xref: /openbmc/openbmc-test-automation/security/test_bmc_connections.robot (revision d8322b7deaf5ab323d506097d75603a2e2f520ee) 
1*** Settings ***
2Documentation  Connections and authentication module stability tests.
3
4Resource  ../lib/bmc_redfish_resource.robot
5Resource  ../lib/bmc_network_utils.robot
6Resource  ../lib/openbmc_ffdc.robot
7Resource  ../lib/resource.robot
8Resource  ../lib/utils.robot
9Resource  ../lib/connection_client.robot
10Resource  ../gui/lib/gui_resource.robot
11Library   ../lib/bmc_network_utils.py
12
13Library   SSHLibrary
14Library   Collections
15Library   XvfbRobot
16Library   OperatingSystem
17Library   SeleniumLibrary  120  120
18Library   Telnet  30 Seconds
19Library   Screenshot
20
21
22Suite Setup   Redfish.Logout
23
24Variables     ../gui/data/gui_variables.py
25
26Test Tags    BMC_Connections
27
28*** Variables ***
29
30${iterations}         10000
31${loop_iteration}     ${1000}
32${hostname}           testhostname
33${MAX_UNAUTH_PER_IP}  ${5}
34${bmc_url}            https://${OPENBMC_HOST}:${HTTPS_PORT}
35
36
37*** Test Cases ***
38
39Test Patch Without Auth Token Fails
40    [Documentation]  Send patch method without auth token and verify it throws an error.
41    [Tags]   Test_Patch_Without_Auth_Token_Fails
42
43    ${active_channel_config}=  Get Active Channel Config
44    ${ethernet_interface}=  Set Variable  ${active_channel_config['${CHANNEL_NUMBER}']['name']}
45
46    Redfish.Patch  ${REDFISH_NW_ETH_IFACE}${ethernet_interface}  body={'HostName': '${hostname}'}
47    ...  valid_status_codes=[${HTTP_UNAUTHORIZED}, ${HTTP_FORBIDDEN}]
48
49
50Flood Patch Without Auth Token And Check Stability Of BMC
51    [Documentation]  Flood patch method without auth token and check BMC stability.
52    [Tags]  Flood_Patch_Without_Auth_Token_And_Check_Stability_Of_BMC
53
54    @{fail_list}=  Create List
55
56    ${active_channel_config}=  Get Active Channel Config
57    ${ethernet_interface}=  Set Variable  ${active_channel_config['${CHANNEL_NUMBER}']['name']}
58
59    FOR  ${iter}  IN RANGE  ${1}  ${iterations} + 1
60        Log To Console  ${iter}th iteration Patch Request without valid session token
61        # Expected valid fail status response code.
62        Redfish.Patch  ${REDFISH_NW_ETH_IFACE}${ethernet_interface}  body={'HostName': '${hostname}'}
63        ...  valid_status_codes=[${HTTP_UNAUTHORIZED}, ${HTTP_FORBIDDEN}]
64
65        # Every 100th iteration, check BMC allows patch with auth token.
66        IF  ${iter} % 100 == 0
67            ${status}=  Run Keyword And Return Status
68            ...  Login And Configure Hostname  ${REDFISH_NW_ETH_IFACE}${ethernet_interface}
69            IF  ${status} == False  Append To List  ${fail_list}  ${iter}
70        END
71    END
72    ${verify_count}=  Evaluate  ${iterations}/100
73    ${fail_count}=  Get Length  ${fail_list}
74
75    Should Be Equal As Integers  ${fail_count}  ${0}
76    ...  msg=Patch operation failed ${fail_count} times in ${verify_count} attempts; fails at iterations ${fail_list}
77
78
79Verify User Cannot Login After 5 Non-Logged In Sessions
80    [Documentation]  User should not be able to login when there
81    ...  are 5 non-logged in sessions.
