xref: /openbmc/openbmc-test-automation/security/test_bmc_connections.robot (revision e4d77d2a828a28a346b1513ffc38c1c92cce0f47)
1*** Settings ***
2Documentation  Connections and authentication module stability tests.
3
4Resource  ../lib/bmc_redfish_resource.robot
5Resource  ../lib/bmc_network_utils.robot
6Resource  ../lib/openbmc_ffdc.robot
7Resource  ../lib/resource.robot
8Resource  ../lib/utils.robot
9Resource  ../lib/connection_client.robot
10Resource  ../gui/lib/gui_resource.robot
11Library   ../lib/bmc_network_utils.py
12
13Library   SSHLibrary
14Library   Collections
15Library   XvfbRobot
16Library   OperatingSystem
17Library   SeleniumLibrary  120  120
18Library   Telnet  30 Seconds
19Library   Screenshot
20
21
22Suite Setup   Redfish.Logout
23
24Variables  ../gui/data/gui_variables.py
25
26*** Variables ***
27
28${iterations}         10000
29${loop_iteration}     ${1000}
30${hostname}           testhostname
31${MAX_UNAUTH_PER_IP}  ${5}
32${bmc_url}            https://${OPENBMC_HOST}
33
34
35*** Test Cases ***
36
37Test Patch Without Auth Token Fails
38    [Documentation]  Send patch method without auth token and verify it throws an error.
39    [Tags]   Test_Patch_Without_Auth_Token_Fails
40
41    ${active_channel_config}=  Get Active Channel Config
42    ${ethernet_interface}=  Set Variable  ${active_channel_config['${CHANNEL_NUMBER}']['name']}
43
44    Redfish.Patch  ${REDFISH_NW_ETH_IFACE}${ethernet_interface}  body={'HostName': '${hostname}'}
45    ...  valid_status_codes=[${HTTP_UNAUTHORIZED}, ${HTTP_FORBIDDEN}]
46
47
48Flood Patch Without Auth Token And Check Stability Of BMC
49    [Documentation]  Flood patch method without auth token and check BMC stability.
50    [Tags]  Flood_Patch_Without_Auth_Token_And_Check_Stability_Of_BMC
51
52    @{fail_list}=  Create List
53
54    ${active_channel_config}=  Get Active Channel Config
55    ${ethernet_interface}=  Set Variable  ${active_channel_config['${CHANNEL_NUMBER}']['name']}
56
57    FOR  ${iter}  IN RANGE  ${1}  ${iterations} + 1
58        Log To Console  ${iter}th iteration Patch Request without valid session token
59        # Expected valid fail status response code.
60        Redfish.Patch  ${REDFISH_NW_ETH_IFACE}${ethernet_interface}  body={'HostName': '${hostname}'}
61        ...  valid_status_codes=[${HTTP_UNAUTHORIZED}, ${HTTP_FORBIDDEN}]
62
63        # Every 100th iteration, check BMC allows patch with auth token.
64        ${status}=  Run Keyword If  ${iter} % 100 == 0  Run Keyword And Return Status
65        ...  Login And Configure Hostname  ${REDFISH_NW_ETH_IFACE}${ethernet_interface}
66        Run Keyword If  ${status} == False  Append To List  ${fail_list}  ${iter}
67    END
68    ${verify_count}=  Evaluate  ${iterations}/100
69    ${fail_count}=  Get Length  ${fail_list}
70
71    Should Be Equal As Integers  ${fail_count}  ${0}
72    ...  msg=Patch operation failed ${fail_count} times in ${verify_count} attempts; fails at iterations ${fail_list}
73
74
75Verify User Cannot Login After 5 Non-Logged In Sessions
76    [Documentation]  User should not be able to login when there
77    ...  are 5 non-logged in sessions.
78    [Tags]  Verify_User_Cannot_Login_After_5_Non-Logged_In_Sessions
79
80    FOR  ${iter}  IN RANGE  ${0}  ${MAX_UNAUTH_PER_IP}
81       SSHLibrary.Open Connection  ${OPENBMC_HOST}
82       Start Process  ssh ${OPENBMC_USERNAME}@${OPENBMC_HOST}  shell=True
83    END
84
85    SSHLibrary.Open Connection  ${OPENBMC_HOST}
86    ${status}=   Run Keyword And Return Status  SSHLibrary.Login  ${OPENBMC_USERNAME}  ${OPENBMC_PASSWORD}
87
88    Should Be Equal  ${status}  ${False}
89
90
91Test Post Without Auth Token Fails
92    [Documentation]  Send post method without auth token and verify it throws an error.
