class TestLdapAdminRole(unittest.TestCase):
"""AccessLog unit test stubs"""
product_api = testutils.GetProductApi("admin", "Harbor12345")
mike_product_api = testutils.GetProductApi("mike", "zhu88jie")
project_id = 0
def setUp(self):
pass
def tearDown(self):
if self.project_id > 0:
self.mike_product_api.projects_project_id_delete(
project_id=self.project_id)
pass
def testLdapAdminRole(self):
"""Test LdapAdminRole"""
result = self.product_api.configurations_put(
configurations=Configurations(
ldap_group_admin_dn=
"cn=harbor_users,ou=groups,dc=example,dc=com"))
pprint(result)
# Create a private project
result = self.product_api.projects_post(project=ProjectReq(
project_name="test_private"))
pprint(result)
# query project with ldap user mike
projects = self.mike_product_api.projects_get(name="test_private")
self.assertTrue(projects.count > 1)
self.project_id = projects[0].project_id
pass
def queryUserLogs(self, username, password, harbor_host=harbor_host):
client_product_api = testutils.GetProductApi(username=username,
password=password)
logs = client_product_api.logs_get(repository="ldap_group_test_prj",
username=username)
if logs == None:
return 0
else:
return logs.count
class TestLdapAdminRole(unittest.TestCase):
"""AccessLog unit test stubs"""
product_api = testutils.GetProductApi("admin", "Harbor12345")
mike_product_api = testutils.GetProductApi("mike", "zhu88jie")
project_id = 0
def setUp(self):
pass
def tearDown(self):
if self.project_id > 0:
self.mike_product_api.projects_project_id_delete(
project_id=self.project_id)
pass
def testLdapAdminRole(self):
"""Test LdapAdminRole"""
_project_name = _random_name("test_private")
result = self.product_api.configurations_put(
configurations=Configurations(
ldap_group_admin_dn=
"cn=harbor_users,ou=groups,dc=example,dc=com"))
# Create a private project
result = self.product_api.projects_post(project=ProjectReq(
project_name=_project_name))
# query project with ldap user mike
projects = self.mike_product_api.projects_get(name=_project_name)
print("=================", projects)
self.assertTrue(len(projects) == 1)
self.project_id = projects[0].project_id
# check the mike is not admin in Database
user_list = self.product_api.users_get(username="******")
pprint(user_list[0])
self.assertFalse(user_list[0].sysadmin_flag)
pass
def testAssignRoleToLdapGroup(self):
"""Test AssignRoleToLdapGroup"""
admin_product_api = testutils.GetProductApi(username="******",
password="******")
projects = admin_product_api.projects_get(name=self._project_name)
self.assertTrue(len(projects) == 1)
self.assertEqual(1, projects[0].current_user_role_id)
dev_product_api = testutils.GetProductApi("dev_user", "zhu88jie")
projects = dev_product_api.projects_get(name=self._project_name)
self.assertTrue(len(projects) == 1)
self.assertEqual(2, projects[0].current_user_role_id)
guest_product_api = testutils.GetProductApi("guest_user", "zhu88jie")
projects = guest_product_api.projects_get(name=self._project_name)
self.assertTrue(len(projects) == 1)
self.assertEqual(3, projects[0].current_user_role_id)
self.dockerCmdLoginAdmin(username="******", password="******")
self.dockerCmdLoginDev(username="******", password="******")
self.dockerCmdLoginGuest(username="******", password="******")
self.assertTrue(
self.queryUserLogs(username="******", password="******") > 0,
"admin user can see logs")
self.assertTrue(
self.queryUserLogs(username="******", password="******") > 0,
"dev user can see logs")
self.assertTrue(
self.queryUserLogs(username="******", password="******") > 0,
"guest user can see logs")
self.assertTrue(