82    [Tags]  Verify_User_Cannot_Login_After_5_Non-Logged_In_Sessions
83    [Setup]  Confirm Ability to Connect Then Close All Connections
84    [Teardown]  Run Keywords  Process.Terminate All Processes  AND
85    ...  SSHLibrary.Close All Connections  AND  FFDC On Test Case Fail
86
87    FOR  ${iter}  IN RANGE  ${0}  ${MAX_UNAUTH_PER_IP}
88       SSHLibrary.Open Connection  ${OPENBMC_HOST}
89       Start Process  ssh ${OPENBMC_USERNAME}@${OPENBMC_HOST}  shell=True
90    END
91
92    SSHLibrary.Open Connection  ${OPENBMC_HOST}
93    ${status}=   Run Keyword And Return Status  SSHLibrary.Login  ${OPENBMC_USERNAME}  ${OPENBMC_PASSWORD}
94
95    Should Be Equal  ${status}  ${False}
96
97
98Test Post Without Auth Token Fails
99    [Documentation]  Send post method without auth token and verify it throws an error.
100    [Tags]   Test_Post_Without_Auth_Token_Fails
101
102    ${user_info}=  Create Dictionary
103    ...  UserName=test_user  Password=TestPwd123  RoleId=Operator  Enabled=${True}
104    Redfish.Post  /redfish/v1/AccountService/Accounts/  body=&{user_info}
105    ...  valid_status_codes=[${HTTP_UNAUTHORIZED}, ${HTTP_FORBIDDEN}]
106
107
108Flood Post Without Auth Token And Check Stability Of BMC
109    [Documentation]  Flood post method without auth token and check BMC stability.
110    [Tags]  Flood_Post_Without_Auth_Token_And_Check_Stability_Of_BMC
111
112    @{fail_list}=  Create List
113
114    ${user_info}=  Create Dictionary
115    ...  UserName=test_user  Password=TestPwd123  RoleId=Operator  Enabled=${True}
116
117    FOR  ${iter}  IN RANGE  ${1}  ${iterations} + 1
118        Log To Console  ${iter}th iteration Post Request without valid session token
119        # Expected valid fail status response code.
120        Redfish.Post   /redfish/v1/AccountService/Accounts/  body=&{user_info}
121        ...  valid_status_codes=[${HTTP_UNAUTHORIZED}, ${HTTP_FORBIDDEN}]
122
123        # Every 100th iteration, check BMC allows post with auth token.
124        IF  ${iter} % 100 == 0
125            ${status}=   Run Keyword And Return Status  Login And Create User
126            IF  ${status} == False  Append To List  ${fail_list}  ${iter}
127        END
128    END
129    ${verify_count}=  Evaluate  ${iterations}/100
130    ${fail_count}=  Get Length  ${fail_list}
131
132    Should Be Equal As Integers  ${fail_count}  ${0}
133    ...  msg=Post operation failed ${fail_count} times in ${verify_count} attempts; fails at iterations ${fail_list}
134
135
136Make Large Number Of Wrong SSH Login Attempts And Check Stability
137    [Documentation]  Check BMC stability with large number of SSH wrong login requests.
138    [Tags]  Make_Large_Number_Of_Wrong_SSH_Login_Attempts_And_Check_Stability
139    [Setup]  Set Account Lockout Threshold
140    [Teardown]  FFDC On Test Case Fail
141
142    SSHLibrary.Open Connection  ${OPENBMC_HOST}
143    @{ssh_status_list}=  Create List
144    FOR  ${iter}  IN RANGE  ${1}  ${loop_iteration} + 1
145      Log To Console  ${iter}th iteration
146      ${invalid_password}=   Catenate  ${OPENBMC_PASSWORD}${iter}
147      Run Keyword and Ignore Error
148      ...  Open Connection And Log In  ${OPENBMC_USERNAME}  ${invalid_password}
149
150      # Every 100th iteration Login with correct credentials
151      IF  ${iter} % ${100} == ${0}
152          ${status}=  Run Keyword And Return Status
153          ...  Open Connection And Log In  ${OPENBMC_USERNAME}  ${OPENBMC_PASSWORD}
154          IF  ${status} == ${False}  Append To List  ${ssh_status_list}  ${status}
155      END
156      SSHLibrary.Close Connection
157    END
158
159    ${valid_login_count}=  Evaluate  ${iterations}/100
160    ${fail_count}=  Get Length  ${ssh_status_list}
161    Should Be Equal  ${fail_count}  ${0}
162    ...  msg= Login Failed ${fail_count} times in ${valid_login_count} attempts.
