Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / openbmc-test-automation / cd9edf6cb764e6b4f536d1317d441126ecc6a077 / . / redfish / service_root / test_service_root_security.robot
blob: 61612ffeca5b9e0fa67bf3a3905b105abe8beb13 [file] [log] [blame]
George Keishing4c394012019-02-01 06:03:02 -0600[diff] [blame]1*** Settings ***
Joy Onyerikwudbfe97d2019-03-11 19:44:56 -0500[diff] [blame]2Documentation Test Redfish service root login security.
3
George Keishing4c394012019-02-01 06:03:02 -0600[diff] [blame]4Resource ../../lib/bmc_redfish_resource.robot
George Keishing3298d5c2019-02-12 06:59:25 -0600[diff] [blame]5Resource ../../lib/openbmc_ffdc.robot
6
7Test Teardown FFDC On Test Case Fail
Michael Walshc108e422019-03-28 12:27:18 -0500[diff] [blame]8Test Setup Printn
George Keishing4c394012019-02-01 06:03:02 -0600[diff] [blame]9
Igor Kanyukafeb79d62025-10-20 21:24:03 +0100[diff] [blame]10Test Tags Service_Root_Secuirity
11
George Keishing374e6842019-02-20 08:57:18 -0600[diff] [blame]12*** Variables ***
13
14${LOGIN_SESSION_COUNT} ${50}
15
George Keishingc2837c92023-07-28 20:26:03 +0530[diff] [blame]16&{header_requirements} Strict-Transport-Security=max-age=31536000; includeSubdomains
George Keishing35e0bba2019-06-04 13:10:55 -0500[diff] [blame]17... X-Frame-Options=DENY
18... Pragma=no-cache
George Keishingc2837c92023-07-28 20:26:03 +0530[diff] [blame]19... Cache-Control=no-store, max-age=0
20... Referrer-Policy=no-referrer
George Keishing35e0bba2019-06-04 13:10:55 -0500[diff] [blame]21... X-Content-Type-Options=nosniff
George Keishingc2837c92023-07-28 20:26:03 +0530[diff] [blame]22... X-Permitted-Cross-Domain-Policies=none
23... Cross-Origin-Embedder-Policy=require-corp
24... Cross-Origin-Opener-Policy=same-origin
25... Cross-Origin-Resource-Policy=same-origin
26... Content-Security-Policy=default-src 'none'; img-src 'self' data:; font-src 'self'; style-src 'self'; script-src 'self'; connect-src 'self' wss:; form-action 'none'; frame-ancestors 'none'; object-src 'none'; base-uri 'none'
George Keishing9edf5bc2019-04-09 15:07:28 -0500[diff] [blame]27
George Keishing76adf442025-03-19 09:51:47 +0530[diff] [blame]28${ERROR_RESPONSE_MSG} *Connection refused*
29
George Keishing4c394012019-02-01 06:03:02 -0600[diff] [blame]30*** Test Cases ***
31
George Keishing5ee33d92019-02-02 12:33:25 -0600[diff] [blame]32Redfish Login With Invalid Credentials
George Keishing4c394012019-02-01 06:03:02 -0600[diff] [blame]33 [Documentation] Login to BMC web using invalid credential.
George Keishing5ee33d92019-02-02 12:33:25 -0600[diff] [blame]34 [Tags] Redfish_Login_With_Invalid_Credentials
George Keishing4c394012019-02-01 06:03:02 -0600[diff] [blame]35 [Template] Login And Verify Redfish Response
36
George Keishing32616042022-09-22 05:25:39 -0500[diff] [blame]37 # Username Password Expect status
38 ${OPENBMC_USERNAME} deadpassword InvalidCredentialsError
39 groot ${OPENBMC_PASSWORD} InvalidCredentialsError
40 ${EMPTY} ${OPENBMC_PASSWORD} SessionCreationError
41 ${OPENBMC_USERNAME} ${EMPTY} SessionCreationError
42 ${EMPTY} ${EMPTY} SessionCreationError
George Keishing4c394012019-02-01 06:03:02 -0600[diff] [blame]43
44
George Keishing5ee33d92019-02-02 12:33:25 -0600[diff] [blame]45Redfish Login Using Unsecured HTTP
George Keishinga8116932019-02-05 11:51:47 -0600[diff] [blame]46 [Documentation] Login to BMC web through http unsecured.
