xref: /openbmc/openbmc-test-automation/security/test_bmc_connections.robot (revision 42c84ea5d0dd320e1a1d57bcba34fcb788c7788c)
1*** Settings ***
2Documentation  Connections and authentication module stability tests.
3
4Resource  ../lib/bmc_redfish_resource.robot
5Resource  ../lib/bmc_network_utils.robot
6Resource  ../lib/openbmc_ffdc.robot
7Resource  ../lib/resource.robot
8Resource  ../lib/utils.robot
9Resource  ../lib/connection_client.robot
10Resource  ../gui/lib/gui_resource.robot
11Library   ../lib/bmc_network_utils.py
12
13Library   SSHLibrary
14Library   Collections
15Library   XvfbRobot
16Library   OperatingSystem
17Library   SeleniumLibrary  120  120
18Library   Telnet  30 Seconds
19Library   Screenshot
20
21
22Suite Setup   Redfish.Logout
23
24Variables  ../gui/data/gui_variables.py
25
26*** Variables ***
27
28${iterations}         10000
29${loop_iteration}     ${1000}
30${hostname}           testhostname
31${MAX_UNAUTH_PER_IP}  ${5}
32${bmc_url}            https://${OPENBMC_HOST}
33
34
35*** Test Cases ***
36
37Test Patch Without Auth Token Fails
38    [Documentation]  Send patch method without auth token and verify it throws an error.
39    [Tags]   Test_Patch_Without_Auth_Token_Fails
40
41    ${active_channel_config}=  Get Active Channel Config
42    ${ethernet_interface}=  Set Variable  ${active_channel_config['${CHANNEL_NUMBER}']['name']}
43
44    Redfish.Patch  ${REDFISH_NW_ETH_IFACE}${ethernet_interface}  body={'HostName': '${hostname}'}
45    ...  valid_status_codes=[${HTTP_UNAUTHORIZED}, ${HTTP_FORBIDDEN}]
46
47
48Flood Patch Without Auth Token And Check Stability Of BMC
49    [Documentation]  Flood patch method without auth token and check BMC stability.
50    [Tags]  Flood_Patch_Without_Auth_Token_And_Check_Stability_Of_BMC
51
52    @{fail_list}=  Create List
53
54    ${active_channel_config}=  Get Active Channel Config
55    ${ethernet_interface}=  Set Variable  ${active_channel_config['${CHANNEL_NUMBER}']['name']}
56
57    FOR  ${iter}  IN RANGE  ${1}  ${iterations} + 1
58        Log To Console  ${iter}th iteration Patch Request without valid session token
59        # Expected valid fail status response code.
60        Redfish.Patch  ${REDFISH_NW_ETH_IFACE}${ethernet_interface}  body={'HostName': '${hostname}'}
61        ...  valid_status_codes=[${HTTP_UNAUTHORIZED}, ${HTTP_FORBIDDEN}]
62
63        # Every 100th iteration, check BMC allows patch with auth token.
64        ${status}=  Run Keyword If  ${iter} % 100 == 0  Run Keyword And Return Status
65        ...  Login And Configure Hostname  ${REDFISH_NW_ETH_IFACE}${ethernet_interface}
66        Run Keyword If  ${status} == False  Append To List  ${fail_list}  ${iter}
67    END
68    ${verify_count}=  Evaluate  ${iterations}/100
69    ${fail_count}=  Get Length  ${fail_list}
70
71    Should Be Equal As Integers  ${fail_count}  ${0}
72    ...  msg=Patch operation failed ${fail_count} times in ${verify_count} attempts; fails at iterations ${fail_list}
73
74
75Verify User Cannot Login After 5 Non-Logged In Sessions
76    [Documentation]  User should not be able to login when there
77    ...  are 5 non-logged in sessions.