93    [Tags]   Test_Post_Without_Auth_Token_Fails
94
95    ${user_info}=  Create Dictionary
96    ...  UserName=test_user  Password=TestPwd123  RoleId=Operator  Enabled=${True}
97    Redfish.Post  /redfish/v1/AccountService/Accounts/  body=&{user_info}
98    ...  valid_status_codes=[${HTTP_UNAUTHORIZED}, ${HTTP_FORBIDDEN}]
99
100
101Flood Post Without Auth Token And Check Stability Of BMC
102    [Documentation]  Flood post method without auth token and check BMC stability.
103    [Tags]  Flood_Post_Without_Auth_Token_And_Check_Stability_Of_BMC
104
105    @{fail_list}=  Create List
106
107    ${user_info}=  Create Dictionary
108    ...  UserName=test_user  Password=TestPwd123  RoleId=Operator  Enabled=${True}
109
110    FOR  ${iter}  IN RANGE  ${1}  ${iterations} + 1
111        Log To Console  ${iter}th iteration Post Request without valid session token
112        # Expected valid fail status response code.
113        Redfish.Post   /redfish/v1/AccountService/Accounts/  body=&{user_info}
114        ...  valid_status_codes=[${HTTP_UNAUTHORIZED}, ${HTTP_FORBIDDEN}]
115
116        # Every 100th iteration, check BMC allows post with auth token.
117        ${status}=  Run Keyword If  ${iter} % 100 == 0  Run Keyword And Return Status
118        ...  Login And Create User
119        Run Keyword If  ${status} == False  Append To List  ${fail_list}  ${iter}
120    END
121    ${verify_count}=  Evaluate  ${iterations}/100
122    ${fail_count}=  Get Length  ${fail_list}
123
124    Should Be Equal As Integers  ${fail_count}  ${0}
125    ...  msg=Post operation failed ${fail_count} times in ${verify_count} attempts; fails at iterations ${fail_list}
126
127
128Make Large Number Of Wrong SSH Login Attempts And Check Stability
129    [Documentation]  Check BMC stability with large number of SSH wrong login requests.
130    [Tags]  Make_Large_Number_Of_Wrong_SSH_Login_Attempts_And_Check_Stability
131    [Setup]  Set Account Lockout Threshold
132    [Teardown]  FFDC On Test Case Fail
133
134    SSHLibrary.Open Connection  ${OPENBMC_HOST}
135    @{ssh_status_list}=  Create List
136    FOR  ${iter}  IN RANGE  ${1}  ${loop_iterations} + 1
137      Log To Console  ${iter}th iteration
138      ${invalid_password}=   Catenate  ${OPENBMC_PASSWORD}${iter}
139      Run Keyword and Ignore Error
140      ...  Open Connection And Log In  ${OPENBMC_USERNAME}  ${invalid_password}
141
142      # Every 100th iteration Login with correct credentials
143      ${status}=   Run keyword If  ${iter} % ${100} == ${0}  Run Keyword And Return Status
144      ...  Open Connection And Log In  ${OPENBMC_USERNAME}  ${OPENBMC_PASSWORD}
145      Run Keyword If  ${status} == ${False}  Append To List  ${ssh_status_list}  ${status}
146      SSHLibrary.Close Connection
147    END
148
149    ${valid_login_count}=  Evaluate  ${iterations}/100
150    ${fail_count}=  Get Length  ${ssh_status_list}
151    Should Be Equal  ${fail_count}  ${0}
152    ...  msg= Login Failed ${fail_count} times in ${valid_login_count} attempts.
153
154
155Test Stability On Large Number Of Wrong Login Attempts To GUI
156    [Documentation]  Test stability on large number of wrong login attempts to GUI.
157    [Tags]   Test_Stability_On_Large_Number_Of_Wrong_Login_Attempts_To_GUI
158
159    @{status_list}=  Create List
160
161    # Open headless browser.
