Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / openbmc-test-automation / 70aab0739be762393c30405af9723e915ebe5787 / . / redfish / service_root / test_service_root_security.robot
blob: c0a8d89330fe5f7458ccb219775df61997936ee1 [file] [log] [blame]
George Keishing4c394012019-02-01 06:03:02 -0600[diff] [blame]1*** Settings ***
Joy Onyerikwudbfe97d2019-03-11 19:44:56 -0500[diff] [blame]2Documentation Test Redfish service root login security.
3
George Keishing85609902019-02-18 07:24:24 -0600[diff] [blame]4Resource ../../lib/resource.robot
George Keishing4c394012019-02-01 06:03:02 -0600[diff] [blame]5Resource ../../lib/bmc_redfish_resource.robot
George Keishing3298d5c2019-02-12 06:59:25 -0600[diff] [blame]6Resource ../../lib/openbmc_ffdc.robot
7
8Test Teardown FFDC On Test Case Fail
Michael Walshc108e422019-03-28 12:27:18 -0500[diff] [blame]9Test Setup Printn
George Keishing4c394012019-02-01 06:03:02 -0600[diff] [blame]10
George Keishing374e6842019-02-20 08:57:18 -0600[diff] [blame]11*** Variables ***
12
13${LOGIN_SESSION_COUNT} ${50}
14
George Keishing35e0bba2019-06-04 13:10:55 -0500[diff] [blame]15&{header_requirements} Strict-Transport-Security=max-age=31536000; includeSubdomains; preload
16... X-Frame-Options=DENY
17... Pragma=no-cache
18... Cache-Control=no-Store,no-Cache
Brian Ma2bbdb3b2022-04-21 14:03:46 +0800[diff] [blame]19... Content-Security-Policy=default-src 'none'; img-src 'self' data:; font-src 'self'; style-src 'self'; script-src 'self'; connect-src 'self' wss:; form-action 'none'; frame-ancestors 'none'; object-src 'none'; base-uri 'none'
George Keishing35e0bba2019-06-04 13:10:55 -0500[diff] [blame]20... X-XSS-Protection=1; mode=block
21... X-Content-Type-Options=nosniff
George Keishing9edf5bc2019-04-09 15:07:28 -0500[diff] [blame]22
George Keishing4c394012019-02-01 06:03:02 -0600[diff] [blame]23*** Test Cases ***
24
George Keishing5ee33d92019-02-02 12:33:25 -0600[diff] [blame]25Redfish Login With Invalid Credentials
George Keishing4c394012019-02-01 06:03:02 -0600[diff] [blame]26 [Documentation] Login to BMC web using invalid credential.
George Keishing5ee33d92019-02-02 12:33:25 -0600[diff] [blame]27 [Tags] Redfish_Login_With_Invalid_Credentials
George Keishing4c394012019-02-01 06:03:02 -0600[diff] [blame]28 [Template] Login And Verify Redfish Response
29
30 # Expect status Username Password
31 InvalidCredentialsError* ${OPENBMC_USERNAME} deadpassword
32 InvalidCredentialsError* groot ${OPENBMC_PASSWORD}
33 InvalidCredentialsError* ${EMPTY} ${OPENBMC_PASSWORD}
34 InvalidCredentialsError* ${OPENBMC_USERNAME} ${EMPTY}
35 InvalidCredentialsError* ${EMPTY} ${EMPTY}
36
37
George Keishing5ee33d92019-02-02 12:33:25 -0600[diff] [blame]38Redfish Login Using Unsecured HTTP
George Keishinga8116932019-02-05 11:51:47 -0600[diff] [blame]39 [Documentation] Login to BMC web through http unsecured.
George Keishing5ee33d92019-02-02 12:33:25 -0600[diff] [blame]40 [Tags] Redfish_Login_Using_Unsecured_HTTP
George Keishinga8116932019-02-05 11:51:47 -0600[diff] [blame]41
42 Create Session openbmc http://${OPENBMC_HOST}
43 ${data}= Create Dictionary
44 ... UserName=${OPENBMC_USERNAME} Password=${OPENBMC_PASSWORD}
45
46 ${headers}= Create Dictionary Content-Type=application/json
47
48 Run Keyword And Expect Error *Connection refused*
49 ... Post Request openbmc /redfish/v1/SessionService/Sessions
50 ... data=${data} headers=${headers}
51
52
George Keishingb2f07342019-02-09 05:21:45 -0600[diff] [blame]53Redfish Login Using HTTPS Wrong Port 80 Protocol
54 [Documentation] Login to BMC web through wrong protocol port 80.
