1*** Settings *** 2Documentation Test Redfish service root login security. 3 4Resource ../../lib/bmc_redfish_resource.robot 5Resource ../../lib/openbmc_ffdc.robot 6 7Test Teardown FFDC On Test Case Fail 8Test Setup Printn 9 10*** Variables *** 11 12${LOGIN_SESSION_COUNT} ${50} 13 14&{header_requirements} Strict-Transport-Security=max-age=31536000; includeSubdomains 15... X-Frame-Options=DENY 16... Pragma=no-cache 17... Cache-Control=no-store, max-age=0 18... Referrer-Policy=no-referrer 19... X-Content-Type-Options=nosniff 20... X-Permitted-Cross-Domain-Policies=none 21... Cross-Origin-Embedder-Policy=require-corp 22... Cross-Origin-Opener-Policy=same-origin 23... Cross-Origin-Resource-Policy=same-origin 24... Content-Security-Policy=default-src 'none'; img-src 'self' data:; font-src 'self'; style-src 'self'; script-src 'self'; connect-src 'self' wss:; form-action 'none'; frame-ancestors 'none'; object-src 'none'; base-uri 'none' 25 26${ERROR_RESPONSE_MSG} *Connection refused* 27 28*** Test Cases *** 29 30Redfish Login With Invalid Credentials 31 [Documentation] Login to BMC web using invalid credential. 32 [Tags] Redfish_Login_With_Invalid_Credentials 33 [Template] Login And Verify Redfish Response 34 35 # Username Password Expect status 36 ${OPENBMC_USERNAME} deadpassword InvalidCredentialsError 37 groot ${OPENBMC_PASSWORD} InvalidCredentialsError 38 ${EMPTY} ${OPENBMC_PASSWORD} SessionCreationError 39 ${OPENBMC_USERNAME} ${EMPTY} SessionCreationError 40 ${EMPTY} ${EMPTY} SessionCreationError 41 42 43Redfish Login Using Unsecured HTTP 44 [Documentation] Login to BMC web through http unsecured. 45 [Tags] Redfish_Login_Using_Unsecured_HTTP 46 47 Create Session openbmc http://${OPENBMC_HOST} 48 ${data}= Create Dictionary 49 ... UserName=${OPENBMC_USERNAME} Password=${OPENBMC_PASSWORD} 50 51 ${headers}= Create Dictionary Content-Type=application/json 52 53 Run Keyword And Expect Error *Connection refused* 54 ... POST On Session openbmc /redfish/v1/SessionService/Sessions 55 ... data=${data} headers=${headers} 56 57 58Redfish Login Using HTTPS Wrong Port 80 Protocol 59 [Documentation] Login to BMC web through wrong protocol port 80. 60 [Tags] Redfish_Login_Using_HTTPS_Wrong_Port_80_Protocol 61 62 Create Session openbmc https://${OPENBMC_HOST}:80 63 ${data}= Create Dictionary 64 ... UserName=${OPENBMC_USERNAME} Password=${OPENBMC_PASSWORD} 65 66 ${headers}= Create Dictionary Content-Type=application/json 67 68 Run Keyword And Expect Error ${ERROR_RESPONSE_MSG} 69 ... POST On Session openbmc /redfish/v1/SessionService/Sessions 70 ... data=${data} headers=${headers} 71 72 73Create Multiple Login Sessions And Verify 74 [Documentation] Create 50 login instances and verify. 75 [Tags] Create_Multiple_Login_Sessions_And_Verify 76 [Teardown] Run Keyword And Ignore Error Multiple Session Cleanup 77 78 Redfish.Login 79 # Example: 80 # { 81 # 'key': 'L0XEsZAXpNdF147jJaOD', 82 # 'location': '/redfish/v1/SessionService/Sessions/qWn2JOJSOs' 83 # } 84 ${saved_session_info}= Get Redfish Session Info 85 86 # Sessions book keeping for cleanup once done. 87 ${session_list}= Create List 88 Set Test Variable ${session_list} 89 90 Repeat Keyword ${LOGIN_SESSION_COUNT} times Create New Login Session 91 92 # Update the redfish session object with the first login key and location 93 # and verify if it is still working. 94 Redfish.Set Session Key ${saved_session_info["key"]} 95 Redfish.Set Session Location ${saved_session_info["location"]} 96 Redfish.Get ${saved_session_info["location"]} 97 98 99Attempt Login With Expired Session 100 [Documentation] Authenticate to redfish, then log out and attempt to 101 ... use the session. 102 [Tags] Attempt_Login_With_Expired_Session 103 104 Redfish.Login 105 ${saved_session_info}= Get Redfish Session Info 106 Redfish.Logout 107 108 # Attempt login with expired session. 109 # By default 60 minutes of inactivity closes the session. 