xref: /openbmc/openbmc-test-automation/security/test_bmc_connections.robot (revision 6fb70d98f2f1cb9273ba912deaa2cebe3c23ea86)
1*** Settings ***
2Documentation  Connections and authentication module stability tests.
3
4Resource  ../lib/bmc_redfish_resource.robot
5Resource  ../lib/bmc_network_utils.robot
6Resource  ../lib/openbmc_ffdc.robot
7Resource  ../lib/resource.robot
8Resource  ../lib/utils.robot
9Resource  ../lib/connection_client.robot
10Resource  ../gui/lib/gui_resource.robot
11Library   ../lib/bmc_network_utils.py
12
13Library   SSHLibrary
14Library   Collections
15Library   XvfbRobot
16Library   OperatingSystem
17Library   SeleniumLibrary  120  120
18Library   Telnet  30 Seconds
19Library   Screenshot
20
21
22Suite Setup   Redfish.Logout
23
24Variables     ../gui/data/gui_variables.py
25
26Test Tags    BMC_Connections
27
28*** Variables ***
29
30${iterations}         10000
31${loop_iteration}     ${1000}
32${hostname}           testhostname
33${MAX_UNAUTH_PER_IP}  ${5}
34${bmc_url}            https://${OPENBMC_HOST}:${HTTPS_PORT}
35
36
37*** Test Cases ***
38
39Test Patch Without Auth Token Fails
40    [Documentation]  Send patch method without auth token and verify it throws an error.
41    [Tags]   Test_Patch_Without_Auth_Token_Fails
42
43    ${active_channel_config}=  Get Active Channel Config
44    ${ethernet_interface}=  Set Variable  ${active_channel_config['${CHANNEL_NUMBER}']['name']}
45
46    Redfish.Patch  ${REDFISH_NW_ETH_IFACE}${ethernet_interface}  body={'HostName': '${hostname}'}
47    ...  valid_status_codes=[${HTTP_UNAUTHORIZED}, ${HTTP_FORBIDDEN}]
48
49
50Flood Patch Without Auth Token And Check Stability Of BMC
51    [Documentation]  Flood patch method without auth token and check BMC stability.
52    [Tags]  Flood_Patch_Without_Auth_Token_And_Check_Stability_Of_BMC
53
54    @{fail_list}=  Create List
55
56    ${active_channel_config}=  Get Active Channel Config
57    ${ethernet_interface}=  Set Variable  ${active_channel_config['${CHANNEL_NUMBER}']['name']}
58
59    FOR  ${iter}  IN RANGE  ${1}  ${iterations} + 1
60        Log To Console  ${iter}th iteration Patch Request without valid session token
61        # Expected valid fail status response code.
62        Redfish.Patch  ${REDFISH_NW_ETH_IFACE}${ethernet_interface}  body={'HostName': '${hostname}'}
63        ...  valid_status_codes=[${HTTP_UNAUTHORIZED}, ${HTTP_FORBIDDEN}]
64
65        # Every 100th iteration, check BMC allows patch with auth token.
66        ${status}=  Run Keyword If  ${iter} % 100 == 0  Run Keyword And Return Status
67        ...  Login And Configure Hostname  ${REDFISH_NW_ETH_IFACE}${ethernet_interface}
68        Run Keyword If  ${status} == False  Append To List  ${fail_list}  ${iter}
69    END
70    ${verify_count}=  Evaluate  ${iterations}/100
71    ${fail_count}=  Get Length  ${fail_list}
72
73    Should Be Equal As Integers  ${fail_count}  ${0}
74    ...  msg=Patch operation failed ${fail_count} times in ${verify_count} attempts; fails at iterations ${fail_list}
75
76
77Verify User Cannot Login After 5 Non-Logged In Sessions
78    [Documentation]  User should not be able to login when there
79    ...  are 5 non-logged in sessions.
