1*** Settings *** 2Documentation Test Redfish service root login security. 3 4Resource ../../lib/bmc_redfish_resource.robot 5Resource ../../lib/openbmc_ffdc.robot 6 7Test Teardown FFDC On Test Case Fail 8Test Setup Printn 9 10*** Variables *** 11 12${LOGIN_SESSION_COUNT} ${50} 13 14&{header_requirements} Strict-Transport-Security=max-age=31536000; includeSubdomains 15... X-Frame-Options=DENY 16... Pragma=no-cache 17... Cache-Control=no-store, max-age=0 18... Referrer-Policy=no-referrer 19... X-Content-Type-Options=nosniff 20... X-Permitted-Cross-Domain-Policies=none 21... Cross-Origin-Embedder-Policy=require-corp 22... Cross-Origin-Opener-Policy=same-origin 23... Cross-Origin-Resource-Policy=same-origin 24... Content-Security-Policy=default-src 'none'; img-src 'self' data:; font-src 'self'; style-src 'self'; script-src 'self'; connect-src 'self' wss:; form-action 'none'; frame-ancestors 'none'; object-src 'none'; base-uri 'none' 25 26*** Test Cases *** 27 28Redfish Login With Invalid Credentials 29 [Documentation] Login to BMC web using invalid credential. 30 [Tags] Redfish_Login_With_Invalid_Credentials 31 [Template] Login And Verify Redfish Response 32 33 # Username Password Expect status 34 ${OPENBMC_USERNAME} deadpassword InvalidCredentialsError 35 groot ${OPENBMC_PASSWORD} InvalidCredentialsError 36 ${EMPTY} ${OPENBMC_PASSWORD} SessionCreationError 37 ${OPENBMC_USERNAME} ${EMPTY} SessionCreationError 38 ${EMPTY} ${EMPTY} SessionCreationError 39 40 41Redfish Login Using Unsecured HTTP 42 [Documentation] Login to BMC web through http unsecured. 43 [Tags] Redfish_Login_Using_Unsecured_HTTP 44 45 Create Session openbmc http://${OPENBMC_HOST} 46 ${data}= Create Dictionary 47 ... UserName=${OPENBMC_USERNAME} Password=${OPENBMC_PASSWORD} 48 49 ${headers}= Create Dictionary Content-Type=application/json 50 51 Run Keyword And Expect Error *Connection refused* 52 ... POST On Session openbmc /redfish/v1/SessionService/Sessions 53 ... data=${data} headers=${headers} 54 55 56Redfish Login Using HTTPS Wrong Port 80 Protocol 57 [Documentation] Login to BMC web through wrong protocol port 80. 58 [Tags] Redfish_Login_Using_HTTPS_Wrong_Port_80_Protocol 59 60 Create Session openbmc https://${OPENBMC_HOST}:80 61 ${data}= Create Dictionary 62 ... UserName=${OPENBMC_USERNAME} Password=${OPENBMC_PASSWORD} 63 64 ${headers}= Create Dictionary Content-Type=application/json 65 66 Run Keyword And Expect Error *Connection refused* 67 ... POST On Session openbmc /redfish/v1/SessionService/Sessions 68 ... data=${data} headers=${headers} 69 70 71Create Multiple Login Sessions And Verify 72 [Documentation] Create 50 login instances and verify. 73 [Tags] Create_Multiple_Login_Sessions_And_Verify 74 [Teardown] Run Keyword And Ignore Error Multiple Session Cleanup 75 76 Redfish.Login 77 # Example: 78 # { 79 # 'key': 'L0XEsZAXpNdF147jJaOD', 80 # 'location': '/redfish/v1/SessionService/Sessions/qWn2JOJSOs' 81 # } 82 ${saved_session_info}= Get Redfish Session Info 83 84 # Sessions book keeping for cleanup once done. 85 ${session_list}= Create List 86 Set Test Variable ${session_list} 87 88 Repeat Keyword ${LOGIN_SESSION_COUNT} times Create New Login Session 89 90 # Update the redfish session object with the first login key and location 91 # and verify if it is still working. 92 Redfish.Set Session Key ${saved_session_info["key"]} 93 Redfish.Set Session Location ${saved_session_info["location"]} 94 Redfish.Get ${saved_session_info["location"]} 95 96 97Attempt Login With Expired Session 98 [Documentation] Authenticate to redfish, then log out and attempt to 99 ... use the session. 100 [Tags] Attempt_Login_With_Expired_Session 101 102 Redfish.Login 103 ${saved_session_info}= Get Redfish Session Info 104 Redfish.Logout 105 106 # Attempt login with expired session. 107 # By default 60 minutes of inactivity closes the session. 