def testRegistryAPI(self): """ Test case: Catalog API to list all repositories by system admin Test step and expected result:G 1. Create user Alice; 2. Create 1 new private projects project_Alice; 3. Push 3 images to project_Alice and Add 3 tags to the 3rd image 4. Call the image_list_tag API 5. Call the catalog API using admin account without pagination, can get all 3 images 5.1 Call the catalog API using admin account with pagination n=1, page=2, twice to get all 3 images. 5.2 Call the catalog API using Alice account, no repos should be found. Tear down: 1. Delete Alice's repository; 2. Delete Alice's project; 3. Delete user Alice. """ url = ADMIN_CLIENT["endpoint"] user_common_password = "******" #1. Create user Alice and Luca; TestProjects.user_Alice_id, user_Alice_name = self.user.create_user(user_password = user_common_password, **ADMIN_CLIENT) USER_ALICE_CLIENT=dict(endpoint = url, username = user_Alice_name, password = user_common_password) #2. Create 2 new private projects project_Alice and project_Luca; TestProjects.project_Alice_id, TestProjects.project_Alice_name = self.project.create_project(metadata = {"public": "false"}, **USER_ALICE_CLIENT) #3. Push 3 images to project_Alice and Add 3 tags to the 3rd image. src_tag = "latest" image_a = "busybox" TestProjects.repo_a, tag_a = push_image_to_project(TestProjects.project_Alice_name, harbor_server, user_Alice_name, user_common_password, image_a, src_tag) image_b = "alpine" TestProjects.repo_b, tag_b = push_image_to_project(TestProjects.project_Alice_name, harbor_server, user_Alice_name, user_common_password, image_b, src_tag) image_c = "hello-world" TestProjects.repo_c, tag_c = push_image_to_project(TestProjects.project_Alice_name, harbor_server, user_Alice_name, user_common_password, image_c, src_tag) create_tags = ["1.0","2.0","3.0"] for tag in create_tags: self.artifact.create_tag(TestProjects.project_Alice_name, self.repo_name, tag_c, tag, **USER_ALICE_CLIENT) #4. Call the image_list_tags API tags = library.docker_api.list_image_tags(harbor_server,TestProjects.repo_c,user_Alice_name,user_common_password) for tag in create_tags: self.assertTrue(tags.count(tag)>0, "Expect tag: %s is not listed"%tag) page_tags = library.docker_api.list_image_tags(harbor_server,TestProjects.repo_c,user_Alice_name,user_common_password,len(tags)/2+1) page_tags += library.docker_api.list_image_tags(harbor_server,TestProjects.repo_c,user_Alice_name,user_common_password,len(tags)/2+1,tags[len(tags)/2]) for tag in create_tags: self.assertTrue(page_tags.count(tag)>0, "Expect tag: %s is not listed by the pagination query"%tag) #5. Call the catalog API; repos = library.docker_api.list_repositories(harbor_server,admin_user,admin_pwd) self.assertTrue(repos.count(TestProjects.repo_a)>0 and repos.count(TestProjects.repo_b)>0 and repos.count(TestProjects.repo_c)>0, "Expected repo not found") for repo in [TestProjects.repo_a,TestProjects.repo_b,TestProjects.repo_c]: self.assertTrue(repos.count(repo)>0,"Expected repo: %s is not listed"%repo) page_repos = library.docker_api.list_repositories(harbor_server,admin_user,admin_pwd,len(repos)/2+1) page_repos += library.docker_api.list_repositories(harbor_server,admin_user,admin_pwd,len(repos)/2+1,repos[len(repos)/2]) for repo in [TestProjects.repo_a,TestProjects.repo_b,TestProjects.repo_c]: self.assertTrue(page_repos.count(repo)>0,"Expected repo: %s is not listed by the pagination query"%repo) null_repos = library.docker_api.list_repositories(harbor_server,user_Alice_name,user_common_password) self.assertEqual(null_repos, "")
def testAssignRoleToLdapGroup(self): """ Test case: Assign Role To Ldap Group Test step and expected result: 1. Set LDAP Auth configurations; 2. Create a new public project(PA) by Admin; 3. Add 3 member groups to project(PA); 4. Push image by each member role; 5. Verfify that admin_user can add project member, dev_user and guest_user can not add project member; 6. Verfify that admin_user and dev_user can push image, guest_user can not push image; 7. Verfify that admin_user, dev_user and guest_user can view logs, test user can not view logs. 8. Delete repository(RA) by user(UA); 9. Delete project(PA); """ url = ADMIN_CLIENT["endpoint"] USER_ADMIN=dict(endpoint = url, username = "******", password = "******", repo = "haproxy") USER_DEV=dict(endpoint = url, username = "******", password = "******", repo = "alpine") USER_GUEST=dict(endpoint = url, username = "******", password = "******", repo = "busybox") USER_TEST=dict(endpoint = url, username = "******", password = "******") USER_MIKE=dict(endpoint = url, username = "******", password = "******") #USER001 is in group harbor_group3 self.conf.set_configurations_of_ldap(ldap_filter="", ldap_group_attribute_name="cn", ldap_group_base_dn="ou=groups,dc=example,dc=com", ldap_group_search_filter="objectclass=groupOfNames", ldap_group_search_scope=2, **ADMIN_CLIENT) with created_project(metadata={"public": "false"}) as (project_id, project_name): self.project.add_project_members(project_id, member_role_id = 1, _ldap_group_dn = "cn=harbor_admin,ou=groups,dc=example,dc=com", **ADMIN_CLIENT) self.project.add_project_members(project_id, member_role_id = 2, _ldap_group_dn = "cn=harbor_dev,ou=groups,dc=example,dc=com", **ADMIN_CLIENT) self.project.add_project_members(project_id, member_role_id = 3, _ldap_group_dn = "cn=harbor_guest,ou=groups,dc=example,dc=com", **ADMIN_CLIENT) projects = self.project.get_projects(dict(name=project_name), **USER_ADMIN) self.assertTrue(len(projects) == 1) self.assertEqual(1, projects[0].current_user_role_id) #Mike has logged in harbor in previous test. mike = self.user.get_user_by_name(USER_MIKE["username"], **ADMIN_CLIENT) #Verify role difference in add project member feature, to distinguish between admin and dev role self.project.add_project_members(project_id, user_id=mike.user_id, member_role_id = 3, **USER_ADMIN) self.project.add_project_members(project_id, user_id=mike.user_id, member_role_id = 3, expect_status_code=403, **USER_DEV) self.project.add_project_members(project_id, user_id=mike.user_id, member_role_id = 3, expect_status_code=403, **USER_GUEST) repo_name_admin, _ = push_image_to_project(project_name, harbor_server, USER_ADMIN["username"], USER_ADMIN["password"], USER_ADMIN["repo"], "latest") artifacts = self.artifact.list_artifacts(project_name, USER_ADMIN["repo"], **USER_ADMIN) self.assertTrue(len(artifacts) == 1) repo_name_dev, _ = push_image_to_project(project_name, harbor_server, USER_DEV["username"], USER_DEV["password"], USER_DEV["repo"], "latest") artifacts = self.artifact.list_artifacts(project_name, USER_DEV["repo"], **USER_DEV) self.assertTrue(len(artifacts) == 1) push_image_to_project(project_name, harbor_server, USER_GUEST["username"], USER_GUEST["password"], USER_GUEST["repo"], "latest", expected_error_message = "unauthorized to access repository") artifacts = self.artifact.list_artifacts(project_name, USER_GUEST["repo"], **USER_GUEST) self.assertTrue(len(artifacts) == 0) self.assertTrue(self.project.query_user_logs(project_name, **USER_ADMIN)>0, "admin user can see logs") self.assertTrue(self.project.query_user_logs(project_name, **USER_DEV)>0, "dev user can see logs") self.assertTrue(self.project.query_user_logs(project_name, **USER_GUEST)>0, "guest user can see logs") self.assertTrue(self.project.query_user_logs(project_name, status_code=403, **USER_TEST)==0, "test user can not see any logs") self.repo.delete_repository(project_name, repo_name_admin.split('/')[1], **USER_ADMIN) self.repo.delete_repository(project_name, repo_name_dev.split('/')[1], **USER_ADMIN)
def testProjectQuota(self): """ Test case: Project Quota Test step and expected result: 1. Create a new user(UA); 2. Create a new private project(PA) by user(UA); 3. Add user(UA) as a member of project(PA) with project-admin role; 4. Push an image to project(PA) by user(UA), then check the project quota usage; 5. Check quota change 6. Push the image with another tag to project(PA) by user(UA) 7. Check quota not changed 8. Delete repository(RA) by user(UA); 9. Delete image, the quota should be changed to 0. Tear down: 1. Delete repository(RA) by user(UA); 2. Delete project(PA); 3. Delete user(UA); """ user_001_password = "******" #1. Create a new user(UA); with created_user(user_001_password) as (user_id, user_name): #2. Create a new private project(PA) by user(UA); #3. Add user(UA) as a member of project(PA) with project-admin role; with created_project(metadata={"public": "false"}, user_id=user_id) as (project_id, project_name): #4. Push an image to project(PA) by user(UA), then check the project quota usage; -- {"count": 1, "storage": 2791709} image, tag = "goharbor/alpine", "3.10" push_image_to_project(project_name, harbor_server, user_name, user_001_password, image, tag) #5. Get project quota quota = self.system.get_project_quota("project", project_id, **ADMIN_CLIENT) self.assertEqual(quota[0].used["count"], 1) self.assertEqual(quota[0].used["storage"], 2789002) #6. Push the image with another tag to project(PA) by user(UA), the check the project quota usage; -- {"count": 1, "storage": 2791709} push_image_to_project(project_name, harbor_server, user_name, user_001_password, image, tag) #7. Get project quota quota = self.system.get_project_quota("project", project_id, **ADMIN_CLIENT) self.assertEqual(quota[0].used["count"], 1) self.assertEqual(quota[0].used["storage"], 2789002) #8. Delete repository(RA) by user(UA); self.repo.delete_repoitory(project_name, image, **ADMIN_CLIENT) #9. Quota should be 0 quota = self.system.get_project_quota("project", project_id, **ADMIN_CLIENT) self.assertEqual(quota[0].used["count"], 0) self.assertEqual(quota[0].used["storage"], 0)
def testScanImageArtifact(self): """ Test case: Scan An Image Artifact Test step and expected result: 1. Create a new user(UA); 2. Create a new private project(PA) by user(UA); 3. Add user(UA) as a member of project(PA) with project-admin role; 4. Get private project of user(UA), user(UA) can see only one private project which is project(PA); 5. Create a new repository(RA) and tag(TA) in project(PA) by user(UA); 6. Send scan image command and get tag(TA) information to check scan result, it should be finished; 7. Swith Scanner; 8. Send scan another image command and get tag(TA) information to check scan result, it should be finished. Tear down: 1. Delete repository(RA) by user(UA); 2. Delete project(PA); 3. Delete user(UA); """ #4. Get private project of user(UA), user(UA) can see only one private project which is project(PA); self.project.projects_should_exist(dict(public=False), expected_count=1, expected_project_id=self.project_id, **self.USER_CLIENT) #Note: Please make sure that this Image has never been pulled before by any other cases, # so it is a not-scanned image right after repository creation. image = "docker" src_tag = "1.13" #5. Create a new repository(RA) and tag(TA) in project(PA) by user(UA); TestScan.repo_name, tag = push_image_to_project( self.project_name, harbor_server, self.user_name, self.user_password, image, src_tag) #6. Send scan image command and get tag(TA) information to check scan result, it should be finished; self.scan.scan_artifact(self.project_name, TestScan.repo_name.split('/')[1], tag, **self.USER_CLIENT) self.artifact.check_image_scan_result(self.project_name, image, tag, **self.USER_CLIENT) #7. Swith Scanner; uuid = self.scanner.scanners_get_uuid(**ADMIN_CLIENT) self.scanner.scanners_registration_id_patch(uuid, **ADMIN_CLIENT) image = "tomcat" src_tag = "latest" TestScan.repo_name, tag = push_image_to_project( self.project_name, harbor_server, self.user_name, self.user_password, image, src_tag) #8. Send scan another image command and get tag(TA) information to check scan result, it should be finished. self.scan.scan_artifact(self.project_name, TestScan.repo_name.split('/')[1], tag, **self.USER_CLIENT) self.artifact.check_image_scan_result(self.project_name, image, tag, **self.USER_CLIENT)
