1*** Settings *** 2Documentation Test Redfish service root login security. 3 4Resource ../../lib/bmc_redfish_resource.robot 5Resource ../../lib/openbmc_ffdc.robot 6 7Test Teardown FFDC On Test Case Fail 8Test Setup Printn 9 10Test Tags Service_Root_Secuirity 11 12*** Variables *** 13 14${LOGIN_SESSION_COUNT} ${50} 15 16&{header_requirements} Strict-Transport-Security=max-age=31536000; includeSubdomains 17... X-Frame-Options=DENY 18... Pragma=no-cache 19... Cache-Control=no-store, max-age=0 20... Referrer-Policy=no-referrer 21... X-Content-Type-Options=nosniff 22... X-Permitted-Cross-Domain-Policies=none 23... Cross-Origin-Embedder-Policy=require-corp 24... Cross-Origin-Opener-Policy=same-origin 25... Cross-Origin-Resource-Policy=same-origin 26... Content-Security-Policy=default-src 'none'; img-src 'self' data:; font-src 'self'; style-src 'self'; script-src 'self'; connect-src 'self' wss:; form-action 'none'; frame-ancestors 'none'; object-src 'none'; base-uri 'none' 27 28${ERROR_RESPONSE_MSG} *Connection refused* 29 30*** Test Cases *** 31 32Redfish Login With Invalid Credentials 33 [Documentation] Login to BMC web using invalid credential. 34 [Tags] Redfish_Login_With_Invalid_Credentials 35 [Template] Login And Verify Redfish Response 36 37 # Username Password Expect status 38 ${OPENBMC_USERNAME} deadpassword InvalidCredentialsError 39 groot ${OPENBMC_PASSWORD} InvalidCredentialsError 40 ${EMPTY} ${OPENBMC_PASSWORD} SessionCreationError 41 ${OPENBMC_USERNAME} ${EMPTY} SessionCreationError 42 ${EMPTY} ${EMPTY} SessionCreationError 43 44 45Redfish Login Using Unsecured HTTP 46 [Documentation] Login to BMC web through http unsecured. 47 [Tags] Redfish_Login_Using_Unsecured_HTTP 48 49 Create Session openbmc http://${OPENBMC_HOST} 50 ${data}= Create Dictionary 51 ... UserName=${OPENBMC_USERNAME} Password=${OPENBMC_PASSWORD} 52 53 ${headers}= Create Dictionary Content-Type=application/json 54 55 Run Keyword And Expect Error *Connection refused* 56 ... POST On Session openbmc /redfish/v1/SessionService/Sessions 57 ... data=${data} headers=${headers} 58 59 60Redfish Login Using HTTPS Wrong Port 80 Protocol 61 [Documentation] Login to BMC web through wrong protocol port 80. 62 [Tags] Redfish_Login_Using_HTTPS_Wrong_Port_80_Protocol 63 64 Create Session openbmc https://${OPENBMC_HOST}:80 65 ${data}= Create Dictionary 66 ... UserName=${OPENBMC_USERNAME} Password=${OPENBMC_PASSWORD} 67 68 ${headers}= Create Dictionary Content-Type=application/json 69 70 Run Keyword And Expect Error ${ERROR_RESPONSE_MSG} 71 ... POST On Session openbmc /redfish/v1/SessionService/Sessions 72 ... data=${data} headers=${headers} 73 74 75Create Multiple Login Sessions And Verify 76 [Documentation] Create 50 login instances and verify. 77 [Tags] Create_Multiple_Login_Sessions_And_Verify 78 [Teardown] Run Keyword And Ignore Error Multiple Session Cleanup 79 80 Redfish.Login 81 # Example: 82 # { 83 # 'key': 'L0XEsZAXpNdF147jJaOD', 84 # 'location': '/redfish/v1/SessionService/Sessions/qWn2JOJSOs' 85 # } 86 ${saved_session_info}= Get Redfish Session Info 87 88 # Sessions book keeping for cleanup once done. 89 ${session_list}= Create List 90 Set Test Variable ${session_list} 91 92 Repeat Keyword ${LOGIN_SESSION_COUNT} times Create New Login Session 93 94 # Update the redfish session object with the first login key and location 95 # and verify if it is still working. 96 Redfish.Set Session Key ${saved_session_info["key"]} 97 Redfish.Set Session Location ${saved_session_info["location"]} 98 Redfish.Get ${saved_session_info["location"]} 99 100 101Attempt Login With Expired Session 102 [Documentation] Authenticate to redfish, then log out and attempt to 103 ... use the session. 104 [Tags] Attempt_Login_With_Expired_Session 105 106 Redfish.Login 107 ${saved_session_info}= Get Redfish Session Info 108 Redfish.Logout 109 110 # Attempt login with expired session. 