame]100 Redfish.Login
George Keishing0b9d8ab2019-02-20 14:02:41 -0600[diff] [blame]101 ${saved_session_info}= Get Redfish Session Info
George Keishing97c93942019-03-04 12:45:07 -0600[diff] [blame]102 Redfish.Logout
George Keishing0b9d8ab2019-02-20 14:02:41 -0600[diff] [blame]103
104 # Attempt login with expired session.
105 # By default 60 minutes of inactivity closes the session.
George Keishing97c93942019-03-04 12:45:07 -0600[diff] [blame]106 Redfish.Set Session Key ${saved_session_info["key"]}
107 Redfish.Set Session Location ${saved_session_info["location"]}
George Keishing0b9d8ab2019-02-20 14:02:41 -0600[diff] [blame]108
George Keishing97c93942019-03-04 12:45:07 -0600[diff] [blame]109 Redfish.Get ${saved_session_info["location"]} valid_status_codes=[${HTTP_UNAUTHORIZED}]
George Keishing0b9d8ab2019-02-20 14:02:41 -0600[diff] [blame]110
111
George Keishing9edf5bc2019-04-09 15:07:28 -0500[diff] [blame]112Login And Verify HTTP Response Header
113 [Documentation] Login and verify redfish HTTP response header.
114 [Tags] Login_And_Verify_HTTP_Response_Header
115
116 # Example of HTTP redfish response header.
117 # Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
118 # X-Frame-Options: DENY
119 # Pragma: no-cache
120 # Cache-Control: no-Store,no-Cache
121 # Content-Security-Policy: default-src 'self'; img-src 'self' data:
122 # X-XSS-Protection: 1; mode=block
123 # X-Content-Type-Options: nosniff
124
Michael Walsh0d5f96a2019-05-20 10:09:57 -0500[diff] [blame]125 Rprint Vars header_requirements fmt=1
George Keishing9edf5bc2019-04-09 15:07:28 -0500[diff] [blame]126
127 Redfish.Login
128 ${resp}= Redfish.Get /redfish/v1/SessionService/Sessions
129
130 # The getheaders() method returns the headers as a list of tuples:
131 # headers:
132 # [Strict-Transport-Security]: max-age=31536000; includeSubdomains; preload
133 # [X-Frame-Options]: DENY
134 # [Pragma]: no-cache
135 # [Cache-Control]: no-Store,no-Cache
136 # [Content-Security-Policy]: default-src 'self'; img-src 'self' data:
137 # [X-XSS-Protection]: 1; mode=block
138 # [X-Content-Type-Options]: nosniff
139 # [X-UA-Compatible]: IE=11
140 # [Content-Type]: application/json
141 # [Server]: iBMC
142 # [Date]: Tue, 16 Apr 2019 17:49:46 GMT
143 # [Content-Length]: 2177
144
145 ${headers}= Key Value List To Dict ${resp.getheaders()}
Michael Walsh0d5f96a2019-05-20 10:09:57 -0500[diff] [blame]146 Rprint Vars headers fmt=1
George Keishing9edf5bc2019-04-09 15:07:28 -0500[diff] [blame]147
148 Dictionary Should Contain Sub Dictionary ${headers} ${header_requirements}
149
150
George Keishing4c394012019-02-01 06:03:02 -0600[diff] [blame]151*** Keywords ***
152
153Login And Verify Redfish Response
154 [Documentation] Login and verify redfish response.
155 [Arguments] ${expected_response} ${username} ${password}
156
157 # Description of arguments:
158 # expected_response Expected REST status.
159 # username The username to be used to connect to the server.
160 # password The password to be used to connect to the server.
161
George Keishing5e6515e2019-03-12 14:22:33 -0500[diff] [blame]162 # The redfish object may preserve a valid username or password from the
163 # last failed login attempt. If we then try to login with a null username
164 # or password value, the redfish object may prefer the preserved value.
165 # Since we're testing bad path, we wish to avoid this scenario so we will
166 # clear these values.
167
168 Redfish.Set Username ${EMPTY}
169 Redfish.Set Password ${EMPTY}
170
171 Run Keyword And Expect Error ${expected_response}
172 ... Redfish.Login ${username} ${password}
George Keishing374e6842019-02-20 08:57:18 -0600[diff] [blame]173
174
175Create New Login Session
176 [Documentation] Multiple login session keys.
177
George Keishing97c93942019-03-04 12:45:07 -0600[diff] [blame]178 Redfish.Login
George Keishing374e6842019-02-20 08:57:18 -0600[diff] [blame]179 ${session_info}= Get Redfish Session Info
180
181 # Append the session location to the list.
182 # ['/redfish/v1/SessionService/Sessions/uDzihgDecs',
183 # '/redfish/v1/SessionService/Sessions/PaHF5brPPd']
184 Append To List ${session_list} ${session_info["location"]}
185
186
187Multiple Session Cleanup
188 [Documentation] Do the teardown for multiple sessions.
189
190 FFDC On Test Case Fail
191
Sushil Singh50621142020-06-16 11:12:21 -0500[diff] [blame]192 FOR ${item} IN @{session_list}
193 Redfish.Delete ${item}
194 END