class TestProjects(unittest.TestCase):
@classmethod
def setUpClass(self):
self.project= Project()
self.user= User()
self.chart= Chart()
self.url = ADMIN_CLIENT["endpoint"]
self.chart_api_url = CHART_API_CLIENT['endpoint']
self.user_push_chart_password = "******"
self.chart_file = "https://storage.googleapis.com/harbor-builds/helm-chart-test-files/harbor-0.2.0.tgz"
self.archive = "harbor/"
self.CHART_NAME=self.archive.replace("/", "")
self.verion = "0.2.0"
self.chart_repo_name = "chart_local"
self.repo_name = "harbor_api_test"
@classmethod
def tearDownClass(self):
print("Case completed")
@unittest.skipIf(TEARDOWN == False, "Test data won't be erased.")
def test_ClearData(self):
#1. Delete user(UA).
self.user.delete_user(TestProjects.user_id, **ADMIN_CLIENT)
def testPushChartToChartRepoByHelm2WithRobotAccount(self):
"""
Test case:
Push Chart File To Chart Repository By Helm V2 With Robot Account
Test step and expected result:
1. Create a new user(UA);
2. Create private project(PA) with user(UA);
3. Create a new robot account(RA) with full priviliges in project(PA) with user(UA);
4. Push chart to project(PA) by Helm2 CLI with robot account(RA);
5. Get chart repositry from project(PA) successfully;
Tear down:
1. Delete user(UA).
"""
#1. Create user(UA);
TestProjects.user_id, user_name = self.user.create_user(user_password = self.user_push_chart_password, **ADMIN_CLIENT)
TestProjects.USER_CLIENT=dict(endpoint = self.url, username = user_name, password = self.user_push_chart_password)
TestProjects.API_CHART_CLIENT=dict(endpoint = self.chart_api_url, username = user_name, password = self.user_push_chart_password)
#2. Create private project(PA) with user(UA);
TestProjects.project_id, TestProjects.project_name = self.project.create_project(metadata = {"public": "false"}, **TestProjects.USER_CLIENT)
#3. Create a new robot account(RA) with full priviliges in project(PA) with user(UA);
robot_id, robot_account = self.project.add_project_robot_account(TestProjects.project_id, TestProjects.project_name,
2441000531 ,**TestProjects.USER_CLIENT)
#4. Push chart to project(PA) by Helm2 CLI with robot account(RA);"
library.helm.helm2_add_repo(self.chart_repo_name, "https://"+harbor_server, TestProjects.project_name, robot_account.name, robot_account.token)
library.helm.helm2_push(self.chart_repo_name, self.chart_file, TestProjects.project_name, robot_account.name, robot_account.token)
#5. Get chart repositry from project(PA) successfully;
self.chart.chart_should_exist(TestProjects.project_name, self.CHART_NAME, **TestProjects.API_CHART_CLIENT)
#6. Push chart to project(PA) by Helm3 CLI with robot account(RA);
chart_cli_ret = library.helm.helm_chart_push_to_harbor(self.chart_file, self.archive, harbor_server, TestProjects.project_name, self.repo_name, self.verion, robot_account.name, robot_account.token)
class TestProjects(unittest.TestCase):
@suppress_urllib3_warning
def setUp(self):
self.project = Project()
self.user = User()
self.artifact = Artifact()
self.repo = Repository()
self.repo_name = "hello-artifact"
self.tag = "test_v2"
@unittest.skipIf(TEARDOWN == False, "Test data won't be erased.")
def tearDown(self):
#1. Delete user(UA);
self.user.delete_user(TestProjects.user_sign_image_id, **ADMIN_CLIENT)
def testOrasCli(self):
"""
Test case:
Push Artifact With ORAS CLI
Test step and expected result:
1. Create user-001
2. Create a new private project(PA) by user(UA);
3. ORAS CLI push artifacts;
4. Get repository from Harbor successfully, and verfiy repository name is repo pushed by ORAS CLI;
5. Get and verify artifacts by tag;
6. ORAS CLI pull artifacts index by tag;
7. Verfiy MD5 between artifacts pushed by ORAS and artifacts pulled by ORAS;
Tear down:
NA
"""
url = ADMIN_CLIENT["endpoint"]
user_001_password = "******"
#1. Create user-001
TestProjects.user_sign_image_id, user_name = self.user.create_user(user_password = user_001_password, **ADMIN_CLIENT)
TestProjects.USER_CLIENT=dict(with_signature = True, endpoint = url, username = user_name, password = user_001_password)
#2. Create a new private project(PA) by user(UA);
TestProjects.project_id, TestProjects.project_name = self.project.create_project(metadata = {"public": "false"}, **TestProjects.USER_CLIENT)
#3. ORAS CLI push artifacts;
md5_list_push = library.oras.oras_push(harbor_server, user_name, user_001_password, TestProjects.project_name, self.repo_name, self.tag)
#4. Get repository from Harbor successfully, and verfiy repository name is repo pushed by ORAS CLI;
repo_data = self.repo.get_repository(TestProjects.project_name, self.repo_name, **TestProjects.USER_CLIENT)
self.assertEqual(repo_data.name, TestProjects.project_name + "/" + self.repo_name)
#5. Get and verify artifacts by tag;
artifact = self.artifact.get_reference_info(TestProjects.project_name, self.repo_name, self.tag, **TestProjects.USER_CLIENT)
self.assertEqual(artifact.tags[0].name, self.tag)
#6. ORAS CLI pull artifacts index by tag;
md5_list_pull = library.oras.oras_pull(harbor_server, user_name, user_001_password, TestProjects.project_name, self.repo_name, self.tag)
#7. Verfiy MD5 between artifacts pushed by ORAS and artifacts pulled by ORAS;
if set(md5_list_push) != set(md5_list_pull):
raise Exception(r"MD5 check failed with {} and {}.".format(str(md5_list_push), str(md5_list_pull)))
class TestProjects(unittest.TestCase):
@classmethod
def setUpClass(self):
self.project= Project()
self.user= User()
self.repo= Repository()
@classmethod
def tearDownClass(self):
print "Case completed"
@unittest.skipIf(TEARDOWN == False, "Test data won't be erased.")
def test_ClearData(self):
#1. Delete project(PA);
self.project.delete_project(TestProjects.project_del_repo_id, **TestProjects.USER_del_repo_CLIENT)
#2. Delete user(UA).
self.user.delete_user(TestProjects.user_del_repo_id, **ADMIN_CLIENT)
def testDelRepo(self):
"""
Test case:
Delete a repository
Test step and expected result:
1. Create a new user(UA);
2. Create a new project(PA) by user(UA);
3. Create a new repository(RA) in project(PA) by user(UA);
4. Get repository in project(PA), there should be one repository which was created by user(UA);
5. Delete repository(RA) by user(UA);
6. Get repository by user(UA), it should get nothing;
Tear down:
1. Delete project(PA);
2. Delete user(UA).
"""
url = ADMIN_CLIENT["endpoint"]
user_del_repo_password = "******"
#1. Create a new user(UA);
TestProjects.user_del_repo_id, user_del_repo_name = self.user.create_user(user_password = user_del_repo_password, **ADMIN_CLIENT)
TestProjects.USER_del_repo_CLIENT=dict(endpoint = url, username = user_del_repo_name, password = user_del_repo_password)
#2. Create a new project(PA) by user(UA);
TestProjects.project_del_repo_id, TestProjects.project_del_repo_name = self.project.create_project(metadata = {"public": "false"}, **TestProjects.USER_del_repo_CLIENT)
#3. Create a new repository(RA) in project(PA) by user(UA);
repo_name, _ = push_image_to_project(TestProjects.project_del_repo_name, harbor_server, 'admin', 'Harbor12345', "hello-world", "latest")
#4. Get repository in project(PA), there should be one repository which was created by user(UA);
repo_data = self.repo.list_repositories(TestProjects.project_del_repo_name, **TestProjects.USER_del_repo_CLIENT)
_assert_status_code(repo_name, repo_data[0].name)
#5. Delete repository(RA) by user(UA);
self.repo.delete_repoitory(TestProjects.project_del_repo_name, repo_name.split('/')[1], **TestProjects.USER_del_repo_CLIENT)
#6. Get repository by user(UA), it should get nothing;
repo_data = self.repo.list_repositories(TestProjects.project_del_repo_name, **TestProjects.USER_del_repo_CLIENT)
_assert_status_code(len(repo_data), 0)
class TestProjects(unittest.TestCase):
@classmethod
def setUp(self):
self.conf = Configurations()
self.user = User()
@classmethod
def tearDown(self):
print "Case completed"
@unittest.skipIf(TEARDOWN == False, "Test data won't be erased.")
def test_ClearData(self):
#1. Delete user(UA);
self.user.delete_user(TestProjects.user_assign_sys_admin_id,
**ADMIN_CLIENT)
def testAssignSysAdmin(self):
"""
Test case:
Assign Sys Admin
Test step and expected result:
1. Create a new user(UA);
2. Set user(UA) has sysadmin role by admin, check user(UA) can modify system configuration;
3. 3. Set user(UA) has no sysadmin role by admin, check user(UA) can not modify system configuration;
4. Set user(UA) has sysadmin role by admin, check user(UA) can modify system configuration.
Tear down:
1. Delete user(UA).
"""
url = ADMIN_CLIENT["endpoint"]
user_assign_sys_admin_password = "******"
#1. Create a new user(UA);
TestProjects.user_assign_sys_admin_id, user_assign_sys_admin_name = self.user.create_user(
user_password=user_assign_sys_admin_password, **ADMIN_CLIENT)
USER_ASSIGN_SYS_ADMIN_CLIENT = dict(
endpoint=url,
username=user_assign_sys_admin_name,
password=user_assign_sys_admin_password)
#2. Set user(UA) has sysadmin role by admin, check user(UA) can modify system configuration;
self.user.update_user_role_as_sysadmin(
TestProjects.user_assign_sys_admin_id, True, **ADMIN_CLIENT)
self.conf.set_configurations_of_token_expiration(
60, **USER_ASSIGN_SYS_ADMIN_CLIENT)
#3. Set user(UA) has no sysadmin role by admin, check user(UA) can not modify system configuration;
self.user.update_user_role_as_sysadmin(
TestProjects.user_assign_sys_admin_id, False, **ADMIN_CLIENT)
self.conf.set_configurations_of_token_expiration(
70, expect_status_code=403, **USER_ASSIGN_SYS_ADMIN_CLIENT)
#4. Set user(UA) has sysadmin role by admin, check user(UA) can modify system configuration.
self.user.update_user_role_as_sysadmin(
TestProjects.user_assign_sys_admin_id, True, **ADMIN_CLIENT)
self.conf.set_configurations_of_token_expiration(
80, **USER_ASSIGN_SYS_ADMIN_CLIENT)
def created_user(password):
from library.user import User
api = User()
user_id, user_name = api.create_user(user_password=password, **ADMIN_CLIENT)
try:
yield (user_id, user_name)
finally:
if TEARDOWN:
api.delete_user(user_id, **ADMIN_CLIENT)
def created_user(password, _teardown=None):
from library.user import User
api = User()
is_teardown = TEARDOWN
if _teardown in (True, False):
is_teardown = _teardown
user_id, user_name = api.create_user(user_password=password, **ADMIN_CLIENT)
try:
yield (user_id, user_name)
finally:
if is_teardown:
api.delete_user(user_id, **ADMIN_CLIENT)
class TestProjects(unittest.TestCase):
"""UserGroup unit test stubs"""
def setUp(self):
self.project = Project()
self.user= User()
def tearDown(self):
pass
def testAddProjectMember(self):
"""
Test case:
Add a new user to a certain private project as member
Test step and Expectation:
1. Login harbor as admin, then to create a user(UA) with non-admin role;
2. Login harbor as admin, then to create a private project(PA);
3. Login harbor as user(UA), then to get all private projects, projects count must be zero;
4. Login harbor as admin, then to add user(UA) in project(PA);
5. Login harbor as user(UA), then to get all private project, there must be project(PA) only.
"""
url = ADMIN_CLIENT["endpoint"]
user_001_password = "******"
#1. Create user-001
user_001_id, user_001_name = self.user.create_user(user_password = user_001_password, **ADMIN_CLIENT)
self.assertNotEqual(user_001_id, None, msg="Failed to create user, return user is {}".format(user_001_id))
USER_001_CLIENT=dict(endpoint = url, username = user_001_name, password = user_001_password)
#2. Create private project-001
project_001_id, project_001_name = self.project.create_project(metadata = {"public": "false"}, **ADMIN_CLIENT)
self.assertNotEqual(project_001_name, None, msg="Project was created failed, return project name is {} and id is {}.".format(project_001_name, project_001_id))
#3.1 Get private projects of user-001
project_001_data = self.project.get_projects(dict(public=False), **USER_001_CLIENT)
#3.2 Check user-001 has no any private project
self.assertEqual(project_001_data, None, msg="user-001 should has no any private project, but we got {}".format(project_001_data))
#4. Add user-001 as a member of project-001
result = self.project.add_project_members(project_001_id, user_001_id, **ADMIN_CLIENT)
self.assertNotEqual(result, False, msg="Failed to add member user_001 to project_001, result is {}".format(result))
#5 Get private project of uesr-001, uesr-001 can see only one private project which is project-001
project_data = self.project.get_projects(dict(public=False), **USER_001_CLIENT)
self.assertEqual(len(project_data), 1, msg="Private project count should be 1.")
self.assertEqual(str(project_data[0].project_id), str(project_001_id), msg="Project-id check failed, please check this test case.")
class TestProjects(unittest.TestCase):
@suppress_urllib3_warning
def setUp(self):
self.project = Project()
self.user = User()
self.repo = Repository()
@unittest.skipIf(TEARDOWN == False, "Test data won't be erased.")
def tearDown(self):
#1. Delete repository(RA) by admin;
self.repo.delete_repository(TestProjects.project_alice_name, TestProjects.repo_name.split('/')[1], **ADMIN_CLIENT)
#2. Delete project(Alice);
self.project.delete_project(TestProjects.project_alice_id, **ADMIN_CLIENT)
#3. Delete user Alice, Bob and Carol.
self.user.delete_user(TestProjects.user_alice_id, **ADMIN_CLIENT)
self.user.delete_user(TestProjects.user_bob_id, **ADMIN_CLIENT)
self.user.delete_user(TestProjects.user_carol_id, **ADMIN_CLIENT)
def testManageProjectMember(self):
"""
Test case:
Manage Project members
Test step and expected result:
1. Create user Alice, Bob, Carol;
2. Create private project(Alice) by Alice, Add a repository to project(Alice) by Alice;
3. Bob is not a member of project(Alice);
4. Alice Add Bob as a guest member of project(Alice), Check Bob is a guest member of project(Alice);
5. Update role of Bob to developer of project(Alice), Check Bob is developer member of project(Alice);
6. Update role of Bob to admin member of project(Alice), Check Bob is admin member of project(Alice);
7. Bob add Carol to project(Alice) as a guest member, Carol is a member of project(Alice) as a guest;
8. Alice delete Bob from project(Alice),
Bob is no longer a member of project(Alice) and Bob can see project(Alice),
Carol is still a member of project(Alice) as a guest.
