def setUp(self): url = ADMIN_CLIENT["endpoint"] self.conf = Configurations() self.user = User() self.project = Project() self.USER_MIKE = dict(endpoint=url, username="******", password="******")
def setUp(self): self.conf = Configurations() self.conf.set_configurations_of_ldap( ldap_filter="", ldap_group_attribute_name="cn", ldap_group_base_dn="ou=groups,dc=example,dc=com", ldap_group_search_filter="objectclass=groupOfNames", ldap_group_search_scope=2, **ADMIN_CLIENT) pass
class TestProjects(unittest.TestCase): @classmethod def setUp(self): self.conf= Configurations() self.project= Project() self.user= User() @classmethod def tearDown(self): print "Case completed" @unittest.skipIf(TEARDOWN == False, "Test data won't be erased.") def test_ClearData(self): print "Clear trace" #1. Delete project(PA); self.project.delete_project(TestProjects.project_edit_project_creation_id, **TestProjects.USER_edit_project_creation_CLIENT) #2. Delete user(UA); self.user.delete_user(TestProjects.user_edit_project_creation_id, **ADMIN_CLIENT) def testEditProjectCreation(self): """ Test case: Edit Project Creation Test step and expected result: 1. Create a new user(UA); 2. Set project creation to "admin only"; 3. Create a new project(PA) by user(UA), and fail to create a new project; 4. Set project creation to "everyone"; 5. Create a new project(PA) by user(UA), success to create a project. Tear down: 1. Delete project(PA); 2. Delete user(UA); """ url = ADMIN_CLIENT["endpoint"] user_edit_project_creation_password = "******" #1. Create a new user(UA); TestProjects.user_edit_project_creation_id, user_edit_project_creation_name = self.user.create_user(user_password = user_edit_project_creation_password, **ADMIN_CLIENT) TestProjects.USER_edit_project_creation_CLIENT=dict(endpoint = url, username = user_edit_project_creation_name, password = user_edit_project_creation_password) #2. Set project creation to "admin only"; self.conf.set_configurations_of_project_creation_restriction("adminonly", **ADMIN_CLIENT) #3. Create a new project(PA) by user(UA), and fail to create a new project; self.project.create_project(metadata = {"public": "false"}, expect_status_code = 403, expect_response_body = "{\"errors\":[{\"code\":\"FORBIDDEN\",\"message\":\"Only system admin can create project\"}]}", **TestProjects.USER_edit_project_creation_CLIENT) #4. Set project creation to "everyone"; self.conf.set_configurations_of_project_creation_restriction("everyone", **ADMIN_CLIENT) #5. Create a new project(PA) by user(UA), success to create a project. TestProjects.project_edit_project_creation_id, _ = self.project.create_project(metadata = {"public": "false"}, **TestProjects.USER_edit_project_creation_CLIENT)
class TestUserGroup(unittest.TestCase): """UserGroup unit test stubs""" product_api = testutils.GetProductApi("admin", "Harbor12345") groupId = 0 def setUp(self): self.conf = Configurations() self.conf.set_configurations_of_ldap( ldap_filter="", ldap_group_attribute_name="cn", ldap_group_base_dn="ou=groups,dc=example,dc=com", ldap_group_search_filter="objectclass=groupOfNames", ldap_group_search_scope=2, **ADMIN_CLIENT) pass def tearDown(self): if self.groupId > 0: self.product_api.usergroups_group_id_delete(group_id=self.groupId) pass def testAddUpdateUserGroup(self): """Test UserGroup""" user_group = UserGroup( group_name="harbor_group123", group_type=1, ldap_group_dn="cn=harbor_group,ou=groups,dc=example,dc=com") result = self.product_api.usergroups_post(usergroup=user_group) pprint(result) user_groups = self.product_api.usergroups_get() found = False for ug in user_groups: if ug.group_name == "harbor_group123": found = True print("Found usergroup") pprint(ug) self.groupId = ug.id self.assertTrue(found) result = self.product_api.usergroups_group_id_put( self.groupId, usergroup=UserGroup(group_name="newharbor_group")) new_user_group = self.product_api.usergroups_group_id_get( group_id=self.groupId) self.assertEqual("newharbor_group", new_user_group.group_name) pass
