George Keishing | 4c39401 | 2019-02-01 06:03:02 -0600 | [diff] [blame] | 1 | *** Settings *** |
Joy Onyerikwu | dbfe97d | 2019-03-11 19:44:56 -0500 | [diff] [blame] | 2 | Documentation Test Redfish service root login security. |
| 3 | |
George Keishing | 8560990 | 2019-02-18 07:24:24 -0600 | [diff] [blame] | 4 | Resource ../../lib/resource.robot |
George Keishing | 4c39401 | 2019-02-01 06:03:02 -0600 | [diff] [blame] | 5 | Resource ../../lib/bmc_redfish_resource.robot |
George Keishing | 3298d5c | 2019-02-12 06:59:25 -0600 | [diff] [blame] | 6 | Resource ../../lib/openbmc_ffdc.robot |
| 7 | |
| 8 | Test Teardown FFDC On Test Case Fail |
Michael Walsh | c108e42 | 2019-03-28 12:27:18 -0500 | [diff] [blame] | 9 | Test Setup Printn |
George Keishing | 4c39401 | 2019-02-01 06:03:02 -0600 | [diff] [blame] | 10 | |
George Keishing | 374e684 | 2019-02-20 08:57:18 -0600 | [diff] [blame] | 11 | *** Variables *** |
| 12 | |
| 13 | ${LOGIN_SESSION_COUNT} ${50} |
| 14 | |
George Keishing | 35e0bba | 2019-06-04 13:10:55 -0500 | [diff] [blame] | 15 | &{header_requirements} Strict-Transport-Security=max-age=31536000; includeSubdomains; preload |
| 16 | ... X-Frame-Options=DENY |
| 17 | ... Pragma=no-cache |
| 18 | ... Cache-Control=no-Store,no-Cache |
George Keishing | a50d7fd | 2019-09-13 01:02:05 -0500 | [diff] [blame] | 19 | ... Content-Security-Policy=default-src 'none'; img-src 'self' data:; font-src 'self'; style-src 'self'; script-src 'self'; connect-src 'self' wss: |
George Keishing | 35e0bba | 2019-06-04 13:10:55 -0500 | [diff] [blame] | 20 | ... X-XSS-Protection=1; mode=block |
| 21 | ... X-Content-Type-Options=nosniff |
George Keishing | 9edf5bc | 2019-04-09 15:07:28 -0500 | [diff] [blame] | 22 | |
George Keishing | 4c39401 | 2019-02-01 06:03:02 -0600 | [diff] [blame] | 23 | *** Test Cases *** |
| 24 | |
George Keishing | 5ee33d9 | 2019-02-02 12:33:25 -0600 | [diff] [blame] | 25 | Redfish Login With Invalid Credentials |
George Keishing | 4c39401 | 2019-02-01 06:03:02 -0600 | [diff] [blame] | 26 | [Documentation] Login to BMC web using invalid credential. |
George Keishing | 5ee33d9 | 2019-02-02 12:33:25 -0600 | [diff] [blame] | 27 | [Tags] Redfish_Login_With_Invalid_Credentials |
George Keishing | 4c39401 | 2019-02-01 06:03:02 -0600 | [diff] [blame] | 28 | [Template] Login And Verify Redfish Response |
| 29 | |
| 30 | # Expect status Username Password |
| 31 | InvalidCredentialsError* ${OPENBMC_USERNAME} deadpassword |
| 32 | InvalidCredentialsError* groot ${OPENBMC_PASSWORD} |
| 33 | InvalidCredentialsError* ${EMPTY} ${OPENBMC_PASSWORD} |
| 34 | InvalidCredentialsError* ${OPENBMC_USERNAME} ${EMPTY} |
| 35 | InvalidCredentialsError* ${EMPTY} ${EMPTY} |
| 36 | |
| 37 | |
George Keishing | 5ee33d9 | 2019-02-02 12:33:25 -0600 | [diff] [blame] | 38 | Redfish Login Using Unsecured HTTP |
George Keishing | a811693 | 2019-02-05 11:51:47 -0600 | [diff] [blame] | 39 | [Documentation] Login to BMC web through http unsecured. |
George Keishing | 5ee33d9 | 2019-02-02 12:33:25 -0600 | [diff] [blame] | 40 | [Tags] Redfish_Login_Using_Unsecured_HTTP |
George Keishing | a811693 | 2019-02-05 11:51:47 -0600 | [diff] [blame] | 41 | |
| 42 | Create Session openbmc http://${OPENBMC_HOST} |
| 43 | ${data}= Create Dictionary |
| 44 | ... UserName=${OPENBMC_USERNAME} Password=${OPENBMC_PASSWORD} |
| 45 | |
| 46 | ${headers}= Create Dictionary Content-Type=application/json |
| 47 | |
| 48 | Run Keyword And Expect Error *Connection refused* |
| 49 | ... Post Request openbmc /redfish/v1/SessionService/Sessions |
| 50 | ... data=${data} headers=${headers} |
| 51 | |
| 52 | |
George Keishing | b2f0734 | 2019-02-09 05:21:45 -0600 | [diff] [blame] | 53 | Redfish Login Using HTTPS Wrong Port 80 Protocol |
| 54 | [Documentation] Login to BMC web through wrong protocol port 80. |