Tear down:
1. Delete repository(RA) by admin;
2. Delete project(Alice);
3. Delete user Alice, Bob and Carol.
"""
url = ADMIN_CLIENT["endpoint"]
user_alice_password = "******"
user_bob_password = "******"
user_carol_password = "******"
#1.1 Create user Alice
TestProjects.user_alice_id, user_alice_name = self.user.create_user(user_password = user_alice_password, **ADMIN_CLIENT)
USER_ALICE_CLIENT=dict(endpoint = url, username = user_alice_name, password = user_alice_password)
#1.2 Create user Bob
TestProjects.user_bob_id, user_bob_name = self.user.create_user(user_password = user_bob_password, **ADMIN_CLIENT)
USER_BOB_CLIENT=dict(endpoint = url, username = user_bob_name, password = user_bob_password)
#1.3 Create user Carol
TestProjects.user_carol_id, user_carol_name = self.user.create_user(user_password = user_carol_password, **ADMIN_CLIENT)
#2.1 Create private project(PA) by Alice
TestProjects.project_alice_id, TestProjects.project_alice_name = self.project.create_project(metadata = {"public": "false"}, **USER_ALICE_CLIENT)
#2.2 Add a repository to project(PA) by Alice
TestProjects.repo_name, _ = push_self_build_image_to_project(TestProjects.project_alice_name, harbor_server, user_alice_name, user_alice_password, "hello-world", "latest")
#3. Bob is not a member of project(PA);
self.project.check_project_member_not_exist(TestProjects.project_alice_id, user_bob_name, **USER_ALICE_CLIENT)
#4.1 Alice Add Bob as a guest member of project(PA)
member_id_bob = self.project.add_project_members(TestProjects.project_alice_id, user_id=TestProjects.user_bob_id, member_role_id = 3, **USER_ALICE_CLIENT)
#4.2 Check Bob is a guest member of project(PA)
self.project.check_project_members_exist(TestProjects.project_alice_id, user_bob_name, expected_member_role_id = 3, user_name = user_bob_name, user_password = user_bob_password, **USER_ALICE_CLIENT)
#5.1 Update role of Bob to developer of project(PA)
self.project.update_project_member_role(TestProjects.project_alice_id, member_id_bob, 2, **USER_ALICE_CLIENT)
#5.2 Check Bob is developer member of project(PA)
self.project.check_project_members_exist(TestProjects.project_alice_id, user_bob_name, expected_member_role_id = 2, user_name = user_bob_name, user_password = user_bob_password, **USER_ALICE_CLIENT)
#6.1 Update role of Bob to admin member of project(PA)
self.project.update_project_member_role(TestProjects.project_alice_id, member_id_bob, 1, **USER_ALICE_CLIENT)
#6.2 Check Bob is admin member of project(PA)
self.project.check_project_members_exist(TestProjects.project_alice_id, user_bob_name, expected_member_role_id = 1, user_name = user_bob_name, user_password = user_bob_password, **USER_ALICE_CLIENT)
#7.1 Bob add Carol to project(PA) as a guest member.
self.project.add_project_members(TestProjects.project_alice_id, TestProjects.user_carol_id, member_role_id = 3, **USER_BOB_CLIENT)
#7.2 Carol is a member of project(PA) as a guest.
self.project.check_project_members_exist(TestProjects.project_alice_id, user_carol_name, expected_member_role_id = 3, user_name = user_carol_name, user_password = user_carol_password, **USER_ALICE_CLIENT)
#8.1 Alice delete Bob from project(PA).
self.project.delete_project_member(TestProjects.project_alice_id, member_id_bob, **USER_ALICE_CLIENT)
#8.2 Bob is no longer a member of project(PA) and Bob can see project(PA).
self.project.check_project_member_not_exist(TestProjects.project_alice_id, user_bob_name, **USER_ALICE_CLIENT)
#8.3 Carol is still a member of project(PA) as a guest.
self.project.check_project_members_exist(TestProjects.project_alice_id, user_carol_name, expected_member_role_id = 3, user_name = user_carol_name, user_password = user_carol_password, **USER_ALICE_CLIENT)
class TestStopScanAll(unittest.TestCase):
@suppress_urllib3_warning
def setUp(self):
self.project = Project()
self.user = User()
self.artifact = Artifact()
self.repo = Repository()
self.scan_all = ScanAll()
self.stop_scan_all = StopScanAll()
@unittest.skipIf(TEARDOWN == False, "Test data won't be erased.")
def tearDown(self):
#1. Delete Alice's repository and Luca's repository;
self.repo.delete_repository(
TestStopScanAll.project_Alice_name,
TestStopScanAll.repo_Alice_name.split('/')[1], **ADMIN_CLIENT)
self.repo.delete_repository(
TestStopScanAll.project_Luca_name,
TestStopScanAll.repo_Luca_name.split('/')[1], **ADMIN_CLIENT)
#2. Delete Alice's project and Luca's project;
self.project.delete_project(TestStopScanAll.project_Alice_id,
**ADMIN_CLIENT)
self.project.delete_project(TestStopScanAll.project_Luca_id,
**ADMIN_CLIENT)
#3. Delete user Alice and Luca.
self.user.delete_user(TestStopScanAll.user_Alice_id, **ADMIN_CLIENT)
self.user.delete_user(TestStopScanAll.user_Luca_id, **ADMIN_CLIENT)
print("Case completed")
def testSystemLevelScanALL(self):
"""
Test case:
System level Stop Scan All
Test step and expected result:
1. Create user Alice and Luca;
2. Create 2 new private projects project_Alice and project_Luca;
3. Push a image to project_Alice and push another image to project_Luca;
4. Trigger scan all event;
5. Send stop scan all request.
Tear down:
1. Delete Alice's repository and Luca's repository;
2. Delete Alice's project and Luca's project;
3. Delete user Alice and Luca.
"""
url = ADMIN_CLIENT["endpoint"]
user_common_password = "******"
#1. Create user Alice and Luca;
TestStopScanAll.user_Alice_id, user_Alice_name = self.user.create_user(
user_password=user_common_password, **ADMIN_CLIENT)
TestStopScanAll.user_Luca_id, user_Luca_name = self.user.create_user(
user_password=user_common_password, **ADMIN_CLIENT)
USER_ALICE_CLIENT = dict(endpoint=url,
username=user_Alice_name,
password=user_common_password,
with_scan_overview=True)
USER_LUCA_CLIENT = dict(endpoint=url,
username=user_Luca_name,
password=user_common_password,
with_scan_overview=True)
#2. Create 2 new private projects project_Alice and project_Luca;
TestStopScanAll.project_Alice_id, TestStopScanAll.project_Alice_name = self.project.create_project(
metadata={"public": "false"}, **USER_ALICE_CLIENT)
TestStopScanAll.project_Luca_id, TestStopScanAll.project_Luca_name = self.project.create_project(
metadata={"public": "false"}, **USER_LUCA_CLIENT)
#3. Push a image to project_Alice and push another image to project_Luca;
#Note: Please make sure that this Image has never been pulled before by any other cases,
# so it is a not-scanned image rigth after repository creation.
#image = "tomcat"
image_a = "mariadb"
src_tag = "latest"
#3.1 Push a image to project_Alice;
TestStopScanAll.repo_Alice_name, tag_Alice = push_self_build_image_to_project(
TestStopScanAll.project_Alice_name, harbor_server, user_Alice_name,
user_common_password, image_a, src_tag)
#Note: Please make sure that this Image has never been pulled before by any other cases,
# so it is a not-scanned image rigth after repository creation.
image_b = "httpd"
src_tag = "latest"
#3.2 push another image to project_Luca;
TestStopScanAll.repo_Luca_name, tag_Luca = push_self_build_image_to_project(
TestStopScanAll.project_Luca_name, harbor_server, user_Luca_name,
user_common_password, image_b, src_tag)
#4. Trigger scan all event;
self.scan_all.scan_all_now(**ADMIN_CLIENT)
# self.scan_all.wait_until_scans_all_finish(**ADMIN_CLIENT)
#5. Send stop scan all request.
self.stop_scan_all.stop_scan_all()
class TestProjects(unittest.TestCase):
"""
Test case:
Tag Retention
Setup:
Create Project test-retention
Push image test1:1.0, test1:2.0, test1:3.0,latest, test2:1.0, test2:latest, test3:1.0, test4:1.0
Test Steps:
1. Create Retention Policy
2. Add rule "For the repositories matching **, retain always with tags matching latest*"
3. Add rule "For the repositories matching test3*, retain always with tags matching **"
4. Dry run, check execution and tasks
5. Real run, check images retained
Tear Down:
1. Delete project test-retention
"""
@classmethod
def setUpClass(self):
self.user = User()
self.system = System()
self.repo = Repository()
self.project = Project()
self.retention = Retention()
def testTagRetention(self):
user_ra_password = "******"
user_ra_id, user_ra_name = self.user.create_user(
user_password=user_ra_password, **ADMIN_CLIENT)
print("Created user: %s, id: %s" % (user_ra_name, user_ra_id))
TestProjects.USER_RA_CLIENT = dict(endpoint=ADMIN_CLIENT["endpoint"],
username=user_ra_name,
password=user_ra_password)
TestProjects.user_ra_id = int(user_ra_id)
TestProjects.project_src_repo_id, TestProjects.project_src_repo_name = self.project.create_project(
metadata={"public": "false"}, **TestProjects.USER_RA_CLIENT)
# Push image test1:1.0, test1:2.0, test1:3.0,latest, test2:1.0, test2:latest, test3:1.0
push_special_image_to_project(TestProjects.project_src_repo_name,
harbor_server, user_ra_name,
user_ra_password, "test1", ['1.0'])
push_special_image_to_project(TestProjects.project_src_repo_name,
harbor_server, user_ra_name,
user_ra_password, "test1", ['2.0'])
push_special_image_to_project(TestProjects.project_src_repo_name,
harbor_server, user_ra_name,
user_ra_password, "test1",
['3.0', 'latest'])
push_special_image_to_project(TestProjects.project_src_repo_name,
harbor_server, user_ra_name,
user_ra_password, "test2", ['1.0'])
push_special_image_to_project(TestProjects.project_src_repo_name,
harbor_server, user_ra_name,
user_ra_password, "test2", ['latest'])
push_special_image_to_project(TestProjects.project_src_repo_name,
harbor_server, user_ra_name,
user_ra_password, "test3", ['1.0'])
push_special_image_to_project(TestProjects.project_src_repo_name,
harbor_server, user_ra_name,
user_ra_password, "test4", ['1.0'])
resp = self.repo.list_repositories(TestProjects.project_src_repo_name,
**TestProjects.USER_RA_CLIENT)
self.assertEqual(len(resp), 4)
# Create Retention Policy
retention_id = self.retention.create_retention_policy(
TestProjects.project_src_repo_id,
selector_repository="**",
selector_tag="latest*",
expect_status_code=201,
**TestProjects.USER_RA_CLIENT)
# Add rule
self.retention.update_retention_add_rule(retention_id,
selector_repository="test3*",
selector_tag="**",
expect_status_code=200,
**TestProjects.USER_RA_CLIENT)
# Dry run
self.retention.trigger_retention_policy(retention_id,
dry_run=True,
**TestProjects.USER_RA_CLIENT)
time.sleep(10)
resp = self.retention.get_retention_executions(
retention_id, **TestProjects.USER_RA_CLIENT)
self.assertTrue(len(resp) > 0)
execution = resp[0]
resp = self.retention.get_retention_exec_tasks(
retention_id, execution.id, **TestProjects.USER_RA_CLIENT)
self.assertEqual(len(resp), 4)
resp = self.retention.get_retention_exec_task_log(
retention_id, execution.id, resp[0].id,
**TestProjects.USER_RA_CLIENT)
print(resp)
# Real run
self.retention.trigger_retention_policy(retention_id,
dry_run=False,
**TestProjects.USER_RA_CLIENT)
time.sleep(10)
resp = self.retention.get_retention_executions(
retention_id, **TestProjects.USER_RA_CLIENT)
self.assertTrue(len(resp) > 1)
execution = resp[0]
resp = self.retention.get_retention_exec_tasks(
retention_id, execution.id, **TestProjects.USER_RA_CLIENT)
self.assertEqual(len(resp), 4)
resp = self.retention.get_retention_exec_task_log(
retention_id, execution.id, resp[0].id,
**TestProjects.USER_RA_CLIENT)
print(resp)
# TODO As the repository isn't deleted when no tags left anymore
# TODO we should check the artifact/tag count here
# resp=self.repo.list_repositories(TestProjects.project_src_repo_id, **TestProjects.USER_RA_CLIENT)
# self.assertEqual(len(resp), 3)
@classmethod
def tearDownClass(self):
print "Case completed"
class TestProjects(unittest.TestCase):
@suppress_urllib3_warning
def setUp(self):
self.system = System()
self.project= Project()
self.user= User()
self.artifact = Artifact()
self.repo = Repository()
@unittest.skipIf(TEARDOWN == False, "Test data won't be erased.")
def tearDown(self):
#1. Delete Alice's repository and Luca's repository;
self.repo.delete_repository(TestProjects.project_Alice_name, TestProjects.repo_a.split('/')[1], **ADMIN_CLIENT)
self.repo.delete_repository(TestProjects.project_Alice_name, TestProjects.repo_b.split('/')[1], **ADMIN_CLIENT)
self.repo.delete_repository(TestProjects.project_Alice_name, TestProjects.repo_c.split('/')[1], **ADMIN_CLIENT)
#2. Delete Alice's project and Luca's project;
self.project.delete_project(TestProjects.project_Alice_id, **ADMIN_CLIENT)
#3. Delete user Alice and Luca.
self.user.delete_user(TestProjects.user_Alice_id, **ADMIN_CLIENT)
def testRegistryAPI(self):
"""
Test case:
Catalog API to list all repositories by system admin
Test step and expected result:G
1. Create user Alice;
2. Create 1 new private projects project_Alice;
3. Push 3 images to project_Alice and Add 3 tags to the 3rd image
4. Call the image_list_tag API
5. Call the catalog API using admin account without pagination, can get all 3 images
5.1 Call the catalog API using admin account with pagination n=1, page=2, twice to get all 3 images.
5.2 Call the catalog API using Alice account, no repos should be found.
Tear down:
1. Delete Alice's repository;
2. Delete Alice's project;
3. Delete user Alice.
"""
url = ADMIN_CLIENT["endpoint"]
user_common_password = "******"
#1. Create user Alice and Luca;
TestProjects.user_Alice_id, user_Alice_name = self.user.create_user(user_password = user_common_password, **ADMIN_CLIENT)
USER_ALICE_CLIENT=dict(endpoint = url, username = user_Alice_name, password = user_common_password)
#2. Create 2 new private projects project_Alice and project_Luca;
TestProjects.project_Alice_id, TestProjects.project_Alice_name = self.project.create_project(metadata = {"public": "false"}, **USER_ALICE_CLIENT)
#3. Push 3 images to project_Alice and Add 3 tags to the 3rd image.
src_tag = "latest"
image_a = "image_a"
TestProjects.repo_a, tag_a = push_self_build_image_to_project(TestProjects.project_Alice_name, harbor_server, user_Alice_name, user_common_password, image_a, src_tag)
image_b = "image_b"
TestProjects.repo_b, tag_b = push_self_build_image_to_project(TestProjects.project_Alice_name, harbor_server, user_Alice_name, user_common_password, image_b, src_tag)
image_c = "image_c"
TestProjects.repo_c, tag_c = push_self_build_image_to_project(TestProjects.project_Alice_name, harbor_server, user_Alice_name, user_common_password, image_c, src_tag)
create_tags = ["1.0","2.0","3.0"]
for tag in create_tags:
self.artifact.create_tag(TestProjects.project_Alice_name, image_c, tag_c, tag, **USER_ALICE_CLIENT)
#4. Call the image_list_tags API
tags = list_image_tags(harbor_server,TestProjects.repo_c,user_Alice_name,user_common_password)
for tag in create_tags:
self.assertTrue(tags.count(tag)>0, "Expect tag: %s is not listed"%tag)
page_tags = list_image_tags(harbor_server,TestProjects.repo_c,user_Alice_name,user_common_password,len(tags)/2+1)
page_tags += list_image_tags(harbor_server,TestProjects.repo_c,user_Alice_name,user_common_password,len(tags)/2+1,tags[int(len(tags)/2)])
for tag in create_tags:
self.assertTrue(page_tags.count(tag)>0, "Expect tag: %s is not listed by the pagination query"%tag)
#5. Call the catalog API;
repos = list_repositories(harbor_server,admin_user,admin_pwd)
self.assertTrue(repos.count(TestProjects.repo_a)>0 and repos.count(TestProjects.repo_b)>0 and repos.count(TestProjects.repo_c)>0, "Expected repo not found")
for repo in [TestProjects.repo_a,TestProjects.repo_b,TestProjects.repo_c]:
self.assertTrue(repos.count(repo)>0,"Expected repo: %s is not listed"%repo)
page_repos = list_repositories(harbor_server,admin_user,admin_pwd,len(repos)/2+1)
page_repos += list_repositories(harbor_server,admin_user,admin_pwd,len(repos)/2+1,repos[int(len(repos)/2)])
for repo in [TestProjects.repo_a,TestProjects.repo_b,TestProjects.repo_c]:
self.assertTrue(page_repos.count(repo)>0,"Expected repo: %s is not listed by the pagination query"%repo)
null_repos = list_repositories(harbor_server,user_Alice_name,user_common_password)
self.assertEqual(null_repos, "")
class TestProjects(unittest.TestCase):
@classmethod
def setUp(self):
self.project = Project()
self.user = User()
self.artifact = Artifact()
self.repo = Repository()
@classmethod
def tearDown(self):
print("Case completed")
@unittest.skipIf(TEARDOWN == False, "Test data won't be erased.")
def test_ClearData(self):
# remove the deletion as the signed image cannot be deleted.
#1. Delete repository(RA) by user(UA);
#self.repo.delete_repoitory(TestProjects.project_sign_image_name, TestProjects.repo_name.split('/')[1], **TestProjects.USER_sign_image_CLIENT)
#2. Delete project(PA);
#self.project.delete_project(TestProjects.project_sign_image_id, **TestProjects.USER_sign_image_CLIENT)
#3. Delete user(UA);
self.user.delete_user(TestProjects.user_sign_image_id, **ADMIN_CLIENT)
def testPushImageWithSpecialName(self):
"""
Test case:
Push Image With Special Name
Test step and expected result:
1. Create a new user(UA);
2. Create a new private project(PA) by user(UA);
3. Add user(UA) as a member of project(PA) with project-admin role;
4. Get private project of user(UA), user(UA) can see only one private project which is project(PA);
5. Create a new repository(RA) and tag(TA) in project(PA) by user(UA);
6. Sign image with tag(TA) which was tagged by step #5;
7. Get signature of image with tag(TA), it should be exist.
Tear down:
NA
"""
url = ADMIN_CLIENT["endpoint"]
user_001_password = "******"
#1. Create user-001
TestProjects.user_sign_image_id, user_sign_image_name = self.user.create_user(
user_password=user_001_password, **ADMIN_CLIENT)
TestProjects.USER_sign_image_CLIENT = dict(
with_signature=True,
endpoint=url,
username=user_sign_image_name,
password=user_001_password)
#2. Create a new private project(PA) by user(UA);
TestProjects.project_sign_image_id, TestProjects.project_sign_image_name = self.project.create_project(
metadata={"public": "false"}, **ADMIN_CLIENT)
#3. Add user(UA) as a member of project(PA) with project-admin role;
self.project.add_project_members(
TestProjects.project_sign_image_id,
user_id=TestProjects.user_sign_image_id,
**ADMIN_CLIENT)
#4. Get private project of user(UA), user(UA) can see only one private project which is project(PA);
self.project.projects_should_exist(
dict(public=False),
expected_count=1,
expected_project_id=TestProjects.project_sign_image_id,
**TestProjects.USER_sign_image_CLIENT)
image = "hello-world"
src_tag = "latest"
profix = "aaa/bbb"
#5. Create a new repository(RA) and tag(TA) in project(PA) by user(UA);
TestProjects.repo_name, tag = push_image_to_project(
TestProjects.project_sign_image_name,
harbor_server,
user_sign_image_name,
user_001_password,
image,
src_tag,
profix_for_image=profix)
#7. Get signature of image with tag(TA), it should be exist.