80    [Tags]  Verify_User_Cannot_Login_After_5_Non-Logged_In_Sessions
81    [Setup]  Confirm Ability to Connect Then Close All Connections
82    [Teardown]  Run Keywords  Process.Terminate All Processes  AND
83    ...  SSHLibrary.Close All Connections  AND  FFDC On Test Case Fail
84
85    FOR  ${iter}  IN RANGE  ${0}  ${MAX_UNAUTH_PER_IP}
86       SSHLibrary.Open Connection  ${OPENBMC_HOST}
87       Start Process  ssh ${OPENBMC_USERNAME}@${OPENBMC_HOST}  shell=True
88    END
89
90    SSHLibrary.Open Connection  ${OPENBMC_HOST}
91    ${status}=   Run Keyword And Return Status  SSHLibrary.Login  ${OPENBMC_USERNAME}  ${OPENBMC_PASSWORD}
92
93    Should Be Equal  ${status}  ${False}
94
95
96Test Post Without Auth Token Fails
97    [Documentation]  Send post method without auth token and verify it throws an error.
98    [Tags]   Test_Post_Without_Auth_Token_Fails
99
100    ${user_info}=  Create Dictionary
101    ...  UserName=test_user  Password=TestPwd123  RoleId=Operator  Enabled=${True}
102    Redfish.Post  /redfish/v1/AccountService/Accounts/  body=&{user_info}
103    ...  valid_status_codes=[${HTTP_UNAUTHORIZED}, ${HTTP_FORBIDDEN}]
104
105
106Flood Post Without Auth Token And Check Stability Of BMC
107    [Documentation]  Flood post method without auth token and check BMC stability.
108    [Tags]  Flood_Post_Without_Auth_Token_And_Check_Stability_Of_BMC
109
110    @{fail_list}=  Create List
111
112    ${user_info}=  Create Dictionary
113    ...  UserName=test_user  Password=TestPwd123  RoleId=Operator  Enabled=${True}
114
115    FOR  ${iter}  IN RANGE  ${1}  ${iterations} + 1
116        Log To Console  ${iter}th iteration Post Request without valid session token
117        # Expected valid fail status response code.
118        Redfish.Post   /redfish/v1/AccountService/Accounts/  body=&{user_info}
119        ...  valid_status_codes=[${HTTP_UNAUTHORIZED}, ${HTTP_FORBIDDEN}]
120
121        # Every 100th iteration, check BMC allows post with auth token.
122        ${status}=  Run Keyword If  ${iter} % 100 == 0  Run Keyword And Return Status
123        ...  Login And Create User
124        Run Keyword If  ${status} == False  Append To List  ${fail_list}  ${iter}
125    END
126    ${verify_count}=  Evaluate  ${iterations}/100
127    ${fail_count}=  Get Length  ${fail_list}
128
129    Should Be Equal As Integers  ${fail_count}  ${0}
130    ...  msg=Post operation failed ${fail_count} times in ${verify_count} attempts; fails at iterations ${fail_list}
131
132
133Make Large Number Of Wrong SSH Login Attempts And Check Stability
134    [Documentation]  Check BMC stability with large number of SSH wrong login requests.
135    [Tags]  Make_Large_Number_Of_Wrong_SSH_Login_Attempts_And_Check_Stability
136    [Setup]  Set Account Lockout Threshold
137    [Teardown]  FFDC On Test Case Fail
138
139    SSHLibrary.Open Connection  ${OPENBMC_HOST}
140    @{ssh_status_list}=  Create List
141    FOR  ${iter}  IN RANGE  ${1}  ${loop_iteration} + 1
142      Log To Console  ${iter}th iteration
143      ${invalid_password}=   Catenate  ${OPENBMC_PASSWORD}${iter}
144      Run Keyword and Ignore Error
145      ...  Open Connection And Log In  ${OPENBMC_USERNAME}  ${invalid_password}
146
147      # Every 100th iteration Login with correct credentials
148      ${status}=   Run keyword If  ${iter} % ${100} == ${0}  Run Keyword And Return Status
149      ...  Open Connection And Log In  ${OPENBMC_USERNAME}  ${OPENBMC_PASSWORD}
150      Run Keyword If  ${status} == ${False}  Append To List  ${ssh_status_list}  ${status}
151      SSHLibrary.Close Connection
152    END
153
154    ${valid_login_count}=  Evaluate  ${iterations}/100
155    ${fail_count}=  Get Length  ${ssh_status_list}
156    Should Be Equal  ${fail_count}  ${0}
157    ...  msg= Login Failed ${fail_count} times in ${valid_login_count} attempts.