George Keishing5ee33d92019-02-02 12:33:25 -0600[diff] [blame]47 [Tags] Redfish_Login_Using_Unsecured_HTTP
George Keishinga8116932019-02-05 11:51:47 -0600[diff] [blame]48
49 Create Session openbmc http://${OPENBMC_HOST}
50 ${data}= Create Dictionary
51 ... UserName=${OPENBMC_USERNAME} Password=${OPENBMC_PASSWORD}
52
53 ${headers}= Create Dictionary Content-Type=application/json
54
55 Run Keyword And Expect Error *Connection refused*
George Keishingfbd67002022-08-01 11:24:03 -0500[diff] [blame]56 ... POST On Session openbmc /redfish/v1/SessionService/Sessions
George Keishinga8116932019-02-05 11:51:47 -0600[diff] [blame]57 ... data=${data} headers=${headers}
58
59
George Keishingb2f07342019-02-09 05:21:45 -0600[diff] [blame]60Redfish Login Using HTTPS Wrong Port 80 Protocol
61 [Documentation] Login to BMC web through wrong protocol port 80.
62 [Tags] Redfish_Login_Using_HTTPS_Wrong_Port_80_Protocol
63
64 Create Session openbmc https://${OPENBMC_HOST}:80
65 ${data}= Create Dictionary
66 ... UserName=${OPENBMC_USERNAME} Password=${OPENBMC_PASSWORD}
67
68 ${headers}= Create Dictionary Content-Type=application/json
69
George Keishing76adf442025-03-19 09:51:47 +0530[diff] [blame]70 Run Keyword And Expect Error ${ERROR_RESPONSE_MSG}
George Keishingfbd67002022-08-01 11:24:03 -0500[diff] [blame]71 ... POST On Session openbmc /redfish/v1/SessionService/Sessions
George Keishingb2f07342019-02-09 05:21:45 -0600[diff] [blame]72 ... data=${data} headers=${headers}
73
74
George Keishing374e6842019-02-20 08:57:18 -0600[diff] [blame]75Create Multiple Login Sessions And Verify
76 [Documentation] Create 50 login instances and verify.
77 [Tags] Create_Multiple_Login_Sessions_And_Verify
Sushil Singhd1a35ac2020-08-04 11:28:56 -0500[diff] [blame]78 [Teardown] Run Keyword And Ignore Error Multiple Session Cleanup
George Keishing374e6842019-02-20 08:57:18 -0600[diff] [blame]79
George Keishing97c93942019-03-04 12:45:07 -0600[diff] [blame]80 Redfish.Login
George Keishing374e6842019-02-20 08:57:18 -0600[diff] [blame]81 # Example:
82 # {
83 # 'key': 'L0XEsZAXpNdF147jJaOD',
84 # 'location': '/redfish/v1/SessionService/Sessions/qWn2JOJSOs'
85 # }
George Keishing0b9d8ab2019-02-20 14:02:41 -0600[diff] [blame]86 ${saved_session_info}= Get Redfish Session Info
George Keishing374e6842019-02-20 08:57:18 -0600[diff] [blame]87
88 # Sessions book keeping for cleanup once done.
89 ${session_list}= Create List
90 Set Test Variable ${session_list}
91
92 Repeat Keyword ${LOGIN_SESSION_COUNT} times Create New Login Session
93
94 # Update the redfish session object with the first login key and location
95 # and verify if it is still working.