def do_data_creation(): harborAPI = HarborAPI() set_url(version=args.version) harborAPI.get_ca(version=args.version) for user in data["users"]: harborAPI.create_user(user["name"]) for user in data["admin"]: harborAPI.set_user_admin(user["name"], version=args.version) # Make sure to create endpoint first, it's for proxy cache project creation. for endpoint in data["endpoint"]: print("endpoint:", endpoint) harborAPI.add_endpoint(endpoint["url"], endpoint["name"], endpoint["user"], endpoint["pass"], endpoint["insecure"], endpoint["type"], version=args.version) for distribution in data["distributions"]: harborAPI.add_distribution(distribution, version=args.version) harborAPI.populate_projects(version=args.version) harborAPI.push_artifact_index( data["projects"][0]["name"], data["projects"][0]["artifact_index"]["name"], data["projects"][0]["artifact_index"]["tag"], version=args.version) #pull_image("busybox", "redis", "haproxy", "alpine", "httpd:2") push_image_to_project(data["projects"][0]["name"], args.endpoint, 'admin', 'Harbor12345', "busybox", "latest") push_signed_image("alpine", data["projects"][0]["name"], "latest") for replicationrule in data["replicationrule"]: harborAPI.add_replication_rule(replicationrule, version=args.version) harborAPI.update_interrogation_services( data["interrogation_services"]["cron"], version=args.version) harborAPI.update_systemsetting( data["configuration"]["emailsetting"]["emailfrom"], data["configuration"]["emailsetting"]["emailserver"], float(data["configuration"]["emailsetting"]["emailport"]), data["configuration"]["emailsetting"]["emailuser"], data["configuration"]["projectcreation"], data["configuration"]["selfreg"], float(data["configuration"]["token"]), float(data["configuration"]["robot_token"]) * 60 * 24) harborAPI.add_sys_allowlist(data["configuration"]["deployment_security"], version=args.version)
def testScanImage(self): """ Test case: Scan All Image Test step and expected result: 1. Create user Alice and Luca; 2. Create 2 new private projects project_Alice and project_Luca; 3. Push a image to project_Alice and push another image to project_Luca; 4. Trigger scan all event; 5. Check if image in project_Alice and another image in project_Luca were both scanned. Tear down: 1. Delete Alice's repository and Luca's repository; 2. Delete Alice's project and Luca's project; 3. Delete user Alice and Luca. """ url = ADMIN_CLIENT["endpoint"] user_common_password = "******" #1. Create user Alice and Luca; TestProjects.user_Alice_id, user_Alice_name = self.user.create_user(user_password = user_common_password, **ADMIN_CLIENT) TestProjects.user_Luca_id, user_Luca_name = self.user.create_user(user_password = user_common_password, **ADMIN_CLIENT) USER_ALICE_CLIENT=dict(endpoint = url, username = user_Alice_name, password = user_common_password) USER_LUCA_CLIENT=dict(endpoint = url, username = user_Luca_name, password = user_common_password) #2. Create 2 new private projects project_Alice and project_Luca; TestProjects.project_Alice_id, project_Alice_name = self.project.create_project(metadata = {"public": "false"}, **USER_ALICE_CLIENT) TestProjects.project_Luca_id, project_Luca_name = self.project.create_project(metadata = {"public": "false"}, **USER_LUCA_CLIENT) #3. Push a image to project_Alice and push another image to project_Luca; #Note: Please make sure that this Image has never been pulled before by any other cases, # so it is a not-scanned image rigth after repository creation. #image = "tomcat" image = "mariadb" src_tag = "latest" #3.1 Push a image to project_Alice; TestProjects.repo_Alice_name, tag_Alice = push_image_to_project(project_Alice_name, harbor_server, user_Alice_name, user_common_password, image, src_tag) #Note: Please make sure that this Image has never been pulled before by any other cases, # so it is a not-scanned image rigth after repository creation. image = "httpd" src_tag = "latest" #3.2 push another image to project_Luca; TestProjects.repo_Luca_name, tag_Luca = push_image_to_project(project_Luca_name, harbor_server, user_Luca_name, user_common_password, image, src_tag) #4. Trigger scan all event; self.system.scan_now(**ADMIN_CLIENT) #5. Check if image in project_Alice and another image in project_Luca were both scanned. self.repo.check_image_scan_result(TestProjects.repo_Alice_name, tag_Alice, **USER_ALICE_CLIENT) self.repo.check_image_scan_result(TestProjects.repo_Luca_name, tag_Luca, **USER_LUCA_CLIENT)
def test_image_is_unpushable(self): """ Test case: Test Image is Unpushable Test step and expected result: 1. Create a new project; 2. Push image A to the project with 2 tags A and B; 3. Create a enabled rule matched image A with tag A; 4. Tag A should be immutable; 5. Can not push image with the same image name and with the same tag name. """ image_a = dict(name="image_unpushable_a", tag1="latest", tag2="1.3.2") #1. Create a new project; project_id, project_name = self.project.create_project( metadata={"public": "false"}, **self.USER_CLIENT) #2. Push image A to the project with 2 tags A and B; push_special_image_to_project(project_name, harbor_server, self.user_name, self.user_password, image_a["name"], [image_a["tag1"], image_a["tag2"]]) #3. Create a enabled rule matched image A with tag A; self.tag_immutability.create_rule( project_id, selector_repository=image_a["name"], selector_tag=str(image_a["tag1"])[0:2] + "*", **self.USER_CLIENT) #4. Tag A should be immutable; artifact_a = self.artifact.get_reference_info(project_name, image_a["name"], image_a["tag2"], **self.USER_CLIENT) print("[test_image_is_unpushable] - artifact:{}".format(artifact_a)) self.assertTrue(artifact_a) self.check_tag_immutability(artifact_a, image_a["tag1"], status=True) self.check_tag_immutability(artifact_a, image_a["tag2"], status=False) #5. Can not push image with the same image name and with the same tag name. push_image_to_project(project_name, harbor_server, self.user_name, self.user_password, "tomcat", image_a["tag1"], new_image=image_a["name"], expected_error_message="configured as immutable")