163
164
165Test Stability On Large Number Of Wrong Login Attempts To GUI
166    [Documentation]  Test stability on large number of wrong login attempts to GUI.
167    [Tags]   Test_Stability_On_Large_Number_Of_Wrong_Login_Attempts_To_GUI
168
169    @{status_list}=  Create List
170
171    # Open headless browser.
172    Start Virtual Display
173    ${browser_ID}=  Open Browser  ${bmc_url}  alias=browser1
174    Set Window Size  1920  1080
175
176    Go To  ${bmc_url}
177
178    FOR  ${iter}  IN RANGE  ${1}  ${iterations} + 1
179        Log To Console  ${iter}th login
180        Run Keyword And Ignore Error  Login to GUI With Incorrect Credentials
181
182        # Every 100th iteration, check BMC GUI is responsive.
183        IF  ${iter} % 100 == 0
184            ${status}=  Run Keyword And Return Status  Open Browser  ${bmc_url}
185        END
186        Append To List  ${status_list}  ${status}
187        IF  '${status}' == 'True'
188            Run Keywords  Close Browser  AND  Switch Browser  browser1
189        END
190    END
191
192    ${fail_count}=  Count Values In List  ${status_list}  False
193    IF  ${fail_count} > ${0}  FAIL  Could not open BMC GUI ${fail_count} times
194
195
196Test BMC GUI Stability On Continuous Refresh Of GUI Home Page
197    [Documentation]  Login to BMC GUI and keep refreshing home page and verify stability
198        ...  by login at times in another browser.
199    [Tags]  Test_BMC_GUI_Stability_On_Continuous_Refresh_Of_GUI_Home_Page
200    [Teardown]  Close All Browsers
201
202    @{failed_list}=  Create List
203
204    # Open headless browser.
205    Start Virtual Display
206    ${browser_ID}=  Open Browser  ${bmc_url}  alias=browser1
207    Set Window Size  1920  1080
208    Login GUI
209
210    FOR  ${iter}  IN RANGE  ${iterations}
211        Log To Console  ${iter}th Refresh of home page
212
213        Refresh GUI
214        IF   ${iter}%100 != 0  CONTINUE
215
216        # Every 100th iteration, check BMC GUI is responsive.
217        ${status}=  Run Keyword And Return Status
218        ...  Run Keywords  Launch Browser And Login GUI  AND  Logout GUI
219        IF  '${status}' == 'False'
220            Append To List  ${failed_list}  ${iter}
221        ELSE
222            Run Keywords  Close Browser  AND  Switch Browser  browser1
223        END
224    END
225    Log   ${failed_list}
226    ${fail_count}=  Get Length  ${failed_list}
227    IF  ${fail_count} > ${0}  FAIL  Could not open BMC GUI ${fail_count} times
228
229
230Test BMCweb Stability On Continuous Redfish Login Attempts With Invalid Credentials
231    [Documentation]  Make invalid credentials Redfish login attempts continuously and
232    ...  verify bmcweb stability by login to Redfish with valid credentials.
233    [Tags]  Test_BMCweb_Stability_On_Continuous_Redfish_Login_Attempts_With_Invalid_Credentials
234
235    Invalid Credentials Redfish Login Attempts
236
237
238Test User Delete Operation Without Session Token And Expect Failure
239    [Documentation]  Try to delete an object without valid session token and verifies it throws
240    ...  an unauthorised error.
241    [Tags]  Test_User_Delete_Operation_Without_Session_Token_And_Expect_Failure
242    [Setup]  Redfish.Logout
243
244    Redfish.Delete  /redfish/v1/AccountService/Accounts/test_user
245    ...  valid_status_codes=[${HTTP_UNAUTHORIZED}]
246
247
248Test Bmcweb Stability On Continuous Redfish Delete Operation Request Without Session Token
249    [Documentation]  Send delete object request without valid session token continuously and
250    ...  verify bmcweb stability by sending delete request with valid session token.