def setUp(self): conf = Configurations() self.conf = conf project = Project() self.project = project user = User() self.user = user
class TestLdapAdminRole(unittest.TestCase): @classmethod def setUp(self): url = ADMIN_CLIENT["endpoint"] self.conf = Configurations() self.user = User() self.project = Project() self.USER_MIKE = dict(endpoint=url, username="******", password="******") @classmethod def tearDown(self): self.project.delete_project(TestLdapAdminRole.project_id, **self.USER_MIKE) print("Case completed") def testLdapAdminRole(self): """ Test case: LDAP Admin Role Test step and expected result: 1. Set LDAP Auth configurations; 2. Create a new public project(PA) by LDAP user mike; 3. Check project is created successfully; 4. Check mike's SysAdminFlag is false, but AdminRoleInAuth should be true 5. Delete project(PA); """ self.conf.set_configurations_of_ldap( ldap_group_admin_dn="cn=harbor_users,ou=groups,dc=example,dc=com", **ADMIN_CLIENT) TestLdapAdminRole.project_id, project_name = self.project.create_project( metadata={"public": "false"}, **self.USER_MIKE) self.project.check_project_name_exist(name=project_name, **self.USER_MIKE) _user = self.user.get_user_current(**self.USER_MIKE) print(_user) self.assertFalse(_user.sysadmin_flag) self.assertTrue(_user.admin_role_in_auth)
class TestProjects(unittest.TestCase): @classmethod def setUp(self): self.conf = Configurations() self.user = User() @classmethod def tearDown(self): print "Case completed" @unittest.skipIf(TEARDOWN == False, "Test data won't be erased.") def test_ClearData(self): #1. Delete user(UA); self.user.delete_user(TestProjects.user_assign_sys_admin_id, **ADMIN_CLIENT) def testAssignSysAdmin(self): """ Test case: Assign Sys Admin Test step and expected result: 1. Create a new user(UA); 2. Set user(UA) has sysadmin role by admin, check user(UA) can modify system configuration; 3. 3. Set user(UA) has no sysadmin role by admin, check user(UA) can not modify system configuration; 4. Set user(UA) has sysadmin role by admin, check user(UA) can modify system configuration. Tear down: 1. Delete user(UA). """ url = ADMIN_CLIENT["endpoint"] user_assign_sys_admin_password = "******" #1. Create a new user(UA); TestProjects.user_assign_sys_admin_id, user_assign_sys_admin_name = self.user.create_user( user_password=user_assign_sys_admin_password, **ADMIN_CLIENT) USER_ASSIGN_SYS_ADMIN_CLIENT = dict( endpoint=url, username=user_assign_sys_admin_name, password=user_assign_sys_admin_password) #2. Set user(UA) has sysadmin role by admin, check user(UA) can modify system configuration; self.user.update_user_role_as_sysadmin( TestProjects.user_assign_sys_admin_id, True, **ADMIN_CLIENT) self.conf.set_configurations_of_token_expiration( 60, **USER_ASSIGN_SYS_ADMIN_CLIENT) #3. Set user(UA) has no sysadmin role by admin, check user(UA) can not modify system configuration; self.user.update_user_role_as_sysadmin( TestProjects.user_assign_sys_admin_id, False, **ADMIN_CLIENT) self.conf.set_configurations_of_token_expiration( 70, expect_status_code=403, **USER_ASSIGN_SYS_ADMIN_CLIENT) #4. Set user(UA) has sysadmin role by admin, check user(UA) can modify system configuration. self.user.update_user_role_as_sysadmin( TestProjects.user_assign_sys_admin_id, True, **ADMIN_CLIENT) self.conf.set_configurations_of_token_expiration( 80, **USER_ASSIGN_SYS_ADMIN_CLIENT)
def setUp(self): self.conf = Configurations() self.project = Project() self.artifact = Artifact() self.repo = Repository() self.scan = Scan()
