Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / openbmc-test-automation / eacfac9ca9662ea258c45f56aa0680dec6d3573d / . / redfish / service_root / test_service_root_security.robot
blob: 9a567b3924f07f1565ff8b95b99caf9370618d0d [file] [log] [blame]
George Keishing4c394012019-02-01 06:03:02 -0600[diff] [blame]1*** Settings ***
Joy Onyerikwudbfe97d2019-03-11 19:44:56 -0500[diff] [blame]2Documentation Test Redfish service root login security.
3
George Keishing4c394012019-02-01 06:03:02 -0600[diff] [blame]4Resource ../../lib/bmc_redfish_resource.robot
George Keishing3298d5c2019-02-12 06:59:25 -0600[diff] [blame]5Resource ../../lib/openbmc_ffdc.robot
6
7Test Teardown FFDC On Test Case Fail
Michael Walshc108e422019-03-28 12:27:18 -0500[diff] [blame]8Test Setup Printn
George Keishing4c394012019-02-01 06:03:02 -0600[diff] [blame]9
George Keishing374e6842019-02-20 08:57:18 -0600[diff] [blame]10*** Variables ***
11
12${LOGIN_SESSION_COUNT} ${50}
13
George Keishingc2837c92023-07-28 20:26:03 +0530[diff] [blame]14&{header_requirements} Strict-Transport-Security=max-age=31536000; includeSubdomains
George Keishing35e0bba2019-06-04 13:10:55 -0500[diff] [blame]15... X-Frame-Options=DENY
16... Pragma=no-cache
George Keishingc2837c92023-07-28 20:26:03 +0530[diff] [blame]17... Cache-Control=no-store, max-age=0
18... Referrer-Policy=no-referrer
George Keishing35e0bba2019-06-04 13:10:55 -0500[diff] [blame]19... X-Content-Type-Options=nosniff
George Keishingc2837c92023-07-28 20:26:03 +0530[diff] [blame]20... X-Permitted-Cross-Domain-Policies=none
21... Cross-Origin-Embedder-Policy=require-corp
22... Cross-Origin-Opener-Policy=same-origin
23... Cross-Origin-Resource-Policy=same-origin
24... Content-Security-Policy=default-src 'none'; img-src 'self' data:; font-src 'self'; style-src 'self'; script-src 'self'; connect-src 'self' wss:; form-action 'none'; frame-ancestors 'none'; object-src 'none'; base-uri 'none'
George Keishing9edf5bc2019-04-09 15:07:28 -0500[diff] [blame]25
George Keishing4c394012019-02-01 06:03:02 -0600[diff] [blame]26*** Test Cases ***
27
George Keishing5ee33d92019-02-02 12:33:25 -0600[diff] [blame]28Redfish Login With Invalid Credentials
George Keishing4c394012019-02-01 06:03:02 -0600[diff] [blame]29 [Documentation] Login to BMC web using invalid credential.
George Keishing5ee33d92019-02-02 12:33:25 -0600[diff] [blame]30 [Tags] Redfish_Login_With_Invalid_Credentials
George Keishing4c394012019-02-01 06:03:02 -0600[diff] [blame]31 [Template] Login And Verify Redfish Response
32
George Keishing32616042022-09-22 05:25:39 -0500[diff] [blame]33 # Username Password Expect status
34 ${OPENBMC_USERNAME} deadpassword InvalidCredentialsError
35 groot ${OPENBMC_PASSWORD} InvalidCredentialsError
36 ${EMPTY} ${OPENBMC_PASSWORD} SessionCreationError
37 ${OPENBMC_USERNAME} ${EMPTY} SessionCreationError
38 ${EMPTY} ${EMPTY} SessionCreationError
George Keishing4c394012019-02-01 06:03:02 -0600[diff] [blame]39
40
George Keishing5ee33d92019-02-02 12:33:25 -0600[diff] [blame]41Redfish Login Using Unsecured HTTP
George Keishinga8116932019-02-05 11:51:47 -0600[diff] [blame]42 [Documentation] Login to BMC web through http unsecured.
George Keishing5ee33d92019-02-02 12:33:25 -0600[diff] [blame]43 [Tags] Redfish_Login_Using_Unsecured_HTTP
George Keishinga8116932019-02-05 11:51:47 -0600[diff] [blame]44
45 Create Session openbmc http://${OPENBMC_HOST}
46 ${data}= Create Dictionary
47 ... UserName=${OPENBMC_USERNAME} Password=${OPENBMC_PASSWORD}
48
49 ${headers}= Create Dictionary Content-Type=application/json
50
51 Run Keyword And Expect Error *Connection refused*
George Keishingfbd67002022-08-01 11:24:03 -0500[diff] [blame]52 ... POST On Session openbmc /redfish/v1/SessionService/Sessions
George Keishinga8116932019-02-05 11:51:47 -0600[diff] [blame]53 ... data=${data} headers=${headers}
54
55
George Keishingb2f07342019-02-09 05:21:45 -0600[diff] [blame]56Redfish Login Using HTTPS Wrong Port 80 Protocol
57 [Documentation] Login to BMC web through wrong protocol port 80.