158
159
160Test Stability On Large Number Of Wrong Login Attempts To GUI
161    [Documentation]  Test stability on large number of wrong login attempts to GUI.
162    [Tags]   Test_Stability_On_Large_Number_Of_Wrong_Login_Attempts_To_GUI
163
164    @{status_list}=  Create List
165
166    # Open headless browser.
167    Start Virtual Display
168    ${browser_ID}=  Open Browser  ${bmc_url}  alias=browser1
169    Set Window Size  1920  1080
170
171    Go To  ${bmc_url}
172
173    FOR  ${iter}  IN RANGE  ${1}  ${iterations} + 1
174        Log To Console  ${iter}th login
175        Run Keyword And Ignore Error  Login to GUI With Incorrect Credentials
176
177        # Every 100th iteration, check BMC GUI is responsive.
178        ${status}=  Run Keyword If  ${iter} % 100 == 0  Run Keyword And Return Status
179        ...  Open Browser  ${bmc_url}
180        Append To List  ${status_list}  ${status}
181        Run Keyword If  '${status}' == 'True'
182        ...  Run Keywords  Close Browser  AND  Switch Browser  browser1
183    END
184
185    ${fail_count}=  Count Values In List  ${status_list}  False
186    Run Keyword If  ${fail_count} > ${0}  FAIL  Could not open BMC GUI ${fail_count} times
187
188
189Test BMC GUI Stability On Continuous Refresh Of GUI Home Page
190    [Documentation]  Login to BMC GUI and keep refreshing home page and verify stability
191        ...  by login at times in another browser.
192    [Tags]  Test_BMC_GUI_Stability_On_Continuous_Refresh_Of_GUI_Home_Page
193    [Teardown]  Close All Browsers
194
195    @{failed_list}=  Create List
196
197    # Open headless browser.
198    Start Virtual Display
199    ${browser_ID}=  Open Browser  ${bmc_url}  alias=browser1
200    Set Window Size  1920  1080
201    Login GUI
202
203    FOR  ${iter}  IN RANGE  ${iterations}
204        Log To Console  ${iter}th Refresh of home page
205
206        Refresh GUI
207        Continue For Loop If   ${iter}%100 != 0
208
209        # Every 100th iteration, check BMC GUI is responsive.
210        ${status}=  Run Keyword And Return Status
211        ...  Run Keywords  Launch Browser And Login GUI  AND  Logout GUI
212        Run Keyword If  '${status}' == 'False'  Append To List  ${failed_list}  ${iter}
213        ...  ELSE IF  '${status}' == 'True'
214        ...  Run Keywords  Close Browser  AND  Switch Browser  browser1
215    END
216    Log   ${failed_list}
217    ${fail_count}=  Get Length  ${failed_list}
218    Run Keyword If  ${fail_count} > ${0}  FAIL  Could not open BMC GUI ${fail_count} times
219
220
221Test BMCweb Stability On Continuous Redfish Login Attempts With Invalid Credentials
222    [Documentation]  Make invalid credentials Redfish login attempts continuously and
223    ...  verify bmcweb stability by login to Redfish with valid credentials.
224    [Tags]  Test_BMCweb_Stability_On_Continuous_Redfish_Login_Attempts_With_Invalid_Credentials
225
226    Invalid Credentials Redfish Login Attempts
227
228
229Test User Delete Operation Without Session Token And Expect Failure
230    [Documentation]  Try to delete an object without valid session token and verifies it throws
231    ...  an unauthorised error.
232    [Tags]  Test_User_Delete_Operation_Without_Session_Token_And_Expect_Failure
233    [Setup]  Redfish.Logout
234
235    Redfish.Delete  /redfish/v1/AccountService/Accounts/test_user
236    ...  valid_status_codes=[${HTTP_UNAUTHORIZED}]
237
238
239Test Bmcweb Stability On Continuous Redfish Delete Operation Request Without Session Token
240    [Documentation]  Send delete object request without valid session token continuously and
241    ...  verify bmcweb stability by sending delete request with valid session token.