class TestAssignRoleToLdapGroup(unittest.TestCase): @classmethod def setUp(self): self.conf = Configurations() self.project = Project() self.artifact = Artifact() self.repo = Repository() self.scan = Scan() @classmethod def tearDown(self): print("Case completed") def TestAssignRoleToLdapGroup(self): """ Test case: Assign Role To Ldap Group Test step and expected result: 1. Set LDAP Auth configurations; 2. Create a new public project(PA) by Admin; 3. Add 3 member groups to project(PA); 4. Push image by each member role; 5. Verfify that admin_user and dev_user can push image, guest_user can not push image; 6. Verfify that admin_user, dev_user and guest_user can view logs, test user can not view logs. 7. Delete repository(RA) by user(UA); 8. Delete project(PA); """ url = ADMIN_CLIENT["endpoint"] USER_ADMIN = dict(endpoint=url, username="******", password="******", repo="hello-world") USER_DEV = dict(endpoint=url, username="******", password="******", repo="alpine") USER_GUEST = dict(endpoint=url, username="******", password="******", repo="busybox") USER_TEST = dict(endpoint=url, username="******", password="******") self.conf.set_configurations_of_ldap( ldap_filter="", ldap_group_attribute_name="cn", ldap_group_base_dn="ou=groups,dc=example,dc=com", ldap_group_search_filter="objectclass=groupOfNames", ldap_group_search_scope=2, **ADMIN_CLIENT) with created_project(metadata={"public": "false"}) as (project_id, project_name): self.project.add_project_members( project_id, member_role_id=1, _ldap_group_dn="cn=harbor_admin,ou=groups,dc=example,dc=com", **ADMIN_CLIENT) self.project.add_project_members( project_id, member_role_id=2, _ldap_group_dn="cn=harbor_dev,ou=groups,dc=example,dc=com", **ADMIN_CLIENT) self.project.add_project_members( project_id, member_role_id=3, _ldap_group_dn="cn=harbor_guest,ou=groups,dc=example,dc=com", **ADMIN_CLIENT) projects = self.project.get_projects(dict(name=project_name), **USER_ADMIN) self.assertTrue(len(projects) == 1) self.assertEqual(1, projects[0].current_user_role_id) repo_name_admin, _ = push_image_to_project( project_name, harbor_server, USER_ADMIN["username"], USER_ADMIN["password"], USER_ADMIN["repo"], "latest") artifacts = self.artifact.list_artifacts(project_name, USER_ADMIN["repo"], **USER_ADMIN) self.assertTrue(len(artifacts) == 1) repo_name_dev, _ = push_image_to_project( project_name, harbor_server, USER_DEV["username"], USER_DEV["password"], USER_DEV["repo"], "latest") artifacts = self.artifact.list_artifacts(project_name, USER_DEV["repo"], **USER_DEV) self.assertTrue(len(artifacts) == 1) push_image_to_project(project_name, harbor_server, USER_GUEST["username"], USER_GUEST["password"], USER_GUEST["repo"], "latest") artifacts = self.artifact.list_artifacts(project_name, USER_GUEST["repo"], **USER_GUEST) self.assertTrue(len(artifacts) == 0) self.assertTrue( self.project.query_user_logs(project_name, **USER_ADMIN) > 0, "admin user can see logs") self.assertTrue( self.project.query_user_logs(project_name, **USER_DEV) > 0, "dev user can see logs") self.assertTrue( self.project.query_user_logs(project_name, **USER_GUEST) > 0, "guest user can see logs") self.assertTrue( self.project.query_user_logs(project_name, status_code=403, **USER_TEST) == 0, "test user can not see any logs") self.repo.delete_repoitory(project_name, repo_name_admin.split('/')[1], **USER_ADMIN) self.repo.delete_repoitory(project_name, repo_name_dev.split('/')[1], **USER_ADMIN)
def setUp(self): self.conf = Configurations() self.project = Project() self.artifact = Artifact() self.repo = Repository() self.user = User()