111 # By default 60 minutes of inactivity closes the session. 112 Redfish.Set Session Key ${saved_session_info["key"]} 113 Redfish.Set Session Location ${saved_session_info["location"]} 114 115 Redfish.Get ${saved_session_info["location"]} valid_status_codes=[${HTTP_UNAUTHORIZED}] 116 117 118Login And Verify HTTP Response Header 119 [Documentation] Login and verify redfish HTTP response header. 120 [Tags] Login_And_Verify_HTTP_Response_Header 121 122 # Example of HTTP redfish response header. 123 # Strict-Transport-Security: max-age=31536000; includeSubdomains 124 # X-Frame-Options: DENY 125 # Pragma: no-cache 126 # Cache-Control: no-store, max-age=0 127 # X-Content-Type-Options: nosniff 128 # Referrer-Policy: no-referrer 129 # X-Permitted-Cross-Domain-Policies: none 130 # Cross-Origin-Embedder-Policy: require-corp 131 # Cross-Origin-Opener-Policy: same-origin 132 # Cross-Origin-Resource-Policy: same-origin 133 # Content-Security-Policy: default-src 'none'; img-src 'self' data:; font-src 'self'; style-src 'self'; script-src 'self'; connect-src 'self' wss:; form-action 'none'; frame-ancestors 'none'; object-src 'none'; base-uri 'none' 134 135 136 Rprint Vars header_requirements fmt=1 137 138 Redfish.Login 139 ${resp}= Redfish.Get /redfish/v1/SessionService/Sessions 140 141 # The getheaders() method returns the headers as a list of tuples: 142 # headers: 143 144 # [Strict-Transport-Security]: max-age=31536000; includeSubdomains 145 # [X-Frame-Options]: DENY 146 # [Pragma]: no-cache 147 # [Cache-Control]: no-store, max-age=0 148 # [X-Content-Type-Options]: nosniff 149 # [Referrer-Policy]: no-referrer 150 # [X-Permitted-Cross-Domain-Policies]: none 151 # [Cross-Origin-Embedder-Policy]: require-corp 152 # [Cross-Origin-Opener-Policy]: same-origin 153 # [Cross-Origin-Resource-Policy]: same-origin 154 # [Content-Security-Policy]: default-src 'none'; img-src 'self' data:; font-src 'self'; style-src 'self'; script-src 'self'; connect-src 'self' wss:; form-action 'none'; frame-ancestors 'none'; object-src 'none'; base-uri 'none' 155 # [Content-Type]: application/json 156 # [Content-Length]: 394 157 158 ${headers}= Key Value List To Dict ${resp.getheaders()} 159 Rprint Vars headers fmt=1 160 161 Dictionary Should Contain Sub Dictionary ${headers} ${header_requirements} 162 163 164*** Keywords *** 165 166Login And Verify Redfish Response 167 [Documentation] Login and verify redfish response. 168 [Arguments] ${username} ${password} ${expected_response} 169 170 # Description of arguments: 171 # expected_response Expected REST status. 172 # username The username to be used to connect to the server. 173 # password The password to be used to connect to the server. 174 175 # The redfish object may preserve a valid username or password from the 176 # last failed login attempt. If we then try to login with a null username 177 # or password value, the redfish object may prefer the preserved value. 178 # Since we're testing bad path, we wish to avoid this scenario so we will 179 # clear these values. 180 181 Redfish.Set Username ${EMPTY} 182 Redfish.Set Password ${EMPTY} 183 184 ${msg}= Run Keyword And Expect Error * Redfish.Login ${username} ${password} 185 186 # redfish package version <=3.1.6 default response is InvalidCredentialsError. 187 Should Contain Any ${msg} InvalidCredentialsError ${expected_response} 188 189 190Create New Login Session 191 [Documentation] Multiple login session keys. 192 193 Redfish.Login 194 ${session_info}= Get Redfish Session Info 195 196 # Append the session location to the list. 197 # ['/redfish/v1/SessionService/Sessions/uDzihgDecs', 198 # '/redfish/v1/SessionService/Sessions/PaHF5brPPd'] 199 Append To List ${session_list} ${session_info["location"]} 200 201 202Multiple Session Cleanup 203 [Documentation] Do the teardown for multiple sessions. 204 205 FFDC On Test Case Fail 206 207 FOR ${item} IN @{session_list} 208 Redfish.Delete ${item} 209 END 210