xref: /openbmc/openbmc-test-automation/redfish/service_root/test_service_root_security.robot (revision b80523a0845269b84c26cc4f213b22322399f31f)
1*** Settings ***
2Documentation    Test Redfish service root login security.
3
4Resource         ../../lib/resource.robot
5Resource         ../../lib/bmc_redfish_resource.robot
6Resource         ../../lib/openbmc_ffdc.robot
7
8Test Teardown    FFDC On Test Case Fail
9Test Setup       Rprintn
10
11*** Variables ***
12
13${LOGIN_SESSION_COUNT}   ${50}
14
15*** Test Cases ***
16
17Redfish Login With Invalid Credentials
18    [Documentation]  Login to BMC web using invalid credential.
19    [Tags]  Redfish_Login_With_Invalid_Credentials
20    [Template]  Login And Verify Redfish Response
21
22    # Expect status            Username               Password
23    InvalidCredentialsError*   ${OPENBMC_USERNAME}    deadpassword
24    InvalidCredentialsError*   groot                  ${OPENBMC_PASSWORD}
25    InvalidCredentialsError*   ${EMPTY}               ${OPENBMC_PASSWORD}
26    InvalidCredentialsError*   ${OPENBMC_USERNAME}    ${EMPTY}
27    InvalidCredentialsError*   ${EMPTY}               ${EMPTY}
28
29
30Redfish Login Using Unsecured HTTP
31    [Documentation]  Login to BMC web through http unsecured.
32    [Tags]  Redfish_Login_Using_Unsecured_HTTP
33
34    Create Session  openbmc  http://${OPENBMC_HOST}
35    ${data}=  Create Dictionary
36    ...  UserName=${OPENBMC_USERNAME}  Password=${OPENBMC_PASSWORD}
37
38    ${headers}=  Create Dictionary  Content-Type=application/json
39
40    Run Keyword And Expect Error  *Connection refused*
41    ...  Post Request  openbmc  /redfish/v1/SessionService/Sessions
42    ...  data=${data}  headers=${headers}
43
44
45Redfish Login Using HTTPS Wrong Port 80 Protocol
46    [Documentation]  Login to BMC web through wrong protocol port 80.
47    [Tags]  Redfish_Login_Using_HTTPS_Wrong_Port_80_Protocol
48
49    Create Session  openbmc  https://${OPENBMC_HOST}:80
50    ${data}=  Create Dictionary
51    ...  UserName=${OPENBMC_USERNAME}  Password=${OPENBMC_PASSWORD}
52
53    ${headers}=  Create Dictionary  Content-Type=application/json
54
55    Run Keyword And Expect Error  *Connection refused*
56    ...  Post Request  openbmc  /redfish/v1/SessionService/Sessions
57    ...  data=${data}  headers=${headers}
58
59
60Create Multiple Login Sessions And Verify
61    [Documentation]  Create 50 login instances and verify.
62    [Tags]  Create_Multiple_Login_Sessions_And_Verify
63    [Teardown]  Multiple Session Cleanup
64
65    Redfish.Login
66    # Example:
67    #    {
68    #      'key': 'L0XEsZAXpNdF147jJaOD',
69    #      'location': '/redfish/v1/SessionService/Sessions/qWn2JOJSOs'
70    #    }
71    ${saved_session_info}=  Get Redfish Session Info
72
73    # Sessions book keeping for cleanup once done.
74    ${session_list}=  Create List
75    Set Test Variable  ${session_list}
76
77    Repeat Keyword  ${LOGIN_SESSION_COUNT} times  Create New Login Session
78
79    # Update the redfish session object with the first login key and location
80    # and verify if it is still working.
81    Redfish.Set Session Key  ${saved_session_info["key"]}
82    Redfish.Set Session Location  ${saved_session_info["location"]}
83    Redfish.Get  ${saved_session_info["location"]}
84
85
86Attempt Login With Expired Session
87    [Documentation]  Authenticate to redfish, then log out and attempt to
88    ...   use the session.
89    [Tags]  Attempt_Login_With_Expired_Session
90
91    Redfish.Login
92    ${saved_session_info}=  Get Redfish Session Info
93    Redfish.Logout
94
95    # Attempt login with expired session.
96    # By default 60 minutes of inactivity closes the session.
97    Redfish.Set Session Key  ${saved_session_info["key"]}
98    Redfish.Set Session Location  ${saved_session_info["location"]}
99
100    Redfish.Get  ${saved_session_info["location"]}  valid_status_codes=[${HTTP_UNAUTHORIZED}]
101
102
103*** Keywords ***
104
105Login And Verify Redfish Response
106    [Documentation]  Login and verify redfish response.
107    [Arguments]  ${expected_response}  ${username}  ${password}
108
109    # Description of arguments:
110    # expected_response   Expected REST status.
111    # username            The username to be used to connect to the server.
112    # password            The password to be used to connect to the server.
113
114    # The redfish object may preserve a valid username or password from the
115    # last failed login attempt.  If we then try to login with a null username
116    # or password value, the redfish object may prefer the preserved value.
117    # Since we're testing bad path, we wish to avoid this scenario so we will
118    # clear these values.
119
120    Redfish.Set Username  ${EMPTY}
121    Redfish.Set Password  ${EMPTY}
122
123    Run Keyword And Expect Error  ${expected_response}
124    ...  Redfish.Login  ${username}  ${password}
125
126
127Create New Login Session
128    [Documentation]  Multiple login session keys.
129
130    Redfish.Login
131    ${session_info}=  Get Redfish Session Info
132
133    # Append the session location to the list.
134    # ['/redfish/v1/SessionService/Sessions/uDzihgDecs',
135    #  '/redfish/v1/SessionService/Sessions/PaHF5brPPd']
136    Append To List  ${session_list}  ${session_info["location"]}
137
138
139Multiple Session Cleanup
140    [Documentation]  Do the teardown for multiple sessions.
141
142    FFDC On Test Case Fail
143
144    :FOR  ${item}  IN  @{session_list}
145    \  Redfish.Delete  ${item}
146