78    [Tags]  Verify_User_Cannot_Login_After_5_Non-Logged_In_Sessions
79    [Setup]  Confirm Ability to Connect Then Close All Connections
80    [Teardown]  Run Keywords  Process.Terminate All Processes  AND
81    ...  SSHLibrary.Close All Connections  AND  FFDC On Test Case Fail
82
83    FOR  ${iter}  IN RANGE  ${0}  ${MAX_UNAUTH_PER_IP}
84       SSHLibrary.Open Connection  ${OPENBMC_HOST}
85       Start Process  ssh ${OPENBMC_USERNAME}@${OPENBMC_HOST}  shell=True
86    END
87
88    SSHLibrary.Open Connection  ${OPENBMC_HOST}
89    ${status}=   Run Keyword And Return Status  SSHLibrary.Login  ${OPENBMC_USERNAME}  ${OPENBMC_PASSWORD}
90
91    Should Be Equal  ${status}  ${False}
92
93
94Test Post Without Auth Token Fails
95    [Documentation]  Send post method without auth token and verify it throws an error.
96    [Tags]   Test_Post_Without_Auth_Token_Fails
97
98    ${user_info}=  Create Dictionary
99    ...  UserName=test_user  Password=TestPwd123  RoleId=Operator  Enabled=${True}
100    Redfish.Post  /redfish/v1/AccountService/Accounts/  body=&{user_info}
101    ...  valid_status_codes=[${HTTP_UNAUTHORIZED}, ${HTTP_FORBIDDEN}]
102
103
104Flood Post Without Auth Token And Check Stability Of BMC
105    [Documentation]  Flood post method without auth token and check BMC stability.
106    [Tags]  Flood_Post_Without_Auth_Token_And_Check_Stability_Of_BMC
107
108    @{fail_list}=  Create List
109
110    ${user_info}=  Create Dictionary
111    ...  UserName=test_user  Password=TestPwd123  RoleId=Operator  Enabled=${True}
112
113    FOR  ${iter}  IN RANGE  ${1}  ${iterations} + 1
114        Log To Console  ${iter}th iteration Post Request without valid session token
115        # Expected valid fail status response code.
116        Redfish.Post   /redfish/v1/AccountService/Accounts/  body=&{user_info}
117        ...  valid_status_codes=[${HTTP_UNAUTHORIZED}, ${HTTP_FORBIDDEN}]
118
119        # Every 100th iteration, check BMC allows post with auth token.
120        ${status}=  Run Keyword If  ${iter} % 100 == 0  Run Keyword And Return Status
121        ...  Login And Create User
122        Run Keyword If  ${status} == False  Append To List  ${fail_list}  ${iter}
123    END
124    ${verify_count}=  Evaluate  ${iterations}/100
125    ${fail_count}=  Get Length  ${fail_list}
126
127    Should Be Equal As Integers  ${fail_count}  ${0}
128    ...  msg=Post operation failed ${fail_count} times in ${verify_count} attempts; fails at iterations ${fail_list}
129
130
131Make Large Number Of Wrong SSH Login Attempts And Check Stability
132    [Documentation]  Check BMC stability with large number of SSH wrong login requests.
133    [Tags]  Make_Large_Number_Of_Wrong_SSH_Login_Attempts_And_Check_Stability
134    [Setup]  Set Account Lockout Threshold
135    [Teardown]  FFDC On Test Case Fail
136
137    SSHLibrary.Open Connection  ${OPENBMC_HOST}
138    @{ssh_status_list}=  Create List
139    FOR  ${iter}  IN RANGE  ${1}  ${loop_iteration} + 1
140      Log To Console  ${iter}th iteration
141      ${invalid_password}=   Catenate  ${OPENBMC_PASSWORD}${iter}
142      Run Keyword and Ignore Error
143      ...  Open Connection And Log In  ${OPENBMC_USERNAME}  ${invalid_password}
144
145      # Every 100th iteration Login with correct credentials
146      ${status}=   Run keyword If  ${iter} % ${100} == ${0}  Run Keyword And Return Status
147      ...  Open Connection And Log In  ${OPENBMC_USERNAME}  ${OPENBMC_PASSWORD}
148      Run Keyword If  ${status} == ${False}  Append To List  ${ssh_status_list}  ${status}
149      SSHLibrary.Close Connection
150    END
151
152    ${valid_login_count}=  Evaluate  ${iterations}/100
153    ${fail_count}=  Get Length  ${ssh_status_list}
154    Should Be Equal  ${fail_count}  ${0}
155    ...  msg= Login Failed ${fail_count} times in ${valid_login_count} attempts.
