xref: /openbmc/openbmc-test-automation/security/test_bmc_connections.robot (revision 037407d32b7ca72f455e7daf70bf8db5502ddd0c)
1*** Settings ***
2Documentation  Connections and authentication module stability tests.
3
4Resource  ../lib/bmc_redfish_resource.robot
5Resource  ../lib/bmc_network_utils.robot
6Resource  ../lib/openbmc_ffdc.robot
7Resource  ../lib/resource.robot
8Resource  ../lib/utils.robot
9Resource  ../lib/connection_client.robot
10Library   ../lib/bmc_network_utils.py
11
12Library   SSHLibrary
13Library   Collections
14Library   XvfbRobot
15Library   OperatingSystem
16Library   Selenium2Library  120  120
17Library   Telnet  30 Seconds
18Library   Screenshot
19
20Variables  ../gui/data/gui_variables.py
21
22*** Variables ***
23
24${iterations}         10000
25${loop_iteration}     ${1000}
26${hostname}           test_hostname
27${MAX_UNAUTH_PER_IP}  ${5}
28${bmc_url}            https://${OPENBMC_HOST}
29
30
31*** Test Cases ***
32
33Test Patch Without Auth Token Fails
34    [Documentation]  Send patch method without auth token and verify it throws an error.
35    [Tags]   Test_Patch_Without_Auth_Token_Fails
36
37    ${active_channel_config}=  Get Active Channel Config
38    ${ethernet_interface}=  Set Variable  ${active_channel_config['${CHANNEL_NUMBER}']['name']}
39
40    Redfish.Patch  ${REDFISH_NW_ETH_IFACE}${ethernet_interface}  body={'HostName': '${hostname}'}
41    ...  valid_status_codes=[${HTTP_UNAUTHORIZED}, ${HTTP_FORBIDDEN}]
42
43
44Flood Patch Without Auth Token And Check Stability Of BMC
45    [Documentation]  Flood patch method without auth token and check BMC stability.
46    [Tags]  Flood_Patch_Without_Auth_Token_And_Check_Stability_Of_BMC
47    @{status_list}=  Create List
48
49    ${active_channel_config}=  Get Active Channel Config
50    ${ethernet_interface}=  Set Variable  ${active_channel_config['${CHANNEL_NUMBER}']['name']}
51
52    FOR  ${i}  IN RANGE  ${1}  ${iterations}
53        Log To Console  ${i}th iteration
54        Run Keyword And Ignore Error
55        ...  Redfish.Patch  ${REDFISH_NW_ETH_IFACE}${ethernet_interface}  body={'HostName': '${hostname}'}
56
57        # Every 100th iteration, check BMC allows patch with auth token.
58        ${status}=  Run Keyword If  ${i} % 100 == 0  Run Keyword And Return Status
59        ...  Login And Configure Hostname
60        Run Keyword If  ${status} == False  Append To List  ${status_list}  ${status}
61    END
62    ${verify_count}=  Evaluate  ${iterations}/100
63    ${fail_count}=  Get Length  ${status_list}
64
65    Should Be Equal  ${fail_count}  0
66    ...  msg=Patch operation failed ${fail_count} times in ${verify_count} attempts
67
68
69Verify Uer Cannot Login After 5 Non-Logged In Sessions
70    [Documentation]  User should not be able to login when there
71    ...  are 5 non-logged in sessions.
72    [Tags]  Verify_User_Cannot_Login_After_5_Non-Logged_In_Sessions
73
74    FOR  ${i}  IN RANGE  ${0}  ${MAX_UNAUTH_PER_IP}
75       SSHLibrary.Open Connection  ${OPENBMC_HOST}
76       Start Process  ssh ${OPENBMC_USERNAME}@${OPENBMC_HOST}  shell=True
77    END
78
79    SSHLibrary.Open Connection  ${OPENBMC_HOST}
80    ${status}=   Run Keyword And Return Status  SSHLibrary.Login  ${OPENBMC_USERNAME}  ${OPENBMC_PASSWORD}
81
82    Should Be Equal  ${status}  ${False}
83
84
85Test Post Without Auth Token Fails
86    [Documentation]  Send post method without auth token and verify it throws an error.
87    [Tags]   Test_Post_Without_Auth_Token_Fails
88
89    ${user_info}=  Create Dictionary
90    ...  UserName=test_user  Password=TestPwd123  RoleId=Operator  Enabled=${True}
91    Redfish.Post  /redfish/v1/AccountService/Accounts/  body=&{user_info}
92    ...  valid_status_codes=[${HTTP_UNAUTHORIZED}, ${HTTP_FORBIDDEN}]
93
94
95Flood Post Without Auth Token And Check Stability Of BMC
96    [Documentation]  Flood post method without auth token and check BMC stability.
97    [Tags]  Flood_Post_Without_Auth_Token_And_Check_Stability_Of_BMC
98
99    @{status_list}=  Create List
100    ${user_info}=  Create Dictionary
101    ...  UserName=test_user  Password=TestPwd123  RoleId=Operator  Enabled=${True}
102
103    FOR  ${i}  IN RANGE  ${1}  ${iterations}
104        Log To Console  ${i}th iteration
105        Run Keyword And Ignore Error
106        ...  Redfish.Post   /redfish/v1/AccountService/Accounts/  body=&{user_info}
107
108        # Every 100th iteration, check BMC allows post with auth token.