self.queryUserLogs(username="******",
password="******",
status_code=403) == 0,
"test user can not see any logs")
pass
class TestUserGroup(unittest.TestCase):
"""UserGroup unit test stubs"""
product_api = testutils.GetProductApi("admin", "Harbor12345")
groupId = 0
def setUp(self):
self.conf = Configurations()
self.conf.set_configurations_of_ldap(
ldap_filter="",
ldap_group_attribute_name="cn",
ldap_group_base_dn="ou=groups,dc=example,dc=com",
ldap_group_search_filter="objectclass=groupOfNames",
ldap_group_search_scope=2,
**ADMIN_CLIENT)
pass
def tearDown(self):
if self.groupId > 0:
self.product_api.usergroups_group_id_delete(group_id=self.groupId)
pass
def testAddUpdateUserGroup(self):
"""Test UserGroup"""
user_group = UserGroup(
group_name="harbor_group123",
group_type=1,
ldap_group_dn="cn=harbor_group,ou=groups,dc=example,dc=com")
result = self.product_api.usergroups_post(usergroup=user_group)
pprint(result)
user_groups = self.product_api.usergroups_get()
found = False
for ug in user_groups:
if ug.group_name == "harbor_group123":
found = True
print("Found usergroup")
pprint(ug)
self.groupId = ug.id
self.assertTrue(found)
result = self.product_api.usergroups_group_id_put(
self.groupId, usergroup=UserGroup(group_name="newharbor_group"))
new_user_group = self.product_api.usergroups_group_id_get(
group_id=self.groupId)
self.assertEqual("newharbor_group", new_user_group.group_name)
pass
def testAssignRoleToLdapGroup(self):
"""Test AssignRoleToLdapGroup"""
admin_product_api = testutils.GetProductApi(username="******",
password="******")
projects = admin_product_api.projects_get(name="ldap_group_test_prj")
self.assertTrue(projects.count > 1)
self.assertEqual(1, projects[0].current_user_role_id)
dev_product_api = testutils.GetProductApi("dev_user", "zhu88jie")
projects = dev_product_api.projects_get(name="ldap_group_test_prj")
self.assertTrue(projects.count > 1)
self.assertEqual(2, projects[0].current_user_role_id)
guest_product_api = testutils.GetProductApi("guest_user", "zhu88jie")
projects = guest_product_api.projects_get(name="ldap_group_test_prj")
self.assertTrue(projects.count > 1)
self.assertEqual(3, projects[0].current_user_role_id)
self.dockerCmdLoginAdmin(username="******", password="******")
self.dockerCmdLoginDev(username="******", password="******")
self.dockerCmdLoginGuest(username="******", password="******")
self.assertTrue(
self.queryUserLogs(username="******", password="******") > 0,
"admin user can see logs")
self.assertTrue(
self.queryUserLogs(username="******", password="******") > 0,
"dev user can see logs")
self.assertTrue(
self.queryUserLogs(username="******", password="******") > 0,
"guest user can see logs")
self.assertTrue(
self.queryUserLogs(username="******", password="******") == 0,
"user001 can not see any logs")
pass
class TestLdapPing(unittest.TestCase):
"""AccessLog unit test stubs"""
product_api = testutils.GetProductApi("admin", "Harbor12345")
project_id = 0
def setUp(self):
pass
def tearDown(self):
pass
def testLdapPing(self):
"""Test LdapAdminRole"""
result = self.product_api.ldap_ping_post(
ldapconf=LdapConf(ldap_url="10.161.127.236",
ldap_search_dn="cn=admin,dc=example,dc=com",
ldap_search_password="******",
ldap_scope=2))
pprint(result)
class TestLdapAdminRole(unittest.TestCase):
"""AccessLog unit test stubs"""
product_api = testutils.GetProductApi("admin", "Harbor12345")
project_id = 0
def setUp(self):
self.project = Project()
self.mike_product_api = Project("mike", "zhu88jie")
def tearDown(self):
print("Case completed")
@unittest.skipIf(TEARDOWN == False, "Test data won't be erased.")