full_name = urllib.parse.quote(profix + "/" + image, 'utf-8')
artifact = self.artifact.get_reference_info(
TestProjects.project_sign_image_name, full_name, tag,
**TestProjects.USER_sign_image_CLIENT)
self.assertEqual(artifact[0].type, 'IMAGE')
class TestProjects(unittest.TestCase):
"""
Test case:
Tag Retention
Setup:
Create Project test-retention
Push image test1:1.0, test1:2.0, test1:3.0,latest, test2:1.0, test2:latest, test3:1.0, test4:1.0
Test Steps:
1. Create Retention Policy
2. Add rule "For the repositories matching **, retain always with tags matching latest*"
3. Add rule "For the repositories matching test3*, retain always with tags matching **"
4. Dry run, check execution and tasks
5. Real run, check images retained
Tear Down:
1. Delete project test-retention
"""
@suppress_urllib3_warning
def setUp(self):
self.user = User()
self.system = System()
self.repo = Repository()
self.project = Project()
self.retention = Retention()
self.artifact = Artifact()
self.repo_name_1 = "test1"
self.repo_name_2 = "test2"
@unittest.skipIf(TEARDOWN == False, "Test data won't be erased.")
def tearDown(self):
#TODO delete_repository will fail when no tags left anymore
resp = self.repo.list_repositories(TestProjects.project_src_repo_name,
**TestProjects.USER_RA_CLIENT)
for repo in resp:
self.repo.delete_repository(TestProjects.project_src_repo_name,
repo.name.split('/')[1],
**TestProjects.USER_RA_CLIENT)
self.project.delete_project(TestProjects.project_src_repo_id,
**TestProjects.USER_RA_CLIENT)
self.user.delete_user(TestProjects.user_ra_id, **ADMIN_CLIENT)
print("Case completed")
def testTagRetention(self):
user_ra_password = "******"
user_ra_id, user_ra_name = self.user.create_user(
user_password=user_ra_password, **ADMIN_CLIENT)
print("Created user: %s, id: %s" % (user_ra_name, user_ra_id))
TestProjects.USER_RA_CLIENT = dict(endpoint=ADMIN_CLIENT["endpoint"],
username=user_ra_name,
password=user_ra_password)
TestProjects.user_ra_id = int(user_ra_id)
TestProjects.project_src_repo_id, TestProjects.project_src_repo_name = self.project.create_project(
metadata={"public": "false"}, **TestProjects.USER_RA_CLIENT)
# Push image test1:1.0, test1:2.0, test1:3.0,latest, test2:1.0, test2:latest, test3:1.0
push_special_image_to_project(TestProjects.project_src_repo_name,
harbor_server, user_ra_name,
user_ra_password, self.repo_name_1,
['1.0'])
push_special_image_to_project(TestProjects.project_src_repo_name,
harbor_server, user_ra_name,
user_ra_password, self.repo_name_1,
['2.0'])
push_special_image_to_project(TestProjects.project_src_repo_name,
harbor_server, user_ra_name,
user_ra_password, self.repo_name_1,
['3.0', 'latest'])
push_special_image_to_project(TestProjects.project_src_repo_name,
harbor_server, user_ra_name,
user_ra_password, self.repo_name_2,
['1.0'])
push_special_image_to_project(TestProjects.project_src_repo_name,
harbor_server, user_ra_name,
user_ra_password, self.repo_name_2,
['latest'])
push_special_image_to_project(TestProjects.project_src_repo_name,
harbor_server, user_ra_name,
user_ra_password, "test3", ['1.0'])
push_special_image_to_project(TestProjects.project_src_repo_name,
harbor_server, user_ra_name,
user_ra_password, "test4", ['1.0'])
tag_data_artifact3_image1 = self.artifact.get_reference_info(
TestProjects.project_src_repo_name, self.repo_name_1, "3.0",
**TestProjects.USER_RA_CLIENT)
tag_data_artifact2_image2 = self.artifact.get_reference_info(
TestProjects.project_src_repo_name, self.repo_name_2, "latest",
**TestProjects.USER_RA_CLIENT)
tags = list_image_tags(
harbor_server,
TestProjects.project_src_repo_name + "/" + self.repo_name_1,
user_ra_name, user_ra_password)
#Delete all 2 tags of "artifact3" in repostory "image1";
self.artifact.delete_tag(TestProjects.project_src_repo_name,
self.repo_name_1, "3.0", "latest",
**TestProjects.USER_RA_CLIENT)
self.artifact.delete_tag(TestProjects.project_src_repo_name,
self.repo_name_1, "3.0", "3.0",
**TestProjects.USER_RA_CLIENT)
tags = list_image_tags(
harbor_server,
TestProjects.project_src_repo_name + "/" + self.repo_name_1,
user_ra_name, user_ra_password)
resp = self.repo.list_repositories(TestProjects.project_src_repo_name,
**TestProjects.USER_RA_CLIENT)
self.assertEqual(len(resp), 4)
# Create Retention Policy
retention_id = self.retention.create_retention_policy(
TestProjects.project_src_repo_id,
selector_repository="**",
selector_tag="latest*",
expect_status_code=201,
**TestProjects.USER_RA_CLIENT)
# Add rule
self.retention.update_retention_add_rule(retention_id,
selector_repository="test3*",
selector_tag="**",
expect_status_code=200,
**TestProjects.USER_RA_CLIENT)
# Dry run
self.retention.trigger_retention_policy(retention_id,
dry_run=True,
**TestProjects.USER_RA_CLIENT)
time.sleep(10)
resp = self.retention.get_retention_executions(
retention_id, **TestProjects.USER_RA_CLIENT)
self.assertTrue(len(resp) > 0)
execution = resp[0]
resp = self.retention.get_retention_exec_tasks(
retention_id, execution.id, **TestProjects.USER_RA_CLIENT)
self.assertEqual(len(resp), 4)
resp = self.retention.get_retention_exec_task_log(
retention_id, execution.id, resp[0].id,
**TestProjects.USER_RA_CLIENT)
#For Debug:
print("Task 0 log begin:-----------------------------")
i = 0
for line in resp.split("\n"):
print("Line" + str(i) + ": " + line)
i = i + 1
print("Task 0 log end:-----------------------------")
# Real run
self.retention.trigger_retention_policy(retention_id,
dry_run=False,
**TestProjects.USER_RA_CLIENT)
time.sleep(10)
resp = self.retention.get_retention_executions(
retention_id, **TestProjects.USER_RA_CLIENT)
self.assertTrue(len(resp) > 1)
execution = resp[0]
resp = self.retention.get_retention_exec_tasks(
retention_id, execution.id, **TestProjects.USER_RA_CLIENT)
self.assertEqual(len(resp), 4)
resp = self.retention.get_retention_exec_task_log(
retention_id, execution.id, resp[0].id,
**TestProjects.USER_RA_CLIENT)
print(resp)
#List artifacts successfully, and untagged artifact in test1 should be the only one retained;
artifacts_1 = self.artifact.list_artifacts(
TestProjects.project_src_repo_name, self.repo_name_1,
**TestProjects.USER_RA_CLIENT)
self.assertTrue(len(artifacts_1) == 1)
self.assertEqual(artifacts_1[0].digest,
tag_data_artifact3_image1.digest)
#List artifacts successfully, and artifact with latest tag in test2 should be the only one retained;
artifacts_2 = self.artifact.list_artifacts(
TestProjects.project_src_repo_name, self.repo_name_2,
**TestProjects.USER_RA_CLIENT)
self.assertTrue(len(artifacts_2) == 1)
self.assertEqual(artifacts_2[0].digest,
tag_data_artifact2_image2.digest)
class TestTagImmutability(unittest.TestCase):
@suppress_urllib3_warning
def setUp(self):
self.url = ADMIN_CLIENT["endpoint"]
self.user_password = "******"
self.project= Project()
self.user= User()
self.repo= Repository()
self.registry = Registry()
self.artifact = Artifact()
self.tag_immutability = Tag_Immutability()
self.project_id, self.project_name, self.user_id, self.user_name = [None] * 4
self.user_id, self.user_name = self.user.create_user(user_password = self.user_password, **ADMIN_CLIENT)
self.USER_CLIENT = dict(with_signature = True, with_immutable_status = True, endpoint = self.url, username = self.user_name, password = self.user_password)
self.exsiting_rule = dict(selector_repository="rel*", selector_tag="v2.*")
self.project_id, self.project_name = self.project.create_project(metadata = {"public": "false"}, **self.USER_CLIENT)
@unittest.skipIf(TEARDOWN == False, "Test data won't be erased.")
def tearDown(self):
print("Case completed")
def check_tag_immutability(self, artifact, tag_name, status = True):
for tag in artifact.tags:
if tag.name == tag_name:
self.assertTrue(tag.immutable == status)
return
raise Exception("No tag {} found in artifact {}".format(tag, artifact))
def test_disability_of_rules(self):
"""
Test case:
Test Disability Of Rules
Test step and expected result:
1. Create a new project;
2. Push image A to the project with 2 tags A and B;
3. Create a disabled rule matched image A with tag A;
4. Both tags of image A should not be immutable;
5. Enable this rule;
6. image A with tag A should be immutable.
"""
image_a = dict(name="image_disability_a", tag1="latest", tag2="6.2.2")
#1. Create a new project;
project_id, project_name = self.project.create_project(metadata = {"public": "false"}, **self.USER_CLIENT)
#2. Push image A to the project with 2 tags;
push_special_image_to_project(project_name, harbor_server, self.user_name, self.user_password, image_a["name"], [image_a["tag1"], image_a["tag2"]])
#3. Create a disabled rule matched image A;
rule_id = self.tag_immutability.create_rule(project_id, disabled = True, selector_repository=image_a["name"], selector_tag=str(image_a["tag1"])[0:2] + "*", **self.USER_CLIENT)
#4. Both tags of image A should not be immutable;
artifact_a = self.artifact.get_reference_info(project_name, image_a["name"], image_a["tag2"], **self.USER_CLIENT)
print("[test_disability_of_rules] - artifact:{}".format(artifact_a))
self.assertTrue(artifact_a)
self.check_tag_immutability(artifact_a, image_a["tag1"], status = False)
self.check_tag_immutability(artifact_a, image_a["tag2"], status = False)
#5. Enable this rule;
self.tag_immutability.update_tag_immutability_policy_rule(project_id, rule_id, disabled = False, **self.USER_CLIENT)
#6. image A with tag A should be immutable.
artifact_a = self.artifact.get_reference_info(project_name, image_a["name"], image_a["tag2"], **self.USER_CLIENT)
print("[test_disability_of_rules] - artifact:{}".format(artifact_a))
self.assertTrue(artifact_a)
self.check_tag_immutability(artifact_a, image_a["tag1"], status = True)
self.check_tag_immutability(artifact_a, image_a["tag2"], status = False)
def test_artifact_and_repo_is_undeletable(self):
"""
Test case:
Test Artifact And Repo is Undeleteable
Test step and expected result:
1. Create a new project;
2. Push image A to the project with 2 tags A and B;
3. Create a enabled rule matched image A with tag A;
4. Tag A should be immutable;
5. Artifact is undeletable;
6. Repository is undeletable.
"""
image_a = dict(name="image_repo_undeletable_a", tag1="latest", tag2="1.3.2")
#1. Create a new project;
project_id, project_name = self.project.create_project(metadata = {"public": "false"}, **self.USER_CLIENT)
#2. Push image A to the project with 2 tags A and B;
push_special_image_to_project(project_name, harbor_server, self.user_name, self.user_password, image_a["name"], [image_a["tag1"], image_a["tag2"]])
#3. Create a enabled rule matched image A with tag A;
self.tag_immutability.create_rule(project_id, selector_repository=image_a["name"], selector_tag=str(image_a["tag1"])[0:2] + "*", **self.USER_CLIENT)
#4. Tag A should be immutable;
artifact_a = self.artifact.get_reference_info(project_name, image_a["name"], image_a["tag2"], **self.USER_CLIENT)
print("[test_artifact_and_repo_is_undeletable] - artifact:{}".format(artifact_a))
self.assertTrue(artifact_a)
self.check_tag_immutability(artifact_a, image_a["tag1"], status = True)
self.check_tag_immutability(artifact_a, image_a["tag2"], status = False)
#5. Artifact is undeletable;
self.artifact.delete_artifact(project_name, image_a["name"], image_a["tag1"], expect_status_code = 412,expect_response_body = "configured as immutable, cannot be deleted", **self.USER_CLIENT)
#6. Repository is undeletable.
self.repo.delete_repository(project_name, image_a["name"], expect_status_code = 412, expect_response_body = "configured as immutable, cannot be deleted", **self.USER_CLIENT)
def test_tag_is_undeletable(self):
"""
Test case:
Test Tag is Undeleteable
Test step and expected result:
1. Push image A to the project with 2 tags A and B;
2. Create a enabled rule matched image A with tag A;
3. Tag A should be immutable;
4. Tag A is undeletable;
5. Tag B is deletable.
"""
image_a = dict(name="image_undeletable_a", tag1="latest", tag2="9.3.2")
#1. Push image A to the project with 2 tags A and B;
push_special_image_to_project(self.project_name, harbor_server, self.user_name, self.user_password, image_a["name"], [image_a["tag1"], image_a["tag2"]])
#2. Create a enabled rule matched image A with tag A;
self.tag_immutability.create_rule(self.project_id, selector_repository=image_a["name"], selector_tag=str(image_a["tag2"])[0:2] + "*", **self.USER_CLIENT)
#3. Tag A should be immutable;
artifact_a = self.artifact.get_reference_info(self.project_name, image_a["name"], image_a["tag2"], **self.USER_CLIENT)
print("[test_tag_is_undeletable] - artifact:{}".format(artifact_a))
self.assertTrue(artifact_a)
self.check_tag_immutability(artifact_a, image_a["tag2"], status = True)
#4. Tag A is undeletable;
self.artifact.delete_tag(self.project_name, image_a["name"], image_a["tag1"], image_a["tag2"], expect_status_code = 412, **self.USER_CLIENT)
#5. Tag B is deletable.
self.artifact.delete_tag(self.project_name, image_a["name"], image_a["tag1"], image_a["tag1"], **self.USER_CLIENT)
def test_image_is_unpushable(self):
"""
Test case:
Test Image is Unpushable
Test step and expected result:
1. Create a new project;
2. Push image A to the project with 2 tags A and B;
3. Create a enabled rule matched image A with tag A;
4. Tag A should be immutable;
5. Can not push image with the same image name and with the same tag name.
"""
image_a = dict(name="image_unpushable_a", tag1="latest", tag2="1.3.2")
#1. Create a new project;
project_id, project_name = self.project.create_project(metadata = {"public": "false"}, **self.USER_CLIENT)
#2. Push image A to the project with 2 tags A and B;
push_special_image_to_project(project_name, harbor_server, self.user_name, self.user_password, image_a["name"], [image_a["tag1"], image_a["tag2"]])
#3. Create a enabled rule matched image A with tag A;
self.tag_immutability.create_rule(project_id, selector_repository=image_a["name"], selector_tag=str(image_a["tag1"])[0:2] + "*", **self.USER_CLIENT)
#4. Tag A should be immutable;
artifact_a = self.artifact.get_reference_info(project_name, image_a["name"], image_a["tag2"], **self.USER_CLIENT)
print("[test_image_is_unpushable] - artifact:{}".format(artifact_a))
self.assertTrue(artifact_a)
self.check_tag_immutability(artifact_a, image_a["tag1"], status = True)
self.check_tag_immutability(artifact_a, image_a["tag2"], status = False)
#5. Can not push image with the same image name and with the same tag name.
push_special_image_to_project(project_name, harbor_server, self.user_name, self.user_password, image_a["name"], [image_a["tag1"]], size=10
, expected_error_message = "configured as immutable")
def test_copy_disability(self):
"""
Test case:
Test Copy Disability
Test step and expected result:
1. Create 2 projects;
2. Push image A with tag A and B to project A, push image B which has the same image name and tag name to project B;
3. Create a enabled rule matched image A with tag A;
4. Tag A should be immutable;
5. Can not copy artifact from project A to project B with the same repository name.
"""
image_a = dict(name="image_copy_disability_a", tag1="latest", tag2="1.3.2")
#1. Create 2 projects;
project_id, project_name = self.project.create_project(metadata = {"public": "false"}, **self.USER_CLIENT)
_, project_name_src = self.project.create_project(metadata = {"public": "false"}, **self.USER_CLIENT)
#2. Push image A with tag A and B to project A, push image B which has the same image name and tag name to project B;
push_special_image_to_project(project_name, harbor_server, self.user_name, self.user_password, image_a["name"], [image_a["tag1"], image_a["tag2"]])
push_special_image_to_project(project_name_src, harbor_server, self.user_name, self.user_password, image_a["name"], [image_a["tag1"], image_a["tag2"]])
#3. Create a enabled rule matched image A with tag A;
self.tag_immutability.create_rule(project_id, selector_repository=image_a["name"], selector_tag=str(image_a["tag1"])[0:2] + "*", **self.USER_CLIENT)
#4. Tag A should be immutable;
artifact_a = self.artifact.get_reference_info(project_name, image_a["name"], image_a["tag2"], **self.USER_CLIENT)
print("[test_copy_disability] - artifact:{}".format(artifact_a))
self.assertTrue(artifact_a)
self.check_tag_immutability(artifact_a, image_a["tag1"], status = True)
self.check_tag_immutability(artifact_a, image_a["tag2"], status = False)
#5. Can not copy artifact from project A to project B with the same repository name.