156
157
158Test Stability On Large Number Of Wrong Login Attempts To GUI
159    [Documentation]  Test stability on large number of wrong login attempts to GUI.
160    [Tags]   Test_Stability_On_Large_Number_Of_Wrong_Login_Attempts_To_GUI
161
162    @{status_list}=  Create List
163
164    # Open headless browser.
165    Start Virtual Display
166    ${browser_ID}=  Open Browser  ${bmc_url}  alias=browser1
167    Set Window Size  1920  1080
168
169    Go To  ${bmc_url}
170
171    FOR  ${iter}  IN RANGE  ${1}  ${iterations} + 1
172        Log To Console  ${iter}th login
173        Run Keyword And Ignore Error  Login to GUI With Incorrect Credentials
174
175        # Every 100th iteration, check BMC GUI is responsive.
176        ${status}=  Run Keyword If  ${iter} % 100 == 0  Run Keyword And Return Status
177        ...  Open Browser  ${bmc_url}
178        Append To List  ${status_list}  ${status}
179        Run Keyword If  '${status}' == 'True'
180        ...  Run Keywords  Close Browser  AND  Switch Browser  browser1
181    END
182
183    ${fail_count}=  Count Values In List  ${status_list}  False
184    Run Keyword If  ${fail_count} > ${0}  FAIL  Could not open BMC GUI ${fail_count} times
185
186
187Test BMC GUI Stability On Continuous Refresh Of GUI Home Page
188    [Documentation]  Login to BMC GUI and keep refreshing home page and verify stability
189        ...  by login at times in another browser.
190    [Tags]  Test_BMC_GUI_Stability_On_Continuous_Refresh_Of_GUI_Home_Page
191    [Teardown]  Close All Browsers
192
193    @{failed_list}=  Create List
194
195    # Open headless browser.
196    Start Virtual Display
197    ${browser_ID}=  Open Browser  ${bmc_url}  alias=browser1
198    Set Window Size  1920  1080
199    Login GUI
200
201    FOR  ${iter}  IN RANGE  ${iterations}
202        Log To Console  ${iter}th Refresh of home page
203
204        Refresh GUI
205        Continue For Loop If   ${iter}%100 != 0
206
207        # Every 100th iteration, check BMC GUI is responsive.
208        ${status}=  Run Keyword And Return Status
209        ...  Run Keywords  Launch Browser And Login GUI  AND  Logout GUI
210        Run Keyword If  '${status}' == 'False'  Append To List  ${failed_list}  ${iter}
211        ...  ELSE IF  '${status}' == 'True'
212        ...  Run Keywords  Close Browser  AND  Switch Browser  browser1
213    END
214    Log   ${failed_list}
215    ${fail_count}=  Get Length  ${failed_list}
216    Run Keyword If  ${fail_count} > ${0}  FAIL  Could not open BMC GUI ${fail_count} times
217
218
219Test BMCweb Stability On Continuous Redfish Login Attempts With Invalid Credentials
220    [Documentation]  Make invalid credentials Redfish login attempts continuously and
221    ...  verify bmcweb stability by login to Redfish with valid credentials.
222    [Tags]  Test_BMCweb_Stability_On_Continuous_Redfish_Login_Attempts_With_Invalid_Credentials
223
224    Invalid Credentials Redfish Login Attempts
225
226
227Test User Delete Operation Without Session Token And Expect Failure
228    [Documentation]  Try to delete an object without valid session token and verifies it throws
229    ...  an unauthorised error.
230    [Tags]  Test_User_Delete_Operation_Without_Session_Token_And_Expect_Failure
231    [Setup]  Redfish.Logout
232
233    Redfish.Delete  /redfish/v1/AccountService/Accounts/test_user
234    ...  valid_status_codes=[${HTTP_UNAUTHORIZED}]
235
236
237Test Bmcweb Stability On Continuous Redfish Delete Operation Request Without Session Token
238    [Documentation]  Send delete object request without valid session token continuously and
239    ...  verify bmcweb stability by sending delete request with valid session token.