109        ${status}=  Run Keyword If  ${i} % 100 == 0  Run Keyword And Return Status
110        ...  Login And Create User
111        Run Keyword If  ${status} == False  Append To List  ${status_list}  ${status}
112    END
113    ${verify_count}=  Evaluate  ${iterations}/100
114    ${fail_count}=  Get Length  ${status_list}
115
116    Should Be Equal  ${fail_count}  0
117    ...  msg=Post operation failed ${fail_count} times in ${verify_count} attempts
118
119
120Make Large Number Of Wrong SSH Login Attempts And Check Stability
121    [Documentation]  Check BMC stability with large number of SSH wrong login requests.
122    [Tags]  Make_Large_Number_Of_Wrong_SSH_Login_Attempts_And_Check_Stability
123    [Setup]  Set Account Lockout Threshold
124    [Teardown]  FFDC On Test Case Fail
125
126    SSHLibrary.Open Connection  ${OPENBMC_HOST}
127    @{ssh_status_list}=  Create List
128    FOR  ${i}  IN RANGE  ${loop_iteration}
129      Log To Console  ${i}th iteration
130      ${invalid_password}=   Catenate  ${OPENBMC_PASSWORD}${i}
131      Run Keyword and Ignore Error
132      ...  Open Connection And Log In  ${OPENBMC_USERNAME}  ${invalid_password}
133
134      # Every 100th iteration Login with correct credentials
135      ${status}=   Run keyword If  ${i} % ${100} == ${0}  Run Keyword And Return Status
136      ...  Open Connection And Log In  ${OPENBMC_USERNAME}  ${OPENBMC_PASSWORD}
137      Run Keyword If  ${status} == ${False}  Append To List  ${ssh_status_list}  ${status}
138      SSHLibrary.Close Connection
139    END
140
141    ${valid_login_count}=  Evaluate  ${iterations}/100
142    ${fail_count}=  Get Length  ${ssh_status_list}
143    Should Be Equal  ${fail_count}  ${0}
144    ...  msg= Login Failed ${fail_count} times in ${valid_login_count} attempts.
145
146
147Test Stability On Large Number Of Wrong Login Attempts To GUI
148    [Documentation]  Test stability on large number of wrong login attempts to GUI.
149    [Tags]   Test_Stability_On_Large_Number_Of_Wrong_Login_Attempts_To_GUI
150
151    @{status_list}=  Create List
152
153    # Open headless browser.
154    Start Virtual Display
155    ${browser_ID}=  Open Browser  ${bmc_url}  alias=browser1
156    Set Window Size  1920  1080
157
158    Go To  ${bmc_url}
159
160    FOR  ${i}  IN RANGE  ${1}  ${iterations}
161        Log To Console  ${i}th login
162        Run Keyword And Ignore Error  Login to GUI With Wrong Credentials
163
164        # Every 100th iteration, check BMC GUI is responsive.
165        ${status}=  Run Keyword If  ${i} % 100 == 0  Run Keyword And Return Status
166        ...  Open Browser  ${bmc_url}
167        Append To List  ${status_list}  ${status}
168        Run Keyword If  '${status}' == 'True'  Run Keywords  Close Browser  AND  Switch Browser  browser1
169    END
170
171    ${fail_count}=  Count Values In List  ${status_list}  False
172    Run Keyword If  ${fail_count} > ${0}  FAIL  Could not open BMC GUI ${fail_count} times
173
174
175*** Keywords ***
176
177Login And Configure Hostname
178    [Documentation]  Login and configure hostname
179
180    [Teardown]  Redfish.Logout
181
182    Redfish.Login
183
184    Redfish.patch  ${REDFISH_NW_PROTOCOL_URI}  body={'HostName': '${hostname}'}
185    ...  valid_status_codes=[${HTTP_OK}, ${HTTP_NO_CONTENT}]
186
187
188Login And Create User
189    [Documentation]  Login and create user
190
191    [Teardown]  Redfish.Logout
192
193    Redfish.Login
194
195    ${user_info}=  Create Dictionary
196    ...  UserName=test_user  Password=TestPwd123  RoleId=Operator  Enabled=${True}
197    Redfish.Post  /redfish/v1/AccountService/Accounts/  body=&{user_info}
198    ...  valid_status_codes=[${HTTP_OK}]
199
200
201Set Account Lockout Threshold
202   [Documentation]  Set user account lockout threshold.
203
204   [Teardown]  Redfish.Logout
205
206   Redfish.Login
207   Redfish.Patch  /redfish/v1/AccountService  body=[('AccountLockoutThreshold', 0)]
208
209
210Login to GUI With Incorrect Credentials
211    [Documentation]  Login to GUI With Wrong Credentials.
212
213    Input Text  ${xpath_textbox_username}  root
214    Input Password  ${xpath_textbox_password}  incorrect_password
215    Click Button  ${xpath_login_button}
216