artifact_a_src = self.artifact.get_reference_info(project_name_src, image_a["name"], image_a["tag2"], **self.USER_CLIENT)
print("[test_copy_disability] - artifact_a_src:{}".format(artifact_a_src))
self.artifact.copy_artifact(project_name, image_a["name"], project_name_src+"/"+ image_a["name"] + "@" + artifact_a_src.digest, expect_status_code=412, expect_response_body = "configured as immutable, cannot be updated", **self.USER_CLIENT)
#def test_replication_disability(self):
# pass
def test_priority_of_rules(self):
"""
Test case:
Test Priority Of Rules(excluding rule will not affect matching rule)
Test step and expected result:
1. Push image A, B and C, image A has only 1 tag named tag1;
2. Create a matching rule that matches image A and tag named tag2 which is not exist;
3. Create a excluding rule to exlude image A and B;
4. Add a tag named tag2 to image A, tag2 should be immutable;
5. Tag2 should be immutable;
6. All tags in image B should be immutable;
7. All tags in image C should not be immutable;
8. Disable all rules.
"""
image_a = dict(name="image_priority_a", tag1="latest", tag2="6.3.2")
image_b = dict(name="image_priority_b", tag1="latest", tag2="0.12.0")
image_c = dict(name="image_priority_c", tag1="latest", tag2="3.12.0")
#1. Push image A, B and C, image A has only 1 tag named tag1;
push_special_image_to_project(self.project_name, harbor_server, self.user_name, self.user_password, image_a["name"], [image_a["tag1"]])
push_special_image_to_project(self.project_name, harbor_server, self.user_name, self.user_password, image_b["name"], [image_b["tag1"],image_b["tag2"]])
push_special_image_to_project(self.project_name, harbor_server, self.user_name, self.user_password, image_c["name"], [image_c["tag1"],image_c["tag2"]])
#2. Create a matching rule that matches image A and tag named tag2 which is not exist;
rule_id_1 = self.tag_immutability.create_rule(self.project_id, selector_repository=image_a["name"], selector_tag=image_a["tag2"], **self.USER_CLIENT)
#3. Create a excluding rule to exlude image A and B;
rule_id_2 = self.tag_immutability.create_rule(self.project_id, selector_repository_decoration = "repoExcludes",
selector_repository="{image_priority_a,image_priority_b}", selector_tag="**", **self.USER_CLIENT)
#4. Add a tag named tag2 to image A, tag2 should be immutable;
self.artifact.create_tag(self.project_name, image_a["name"], image_a["tag1"], image_a["tag2"], **self.USER_CLIENT)
#5. Tag2 should be immutable;
artifact_a = self.artifact.get_reference_info(self.project_name, image_a["name"], image_a["tag2"], **self.USER_CLIENT)
print("[test_priority_of_rules] - artifact:{}".format(artifact_a))
self.assertTrue(artifact_a)
self.check_tag_immutability(artifact_a, image_a["tag2"], status = True)
self.check_tag_immutability(artifact_a, image_a["tag1"], status = False)
#6. All tags in image B should be immutable;
artifact_b = self.artifact.get_reference_info(self.project_name, image_b["name"], image_b["tag2"], **self.USER_CLIENT)
print("[test_priority_of_rules] - artifact:{}".format(artifact_b))
self.assertTrue(artifact_b)
self.check_tag_immutability(artifact_b, image_b["tag2"], status = False)
self.check_tag_immutability(artifact_b, image_b["tag1"], status = False)
#7. All tags in image C should not be immutable;
artifact_c = self.artifact.get_reference_info(self.project_name, image_c["name"], image_c["tag2"], **self.USER_CLIENT)
print("[test_priority_of_rules] - artifact:{}".format(artifact_c))
self.assertTrue(artifact_c)
self.check_tag_immutability(artifact_c, image_c["tag2"], status = True)
self.check_tag_immutability(artifact_c, image_c["tag1"], status = True)
#8. Disable all rules.
self.tag_immutability.update_tag_immutability_policy_rule(self.project_id, rule_id_1, disabled = True, **self.USER_CLIENT)
self.tag_immutability.update_tag_immutability_policy_rule(self.project_id, rule_id_2, disabled = True, **self.USER_CLIENT)
def test_add_exsiting_rule(self):
"""
Test case:
Test Priority Of Rules(excluding rule will not affect matching rule)
Test step and expected result:
1. Push image A and B with no tag;
2. Create a immutability policy rule A;
3. Fail to create rule B which has the same config as rule A;
"""
self.tag_immutability.create_tag_immutability_policy_rule(self.project_id, **self.exsiting_rule, **self.USER_CLIENT)
self.tag_immutability.create_tag_immutability_policy_rule(self.project_id, **self.exsiting_rule, expect_status_code = 409, **self.USER_CLIENT)
class TestProjects(unittest.TestCase):
@classmethod
def setUp(self):
self.system = System()
self.project = Project()
self.user = User()
self.repo = Repository()
self.artifact = Artifact()
self.repo_name = "test_repo"
self.repo_name_untag = "test_untag"
self.tag = "v1.0"
@classmethod
def tearDown(self):
print("Case completed")
@unittest.skipIf(TEARDOWN == True, "Test data won't be erased.")
def test_ClearData(self):
#2. Delete project(PA);
self.project.delete_project(TestProjects.project_gc_id, **TestProjects.USER_GC_CLIENT)
#3. Delete user(UA);
self.user.delete_user(TestProjects.user_gc_id, **ADMIN_CLIENT)
def testGarbageCollection(self):
"""
Test case:
Garbage Collection
Test step and expected result:
1. Create a new user(UA);
2. Create project(PA) and project(PB) by user(UA);
3. Push a image in project(PA) and then delete repository by admin;
4. Get repository by user(UA), it should get nothing;
5. Tigger garbage collection operation;
6. Check garbage collection job was finished;
7. Get garbage collection log, check there is a number of files was deleted;
8. Push a image in project(PB) by admin and delete the only tag;
9. Tigger garbage collection operation;
10. Check garbage collection job was finished;
11. Repository with untag image should be still there;
12. But no any artifact in repository anymore.
Tear down:
1. Delete project(PA);
2. Delete user(UA).
"""
url = ADMIN_CLIENT["endpoint"]
admin_name = ADMIN_CLIENT["username"]
admin_password = ADMIN_CLIENT["password"]
user_gc_password = "******"
#1. Create a new user(UA);
TestProjects.user_gc_id, user_gc_name = self.user.create_user(user_password = user_gc_password, **ADMIN_CLIENT)
TestProjects.USER_GC_CLIENT=dict(endpoint = url, username = user_gc_name, password = user_gc_password)
#2. Create project(PA) and project(PB) by user(UA);
TestProjects.project_gc_id, TestProjects.project_gc_name = self.project.create_project(metadata = {"public": "false"}, **TestProjects.USER_GC_CLIENT)
TestProjects.project_gc_untag_id, TestProjects.project_gc_untag_name = self.project.create_project(metadata = {"public": "false"}, **TestProjects.USER_GC_CLIENT)
#3. Push a image in project(PA) and then delete repository by admin;
push_special_image_to_project(TestProjects.project_gc_name, harbor_server, admin_name, admin_password, self.repo_name, ["latest", "v1.2.3"])
self.repo.delete_repoitory(TestProjects.project_gc_name, self.repo_name, **TestProjects.USER_GC_CLIENT)
#4. Get repository by user(UA), it should get nothing;
repo_data = self.repo.list_repositories(TestProjects.project_gc_name, **TestProjects.USER_GC_CLIENT)
_assert_status_code(len(repo_data), 0)
#8. Push a image in project(PB) by admin and delete the only tag;
push_special_image_to_project(TestProjects.project_gc_untag_name, harbor_server, admin_name, admin_password, self.repo_name_untag, [self.tag])
self.artifact.delete_tag(TestProjects.project_gc_untag_name, self.repo_name_untag, self.tag, self.tag, **ADMIN_CLIENT)
#5. Tigger garbage collection operation;
gc_id = self.system.gc_now(**ADMIN_CLIENT)
#6. Check garbage collection job was finished;
self.system.validate_gc_job_status(gc_id, "finished", **ADMIN_CLIENT)
#7. Get garbage collection log, check there is a number of files was deleted;
self.system.validate_deletion_success(gc_id, **ADMIN_CLIENT)
artifacts = self.artifact.list_artifacts(TestProjects.project_gc_untag_name, self.repo_name_untag, **TestProjects.USER_GC_CLIENT)
_assert_status_code(len(artifacts), 1)
time.sleep(5)
#9. Tigger garbage collection operation;
gc_id = self.system.gc_now(is_delete_untagged=True, **ADMIN_CLIENT)
#10. Check garbage collection job was finished;
self.system.validate_gc_job_status(gc_id, "finished", **ADMIN_CLIENT)
#7. Get garbage collection log, check there is a number of files was deleted;
self.system.validate_deletion_success(gc_id, **ADMIN_CLIENT)
#11. Repository with untag image should be still there;
repo_data_untag = self.repo.list_repositories(TestProjects.project_gc_untag_name, **TestProjects.USER_GC_CLIENT)
_assert_status_code(len(repo_data_untag), 1)
self.assertEqual(TestProjects.project_gc_untag_name + "/" + self.repo_name_untag , repo_data_untag[0].name)
#12. But no any artifact in repository anymore.
artifacts = self.artifact.list_artifacts(TestProjects.project_gc_untag_name, self.repo_name_untag, **TestProjects.USER_GC_CLIENT)
self.assertEqual(artifacts,[])
class TestProjects(unittest.TestCase):
@classmethod
def setUpClass(self):
self.project= Project()
self.user= User()
self.artifact = Artifact()
self.repo= Repository()
self.url = ADMIN_CLIENT["endpoint"]
self.user_push_chart_password = "******"
self.chart_file = "https://storage.googleapis.com/harbor-builds/helm-chart-test-files/harbor-0.2.0.tgz"
self.archive = "harbor/"
self.verion = "0.2.0"
self.repo_name = "harbor_api_test"
@classmethod
def tearDownClass(self):
print "Case completed"
@unittest.skipIf(TEARDOWN == False, "Test data won't be erased.")
def test_ClearData(self):
#1. Delete repository chart(CA) by user(UA);
self.repo.delete_repoitory(TestProjects.project_push_chart_name, self.repo_name, **TestProjects.USER_CLIENT)
#2. Delete project(PA);
self.project.delete_project(TestProjects.project_push_chart_id, **TestProjects.USER_CLIENT)
#3. Delete user(UA).
self.user.delete_user(TestProjects.user_id, **ADMIN_CLIENT)
def testPushChartByHelmChartCLI(self):
"""
Test case:
Push Chart File By Helm Chart CLI
Test step and expected result:
1. Create a new user(UA);
2. Create a new project(PA) by user(UA);
3. Push an chart(CA) to Harbor by helm3 registry/chart CLI successfully;
4. List artifacts successfully;
5. Get chart(CA) by reference successfully;
6. Get addtion successfully;
7. Delete chart by reference successfully.
Tear down:
1. Delete repository chart(CA) by user(UA);
2. Delete project(PA);
3. Delete user(UA).
"""
#1. Create a new user(UA);
TestProjects.user_id, user_name = self.user.create_user(user_password = self.user_push_chart_password, **ADMIN_CLIENT)
TestProjects.USER_CLIENT=dict(endpoint = self.url, username = user_name, password = self.user_push_chart_password)
#2. Create a new project(PA) by user(UA);
TestProjects.project_push_chart_id, TestProjects.project_push_chart_name = self.project.create_project(metadata = {"public": "false"}, **TestProjects.USER_CLIENT)
#3. Push an chart(CA) to Harbor by helm3 registry/chart CLI successfully;
chart_cli_ret = library.helm.helm_chart_push_to_harbor(self.chart_file, self.archive, harbor_server, TestProjects.project_push_chart_name, self.repo_name, self.verion, user_name, self.user_push_chart_password)
print "chart_cli_ret:", chart_cli_ret
#4. List artifacts successfully;
artifacts = self.artifact.list_artifacts(TestProjects.project_push_chart_name, self.repo_name, **TestProjects.USER_CLIENT)
self.assertEqual(artifacts[0].type, 'CHART')
self.assertEqual(artifacts[0].tags[0].name, self.verion)
#5. Get chart(CA) by reference successfully;
artifact = self.artifact.get_reference_info(TestProjects.project_push_chart_name, self.repo_name, self.verion, **TestProjects.USER_CLIENT)
self.assertEqual(artifact[0].type, 'CHART')
self.assertEqual(artifact[0].tags[0].name, self.verion)
#6. Get addtion successfully;
addition_r = self.artifact.get_addition(TestProjects.project_push_chart_name, self.repo_name, self.verion, "readme.md", **TestProjects.USER_CLIENT)
self.assertIn("Helm Chart for Harbor", addition_r[0])
addition_d = self.artifact.get_addition(TestProjects.project_push_chart_name, self.repo_name, self.verion, "dependencies", **TestProjects.USER_CLIENT)
self.assertIn("https://kubernetes-charts.storage.googleapis.com", addition_d[0])
addition_v = self.artifact.get_addition(TestProjects.project_push_chart_name, self.repo_name, self.verion, "values.yaml", **TestProjects.USER_CLIENT)
self.assertIn("adminserver", addition_v[0])
#7. Delete chart by reference successfully.
self.artifact.delete_artifact(TestProjects.project_push_chart_name, self.repo_name, self.verion, **TestProjects.USER_CLIENT)
class TestSysCVEAllowlist(unittest.TestCase):
"""
Test case:
System Level CVE Allowlist
Setup:
Create user(RA)
Test Steps:
1. User(RA) reads the system level CVE allowlist and it's empty.
2. User(RA) updates the system level CVE allowlist, verify it's failed.
3. Update user(RA) to system admin
4. User(RA) updates the system level CVE allowlist, verify it's successful.
5. User(RA) reads the system level CVE allowlist, verify the CVE list is updated.
6. User(RA) updates the expiration date of system level CVE allowlist.
7. User(RA) reads the system level CVE allowlist, verify the expiration date is updated.
Tear Down:
1. Clear the system level CVE allowlist.
2. Delete User(RA)
"""
@suppress_urllib3_warning
def setUp(self):
self.user = User()
self.system = System()
user_ra_password = "******"
print("Setup: Creating user for test")
user_ra_id, user_ra_name = self.user.create_user(
user_password=user_ra_password, **ADMIN_CLIENT)
print("Created user: %s, id: %s" % (user_ra_name, user_ra_id))
self.USER_RA_CLIENT = dict(endpoint=ADMIN_CLIENT["endpoint"],
username=user_ra_name,
password=user_ra_password)
self.user_ra_id = int(user_ra_id)
@unittest.skipIf(TEARDOWN == False, "Test data won't be erased.")
def tearDown(self):
print("TearDown: Clearing the Allowlist")
self.system.set_cve_allowlist(**ADMIN_CLIENT)
print("TearDown: Deleting user: %d" % self.user_ra_id)
self.user.delete_user(self.user_ra_id, **ADMIN_CLIENT)
def testSysCVEAllowlist(self):
# 1. User(RA) reads the system level CVE allowlist and it's empty.
wl = self.system.get_cve_allowlist(**self.USER_RA_CLIENT)
self.assertEqual(
0, len(wl.items),
"The initial system level CVE allowlist is not empty: %s" %
wl.items)
# 2. User(RA) updates the system level CVE allowlist, verify it's failed.
cves = ['CVE-2019-12310']
self.system.set_cve_allowlist(None, 403, *cves, **self.USER_RA_CLIENT)
# 3. Update user(RA) to system admin
self.user.update_user_role_as_sysadmin(self.user_ra_id, True,
**ADMIN_CLIENT)
# 4. User(RA) updates the system level CVE allowlist, verify it's successful.
self.system.set_cve_allowlist(None, 200, *cves, **self.USER_RA_CLIENT)
# 5. User(RA) reads the system level CVE allowlist, verify the CVE list is updated.
expect_wl = [swagger_client.CVEAllowlistItem(cve_id='CVE-2019-12310')]
wl = self.system.get_cve_allowlist(**self.USER_RA_CLIENT)
self.assertIsNone(wl.expires_at)
self.assertEqual(expect_wl, wl.items)
# 6. User(RA) updates the expiration date of system level CVE allowlist.
exp = int(time.time()) + 3600
self.system.set_cve_allowlist(exp, 200, *cves, **self.USER_RA_CLIENT)
# 7. User(RA) reads the system level CVE allowlist, verify the expiration date is updated.
wl = self.system.get_cve_allowlist(**self.USER_RA_CLIENT)
self.assertEqual(exp, wl.expires_at)
class TestProjects(unittest.TestCase):
@classmethod
def setUpClass(self):
self.project = Project()
self.user = User()
self.artifact = Artifact(api_type='artifact')
self.repo = Repository(api_type='repository')
self.url = ADMIN_CLIENT["endpoint"]
self.user_push_chart_password = "******"
self.cnab_repo_name = "test_cnab"
@classmethod
def tearDownClass(self):
print "Case completed"
@unittest.skipIf(TEARDOWN == False, "Test data won't be erased.")
def test_ClearData(self):
#1. Delete repository(RA) by user(UA);
self.repo.delete_repoitory(TestProjects.project_push_bundle_name,
self.cnab_repo_name,
**TestProjects.USER_CLIENT)
#2. Delete project(PA);
self.project.delete_project(TestProjects.project_push_bundle_id,
**TestProjects.USER_CLIENT)
#3. Delete user(UA).
