class TestProjects(unittest.TestCase):
@classmethod
def setUpClass(self):
self.project= Project()
self.user= User()
self.artifact = Artifact()
self.repo= Repository()
self.url = ADMIN_CLIENT["endpoint"]
self.user_push_chart_password = "******"
self.chart_file = "https://storage.googleapis.com/harbor-builds/helm-chart-test-files/harbor-0.2.0.tgz"
self.archive = "harbor/"
self.verion = "0.2.0"
self.repo_name = "harbor_api_test"
@classmethod
def tearDownClass(self):
print "Case completed"
@unittest.skipIf(TEARDOWN == False, "Test data won't be erased.")
def test_ClearData(self):
#1. Delete repository chart(CA) by user(UA);
self.repo.delete_repoitory(TestProjects.project_push_chart_name, self.repo_name, **TestProjects.USER_CLIENT)
#2. Delete project(PA);
self.project.delete_project(TestProjects.project_push_chart_id, **TestProjects.USER_CLIENT)
#3. Delete user(UA).
self.user.delete_user(TestProjects.user_id, **ADMIN_CLIENT)
def testPushChartByHelmChartCLI(self):
"""
Test case:
Push Chart File By Helm Chart CLI
Test step and expected result:
1. Create a new user(UA);
2. Create a new project(PA) by user(UA);
3. Push an chart(CA) to Harbor by helm3 registry/chart CLI successfully;
4. List artifacts successfully;
5. Get chart(CA) by reference successfully;
6. Get addtion successfully;
7. Delete chart by reference successfully.
Tear down:
1. Delete repository chart(CA) by user(UA);
2. Delete project(PA);
3. Delete user(UA).
"""
#1. Create a new user(UA);
TestProjects.user_id, user_name = self.user.create_user(user_password = self.user_push_chart_password, **ADMIN_CLIENT)
TestProjects.USER_CLIENT=dict(endpoint = self.url, username = user_name, password = self.user_push_chart_password)
#2. Create a new project(PA) by user(UA);
TestProjects.project_push_chart_id, TestProjects.project_push_chart_name = self.project.create_project(metadata = {"public": "false"}, **TestProjects.USER_CLIENT)
#3. Push an chart(CA) to Harbor by helm3 registry/chart CLI successfully;
chart_cli_ret = library.helm.helm_chart_push_to_harbor(self.chart_file, self.archive, harbor_server, TestProjects.project_push_chart_name, self.repo_name, self.verion, user_name, self.user_push_chart_password)
print "chart_cli_ret:", chart_cli_ret
#4. List artifacts successfully;
artifacts = self.artifact.list_artifacts(TestProjects.project_push_chart_name, self.repo_name, **TestProjects.USER_CLIENT)
self.assertEqual(artifacts[0].type, 'CHART')
self.assertEqual(artifacts[0].tags[0].name, self.verion)
#5. Get chart(CA) by reference successfully;
artifact = self.artifact.get_reference_info(TestProjects.project_push_chart_name, self.repo_name, self.verion, **TestProjects.USER_CLIENT)
self.assertEqual(artifact[0].type, 'CHART')
self.assertEqual(artifact[0].tags[0].name, self.verion)
#6. Get addtion successfully;
addition_r = self.artifact.get_addition(TestProjects.project_push_chart_name, self.repo_name, self.verion, "readme.md", **TestProjects.USER_CLIENT)
self.assertIn("Helm Chart for Harbor", addition_r[0])
addition_d = self.artifact.get_addition(TestProjects.project_push_chart_name, self.repo_name, self.verion, "dependencies", **TestProjects.USER_CLIENT)
self.assertIn("https://kubernetes-charts.storage.googleapis.com", addition_d[0])
addition_v = self.artifact.get_addition(TestProjects.project_push_chart_name, self.repo_name, self.verion, "values.yaml", **TestProjects.USER_CLIENT)
self.assertIn("adminserver", addition_v[0])
#7. Delete chart by reference successfully.
self.artifact.delete_artifact(TestProjects.project_push_chart_name, self.repo_name, self.verion, **TestProjects.USER_CLIENT)
class TestProjects(unittest.TestCase):
"""
Test case:
Tag Retention
Setup:
Create Project test-retention
Push image test1:1.0, test1:2.0, test1:3.0,latest, test2:1.0, test2:latest, test3:1.0, test4:1.0
Test Steps:
1. Create Retention Policy
2. Add rule "For the repositories matching **, retain always with tags matching latest*"
3. Add rule "For the repositories matching test3*, retain always with tags matching **"
4. Dry run, check execution and tasks
5. Real run, check images retained
Tear Down:
1. Delete project test-retention
"""
@suppress_urllib3_warning
def setUp(self):
self.user = User()
self.system = System()
self.repo = Repository()
self.project = Project()
self.retention = Retention()
self.artifact = Artifact()
self.repo_name_1 = "test1"
self.repo_name_2 = "test2"
@unittest.skipIf(TEARDOWN == False, "Test data won't be erased.")
