xref: /openbmc/openbmc-test-automation/security/test_bmc_connections.robot (revision 2ab8e054fa96a970e1b43b9b61bff53250451e26)
1*** Settings ***
2Documentation  Connections and authentication module stability tests.
3
4Resource  ../lib/bmc_redfish_resource.robot
5Resource  ../lib/bmc_network_utils.robot
6Resource  ../lib/openbmc_ffdc.robot
7Resource  ../lib/resource.robot
8Resource  ../lib/utils.robot
9Resource  ../lib/connection_client.robot
10Library   ../lib/bmc_network_utils.py
11
12Library   SSHLibrary
13Library   OperatingSystem
14Library   Collections
15
16*** Variables ***
17
18${iterations}         10000
19${loop_iteration}     ${1000}
20${hostname}           test_hostname
21${MAX_UNAUTH_PER_IP}  ${5}
22
23*** Test Cases ***
24
25Test Patch Without Auth Token Fails
26    [Documentation]  Send patch method without auth token and verify it throws an error.
27    [Tags]   Test_Patch_Without_Auth_Token_Fails
28
29    Redfish.Patch  ${REDFISH_NW_PROTOCOL_URI}  body={'HostName': '${hostname}'}
30    ...  valid_status_codes=[${HTTP_UNAUTHORIZED}, ${HTTP_FORBIDDEN}]
31
32
33Flood Patch Without Auth Token And Check Stability Of BMC
34    [Documentation]  Flood patch method without auth token and check BMC stability.
35    [Tags]  Flood_Patch_Without_Auth_Token_And_Check_Stability_Of_BMC
36    @{status_list}=  Create List
37
38    FOR  ${i}  IN RANGE  ${1}  ${iterations}
39        Log To Console  ${i}th iteration
40        Run Keyword And Ignore Error
41        ...  Redfish.Patch  ${REDFISH_NW_PROTOCOL_URI}  body={'HostName': '${hostname}'}
42
43        # Every 100th iteration, check BMC allows patch with auth token.
44        ${status}=  Run Keyword If  ${i} % 100 == 0  Run Keyword And Return Status
45        ...  Login And Configure Hostname
46        Run Keyword If  ${status} == False  Append To List  ${status_list}  ${status}
47    END
48    ${verify_count}=  Evaluate  ${iterations}/100
49    ${fail_count}=  Get Length  ${status_list}
50
51    Should Be Equal  ${fail_count}  0
52    ...  msg=Patch operation failed ${fail_count} times in ${verify_count} attempts
53
54
55Verify Uer Cannot Login After 5 Non-Logged In Sessions
56    [Documentation]  User should not be able to login when there
57    ...  are 5 non-logged in sessions.
58    [Tags]  Verify_User_Cannot_Login_After_5_Non-Logged_In_Sessions
59
60    FOR  ${i}  IN RANGE  ${0}  ${MAX_UNAUTH_PER_IP}
61       SSHLibrary.Open Connection  ${OPENBMC_HOST}
62       Start Process  ssh ${OPENBMC_USERNAME}@${OPENBMC_HOST}  shell=True
63    END
64
65    SSHLibrary.Open Connection  ${OPENBMC_HOST}
66    ${status}=   Run Keyword And Return Status  SSHLibrary.Login  ${OPENBMC_USERNAME}  ${OPENBMC_PASSWORD}
67
68    Should Be Equal  ${status}  ${False}
69
70
71Test Post Without Auth Token Fails
72    [Documentation]  Send post method without auth token and verify it throws an error.
73    [Tags]   Test_Post_Without_Auth_Token_Fails
74
75    ${user_info}=  Create Dictionary
76    ...  UserName=test_user  Password=TestPwd123  RoleId=Operator  Enabled=${True}
77    Redfish.Post  /redfish/v1/AccountService/Accounts/  body=&{user_info}
78    ...  valid_status_codes=[${HTTP_UNAUTHORIZED}, ${HTTP_FORBIDDEN}]
79
80
81Flood Post Without Auth Token And Check Stability Of BMC
82    [Documentation]  Flood post method without auth token and check BMC stability.