self.user.delete_user(TestProjects.user_id, **ADMIN_CLIENT)
def testPushBundleByCnab(self):
"""
Test case:
Push Bundle By Cnab
Test step and expected result:
1. Create a new user(UA);
2. Create a new project(PA) by user(UA);
3. Pull images for bundle;
4. Push bundle to harbor as repository(RA);
5. Get repository from Harbor successfully;
6. Verfiy bundle name;
7. Get artifact by sha256;
8. Verify artifact information.
Tear down:
1. Delete repository(RA) by user(UA);
2. Delete project(PA);
3. Delete user(UA).
"""
#1. Create a new user(UA);
TestProjects.user_id, user_name = self.user.create_user(
user_password=self.user_push_chart_password, **ADMIN_CLIENT)
TestProjects.USER_CLIENT = dict(endpoint=self.url,
username=user_name,
password=self.user_push_chart_password)
#2. Create a new project(PA) by user(UA);
TestProjects.project_push_bundle_id, TestProjects.project_push_bundle_name = self.project.create_project(
metadata={"public": "false"}, **TestProjects.USER_CLIENT)
#3. Pull images for bundle;
_docker_api = DockerAPI()
_docker_api.docker_image_pull("hello-world", tag="latest")
_docker_api.docker_image_pull("busybox", tag="latest")
#4. Push bundle to harbor as repository(RA);
target = harbor_server + "/" + TestProjects.project_push_bundle_name + "/" + self.cnab_repo_name
reference_sha256 = library.cnab.push_cnab_bundle(
harbor_server, user_name, self.user_push_chart_password,
"hello-world:latest", "busybox:latest", target)
#5. Get repository from Harbor successfully;
index_data = self.repo.get_repository(
TestProjects.project_push_bundle_name, self.cnab_repo_name,
**TestProjects.USER_CLIENT)
print "index_data:", index_data
#6. Verfiy bundle name;
self.assertEqual(
index_data.name,
TestProjects.project_push_bundle_name + "/" + self.cnab_repo_name)
#7. Get artifact by sha256;
artifact = self.artifact.get_reference_info(
TestProjects.project_push_bundle_name, self.cnab_repo_name,
reference_sha256, **TestProjects.USER_CLIENT)
#8. Verify artifact information;
self.assertEqual(artifact[0].type, 'CNAB')
self.assertEqual(artifact[0].digest, reference_sha256)
class TestProjects(unittest.TestCase):
@classmethod
def setUp(self):
self.project = Project()
self.user = User()
self.repo = Repository()
@classmethod
def tearDown(self):
print "Case completed"
@unittest.skipIf(TEARDOWN == True, "Test data won't be erased.")
def test_ClearData(self):
#1. Delete repository(RA) by user(UA);
self.repo.delete_repoitory(TestProjects.repo_name,
**TestProjects.USER_SCAN_IMAGE_CLIENT)
#2. Delete project(PA);
self.project.delete_project(TestProjects.project_scan_image_id,
**TestProjects.USER_SCAN_IMAGE_CLIENT)
#3. Delete user(UA);
self.user.delete_user(TestProjects.user_scan_image_id, **ADMIN_CLIENT)
def testScanImage(self):
"""
Test case:
Scan A Image
Test step and expected result:
1. Create a new user(UA);
2. Create a new private project(PA) by user(UA);
3. Add user(UA) as a member of project(PA) with project-admin role;
4. Get private project of user(UA), user(UA) can see only one private project which is project(PA);
5. Create a new repository(RA) and tag(TA) in project(PA) by user(UA);
6. Send scan image command and get tag(TA) information to check scan result, it should be finished;
Tear down:
1. Delete repository(RA) by user(UA);
2. Delete project(PA);
3. Delete user(UA);
"""
url = ADMIN_CLIENT["endpoint"]
user_001_password = "******"
#1. Create user-001
TestProjects.user_scan_image_id, user_scan_image_name = self.user.create_user(
user_password=user_001_password, **ADMIN_CLIENT)
TestProjects.USER_SCAN_IMAGE_CLIENT = dict(
endpoint=url,
username=user_scan_image_name,
password=user_001_password)
#2. Create a new private project(PA) by user(UA);
TestProjects.project_scan_image_id, project_scan_image_name = self.project.create_project(
metadata={"public": "false"}, **ADMIN_CLIENT)
#3. Add user(UA) as a member of project(PA) with project-admin role;
self.project.add_project_members(TestProjects.project_scan_image_id,
TestProjects.user_scan_image_id,
**ADMIN_CLIENT)
#4. Get private project of user(UA), user(UA) can see only one private project which is project(PA);
self.project.projects_should_exist(
dict(public=False),
expected_count=1,
expected_project_id=TestProjects.project_scan_image_id,
**TestProjects.USER_SCAN_IMAGE_CLIENT)
#Note: Please make sure that this Image has never been pulled before by any other cases,
# so it is a not-scanned image right after repository creation.
#image = "tomcat"
image = "docker"
src_tag = "1.13"
#5. Create a new repository(RA) and tag(TA) in project(PA) by user(UA);
TestProjects.repo_name, tag = push_image_to_project(
project_scan_image_name, harbor_server, user_scan_image_name,
user_001_password, image, src_tag)
#6. Send scan image command and get tag(TA) information to check scan result, it should be finished;
self.repo.scan_image(TestProjects.repo_name, tag,
**TestProjects.USER_SCAN_IMAGE_CLIENT)
self.repo.check_image_scan_result(
TestProjects.repo_name, tag, **TestProjects.USER_SCAN_IMAGE_CLIENT)
class TestRobotAccount(unittest.TestCase):
@suppress_urllib3_warning
def setUp(self):
self.project = Project()
self.user = User()
self.repo = Repository()
self.artifact = Artifact()
self.robot = Robot()
self.scan = Scan()
self.label = Label()
self.chart = Chart()
TestRobotAccount.url = ADMIN_CLIENT["endpoint"]
TestRobotAccount.user_ra_password = "******"
print("setup")
@unittest.skipIf(TEARDOWN == True, "Test data won't be erased.")
def do_01_tearDown(self):
#1. Delete repository(RA) by user(UA);
self.repo.delete_repoitory(self.project_ra_name_a,
self.repo_name_in_project_a.split('/')[1],
**self.USER_RA_CLIENT)
self.repo.delete_repoitory(self.project_ra_name_b,
self.repo_name_in_project_b.split('/')[1],
**self.USER_RA_CLIENT)
self.repo.delete_repoitory(self.project_ra_name_c,
self.repo_name_in_project_c.split('/')[1],
**self.USER_RA_CLIENT)
self.repo.delete_repoitory(self.project_ra_name_a,
self.repo_name_pa.split('/')[1],
**self.USER_RA_CLIENT)
#2. Delete project(PA);
self.project.delete_project(self.project_ra_id_a,
**self.USER_RA_CLIENT)
self.project.delete_project(self.project_ra_id_b,
**self.USER_RA_CLIENT)
self.project.delete_project(self.project_ra_id_c,
**self.USER_RA_CLIENT)
#3. Delete user(UA).
self.user.delete_user(self.user_ra_id, **ADMIN_CLIENT)
def test_01_ProjectlevelRobotAccount(self):
"""
Test case:
Robot Account
Test step and expected result:
1. Create user(UA);
2. Create private project(PA), private project(PB) and public project(PC) by user(UA);
3. Push image(ImagePA) to project(PA), image(ImagePB) to project(PB) and image(ImagePC) to project(PC) by user(UA);
4. Create a new robot account(RA) with pull and push privilige in project(PA) by user(UA);
5. Check robot account info, it should has both pull and push priviliges;
6. Pull image(ImagePA) from project(PA) by robot account(RA), it must be successful;
7. Push image(ImageRA) to project(PA) by robot account(RA), it must be successful;
8. Push image(ImageRA) to project(PB) by robot account(RA), it must be not successful;
9. Pull image(ImagePB) from project(PB) by robot account(RA), it must be not successful;
10. Pull image from project(PC), it must be successful;
11. Push image(ImageRA) to project(PC) by robot account(RA), it must be not successful;
12. Update action property of robot account(RA);
13. Pull image(ImagePA) from project(PA) by robot account(RA), it must be not successful;
14. Push image(ImageRA) to project(PA) by robot account(RA), it must be not successful;
15. Delete robot account(RA), it must be not successful.
Tear down:
1. Delete repository(RA) by user(UA);
2. Delete project(PA);
3. Delete user(UA).
"""
image_project_a = "haproxy"
image_project_b = "hello-world"
image_project_c = "httpd"
image_robot_account = "alpine"
tag = "latest"
#1. Create user(UA);"
self.user_ra_id, user_ra_name = self.user.create_user(
user_password=TestRobotAccount.user_ra_password, **ADMIN_CLIENT)
self.USER_RA_CLIENT = dict(endpoint=TestRobotAccount.url,
username=user_ra_name,
password=TestRobotAccount.user_ra_password)
#2. Create private project(PA), private project(PB) and public project(PC) by user(UA);
self.project_ra_id_a, self.project_ra_name_a = self.project.create_project(
metadata={"public": "false"}, **self.USER_RA_CLIENT)
self.project_ra_id_b, self.project_ra_name_b = self.project.create_project(
metadata={"public": "false"}, **self.USER_RA_CLIENT)
self.project_ra_id_c, self.project_ra_name_c = self.project.create_project(
metadata={"public": "true"}, **self.USER_RA_CLIENT)
#3. Push image(ImagePA) to project(PA), image(ImagePB) to project(PB) and image(ImagePC) to project(PC) by user(UA);
self.repo_name_in_project_a, tag_a = push_self_build_image_to_project(
self.project_ra_name_a, harbor_server, user_ra_name,
TestRobotAccount.user_ra_password, image_project_a, tag)
self.repo_name_in_project_b, tag_b = push_self_build_image_to_project(
self.project_ra_name_b, harbor_server, user_ra_name,
TestRobotAccount.user_ra_password, image_project_b, tag)
self.repo_name_in_project_c, tag_c = push_self_build_image_to_project(
self.project_ra_name_c, harbor_server, user_ra_name,
TestRobotAccount.user_ra_password, image_project_c, tag)
#4. Create a new robot account(RA) with pull and push privilege in project(PA) by user(UA);
robot_id, robot_account = self.robot.create_project_robot(
self.project_ra_name_a, 30, **self.USER_RA_CLIENT)
#5. Check robot account info, it should has both pull and push privilege;
data = self.robot.get_robot_account_by_id(robot_id,
**self.USER_RA_CLIENT)
_assert_status_code(robot_account.name, data.name)
#6. Pull image(ImagePA) from project(PA) by robot account(RA), it must be successful;
pull_harbor_image(harbor_server, robot_account.name,
robot_account.secret, self.repo_name_in_project_a,
tag_a)
#7. Push image(ImageRA) to project(PA) by robot account(RA), it must be successful;
self.repo_name_pa, _ = push_self_build_image_to_project(
self.project_ra_name_a, harbor_server, robot_account.name,
robot_account.secret, image_robot_account, tag)
#8. Push image(ImageRA) to project(PB) by robot account(RA), it must be not successful;
push_self_build_image_to_project(
self.project_ra_name_b,
harbor_server,
robot_account.name,
robot_account.secret,
image_robot_account,
tag,
expected_error_message="unauthorized to access repository")
#9. Pull image(ImagePB) from project(PB) by robot account(RA), it must be not successful;
pull_harbor_image(
harbor_server,
robot_account.name,
robot_account.secret,
self.repo_name_in_project_b,
tag_b,
expected_error_message="unauthorized to access repository")
#10. Pull image from project(PC), it must be successful;
pull_harbor_image(harbor_server, robot_account.name,
robot_account.secret, self.repo_name_in_project_c,
tag_c)
#11. Push image(ImageRA) to project(PC) by robot account(RA), it must be not successful;
push_self_build_image_to_project(
self.project_ra_name_c,
harbor_server,
robot_account.name,
robot_account.secret,
image_robot_account,
tag,
expected_error_message="unauthorized to access repository")
#12. Update action property of robot account(RA);"
self.robot.disable_robot_account(robot_id, True, **self.USER_RA_CLIENT)
#13. Pull image(ImagePA) from project(PA) by robot account(RA), it must be not successful;
pull_harbor_image(
harbor_server,
robot_account.name,
robot_account.secret,
self.repo_name_in_project_a,
tag_a,
expected_login_error_message="unauthorized: authentication required"
)
#14. Push image(ImageRA) to project(PA) by robot account(RA), it must be not successful;
push_self_build_image_to_project(
self.project_ra_name_a,
harbor_server,
robot_account.name,
robot_account.secret,
image_robot_account,
tag,
expected_login_error_message="unauthorized: authentication required"
)
#15. Delete robot account(RA), it must be not successful.
self.robot.delete_robot_account(robot_id, **self.USER_RA_CLIENT)
self.do_01_tearDown()
def verify_repository_pushable(self, project_access_list,
system_ra_client):
for project_access in project_access_list:
print(r"project_access:", project_access)
if project_access["check_list"][1]: #---repository:push---
repo = push_self_build_image_to_project(
project_access["project_name"], harbor_server,
system_ra_client["username"], system_ra_client["password"],
"test_pushable" + base._random_name("repo"),
"v6.8.1" + base._random_name("tag"))
else:
push_self_build_image_to_project(
project_access["project_name"],
harbor_server,
system_ra_client["username"],
system_ra_client["password"],
"test_unpushable" + base._random_name("repo"),
"v6.8.1" + base._random_name("tag"),
expected_error_message="unauthorized to access repository")
def verify_repository_unpushable(
self,
project_access_list,
system_ra_client,
expected_login_error_message="unauthorized: authentication required"
):
for project_access in project_access_list: #---repository:push---
push_self_build_image_to_project(
project_access["project_name"],
harbor_server,
system_ra_client["username"],
system_ra_client["password"],
"test_unpushable" + base._random_name("repo"),
"v6.8.1" + base._random_name("tag"),
expected_login_error_message=expected_login_error_message)
def test_02_SystemlevelRobotAccount(self):
"""
Test case:
Robot Account
Test step and expected result:
1. Define a number of access lists;
2. Create the same number of private projects;
3. Create a system robot account has permission for those projects;
4. Verify the system robot account has the corresponding rights;
5. Disable the system robot account;
6. Verify the system robot account has no the corresponding rights;
7. Enable the system robot account;
8. Verify the system robot account has the corresponding rights;
9. Refresh secret for the system robot account;
10. Verify the system robot account has no the corresponding right with the old secret already;
11. Verify the system robot account still has the corresponding right with the new secret;
12. List system robot account, then add a new project to the system robot account project permission list;
13. Delete this project;
14. List system robot account successfully;
15. Delete the system robot account;
16. Verify the system robot account has no the corresponding right;
17. Add a system robot account with all project coverd;
18. Verify the system robot account has no the corresponding right;
"""
#1. Define a number of access lists;
CHART_FILE_LIST = [
dict(name='prometheus', version='7.0.2'),
dict(name='harbor', version='0.2.0')
]
for i in range(2):
base.run_command([
"curl", r"-o", "./tests/apitests/python/{}-{}.tgz".format(
CHART_FILE_LIST[i]["name"], CHART_FILE_LIST[i]["version"]),
"https://storage.googleapis.com/harbor-builds/helm-chart-test-files/{}-{}.tgz"
.format(CHART_FILE_LIST[i]["name"],
CHART_FILE_LIST[i]["version"])
])
#Make sure that whether 'True' or 'False' must be included in each line or row.