251    [Tags]  Test_Bmcweb_Stability_On_Continuous_Redfish_Delete_Operation_Request_Without_Session_Token
252
253    @{failed_iter_list}=  Create List
254
255    FOR  ${iter}  IN RANGE  ${iterations}
256        Log To Console  ${iter}th Redfish Delete Object Request without valid session token
257
258        Run Keyword And Ignore Error
259        ...  Redfish.Delete  /redfish/v1/AccountService/Accounts/test_user
260        IF   ${iter}%100 != 0  CONTINUE
261
262        # Every 100th iteration, check delete operation with valid session token.
263        ${status}=  Run Keyword And Return Status
264        ...  Login And Delete User
265        IF  '${status}' == 'False'  Append To List  ${failed_iter_list}  ${iter}
266    END
267    Log  ${failed_iter_list}
268    ${fail_count}=  Get Length  ${failed_iter_list}
269    IF  ${fail_count} > ${0}  FAIL  Could not do Redfish delete operation ${fail_count} times
270
271
272Verify Flood Put Method Without Auth Token
273    [Documentation]  Flood put method without auth token and check BMC stability.
274    [Tags]  Verify_Flood_Put_Method_Without_Auth_Token
275    [Teardown]  Delete All BMC Partition File
276
277    @{status_list}=  Create List
278
279    FOR  ${iter}  IN RANGE  ${1}  ${iterations}
280
281        Log To Console  ${iter}th iteration
282        Run Keyword And Ignore Error
283        ...  Redfish.Put  ${LED_LAMP_TEST_ASSERTED_URI}attr/Asserted  body={"data":1}
284
285        # Every 100th iteration, check BMC allows put with auth token.
286        IF  ${iter} % 100 == 0
287            ${status}=  Run Keyword And Return Status  Login And Upload Partition File To BMC
288            IF  ${status} == ${False}  Append To List  ${status_list}  ${status}
289        END
290
291    END
292
293    # Note the count for every 100 iterations.
294    ${verify_count}=  Evaluate  ${iterations}/100
295    ${fail_count}=  Get Length  ${status_list}
296
297    Should Be Equal  ${fail_count}  ${0}
298    ...  msg=Put operation failed ${fail_count} times in ${verify_count} attempts.
299
300
301*** Keywords ***
302
303Login And Configure Hostname
304    [Documentation]  Login and configure hostname
305    [Arguments]  ${ethernet_interface_uri}
306    [Teardown]  Redfish.Logout
307
308    # Description of argument(s):
309    # ethernet_interface_uri   Network interface URI path.
310
311    Redfish.Login
312
313    Redfish.Patch  ${ethernet_interface_uri}  body={'HostName': '${hostname}'}
314    ...  valid_status_codes=[${HTTP_OK}, ${HTTP_NO_CONTENT}]
315
316
317Login And Create User
318    [Documentation]  Login and create user
319    [Teardown]  Run Keywords   Redfish.Delete  /redfish/v1/AccountService/Accounts/test_user
320    ...  AND  Redfish.Logout
321
322    Redfish.Login
323
324    ${user_info}=  Create Dictionary
325    ...  UserName=test_user  Password=TestPwd123  RoleId=ReadOnly  Enabled=${True}
326    Redfish.Post  /redfish/v1/AccountService/Accounts/  body=&{user_info}
327    ...  valid_status_codes=[${HTTP_OK}, ${HTTP_CREATED}]
328
329
330Login And Delete User
331    [Documentation]  Login create and delete user
332    [Teardown]  Redfish.Logout
333
334    Redfish.Login
335
336    ${user_info}=  Create Dictionary
337    ...  UserName=test_user  Password=TestPwd123  RoleId=ReadOnly  Enabled=${True}
338    Redfish.Post  /redfish/v1/AccountService/Accounts/  body=&{user_info}
339    ...  valid_status_codes=[${HTTP_OK}, ${HTTP_CREATED}]
340    Redfish.Delete  /redfish/v1/AccountService/Accounts/test_user
341
342
343Set Account Lockout Threshold
344   [Documentation]  Set user account lockout threshold.
345   [Teardown]  Redfish.Logout
346
347   Redfish.Login
348   Redfish.Patch  /redfish/v1/AccountService  body=[('AccountLockoutThreshold', 0)]
349
350
351Login to GUI With Incorrect Credentials
352    [Documentation]  Attempt to login to GUI as root, providing incorrect password argument.