def testProjectLevelPolicyContentTrust(self): """ Test case: Project Level Policy Content Trust Test step & Expectation: 1. Create a new user(UA); 2. Create a new project(PA) by user(UA); 3. Push a new image(IA) in project(PA) by admin; 4. Image(IA) should exist; 5. Pull image(IA) successfully; 6. Enable content trust in project(PA) configuration; 7. Pull image(IA) failed and the reason is "The image is not signed in Notary". Tear down: 1. Delete repository(RA) by user(UA); 2. Delete project(PA); 3. Delete user(UA); """ url = ADMIN_CLIENT["endpoint"] admin_name = ADMIN_CLIENT["username"] admin_password = ADMIN_CLIENT["password"] user_content_trust_password = "******" #1. Create a new user(UA); TestProjects.user_content_trust_id, user_content_trust_name = self.user.create_user( user_password=user_content_trust_password, **ADMIN_CLIENT) TestProjects.USER_CONTENT_TRUST_CLIENT = dict( endpoint=url, username=user_content_trust_name, password=user_content_trust_password) #2. Create a new project(PA) by user(UA); TestProjects.project_content_trust_id, project_content_trust_name = self.project.create_project( metadata={"public": "false"}, **TestProjects.USER_CONTENT_TRUST_CLIENT) #3. Push a new image(IA) in project(PA) by admin; TestProjects.repo_name, tag = push_image_to_project( project_content_trust_name, harbor_server, admin_name, admin_password, "hello-world", "latest") #4. Image(IA) should exist; self.repo.image_should_exist(TestProjects.repo_name, tag, **TestProjects.USER_CONTENT_TRUST_CLIENT) #5. Pull image(IA) successfully; pull_harbor_image_successfully(harbor_server, admin_name, admin_password, TestProjects.repo_name, tag) #6. Enable content trust in project(PA) configuration; self.project.update_project(TestProjects.project_content_trust_id, metadata={"enable_content_trust": "true"}, **TestProjects.USER_CONTENT_TRUST_CLIENT) #7. Pull image(IA) failed and the reason is "The image is not signed in Notary". pull_harbor_image_unsuccessfully(harbor_server, admin_name, admin_password, TestProjects.repo_name, tag, "The image is not signed in Notary")
def testScanSignedImage(self): """ Test case: Scan A Signed Image Test step and expected result: 1. Create a new user(UA); 2. Create a new private project(PA) by user(UA); 3. Add user(UA) as a member of project(PA) with project-admin role; 4. Get private project of user(UA), user(UA) can see only one private project which is project(PA); 5. Create a new repository(RA) and tag(TA) in project(PA) by user(UA); 6. Send scan image command and get tag(TA) information to check scan result, it should be finished; 7. Swith Scanner; 8. Send scan another image command and get tag(TA) information to check scan result, it should be finished. Tear down: 1. Delete repository(RA) by user(UA); 2. Delete project(PA); 3. Delete user(UA); """ #Note: Please make sure that this Image has never been pulled before by any other cases, # so it is a not-scanned image right after repository creation. image = "redis" tag = "latest" #5. Create a new repository(RA) and tag(TA) in project(PA) by user(UA); TestScan.repo_name_1, tag = push_image_to_project(self.project_name, harbor_server, self.user_name, self.user_password, image, tag) sign_image(harbor_server, self.project_name, image, tag) #6. Send scan image command and get tag(TA) information to check scan result, it should be finished; self.scan.scan_artifact(self.project_name, TestScan.repo_name_1.split('/')[1], tag, **self.USER_CLIENT) self.artifact.check_image_scan_result(self.project_name, image, tag, **self.USER_CLIENT)
def testSignImage(self): """ Test case: Sign A Image Test step and expected result: 1. Create a new user(UA); 2. Create a new private project(PA) by user(UA); 3. Add user(UA) as a member of project(PA) with project-admin role; 4. Get private project of user(UA), user(UA) can see only one private project which is project(PA); 5. Create a new repository(RA) and tag(TA) in project(PA) by user(UA); 6. Sign image with tag(TA) which was tagged by step #5; 7. Get signature of image with tag(TA), it should be exist. Tear down: NA """ url = ADMIN_CLIENT["endpoint"] user_001_password = "******" #1. Create user-001 TestProjects.user_sign_image_id, user_sign_image_name = self.user.create_user( user_password=user_001_password, **ADMIN_CLIENT) TestProjects.USER_sign_image_CLIENT = dict( with_signature=True, endpoint=url, username=user_sign_image_name, password=user_001_password) #2. Create a new private project(PA) by user(UA); TestProjects.project_sign_image_id, TestProjects.project_sign_image_name = self.project.create_project( metadata={"public": "false"}, **ADMIN_CLIENT) #3. Add user(UA) as a member of project(PA) with project-admin role; self.project.add_project_members(TestProjects.project_sign_image_id, TestProjects.user_sign_image_id, **ADMIN_CLIENT) #4. Get private project of user(UA), user(UA) can see only one private project which is project(PA); self.project.projects_should_exist( dict(public=False), expected_count=1, expected_project_id=TestProjects.project_sign_image_id, **TestProjects.USER_sign_image_CLIENT) image = "hello-world" src_tag = "latest" #5. Create a new repository(RA) and tag(TA) in project(PA) by user(UA); TestProjects.repo_name, tag = push_image_to_project( TestProjects.project_sign_image_name, harbor_server, user_sign_image_name, user_001_password, image, src_tag) #6. Sign image with tag(TA) which was tagged by step #5; sign_image(harbor_server, TestProjects.project_sign_image_name, image, tag) #7. Get signature of image with tag(TA), it should be exist. artifact = self.artifact.get_reference_info( TestProjects.project_sign_image_name, image, tag, **TestProjects.USER_sign_image_CLIENT) self.assertEqual(artifact[0].tags[0].signed, True)
def testScanImage(self): """ Test case: Scan A Image Test step and expected result: 1. Create a new user(UA); 2. Create a new private project(PA) by user(UA); 3. Add user(UA) as a member of project(PA) with project-admin role; 4. Get private project of user(UA), user(UA) can see only one private project which is project(PA); 5. Create a new repository(RA) and tag(TA) in project(PA) by user(UA); 6. Send scan image command and get tag(TA) information to check scan result, it should be finished; Tear down: 1. Delete repository(RA) by user(UA); 2. Delete project(PA); 3. Delete user(UA); """ url = ADMIN_CLIENT["endpoint"] user_001_password = "******" #1. Create user-001 TestProjects.user_scan_image_id, user_scan_image_name = self.user.create_user( user_password=user_001_password, **ADMIN_CLIENT) TestProjects.USER_SCAN_IMAGE_CLIENT = dict( endpoint=url, username=user_scan_image_name, password=user_001_password) #2. Create a new private project(PA) by user(UA); TestProjects.project_scan_image_id, project_scan_image_name = self.project.create_project( metadata={"public": "false"}, **ADMIN_CLIENT) #3. Add user(UA) as a member of project(PA) with project-admin role; self.project.add_project_members(TestProjects.project_scan_image_id, TestProjects.user_scan_image_id, **ADMIN_CLIENT) #4. Get private project of user(UA), user(UA) can see only one private project which is project(PA); self.project.projects_should_exist( dict(public=False), expected_count=1, expected_project_id=TestProjects.project_scan_image_id, **TestProjects.USER_SCAN_IMAGE_CLIENT) #Note: Please make sure that this Image has never been pulled before by any other cases, # so it is a not-scanned image rigth after rpository creation. #image = "tomcat" image = "docker" src_tag = "1.13" #5. Create a new repository(RA) and tag(TA) in project(PA) by user(UA); TestProjects.repo_name, tag = push_image_to_project( project_scan_image_name, harbor_server, user_scan_image_name, user_001_password, image, src_tag) #6. Send scan image command and get tag(TA) information to check scan result, it should be finished; self.repo.scan_image(TestProjects.repo_name, tag, **TestProjects.USER_SCAN_IMAGE_CLIENT) self.repo.check_image_scan_result( TestProjects.repo_name, tag, **TestProjects.USER_SCAN_IMAGE_CLIENT)