| 55 | [Tags] Redfish_Login_Using_HTTPS_Wrong_Port_80_Protocol |
| 56 | |
| 57 | Create Session openbmc https://${OPENBMC_HOST}:80 |
| 58 | ${data}= Create Dictionary |
| 59 | ... UserName=${OPENBMC_USERNAME} Password=${OPENBMC_PASSWORD} |
| 60 | |
| 61 | ${headers}= Create Dictionary Content-Type=application/json |
| 62 | |
| 63 | Run Keyword And Expect Error *Connection refused* |
| 64 | ... Post Request openbmc /redfish/v1/SessionService/Sessions |
| 65 | ... data=${data} headers=${headers} |
| 66 | |
| 67 | |
George Keishing | 374e684 | 2019-02-20 08:57:18 -0600 | [diff] [blame] | 68 | Create Multiple Login Sessions And Verify |
| 69 | [Documentation] Create 50 login instances and verify. |
| 70 | [Tags] Create_Multiple_Login_Sessions_And_Verify |
| 71 | [Teardown] Multiple Session Cleanup |
| 72 | |
George Keishing | 97c9394 | 2019-03-04 12:45:07 -0600 | [diff] [blame] | 73 | Redfish.Login |
George Keishing | 374e684 | 2019-02-20 08:57:18 -0600 | [diff] [blame] | 74 | # Example: |
| 75 | # { |
| 76 | # 'key': 'L0XEsZAXpNdF147jJaOD', |
| 77 | # 'location': '/redfish/v1/SessionService/Sessions/qWn2JOJSOs' |
| 78 | # } |
George Keishing | 0b9d8ab | 2019-02-20 14:02:41 -0600 | [diff] [blame] | 79 | ${saved_session_info}= Get Redfish Session Info |
George Keishing | 374e684 | 2019-02-20 08:57:18 -0600 | [diff] [blame] | 80 | |
| 81 | # Sessions book keeping for cleanup once done. |
| 82 | ${session_list}= Create List |
| 83 | Set Test Variable ${session_list} |
| 84 | |
| 85 | Repeat Keyword ${LOGIN_SESSION_COUNT} times Create New Login Session |
| 86 | |
| 87 | # Update the redfish session object with the first login key and location |
| 88 | # and verify if it is still working. |
George Keishing | 97c9394 | 2019-03-04 12:45:07 -0600 | [diff] [blame] | 89 | Redfish.Set Session Key ${saved_session_info["key"]} |
| 90 | Redfish.Set Session Location ${saved_session_info["location"]} |
| 91 | Redfish.Get ${saved_session_info["location"]} |
George Keishing | 374e684 | 2019-02-20 08:57:18 -0600 | [diff] [blame] | 92 | |
| 93 | |
George Keishing | 0b9d8ab | 2019-02-20 14:02:41 -0600 | [diff] [blame] | 94 | Attempt Login With Expired Session |
| 95 | [Documentation] Authenticate to redfish, then log out and attempt to |
| 96 | ... use the session. |
| 97 | [Tags] Attempt_Login_With_Expired_Session |
| 98 | |
George Keishing | 97c9394 | 2019-03-04 12:45:07 -0600 | [diff] [blame] | 99 | Redfish.Login |
George Keishing | 0b9d8ab | 2019-02-20 14:02:41 -0600 | [diff] [blame] | 100 | ${saved_session_info}= Get Redfish Session Info |
George Keishing | 97c9394 | 2019-03-04 12:45:07 -0600 | [diff] [blame] | 101 | Redfish.Logout |
George Keishing | 0b9d8ab | 2019-02-20 14:02:41 -0600 | [diff] [blame] | 102 | |
| 103 | # Attempt login with expired session. |
| 104 | # By default 60 minutes of inactivity closes the session. |
George Keishing | 97c9394 | 2019-03-04 12:45:07 -0600 | [diff] [blame] | 105 | Redfish.Set Session Key ${saved_session_info["key"]} |
| 106 | Redfish.Set Session Location ${saved_session_info["location"]} |
George Keishing | 0b9d8ab | 2019-02-20 14:02:41 -0600 | [diff] [blame] | 107 | |
George Keishing | 97c9394 | 2019-03-04 12:45:07 -0600 | [diff] [blame] | 108 | Redfish.Get ${saved_session_info["location"]} valid_status_codes=[${HTTP_UNAUTHORIZED}] |
George Keishing | 0b9d8ab | 2019-02-20 14:02:41 -0600 | [diff] [blame] | 109 | |
| 110 | |
George Keishing | 9edf5bc | 2019-04-09 15:07:28 -0500 | [diff] [blame] | 111 | Login And Verify HTTP Response Header |
| 112 | [Documentation] Login and verify redfish HTTP response header. |
| 113 | [Tags] Login_And_Verify_HTTP_Response_Header |
| 114 | |
| 115 | # Example of HTTP redfish response header. |
| 116 | # Strict-Transport-Security: max-age=31536000; includeSubdomains; preload |
