1*** Settings *** 2Documentation Test Redfish service root login security. 3 4Resource ../../lib/resource.robot 5Resource ../../lib/bmc_redfish_resource.robot 6Resource ../../lib/openbmc_ffdc.robot 7 8Test Teardown FFDC On Test Case Fail 9Test Setup Printn 10 11*** Variables *** 12 13${LOGIN_SESSION_COUNT} ${50} 14 15&{header_requirements} Strict-Transport-Security=max-age=31536000; includeSubdomains; preload 16... X-Frame-Options=DENY 17... Pragma=no-cache 18... Cache-Control=no-Store,no-Cache 19... Content-Security-Policy=default-src 'self'; img-src 'self' data: 20... X-XSS-Protection=1; mode=block 21... X-Content-Type-Options=nosniff 22 23*** Test Cases *** 24 25Redfish Login With Invalid Credentials 26 [Documentation] Login to BMC web using invalid credential. 27 [Tags] Redfish_Login_With_Invalid_Credentials 28 [Template] Login And Verify Redfish Response 29 30 # Expect status Username Password 31 InvalidCredentialsError* ${OPENBMC_USERNAME} deadpassword 32 InvalidCredentialsError* groot ${OPENBMC_PASSWORD} 33 InvalidCredentialsError* ${EMPTY} ${OPENBMC_PASSWORD} 34 InvalidCredentialsError* ${OPENBMC_USERNAME} ${EMPTY} 35 InvalidCredentialsError* ${EMPTY} ${EMPTY} 36 37 38Redfish Login Using Unsecured HTTP 39 [Documentation] Login to BMC web through http unsecured. 40 [Tags] Redfish_Login_Using_Unsecured_HTTP 41 42 Create Session openbmc http://${OPENBMC_HOST} 43 ${data}= Create Dictionary 44 ... UserName=${OPENBMC_USERNAME} Password=${OPENBMC_PASSWORD} 45 46 ${headers}= Create Dictionary Content-Type=application/json 47 48 Run Keyword And Expect Error *Connection refused* 49 ... Post Request openbmc /redfish/v1/SessionService/Sessions 50 ... data=${data} headers=${headers} 51 52 53Redfish Login Using HTTPS Wrong Port 80 Protocol 54 [Documentation] Login to BMC web through wrong protocol port 80. 55 [Tags] Redfish_Login_Using_HTTPS_Wrong_Port_80_Protocol 56 57 Create Session openbmc https://${OPENBMC_HOST}:80 58 ${data}= Create Dictionary 59 ... UserName=${OPENBMC_USERNAME} Password=${OPENBMC_PASSWORD} 60 61 ${headers}= Create Dictionary Content-Type=application/json 62 63 Run Keyword And Expect Error *Connection refused* 64 ... Post Request openbmc /redfish/v1/SessionService/Sessions 65 ... data=${data} headers=${headers} 66 67 68Create Multiple Login Sessions And Verify 69 [Documentation] Create 50 login instances and verify. 70 [Tags] Create_Multiple_Login_Sessions_And_Verify 71 [Teardown] Multiple Session Cleanup 72 73 Redfish.Login 74 # Example: 75 # { 76 # 'key': 'L0XEsZAXpNdF147jJaOD', 77 # 'location': '/redfish/v1/SessionService/Sessions/qWn2JOJSOs' 78 # } 79 ${saved_session_info}= Get Redfish Session Info 80 81 # Sessions book keeping for cleanup once done. 82 ${session_list}= Create List 83 Set Test Variable ${session_list} 84 85 Repeat Keyword ${LOGIN_SESSION_COUNT} times Create New Login Session 86 87 # Update the redfish session object with the first login key and location 88 # and verify if it is still working. 89 Redfish.Set Session Key ${saved_session_info["key"]} 90 Redfish.Set Session Location ${saved_session_info["location"]} 91 Redfish.Get ${saved_session_info["location"]} 92 93 94Attempt Login With Expired Session 95 [Documentation] Authenticate to redfish, then log out and attempt to 96 ... use the session. 