55 [Tags] Redfish_Login_Using_HTTPS_Wrong_Port_80_Protocol
56
57 Create Session openbmc https://${OPENBMC_HOST}:80
58 ${data}= Create Dictionary
59 ... UserName=${OPENBMC_USERNAME} Password=${OPENBMC_PASSWORD}
60
61 ${headers}= Create Dictionary Content-Type=application/json
62
63 Run Keyword And Expect Error *Connection refused*
64 ... Post Request openbmc /redfish/v1/SessionService/Sessions
65 ... data=${data} headers=${headers}
66
67
George Keishing374e6842019-02-20 08:57:18 -0600[diff] [blame]68Create Multiple Login Sessions And Verify
69 [Documentation] Create 50 login instances and verify.
70 [Tags] Create_Multiple_Login_Sessions_And_Verify
Sushil Singhd1a35ac2020-08-04 11:28:56 -0500[diff] [blame]71 [Teardown] Run Keyword And Ignore Error Multiple Session Cleanup
George Keishing374e6842019-02-20 08:57:18 -0600[diff] [blame]72
George Keishing97c93942019-03-04 12:45:07 -0600[diff] [blame]73 Redfish.Login
George Keishing374e6842019-02-20 08:57:18 -0600[diff] [blame]74 # Example:
75 # {
76 # 'key': 'L0XEsZAXpNdF147jJaOD',
77 # 'location': '/redfish/v1/SessionService/Sessions/qWn2JOJSOs'
78 # }
George Keishing0b9d8ab2019-02-20 14:02:41 -0600[diff] [blame]79 ${saved_session_info}= Get Redfish Session Info
George Keishing374e6842019-02-20 08:57:18 -0600[diff] [blame]80
81 # Sessions book keeping for cleanup once done.
82 ${session_list}= Create List
83 Set Test Variable ${session_list}
84
85 Repeat Keyword ${LOGIN_SESSION_COUNT} times Create New Login Session
86
87 # Update the redfish session object with the first login key and location
88 # and verify if it is still working.
George Keishing97c93942019-03-04 12:45:07 -0600[diff] [blame]89 Redfish.Set Session Key ${saved_session_info["key"]}
90 Redfish.Set Session Location ${saved_session_info["location"]}
91 Redfish.Get ${saved_session_info["location"]}
George Keishing374e6842019-02-20 08:57:18 -0600[diff] [blame]92
93
George Keishing0b9d8ab2019-02-20 14:02:41 -0600[diff] [blame]94Attempt Login With Expired Session
95 [Documentation] Authenticate to redfish, then log out and attempt to
96 ... use the session.
97 [Tags] Attempt_Login_With_Expired_Session
98
George Keishing97c93942019-03-04 12:45:07 -0600[diff] [blame]99 Redfish.Login
George Keishing0b9d8ab2019-02-20 14:02:41 -0600[diff] [blame]100 ${saved_session_info}= Get Redfish Session Info
George Keishing97c93942019-03-04 12:45:07 -0600[diff] [blame]101 Redfish.Logout
George Keishing0b9d8ab2019-02-20 14:02:41 -0600[diff] [blame]102
103 # Attempt login with expired session.
104 # By default 60 minutes of inactivity closes the session.
George Keishing97c93942019-03-04 12:45:07 -0600[diff] [blame]105 Redfish.Set Session Key ${saved_session_info["key"]}
106 Redfish.Set Session Location ${saved_session_info["location"]}
George Keishing0b9d8ab2019-02-20 14:02:41 -0600[diff] [blame]107
George Keishing97c93942019-03-04 12:45:07 -0600[diff] [blame]108 Redfish.Get ${saved_session_info["location"]} valid_status_codes=[${HTTP_UNAUTHORIZED}]
George Keishing0b9d8ab2019-02-20 14:02:41 -0600[diff] [blame]109
110
George Keishing9edf5bc2019-04-09 15:07:28 -0500[diff] [blame]111Login And Verify HTTP Response Header
112 [Documentation] Login and verify redfish HTTP response header.