def testAddSysLabelToRepo(self): """ Test case: Add Global Label To Tag Test step and expected result: 1. Create a new user(UA); 2. Create a new private project(PA) by user(UA); 3. Add user(UA) as a member of project(PA) with project-admin role; 4. Get private project of user(UA), user(UA) can see only one private project which is project(PA); 5. Create a new repository(RA) and tag(TA) in project(PA) by user(UA); 6. Create a new label(LA) in project(PA) by admin;; 7. Add this system global label to repository(RA)/tag(TA); Tear down: 1. Delete repository(RA) by user(UA); 2. Delete project(PA); 3. Delete user(UA); 4. Delete label(LA). """ url = ADMIN_CLIENT["endpoint"] user_001_password = "******" #1. Create user-001 TestProjects.user_add_g_lbl_id, user_add_g_lbl_name = self.user.create_user( user_password=user_001_password, **ADMIN_CLIENT) TestProjects.USER_add_g_lbl_CLIENT = dict(endpoint=url, username=user_add_g_lbl_name, password=user_001_password) #2. Create private project-001 TestProjects.project_add_g_lbl_id, TestProjects.project_add_g_lbl_name = self.project.create_project( metadata={"public": "false"}, **ADMIN_CLIENT) #3. Add user-001 as a member of project-001 with project-admin role self.project.add_project_members( TestProjects.project_add_g_lbl_id, user_id=TestProjects.user_add_g_lbl_id, **ADMIN_CLIENT) #4. Get private project of user(UA), user(UA) can see only one private project which is project(PA); self.project.projects_should_exist( dict(public=False), expected_count=1, expected_project_id=TestProjects.project_add_g_lbl_id, **TestProjects.USER_add_g_lbl_CLIENT) #5. Create a new repository(RA) and tag(TA) in project(PA) by user(UA); TestProjects.repo_name, tag = push_image_to_project( TestProjects.project_add_g_lbl_name, harbor_server, user_add_g_lbl_name, user_001_password, "hello-world", "latest") #6. Create a new label(LA) in project(PA) by admin; TestProjects.label_id, _ = self.label.create_label(**ADMIN_CLIENT) #7. Add this system global label to repository(RA)/tag(TA). self.artifact.add_label_to_reference( TestProjects.project_add_g_lbl_name, TestProjects.repo_name.split('/')[1], tag, int(TestProjects.label_id), **TestProjects.USER_add_g_lbl_CLIENT)
def testGarbageCollection(self): """ Test case: Garbage Collection Test step and expected result: 1. Create a new user(UA); 2. Create a new project(PA) by user(UA); 3. Push a new image(IA) in project(PA) by admin; 4. Delete repository(RA) by user(UA); 5. Get repository by user(UA), it should get nothing; 6. Tigger garbage collection operation; 7. Check garbage collection job was finished; 8. Get garbage collection log, check there is number of files was deleted. Tear down: 1. Delete project(PA); 2. Delete user(UA). """ url = ADMIN_CLIENT["endpoint"] admin_name = ADMIN_CLIENT["username"] admin_password = ADMIN_CLIENT["password"] user_gc_password = "******" #1. Create a new user(UA); TestProjects.user_gc_id, user_gc_name = self.user.create_user( user_password=user_gc_password, **ADMIN_CLIENT) TestProjects.USER_GC_CLIENT = dict(endpoint=url, username=user_gc_name, password=user_gc_password) #2. Create a new project(PA) by user(UA); TestProjects.project_gc_id, TestProjects.project_gc_name = self.project.create_project( metadata={"public": "false"}, **TestProjects.USER_GC_CLIENT) #3. Push a new image(IA) in project(PA) by admin; repo_name, _ = push_image_to_project(TestProjects.project_gc_name, harbor_server, admin_name, admin_password, "tomcat", "latest") #4. Delete repository(RA) by user(UA); self.repo.delete_repoitory(TestProjects.project_gc_name, repo_name.split('/')[1], **TestProjects.USER_GC_CLIENT) #5. Get repository by user(UA), it should get nothing; repo_data = self.repo.list_repositories(TestProjects.project_gc_name, **TestProjects.USER_GC_CLIENT) _assert_status_code(len(repo_data), 0) #6. Tigger garbage collection operation; gc_id = self.system.gc_now(**ADMIN_CLIENT) #7. Check garbage collection job was finished; self.system.validate_gc_job_status(gc_id, "finished", **ADMIN_CLIENT) #8. Get garbage collection log, check there is number of files was deleted. self.system.validate_deletion_success(gc_id, **ADMIN_CLIENT)
def testProjectQuota(self): """ Test case: Project Quota Test step and expected result: 1. Create a new user(UA); 2. Create a new private project(PA) by user(UA); 3. Add user(UA) as a member of project(PA) with project-admin role; 4. Push an image to project(PA) by user(UA), then check the project quota usage; 5. Check quota change 6. Delete image, the quota should be changed to 0. Tear down: 1. Delete repository(RA) by user(UA); 2. Delete project(PA); 3. Delete user(UA); """ url = ADMIN_CLIENT["endpoint"] user_001_password = "******" #1. Create user-001 TestProjects.user_test_quota_id, user_test_quota_name = self.user.create_user( user_password=user_001_password, **ADMIN_CLIENT) TestProjects.USER_TEST_QUOTA_CLIENT = dict( endpoint=url, username=user_test_quota_name, password=user_001_password) #2. Create a new private project(PA) by user(UA); TestProjects.project_test_quota_id, project_test_quota_name = self.project.create_project( metadata={"public": "false"}, **ADMIN_CLIENT) #3. Add user(UA) as a member of project(PA) with project-admin role; self.project.add_project_members(TestProjects.project_test_quota_id, TestProjects.user_test_quota_id, **ADMIN_CLIENT) #4.Push an image to project(PA) by user(UA), then check the project quota usage; -- {"count": 1, "storage": 2791709} image = "alpine" src_tag = "3.10" TestProjects.repo_name, _ = push_image_to_project( project_test_quota_name, harbor_server, user_test_quota_name, user_001_password, image, src_tag) #5. Get project quota quota = self.system.get_project_quota( "project", TestProjects.project_test_quota_id, **ADMIN_CLIENT) self.assertEqual(quota[0].used["count"], 1) self.assertEqual(quota[0].used["storage"], 2789002) #6. Delete repository(RA) by user(UA); self.repo.delete_repoitory(TestProjects.repo_name, **ADMIN_CLIENT) #6. Quota should be 0 quota = self.system.get_project_quota( "project", TestProjects.project_test_quota_id, **ADMIN_CLIENT) self.assertEqual(quota[0].used["count"], 0) self.assertEqual(quota[0].used["storage"], 0)