83    [Tags]  Flood_Post_Without_Auth_Token_And_Check_Stability_Of_BMC
84
85    @{status_list}=  Create List
86    ${user_info}=  Create Dictionary
87    ...  UserName=test_user  Password=TestPwd123  RoleId=Operator  Enabled=${True}
88
89    FOR  ${i}  IN RANGE  ${1}  ${iterations}
90        Log To Console  ${i}th iteration
91        Run Keyword And Ignore Error
92        ...  Redfish.Post   /redfish/v1/AccountService/Accounts/  body=&{user_info}
93
94        # Every 100th iteration, check BMC allows post with auth token.
95        ${status}=  Run Keyword If  ${i} % 100 == 0  Run Keyword And Return Status
96        ...  Login And Create User
97        Run Keyword If  ${status} == False  Append To List  ${status_list}  ${status}
98    END
99    ${verify_count}=  Evaluate  ${iterations}/100
100    ${fail_count}=  Get Length  ${status_list}
101
102    Should Be Equal  ${fail_count}  0
103    ...  msg=Post operation failed ${fail_count} times in ${verify_count} attempts
104
105
106Make Large Number Of Wrong SSH Login Attempts And Check Stability
107    [Documentation]  Check BMC stability with large number of SSH wrong login requests.
108    [Tags]  Make_Large_Number_Of_Wrong_SSH_Login_Attempts_And_Check_Stability
109    [Setup]  Set Account Lockout Threshold
110    [Teardown]  FFDC On Test Case Fail
111
112    SSHLibrary.Open Connection  ${OPENBMC_HOST}
113    @{ssh_status_list}=  Create List
114    FOR  ${i}  IN RANGE  ${loop_iteration}
115      Log To Console  ${i}th iteration
116      ${invalid_password}=   Catenate  ${OPENBMC_PASSWORD}${i}
117      Run Keyword and Ignore Error
118      ...  Open Connection And Log In  ${OPENBMC_USERNAME}  ${invalid_password}
119
120      # Every 100th iteration Login with correct credentials
121      ${status}=   Run keyword If  ${i} % ${100} == ${0}  Run Keyword And Return Status
122      ...  Open Connection And Log In  ${OPENBMC_USERNAME}  ${OPENBMC_PASSWORD}
123      Run Keyword If  ${status} == ${False}  Append To List  ${ssh_status_list}  ${status}
124      SSHLibrary.Close Connection
125    END
126
127    ${valid_login_count}=  Evaluate  ${iterations}/100
128    ${fail_count}=  Get Length  ${ssh_status_list}
129    Should Be Equal  ${fail_count}  ${0}
130    ...  msg= Login Failed ${fail_count} times in ${valid_login_count} attempts.
131
132
133*** Keywords ***
134
135Login And Configure Hostname
136    [Documentation]  Login and configure hostname
137
138    [Teardown]  Redfish.Logout
139
140    Redfish.Login
141
142    Redfish.patch  ${REDFISH_NW_PROTOCOL_URI}  body={'HostName': '${hostname}'}
143    ...  valid_status_codes=[${HTTP_OK}, ${HTTP_NO_CONTENT}]
144
145
146Login And Create User
147    [Documentation]  Login and create user
148
149    [Teardown]  Redfish.Logout
150
151    Redfish.Login
152
153    ${user_info}=  Create Dictionary
154    ...  UserName=test_user  Password=TestPwd123  RoleId=Operator  Enabled=${True}
155    Redfish.Post  /redfish/v1/AccountService/Accounts/  body=&{user_info}
156    ...  valid_status_codes=[${HTTP_OK}]
157
158
159Set Account Lockout Threshold
160   [Documentation]  Set user account lockout threshold.
161
162   [Teardown]  Redfish.Logout
163
164   Redfish.Login
165   Redfish.Patch  /redfish/v1/AccountService  body=[('AccountLockoutThreshold', 0)]
166