def test_ClearData(self):
if self.project_id > 0:
self.mike_product_api.delete_project(self.project_id)
def testLdapAdminRole(self):
"""Test LdapAdminRole"""
_project_name = _random_name("test-ldap-admin-role")
result = self.product_api.configurations_put(
configurations=Configurations(
ldap_group_admin_dn=
"cn=harbor_users,ou=groups,dc=example,dc=com"))
# Create a private project
result = self.project.create_project(_project_name)
# query project with ldap user mike
projects = self.mike_product_api.get_projects(dict(name=_project_name))
print("=================", projects)
self.assertTrue(len(projects) == 1)
self.project_id = projects[0].project_id
# check the mike is not admin in Database
user_list = self.product_api.users_get(username="******")
pprint(user_list[0])
self.assertFalse(user_list[0].sysadmin_flag)
pass
class TestAssignRoleToLdapGroup(unittest.TestCase):
harbor_host = os.environ["HARBOR_HOST"]
"""AssignRoleToLdapGroup unit test stubs"""
product_api = testutils.GetProductApi("admin", "Harbor12345")
repository_api = testutils.GetRepositoryApi("admin", "Harbor12345")
project_id = 0
docker_client = docker.from_env()
_project_name = _random_name("test_private")
def setUp(self):
self.projectv2 = ProjectV2()
#login with admin, create a project and assign role to ldap group
result = self.product_api.configurations_put(
configurations=Configurations(
ldap_filter="",
ldap_group_attribute_name="cn",
ldap_group_base_dn="ou=groups,dc=example,dc=com",
ldap_group_search_filter="objectclass=groupOfNames",
ldap_group_search_scope=2))
pprint(result)
cfgs = self.product_api.configurations_get()
pprint(cfgs)
req = ProjectReq()
req.project_name = self._project_name
req.metadata = ProjectMetadata(public="false")
result = self.product_api.projects_post(req)
pprint(result)
projs = self.product_api.projects_get(name=self._project_name)
if len(projs) > 0:
project = projs[0]
self.project_id = project.project_id
# asign role to project with dn
group_dn = "cn=harbor_admin,ou=groups,dc=example,dc=com"
projectmember = ProjectMember()
projectmember.role_id = 1
projectmember.member_group = UserGroup(ldap_group_dn=group_dn)
result = self.product_api.projects_project_id_members_post(
project_id=self.project_id, project_member=projectmember)
pprint(result)
group_dn = "cn=harbor_dev,ou=groups,dc=example,dc=com"
projectmember = ProjectMember()
projectmember.role_id = 2
projectmember.member_group = UserGroup(ldap_group_dn=group_dn)
result = self.product_api.projects_project_id_members_post(
project_id=self.project_id, project_member=projectmember)
pprint(result)
group_dn = "cn=harbor_guest,ou=groups,dc=example,dc=com"
projectmember = ProjectMember()
projectmember.role_id = 3
projectmember.member_group = UserGroup(ldap_group_dn=group_dn)
result = self.product_api.projects_project_id_members_post(
project_id=self.project_id, project_member=projectmember)
pprint(result)
pass
def tearDown(self):
#delete images in project
result = self.repository_api.delete_repository(self._project_name,
"busybox")
pprint(result)
result = self.repository_api.delete_repository(self._project_name,
"busyboxdev")
pprint(result)
if self.project_id > 0:
self.product_api.projects_project_id_delete(self.project_id)
pass
def testAssignRoleToLdapGroup(self):
"""Test AssignRoleToLdapGroup"""
admin_product_api = testutils.GetProductApi(username="******",
password="******")
projects = admin_product_api.projects_get(name=self._project_name)
self.assertTrue(len(projects) == 1)
self.assertEqual(1, projects[0].current_user_role_id)
dev_product_api = testutils.GetProductApi("dev_user", "zhu88jie")
projects = dev_product_api.projects_get(name=self._project_name)
self.assertTrue(len(projects) == 1)
self.assertEqual(2, projects[0].current_user_role_id)
guest_product_api = testutils.GetProductApi("guest_user", "zhu88jie")
projects = guest_product_api.projects_get(name=self._project_name)
self.assertTrue(len(projects) == 1)
self.assertEqual(3, projects[0].current_user_role_id)
self.dockerCmdLoginAdmin(username="******", password="******")
self.dockerCmdLoginDev(username="******", password="******")
self.dockerCmdLoginGuest(username="******", password="******")
self.assertTrue(
self.queryUserLogs(username="******", password="******") > 0,
"admin user can see logs")
self.assertTrue(
self.queryUserLogs(username="******", password="******") > 0,
"dev user can see logs")
self.assertTrue(
self.queryUserLogs(username="******", password="******") > 0,