240    [Tags]  Test_Bmcweb_Stability_On_Continuous_Redfish_Delete_Operation_Request_Without_Session_Token
241
242    @{failed_iter_list}=  Create List
243
244    FOR  ${iter}  IN RANGE  ${iterations}
245        Log To Console  ${iter}th Redfish Delete Object Request without valid session token
246
247        Run Keyword And Ignore Error
248        ...  Redfish.Delete  /redfish/v1/AccountService/Accounts/test_user
249        Continue For Loop If   ${iter}%100 != 0
250
251        # Every 100th iteration, check delete operation with valid session token.
252        ${status}=  Run Keyword And Return Status
253        ...  Login And Delete User
254        Run Keyword If  '${status}' == 'False'  Append To List  ${failed_iter_list}  ${iter}
255    END
256    Log  ${failed_iter_list}
257    ${fail_count}=  Get Length  ${failed_iter_list}
258    Run Keyword If  ${fail_count} > ${0}  FAIL  Could not do Redfish delete operation ${fail_count} times
259
260
261Verify Flood Put Method Without Auth Token
262    [Documentation]  Flood put method without auth token and check BMC stability.
263    [Tags]  Verify_Flood_Put_Method_Without_Auth_Token
264    [Teardown]  Delete All BMC Partition File
265
266    @{status_list}=  Create List
267
268    FOR  ${iter}  IN RANGE  ${1}  ${iterations}
269        Log To Console  ${iter}th iteration
270        Run Keyword And Ignore Error
271        ...  Redfish.Put  ${LED_LAMP_TEST_ASSERTED_URI}attr/Asserted  body={"data":1}
272        # Every 100th iteration, check BMC allows put with auth token.
273        ${status}=  Run Keyword If  ${iter} % 100 == 0
274        ...    Run Keyword And Return Status
275        ...    Login And Upload Partition File To BMC
276        Run Keyword If  ${status} == ${False}
277        ...  Append To List  ${status_list}  ${status}
278    END
279
280    # Note the count for every 100 iterations.
281    ${verify_count}=  Evaluate  ${iterations}/100
282    ${fail_count}=  Get Length  ${status_list}
283
284    Should Be Equal  ${fail_count}  ${0}
285    ...  msg=Put operation failed ${fail_count} times in ${verify_count} attempts.
286
287
288*** Keywords ***
289
290Login And Configure Hostname
291    [Documentation]  Login and configure hostname
292    [Arguments]  ${ethernet_interface_uri}
293    [Teardown]  Redfish.Logout
294
295    # Description of argument(s):
296    # ethernet_interface_uri   Network interface URI path.
297
298    Redfish.Login
299
300    Redfish.Patch  ${ethernet_interface_uri}  body={'HostName': '${hostname}'}
301    ...  valid_status_codes=[${HTTP_OK}, ${HTTP_NO_CONTENT}]
302
303
304Login And Create User
305    [Documentation]  Login and create user
306    [Teardown]  Run Keywords   Redfish.Delete  /redfish/v1/AccountService/Accounts/test_user
307    ...  AND  Redfish.Logout
308
309    Redfish.Login
310
311    ${user_info}=  Create Dictionary
312    ...  UserName=test_user  Password=TestPwd123  RoleId=ReadOnly  Enabled=${True}
313    Redfish.Post  /redfish/v1/AccountService/Accounts/  body=&{user_info}
314    ...  valid_status_codes=[${HTTP_OK}, ${HTTP_CREATED}]
315
316
317Login And Delete User
318    [Documentation]  Login create and delete user
319    [Teardown]  Redfish.Logout
320
321    Redfish.Login
322
323    ${user_info}=  Create Dictionary
324    ...  UserName=test_user  Password=TestPwd123  RoleId=ReadOnly  Enabled=${True}
325    Redfish.Post  /redfish/v1/AccountService/Accounts/  body=&{user_info}
326    ...  valid_status_codes=[${HTTP_OK}, ${HTTP_CREATED}]
327    Redfish.Delete  /redfish/v1/AccountService/Accounts/test_user
328
329
330Set Account Lockout Threshold
331   [Documentation]  Set user account lockout threshold.
332   [Teardown]  Redfish.Logout
333
334   Redfish.Login
335   Redfish.Patch  /redfish/v1/AccountService  body=[('AccountLockoutThreshold', 0)]
336
337
338Login to GUI With Incorrect Credentials
339    [Documentation]  Attempt to login to GUI as root, providing incorrect password argument.