242    [Tags]  Test_Bmcweb_Stability_On_Continuous_Redfish_Delete_Operation_Request_Without_Session_Token
243
244    @{failed_iter_list}=  Create List
245
246    FOR  ${iter}  IN RANGE  ${iterations}
247        Log To Console  ${iter}th Redfish Delete Object Request without valid session token
248
249        Run Keyword And Ignore Error
250        ...  Redfish.Delete  /redfish/v1/AccountService/Accounts/test_user
251        Continue For Loop If   ${iter}%100 != 0
252
253        # Every 100th iteration, check delete operation with valid session token.
254        ${status}=  Run Keyword And Return Status
255        ...  Login And Delete User
256        Run Keyword If  '${status}' == 'False'  Append To List  ${failed_iter_list}  ${iter}
257    END
258    Log  ${failed_iter_list}
259    ${fail_count}=  Get Length  ${failed_iter_list}
260    Run Keyword If  ${fail_count} > ${0}  FAIL  Could not do Redfish delete operation ${fail_count} times
261
262
263Verify Flood Put Method Without Auth Token
264    [Documentation]  Flood put method without auth token and check BMC stability.
265    [Tags]  Verify_Flood_Put_Method_Without_Auth_Token
266    [Teardown]  Delete All BMC Partition File
267
268    @{status_list}=  Create List
269
270    FOR  ${iter}  IN RANGE  ${1}  ${iterations}
271        Log To Console  ${iter}th iteration
272        Run Keyword And Ignore Error
273        ...  Redfish.Put  ${LED_LAMP_TEST_ASSERTED_URI}attr/Asserted  body={"data":1}
274        # Every 100th iteration, check BMC allows put with auth token.
275        ${status}=  Run Keyword If  ${iter} % 100 == 0
276        ...    Run Keyword And Return Status
277        ...    Login And Upload Partition File To BMC
278        Run Keyword If  ${status} == ${False}
279        ...  Append To List  ${status_list}  ${status}
280    END
281
282    # Note the count for every 100 iterations.
283    ${verify_count}=  Evaluate  ${iterations}/100
284    ${fail_count}=  Get Length  ${status_list}
285
286    Should Be Equal  ${fail_count}  ${0}
287    ...  msg=Put operation failed ${fail_count} times in ${verify_count} attempts.
288
289
290*** Keywords ***
291
292Login And Configure Hostname
293    [Documentation]  Login and configure hostname
294    [Arguments]  ${ethernet_interface_uri}
295    [Teardown]  Redfish.Logout
296
297    # Description of argument(s):
298    # ethernet_interface_uri   Network interface URI path.
299
300    Redfish.Login
301
302    Redfish.Patch  ${ethernet_interface_uri}  body={'HostName': '${hostname}'}
303    ...  valid_status_codes=[${HTTP_OK}, ${HTTP_NO_CONTENT}]
304
305
306Login And Create User
307    [Documentation]  Login and create user
308    [Teardown]  Run Keywords   Redfish.Delete  /redfish/v1/AccountService/Accounts/test_user
309    ...  AND  Redfish.Logout
310
311    Redfish.Login
312
313    ${user_info}=  Create Dictionary
314    ...  UserName=test_user  Password=TestPwd123  RoleId=ReadOnly  Enabled=${True}
315    Redfish.Post  /redfish/v1/AccountService/Accounts/  body=&{user_info}
316    ...  valid_status_codes=[${HTTP_OK}, ${HTTP_CREATED}]
317
318
319Login And Delete User
320    [Documentation]  Login create and delete user
321    [Teardown]  Redfish.Logout
322
323    Redfish.Login
324
325    ${user_info}=  Create Dictionary
326    ...  UserName=test_user  Password=TestPwd123  RoleId=ReadOnly  Enabled=${True}
327    Redfish.Post  /redfish/v1/AccountService/Accounts/  body=&{user_info}
328    ...  valid_status_codes=[${HTTP_OK}, ${HTTP_CREATED}]
329    Redfish.Delete  /redfish/v1/AccountService/Accounts/test_user
330
331
332Set Account Lockout Threshold
333   [Documentation]  Set user account lockout threshold.
334   [Teardown]  Redfish.Logout
335
336   Redfish.Login
337   Redfish.Patch  /redfish/v1/AccountService  body=[('AccountLockoutThreshold', 0)]
338
339
340Login to GUI With Incorrect Credentials
341    [Documentation]  Attempt to login to GUI as root, providing incorrect password argument.