353
354    Input Text  ${xpath_login_username_input}  root
355    Input Password  ${xpath_login_password_input}  incorrect_password
356    Click Button  ${xpath_login_button}
357
358
359Invalid Credentials Redfish Login Attempts
360    [Documentation]  Continuous invalid credentials login attempts to Redfish and
361    ...  login to Redfish with valid credentials at times and get failed login attempts.
362    [Arguments]  ${login_username}=${OPENBMC_USERNAME}  ${login_password}=${OPENBMC_PASSWORD}
363
364    # Description of argument(s):
365    # login_username   username for login user.
366    # login_password   password for login user.
367
368    @{failed_iter_list}=  Create List
369
370    FOR  ${iter}  IN RANGE  ${iterations}
371        Log To Console  ${iter}th Redfish login with invalid credentials
372        Run Keyword And Ignore Error  Redfish.Login   ${login_username}  incorrect_password
373        IF   ${iter}%100 != 0  CONTINUE
374
375        # Every 100th iteration, check Redfish is responsive.
376        ${status}=  Run Keyword And Return Status
377        ...  Redfish.Login  ${login_username}   ${login_password}
378        IF  '${status}' == 'False'  Append To List  ${failed_iter_list}  ${iter}
379        Redfish.Logout
380    END
381    Log  ${failed_iter_list}
382    ${fail_count}=  Get Length  ${failed_iter_list}
383    IF  ${fail_count} > ${0}  FAIL  Could not Login to Redfish ${fail_count} times
384
385
386Confirm Ability to Connect Then Close All Connections
387    [Documentation]  Confirm that SSH login works, otherwise, skip this test.
388    ...  If login succeeds, close all SSH connections to BMC to prepare for test.
389
390    SSHLibrary.Close All Connections
391    SSHLibrary.Open Connection  ${OPENBMC_HOST}
392    ${status}=   Run Keyword And Return Status
393    ...  SSHLibrary.Login  ${OPENBMC_USERNAME}  ${OPENBMC_PASSWORD}
394    Skip If  ${status} == ${False}  msg= SSH Login failed: test will be skipped
395    SSHLibrary.Close All Connections
396
397
398Login And Upload Partition File To BMC
399    [Documentation]  Upload partition file to BMC.
400
401    Create Partition File
402    Initialize OpenBMC
403
404    # Get the content of the file and upload to BMC.
405    ${image_data}=  OperatingSystem.Get Binary File  100-file
406    ${headers}=  Create Dictionary  X-Auth-Token=${XAUTH_TOKEN}  Content-Type=application/octet-stream
407
408    ${kwargs}=  Create Dictionary  data=${image_data}
409    Set To Dictionary  ${kwargs}  headers  ${headers}
410    ${resp}=  PUT On Session  openbmc  ${OEM_HOST_CONFIG_URI}/100-file  &{kwargs}  timeout=10
411    Should Be Equal As Strings  ${resp.status_code}  ${HTTP_OK}
412    Delete Local Partition File
413
414
415Delete Local Partition File
416    [Documentation]  Delete local partition file.
417
418    ${file_exist}=  Run Keyword And Return Status  OperatingSystem.File Should Exist  100-file
419    IF  'True' == '${file_exist}'  Remove File  100-file
420
421
422Create Partition File
423    [Documentation]  Create Partition file.
424
425    Delete Local Partition File
426
427    @{words}=  Split String  100-file  -
428    Run  dd if=/dev/zero of=100-file bs=${words}[-0] count=1
429    OperatingSystem.File Should Exist  100-file
430
431
432Delete All BMC Partition File
433    [Documentation]  Delete multiple partition file on BMC via Redfish.
434
435    Initialize OpenBMC
436    ${data}=  Create Dictionary
437    ${headers}=  Create Dictionary  X-Auth-Token=${XAUTH_TOKEN}
438    Set To Dictionary  ${data}  headers  ${headers}
439
440    ${resp}=  POST On Session  openbmc  ${OEM_HOST_CONFIG_ACTIONS_URI}.DeleteAll  &{data}
441    Should Be Equal As Strings  ${resp.status_code}   ${HTTP_OK}
442
443    Delete All Sessions
444