def tearDown(self):
#TODO delete_repository will fail when no tags left anymore
resp = self.repo.list_repositories(TestProjects.project_src_repo_name,
**TestProjects.USER_RA_CLIENT)
for repo in resp:
self.repo.delete_repository(TestProjects.project_src_repo_name,
repo.name.split('/')[1],
**TestProjects.USER_RA_CLIENT)
self.project.delete_project(TestProjects.project_src_repo_id,
**TestProjects.USER_RA_CLIENT)
self.user.delete_user(TestProjects.user_ra_id, **ADMIN_CLIENT)
print("Case completed")
def testTagRetention(self):
user_ra_password = "******"
user_ra_id, user_ra_name = self.user.create_user(
user_password=user_ra_password, **ADMIN_CLIENT)
print("Created user: %s, id: %s" % (user_ra_name, user_ra_id))
TestProjects.USER_RA_CLIENT = dict(endpoint=ADMIN_CLIENT["endpoint"],
username=user_ra_name,
password=user_ra_password)
TestProjects.user_ra_id = int(user_ra_id)
TestProjects.project_src_repo_id, TestProjects.project_src_repo_name = self.project.create_project(
metadata={"public": "false"}, **TestProjects.USER_RA_CLIENT)
# Push image test1:1.0, test1:2.0, test1:3.0,latest, test2:1.0, test2:latest, test3:1.0
push_special_image_to_project(TestProjects.project_src_repo_name,
harbor_server, user_ra_name,
user_ra_password, self.repo_name_1,
['1.0'])
push_special_image_to_project(TestProjects.project_src_repo_name,
harbor_server, user_ra_name,
user_ra_password, self.repo_name_1,
['2.0'])
push_special_image_to_project(TestProjects.project_src_repo_name,
harbor_server, user_ra_name,
user_ra_password, self.repo_name_1,
['3.0', 'latest'])
push_special_image_to_project(TestProjects.project_src_repo_name,
harbor_server, user_ra_name,
user_ra_password, self.repo_name_2,
['1.0'])
push_special_image_to_project(TestProjects.project_src_repo_name,
harbor_server, user_ra_name,
user_ra_password, self.repo_name_2,
['latest'])
push_special_image_to_project(TestProjects.project_src_repo_name,
harbor_server, user_ra_name,
user_ra_password, "test3", ['1.0'])
push_special_image_to_project(TestProjects.project_src_repo_name,
harbor_server, user_ra_name,
user_ra_password, "test4", ['1.0'])
tag_data_artifact3_image1 = self.artifact.get_reference_info(
TestProjects.project_src_repo_name, self.repo_name_1, "3.0",
**TestProjects.USER_RA_CLIENT)
tag_data_artifact2_image2 = self.artifact.get_reference_info(
TestProjects.project_src_repo_name, self.repo_name_2, "latest",
**TestProjects.USER_RA_CLIENT)
tags = list_image_tags(
harbor_server,
TestProjects.project_src_repo_name + "/" + self.repo_name_1,
user_ra_name, user_ra_password)
#Delete all 2 tags of "artifact3" in repostory "image1";
self.artifact.delete_tag(TestProjects.project_src_repo_name,
self.repo_name_1, "3.0", "latest",
**TestProjects.USER_RA_CLIENT)
self.artifact.delete_tag(TestProjects.project_src_repo_name,
self.repo_name_1, "3.0", "3.0",
**TestProjects.USER_RA_CLIENT)
tags = list_image_tags(
harbor_server,
TestProjects.project_src_repo_name + "/" + self.repo_name_1,
user_ra_name, user_ra_password)
resp = self.repo.list_repositories(TestProjects.project_src_repo_name,
**TestProjects.USER_RA_CLIENT)
self.assertEqual(len(resp), 4)
# Create Retention Policy
retention_id = self.retention.create_retention_policy(
TestProjects.project_src_repo_id,
selector_repository="**",
selector_tag="latest*",
expect_status_code=201,
**TestProjects.USER_RA_CLIENT)
# Add rule
self.retention.update_retention_add_rule(retention_id,
selector_repository="test3*",
selector_tag="**",
expect_status_code=200,
**TestProjects.USER_RA_CLIENT)
# Dry run
self.retention.trigger_retention_policy(retention_id,
dry_run=True,
**TestProjects.USER_RA_CLIENT)
time.sleep(10)
resp = self.retention.get_retention_executions(
retention_id, **TestProjects.USER_RA_CLIENT)
self.assertTrue(len(resp) > 0)
execution = resp[0]
resp = self.retention.get_retention_exec_tasks(
retention_id, execution.id, **TestProjects.USER_RA_CLIENT)
self.assertEqual(len(resp), 4)
resp = self.retention.get_retention_exec_task_log(
retention_id, execution.id, resp[0].id,
**TestProjects.USER_RA_CLIENT)
#For Debug:
print("Task 0 log begin:-----------------------------")
i = 0
for line in resp.split("\n"):
print("Line" + str(i) + ": " + line)
i = i + 1
print("Task 0 log end:-----------------------------")
# Real run
self.retention.trigger_retention_policy(retention_id,
dry_run=False,
**TestProjects.USER_RA_CLIENT)
time.sleep(10)
resp = self.retention.get_retention_executions(
retention_id, **TestProjects.USER_RA_CLIENT)
self.assertTrue(len(resp) > 1)
execution = resp[0]
resp = self.retention.get_retention_exec_tasks(
retention_id, execution.id, **TestProjects.USER_RA_CLIENT)
self.assertEqual(len(resp), 4)
resp = self.retention.get_retention_exec_task_log(
retention_id, execution.id, resp[0].id,
**TestProjects.USER_RA_CLIENT)
print(resp)
#List artifacts successfully, and untagged artifact in test1 should be the only one retained;
artifacts_1 = self.artifact.list_artifacts(
TestProjects.project_src_repo_name, self.repo_name_1,
**TestProjects.USER_RA_CLIENT)
self.assertTrue(len(artifacts_1) == 1)
self.assertEqual(artifacts_1[0].digest,
tag_data_artifact3_image1.digest)
#List artifacts successfully, and artifact with latest tag in test2 should be the only one retained;
artifacts_2 = self.artifact.list_artifacts(
TestProjects.project_src_repo_name, self.repo_name_2,
**TestProjects.USER_RA_CLIENT)
self.assertTrue(len(artifacts_2) == 1)
self.assertEqual(artifacts_2[0].digest,
tag_data_artifact2_image2.digest)
class TestProjects(unittest.TestCase):
@classmethod
def setUp(self):
self.system = System()
self.project = Project()
self.user = User()
self.repo = Repository()
self.artifact = Artifact()
self.repo_name = "test_repo"
self.repo_name_untag = "test_untag"
self.tag = "v1.0"
@classmethod
def tearDown(self):
print("Case completed")
@unittest.skipIf(TEARDOWN == True, "Test data won't be erased.")