def push_artifact_index(self, project, name, tag, **kwargs): image_a = "alpine" image_b = "busybox" repo_name_a, tag_a = push_image_to_project(project, args.endpoint, 'admin', 'Harbor12345', image_a, "latest") repo_name_b, tag_b = push_image_to_project(project, args.endpoint, 'admin', 'Harbor12345', image_b, "latest") manifests = [ args.endpoint + "/" + repo_name_a + ":" + tag_a, args.endpoint + "/" + repo_name_b + ":" + tag_b ] index = args.endpoint + "/" + project + "/" + name + ":" + tag docker_manifest_push_to_harbor(index, manifests, args.endpoint, 'admin', 'Harbor12345', cfg_file=args.libpath + "/update_docker_cfg.sh")
def testDelRepo(self): """ Test case: Delete a repository Test step and expected result: 1. Create a new user(UA); 2. Create a new project(PA) by user(UA); 3. Create a new repository(RA) in project(PA) by user(UA); 4. Get repository in project(PA), there should be one repository which was created by user(UA); 5. Delete repository(RA) by user(UA); 6. Get repository by user(UA), it should get nothing; Tear down: 1. Delete project(PA); 2. Delete user(UA). """ url = ADMIN_CLIENT["endpoint"] user_del_repo_password = "******" #1. Create a new user(UA); TestProjects.user_del_repo_id, user_del_repo_name = self.user.create_user( user_password=user_del_repo_password, **ADMIN_CLIENT) TestProjects.USER_del_repo_CLIENT = dict( endpoint=url, username=user_del_repo_name, password=user_del_repo_password) #2. Create a new project(PA) by user(UA); TestProjects.project_del_repo_id, TestProjects.project_del_repo_name = self.project.create_project( metadata={"public": "false"}, **TestProjects.USER_del_repo_CLIENT) #3. Create a new repository(RA) in project(PA) by user(UA); repo_name, _ = push_image_to_project( TestProjects.project_del_repo_name, harbor_server, 'admin', 'Harbor12345', "hello-world", "latest") #4. Get repository in project(PA), there should be one repository which was created by user(UA); repo_data = self.repo.list_repositories( TestProjects.project_del_repo_name, **TestProjects.USER_del_repo_CLIENT) _assert_status_code(repo_name, repo_data[0].name) #5. Delete repository(RA) by user(UA); self.repo.delete_repoitory(TestProjects.project_del_repo_name, repo_name.split('/')[1], **TestProjects.USER_del_repo_CLIENT) #6. Get repository by user(UA), it should get nothing; repo_data = self.repo.list_repositories( TestProjects.project_del_repo_name, **TestProjects.USER_del_repo_CLIENT) _assert_status_code(len(repo_data), 0)
def testUserViewLogs(self): """ Test case: User View Logs Test step and expected result: 1. Create a new user(UA); 2. Create a new project(PA) by user(UA), in project(PA), there should be 1 'create' log record;; 3. Push a new image(IA) in project(PA) by admin, in project(PA), there should be 1 'push' log record;; 4. Delete repository(RA) by user(UA), in project(PA), there should be 1 'delete' log record;; Tear down: 1. Delete project(PA); 2. Delete user(UA). """ url = ADMIN_CLIENT["endpoint"] admin_name = ADMIN_CLIENT["username"] admin_password = ADMIN_CLIENT["password"] user_content_trust_password = "******" #1. Create a new user(UA); TestProjects.user_user_view_logs_id, user_user_view_logs_name = self.user.create_user(user_password = user_content_trust_password, **ADMIN_CLIENT) TestProjects.USER_USER_VIEW_LOGS_CLIENT=dict(endpoint = url, username = user_user_view_logs_name, password = user_content_trust_password) #2.1 Create a new project(PA) by user(UA); TestProjects.project_user_view_logs_id, project_user_view_logs_name = self.project.create_project(metadata = {"public": "false"}, **TestProjects.USER_USER_VIEW_LOGS_CLIENT) #2.2 In project(PA), there should be 1 'create' log record; operation = "create" log_count = self.projectv2.filter_project_logs(project_user_view_logs_name, user_user_view_logs_name, project_user_view_logs_name, "project", operation, **TestProjects.USER_USER_VIEW_LOGS_CLIENT) if log_count != 1: self.test_result.add_test_result("1 - Failed to get log with user:{}, resource:{}, resource_type:{} and operation:{}". format(user_user_view_logs_name, project_user_view_logs_name, "project", operation)) #3.1 Push a new image(IA) in project(PA) by admin; repo_name, tag = push_image_to_project(project_user_view_logs_name, harbor_server, admin_name, admin_password, "tomcat", "latest") #3.2 In project(PA), there should be 1 'push' log record; operation = "create" log_count = self.projectv2.filter_project_logs(project_user_view_logs_name, admin_name, r'{}:{}'.format(repo_name, tag), "artifact", operation, **TestProjects.USER_USER_VIEW_LOGS_CLIENT) if log_count != 1: self.test_result.add_test_result("2 - Failed to get log with user:{}, resource:{}, resource_type:{} and operation:{}". format(user_user_view_logs_name, project_user_view_logs_name, "artifact", operation)) #4.1 Delete repository(RA) by user(UA); self.repo.delete_repoitory(project_user_view_logs_name, repo_name.split('/')[1], **TestProjects.USER_USER_VIEW_LOGS_CLIENT) #4.2 In project(PA), there should be 1 'delete' log record; operation = "delete" log_count = self.projectv2.filter_project_logs(project_user_view_logs_name, user_user_view_logs_name, repo_name, "repository", operation, **TestProjects.USER_USER_VIEW_LOGS_CLIENT) if log_count != 1: self.test_result.add_test_result("5 - Failed to get log with user:{}, resource:{}, resource_type:{} and operation:{}". format(user_user_view_logs_name, project_user_view_logs_name, "repository", operation))