110 Redfish.Set Session Key ${saved_session_info["key"]} 111 Redfish.Set Session Location ${saved_session_info["location"]} 112 113 Redfish.Get ${saved_session_info["location"]} valid_status_codes=[${HTTP_UNAUTHORIZED}] 114 115 116Login And Verify HTTP Response Header 117 [Documentation] Login and verify redfish HTTP response header. 118 [Tags] Login_And_Verify_HTTP_Response_Header 119 120 # Example of HTTP redfish response header. 121 # Strict-Transport-Security: max-age=31536000; includeSubdomains 122 # X-Frame-Options: DENY 123 # Pragma: no-cache 124 # Cache-Control: no-store, max-age=0 125 # X-Content-Type-Options: nosniff 126 # Referrer-Policy: no-referrer 127 # X-Permitted-Cross-Domain-Policies: none 128 # Cross-Origin-Embedder-Policy: require-corp 129 # Cross-Origin-Opener-Policy: same-origin 130 # Cross-Origin-Resource-Policy: same-origin 131 # Content-Security-Policy: default-src 'none'; img-src 'self' data:; font-src 'self'; style-src 'self'; script-src 'self'; connect-src 'self' wss:; form-action 'none'; frame-ancestors 'none'; object-src 'none'; base-uri 'none' 132 133 134 Rprint Vars header_requirements fmt=1 135 136 Redfish.Login 137 ${resp}= Redfish.Get /redfish/v1/SessionService/Sessions 138 139 # The getheaders() method returns the headers as a list of tuples: 140 # headers: 141 142 # [Strict-Transport-Security]: max-age=31536000; includeSubdomains 143 # [X-Frame-Options]: DENY 144 # [Pragma]: no-cache 145 # [Cache-Control]: no-store, max-age=0 146 # [X-Content-Type-Options]: nosniff 147 # [Referrer-Policy]: no-referrer 148 # [X-Permitted-Cross-Domain-Policies]: none 149 # [Cross-Origin-Embedder-Policy]: require-corp 150 # [Cross-Origin-Opener-Policy]: same-origin 151 # [Cross-Origin-Resource-Policy]: same-origin 152 # [Content-Security-Policy]: default-src 'none'; img-src 'self' data:; font-src 'self'; style-src 'self'; script-src 'self'; connect-src 'self' wss:; form-action 'none'; frame-ancestors 'none'; object-src 'none'; base-uri 'none' 153 # [Content-Type]: application/json 154 # [Content-Length]: 394 155 156 ${headers}= Key Value List To Dict ${resp.getheaders()} 157 Rprint Vars headers fmt=1 158 159 Dictionary Should Contain Sub Dictionary ${headers} ${header_requirements} 160 161 162*** Keywords *** 163 164Login And Verify Redfish Response 165 [Documentation] Login and verify redfish response. 166 [Arguments] ${username} ${password} ${expected_response} 167 168 # Description of arguments: 169 # expected_response Expected REST status. 170 # username The username to be used to connect to the server. 171 # password The password to be used to connect to the server. 172 173 # The redfish object may preserve a valid username or password from the 174 # last failed login attempt. If we then try to login with a null username 175 # or password value, the redfish object may prefer the preserved value. 176 # Since we're testing bad path, we wish to avoid this scenario so we will 177 # clear these values. 178 179 Redfish.Set Username ${EMPTY} 180 Redfish.Set Password ${EMPTY} 181 182 ${msg}= Run Keyword And Expect Error * Redfish.Login ${username} ${password} 183 184 # redfish package version <=3.1.6 default response is InvalidCredentialsError. 185 Should Contain Any ${msg} InvalidCredentialsError ${expected_response} 186 187 188Create New Login Session 189 [Documentation] Multiple login session keys. 190 191 Redfish.Login 192 ${session_info}= Get Redfish Session Info 193 194 # Append the session location to the list. 195 # ['/redfish/v1/SessionService/Sessions/uDzihgDecs', 196 # '/redfish/v1/SessionService/Sessions/PaHF5brPPd'] 197 Append To List ${session_list} ${session_info["location"]} 198 199 200Multiple Session Cleanup 201 [Documentation] Do the teardown for multiple sessions. 202 203 FFDC On Test Case Fail 204 205 FOR ${item} IN @{session_list} 206 Redfish.Delete ${item} 207 END 208