check_list = [
[True, True, True, True, True, True, False, True, False, True],
[False, False, False, False, True, True, False, True, True, False],
[True, False, True, False, True, False, True, False, True, True],
[False, False, False, True, False, True, False, True, True, False]
]
access_list_list = []
for i in range(len(check_list)):
access_list_list.append(
self.robot.create_access_list(check_list[i]))
#2. Create the same number of private projects;
robot_account_Permissions_list = []
project_access_list = []
for i in range(len(check_list)):
with created_user(TestRobotAccount.user_ra_password,
_teardown=False) as (user_id, username):
with created_project(metadata={"public": "false"},
user_id=user_id,
_teardown=False) as (project_id,
project_name):
project_access_list.append(
dict(project_name=project_name,
project_id=project_id,
check_list=check_list[i]))
robot_account_Permissions = v2_swagger_client.Permission(
kind="project",
namespace=project_name,
access=access_list_list[i])
robot_account_Permissions_list.append(
robot_account_Permissions)
#3. Create a system robot account has permission for those projects;
system_robot_account_id, system_robot_account = self.robot.create_system_robot(
robot_account_Permissions_list, 300)
print("system_robot_account:", system_robot_account)
SYSTEM_RA_CLIENT = dict(endpoint=TestRobotAccount.url,
username=system_robot_account.name,
password=system_robot_account.secret)
SYSTEM_RA_CHART_CLIENT = dict(endpoint=CHART_API_CLIENT["endpoint"],
username=SYSTEM_RA_CLIENT["username"],
password=SYSTEM_RA_CLIENT["password"])
#4. Verify the system robot account has the corresponding rights;
for project_access in project_access_list:
print(r"project_access:", project_access)
if project_access["check_list"][1]: #---repository:push---
repo = push_self_build_image_to_project(
project_access["project_name"], harbor_server,
SYSTEM_RA_CLIENT["username"], SYSTEM_RA_CLIENT["password"],
"test_pushable", "v6.8.1")
else:
push_self_build_image_to_project(
project_access["project_name"],
harbor_server,
SYSTEM_RA_CLIENT["username"],
SYSTEM_RA_CLIENT["password"],
"test_unpushable",
"v6.8.1",
expected_error_message="unauthorized to access repository")
tag_for_del = "v1.0.0"
repo_name, tag = push_self_build_image_to_project(
project_access["project_name"], harbor_server,
ADMIN_CLIENT["username"], ADMIN_CLIENT["password"],
"test_del_artifact", tag_for_del)
if project_access["check_list"][0]: #---repository:pull---
pull_harbor_image(harbor_server, SYSTEM_RA_CLIENT["username"],
SYSTEM_RA_CLIENT["password"], repo_name,
tag_for_del)
else:
pull_harbor_image(
harbor_server,
SYSTEM_RA_CLIENT["username"],
SYSTEM_RA_CLIENT["password"],
repo_name,
tag_for_del,
expected_error_message=
"action: pull: unauthorized to access repository")
if project_access["check_list"][2]: #---artifact:delete---
self.artifact.delete_artifact(project_access["project_name"],
repo_name.split('/')[1],
tag_for_del, **SYSTEM_RA_CLIENT)
else:
self.artifact.delete_artifact(project_access["project_name"],
repo_name.split('/')[1],
tag_for_del,
expect_status_code=403,
**SYSTEM_RA_CLIENT)
#Prepare for chart read and delete
self.chart.upload_chart(
project_access["project_name"],
r'./tests/apitests/python/{}-{}.tgz'.format(
CHART_FILE_LIST[1]["name"],
CHART_FILE_LIST[1]["version"]), **CHART_API_CLIENT)
if project_access["check_list"][3]: #---helm-chart:read---
library.helm.helm2_fetch_chart_file(
"chart_repo_" + base._random_name("repo"), harbor_url,
project_access["project_name"],
SYSTEM_RA_CLIENT["username"], SYSTEM_RA_CLIENT["password"],
CHART_FILE_LIST[1]["name"])
else:
library.helm.helm2_fetch_chart_file(
"chart_repo_" + base._random_name("repo"),
harbor_url,
project_access["project_name"],
SYSTEM_RA_CLIENT["username"],
SYSTEM_RA_CLIENT["password"],
CHART_FILE_LIST[1]["name"],
expected_add_repo_error_message="403 Forbidden")
if project_access["check_list"][
4]: #---helm-chart-version:create---
self.chart.upload_chart(
project_access["project_name"],
r'./tests/apitests/python/{}-{}.tgz'.format(
CHART_FILE_LIST[0]["name"],
CHART_FILE_LIST[0]["version"]),
**SYSTEM_RA_CHART_CLIENT)
else:
self.chart.upload_chart(
project_access["project_name"],
r'./tests/apitests/python/{}-{}.tgz'.format(
CHART_FILE_LIST[0]["name"],
CHART_FILE_LIST[0]["version"]),
expect_status_code=403,
**SYSTEM_RA_CHART_CLIENT)
if project_access["check_list"][
5]: #---helm-chart-version:delete---
self.chart.delete_chart_with_version(
project_access["project_name"], CHART_FILE_LIST[1]["name"],
CHART_FILE_LIST[1]["version"], **SYSTEM_RA_CHART_CLIENT)
else:
self.chart.delete_chart_with_version(
project_access["project_name"],
CHART_FILE_LIST[1]["name"],
CHART_FILE_LIST[1]["version"],
expect_status_code=403,
**SYSTEM_RA_CHART_CLIENT)
repo_name, tag = push_self_build_image_to_project(
project_access["project_name"], harbor_server,
ADMIN_CLIENT["username"], ADMIN_CLIENT["password"],
"test_create_tag", "latest_1")
self.artifact.create_tag(project_access["project_name"],
repo_name.split('/')[1], tag,
"for_delete", **ADMIN_CLIENT)
if project_access["check_list"][6]: #---tag:create---
self.artifact.create_tag(project_access["project_name"],
repo_name.split('/')[1], tag, "1.0",
**SYSTEM_RA_CLIENT)
else:
self.artifact.create_tag(project_access["project_name"],
repo_name.split('/')[1],
tag,
"1.0",
expect_status_code=403,
**SYSTEM_RA_CLIENT)
if project_access["check_list"][7]: #---tag:delete---
self.artifact.delete_tag(project_access["project_name"],
repo_name.split('/')[1], tag,
"for_delete", **SYSTEM_RA_CLIENT)
else:
self.artifact.delete_tag(project_access["project_name"],
repo_name.split('/')[1],
tag,
"for_delete",
expect_status_code=403,
**SYSTEM_RA_CLIENT)
repo_name, tag = push_self_build_image_to_project(
project_access["project_name"], harbor_server,
ADMIN_CLIENT["username"], ADMIN_CLIENT["password"],
"test_create_artifact_label", "latest_1")
#Add project level label to artifact
label_id, _ = self.label.create_label(
project_id=project_access["project_id"],
scope="p",
**ADMIN_CLIENT)
if project_access["check_list"][8]: #---artifact-label:create---
self.artifact.add_label_to_reference(
project_access["project_name"],
repo_name.split('/')[1], tag, int(label_id),
**SYSTEM_RA_CLIENT)
else:
self.artifact.add_label_to_reference(
project_access["project_name"],
repo_name.split('/')[1],
tag,
int(label_id),
expect_status_code=403,
**SYSTEM_RA_CLIENT)
if project_access["check_list"][9]: #---scan:create---
self.scan.scan_artifact(project_access["project_name"],
repo_name.split('/')[1], tag,
**SYSTEM_RA_CLIENT)
else:
self.scan.scan_artifact(project_access["project_name"],
repo_name.split('/')[1],
tag,
expect_status_code=403,
**SYSTEM_RA_CLIENT)
#5. Disable the system robot account;
self.robot.update_system_robot_account(system_robot_account_id,
system_robot_account.name,
robot_account_Permissions_list,
disable=True,
**ADMIN_CLIENT)
#6. Verify the system robot account has no the corresponding rights;
self.verify_repository_unpushable(project_access_list,
SYSTEM_RA_CLIENT)
#7. Enable the system robot account;
self.robot.update_system_robot_account(system_robot_account_id,
system_robot_account.name,
robot_account_Permissions_list,
disable=False,
**ADMIN_CLIENT)
#8. Verify the system robot account has the corresponding rights;
self.verify_repository_pushable(project_access_list, SYSTEM_RA_CLIENT)
#9. Refresh secret for the system robot account;
new_secret = "new_secret_At_321"
self.robot.refresh_robot_account_secret(system_robot_account_id,
new_secret, **ADMIN_CLIENT)
#10. Verify the system robot account has no the corresponding right with the old secret already;
self.verify_repository_unpushable(project_access_list,
SYSTEM_RA_CLIENT)
#11. Verify the system robot account still has the corresponding right with the new secret;
SYSTEM_RA_CLIENT["password"] = new_secret
self.verify_repository_pushable(project_access_list, SYSTEM_RA_CLIENT)
#12. List system robot account, then add a new project to the system robot account project permission list;
self.robot.list_robot(**ADMIN_CLIENT)
project_for_del_id, project_for_del_name = self.project.create_project(
metadata={"public": "true"}, **ADMIN_CLIENT)
robot_account_Permissions = v2_swagger_client.Permission(
kind="project",
namespace=project_for_del_name,
access=access_list_list[0])
robot_account_Permissions_list.append(robot_account_Permissions)
self.robot.update_system_robot_account(system_robot_account_id,
system_robot_account.name,
robot_account_Permissions_list,
**ADMIN_CLIENT)
self.robot.list_robot(**ADMIN_CLIENT)
#13. Delete this project;
self.project.delete_project(project_for_del_id, **ADMIN_CLIENT)
#14. List system robot account successfully;
self.robot.list_robot(**ADMIN_CLIENT)
#15. Delete the system robot account;
self.robot.delete_robot_account(system_robot_account_id,
**ADMIN_CLIENT)
#16. Verify the system robot account has no the corresponding right;
self.verify_repository_unpushable(project_access_list,
SYSTEM_RA_CLIENT)
#17. Add a system robot account with all project coverd;
all_true_access_list = self.robot.create_access_list([True] * 10)
robot_account_Permissions_list = []
robot_account_Permissions = v2_swagger_client.Permission(
kind="project", namespace="*", access=all_true_access_list)
robot_account_Permissions_list.append(robot_account_Permissions)
_, system_robot_account_cover_all = self.robot.create_system_robot(
robot_account_Permissions_list, 300)
#18. Verify the system robot account has no the corresponding right;
print("system_robot_account_cover_all:",
system_robot_account_cover_all)
SYSTEM_RA_CLIENT_COVER_ALL = dict(
endpoint=TestRobotAccount.url,
username=system_robot_account_cover_all.name,
password=system_robot_account_cover_all.secret)
projects = self.project.get_projects(dict(), **ADMIN_CLIENT)
print("All projects:", projects)
project_access_list = []
for i in range(len(projects)):
project_access_list.append(
dict(project_name=projects[i].name,
project_id=projects[i].project_id,
check_list=all_true_access_list))
self.verify_repository_pushable(project_access_list,
SYSTEM_RA_CLIENT_COVER_ALL)
class TestProjects(unittest.TestCase):
@suppress_urllib3_warning
def setUp(self):
self.project = Project()
self.user = User()
self.repo = Repository()
self.robot = Robot()
@unittest.skipIf(TEARDOWN == False, "Test data won't be erased.")
def tearDown(self):
#1. Delete repository(RA) by user(UA);
self.repo.delete_repoitory(TestProjects.project_ra_name_a, TestProjects.repo_name_in_project_a.split('/')[1], **TestProjects.USER_RA_CLIENT)
self.repo.delete_repoitory(TestProjects.project_ra_name_b, TestProjects.repo_name_in_project_b.split('/')[1], **TestProjects.USER_RA_CLIENT)
self.repo.delete_repoitory(TestProjects.project_ra_name_c, TestProjects.repo_name_in_project_c.split('/')[1], **TestProjects.USER_RA_CLIENT)
self.repo.delete_repoitory(TestProjects.project_ra_name_a, TestProjects.repo_name_pa.split('/')[1], **TestProjects.USER_RA_CLIENT)
#2. Delete project(PA);
self.project.delete_project(TestProjects.project_ra_id_a, **TestProjects.USER_RA_CLIENT)
self.project.delete_project(TestProjects.project_ra_id_b, **TestProjects.USER_RA_CLIENT)
self.project.delete_project(TestProjects.project_ra_id_c, **TestProjects.USER_RA_CLIENT)
#3. Delete user(UA).
self.user.delete_user(TestProjects.user_ra_id, **ADMIN_CLIENT)
def testRobotAccount(self):
"""
Test case:
Robot Account
Test step and expected result:
1. Create user(UA);
2. Create private project(PA), private project(PB) and public project(PC) by user(UA);
3. Push image(ImagePA) to project(PA), image(ImagePB) to project(PB) and image(ImagePC) to project(PC) by user(UA);
4. Create a new robot account(RA) with pull and push privilige in project(PA) by user(UA);
5. Check robot account info, it should has both pull and push priviliges;
6. Pull image(ImagePA) from project(PA) by robot account(RA), it must be successful;
7. Push image(ImageRA) to project(PA) by robot account(RA), it must be successful;
8. Push image(ImageRA) to project(PB) by robot account(RA), it must be not successful;
9. Pull image(ImagePB) from project(PB) by robot account(RA), it must be not successful;
10. Pull image from project(PC), it must be successful;
11. Push image(ImageRA) to project(PC) by robot account(RA), it must be not successful;
12. Update action property of robot account(RA);
13. Pull image(ImagePA) from project(PA) by robot account(RA), it must be not successful;
14. Push image(ImageRA) to project(PA) by robot account(RA), it must be not successful;
15. Delete robot account(RA), it must be not successful.
Tear down:
1. Delete repository(RA) by user(UA);
2. Delete project(PA);
3. Delete user(UA).
"""
url = ADMIN_CLIENT["endpoint"]
admin_name = ADMIN_CLIENT["username"]
admin_password = ADMIN_CLIENT["password"]
user_ra_password = "******"
image_project_a = "haproxy"
image_project_b = "hello-world"
image_project_c = "httpd"
image_robot_account = "alpine"
tag = "latest"
#1. Create user(UA);"
TestProjects.user_ra_id, user_ra_name = self.user.create_user(user_password = user_ra_password, **ADMIN_CLIENT)
TestProjects.USER_RA_CLIENT=dict(endpoint = url, username = user_ra_name, password = user_ra_password)
#2. Create private project(PA), private project(PB) and public project(PC) by user(UA);
TestProjects.project_ra_id_a, TestProjects.project_ra_name_a = self.project.create_project(metadata = {"public": "false"}, **TestProjects.USER_RA_CLIENT)
TestProjects.project_ra_id_b, TestProjects.project_ra_name_b = self.project.create_project(metadata = {"public": "false"}, **TestProjects.USER_RA_CLIENT)
TestProjects.project_ra_id_c, TestProjects.project_ra_name_c = self.project.create_project(metadata = {"public": "true"}, **TestProjects.USER_RA_CLIENT)
#3. Push image(ImagePA) to project(PA), image(ImagePB) to project(PB) and image(ImagePC) to project(PC) by user(UA);
TestProjects.repo_name_in_project_a, tag_a = push_self_build_image_to_project(TestProjects.project_ra_name_a, harbor_server, user_ra_name, user_ra_password, image_project_a, tag)
TestProjects.repo_name_in_project_b, tag_b = push_self_build_image_to_project(TestProjects.project_ra_name_b, harbor_server, user_ra_name, user_ra_password, image_project_b, tag)
TestProjects.repo_name_in_project_c, tag_c = push_self_build_image_to_project(TestProjects.project_ra_name_c, harbor_server, user_ra_name, user_ra_password, image_project_c, tag)
#4. Create a new robot account(RA) with pull and push privilege in project(PA) by user(UA);
robot_id, robot_account = self.robot.create_project_robot(TestProjects.project_ra_name_a,
30 ,**TestProjects.USER_RA_CLIENT)
#5. Check robot account info, it should has both pull and push privilege;
data = self.robot.get_robot_account_by_id(robot_id, **TestProjects.USER_RA_CLIENT)
_assert_status_code(robot_account.name, data.name)
#6. Pull image(ImagePA) from project(PA) by robot account(RA), it must be successful;
pull_harbor_image(harbor_server, robot_account.name, robot_account.secret, TestProjects.repo_name_in_project_a, tag_a)
#7. Push image(ImageRA) to project(PA) by robot account(RA), it must be successful;
TestProjects.repo_name_pa, _ = push_self_build_image_to_project(TestProjects.project_ra_name_a, harbor_server, robot_account.name, robot_account.secret, image_robot_account, tag)
#8. Push image(ImageRA) to project(PB) by robot account(RA), it must be not successful;
push_self_build_image_to_project(TestProjects.project_ra_name_b, harbor_server, robot_account.name, robot_account.secret, image_robot_account, tag, expected_error_message = "unauthorized to access repository")
#9. Pull image(ImagePB) from project(PB) by robot account(RA), it must be not successful;
pull_harbor_image(harbor_server, robot_account.name, robot_account.secret, TestProjects.repo_name_in_project_b, tag_b, expected_error_message = "unauthorized to access repository")
#10. Pull image from project(PC), it must be successful;
pull_harbor_image(harbor_server, robot_account.name, robot_account.secret, TestProjects.repo_name_in_project_c, tag_c)
#11. Push image(ImageRA) to project(PC) by robot account(RA), it must be not successful;
push_self_build_image_to_project(TestProjects.project_ra_name_c, harbor_server, robot_account.name, robot_account.secret, image_robot_account, tag, expected_error_message = "unauthorized to access repository")
#12. Update action property of robot account(RA);"
self.robot.disable_robot_account(robot_id, True, **TestProjects.USER_RA_CLIENT)
#13. Pull image(ImagePA) from project(PA) by robot account(RA), it must be not successful;
pull_harbor_image(harbor_server, robot_account.name, robot_account.secret, TestProjects.repo_name_in_project_a, tag_a, expected_login_error_message = "unauthorized: authentication required")
#14. Push image(ImageRA) to project(PA) by robot account(RA), it must be not successful;
push_self_build_image_to_project(TestProjects.project_ra_name_a, harbor_server, robot_account.name, robot_account.secret, image_robot_account, tag, expected_login_error_message = "unauthorized: authentication required")
#15. Delete robot account(RA), it must be not successful.
self.robot.delete_robot_account(robot_id, **TestProjects.USER_RA_CLIENT)
class TestProjects(unittest.TestCase):
@suppress_urllib3_warning
def setUp(self):
self.project = Project()
self.user = User()
self.replication = Replication()
self.replication_v2 = ReplicationV2()
self.registry = Registry()
self.artifact = Artifact()
self.repo = Repository()
self.image = "alpine"
self.tag = "latest"
@unittest.skipIf(TEARDOWN == False, "Test data won't be erased.")