162    Start Virtual Display
163    ${browser_ID}=  Open Browser  ${bmc_url}  alias=browser1
164    Set Window Size  1920  1080
165
166    Go To  ${bmc_url}
167
168    FOR  ${iter}  IN RANGE  ${1}  ${iterations} + 1
169        Log To Console  ${iter}th login
170        Run Keyword And Ignore Error  Login to GUI With Incorrect Credentials
171
172        # Every 100th iteration, check BMC GUI is responsive.
173        ${status}=  Run Keyword If  ${iter} % 100 == 0  Run Keyword And Return Status
174        ...  Open Browser  ${bmc_url}
175        Append To List  ${status_list}  ${status}
176        Run Keyword If  '${status}' == 'True'
177        ...  Run Keywords  Close Browser  AND  Switch Browser  browser1
178    END
179
180    ${fail_count}=  Count Values In List  ${status_list}  False
181    Run Keyword If  ${fail_count} > ${0}  FAIL  Could not open BMC GUI ${fail_count} times
182
183Test BMC GUI Stability On Continuous Refresh Of GUI Home Page
184    [Documentation]  Login to BMC GUI and keep refreshing home page and verify stability
185        ...  by login at times in another browser.
186    [Tags]  Test_BMC_GUI_Stability_On_Continuous_Refresh_Of_GUI_Home_Page
187    [Teardown]  Close All Browsers
188
189    @{failed_list}=  Create List
190
191    # Open headless browser.
192    Start Virtual Display
193    ${browser_ID}=  Open Browser  ${bmc_url}  alias=browser1
194    Set Window Size  1920  1080
195    Login GUI
196
197    FOR  ${iter}  IN RANGE  ${iterations}
198        Log To Console  ${iter}th Refresh of home page
199
200        Refresh GUI
201        Continue For Loop If   ${iter}%100 != 0
202
203        # Every 100th iteration, check BMC GUI is responsive.
204        ${status}=  Run Keyword And Return Status
205        ...  Run Keywords  Launch Browser And Login GUI  AND  Logout GUI
206        Run Keyword If  '${status}' == 'False'  Append To List  ${failed_list}  ${iter}
207        ...  ELSE IF  '${status}' == 'True'
208        ...  Run Keywords  Close Browser  AND  Switch Browser  browser1
209    END
210    Log   ${failed_list}
211    ${fail_count}=  Get Length  ${failed_list}
212    Run Keyword If  ${fail_count} > ${0}  FAIL  Could not open BMC GUI ${fail_count} times
213
214Test BMCweb Stability On Continuous Redfish Login Attempts With Invalid Credentials
215    [Documentation]  Make invalid credentials Redfish login attempts continuously and
216    ...  verify bmcweb stability by login to Redfish with valid credentials.
217    [Tags]  Test_BMCweb_Stability_On_Continuous_Redfish_Login_Attempts_With_Invalid_Credentials
218
219    Invalid Credentials Redfish Login Attempts
220
221Test User Delete Operation Without Session Token And Expect Failure
222    [Documentation]  Try to delete an object without valid session token and verifies it throws
223    ...  an unauthorised error.
224    [Tags]  Test_User_Delete_Operation_Without_Session_Token_And_Expect_Failure
225    [Setup]  Redfish.Logout
226
227    Redfish.Delete  /redfish/v1/AccountService/Accounts/test_user
228    ...  valid_status_codes=[${HTTP_UNAUTHORIZED}]
229
230
231Test Bmcweb Stability On Continuous Redfish Delete Operation Request Without Session Token
232    [Documentation]  Send delete object request without valid session token continuously and
233    ...  verify bmcweb stability by sending delete request with valid session token.
234    [Tags]  Test_Bmcweb_Stability_On_Continuous_Redfish_Delete_Operation_Request_Without_Session_Token
235
236    @{failed_iter_list}=  Create List
237
238    FOR  ${iter}  IN RANGE  ${iterations}
239        Log To Console  ${iter}th Redfish Delete Object Request without valid session token
240
241        Run Keyword And Ignore Error
242        ...  Redfish.Delete  /redfish/v1/AccountService/Accounts/test_user
243        Continue For Loop If   ${iter}%100 != 0
244
245        # Every 100th iteration, check delete operation with valid session token.