340
341    Input Text  ${xpath_login_username_input}  root
342    Input Password  ${xpath_login_password_input}  incorrect_password
343    Click Button  ${xpath_login_button}
344
345
346Invalid Credentials Redfish Login Attempts
347    [Documentation]  Continuous invalid credentials login attempts to Redfish and
348    ...  login to Redfish with valid credentials at times and get failed login attempts.
349    [Arguments]  ${login_username}=${OPENBMC_USERNAME}  ${login_password}=${OPENBMC_PASSWORD}
350
351    # Description of argument(s):
352    # login_username   username for login user.
353    # login_password   password for login user.
354
355    @{failed_iter_list}=  Create List
356
357    FOR  ${iter}  IN RANGE  ${iterations}
358        Log To Console  ${iter}th Redfish login with invalid credentials
359        Run Keyword And Ignore Error  Redfish.Login   ${login_username}  incorrect_password
360        Continue For Loop If   ${iter}%100 != 0
361
362        # Every 100th iteration, check Redfish is responsive.
363        ${status}=  Run Keyword And Return Status
364        ...  Redfish.Login  ${login_username}   ${login_password}
365        Run Keyword If  '${status}' == 'False'  Append To List  ${failed_iter_list}  ${iter}
366        Redfish.Logout
367    END
368    Log  ${failed_iter_list}
369    ${fail_count}=  Get Length  ${failed_iter_list}
370    Run Keyword If  ${fail_count} > ${0}  FAIL  Could not Login to Redfish ${fail_count} times
371
372
373Confirm Ability to Connect Then Close All Connections
374    [Documentation]  Confirm that SSH login works, otherwise, skip this test.
375    ...  If login succeeds, close all SSH connections to BMC to prepare for test.
376
377    SSHLibrary.Close All Connections
378    SSHLibrary.Open Connection  ${OPENBMC_HOST}
379    ${status}=   Run Keyword And Return Status
380    ...  SSHLibrary.Login  ${OPENBMC_USERNAME}  ${OPENBMC_PASSWORD}
381    Skip If  ${status} == ${False}  msg= SSH Login failed: test will be skipped
382    SSHLibrary.Close All Connections
383
384
385Login And Upload Partition File To BMC
386    [Documentation]  Upload partition file to BMC.
387
388    Create Partition File
389    Initialize OpenBMC
390
391    # Get the content of the file and upload to BMC.
392    ${image_data}=  OperatingSystem.Get Binary File  100-file
393    ${headers}=  Create Dictionary  X-Auth-Token=${XAUTH_TOKEN}  Content-Type=application/octet-stream
394
395    ${kwargs}=  Create Dictionary  data=${image_data}
396    Set To Dictionary  ${kwargs}  headers  ${headers}
397    ${resp}=  PUT On Session  openbmc  ${OEM_HOST_CONFIG_URI}/100-file  &{kwargs}  timeout=10
398    Should Be Equal As Strings  ${resp.status_code}  ${HTTP_OK}
399    Delete Local Partition File
400
401
402Delete Local Partition File
403    [Documentation]  Delete local partition file.
404
405    ${file_exist}=  Run Keyword And Return Status  OperatingSystem.File Should Exist  100-file
406    Run Keyword If  'True' == '${file_exist}'  Remove File  100-file
407
408
409Create Partition File
410    [Documentation]  Create Partition file.
411
412    Delete Local Partition File
413
414    @{words}=  Split String  100-file  -
415    Run  dd if=/dev/zero of=100-file bs=${words}[-0] count=1
416    OperatingSystem.File Should Exist  100-file
417
418
419Delete All BMC Partition File
420    [Documentation]  Delete multiple partition file on BMC via Redfish.
421
422    Initialize OpenBMC
423    ${data}=  Create Dictionary
424    ${headers}=  Create Dictionary  X-Auth-Token=${XAUTH_TOKEN}
425    Set To Dictionary  ${data}  headers  ${headers}
426
427    ${resp}=  POST On Session  openbmc  ${OEM_HOST_CONFIG_ACTIONS_URI}.DeleteAll  &{data}
428    Should Be Equal As Strings  ${resp.status_code}   ${HTTP_OK}
429
430    Delete All Sessions
431