342
343    Input Text  ${xpath_login_username_input}  root
344    Input Password  ${xpath_login_password_input}  incorrect_password
345    Click Button  ${xpath_login_button}
346
347
348Invalid Credentials Redfish Login Attempts
349    [Documentation]  Continuous invalid credentials login attempts to Redfish and
350    ...  login to Redfish with valid credentials at times and get failed login attempts.
351    [Arguments]  ${login_username}=${OPENBMC_USERNAME}  ${login_password}=${OPENBMC_PASSWORD}
352
353    # Description of argument(s):
354    # login_username   username for login user.
355    # login_password   password for login user.
356
357    @{failed_iter_list}=  Create List
358
359    FOR  ${iter}  IN RANGE  ${iterations}
360        Log To Console  ${iter}th Redfish login with invalid credentials
361        Run Keyword And Ignore Error  Redfish.Login   ${login_username}  incorrect_password
362        Continue For Loop If   ${iter}%100 != 0
363
364        # Every 100th iteration, check Redfish is responsive.
365        ${status}=  Run Keyword And Return Status
366        ...  Redfish.Login  ${login_username}   ${login_password}
367        Run Keyword If  '${status}' == 'False'  Append To List  ${failed_iter_list}  ${iter}
368        Redfish.Logout
369    END
370    Log  ${failed_iter_list}
371    ${fail_count}=  Get Length  ${failed_iter_list}
372    Run Keyword If  ${fail_count} > ${0}  FAIL  Could not Login to Redfish ${fail_count} times
373
374
375Confirm Ability to Connect Then Close All Connections
376    [Documentation]  Confirm that SSH login works, otherwise, skip this test.
377    ...  If login succeeds, close all SSH connections to BMC to prepare for test.
378
379    SSHLibrary.Close All Connections
380    SSHLibrary.Open Connection  ${OPENBMC_HOST}
381    ${status}=   Run Keyword And Return Status
382    ...  SSHLibrary.Login  ${OPENBMC_USERNAME}  ${OPENBMC_PASSWORD}
383    Skip If  ${status} == ${False}  msg= SSH Login failed: test will be skipped
384    SSHLibrary.Close All Connections
385
386
387Login And Upload Partition File To BMC
388    [Documentation]  Upload partition file to BMC.
389
390    Create Partition File
391    Initialize OpenBMC
392
393    # Get the content of the file and upload to BMC.
394    ${image_data}=  OperatingSystem.Get Binary File  100-file
395    ${headers}=  Create Dictionary  X-Auth-Token=${XAUTH_TOKEN}  Content-Type=application/octet-stream
396
397    ${kwargs}=  Create Dictionary  data=${image_data}
398    Set To Dictionary  ${kwargs}  headers  ${headers}
399    ${resp}=  PUT On Session  openbmc  ${OEM_HOST_CONFIG_URI}/100-file  &{kwargs}  timeout=10
400    Should Be Equal As Strings  ${resp.status_code}  ${HTTP_OK}
401    Delete Local Partition File
402
403
404Delete Local Partition File
405    [Documentation]  Delete local partition file.
406
407    ${file_exist}=  Run Keyword And Return Status  OperatingSystem.File Should Exist  100-file
408    Run Keyword If  'True' == '${file_exist}'  Remove File  100-file
409
410
411Create Partition File
412    [Documentation]  Create Partition file.
413
414    Delete Local Partition File
415
416    @{words}=  Split String  100-file  -
417    Run  dd if=/dev/zero of=100-file bs=${words}[-0] count=1
418    OperatingSystem.File Should Exist  100-file
419
420
421Delete All BMC Partition File
422    [Documentation]  Delete multiple partition file on BMC via Redfish.
423
424    Initialize OpenBMC
425    ${data}=  Create Dictionary
426    ${headers}=  Create Dictionary  X-Auth-Token=${XAUTH_TOKEN}
427    Set To Dictionary  ${data}  headers  ${headers}
428
429    ${resp}=  POST On Session  openbmc  ${OEM_HOST_CONFIG_ACTIONS_URI}.DeleteAll  &{data}
430    Should Be Equal As Strings  ${resp.status_code}   ${HTTP_OK}
431
432    Delete All Sessions
433