246        ${status}=  Run Keyword And Return Status
247        ...  Login And Delete User
248        Run Keyword If  '${status}' == 'False'  Append To List  ${failed_iter_list}  ${iter}
249    END
250    Log  ${failed_iter_list}
251    ${fail_count}=  Get Length  ${failed_iter_list}
252    Run Keyword If  ${fail_count} > ${0}  FAIL  Could not do Redfish delete operation ${fail_count} times
253
254*** Keywords ***
255
256Login And Configure Hostname
257    [Documentation]  Login and configure hostname
258    [Arguments]  ${ethernet_interface_uri}
259    [Teardown]  Redfish.Logout
260
261    # Description of argument(s):
262    # ethernet_interface_uri   Network interface URI path.
263
264    Redfish.Login
265
266    Redfish.Patch  ${ethernet_interface_uri}  body={'HostName': '${hostname}'}
267    ...  valid_status_codes=[${HTTP_OK}, ${HTTP_NO_CONTENT}]
268
269
270Login And Create User
271    [Documentation]  Login and create user
272
273    [Teardown]  Run Keywords   Redfish.Delete  /redfish/v1/AccountService/Accounts/test_user
274    ...  AND  Redfish.Logout
275
276    Redfish.Login
277
278    ${user_info}=  Create Dictionary
279    ...  UserName=test_user  Password=TestPwd123  RoleId=Operator  Enabled=${True}
280    Redfish.Post  /redfish/v1/AccountService/Accounts/  body=&{user_info}
281    ...  valid_status_codes=[${HTTP_OK}, ${HTTP_CREATED}]
282
283Login And Delete User
284    [Documentation]  Login create and delete user
285
286    [Teardown]  Redfish.Logout
287
288    Redfish.Login
289
290    ${user_info}=  Create Dictionary
291    ...  UserName=test_user  Password=TestPwd123  RoleId=Operator  Enabled=${True}
292    Redfish.Post  /redfish/v1/AccountService/Accounts/  body=&{user_info}
293    ...  valid_status_codes=[${HTTP_OK}, ${HTTP_CREATED}]
294    Redfish.Delete  /redfish/v1/AccountService/Accounts/test_user
295
296Set Account Lockout Threshold
297   [Documentation]  Set user account lockout threshold.
298
299   [Teardown]  Redfish.Logout
300
301   Redfish.Login
302   Redfish.Patch  /redfish/v1/AccountService  body=[('AccountLockoutThreshold', 0)]
303
304
305Login to GUI With Incorrect Credentials
306    [Documentation]  Attempt to login to GUI as root, providing incorrect password argument.
307
308    Input Text  ${xpath_textbox_username}  root
309    Input Password  ${xpath_textbox_password}  incorrect_password
310    Click Button  ${xpath_login_button}
311
312Invalid Credentials Redfish Login Attempts
313    [Documentation]  Continuous invalid credentials login attempts to Redfish and
314    ...  login to Redfish with valid credentials at times and get failed login attempts.
315    [Arguments]  ${login_username}=${OPENBMC_USERNAME}  ${login_password}=${OPENBMC_PASSWORD}
316
317    # Description of argument(s):
318    # login_username   username for login user.
319    # login_password   password for login user.
320
321    @{failed_iter_list}=  Create List
322
323    FOR  ${iter}  IN RANGE  ${iterations}
324        Log To Console  ${iter}th Redfish login with invalid credentials
325        Run Keyword And Ignore Error  Redfish.Login   ${login_username}  incorrect_password
326        Continue For Loop If   ${iter}%100 != 0
327
328        # Every 100th iteration, check Redfish is responsive.
329        ${status}=  Run Keyword And Return Status
330        ...  Redfish.Login  ${login_username}   ${login_password}
331        Run Keyword If  '${status}' == 'False'  Append To List  ${failed_iter_list}  ${iter}
332        Redfish.Logout
333    END
334    Log  ${failed_iter_list}
335    ${fail_count}=  Get Length  ${failed_iter_list}
336    Run Keyword If  ${fail_count} > ${0}  FAIL  Could not Login to Redfish ${fail_count} times
337