blob: be1149adf0d67f57d61faae0f7ef09d4f45cd668 [file] [log] [blame]
George Keishing4c394012019-02-01 06:03:02 -06001*** Settings ***
Joy Onyerikwudbfe97d2019-03-11 19:44:56 -05002Documentation Test Redfish service root login security.
3
George Keishing85609902019-02-18 07:24:24 -06004Resource ../../lib/resource.robot
George Keishing4c394012019-02-01 06:03:02 -06005Resource ../../lib/bmc_redfish_resource.robot
George Keishing3298d5c2019-02-12 06:59:25 -06006Resource ../../lib/openbmc_ffdc.robot
7
8Test Teardown FFDC On Test Case Fail
Michael Walshc108e422019-03-28 12:27:18 -05009Test Setup Printn
George Keishing4c394012019-02-01 06:03:02 -060010
George Keishing374e6842019-02-20 08:57:18 -060011*** Variables ***
12
13${LOGIN_SESSION_COUNT} ${50}
14
George Keishing35e0bba2019-06-04 13:10:55 -050015&{header_requirements} Strict-Transport-Security=max-age=31536000; includeSubdomains; preload
16... X-Frame-Options=DENY
17... Pragma=no-cache
18... Cache-Control=no-Store,no-Cache
Brian Ma2bbdb3b2022-04-21 14:03:46 +080019... Content-Security-Policy=default-src 'none'; img-src 'self' data:; font-src 'self'; style-src 'self'; script-src 'self'; connect-src 'self' wss:; form-action 'none'; frame-ancestors 'none'; object-src 'none'; base-uri 'none'
George Keishing35e0bba2019-06-04 13:10:55 -050020... X-XSS-Protection=1; mode=block
21... X-Content-Type-Options=nosniff
George Keishing9edf5bc2019-04-09 15:07:28 -050022
George Keishing4c394012019-02-01 06:03:02 -060023*** Test Cases ***
24
George Keishing5ee33d92019-02-02 12:33:25 -060025Redfish Login With Invalid Credentials
George Keishing4c394012019-02-01 06:03:02 -060026 [Documentation] Login to BMC web using invalid credential.
George Keishing5ee33d92019-02-02 12:33:25 -060027 [Tags] Redfish_Login_With_Invalid_Credentials
George Keishing4c394012019-02-01 06:03:02 -060028 [Template] Login And Verify Redfish Response
29
George Keishing32616042022-09-22 05:25:39 -050030 # Username Password Expect status
31 ${OPENBMC_USERNAME} deadpassword InvalidCredentialsError
32 groot ${OPENBMC_PASSWORD} InvalidCredentialsError
33 ${EMPTY} ${OPENBMC_PASSWORD} SessionCreationError
34 ${OPENBMC_USERNAME} ${EMPTY} SessionCreationError
35 ${EMPTY} ${EMPTY} SessionCreationError
George Keishing4c394012019-02-01 06:03:02 -060036
37
George Keishing5ee33d92019-02-02 12:33:25 -060038Redfish Login Using Unsecured HTTP
George Keishinga8116932019-02-05 11:51:47 -060039 [Documentation] Login to BMC web through http unsecured.
George Keishing5ee33d92019-02-02 12:33:25 -060040 [Tags] Redfish_Login_Using_Unsecured_HTTP
George Keishinga8116932019-02-05 11:51:47 -060041
42 Create Session openbmc http://${OPENBMC_HOST}
43 ${data}= Create Dictionary
44 ... UserName=${OPENBMC_USERNAME} Password=${OPENBMC_PASSWORD}
45
46 ${headers}= Create Dictionary Content-Type=application/json
47
48 Run Keyword And Expect Error *Connection refused*
George Keishingfbd67002022-08-01 11:24:03 -050049 ... POST On Session openbmc /redfish/v1/SessionService/Sessions
George Keishinga8116932019-02-05 11:51:47 -060050 ... data=${data} headers=${headers}
51
52
George Keishingb2f07342019-02-09 05:21:45 -060053Redfish Login Using HTTPS Wrong Port 80 Protocol
54 [Documentation] Login to BMC web through wrong protocol port 80.