108 Redfish.Set Session Key ${saved_session_info["key"]} 109 Redfish.Set Session Location ${saved_session_info["location"]} 110 111 Redfish.Get ${saved_session_info["location"]} valid_status_codes=[${HTTP_UNAUTHORIZED}] 112 113 114Login And Verify HTTP Response Header 115 [Documentation] Login and verify redfish HTTP response header. 116 [Tags] Login_And_Verify_HTTP_Response_Header 117 118 # Example of HTTP redfish response header. 119 # Strict-Transport-Security: max-age=31536000; includeSubdomains 120 # X-Frame-Options: DENY 121 # Pragma: no-cache 122 # Cache-Control: no-store, max-age=0 123 # X-Content-Type-Options: nosniff 124 # Referrer-Policy: no-referrer 125 # X-Permitted-Cross-Domain-Policies: none 126 # Cross-Origin-Embedder-Policy: require-corp 127 # Cross-Origin-Opener-Policy: same-origin 128 # Cross-Origin-Resource-Policy: same-origin 129 # Content-Security-Policy: default-src 'none'; img-src 'self' data:; font-src 'self'; style-src 'self'; script-src 'self'; connect-src 'self' wss:; form-action 'none'; frame-ancestors 'none'; object-src 'none'; base-uri 'none' 130 131 132 Rprint Vars header_requirements fmt=1 133 134 Redfish.Login 135 ${resp}= Redfish.Get /redfish/v1/SessionService/Sessions 136 137 # The getheaders() method returns the headers as a list of tuples: 138 # headers: 139 140 # [Strict-Transport-Security]: max-age=31536000; includeSubdomains 141 # [X-Frame-Options]: DENY 142 # [Pragma]: no-cache 143 # [Cache-Control]: no-store, max-age=0 144 # [X-Content-Type-Options]: nosniff 145 # [Referrer-Policy]: no-referrer 146 # [X-Permitted-Cross-Domain-Policies]: none 147 # [Cross-Origin-Embedder-Policy]: require-corp 148 # [Cross-Origin-Opener-Policy]: same-origin 149 # [Cross-Origin-Resource-Policy]: same-origin 150 # [Content-Security-Policy]: default-src 'none'; img-src 'self' data:; font-src 'self'; style-src 'self'; script-src 'self'; connect-src 'self' wss:; form-action 'none'; frame-ancestors 'none'; object-src 'none'; base-uri 'none' 151 # [Content-Type]: application/json 152 # [Content-Length]: 394 153 154 ${headers}= Key Value List To Dict ${resp.getheaders()} 155 Rprint Vars headers fmt=1 156 157 Dictionary Should Contain Sub Dictionary ${headers} ${header_requirements} 158 159 160*** Keywords *** 161 162Login And Verify Redfish Response 163 [Documentation] Login and verify redfish response. 164 [Arguments] ${username} ${password} ${expected_response} 165 166 # Description of arguments: 167 # expected_response Expected REST status. 168 # username The username to be used to connect to the server. 169 # password The password to be used to connect to the server. 170 171 # The redfish object may preserve a valid username or password from the 172 # last failed login attempt. If we then try to login with a null username 173 # or password value, the redfish object may prefer the preserved value. 174 # Since we're testing bad path, we wish to avoid this scenario so we will 175 # clear these values. 176 177 Redfish.Set Username ${EMPTY} 178 Redfish.Set Password ${EMPTY} 179 180 ${msg}= Run Keyword And Expect Error * Redfish.Login ${username} ${password} 181 182 # redfish package version <=3.1.6 default response is InvalidCredentialsError. 183 Should Contain Any ${msg} InvalidCredentialsError ${expected_response} 184 185 186Create New Login Session 187 [Documentation] Multiple login session keys. 188 189 Redfish.Login 190 ${session_info}= Get Redfish Session Info 191 192 # Append the session location to the list. 193 # ['/redfish/v1/SessionService/Sessions/uDzihgDecs', 194 # '/redfish/v1/SessionService/Sessions/PaHF5brPPd'] 195 Append To List ${session_list} ${session_info["location"]} 196 197 198Multiple Session Cleanup 199 [Documentation] Do the teardown for multiple sessions. 200 201 FFDC On Test Case Fail 202 203 FOR ${item} IN @{session_list} 204 Redfish.Delete ${item} 205 END 206