def test_ClearData(self):
#2. Delete project(PA);
self.project.delete_project(TestProjects.project_gc_id, **TestProjects.USER_GC_CLIENT)
#3. Delete user(UA);
self.user.delete_user(TestProjects.user_gc_id, **ADMIN_CLIENT)
def testGarbageCollection(self):
"""
Test case:
Garbage Collection
Test step and expected result:
1. Create a new user(UA);
2. Create project(PA) and project(PB) by user(UA);
3. Push a image in project(PA) and then delete repository by admin;
4. Get repository by user(UA), it should get nothing;
5. Tigger garbage collection operation;
6. Check garbage collection job was finished;
7. Get garbage collection log, check there is a number of files was deleted;
8. Push a image in project(PB) by admin and delete the only tag;
9. Tigger garbage collection operation;
10. Check garbage collection job was finished;
11. Repository with untag image should be still there;
12. But no any artifact in repository anymore.
Tear down:
1. Delete project(PA);
2. Delete user(UA).
"""
url = ADMIN_CLIENT["endpoint"]
admin_name = ADMIN_CLIENT["username"]
admin_password = ADMIN_CLIENT["password"]
user_gc_password = "******"
#1. Create a new user(UA);
TestProjects.user_gc_id, user_gc_name = self.user.create_user(user_password = user_gc_password, **ADMIN_CLIENT)
TestProjects.USER_GC_CLIENT=dict(endpoint = url, username = user_gc_name, password = user_gc_password)
#2. Create project(PA) and project(PB) by user(UA);
TestProjects.project_gc_id, TestProjects.project_gc_name = self.project.create_project(metadata = {"public": "false"}, **TestProjects.USER_GC_CLIENT)
TestProjects.project_gc_untag_id, TestProjects.project_gc_untag_name = self.project.create_project(metadata = {"public": "false"}, **TestProjects.USER_GC_CLIENT)
#3. Push a image in project(PA) and then delete repository by admin;
push_special_image_to_project(TestProjects.project_gc_name, harbor_server, admin_name, admin_password, self.repo_name, ["latest", "v1.2.3"])
self.repo.delete_repoitory(TestProjects.project_gc_name, self.repo_name, **TestProjects.USER_GC_CLIENT)
#4. Get repository by user(UA), it should get nothing;
repo_data = self.repo.list_repositories(TestProjects.project_gc_name, **TestProjects.USER_GC_CLIENT)
_assert_status_code(len(repo_data), 0)
#8. Push a image in project(PB) by admin and delete the only tag;
push_special_image_to_project(TestProjects.project_gc_untag_name, harbor_server, admin_name, admin_password, self.repo_name_untag, [self.tag])
self.artifact.delete_tag(TestProjects.project_gc_untag_name, self.repo_name_untag, self.tag, self.tag, **ADMIN_CLIENT)
#5. Tigger garbage collection operation;
gc_id = self.system.gc_now(**ADMIN_CLIENT)
#6. Check garbage collection job was finished;
self.system.validate_gc_job_status(gc_id, "finished", **ADMIN_CLIENT)
#7. Get garbage collection log, check there is a number of files was deleted;
self.system.validate_deletion_success(gc_id, **ADMIN_CLIENT)
artifacts = self.artifact.list_artifacts(TestProjects.project_gc_untag_name, self.repo_name_untag, **TestProjects.USER_GC_CLIENT)
_assert_status_code(len(artifacts), 1)
time.sleep(5)
#9. Tigger garbage collection operation;
gc_id = self.system.gc_now(is_delete_untagged=True, **ADMIN_CLIENT)
#10. Check garbage collection job was finished;
self.system.validate_gc_job_status(gc_id, "finished", **ADMIN_CLIENT)
#7. Get garbage collection log, check there is a number of files was deleted;
self.system.validate_deletion_success(gc_id, **ADMIN_CLIENT)
#11. Repository with untag image should be still there;
repo_data_untag = self.repo.list_repositories(TestProjects.project_gc_untag_name, **TestProjects.USER_GC_CLIENT)
_assert_status_code(len(repo_data_untag), 1)
self.assertEqual(TestProjects.project_gc_untag_name + "/" + self.repo_name_untag , repo_data_untag[0].name)
#12. But no any artifact in repository anymore.
artifacts = self.artifact.list_artifacts(TestProjects.project_gc_untag_name, self.repo_name_untag, **TestProjects.USER_GC_CLIENT)
self.assertEqual(artifacts,[])
class TestAssignRoleToLdapGroup(unittest.TestCase):
@classmethod
def setUp(self):
self.conf = Configurations()
self.project = Project()
self.artifact = Artifact()
self.repo = Repository()
self.scan = Scan()
@classmethod
def tearDown(self):
print("Case completed")
def TestAssignRoleToLdapGroup(self):
"""
Test case:
Assign Role To Ldap Group
Test step and expected result:
1. Set LDAP Auth configurations;
2. Create a new public project(PA) by Admin;
3. Add 3 member groups to project(PA);
4. Push image by each member role;
5. Verfify that admin_user and dev_user can push image, guest_user can not push image;
6. Verfify that admin_user, dev_user and guest_user can view logs, test user can not view logs.
7. Delete repository(RA) by user(UA);
8. Delete project(PA);
"""
url = ADMIN_CLIENT["endpoint"]
USER_ADMIN = dict(endpoint=url,
username="******",
password="******",
repo="hello-world")
USER_DEV = dict(endpoint=url,
username="******",
password="******",
repo="alpine")
USER_GUEST = dict(endpoint=url,
username="******",
password="******",
repo="busybox")
USER_TEST = dict(endpoint=url, username="******", password="******")
self.conf.set_configurations_of_ldap(
ldap_filter="",
ldap_group_attribute_name="cn",
ldap_group_base_dn="ou=groups,dc=example,dc=com",
ldap_group_search_filter="objectclass=groupOfNames",
ldap_group_search_scope=2,
**ADMIN_CLIENT)
with created_project(metadata={"public": "false"}) as (project_id,
project_name):
self.project.add_project_members(
project_id,
member_role_id=1,
_ldap_group_dn="cn=harbor_admin,ou=groups,dc=example,dc=com",
**ADMIN_CLIENT)
self.project.add_project_members(
project_id,
member_role_id=2,
_ldap_group_dn="cn=harbor_dev,ou=groups,dc=example,dc=com",
**ADMIN_CLIENT)
self.project.add_project_members(
project_id,
member_role_id=3,
_ldap_group_dn="cn=harbor_guest,ou=groups,dc=example,dc=com",
**ADMIN_CLIENT)
projects = self.project.get_projects(dict(name=project_name),
**USER_ADMIN)
self.assertTrue(len(projects) == 1)
self.assertEqual(1, projects[0].current_user_role_id)
repo_name_admin, _ = push_image_to_project(
project_name, harbor_server, USER_ADMIN["username"],
USER_ADMIN["password"], USER_ADMIN["repo"], "latest")
artifacts = self.artifact.list_artifacts(project_name,
USER_ADMIN["repo"],
**USER_ADMIN)
self.assertTrue(len(artifacts) == 1)
repo_name_dev, _ = push_image_to_project(
project_name, harbor_server, USER_DEV["username"],
USER_DEV["password"], USER_DEV["repo"], "latest")
artifacts = self.artifact.list_artifacts(project_name,
USER_DEV["repo"],
**USER_DEV)
self.assertTrue(len(artifacts) == 1)
push_image_to_project(project_name, harbor_server,
USER_GUEST["username"],
USER_GUEST["password"], USER_GUEST["repo"],
"latest")
artifacts = self.artifact.list_artifacts(project_name,
USER_GUEST["repo"],
**USER_GUEST)
self.assertTrue(len(artifacts) == 0)
self.assertTrue(
self.project.query_user_logs(project_name, **USER_ADMIN) > 0,
"admin user can see logs")
self.assertTrue(
self.project.query_user_logs(project_name, **USER_DEV) > 0,
"dev user can see logs")
self.assertTrue(
self.project.query_user_logs(project_name, **USER_GUEST) > 0,
"guest user can see logs")
self.assertTrue(
self.project.query_user_logs(project_name,
status_code=403,
**USER_TEST) == 0,
"test user can not see any logs")
self.repo.delete_repoitory(project_name,
repo_name_admin.split('/')[1],
**USER_ADMIN)
self.repo.delete_repoitory(project_name,
repo_name_dev.split('/')[1],
**USER_ADMIN)
class TestProjects(unittest.TestCase):
@classmethod
def setUpClass(self):
self.project = Project()
self.user = User()
self.artifact = Artifact()
self.repo = Repository()
self.url = ADMIN_CLIENT["endpoint"]
self.user_push_index_password = "******"
self.index_name = "ci_test_index"
self.index_tag = "test_tag"
self.image_a = "alpine"
self.image_b = "busybox"
@classmethod
def tearDownClass(self):
print("Case completed")
@unittest.skipIf(TEARDOWN == False, "Test data won't be erased.")
def test_ClearData(self):
#1. Delete repository(RA,RB,IA) by user(UA);
self.repo.delete_repoitory(TestProjects.project_push_index_name,
self.index_name, **TestProjects.USER_CLIENT)
self.repo.delete_repoitory(TestProjects.project_push_index_name,
self.image_a, **TestProjects.USER_CLIENT)
self.repo.delete_repoitory(TestProjects.project_push_index_name,
self.image_b, **TestProjects.USER_CLIENT)
#2. Delete project(PA);
self.project.delete_project(TestProjects.project_push_index_id,
**TestProjects.USER_CLIENT)
#3. Delete user(UA).
self.user.delete_user(TestProjects.user_id, **ADMIN_CLIENT)
def testAddIndexByDockerManifest(self):
"""
Test case:
Push Index By Docker Manifest
Test step and expected result:
1. Create a new user(UA);
2. Create a new project(PA) by user(UA);
3. Create 2 new repositorys(RA,RB) in project(PA) by user(UA);
4. Push an index(IA) to Harbor by docker manifest CLI successfully;
5. Get Artifacts successfully;
6. Get index(IA) by reference successfully;
7. Verify harbor index is index(IA) pushed by docker manifest CLI;
8.1 Verify harbor index(IA) can be pulled by docker CLI successfully;
8.2 Verify harbor index(IA) can be pulled by docker CLI successfully;
9. Get addition successfully;
10. Unable to Delete artifact in manifest list;
11. Delete index successfully.
Tear down:
1. Delete repository(RA,RB,IA) by user(UA);
2. Delete project(PA);
3. Delete user(UA).
"""
#1. Create a new user(UA);
TestProjects.user_id, user_name = self.user.create_user(
user_password=self.user_push_index_password, **ADMIN_CLIENT)
TestProjects.USER_CLIENT = dict(endpoint=self.url,
username=user_name,
password=self.user_push_index_password)
#2. Create a new project(PA) by user(UA);
TestProjects.project_push_index_id, TestProjects.project_push_index_name = self.project.create_project(
metadata={"public": "false"}, **TestProjects.USER_CLIENT)
#3. Create 2 new repositorys(RA,RB) in project(PA) by user(UA);
repo_name_a, tag_a = push_image_to_project(
TestProjects.project_push_index_name, harbor_server, 'admin',
'Harbor12345', self.image_a, "latest")
repo_name_b, tag_b = push_image_to_project(
TestProjects.project_push_index_name, harbor_server, 'admin',
'Harbor12345', self.image_b, "latest")
#4. Push an index(IA) to Harbor by docker manifest CLI successfully;
manifests = [
harbor_server + "/" + repo_name_a + ":" + tag_a,
harbor_server + "/" + repo_name_b + ":" + tag_b
]
index = harbor_server + "/" + TestProjects.project_push_index_name + "/" + self.index_name + ":" + self.index_tag
index_sha256_cli_ret, manifests_sha256_cli_ret = library.docker_api.docker_manifest_push_to_harbor(
index, manifests, harbor_server, user_name,
self.user_push_index_password)
#5. Get Artifacts successfully;
artifacts = self.artifact.list_artifacts(
TestProjects.project_push_index_name, self.index_name,
**TestProjects.USER_CLIENT)
artifacts_ref_child_list = [
artifacts[0].references[1].child_digest,
artifacts[0].references[0].child_digest
]
self.assertEqual(
artifacts_ref_child_list.count(manifests_sha256_cli_ret[0]), 1)
self.assertEqual(
artifacts_ref_child_list.count(manifests_sha256_cli_ret[1]), 1)
#6. Get index(IA) by reference successfully;
index_data = self.artifact.get_reference_info(
TestProjects.project_push_index_name, self.index_name,
self.index_tag, **TestProjects.USER_CLIENT)
manifests_sha256_harbor_ret = [
index_data[0].references[1].child_digest,
index_data[0].references[0].child_digest
]
#7. Verify harbor index is index(IA) pushed by docker manifest CLI;
self.assertEqual(index_data[0].digest, index_sha256_cli_ret)
self.assertEqual(
manifests_sha256_harbor_ret.count(manifests_sha256_cli_ret[0]), 1)
self.assertEqual(
manifests_sha256_harbor_ret.count(manifests_sha256_cli_ret[1]), 1)
#8.1 Verify harbor index(IA) can be pulled by docker CLI successfully;
pull_harbor_image(
harbor_server, user_name, self.user_push_index_password,
TestProjects.project_push_index_name + "/" + self.index_name,
self.index_tag)
#8.2 Verify harbor index(IA) can be pulled by ctr successfully;
oci_ref = harbor_server + "/" + TestProjects.project_push_index_name + "/" + self.index_name + ":" + self.index_tag
library.containerd.ctr_images_pull(user_name,
self.user_push_index_password,
oci_ref)
library.containerd.ctr_images_list(oci_ref=oci_ref)
#9. Get addition successfully;
addition_v = self.artifact.get_addition(
TestProjects.project_push_index_name, self.index_name,
self.index_tag, "vulnerabilities", **TestProjects.USER_CLIENT)
self.assertEqual(addition_v[0], '{}')
#This artifact has no build history
addition_v = self.artifact.get_addition(
TestProjects.project_push_index_name, self.index_name,
manifests_sha256_cli_ret[0], "vulnerabilities",
**TestProjects.USER_CLIENT)
self.assertEqual(addition_v[0], '{}')
addition_b = self.artifact.get_addition(
TestProjects.project_push_index_name, self.index_name,
manifests_sha256_cli_ret[0], "build_history",
**TestProjects.USER_CLIENT)
self.assertIn("ADD file:", addition_b[0])
image_data = self.artifact.get_reference_info(
TestProjects.project_push_index_name, self.index_name,
manifests_sha256_cli_ret[0], **TestProjects.USER_CLIENT)
addition_v = self.artifact.get_addition(
TestProjects.project_push_index_name, self.index_name,
manifests_sha256_cli_ret[1], "vulnerabilities",
**TestProjects.USER_CLIENT)
self.assertEqual(addition_v[0], '{}')
addition_b = self.artifact.get_addition(
TestProjects.project_push_index_name, self.index_name,
manifests_sha256_cli_ret[1], "build_history",
**TestProjects.USER_CLIENT)
self.assertIn("ADD file:", addition_b[0])
image_data = self.artifact.get_reference_info(
TestProjects.project_push_index_name, self.index_name,
manifests_sha256_cli_ret[0], **TestProjects.USER_CLIENT)
#10. Unable to Delete artifact in manifest list;
self.artifact.delete_artifact(TestProjects.project_push_index_name,
self.index_name,
manifests_sha256_cli_ret[0],
expect_status_code=412,
**TestProjects.USER_CLIENT)
#11. Delete index successfully.
self.artifact.delete_artifact(TestProjects.project_push_index_name,
self.index_name, self.index_tag,
**TestProjects.USER_CLIENT)
class TestProjects(unittest.TestCase):
"""
Test case:
Tag Retention
Setup:
Create Project test-retention
Push image test1:1.0, test1:2.0, test1:3.0,latest, test2:1.0, test2:latest, test3:1.0, test4:1.0
Test Steps:
1. Create Retention Policy
2. Add rule "For the repositories matching **, retain always with tags matching latest*"
3. Add rule "For the repositories matching test3*, retain always with tags matching **"
4. Dry run, check execution and tasks
5. Real run, check images retained
Tear Down:
1. Delete project test-retention
"""
@classmethod
def setUpClass(self):
self.user = User()
self.system = System()
self.repo = Repository()
self.project = Project()
self.retention = Retention()
self.artifact = Artifact()
self.repo_name_1 = "test1"
def testTagRetention(self):
user_ra_password = "******"
user_ra_id, user_ra_name = self.user.create_user(
user_password=user_ra_password, **ADMIN_CLIENT)
print("Created user: %s, id: %s" % (user_ra_name, user_ra_id))
TestProjects.USER_RA_CLIENT = dict(endpoint=ADMIN_CLIENT["endpoint"],
username=user_ra_name,
password=user_ra_password)
TestProjects.user_ra_id = int(user_ra_id)
TestProjects.project_src_repo_id, TestProjects.project_src_repo_name = self.project.create_project(
metadata={"public": "false"}, **TestProjects.USER_RA_CLIENT)
# Push image test1:1.0, test1:2.0, test1:3.0,latest, test2:1.0, test2:latest, test3:1.0
push_special_image_to_project(TestProjects.project_src_repo_name,
harbor_server, user_ra_name,
user_ra_password, self.repo_name_1,
['1.0'])
push_special_image_to_project(TestProjects.project_src_repo_name,