George Keishing97c93942019-03-04 12:45:07 -0600[diff] [blame]96 Redfish.Set Session Key ${saved_session_info["key"]}
97 Redfish.Set Session Location ${saved_session_info["location"]}
98 Redfish.Get ${saved_session_info["location"]}
George Keishing374e6842019-02-20 08:57:18 -0600[diff] [blame]99
100
George Keishing0b9d8ab2019-02-20 14:02:41 -0600[diff] [blame]101Attempt Login With Expired Session
102 [Documentation] Authenticate to redfish, then log out and attempt to
103 ... use the session.
104 [Tags] Attempt_Login_With_Expired_Session
105
George Keishing97c93942019-03-04 12:45:07 -0600[diff] [blame]106 Redfish.Login
George Keishing0b9d8ab2019-02-20 14:02:41 -0600[diff] [blame]107 ${saved_session_info}= Get Redfish Session Info
George Keishing97c93942019-03-04 12:45:07 -0600[diff] [blame]108 Redfish.Logout
George Keishing0b9d8ab2019-02-20 14:02:41 -0600[diff] [blame]109
110 # Attempt login with expired session.
111 # By default 60 minutes of inactivity closes the session.
George Keishing97c93942019-03-04 12:45:07 -0600[diff] [blame]112 Redfish.Set Session Key ${saved_session_info["key"]}
113 Redfish.Set Session Location ${saved_session_info["location"]}
George Keishing0b9d8ab2019-02-20 14:02:41 -0600[diff] [blame]114
George Keishing97c93942019-03-04 12:45:07 -0600[diff] [blame]115 Redfish.Get ${saved_session_info["location"]} valid_status_codes=[${HTTP_UNAUTHORIZED}]
George Keishing0b9d8ab2019-02-20 14:02:41 -0600[diff] [blame]116
117
George Keishing9edf5bc2019-04-09 15:07:28 -0500[diff] [blame]118Login And Verify HTTP Response Header
119 [Documentation] Login and verify redfish HTTP response header.
120 [Tags] Login_And_Verify_HTTP_Response_Header
121
122 # Example of HTTP redfish response header.
George Keishingc2837c92023-07-28 20:26:03 +0530[diff] [blame]123 # Strict-Transport-Security: max-age=31536000; includeSubdomains
George Keishing9edf5bc2019-04-09 15:07:28 -0500[diff] [blame]124 # X-Frame-Options: DENY
125 # Pragma: no-cache
George Keishingc2837c92023-07-28 20:26:03 +0530[diff] [blame]126 # Cache-Control: no-store, max-age=0
George Keishing9edf5bc2019-04-09 15:07:28 -0500[diff] [blame]127 # X-Content-Type-Options: nosniff
George Keishingc2837c92023-07-28 20:26:03 +0530[diff] [blame]128 # Referrer-Policy: no-referrer
129 # X-Permitted-Cross-Domain-Policies: none
130 # Cross-Origin-Embedder-Policy: require-corp
131 # Cross-Origin-Opener-Policy: same-origin
132 # Cross-Origin-Resource-Policy: same-origin
133 # Content-Security-Policy: default-src 'none'; img-src 'self' data:; font-src 'self'; style-src 'self'; script-src 'self'; connect-src 'self' wss:; form-action 'none'; frame-ancestors 'none'; object-src 'none'; base-uri 'none'
134
George Keishing9edf5bc2019-04-09 15:07:28 -0500[diff] [blame]135
Michael Walsh0d5f96a2019-05-20 10:09:57 -0500[diff] [blame]136 Rprint Vars header_requirements fmt=1
George Keishing9edf5bc2019-04-09 15:07:28 -0500[diff] [blame]137
138 Redfish.Login
139 ${resp}= Redfish.Get /redfish/v1/SessionService/Sessions
140
141 # The getheaders() method returns the headers as a list of tuples:
142 # headers:
George Keishingc2837c92023-07-28 20:26:03 +0530[diff] [blame]143
144 # [Strict-Transport-Security]: max-age=31536000; includeSubdomains
145 # [X-Frame-Options]: DENY
146 # [Pragma]: no-cache