58 [Tags] Redfish_Login_Using_HTTPS_Wrong_Port_80_Protocol
59
60 Create Session openbmc https://${OPENBMC_HOST}:80
61 ${data}= Create Dictionary
62 ... UserName=${OPENBMC_USERNAME} Password=${OPENBMC_PASSWORD}
63
64 ${headers}= Create Dictionary Content-Type=application/json
65
66 Run Keyword And Expect Error *Connection refused*
George Keishingfbd67002022-08-01 11:24:03 -0500[diff] [blame]67 ... POST On Session openbmc /redfish/v1/SessionService/Sessions
George Keishingb2f07342019-02-09 05:21:45 -0600[diff] [blame]68 ... data=${data} headers=${headers}
69
70
George Keishing374e6842019-02-20 08:57:18 -0600[diff] [blame]71Create Multiple Login Sessions And Verify
72 [Documentation] Create 50 login instances and verify.
73 [Tags] Create_Multiple_Login_Sessions_And_Verify
Sushil Singhd1a35ac2020-08-04 11:28:56 -0500[diff] [blame]74 [Teardown] Run Keyword And Ignore Error Multiple Session Cleanup
George Keishing374e6842019-02-20 08:57:18 -0600[diff] [blame]75
George Keishing97c93942019-03-04 12:45:07 -0600[diff] [blame]76 Redfish.Login
George Keishing374e6842019-02-20 08:57:18 -0600[diff] [blame]77 # Example:
78 # {
79 # 'key': 'L0XEsZAXpNdF147jJaOD',
80 # 'location': '/redfish/v1/SessionService/Sessions/qWn2JOJSOs'
81 # }
George Keishing0b9d8ab2019-02-20 14:02:41 -0600[diff] [blame]82 ${saved_session_info}= Get Redfish Session Info
George Keishing374e6842019-02-20 08:57:18 -0600[diff] [blame]83
84 # Sessions book keeping for cleanup once done.
85 ${session_list}= Create List
86 Set Test Variable ${session_list}
87
88 Repeat Keyword ${LOGIN_SESSION_COUNT} times Create New Login Session
89
90 # Update the redfish session object with the first login key and location
91 # and verify if it is still working.
George Keishing97c93942019-03-04 12:45:07 -0600[diff] [blame]92 Redfish.Set Session Key ${saved_session_info["key"]}
93 Redfish.Set Session Location ${saved_session_info["location"]}
94 Redfish.Get ${saved_session_info["location"]}
George Keishing374e6842019-02-20 08:57:18 -0600[diff] [blame]95
96
George Keishing0b9d8ab2019-02-20 14:02:41 -0600[diff] [blame]97Attempt Login With Expired Session
98 [Documentation] Authenticate to redfish, then log out and attempt to
99 ... use the session.
100 [Tags] Attempt_Login_With_Expired_Session
101
George Keishing97c93942019-03-04 12:45:07 -0600[diff] [blame]102 Redfish.Login
George Keishing0b9d8ab2019-02-20 14:02:41 -0600[diff] [blame]103 ${saved_session_info}= Get Redfish Session Info
George Keishing97c93942019-03-04 12:45:07 -0600[diff] [blame]104 Redfish.Logout
George Keishing0b9d8ab2019-02-20 14:02:41 -0600[diff] [blame]105
106 # Attempt login with expired session.
107 # By default 60 minutes of inactivity closes the session.
George Keishing97c93942019-03-04 12:45:07 -0600[diff] [blame]108 Redfish.Set Session Key ${saved_session_info["key"]}
109 Redfish.Set Session Location ${saved_session_info["location"]}
George Keishing0b9d8ab2019-02-20 14:02:41 -0600[diff] [blame]110
George Keishing97c93942019-03-04 12:45:07 -0600[diff] [blame]111 Redfish.Get ${saved_session_info["location"]} valid_status_codes=[${HTTP_UNAUTHORIZED}]
George Keishing0b9d8ab2019-02-20 14:02:41 -0600[diff] [blame]112
113
George Keishing9edf5bc2019-04-09 15:07:28 -0500[diff] [blame]114Login And Verify HTTP Response Header
115 [Documentation] Login and verify redfish HTTP response header.
116 [Tags] Login_And_Verify_HTTP_Response_Header
117
118 # Example of HTTP redfish response header.