55 [Tags] Redfish_Login_Using_HTTPS_Wrong_Port_80_Protocol
56
57 Create Session openbmc https://${OPENBMC_HOST}:80
58 ${data}= Create Dictionary
59 ... UserName=${OPENBMC_USERNAME} Password=${OPENBMC_PASSWORD}
60
61 ${headers}= Create Dictionary Content-Type=application/json
62
63 Run Keyword And Expect Error *Connection refused*
George Keishingfbd67002022-08-01 11:24:03 -050064 ... POST On Session openbmc /redfish/v1/SessionService/Sessions
George Keishingb2f07342019-02-09 05:21:45 -060065 ... data=${data} headers=${headers}
66
67
George Keishing374e6842019-02-20 08:57:18 -060068Create Multiple Login Sessions And Verify
69 [Documentation] Create 50 login instances and verify.
70 [Tags] Create_Multiple_Login_Sessions_And_Verify
Sushil Singhd1a35ac2020-08-04 11:28:56 -050071 [Teardown] Run Keyword And Ignore Error Multiple Session Cleanup
George Keishing374e6842019-02-20 08:57:18 -060072
George Keishing97c93942019-03-04 12:45:07 -060073 Redfish.Login
George Keishing374e6842019-02-20 08:57:18 -060074 # Example:
75 # {
76 # 'key': 'L0XEsZAXpNdF147jJaOD',
77 # 'location': '/redfish/v1/SessionService/Sessions/qWn2JOJSOs'
78 # }
George Keishing0b9d8ab2019-02-20 14:02:41 -060079 ${saved_session_info}= Get Redfish Session Info
George Keishing374e6842019-02-20 08:57:18 -060080
81 # Sessions book keeping for cleanup once done.
82 ${session_list}= Create List
83 Set Test Variable ${session_list}
84
85 Repeat Keyword ${LOGIN_SESSION_COUNT} times Create New Login Session
86
87 # Update the redfish session object with the first login key and location
88 # and verify if it is still working.
George Keishing97c93942019-03-04 12:45:07 -060089 Redfish.Set Session Key ${saved_session_info["key"]}
90 Redfish.Set Session Location ${saved_session_info["location"]}
91 Redfish.Get ${saved_session_info["location"]}
George Keishing374e6842019-02-20 08:57:18 -060092
93
George Keishing0b9d8ab2019-02-20 14:02:41 -060094Attempt Login With Expired Session
95 [Documentation] Authenticate to redfish, then log out and attempt to
96 ... use the session.
97 [Tags] Attempt_Login_With_Expired_Session
98
George Keishing97c93942019-03-04 12:45:07 -060099 Redfish.Login
George Keishing0b9d8ab2019-02-20 14:02:41 -0600100 ${saved_session_info}= Get Redfish Session Info
George Keishing97c93942019-03-04 12:45:07 -0600101 Redfish.Logout
George Keishing0b9d8ab2019-02-20 14:02:41 -0600102
103 # Attempt login with expired session.
104 # By default 60 minutes of inactivity closes the session.
George Keishing97c93942019-03-04 12:45:07 -0600105 Redfish.Set Session Key ${saved_session_info["key"]}
106 Redfish.Set Session Location ${saved_session_info["location"]}
George Keishing0b9d8ab2019-02-20 14:02:41 -0600107
George Keishing97c93942019-03-04 12:45:07 -0600108 Redfish.Get ${saved_session_info["location"]} valid_status_codes=[${HTTP_UNAUTHORIZED}]
George Keishing0b9d8ab2019-02-20 14:02:41 -0600109
110
George Keishing9edf5bc2019-04-09 15:07:28 -0500111Login And Verify HTTP Response Header
112 [Documentation] Login and verify redfish HTTP response header.
113 [Tags] Login_And_Verify_HTTP_Response_Header
114
115 # Example of HTTP redfish response header.