def tearDown(self):
#1. Delete rule(RA);
self.replication.delete_replication_rule(TestProjects.rule_id,
**ADMIN_CLIENT)
#2. Delete registry(TA);
self.registry.delete_registry(TestProjects.registry_id, **ADMIN_CLIENT)
#1. Delete repository(RA);
self.repo.delete_repoitory(TestProjects.project_name, self.image,
**TestProjects.USER_add_rule_CLIENT)
#3. Delete project(PA);
self.project.delete_project(TestProjects.project_add_rule_id,
**TestProjects.USER_add_rule_CLIENT)
#4. Delete user(UA);
self.user.delete_user(TestProjects.user_add_rule_id, **ADMIN_CLIENT)
def testReplicationFromDockerhub(self):
"""
Test case:
Replication From Dockerhub
Test step and expected result:
1. Create a new user(UA);
2. Create a new private project(PA) by user(UA);
3. Create a new registry;
4. Create a new rule for this registry;
5. Check rule should be exist;
6. Trigger the rule;
7. Wait for completion of this replication job;
8. Check image is replicated into target project successfully.
Tear down:
1. Delete rule(RA);
2. Delete registry(TA);
3. Delete project(PA);
4. Delete user(UA).
"""
url = ADMIN_CLIENT["endpoint"]
user_add_rule_password = "******"
#1. Create user(UA)
TestProjects.user_add_rule_id, user_add_rule_name = self.user.create_user(
user_password=user_add_rule_password, **ADMIN_CLIENT)
TestProjects.USER_add_rule_CLIENT = dict(
endpoint=url,
username=user_add_rule_name,
password=user_add_rule_password)
#2.1. Create private project(PA) by user(UA)
TestProjects.project_add_rule_id, TestProjects.project_name = self.project.create_project(
metadata={"public": "false"}, **TestProjects.USER_add_rule_CLIENT)
#2.2. Get private project of uesr-001, uesr-001 can see only one private project which is project-001
self.project.projects_should_exist(
dict(public=False),
expected_count=1,
expected_project_id=TestProjects.project_add_rule_id,
**TestProjects.USER_add_rule_CLIENT)
#3. Create a new registry;
TestProjects.registry_id, _ = self.registry.create_registry(
"https://hub.docker.com",
registry_type="docker-hub",
access_key=DOCKER_USER,
access_secret=DOCKER_PWD,
insecure=False,
**ADMIN_CLIENT)
#4. Create a pull-based rule for this registry;
TestProjects.rule_id, rule_name = self.replication.create_replication_policy(
src_registry=swagger_client.Registry(
id=int(TestProjects.registry_id)),
dest_namespace=TestProjects.project_name,
filters=[
swagger_client.ReplicationFilter(type="name",
value="library/" +
self.image),
swagger_client.ReplicationFilter(type="tag", value=self.tag)
],
**ADMIN_CLIENT)
#5. Check rule should be exist;
self.replication.check_replication_rule_should_exist(
TestProjects.rule_id, rule_name, **ADMIN_CLIENT)
#6. Trigger the rule;
self.replication_v2.trigger_replication_executions(
TestProjects.rule_id, **ADMIN_CLIENT)
#7. Wait for completion of this replication job;
self.replication_v2.wait_until_jobs_finish(TestProjects.rule_id,
interval=30,
**ADMIN_CLIENT)
#8. Check image is replicated into target project successfully.
artifact = self.artifact.get_reference_info(TestProjects.project_name,
self.image, self.tag,
**ADMIN_CLIENT)
class TestProjects(unittest.TestCase):
@classmethod
def setUpClass(self):
self.project = Project()
self.user = User()
self.artifact = Artifact(api_type='artifact')
self.repo = Repository(api_type='repository')
@classmethod
def tearDownClass(self):
print "Case completed"
@unittest.skipIf(TEARDOWN == False, "Test data won't be erased.")
def test_ClearData(self):
#1. Delete repository(RA);
self.repo.delete_repoitory(TestProjects.project_src_repo_name,
(TestProjects.src_repo_name).split('/')[1],
**TestProjects.USER_RETAG_CLIENT)
#2. Delete repository by retag;
self.repo.delete_repoitory(TestProjects.project_dst_repo_name,
(TestProjects.dst_repo_name).split('/')[1],
**TestProjects.USER_RETAG_CLIENT)
#3. Delete project(PA);
self.project.delete_project(TestProjects.project_src_repo_id,
**TestProjects.USER_RETAG_CLIENT)
self.project.delete_project(TestProjects.project_dst_repo_id,
**TestProjects.USER_RETAG_CLIENT)
#4. Delete user(UA).
self.user.delete_user(TestProjects.user_retag_id, **ADMIN_CLIENT)
def testRetag(self):
"""
Test case:
Retag Image
Test step and expected result:
1. Create a new user(UA);
2. Create a new project(PA) by user(UA);
3. Create a new project(PB) by user(UA);
4. Update role of user-retag as guest member of project(PB);
5. Create a new repository(RA) in project(PA) by user(UA);
6. Get repository in project(PA), there should be one repository which was created by user(UA);
7. Get repository(RA)'s image tag detail information;
8. Retag image in project(PA) to project(PB), it should be forbidden;
9. Update role of user-retag as admin member of project(PB);
10. Retag image in project(PA) to project(PB), it should be successful;
11. Get repository(RB)'s image tag detail information;
12. Read digest of retaged image, it must be the same with the image in repository(RA);
13. Pull image from project(PB) by user_retag, it must be successful;
Tear down:
1. Delete repository(RA);
2. Delete repository by retag;
3. Delete project(PA);
4. Delete user(UA).
"""
url = ADMIN_CLIENT["endpoint"]
user_retag_password = "******"
pull_tag_name = "latest"
dst_repo_sub_name = "repo"
#1. Create a new user(UA);
TestProjects.user_retag_id, user_retag_name = self.user.create_user(
user_password=user_retag_password, **ADMIN_CLIENT)
TestProjects.USER_RETAG_CLIENT = dict(endpoint=url,
username=user_retag_name,
password=user_retag_password)
#2. Create a new project(PA) by user(UA);
TestProjects.project_src_repo_id, TestProjects.project_src_repo_name = self.project.create_project(
metadata={"public": "false"}, **TestProjects.USER_RETAG_CLIENT)
#3. Create a new project(PB) by user(UA);
TestProjects.project_dst_repo_id, TestProjects.project_dst_repo_name = self.project.create_project(
metadata={"public": "false"}, **TestProjects.USER_RETAG_CLIENT)
retag_member_id = self.project.get_project_member_id(
TestProjects.project_dst_repo_id, user_retag_name,
**TestProjects.USER_RETAG_CLIENT)
#4. Update role of user-retag as guest member of project(PB);
self.project.update_project_member_role(
TestProjects.project_dst_repo_id, retag_member_id, 3,
**ADMIN_CLIENT)
#5. Create a new repository(RA) in project(PA) by user(UA);
TestProjects.src_repo_name, tag_name = push_image_to_project(
TestProjects.project_src_repo_name, harbor_server, 'admin',
'Harbor12345', "hello-world", pull_tag_name)
#6. Get repository in project(PA), there should be one repository which was created by user(UA);
src_repo_data = self.repo.get_repository(
TestProjects.project_src_repo_name,
**TestProjects.USER_RETAG_CLIENT)
_assert_status_code(TestProjects.src_repo_name, src_repo_data[0].name)
#7. Get repository(RA)'s image tag detail information;
src_tag_data = self.artifact.get_reference_info(
TestProjects.project_src_repo_name,
TestProjects.src_repo_name.split('/')[1], tag_name,
**TestProjects.USER_RETAG_CLIENT)
TestProjects.dst_repo_name = TestProjects.project_dst_repo_name + "/" + dst_repo_sub_name
#8. Retag image in project(PA) to project(PB), it should be forbidden;
self.artifact.copy_artifact(TestProjects.project_dst_repo_name,
dst_repo_sub_name,
TestProjects.src_repo_name + "@" +
src_tag_data[0].digest,
expect_status_code=403,
**TestProjects.USER_RETAG_CLIENT)
#9. Update role of user-retag as admin member of project(PB);
self.project.update_project_member_role(
TestProjects.project_dst_repo_id, retag_member_id, 1,
**ADMIN_CLIENT)
#10. Retag image in project(PA) to project(PB), it should be successful;
self.artifact.copy_artifact(
TestProjects.project_dst_repo_name, dst_repo_sub_name,
TestProjects.src_repo_name + "@" + src_tag_data[0].digest,
**TestProjects.USER_RETAG_CLIENT)
#11. Get repository(RB)'s image tag detail information;
dst_tag_data = self.artifact.get_reference_info(
TestProjects.project_dst_repo_name, dst_repo_sub_name, tag_name,
**TestProjects.USER_RETAG_CLIENT)
#12. Read digest of retaged image, it must be the same with the image in repository(RA);
self.assertEqual(src_tag_data[0].digest, dst_tag_data[0].digest)
#13. Pull image from project(PB) by user_retag, it must be successful;"
pull_harbor_image(harbor_server, user_retag_name, user_retag_password,
TestProjects.dst_repo_name, tag_name)
class TestProjects(unittest.TestCase):
@suppress_urllib3_warning
def setUp(self):
self.project= Project()
self.user= User()
self.artifact = Artifact()
self.repo= Repository()
self.url = ADMIN_CLIENT["endpoint"]
self.user_password = "******"
self.repo_name = "hello-world"
@unittest.skipIf(TEARDOWN == False, "Test data won't be erased.")
def tearDown(self):
#1. Delete repository(RA,IA) by user(UA);
self.repo.delete_repoitory(TestProjects.project_name, self.repo_name, **TestProjects.USER_CLIENT)
#2. Delete project(PA);
self.project.delete_project(TestProjects.project_id, **TestProjects.USER_CLIENT)
#3. Delete user(UA).
self.user.delete_user(TestProjects.user_id, **ADMIN_CLIENT)
print("Case completed")
def testCreateDeleteTag(self):
"""
Test case:
Create/Delete tag
Test step and expected result:
1. Create a new user(UA);
2. Create a new project(PA) by user(UA);
3. Push an image(IA) to Harbor by docker successfully;
4. Create a tag(1.0) for the image(IA);
5. Get the image(latest) from Harbor successfully;
6. Verify the image(IA) contains tag named 1.0;
7. Delete the tag(1.0) from image(IA);
8. Get the image(IA) from Harbor successfully;
9. Verify the image(IA) contains no tag named 1.0;
Tear down:
1. Delete repository(RA,IA) by user(UA);
2. Delete project(PA);
3. Delete user(UA).
"""
#1. Create a new user(UA);
TestProjects.user_id, user_name = self.user.create_user(user_password = self.user_password, **ADMIN_CLIENT)
TestProjects.USER_CLIENT=dict(with_tag = True, endpoint = self.url, username = user_name, password = self.user_password)
#2. Create a new project(PA) by user(UA);
TestProjects.project_id, TestProjects.project_name = self.project.create_project(metadata = {"public": "false"}, **TestProjects.USER_CLIENT)
#3. Push an image(IA) to Harbor by docker successfully;
repo_name, tag = push_self_build_image_to_project(TestProjects.project_name, harbor_server, 'admin', 'Harbor12345', self.repo_name, "latest")
#4. Create a tag(1.0) for the image(IA)
self.artifact.create_tag(TestProjects.project_name, self.repo_name, tag, "1.0",**TestProjects.USER_CLIENT)
#5. Get the image(IA) from Harbor successfully;
artifact = self.artifact.get_reference_info(TestProjects.project_name, self.repo_name, tag, **TestProjects.USER_CLIENT)
#6. Verify the image(IA) contains tag named 1.0;
self.assertEqual(artifact.tags[0].name, "1.0")
self.assertEqual(artifact.tags[1].name, tag)
#7. Delete the tag(1.0) from image(IA);
self.artifact.delete_tag(TestProjects.project_name, self.repo_name, tag, "1.0",**TestProjects.USER_CLIENT)
#8. Get the image(latest) from Harbor successfully;
artifact = self.artifact.get_reference_info(TestProjects.project_name, self.repo_name, tag, **TestProjects.USER_CLIENT)
#9. Verify the image(IA) contains no tag named 1.0;
self.assertEqual(artifact.tags[0].name, tag)
class TestProjects(unittest.TestCase):
@suppress_urllib3_warning
def setUp(self):
self.project = Project()
self.user = User()
self.artifact = Artifact()
self.repo = Repository()
self.label = Label()
@unittest.skipIf(TEARDOWN == False, "Test data won't be erased.")
def tearDown(self):
#1. Delete repository(RA) by user(UA);
self.repo.delete_repository(TestProjects.project_add_g_lbl_name,
TestProjects.repo_name.split('/')[1],
**TestProjects.USER_add_g_lbl_CLIENT)
#2. Delete project(PA);
self.project.delete_project(TestProjects.project_add_g_lbl_id,
**TestProjects.USER_add_g_lbl_CLIENT)
#3. Delete user(UA);
self.user.delete_user(TestProjects.user_add_g_lbl_id, **ADMIN_CLIENT)
#4. Delete label(LA).
self.label.delete_label(TestProjects.label_id, **ADMIN_CLIENT)
def testAddSysLabelToRepo(self):
"""
Test case:
Add Global Label To Tag
Test step and expected result:
1. Create a new user(UA);
2. Create a new private project(PA) by user(UA);
3. Add user(UA) as a member of project(PA) with project-admin role;
4. Get private project of user(UA), user(UA) can see only one private project which is project(PA);
5. Create a new repository(RA) and tag(TA) in project(PA) by user(UA);
6. Create a new label(LA) in project(PA) by admin;;
7. Add this system global label to repository(RA)/tag(TA);
Tear down:
1. Delete repository(RA) by user(UA);
2. Delete project(PA);
3. Delete user(UA);
4. Delete label(LA).
"""
url = ADMIN_CLIENT["endpoint"]
user_001_password = "******"
#1. Create user-001
TestProjects.user_add_g_lbl_id, user_add_g_lbl_name = self.user.create_user(
user_password=user_001_password, **ADMIN_CLIENT)
TestProjects.USER_add_g_lbl_CLIENT = dict(endpoint=url,
username=user_add_g_lbl_name,
password=user_001_password)
#2. Create private project-001
TestProjects.project_add_g_lbl_id, TestProjects.project_add_g_lbl_name = self.project.create_project(
metadata={"public": "false"}, **ADMIN_CLIENT)
#3. Add user-001 as a member of project-001 with project-admin role
self.project.add_project_members(
TestProjects.project_add_g_lbl_id,
user_id=TestProjects.user_add_g_lbl_id,
**ADMIN_CLIENT)
#4. Get private project of user(UA), user(UA) can see only one private project which is project(PA);
self.project.projects_should_exist(
dict(public=False),
expected_count=1,
expected_project_id=TestProjects.project_add_g_lbl_id,
**TestProjects.USER_add_g_lbl_CLIENT)
#5. Create a new repository(RA) and tag(TA) in project(PA) by user(UA);
TestProjects.repo_name, tag = push_self_build_image_to_project(
TestProjects.project_add_g_lbl_name, harbor_server,
user_add_g_lbl_name, user_001_password, "test_sys_label", "latest")
#6. Create a new label(LA) in project(PA) by admin;
TestProjects.label_id, _ = self.label.create_label(**ADMIN_CLIENT)
#7. Add this system global label to repository(RA)/tag(TA).
self.artifact.add_label_to_reference(
TestProjects.project_add_g_lbl_name,
TestProjects.repo_name.split('/')[1], tag,
int(TestProjects.label_id), **TestProjects.USER_add_g_lbl_CLIENT)
class TestProjects(unittest.TestCase):
@suppress_urllib3_warning
def setUp(self):
self.project = Project()
self.user = User()
self.repo = Repository()
self.projectv2 = ProjectV2()
@unittest.skipIf(TEARDOWN == False, "Test data won't be erased.")
def tearDown(self):
print("Case completed")
#1. Delete project(PA);
self.project.delete_project(TestProjects.project_user_view_logs_id,
**TestProjects.USER_USER_VIEW_LOGS_CLIENT)
#2. Delete user(UA);
self.user.delete_user(TestProjects.user_user_view_logs_id,
**ADMIN_CLIENT)
def testUserViewLogs(self):
"""
Test case:
User View Logs
Test step and expected result:
1. Create a new user(UA);
2. Create a new project(PA) by user(UA), in project(PA), there should be 1 'create' log record;;
3. Push a new image(IA) in project(PA) by admin, in project(PA), there should be 1 'push' log record;;
4. Delete repository(RA) by user(UA), in project(PA), there should be 1 'delete' log record;;
Tear down:
1. Delete project(PA);
2. Delete user(UA).
"""
test_result = TestResult()
url = ADMIN_CLIENT["endpoint"]
admin_name = ADMIN_CLIENT["username"]
admin_password = ADMIN_CLIENT["password"]
user_content_trust_password = "******"
#1. Create a new user(UA);
TestProjects.user_user_view_logs_id, user_user_view_logs_name = self.user.create_user(
user_password=user_content_trust_password, **ADMIN_CLIENT)
TestProjects.USER_USER_VIEW_LOGS_CLIENT = dict(
endpoint=url,
username=user_user_view_logs_name,
password=user_content_trust_password)
#2.1 Create a new project(PA) by user(UA);
TestProjects.project_user_view_logs_id, project_user_view_logs_name = self.project.create_project(
metadata={"public": "false"},
**TestProjects.USER_USER_VIEW_LOGS_CLIENT)
time.sleep(2)
#2.2 In project(PA), there should be 1 'create' log record;
operation = "create"
log_count = self.projectv2.filter_project_logs(
project_user_view_logs_name, user_user_view_logs_name,
project_user_view_logs_name, "project", operation,
**TestProjects.USER_USER_VIEW_LOGS_CLIENT)
if log_count != 1:
test_result.add_test_result(
"1 - Failed to get log with user:{}, resource:{}, resource_type:{} and operation:{}, expect count 1, but actual is {}."
.format(user_user_view_logs_name, project_user_view_logs_name,
"project", operation, log_count))
#3.1 Push a new image(IA) in project(PA) by admin;
repo_name, tag = push_image_to_project(project_user_view_logs_name,
harbor_server, admin_name,
admin_password, "tomcat",
"latest")
time.sleep(2)
#3.2 In project(PA), there should be 1 'push' log record;
operation = "create"
log_count = self.projectv2.filter_project_logs(
project_user_view_logs_name, admin_name,
r'{}:{}'.format(repo_name, tag), "artifact", operation,
**TestProjects.USER_USER_VIEW_LOGS_CLIENT)
if log_count != 1:
test_result.add_test_result(
"2 - Failed to get log with user:{}, resource:{}, resource_type:{} and operation:{}, expect count 1, but actual is {}."