"guest user can see logs")
self.assertTrue(
self.queryUserLogs(username="******",
password="******",
status_code=403) == 0,
"test user can not see any logs")
pass
# admin user can push, pull images
def dockerCmdLoginAdmin(self, username, password):
pprint(self.docker_client.info())
self.docker_client.login(username=username,
password=password,
registry=self.harbor_host)
self.docker_client.images.pull("busybox:latest")
image = self.docker_client.images.get("busybox:latest")
image.tag(repository=self.harbor_host + "/" + self._project_name +
"/busybox",
tag="latest")
output = self.docker_client.images.push(repository=self.harbor_host +
"/" + self._project_name +
"/busybox",
tag="latest")
if output.find("error") > 0:
self.fail("Should not fail to push image for admin_user")
self.docker_client.images.pull(repository=self.harbor_host + "/" +
self._project_name + "/busybox",
tag="latest")
pass
# dev user can push, pull images
def dockerCmdLoginDev(self, username, password, harbor_server=harbor_host):
self.docker_client.login(username=username,
password=password,
registry=self.harbor_host)
self.docker_client.images.pull("busybox:latest")
image = self.docker_client.images.get("busybox:latest")
image.tag(repository=self.harbor_host + "/" + self._project_name +
"/busyboxdev",
tag="latest")
output = self.docker_client.images.push(repository=self.harbor_host +
"/" + self._project_name +
"/busyboxdev",
tag="latest")
if output.find("error") > 0:
self.fail("Should not fail to push images for dev_user")
pass
# guest user can pull images
def dockerCmdLoginGuest(self,
username,
password,
harbor_server=harbor_host):
self.docker_client.login(username=username,
password=password,
registry=self.harbor_host)
self.docker_client.images.pull("busybox:latest")
image = self.docker_client.images.get("busybox:latest")
image.tag(repository=self.harbor_host + "/" + self._project_name +
"/busyboxguest",
tag="latest")
output = self.docker_client.images.push(repository=self.harbor_host +
"1/" + self._project_name +
"/busyboxguest",
tag="latest")
if output.find("error") < 0:
self.fail("Should failed to push image for guest user")
self.docker_client.images.pull(repository=self.harbor_host + "/" +
self._project_name + "/busybox",
tag="latest")
pass
# check can see his log in current project
def queryUserLogs(self, username, password, status_code=200):
client = dict(endpoint=ADMIN_CLIENT["endpoint"],
username=username,
password=password)
try:
logs = self.projectv2.get_project_log(self._project_name,
status_code, **client)
count = 0
for log in list(logs):
count = count + 1
return count
except ApiException as e:
_assert_status_code(status_code, e.status)
return 0
class TestAssignRoleToLdapGroup(unittest.TestCase):
harbor_host = os.environ["HARBOR_HOST"]
"""AssignRoleToLdapGroup unit test stubs"""
product_api = testutils.GetProductApi("admin", "Harbor12345")
project_id = 0
docker_client = docker.from_env()
def setUp(self):
#login with admin, create a project and assign role to ldap group
result = self.product_api.configurations_put(
configurations=Configurations(
ldap_filter="",
ldap_group_attribute_name="cn",
ldap_group_base_dn="ou=groups,dc=example,dc=com",
ldap_group_search_filter="objectclass=groupOfNames",
ldap_group_search_scope=2))
pprint(result)
cfgs = self.product_api.configurations_get()
pprint(cfgs)
req = ProjectReq()
req.project_name = "ldap_group_test_prj"
req.metadata = ProjectMetadata(public="false")
result = self.product_api.projects_post(req)
pprint(result)
projs = self.product_api.projects_get(name="ldap_group_test_prj")
if projs.count > 0:
project = projs[0]
self.project_id = project.project_id
# asign role to project with dn
group_dn = "cn=harbor_admin,ou=groups,dc=example,dc=com"
projectmember = ProjectMember()
projectmember.role_id = 1
projectmember.member_group = UserGroup(ldap_group_dn=group_dn)
result = self.product_api.projects_project_id_members_post(
project_id=self.project_id, project_member=projectmember)
pprint(result)
group_dn = "cn=harbor_dev,ou=groups,dc=example,dc=com"
projectmember = ProjectMember()
projectmember.role_id = 2
projectmember.member_group = UserGroup(ldap_group_dn=group_dn)
result = self.product_api.projects_project_id_members_post(
project_id=self.project_id, project_member=projectmember)
pprint(result)
group_dn = "cn=harbor_guest,ou=groups,dc=example,dc=com"
projectmember = ProjectMember()
projectmember.role_id = 3
projectmember.member_group = UserGroup(ldap_group_dn=group_dn)