147 # [Cache-Control]: no-store, max-age=0
148 # [X-Content-Type-Options]: nosniff
149 # [Referrer-Policy]: no-referrer
150 # [X-Permitted-Cross-Domain-Policies]: none
151 # [Cross-Origin-Embedder-Policy]: require-corp
152 # [Cross-Origin-Opener-Policy]: same-origin
153 # [Cross-Origin-Resource-Policy]: same-origin
154 # [Content-Security-Policy]: default-src 'none'; img-src 'self' data:; font-src 'self'; style-src 'self'; script-src 'self'; connect-src 'self' wss:; form-action 'none'; frame-ancestors 'none'; object-src 'none'; base-uri 'none'
155 # [Content-Type]: application/json
156 # [Content-Length]: 394
George Keishing9edf5bc2019-04-09 15:07:28 -0500[diff] [blame]157
158 ${headers}= Key Value List To Dict ${resp.getheaders()}
Michael Walsh0d5f96a2019-05-20 10:09:57 -0500[diff] [blame]159 Rprint Vars headers fmt=1
George Keishing9edf5bc2019-04-09 15:07:28 -0500[diff] [blame]160
161 Dictionary Should Contain Sub Dictionary ${headers} ${header_requirements}
162
163
George Keishing4c394012019-02-01 06:03:02 -0600[diff] [blame]164*** Keywords ***
165
166Login And Verify Redfish Response
167 [Documentation] Login and verify redfish response.
George Keishing32616042022-09-22 05:25:39 -0500[diff] [blame]168 [Arguments] ${username} ${password} ${expected_response}
George Keishing4c394012019-02-01 06:03:02 -0600[diff] [blame]169
170 # Description of arguments:
George Keishing32616042022-09-22 05:25:39 -0500[diff] [blame]171 # expected_response Expected REST status.
172 # username The username to be used to connect to the server.
173 # password The password to be used to connect to the server.
George Keishing4c394012019-02-01 06:03:02 -0600[diff] [blame]174
George Keishing5e6515e2019-03-12 14:22:33 -0500[diff] [blame]175 # The redfish object may preserve a valid username or password from the
176 # last failed login attempt. If we then try to login with a null username
177 # or password value, the redfish object may prefer the preserved value.
178 # Since we're testing bad path, we wish to avoid this scenario so we will
179 # clear these values.
180
181 Redfish.Set Username ${EMPTY}
182 Redfish.Set Password ${EMPTY}
183
George Keishing32616042022-09-22 05:25:39 -0500[diff] [blame]184 ${msg}= Run Keyword And Expect Error * Redfish.Login ${username} ${password}
185
186 # redfish package version <=3.1.6 default response is InvalidCredentialsError.
187 Should Contain Any ${msg} InvalidCredentialsError ${expected_response}
George Keishing374e6842019-02-20 08:57:18 -0600[diff] [blame]188
189
190Create New Login Session
191 [Documentation] Multiple login session keys.
192
George Keishing97c93942019-03-04 12:45:07 -0600[diff] [blame]193 Redfish.Login
George Keishing374e6842019-02-20 08:57:18 -0600[diff] [blame]194 ${session_info}= Get Redfish Session Info
195
196 # Append the session location to the list.
197 # ['/redfish/v1/SessionService/Sessions/uDzihgDecs',
198 # '/redfish/v1/SessionService/Sessions/PaHF5brPPd']
199 Append To List ${session_list} ${session_info["location"]}
200
201
202Multiple Session Cleanup
203 [Documentation] Do the teardown for multiple sessions.
204
205 FFDC On Test Case Fail
206
Sushil Singh50621142020-06-16 11:12:21 -0500[diff] [blame]207 FOR ${item} IN @{session_list}
208 Redfish.Delete ${item}
209 END