| 117 | # X-Frame-Options: DENY |
| 118 | # Pragma: no-cache |
| 119 | # Cache-Control: no-Store,no-Cache |
| 120 | # Content-Security-Policy: default-src 'self'; img-src 'self' data: |
| 121 | # X-XSS-Protection: 1; mode=block |
| 122 | # X-Content-Type-Options: nosniff |
| 123 | |
Michael Walsh | 0d5f96a | 2019-05-20 10:09:57 -0500 | [diff] [blame] | 124 | Rprint Vars header_requirements fmt=1 |
George Keishing | 9edf5bc | 2019-04-09 15:07:28 -0500 | [diff] [blame] | 125 | |
| 126 | Redfish.Login |
| 127 | ${resp}= Redfish.Get /redfish/v1/SessionService/Sessions |
| 128 | |
| 129 | # The getheaders() method returns the headers as a list of tuples: |
| 130 | # headers: |
| 131 | # [Strict-Transport-Security]: max-age=31536000; includeSubdomains; preload |
| 132 | # [X-Frame-Options]: DENY |
| 133 | # [Pragma]: no-cache |
| 134 | # [Cache-Control]: no-Store,no-Cache |
| 135 | # [Content-Security-Policy]: default-src 'self'; img-src 'self' data: |
| 136 | # [X-XSS-Protection]: 1; mode=block |
| 137 | # [X-Content-Type-Options]: nosniff |
| 138 | # [X-UA-Compatible]: IE=11 |
| 139 | # [Content-Type]: application/json |
| 140 | # [Server]: iBMC |
| 141 | # [Date]: Tue, 16 Apr 2019 17:49:46 GMT |
| 142 | # [Content-Length]: 2177 |
| 143 | |
| 144 | ${headers}= Key Value List To Dict ${resp.getheaders()} |
Michael Walsh | 0d5f96a | 2019-05-20 10:09:57 -0500 | [diff] [blame] | 145 | Rprint Vars headers fmt=1 |
George Keishing | 9edf5bc | 2019-04-09 15:07:28 -0500 | [diff] [blame] | 146 | |
| 147 | Dictionary Should Contain Sub Dictionary ${headers} ${header_requirements} |
| 148 | |
| 149 | |
George Keishing | 4c39401 | 2019-02-01 06:03:02 -0600 | [diff] [blame] | 150 | *** Keywords *** |
| 151 | |
| 152 | Login And Verify Redfish Response |
| 153 | [Documentation] Login and verify redfish response. |
| 154 | [Arguments] ${expected_response} ${username} ${password} |
| 155 | |
| 156 | # Description of arguments: |
| 157 | # expected_response Expected REST status. |
| 158 | # username The username to be used to connect to the server. |
| 159 | # password The password to be used to connect to the server. |
| 160 | |
George Keishing | 5e6515e | 2019-03-12 14:22:33 -0500 | [diff] [blame] | 161 | # The redfish object may preserve a valid username or password from the |
| 162 | # last failed login attempt. If we then try to login with a null username |
| 163 | # or password value, the redfish object may prefer the preserved value. |
| 164 | # Since we're testing bad path, we wish to avoid this scenario so we will |
| 165 | # clear these values. |
| 166 | |
| 167 | Redfish.Set Username ${EMPTY} |
| 168 | Redfish.Set Password ${EMPTY} |
| 169 | |
| 170 | Run Keyword And Expect Error ${expected_response} |
| 171 | ... Redfish.Login ${username} ${password} |
George Keishing | 374e684 | 2019-02-20 08:57:18 -0600 | [diff] [blame] | 172 | |
| 173 | |
| 174 | Create New Login Session |
| 175 | [Documentation] Multiple login session keys. |
| 176 | |
George Keishing | 97c9394 | 2019-03-04 12:45:07 -0600 | [diff] [blame] | 177 | Redfish.Login |
George Keishing | 374e684 | 2019-02-20 08:57:18 -0600 | [diff] [blame] | 178 | ${session_info}= Get Redfish Session Info |
| 179 | |
| 180 | # Append the session location to the list. |
| 181 | # ['/redfish/v1/SessionService/Sessions/uDzihgDecs', |
| 182 | # '/redfish/v1/SessionService/Sessions/PaHF5brPPd'] |
| 183 | Append To List ${session_list} ${session_info["location"]} |
| 184 | |
| 185 | |
| 186 | Multiple Session Cleanup |
| 187 | [Documentation] Do the teardown for multiple sessions. |
| 188 | |
| 189 | FFDC On Test Case Fail |
| 190 | |
| 191 | :FOR ${item} IN @{session_list} |
George Keishing | 97c9394 | 2019-03-04 12:45:07 -0600 | [diff] [blame] | 192 | \ Redfish.Delete ${item} |