class TestAssignRoleToLdapGroup(unittest.TestCase): @suppress_urllib3_warning def setUp(self): self.conf = Configurations() self.project = Project() self.artifact = Artifact() self.repo = Repository() self.user = User() @unittest.skipIf(TEARDOWN == False, "Test data won't be erased.") def tearDown(self): print("Case completed") def testAssignRoleToLdapGroup(self): """ Test case: Assign Role To Ldap Group Test step and expected result: 1. Set LDAP Auth configurations; 2. Create a new public project(PA) by Admin; 3. Add 3 member groups to project(PA); 4. Push image by each member role; 5. Verfify that admin_user can add project member, dev_user and guest_user can not add project member; 6. Verfify that admin_user and dev_user can push image, guest_user can not push image; 7. Verfify that admin_user, dev_user and guest_user can view logs, test user can not view logs. 8. Delete repository(RA) by user(UA); 9. Delete project(PA); """ url = ADMIN_CLIENT["endpoint"] USER_ADMIN = dict(endpoint=url, username="******", password="******", repo="haproxy") USER_DEV = dict(endpoint=url, username="******", password="******", repo="alpine") USER_GUEST = dict(endpoint=url, username="******", password="******", repo="busybox") USER_TEST = dict(endpoint=url, username="******", password="******") USER_MIKE = dict(endpoint=url, username="******", password="******") #USER001 is in group harbor_group3 self.conf.set_configurations_of_ldap( ldap_filter="", ldap_group_attribute_name="cn", ldap_group_base_dn="ou=groups,dc=example,dc=com", ldap_group_search_filter="objectclass=groupOfNames", ldap_group_search_scope=2, **ADMIN_CLIENT) with created_project(metadata={"public": "false"}) as (project_id, project_name): self.project.add_project_members( project_id, member_role_id=1, _ldap_group_dn="cn=harbor_admin,ou=groups,dc=example,dc=com", **ADMIN_CLIENT) self.project.add_project_members( project_id, member_role_id=2, _ldap_group_dn="cn=harbor_dev,ou=groups,dc=example,dc=com", **ADMIN_CLIENT) self.project.add_project_members( project_id, member_role_id=3, _ldap_group_dn="cn=harbor_guest,ou=groups,dc=example,dc=com", **ADMIN_CLIENT) projects = self.project.get_projects(dict(name=project_name), **USER_ADMIN) self.assertTrue(len(projects) == 1) self.assertEqual(1, projects[0].current_user_role_id) #Mike has logged in harbor in previous test. mike = self.user.get_user_by_name(USER_MIKE["username"], **ADMIN_CLIENT) #Verify role difference in add project member feature, to distinguish between admin and dev role self.project.add_project_members(project_id, user_id=mike.user_id, member_role_id=3, **USER_ADMIN) self.project.add_project_members(project_id, user_id=mike.user_id, member_role_id=3, expect_status_code=403, **USER_DEV) self.project.add_project_members(project_id, user_id=mike.user_id, member_role_id=3, expect_status_code=403, **USER_GUEST) repo_name_admin, _ = push_image_to_project( project_name, harbor_server, USER_ADMIN["username"], USER_ADMIN["password"], USER_ADMIN["repo"], "latest") artifacts = self.artifact.list_artifacts(project_name, USER_ADMIN["repo"], **USER_ADMIN) self.assertTrue(len(artifacts) == 1) repo_name_dev, _ = push_image_to_project( project_name, harbor_server, USER_DEV["username"], USER_DEV["password"], USER_DEV["repo"], "latest") artifacts = self.artifact.list_artifacts(project_name, USER_DEV["repo"], **USER_DEV) self.assertTrue(len(artifacts) == 1) push_image_to_project( project_name, harbor_server, USER_GUEST["username"], USER_GUEST["password"], USER_GUEST["repo"], "latest", expected_error_message="unauthorized to access repository") artifacts = self.artifact.list_artifacts(project_name, USER_GUEST["repo"], **USER_GUEST) self.assertTrue(len(artifacts) == 0) self.assertTrue( self.project.query_user_logs(project_name, **USER_ADMIN) > 0, "admin user can see logs") self.assertTrue( self.project.query_user_logs(project_name, **USER_DEV) > 0, "dev user can see logs") self.assertTrue( self.project.query_user_logs(project_name, **USER_GUEST) > 0, "guest user can see logs") self.assertTrue( self.project.query_user_logs(project_name, status_code=403, **USER_TEST) == 0, "test user can not see any logs") self.repo.delete_repository(project_name, repo_name_admin.split('/')[1], **USER_ADMIN) self.repo.delete_repository(project_name, repo_name_dev.split('/')[1], **USER_ADMIN)
def setUp(self): self.conf= Configurations() self.user = User()