def testCreateDeleteTag(self): """ Test case: Create/Delete tag Test step and expected result: 1. Create a new user(UA); 2. Create a new project(PA) by user(UA); 3. Push an image(IA) to Harbor by docker successfully; 4. Create a tag(1.0) for the image(IA); 5. Get the image(latest) from Harbor successfully; 6. Verify the image(IA) contains tag named 1.0; 7. Delete the tag(1.0) from image(IA); 8. Get the image(IA) from Harbor successfully; 9. Verify the image(IA) contains no tag named 1.0; Tear down: 1. Delete repository(RA,IA) by user(UA); 2. Delete project(PA); 3. Delete user(UA). """ #1. Create a new user(UA); TestProjects.user_id, user_name = self.user.create_user(user_password = self.user_password, **ADMIN_CLIENT) TestProjects.USER_CLIENT=dict(with_tag = True, endpoint = self.url, username = user_name, password = self.user_password) #2. Create a new project(PA) by user(UA); TestProjects.project_id, TestProjects.project_name = self.project.create_project(metadata = {"public": "false"}, **TestProjects.USER_CLIENT) #3. Push an image(IA) to Harbor by docker successfully; repo_name, tag = push_image_to_project(TestProjects.project_name, harbor_server, 'admin', 'Harbor12345', self.repo_name, "latest") #4. Create a tag(1.0) for the image(IA) self.artifact.create_tag(TestProjects.project_name, self.repo_name, tag, "1.0",**TestProjects.USER_CLIENT) #5. Get the image(IA) from Harbor successfully; artifact = self.artifact.get_reference_info(TestProjects.project_name, self.repo_name, tag, **TestProjects.USER_CLIENT) #6. Verify the image(IA) contains tag named 1.0; self.assertEqual(artifact[0].tags[0].name, "1.0") self.assertEqual(artifact[0].tags[1].name, tag) #7. Delete the tag(1.0) from image(IA); self.artifact.delete_tag(TestProjects.project_name, self.repo_name, tag, "1.0",**TestProjects.USER_CLIENT) #8. Get the image(latest) from Harbor successfully; artifact = self.artifact.get_reference_info(TestProjects.project_name, self.repo_name, tag, **TestProjects.USER_CLIENT) #9. Verify the image(IA) contains no tag named 1.0; self.assertEqual(artifact[0].tags[0].name, tag)
def testScanImageInPublicProject(self): """ Test case: Scan An Image Artifact In Public Project Test step and expected result: 1. Create a new user(UA); 2. Create a new public project(PA) by user(UA); 3. Add user(UA) as a member of project(PA) with project-admin role; 4. Create a new repository(RA) and tag(TA) in project(PA) by user(UA); 5. Send scan image command without credential (anonymous), the API response should be 401; 6. Create a new user(UB) which is non member of the project(PA); 7. Send scan image command with credential of the new created user(UB), the API response should be 403; 8. Delete user(UB); 9. Send scan image command with credential of the user(UA) and get tag(TA) information to check scan result, it should be finished; 10. Delete repository(RA) by user(UA); 11. Delete project(PA); 12. Delete user(UA); """ password = '******' # nosec with created_user(password) as (user_id, username): with created_project(metadata={"public": "true"}, user_id=user_id) as (_, project_name): image, src_tag = "docker", "1.13" full_name, tag = push_image_to_project(project_name, harbor_server, username, password, image, src_tag) repo_name = full_name.split('/')[1] # scan image with anonymous user self.scan.scan_artifact(project_name, repo_name, tag, expect_status_code=401, username=None, password=None) with created_user(password) as (_, username1): # scan image with non project memeber self.scan.scan_artifact(project_name, repo_name, tag, expect_status_code=403, username=username1, password=password) self.scan.scan_artifact(project_name, repo_name, tag, username=username, password=password) self.artifact.check_image_scan_result(project_name, image, tag, username=username, password=password, with_scan_overview=True) self.repo.delete_repoitory(project_name, repo_name)
def testPushImageWithSpecialName(self): """ Test case: Push Image With Special Name Test step and expected result: 1. Create a new user(UA); 2. Create a new private project(PA) by user(UA); 3. Add user(UA) as a member of project(PA) with project-admin role; 4. Get private project of user(UA), user(UA) can see only one private project which is project(PA); 5. Create a new repository(RA) and tag(TA) in project(PA) by user(UA); 6. Sign image with tag(TA) which was tagged by step #5; 7. Get signature of image with tag(TA), it should be exist. Tear down: NA """ url = ADMIN_CLIENT["endpoint"] user_001_password = "******" #1. Create user-001 TestProjects.user_sign_image_id, user_sign_image_name = self.user.create_user( user_password=user_001_password, **ADMIN_CLIENT) TestProjects.USER_sign_image_CLIENT = dict( with_signature=True, endpoint=url, username=user_sign_image_name, password=user_001_password) #2. Create a new private project(PA) by user(UA); TestProjects.project_sign_image_id, TestProjects.project_sign_image_name = self.project.create_project( metadata={"public": "false"}, **ADMIN_CLIENT) #3. Add user(UA) as a member of project(PA) with project-admin role; self.project.add_project_members( TestProjects.project_sign_image_id, user_id=TestProjects.user_sign_image_id, **ADMIN_CLIENT) #4. Get private project of user(UA), user(UA) can see only one private project which is project(PA); self.project.projects_should_exist( dict(public=False), expected_count=1, expected_project_id=TestProjects.project_sign_image_id, **TestProjects.USER_sign_image_CLIENT) image = "redis" src_tag = "latest" profix = "aaa/bbb" #5. Create a new repository(RA) and tag(TA) in project(PA) by user(UA); TestProjects.repo_name, tag = push_image_to_project( TestProjects.project_sign_image_name, harbor_server, user_sign_image_name, user_001_password, image, src_tag, profix_for_image=profix) #7. Get signature of image with tag(TA), it should be exist. full_name = urllib.parse.quote(profix + "/" + image, 'utf-8') artifact = self.artifact.get_reference_info( TestProjects.project_sign_image_name, full_name, tag, **TestProjects.USER_sign_image_CLIENT) self.assertEqual(artifact.type, 'IMAGE')