harbor_server, user_ra_name,
user_ra_password, self.repo_name_1,
['2.0'])
push_special_image_to_project(TestProjects.project_src_repo_name,
harbor_server, user_ra_name,
user_ra_password, self.repo_name_1,
['3.0', 'latest'])
push_special_image_to_project(TestProjects.project_src_repo_name,
harbor_server, user_ra_name,
user_ra_password, "test2", ['1.0'])
push_special_image_to_project(TestProjects.project_src_repo_name,
harbor_server, user_ra_name,
user_ra_password, "test2", ['latest'])
push_special_image_to_project(TestProjects.project_src_repo_name,
harbor_server, user_ra_name,
user_ra_password, "test3", ['1.0'])
push_special_image_to_project(TestProjects.project_src_repo_name,
harbor_server, user_ra_name,
user_ra_password, "test4", ['1.0'])
tags = list_image_tags(
harbor_server,
TestProjects.project_src_repo_name + "/" + self.repo_name_1,
user_ra_name, user_ra_password)
#Delete all tags of "artifact3" in repostory "image1";
self.artifact.delete_tag(TestProjects.project_src_repo_name,
self.repo_name_1, "3.0", "latest",
**TestProjects.USER_RA_CLIENT)
self.artifact.delete_tag(TestProjects.project_src_repo_name,
self.repo_name_1, "3.0", "3.0",
**TestProjects.USER_RA_CLIENT)
tags = list_image_tags(
harbor_server,
TestProjects.project_src_repo_name + "/" + self.repo_name_1,
user_ra_name, user_ra_password)
resp = self.repo.list_repositories(TestProjects.project_src_repo_name,
**TestProjects.USER_RA_CLIENT)
self.assertEqual(len(resp), 4)
# Create Retention Policy
retention_id = self.retention.create_retention_policy(
TestProjects.project_src_repo_id,
selector_repository="**",
selector_tag="latest*",
expect_status_code=201,
**TestProjects.USER_RA_CLIENT)
# Add rule
self.retention.update_retention_add_rule(retention_id,
selector_repository="test3*",
selector_tag="**",
expect_status_code=200,
**TestProjects.USER_RA_CLIENT)
# Dry run
self.retention.trigger_retention_policy(retention_id,
dry_run=True,
**TestProjects.USER_RA_CLIENT)
time.sleep(10)
resp = self.retention.get_retention_executions(
retention_id, **TestProjects.USER_RA_CLIENT)
self.assertTrue(len(resp) > 0)
execution = resp[0]
resp = self.retention.get_retention_exec_tasks(
retention_id, execution.id, **TestProjects.USER_RA_CLIENT)
self.assertEqual(len(resp), 4)
resp = self.retention.get_retention_exec_task_log(
retention_id, execution.id, resp[0].id,
**TestProjects.USER_RA_CLIENT)
#For Debug:
print("Task 0 log begin:-----------------------------")
i = 0
for line in resp.split("\n"):
print("Line" + str(i) + ": " + line)
i = i + 1
print("Task 0 log end:-----------------------------")
# Real run
self.retention.trigger_retention_policy(retention_id,
dry_run=False,
**TestProjects.USER_RA_CLIENT)
time.sleep(10)
resp = self.retention.get_retention_executions(
retention_id, **TestProjects.USER_RA_CLIENT)
self.assertTrue(len(resp) > 1)
execution = resp[0]
resp = self.retention.get_retention_exec_tasks(
retention_id, execution.id, **TestProjects.USER_RA_CLIENT)
self.assertEqual(len(resp), 4)
resp = self.retention.get_retention_exec_task_log(
retention_id, execution.id, resp[0].id,
**TestProjects.USER_RA_CLIENT)
print(resp)
# TODO As the repository isn't deleted when no tags left anymore
# TODO we should check the artifact/tag count here
# resp=self.repo.list_repositories(TestProjects.project_src_repo_id, **TestProjects.USER_RA_CLIENT)
# self.assertEqual(len(resp), 3)
#List artifacts successfully;
artifacts = self.artifact.list_artifacts(
TestProjects.project_src_repo_name, self.repo_name_1,
**TestProjects.USER_RA_CLIENT)
print artifacts
# 'test1' has 3 artifacts, artifact1 with tag '1.0' and artifact2 with tag '2.0' should be deleted because they doesn't match 'latest'
# artifact3 should be retained because it has no tag, so count of artifacts should be 1.
# TODO: This verfication should be enhanced by verify sha256 at the same time;
self.assertTrue(len(artifacts) == 1)
@classmethod
def tearDownClass(self):
print "Case completed"
class TestAssignRoleToLdapGroup(unittest.TestCase):
@suppress_urllib3_warning
def setUp(self):
self.conf = Configurations()
self.project = Project()
self.artifact = Artifact()
self.repo = Repository()
self.user = User()
@unittest.skipIf(TEARDOWN == False, "Test data won't be erased.")
def tearDown(self):
print("Case completed")
def testAssignRoleToLdapGroup(self):
"""
Test case:
Assign Role To Ldap Group
Test step and expected result:
1. Set LDAP Auth configurations;
2. Create a new public project(PA) by Admin;
3. Add 3 member groups to project(PA);
4. Push image by each member role;
5. Verfify that admin_user can add project member, dev_user and guest_user can not add project member;
6. Verfify that admin_user and dev_user can push image, guest_user can not push image;
7. Verfify that admin_user, dev_user and guest_user can view logs, test user can not view logs.
8. Delete repository(RA) by user(UA);
9. Delete project(PA);
"""
url = ADMIN_CLIENT["endpoint"]
USER_ADMIN = dict(endpoint=url,
username="******",
password="******",
repo="haproxy")
USER_DEV = dict(endpoint=url,
username="******",
password="******",
repo="alpine")
USER_GUEST = dict(endpoint=url,
username="******",
password="******",
repo="busybox")
USER_TEST = dict(endpoint=url, username="******", password="******")
USER_MIKE = dict(endpoint=url, username="******", password="******")
#USER001 is in group harbor_group3
self.conf.set_configurations_of_ldap(
ldap_filter="",
ldap_group_attribute_name="cn",
ldap_group_base_dn="ou=groups,dc=example,dc=com",
ldap_group_search_filter="objectclass=groupOfNames",
ldap_group_search_scope=2,
**ADMIN_CLIENT)
with created_project(metadata={"public": "false"}) as (project_id,
project_name):
self.project.add_project_members(
project_id,
member_role_id=1,
_ldap_group_dn="cn=harbor_admin,ou=groups,dc=example,dc=com",
**ADMIN_CLIENT)
self.project.add_project_members(
project_id,
member_role_id=2,
_ldap_group_dn="cn=harbor_dev,ou=groups,dc=example,dc=com",
**ADMIN_CLIENT)
self.project.add_project_members(
project_id,
member_role_id=3,
_ldap_group_dn="cn=harbor_guest,ou=groups,dc=example,dc=com",
**ADMIN_CLIENT)
projects = self.project.get_projects(dict(name=project_name),
**USER_ADMIN)
self.assertTrue(len(projects) == 1)
self.assertEqual(1, projects[0].current_user_role_id)
#Mike has logged in harbor in previous test.