George Keishingc2837c92023-07-28 20:26:03 +0530[diff] [blame]119 # Strict-Transport-Security: max-age=31536000; includeSubdomains
George Keishing9edf5bc2019-04-09 15:07:28 -0500[diff] [blame]120 # X-Frame-Options: DENY
121 # Pragma: no-cache
George Keishingc2837c92023-07-28 20:26:03 +0530[diff] [blame]122 # Cache-Control: no-store, max-age=0
George Keishing9edf5bc2019-04-09 15:07:28 -0500[diff] [blame]123 # X-Content-Type-Options: nosniff
George Keishingc2837c92023-07-28 20:26:03 +0530[diff] [blame]124 # Referrer-Policy: no-referrer
125 # X-Permitted-Cross-Domain-Policies: none
126 # Cross-Origin-Embedder-Policy: require-corp
127 # Cross-Origin-Opener-Policy: same-origin
128 # Cross-Origin-Resource-Policy: same-origin
129 # Content-Security-Policy: default-src 'none'; img-src 'self' data:; font-src 'self'; style-src 'self'; script-src 'self'; connect-src 'self' wss:; form-action 'none'; frame-ancestors 'none'; object-src 'none'; base-uri 'none'
130
George Keishing9edf5bc2019-04-09 15:07:28 -0500[diff] [blame]131
Michael Walsh0d5f96a2019-05-20 10:09:57 -0500[diff] [blame]132 Rprint Vars header_requirements fmt=1
George Keishing9edf5bc2019-04-09 15:07:28 -0500[diff] [blame]133
134 Redfish.Login
135 ${resp}= Redfish.Get /redfish/v1/SessionService/Sessions
136
137 # The getheaders() method returns the headers as a list of tuples:
138 # headers:
George Keishingc2837c92023-07-28 20:26:03 +0530[diff] [blame]139
140 # [Strict-Transport-Security]: max-age=31536000; includeSubdomains
141 # [X-Frame-Options]: DENY
142 # [Pragma]: no-cache
143 # [Cache-Control]: no-store, max-age=0
144 # [X-Content-Type-Options]: nosniff
145 # [Referrer-Policy]: no-referrer
146 # [X-Permitted-Cross-Domain-Policies]: none
147 # [Cross-Origin-Embedder-Policy]: require-corp
148 # [Cross-Origin-Opener-Policy]: same-origin
149 # [Cross-Origin-Resource-Policy]: same-origin
150 # [Content-Security-Policy]: default-src 'none'; img-src 'self' data:; font-src 'self'; style-src 'self'; script-src 'self'; connect-src 'self' wss:; form-action 'none'; frame-ancestors 'none'; object-src 'none'; base-uri 'none'
151 # [Content-Type]: application/json
152 # [Content-Length]: 394
George Keishing9edf5bc2019-04-09 15:07:28 -0500[diff] [blame]153
154 ${headers}= Key Value List To Dict ${resp.getheaders()}
Michael Walsh0d5f96a2019-05-20 10:09:57 -0500[diff] [blame]155 Rprint Vars headers fmt=1
George Keishing9edf5bc2019-04-09 15:07:28 -0500[diff] [blame]156
157 Dictionary Should Contain Sub Dictionary ${headers} ${header_requirements}
158
159
George Keishing4c394012019-02-01 06:03:02 -0600[diff] [blame]160*** Keywords ***
161
162Login And Verify Redfish Response
163 [Documentation] Login and verify redfish response.
George Keishing32616042022-09-22 05:25:39 -0500[diff] [blame]164 [Arguments] ${username} ${password} ${expected_response}
George Keishing4c394012019-02-01 06:03:02 -0600[diff] [blame]165
166 # Description of arguments:
George Keishing32616042022-09-22 05:25:39 -0500[diff] [blame]167 # expected_response Expected REST status.
168 # username The username to be used to connect to the server.
169 # password The password to be used to connect to the server.
George Keishing4c394012019-02-01 06:03:02 -0600[diff] [blame]170
George Keishing5e6515e2019-03-12 14:22:33 -0500[diff] [blame]171 # The redfish object may preserve a valid username or password from the
172 # last failed login attempt. If we then try to login with a null username
173 # or password value, the redfish object may prefer the preserved value.
174 # Since we're testing bad path, we wish to avoid this scenario so we will
175 # clear these values.
176
177 Redfish.Set Username ${EMPTY}
178 Redfish.Set Password ${EMPTY}
179
George Keishing32616042022-09-22 05:25:39 -0500[diff] [blame]180 ${msg}= Run Keyword And Expect Error * Redfish.Login ${username} ${password}
181
182 # redfish package version <=3.1.6 default response is InvalidCredentialsError.
183 Should Contain Any ${msg} InvalidCredentialsError ${expected_response}
George Keishing374e6842019-02-20 08:57:18 -0600[diff] [blame]184
185
186Create New Login Session
187 [Documentation] Multiple login session keys.
188
George Keishing97c93942019-03-04 12:45:07 -0600[diff] [blame]189 Redfish.Login
George Keishing374e6842019-02-20 08:57:18 -0600[diff] [blame]190 ${session_info}= Get Redfish Session Info
191
192 # Append the session location to the list.
193 # ['/redfish/v1/SessionService/Sessions/uDzihgDecs',
194 # '/redfish/v1/SessionService/Sessions/PaHF5brPPd']
195 Append To List ${session_list} ${session_info["location"]}
196
197
198Multiple Session Cleanup
199 [Documentation] Do the teardown for multiple sessions.
200
201 FFDC On Test Case Fail
202
Sushil Singh50621142020-06-16 11:12:21 -0500[diff] [blame]203 FOR ${item} IN @{session_list}
204 Redfish.Delete ${item}
205 END