113 [Tags] Login_And_Verify_HTTP_Response_Header
114
115 # Example of HTTP redfish response header.
116 # Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
117 # X-Frame-Options: DENY
118 # Pragma: no-cache
119 # Cache-Control: no-Store,no-Cache
120 # Content-Security-Policy: default-src 'self'; img-src 'self' data:
121 # X-XSS-Protection: 1; mode=block
122 # X-Content-Type-Options: nosniff
123
Michael Walsh0d5f96a2019-05-20 10:09:57 -0500[diff] [blame]124 Rprint Vars header_requirements fmt=1
George Keishing9edf5bc2019-04-09 15:07:28 -0500[diff] [blame]125
126 Redfish.Login
127 ${resp}= Redfish.Get /redfish/v1/SessionService/Sessions
128
129 # The getheaders() method returns the headers as a list of tuples:
130 # headers:
131 # [Strict-Transport-Security]: max-age=31536000; includeSubdomains; preload
132 # [X-Frame-Options]: DENY
133 # [Pragma]: no-cache
134 # [Cache-Control]: no-Store,no-Cache
135 # [Content-Security-Policy]: default-src 'self'; img-src 'self' data:
136 # [X-XSS-Protection]: 1; mode=block
137 # [X-Content-Type-Options]: nosniff
138 # [X-UA-Compatible]: IE=11
139 # [Content-Type]: application/json
140 # [Server]: iBMC
141 # [Date]: Tue, 16 Apr 2019 17:49:46 GMT
142 # [Content-Length]: 2177
143
144 ${headers}= Key Value List To Dict ${resp.getheaders()}
Michael Walsh0d5f96a2019-05-20 10:09:57 -0500[diff] [blame]145 Rprint Vars headers fmt=1
George Keishing9edf5bc2019-04-09 15:07:28 -0500[diff] [blame]146
147 Dictionary Should Contain Sub Dictionary ${headers} ${header_requirements}
148
149
George Keishing4c394012019-02-01 06:03:02 -0600[diff] [blame]150*** Keywords ***
151
152Login And Verify Redfish Response
153 [Documentation] Login and verify redfish response.
154 [Arguments] ${expected_response} ${username} ${password}
155
156 # Description of arguments:
157 # expected_response Expected REST status.
158 # username The username to be used to connect to the server.
159 # password The password to be used to connect to the server.
160
George Keishing5e6515e2019-03-12 14:22:33 -0500[diff] [blame]161 # The redfish object may preserve a valid username or password from the
162 # last failed login attempt. If we then try to login with a null username
163 # or password value, the redfish object may prefer the preserved value.
164 # Since we're testing bad path, we wish to avoid this scenario so we will
165 # clear these values.
166
167 Redfish.Set Username ${EMPTY}
168 Redfish.Set Password ${EMPTY}
169
170 Run Keyword And Expect Error ${expected_response}
171 ... Redfish.Login ${username} ${password}
George Keishing374e6842019-02-20 08:57:18 -0600[diff] [blame]172
173
174Create New Login Session
175 [Documentation] Multiple login session keys.
176
George Keishing97c93942019-03-04 12:45:07 -0600[diff] [blame]177 Redfish.Login
George Keishing374e6842019-02-20 08:57:18 -0600[diff] [blame]178 ${session_info}= Get Redfish Session Info
179
180 # Append the session location to the list.
181 # ['/redfish/v1/SessionService/Sessions/uDzihgDecs',
182 # '/redfish/v1/SessionService/Sessions/PaHF5brPPd']
183 Append To List ${session_list} ${session_info["location"]}
184
185
186Multiple Session Cleanup
187 [Documentation] Do the teardown for multiple sessions.
188
189 FFDC On Test Case Fail
190
Sushil Singh50621142020-06-16 11:12:21 -0500[diff] [blame]191 FOR ${item} IN @{session_list}
192 Redfish.Delete ${item}
193 END