97 [Tags] Attempt_Login_With_Expired_Session 98 99 Redfish.Login 100 ${saved_session_info}= Get Redfish Session Info 101 Redfish.Logout 102 103 # Attempt login with expired session. 104 # By default 60 minutes of inactivity closes the session. 105 Redfish.Set Session Key ${saved_session_info["key"]} 106 Redfish.Set Session Location ${saved_session_info["location"]} 107 108 Redfish.Get ${saved_session_info["location"]} valid_status_codes=[${HTTP_UNAUTHORIZED}] 109 110 111Login And Verify HTTP Response Header 112 [Documentation] Login and verify redfish HTTP response header. 113 [Tags] Login_And_Verify_HTTP_Response_Header 114 115 # Example of HTTP redfish response header. 116 # Strict-Transport-Security: max-age=31536000; includeSubdomains; preload 117 # X-Frame-Options: DENY 118 # Pragma: no-cache 119 # Cache-Control: no-Store,no-Cache 120 # Content-Security-Policy: default-src 'self'; img-src 'self' data: 121 # X-XSS-Protection: 1; mode=block 122 # X-Content-Type-Options: nosniff 123 124 Rprint Vars header_requirements fmt=1 125 126 Redfish.Login 127 ${resp}= Redfish.Get /redfish/v1/SessionService/Sessions 128 129 # The getheaders() method returns the headers as a list of tuples: 130 # headers: 131 # [Strict-Transport-Security]: max-age=31536000; includeSubdomains; preload 132 # [X-Frame-Options]: DENY 133 # [Pragma]: no-cache 134 # [Cache-Control]: no-Store,no-Cache 135 # [Content-Security-Policy]: default-src 'self'; img-src 'self' data: 136 # [X-XSS-Protection]: 1; mode=block 137 # [X-Content-Type-Options]: nosniff 138 # [X-UA-Compatible]: IE=11 139 # [Content-Type]: application/json 140 # [Server]: iBMC 141 # [Date]: Tue, 16 Apr 2019 17:49:46 GMT 142 # [Content-Length]: 2177 143 144 ${headers}= Key Value List To Dict ${resp.getheaders()} 145 Rprint Vars headers fmt=1 146 147 Dictionary Should Contain Sub Dictionary ${headers} ${header_requirements} 148 149 150*** Keywords *** 151 152Login And Verify Redfish Response 153 [Documentation] Login and verify redfish response. 154 [Arguments] ${expected_response} ${username} ${password} 155 156 # Description of arguments: 157 # expected_response Expected REST status. 158 # username The username to be used to connect to the server. 159 # password The password to be used to connect to the server. 160 161 # The redfish object may preserve a valid username or password from the 162 # last failed login attempt. If we then try to login with a null username 163 # or password value, the redfish object may prefer the preserved value. 164 # Since we're testing bad path, we wish to avoid this scenario so we will 165 # clear these values. 166 167 Redfish.Set Username ${EMPTY} 168 Redfish.Set Password ${EMPTY} 169 170 Run Keyword And Expect Error ${expected_response} 171 ... Redfish.Login ${username} ${password} 172 173 174Create New Login Session 175 [Documentation] Multiple login session keys. 176 177 Redfish.Login 178 ${session_info}= Get Redfish Session Info 179 180 # Append the session location to the list. 181 # ['/redfish/v1/SessionService/Sessions/uDzihgDecs', 182 # '/redfish/v1/SessionService/Sessions/PaHF5brPPd'] 183 Append To List ${session_list} ${session_info["location"]} 184 185 186Multiple Session Cleanup 187 [Documentation] Do the teardown for multiple sessions. 188 189 FFDC On Test Case Fail 190 191 :FOR ${item} IN @{session_list} 192 \ Redfish.Delete ${item} 193