.format(user_user_view_logs_name, project_user_view_logs_name,
"artifact", operation, log_count))
#4.1 Delete repository(RA) by user(UA);
self.repo.delete_repoitory(project_user_view_logs_name,
repo_name.split('/')[1],
**TestProjects.USER_USER_VIEW_LOGS_CLIENT)
time.sleep(6)
#4.2 In project(PA), there should be 1 'delete' log record;
operation = "delete"
log_count = self.projectv2.filter_project_logs(
project_user_view_logs_name, user_user_view_logs_name, repo_name,
"repository", operation, **TestProjects.USER_USER_VIEW_LOGS_CLIENT)
if log_count != 1:
test_result.add_test_result(
"5 - Failed to get log with user:{}, resource:{}, resource_type:{} and operation:{}, expect count 1, but actual is {}."
.format(user_user_view_logs_name, project_user_view_logs_name,
"repository", operation, log_count))
test_result.get_final_result()
class TestProjects(unittest.TestCase):
@classmethod
def setUp(self):
self.system = System()
self.project = Project()
self.user = User()
self.artifact = Artifact()
self.repo = Repository()
self.scanner = Scanner()
@classmethod
def tearDown(self):
print "Case completed"
@unittest.skipIf(TEARDOWN == False, "Test data won't be erased.")
def test_ClearData(self):
#1. Delete Alice's repository and Luca's repository;
self.repo.delete_repoitory(TestProjects.project_Alice_name,
TestProjects.repo_Alice_name.split('/')[1],
**ADMIN_CLIENT)
self.repo.delete_repoitory(TestProjects.project_Luca_name,
TestProjects.repo_Luca_name.split('/')[1],
**ADMIN_CLIENT)
#2. Delete Alice's project and Luca's project;
self.project.delete_project(TestProjects.project_Alice_id,
**ADMIN_CLIENT)
self.project.delete_project(TestProjects.project_Luca_id,
**ADMIN_CLIENT)
#3. Delete user Alice and Luca.
self.user.delete_user(TestProjects.user_Alice_id, **ADMIN_CLIENT)
self.user.delete_user(TestProjects.user_Luca_id, **ADMIN_CLIENT)
def testSystemLevelScanALL(self):
"""
Test case:
System level Scan All
Test step and expected result:
1. Create user Alice and Luca;
2. Create 2 new private projects project_Alice and project_Luca;
3. Push a image to project_Alice and push another image to project_Luca;
4. Trigger scan all event;
5. Check if image in project_Alice and another image in project_Luca were both scanned.
Tear down:
1. Delete Alice's repository and Luca's repository;
2. Delete Alice's project and Luca's project;
3. Delete user Alice and Luca.
"""
url = ADMIN_CLIENT["endpoint"]
user_common_password = "******"
#1. Create user Alice and Luca;
TestProjects.user_Alice_id, user_Alice_name = self.user.create_user(
user_password=user_common_password, **ADMIN_CLIENT)
TestProjects.user_Luca_id, user_Luca_name = self.user.create_user(
user_password=user_common_password, **ADMIN_CLIENT)
USER_ALICE_CLIENT = dict(endpoint=url,
username=user_Alice_name,
password=user_common_password,
with_scan_overview=True)
USER_LUCA_CLIENT = dict(endpoint=url,
username=user_Luca_name,
password=user_common_password,
with_scan_overview=True)
#2. Create 2 new private projects project_Alice and project_Luca;
TestProjects.project_Alice_id, TestProjects.project_Alice_name = self.project.create_project(
metadata={"public": "false"}, **USER_ALICE_CLIENT)
TestProjects.project_Luca_id, TestProjects.project_Luca_name = self.project.create_project(
metadata={"public": "false"}, **USER_LUCA_CLIENT)
#3. Push a image to project_Alice and push another image to project_Luca;
#Note: Please make sure that this Image has never been pulled before by any other cases,
# so it is a not-scanned image rigth after repository creation.
#image = "tomcat"
image_a = "mariadb"
src_tag = "latest"
#3.1 Push a image to project_Alice;
TestProjects.repo_Alice_name, tag_Alice = push_image_to_project(
TestProjects.project_Alice_name, harbor_server, user_Alice_name,
user_common_password, image_a, src_tag)
#Note: Please make sure that this Image has never been pulled before by any other cases,
# so it is a not-scanned image rigth after repository creation.
image_b = "httpd"
src_tag = "latest"
#3.2 push another image to project_Luca;
TestProjects.repo_Luca_name, tag_Luca = push_image_to_project(
TestProjects.project_Luca_name, harbor_server, user_Luca_name,
user_common_password, image_b, src_tag)
#4. Trigger scan all event;
self.system.scan_now(**ADMIN_CLIENT)
#5. Check if image in project_Alice and another image in project_Luca were both scanned.
self.artifact.check_image_scan_result(TestProjects.project_Alice_name,
image_a, tag_Alice,
**USER_ALICE_CLIENT)
self.artifact.check_image_scan_result(TestProjects.project_Luca_name,
image_b, tag_Luca,
**USER_LUCA_CLIENT)
#6. Swith Scanner;
uuid = self.scanner.scanners_get_uuid(**ADMIN_CLIENT)
self.scanner.scanners_registration_id_patch(uuid, **ADMIN_CLIENT)
#7. Trigger scan all event;
self.system.scan_now(**ADMIN_CLIENT)
#8. Check if image in project_Alice and another image in project_Luca were both scanned.
self.artifact.check_image_scan_result(TestProjects.project_Alice_name,
image_a, tag_Alice,
**USER_ALICE_CLIENT)
self.artifact.check_image_scan_result(TestProjects.project_Luca_name,
image_b, tag_Luca,
**USER_LUCA_CLIENT)
class TestProjects(unittest.TestCase):
@suppress_urllib3_warning
def setUp(self):
self.project = Project()
self.user = User()
self.artifact = Artifact()
self.repo = Repository()
self.repo_name_1 = "test1_sign"
@unittest.skipIf(TEARDOWN == False, "Test data won't be erased.")
def tearDown(self):
# remove the deletion as the signed image cannot be deleted.
#1. Delete repository(RA) by user(UA);
#self.repo.delete_repoitory(TestProjects.project_sign_image_name, TestProjects.repo_name.split('/')[1], **TestProjects.USER_sign_image_CLIENT)
#2. Delete project(PA);
#self.project.delete_project(TestProjects.project_sign_image_id, **TestProjects.USER_sign_image_CLIENT)
#3. Delete user(UA);
self.user.delete_user(TestProjects.user_sign_image_id, **ADMIN_CLIENT)
def testSignImage(self):
"""
Test case:
Sign A Image
Test step and expected result:
1. Create a new user(UA);
2. Create a new private project(PA) by user(UA);
3. Add user(UA) as a member of project(PA) with project-admin role;
4. Get private project of user(UA), user(UA) can see only one private project which is project(PA);
5. Create a new repository(RA) and tag(TA) in project(PA) by user(UA);
6. Sign image with tag(TA) which was tagged by step #5;
7. Get signature of image with tag(TA), it should be exist.
Tear down:
NA
"""
url = ADMIN_CLIENT["endpoint"]
user_001_password = "******"
#1. Create user-001
TestProjects.user_sign_image_id, user_sign_image_name = self.user.create_user(
user_password=user_001_password, **ADMIN_CLIENT)
TestProjects.USER_sign_image_CLIENT = dict(
with_signature=True,
endpoint=url,
username=user_sign_image_name,
password=user_001_password)
#2. Create a new private project(PA) by user(UA);
TestProjects.project_sign_image_id, TestProjects.project_sign_image_name = self.project.create_project(
metadata={"public": "false"}, **ADMIN_CLIENT)
#3. Add user(UA) as a member of project(PA) with project-admin role;
self.project.add_project_members(
TestProjects.project_sign_image_id,
user_id=TestProjects.user_sign_image_id,
**ADMIN_CLIENT)
#4. Get private project of user(UA), user(UA) can see only one private project which is project(PA);
self.project.projects_should_exist(
dict(public=False),
expected_count=1,
expected_project_id=TestProjects.project_sign_image_id,
**TestProjects.USER_sign_image_CLIENT)
#Note:busybox is pulled in setup phase, and setup is a essential phase.
image = "busybox"
tag = "latest"
#5. Create a new repository(RA) and tag(TA) in project(PA) by user(UA);
#TestProjects.repo_name, tag = push_self_build_image_to_project(TestProjects.project_sign_image_name, harbor_server, user_sign_image_name, user_001_password, image, src_tag)
#6. Sign image with tag(TA) which was tagged by step #5;
sign_image(harbor_server, TestProjects.project_sign_image_name, image,
tag)
#7. Get signature of image with tag(TA), it should be exist.
artifact = self.artifact.get_reference_info(
TestProjects.project_sign_image_name, image, tag,
**TestProjects.USER_sign_image_CLIENT)
self.assertEqual(artifact.tags[0].signed, True)
push_special_image_to_project(TestProjects.project_sign_image_name,
harbor_server, user_sign_image_name,
user_001_password, self.repo_name_1,
['1.0'])
self.repo.delete_repoitory(TestProjects.project_sign_image_name,
self.repo_name_1,
**TestProjects.USER_sign_image_CLIENT)
self.repo.delete_repoitory(
TestProjects.project_sign_image_name,
image,
expect_status_code=412,
expect_response_body="with signature cannot be deleted",
**TestProjects.USER_sign_image_CLIENT)
class TestProjects(unittest.TestCase):
@suppress_urllib3_warning
def setUp(self):
self.project = Project()
self.user = User()
self.artifact = Artifact()
self.repo = Repository()
@unittest.skipIf(TEARDOWN == True, "Test data won't be erased.")
def tearDown(self):
#1. Delete repository(RA) by user(UA);
self.repo.delete_repository(TestProjects.project_content_trust_name,
TestProjects.repo_name.split('/')[1],
**TestProjects.USER_CONTENT_TRUST_CLIENT)
#2. Delete project(PA);
self.project.delete_project(TestProjects.project_content_trust_id,
**TestProjects.USER_CONTENT_TRUST_CLIENT)
#3. Delete user(UA);
self.user.delete_user(TestProjects.user_content_trust_id,
**ADMIN_CLIENT)
def testProjectLevelPolicyContentTrust(self):
"""
Test case:
Project Level Policy Content Trust
Test step and expected result:
1. Create a new user(UA);
2. Create a new project(PA) by user(UA);
3. Push a new image(IA) in project(PA) by admin;
4. Image(IA) should exist;
5. Pull image(IA) successfully;
6. Enable content trust in project(PA) configuration;
7. Pull image(IA) failed and the reason is "The image is not signed in Notary".
Tear down:
1. Delete repository(RA) by user(UA);
2. Delete project(PA);
3. Delete user(UA);
"""
url = ADMIN_CLIENT["endpoint"]
image = "test_content_trust"
user_content_trust_password = "******"
#1. Create a new user(UA);
TestProjects.user_content_trust_id, user_content_trust_name = self.user.create_user(
user_password=user_content_trust_password, **ADMIN_CLIENT)
TestProjects.USER_CONTENT_TRUST_CLIENT = dict(
endpoint=url,
username=user_content_trust_name,
password=user_content_trust_password)
#2. Create a new project(PA) by user(UA);
TestProjects.project_content_trust_id, TestProjects.project_content_trust_name = self.project.create_project(
metadata={"public": "false"},
**TestProjects.USER_CONTENT_TRUST_CLIENT)
#3. Push a new image(IA) in project(PA) by admin;
TestProjects.repo_name, tag = push_self_build_image_to_project(
TestProjects.project_content_trust_name, harbor_server,
ADMIN_CLIENT["username"], ADMIN_CLIENT["password"], image,
"latest")
#4. Image(IA) should exist;
artifact = self.artifact.get_reference_info(
TestProjects.project_content_trust_name, image, tag,
**TestProjects.USER_CONTENT_TRUST_CLIENT)
self.assertEqual(artifact.tags[0].name, tag)
docker_image_clean_all()
#5. Pull image(IA) successfully;
pull_harbor_image(harbor_server, ADMIN_CLIENT["username"],
ADMIN_CLIENT["password"], TestProjects.repo_name,
tag)
self.project.get_project(TestProjects.project_content_trust_id)
#6. Enable content trust in project(PA) configuration;
self.project.update_project(TestProjects.project_content_trust_id,
metadata={"enable_content_trust": "true"},
**TestProjects.USER_CONTENT_TRUST_CLIENT)
self.project.get_project(TestProjects.project_content_trust_id)
#7. Pull image(IA) failed and the reason is "The image is not signed in Notary".
docker_image_clean_all()
pull_harbor_image(
harbor_server,
ADMIN_CLIENT["username"],
ADMIN_CLIENT["password"],
TestProjects.repo_name,
tag,
expected_error_message="The image is not signed in Notary")
class TestScan(unittest.TestCase):
@suppress_urllib3_warning
def setUp(self):
self.project = Project()
self.user = User()
self.artifact = Artifact()
self.repo = Repository()
self.scan = Scan()
self.url = ADMIN_CLIENT["endpoint"]
self.user_password = "******"
self.project_id, self.project_name, self.user_id, self.user_name, self.repo_name1, self.repo_name2 = [
None
] * 6
self.user_id, self.user_name = self.user.create_user(
user_password=self.user_password, **ADMIN_CLIENT)
self.USER_CLIENT = dict(with_signature=True,
with_immutable_status=True,
endpoint=self.url,
username=self.user_name,
password=self.user_password,
with_scan_overview=True)
#2. Create a new private project(PA) by user(UA);
self.project_id, self.project_name = self.project.create_project(
metadata={"public": "false"}, **ADMIN_CLIENT)
#3. Add user(UA) as a member of project(PA) with project-admin role;
self.project.add_project_members(self.project_id,
user_id=self.user_id,
**ADMIN_CLIENT)
@unittest.skipIf(TEARDOWN == True, "Test data won't be erased.")
def do_tearDown(self):
#1. Delete repository(RA) by user(UA);
self.repo.delete_repoitory(self.project_name,
self.repo_name1.split('/')[1],
**self.USER_CLIENT)
self.repo.delete_repoitory(self.project_name,
self.repo_name2.split('/')[1],
**self.USER_CLIENT)
#2. Delete project(PA);
self.project.delete_project(self.project_id, **self.USER_CLIENT)
#3. Delete user(UA);
self.user.delete_user(self.user_id, **ADMIN_CLIENT)
def testScanImageArtifact(self):
"""
Test case:
Scan An Image Artifact
Test step and expected result:
1. Create a new user(UA);
2. Create a new private project(PA) by user(UA);
3. Add user(UA) as a member of project(PA) with project-admin role;
4. Get private project of user(UA), user(UA) can see only one private project which is project(PA);
5. Create a new repository(RA) and tag(TA) in project(PA) by user(UA);
6. Send scan image command and get tag(TA) information to check scan result, it should be finished;
7. Swith Scanner;
8. Send scan another image command and get tag(TA) information to check scan result, it should be finished.
Tear down:
1. Delete repository(RA) by user(UA);
2. Delete project(PA);
3. Delete user(UA);
"""
#4. Get private project of user(UA), user(UA) can see only one private project which is project(PA);
self.project.projects_should_exist(dict(public=False),
expected_count=1,
expected_project_id=self.project_id,
**self.USER_CLIENT)
#Note: Please make sure that this Image has never been pulled before by any other cases,
# so it is a not-scanned image right after repository creation.
image = "docker"
src_tag = "1.13"
#5. Create a new repository(RA) and tag(TA) in project(PA) by user(UA);
self.repo_name1, tag = push_self_build_image_to_project(
self.project_name, harbor_server, self.user_name,
self.user_password, image, src_tag)
#6. Send scan image command and get tag(TA) information to check scan result, it should be finished;
self.scan.scan_artifact(self.project_name,
self.repo_name1.split('/')[1], tag,
**self.USER_CLIENT)
self.artifact.check_image_scan_result(self.project_name, image, tag,
**self.USER_CLIENT)
self.do_tearDown()
def testScanSignedImage(self):
"""
Test case:
Scan A Signed Image
Test step and expected result:
1. Create a new user(UA);
2. Create a new private project(PA) by user(UA);
3. Add user(UA) as a member of project(PA) with project-admin role;
4. Get private project of user(UA), user(UA) can see only one private project which is project(PA);
5. Create a new repository(RA) and tag(TA) in project(PA) by user(UA);
6. Send scan image command and get tag(TA) information to check scan result, it should be finished;
7. Swith Scanner;
8. Send scan another image command and get tag(TA) information to check scan result, it should be finished.
Tear down:
1. Delete repository(RA) by user(UA);
2. Delete project(PA);
3. Delete user(UA);
"""
#Note: Please make sure that this Image has never been pulled before by any other cases,
# so it is a not-scanned image right after repository creation.
#Note:busybox is pulled in setup phase, and setup is a essential phase.
image = "busybox"
tag = "latest"
#5. Create a new repository(RA) and tag(TA) in project(PA) by user(UA);
#TestScan.repo_name_1, tag = push_self_build_image_to_project(self.project_name, harbor_server, self.user_name, self.user_password, image, tag)
sign_image(harbor_server, self.project_name, image, tag)
#6. Send scan image command and get tag(TA) information to check scan result, it should be finished;
self.scan.scan_artifact(self.project_name, image, tag,
**self.USER_CLIENT)
self.artifact.check_image_scan_result(self.project_name, image, tag,
**self.USER_CLIENT)