result = self.product_api.projects_project_id_members_post(
project_id=self.project_id, project_member=projectmember)
pprint(result)
pass
def tearDown(self):
#delete images in project
result = self.product_api.repositories_repo_name_delete(
repo_name="ldap_group_test_prj/busybox")
pprint(result)
result = self.product_api.repositories_repo_name_delete(
repo_name="ldap_group_test_prj/busyboxdev")
pprint(result)
if self.project_id > 0:
self.product_api.projects_project_id_delete(self.project_id)
pass
def testAssignRoleToLdapGroup(self):
"""Test AssignRoleToLdapGroup"""
admin_product_api = testutils.GetProductApi(username="******",
password="******")
projects = admin_product_api.projects_get(name="ldap_group_test_prj")
self.assertTrue(projects.count > 1)
self.assertEqual(1, projects[0].current_user_role_id)
dev_product_api = testutils.GetProductApi("dev_user", "zhu88jie")
projects = dev_product_api.projects_get(name="ldap_group_test_prj")
self.assertTrue(projects.count > 1)
self.assertEqual(2, projects[0].current_user_role_id)
guest_product_api = testutils.GetProductApi("guest_user", "zhu88jie")
projects = guest_product_api.projects_get(name="ldap_group_test_prj")
self.assertTrue(projects.count > 1)
self.assertEqual(3, projects[0].current_user_role_id)
self.dockerCmdLoginAdmin(username="******", password="******")
self.dockerCmdLoginDev(username="******", password="******")
self.dockerCmdLoginGuest(username="******", password="******")
self.assertTrue(
self.queryUserLogs(username="******", password="******") > 0,
"admin user can see logs")
self.assertTrue(
self.queryUserLogs(username="******", password="******") > 0,
"dev user can see logs")
self.assertTrue(
self.queryUserLogs(username="******", password="******") > 0,
"guest user can see logs")
self.assertTrue(
self.queryUserLogs(username="******", password="******") == 0,
"user001 can not see any logs")
pass
# admin user can push, pull images
def dockerCmdLoginAdmin(self, username, password):
pprint(self.docker_client.info())
self.docker_client.login(username=username,
password=password,
registry=self.harbor_host)
self.docker_client.images.pull("busybox:latest")
image = self.docker_client.images.get("busybox:latest")
image.tag(repository=self.harbor_host + "/ldap_group_test_prj/busybox",
tag="latest")
output = self.docker_client.images.push(repository=self.harbor_host +
"/ldap_group_test_prj/busybox",
tag="latest")
if output.find("error") > 0:
self.fail("Should not fail to push image for admin_user")
self.docker_client.images.pull(repository=self.harbor_host +
"/ldap_group_test_prj/busybox",
tag="latest")
pass
# dev user can push, pull images
def dockerCmdLoginDev(self, username, password, harbor_server=harbor_host):
self.docker_client.login(username=username,
password=password,
registry=self.harbor_host)
self.docker_client.images.pull("busybox:latest")
image = self.docker_client.images.get("busybox:latest")
image.tag(repository=self.harbor_host +
"/ldap_group_test_prj/busyboxdev",
tag="latest")
output = self.docker_client.images.push(
repository=self.harbor_host + "/ldap_group_test_prj/busyboxdev",
tag="latest")
if output.find("error") > 0:
self.fail("Should not fail to push images for dev_user")
pass
# guest user can pull images
def dockerCmdLoginGuest(self,
username,
password,
harbor_server=harbor_host):
self.docker_client.login(username=username,
password=password,
registry=self.harbor_host)
self.docker_client.images.pull("busybox:latest")
image = self.docker_client.images.get("busybox:latest")
image.tag(repository=self.harbor_host +
"/ldap_group_test_prj/busyboxguest",
tag="latest")
output = self.docker_client.images.push(
repository=self.harbor_host + "1/ldap_group_test_prj/busyboxguest",
tag="latest")
if output.find("error") < 0:
self.fail("Should failed to push image for guest user")
self.docker_client.images.pull(repository=self.harbor_host +
"/ldap_group_test_prj/busybox",
tag="latest")
pass
# check can see his log in current project
def queryUserLogs(self, username, password, harbor_host=harbor_host):
client_product_api = testutils.GetProductApi(username=username,
password=password)
logs = client_product_api.logs_get(repository="ldap_group_test_prj",
username=username)
if logs == None:
return 0
else:
return logs.count
def testHealthCheck(self):
client = testutils.GetProductApi("admin", "Harbor12345")
status, code, _ = client.health_get_with_http_info()
self.assertEqual(code, 200)
self.assertEqual("healthy", status.status)