mike = self.user.get_user_by_name(USER_MIKE["username"],
**ADMIN_CLIENT)
#Verify role difference in add project member feature, to distinguish between admin and dev role
self.project.add_project_members(project_id,
user_id=mike.user_id,
member_role_id=3,
**USER_ADMIN)
self.project.add_project_members(project_id,
user_id=mike.user_id,
member_role_id=3,
expect_status_code=403,
**USER_DEV)
self.project.add_project_members(project_id,
user_id=mike.user_id,
member_role_id=3,
expect_status_code=403,
**USER_GUEST)
repo_name_admin, _ = push_image_to_project(
project_name, harbor_server, USER_ADMIN["username"],
USER_ADMIN["password"], USER_ADMIN["repo"], "latest")
artifacts = self.artifact.list_artifacts(project_name,
USER_ADMIN["repo"],
**USER_ADMIN)
self.assertTrue(len(artifacts) == 1)
repo_name_dev, _ = push_image_to_project(
project_name, harbor_server, USER_DEV["username"],
USER_DEV["password"], USER_DEV["repo"], "latest")
artifacts = self.artifact.list_artifacts(project_name,
USER_DEV["repo"],
**USER_DEV)
self.assertTrue(len(artifacts) == 1)
push_image_to_project(
project_name,
harbor_server,
USER_GUEST["username"],
USER_GUEST["password"],
USER_GUEST["repo"],
"latest",
expected_error_message="unauthorized to access repository")
artifacts = self.artifact.list_artifacts(project_name,
USER_GUEST["repo"],
**USER_GUEST)
self.assertTrue(len(artifacts) == 0)
self.assertTrue(
self.project.query_user_logs(project_name, **USER_ADMIN) > 0,
"admin user can see logs")
self.assertTrue(
self.project.query_user_logs(project_name, **USER_DEV) > 0,
"dev user can see logs")
self.assertTrue(
self.project.query_user_logs(project_name, **USER_GUEST) > 0,
"guest user can see logs")
self.assertTrue(
self.project.query_user_logs(project_name,
status_code=403,
**USER_TEST) == 0,
"test user can not see any logs")
self.repo.delete_repository(project_name,
repo_name_admin.split('/')[1],
**USER_ADMIN)
self.repo.delete_repository(project_name,
repo_name_dev.split('/')[1],
**USER_ADMIN)
class TestProjects(unittest.TestCase):
user_id = None
project_push_chart_id = None
USER_CLIENT = None
project_push_chart_name = None
@suppress_urllib3_warning
def setUp(self):
self.project = Project()
self.user = User()
self.artifact = Artifact()
self.repo = Repository()
self.url = ADMIN_CLIENT["endpoint"]
self.user_push_chart_password = "******"
self.chart_file_name = "harbor-helm-1.7.3"
self.chart_file_package_name = "harbor-1.7.3.tgz"
self.chart_file_path = files_directory + "harbor-helm-1.7.3.tar.gz"
self.version = "1.7.3"
self.repo_name = "harbor"
@unittest.skipIf(TEARDOWN is False, "Test data won't be erased.")
def tearDown(self):
# 1. Delete repository chart(CA) by user(UA);
self.repo.delete_repository(TestProjects.project_push_chart_name,
self.repo_name, **TestProjects.USER_CLIENT)
# 2. Delete project(PA);
self.project.delete_project(TestProjects.project_push_chart_id,
**TestProjects.USER_CLIENT)
# 3. Delete user(UA).
self.user.delete_user(TestProjects.user_id, **ADMIN_CLIENT)
def testPushChartByHelmChartCLI(self):
"""
Test case:
Push Chart File By Helm3.7 CLI
Test step and expected result:
1. Create a new user(UA);
2. Create a new project(PA) by user(UA);
3. Push an chart(CA) to Harbor by helm3.7 CLI successfully;
4. List artifacts successfully;
5. Get chart(CA) by reference successfully;
6. Get addition successfully;
7. Delete chart by reference successfully.
Tear down:
1. Delete repository chart(CA) by user(UA);
2. Delete project(PA);
3. Delete user(UA).
"""
# 1. Create a new user(UA);
TestProjects.user_id, user_name = self.user.create_user(
user_password=self.user_push_chart_password, **ADMIN_CLIENT)
TestProjects.USER_CLIENT = dict(endpoint=self.url,
username=user_name,
password=self.user_push_chart_password)
# 2. Create a new project(PA) by user(UA);
TestProjects.project_push_chart_id, TestProjects.project_push_chart_name = self.project.create_project(
metadata={"public": "false"}, **TestProjects.USER_CLIENT)
# 3 Push an chart(CA) to Harbor by helm3.7 CLI successfully;
command = ["tar", "zxf", self.chart_file_path]
base.run_command(command)
# 3.1 helm3_7_registry_login;
helm.helm3_7_registry_login(ip=harbor_server,
user=user_name,
password=self.user_push_chart_password)
# 3.2 helm3_7_package;
helm.helm3_7_package(file_path=self.chart_file_name)
# 3.2 helm3_7_push;
helm.helm3_7_push(file_path=self.chart_file_package_name,
ip=harbor_server,
project_name=TestProjects.project_push_chart_name)
# 4. List artifacts successfully;
artifacts = self.artifact.list_artifacts(
TestProjects.project_push_chart_name, self.repo_name,
**TestProjects.USER_CLIENT)
self.assertEqual(artifacts[0].type, 'CHART')
self.assertEqual(artifacts[0].tags[0].name, self.version)
# 5.1 Get chart(CA) by reference successfully;
artifact = self.artifact.get_reference_info(
TestProjects.project_push_chart_name, self.repo_name, self.version,
**TestProjects.USER_CLIENT)
self.assertEqual(artifact.type, 'CHART')
self.assertEqual(artifact.tags[0].name, self.version)
# 6. Get addition successfully;
addition_r = self.artifact.get_addition(
TestProjects.project_push_chart_name, self.repo_name, self.version,
"readme.md", **TestProjects.USER_CLIENT)
self.assertIn("Helm Chart for Harbor", addition_r[0])
addition_v = self.artifact.get_addition(
TestProjects.project_push_chart_name, self.repo_name, self.version,
"values.yaml", **TestProjects.USER_CLIENT)
self.assertIn("expose", addition_v[0])
# 7. Delete chart by reference successfully.
self.artifact.delete_artifact(TestProjects.project_push_chart_name,
self.repo_name, self.version,
**TestProjects.USER_CLIENT)
class TestCosign(unittest.TestCase):
@suppress_urllib3_warning
def setUp(self):
self.project = Project()
self.user = User()
self.artifact = Artifact()
self.repo = Repository()
self.image = "alpine"
self.tag = "latest"
self.expect_accessory_type = "signature.cosign"
@unittest.skipIf(TEARDOWN == False, "Test data won't be erased.")
def tearDown(self):
#1. Delete repository by user(UA);
self.repo.delete_repository(TestCosign.project_name, self.image,
**TestCosign.user_client)
#2. Delete project(PA);
self.project.delete_project(TestCosign.project_id,
**TestCosign.user_client)
#3. Delete user(UA).
self.user.delete_user(TestCosign.user_id, **ADMIN_CLIENT)
def testCosignArtifact(self):
"""
Test case:
Cosign Artifact API
Test step and expected result:
1. Create a new user(UA);
2. Create a new project(PA) by user(UA);
3. Push a new image(IA) in project(PA) by user(UA);
4. Verify that the image (IA) is not signed by cosign;
5. Sign image(IA) with cosign;
6. Verify that the image (IA) is signed by cosign;
Tear down:
1. Delete project(PA);
2. Delete user(UA).
"""
url = ADMIN_CLIENT["endpoint"]
user_password = "******"
# 1. Create user(UA)
TestCosign.user_id, user_name = self.user.create_user(
user_password=user_password, **ADMIN_CLIENT)
TestCosign.user_client = dict(endpoint=url,
username=user_name,
password=user_password,
with_accessory=True)
# 2.1. Create private project(PA) by user(UA)
TestCosign.project_id, TestCosign.project_name = self.project.create_project(
metadata={"public": "false"}, **TestCosign.user_client)
# 2.2. Get private project of uesr-001, uesr-001 can see only one private project which is project-001
self.project.projects_should_exist(
dict(public=False),
expected_count=1,
expected_project_id=TestCosign.project_id,
**TestCosign.user_client)
# 3. Push a new image(IA) in project(PA) by user(UA)
TestCosign.repo_name, tag = push_self_build_image_to_project(
TestCosign.project_name, harbor_server, user_name, user_password,
self.image, self.tag)
# 4.1. Verify list_artifacts API;
artifact_list = self.artifact.list_artifacts(TestCosign.project_name,
self.image,
**TestCosign.user_client)
first_artifact = artifact_list[0]
artifact_reference = first_artifact.digest
self.assertTrue(len(artifact_list) == 1)
self.assertIsNone(artifact_list[0].accessories)
# 4.2. Verify get_reference_info API;
artifact_info = self.artifact.get_reference_info(
TestCosign.project_name, self.image, artifact_reference,
**TestCosign.user_client)
self.assertIsNone(artifact_info.accessories)
# 4.3. Verify list_accessories API;
accessory_list = self.artifact.list_accessories(
TestCosign.project_name, self.image, artifact_reference,
**TestCosign.user_client)
self.assertTrue(len(accessory_list) == 0)
# 5.1. Generate cosign key pair;
cosign.generate_key_pair()
# 5.2. Generate cosign key pair;
docker_api.docker_login_cmd(harbor_server,
user_name,
user_password,
enable_manifest=False)
cosign.sign_artifact("{}/{}/{}:{}".format(harbor_server,
TestCosign.project_name,
self.image, self.tag))
# 6.1. Verify list_artifacts API;
artifact_list = self.artifact.list_artifacts(TestCosign.project_name,
self.image,
**TestCosign.user_client)
self.assertTrue(len(artifact_list) == 1)
first_artifact = artifact_list[0]
self.assertTrue(len(first_artifact.accessories) == 1)
first_accessory = first_artifact.accessories[0]
self.assertEqual(first_accessory.type, self.expect_accessory_type)
accessory_reference = first_accessory.digest
# 6.2. Verify get_reference_info API;
artifact_info = self.artifact.get_reference_info(
TestCosign.project_name, self.image, artifact_reference,
**TestCosign.user_client)
self.assertEqual(artifact_info.accessories[0].type,
self.expect_accessory_type)
# 6.3. Verify list_accessories API;
accessory_list = self.artifact.list_accessories(
TestCosign.project_name, self.image, artifact_reference,
**TestCosign.user_client)
self.assertTrue(len(accessory_list) == 1)
self.assertEqual(accessory_list[0].type, self.expect_accessory_type)
# 6.4. Verify list_accessories API;
accessory_info = self.artifact.get_reference_info(
TestCosign.project_name, self.image, accessory_reference,
**TestCosign.user_client)
self.assertEqual(accessory_info.digest, accessory_reference)