116 # Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
117 # X-Frame-Options: DENY
118 # Pragma: no-cache
119 # Cache-Control: no-Store,no-Cache
120 # Content-Security-Policy: default-src 'self'; img-src 'self' data:
121 # X-XSS-Protection: 1; mode=block
122 # X-Content-Type-Options: nosniff
123
Michael Walsh0d5f96a2019-05-20 10:09:57 -0500124 Rprint Vars header_requirements fmt=1
George Keishing9edf5bc2019-04-09 15:07:28 -0500125
126 Redfish.Login
127 ${resp}= Redfish.Get /redfish/v1/SessionService/Sessions
128
129 # The getheaders() method returns the headers as a list of tuples:
130 # headers:
131 # [Strict-Transport-Security]: max-age=31536000; includeSubdomains; preload
132 # [X-Frame-Options]: DENY
133 # [Pragma]: no-cache
134 # [Cache-Control]: no-Store,no-Cache
135 # [Content-Security-Policy]: default-src 'self'; img-src 'self' data:
136 # [X-XSS-Protection]: 1; mode=block
137 # [X-Content-Type-Options]: nosniff
138 # [X-UA-Compatible]: IE=11
139 # [Content-Type]: application/json
140 # [Server]: iBMC
141 # [Date]: Tue, 16 Apr 2019 17:49:46 GMT
142 # [Content-Length]: 2177
143
144 ${headers}= Key Value List To Dict ${resp.getheaders()}
Michael Walsh0d5f96a2019-05-20 10:09:57 -0500145 Rprint Vars headers fmt=1
George Keishing9edf5bc2019-04-09 15:07:28 -0500146
147 Dictionary Should Contain Sub Dictionary ${headers} ${header_requirements}
148
149
George Keishing4c394012019-02-01 06:03:02 -0600150*** Keywords ***
151
152Login And Verify Redfish Response
153 [Documentation] Login and verify redfish response.
George Keishing32616042022-09-22 05:25:39 -0500154 [Arguments] ${username} ${password} ${expected_response}
George Keishing4c394012019-02-01 06:03:02 -0600155
156 # Description of arguments:
George Keishing32616042022-09-22 05:25:39 -0500157 # expected_response Expected REST status.
158 # username The username to be used to connect to the server.
159 # password The password to be used to connect to the server.
George Keishing4c394012019-02-01 06:03:02 -0600160
George Keishing5e6515e2019-03-12 14:22:33 -0500161 # The redfish object may preserve a valid username or password from the
162 # last failed login attempt. If we then try to login with a null username
163 # or password value, the redfish object may prefer the preserved value.
164 # Since we're testing bad path, we wish to avoid this scenario so we will
165 # clear these values.
166
167 Redfish.Set Username ${EMPTY}
168 Redfish.Set Password ${EMPTY}
169
George Keishing32616042022-09-22 05:25:39 -0500170 ${msg}= Run Keyword And Expect Error * Redfish.Login ${username} ${password}
171
172 # redfish package version <=3.1.6 default response is InvalidCredentialsError.
173 Should Contain Any ${msg} InvalidCredentialsError ${expected_response}
George Keishing374e6842019-02-20 08:57:18 -0600174
175
176Create New Login Session
177 [Documentation] Multiple login session keys.
178
George Keishing97c93942019-03-04 12:45:07 -0600179 Redfish.Login
George Keishing374e6842019-02-20 08:57:18 -0600180 ${session_info}= Get Redfish Session Info
181
182 # Append the session location to the list.
183 # ['/redfish/v1/SessionService/Sessions/uDzihgDecs',
184 # '/redfish/v1/SessionService/Sessions/PaHF5brPPd']
185 Append To List ${session_list} ${session_info["location"]}
186
187
188Multiple Session Cleanup
189 [Documentation] Do the teardown for multiple sessions.
190
191 FFDC On Test Case Fail
192
Sushil Singh50621142020-06-16 11:12:21 -0500193 FOR ${item} IN @{session_list}
194 Redfish.Delete ${item}
195 END