def testRetag(self): """ Test case: Retag Image Test step and expected result: 1. Create a new user(UA); 2. Create a new project(PA) by user(UA); 3. Create a new project(PB) by user(UA); 4. Update role of user-retag as guest member of project(PB); 5. Create a new repository(RA) in project(PA) by user(UA); 6. Get repository in project(PA), there should be one repository which was created by user(UA); 7. Get repository(RA)'s image tag detail information; 8. Retag image in project(PA) to project(PB), it should be forbidden; 9. Update role of user-retag as admin member of project(PB); 10. Retag image in project(PA) to project(PB), it should be successful; 11. Get repository(RB)'s image tag detail information; 12. Read digest of retaged image, it must be the same with the image in repository(RA); 13. Pull image from project(PB) by user_retag, it must be successful; Tear down: 1. Delete repository(RA); 2. Delete repository by retag; 3. Delete project(PA); 4. Delete user(UA). """ url = ADMIN_CLIENT["endpoint"] user_retag_password = "******" pull_tag_name = "latest" dst_repo_sub_name = "repo" #1. Create a new user(UA); TestProjects.user_retag_id, user_retag_name = self.user.create_user( user_password=user_retag_password, **ADMIN_CLIENT) TestProjects.USER_RETAG_CLIENT = dict(endpoint=url, username=user_retag_name, password=user_retag_password) #2. Create a new project(PA) by user(UA); TestProjects.project_src_repo_id, TestProjects.project_src_repo_name = self.project.create_project( metadata={"public": "false"}, **TestProjects.USER_RETAG_CLIENT) #3. Create a new project(PB) by user(UA); TestProjects.project_dst_repo_id, TestProjects.project_dst_repo_name = self.project.create_project( metadata={"public": "false"}, **TestProjects.USER_RETAG_CLIENT) retag_member_id = self.project.get_project_member_id( TestProjects.project_dst_repo_id, user_retag_name, **TestProjects.USER_RETAG_CLIENT) #4. Update role of user-retag as guest member of project(PB); self.project.update_project_member_role( TestProjects.project_dst_repo_id, retag_member_id, 3, **ADMIN_CLIENT) #5. Create a new repository(RA) in project(PA) by user(UA); TestProjects.src_repo_name, tag_name = push_image_to_project( TestProjects.project_src_repo_name, harbor_server, 'admin', 'Harbor12345', "hello-world", pull_tag_name) #6. Get repository in project(PA), there should be one repository which was created by user(UA); src_repo_data = self.repo.get_repository( TestProjects.project_src_repo_name, **TestProjects.USER_RETAG_CLIENT) _assert_status_code(TestProjects.src_repo_name, src_repo_data[0].name) #7. Get repository(RA)'s image tag detail information; src_tag_data = self.artifact.get_reference_info( TestProjects.project_src_repo_name, TestProjects.src_repo_name.split('/')[1], tag_name, **TestProjects.USER_RETAG_CLIENT) TestProjects.dst_repo_name = TestProjects.project_dst_repo_name + "/" + dst_repo_sub_name #8. Retag image in project(PA) to project(PB), it should be forbidden; self.artifact.copy_artifact(TestProjects.project_dst_repo_name, dst_repo_sub_name, TestProjects.src_repo_name + "@" + src_tag_data[0].digest, expect_status_code=403, **TestProjects.USER_RETAG_CLIENT) #9. Update role of user-retag as admin member of project(PB); self.project.update_project_member_role( TestProjects.project_dst_repo_id, retag_member_id, 1, **ADMIN_CLIENT) #10. Retag image in project(PA) to project(PB), it should be successful; self.artifact.copy_artifact( TestProjects.project_dst_repo_name, dst_repo_sub_name, TestProjects.src_repo_name + "@" + src_tag_data[0].digest, **TestProjects.USER_RETAG_CLIENT) #11. Get repository(RB)'s image tag detail information; dst_tag_data = self.artifact.get_reference_info( TestProjects.project_dst_repo_name, dst_repo_sub_name, tag_name, **TestProjects.USER_RETAG_CLIENT) #12. Read digest of retaged image, it must be the same with the image in repository(RA); self.assertEqual(src_tag_data[0].digest, dst_tag_data[0].digest) #13. Pull image from project(PB) by user_retag, it must be successful;" pull_harbor_image(harbor_server, user_retag_name, user_retag_password, TestProjects.dst_repo_name, tag_name)
def testRobotAccount(self): """ Test case: Robot Account Test step and expected result: 1. Create user(UA); 2. Create private project(PA), private project(PB) and public project(PC) by user(UA); 3. Push image(ImagePA) to project(PA), image(ImagePB) to project(PB) and image(ImagePC) to project(PC) by user(UA); 4. Create a new robot account(RA) with pull and push privilige in project(PA) by user(UA); 5. Check robot account info, it should has both pull and push priviliges; 6. Pull image(ImagePA) from project(PA) by robot account(RA), it must be successful; 7. Push image(ImageRA) to project(PA) by robot account(RA), it must be successful; 8. Push image(ImageRA) to project(PB) by robot account(RA), it must be not successful; 9. Pull image(ImagePB) from project(PB) by robot account(RA), it must be not successful; 10. Pull image from project(PC), it must be successful; 11. Push image(ImageRA) to project(PC) by robot account(RA), it must be not successful; 12. Update action property of robot account(RA); 13. Pull image(ImagePA) from project(PA) by robot account(RA), it must be not successful; 14. Push image(ImageRA) to project(PA) by robot account(RA), it must be not successful; 15. Delete robot account(RA), it must be not successful. Tear down: 1. Delete repository(RA) by user(UA); 2. Delete project(PA); 3. Delete user(UA). """ url = ADMIN_CLIENT["endpoint"] admin_name = ADMIN_CLIENT["username"] admin_password = ADMIN_CLIENT["password"] user_ra_password = "******" image_project_a = "haproxy" image_project_b = "hello-world" image_project_c = "httpd" image_robot_account = "alpine" tag = "latest" #1. Create user(UA);" TestProjects.user_ra_id, user_ra_name = self.user.create_user( user_password=user_ra_password, **ADMIN_CLIENT) TestProjects.USER_RA_CLIENT = dict(endpoint=url, username=user_ra_name, password=user_ra_password) #2. Create private project(PA), private project(PB) and public project(PC) by user(UA); TestProjects.project_ra_id_a, TestProjects.project_ra_name_a = self.project.create_project( metadata={"public": "false"}, **TestProjects.USER_RA_CLIENT) TestProjects.project_ra_id_b, TestProjects.project_ra_name_b = self.project.create_project( metadata={"public": "false"}, **TestProjects.USER_RA_CLIENT) TestProjects.project_ra_id_c, TestProjects.project_ra_name_c = self.project.create_project( metadata={"public": "true"}, **TestProjects.USER_RA_CLIENT) #3. Push image(ImagePA) to project(PA), image(ImagePB) to project(PB) and image(ImagePC) to project(PC) by user(UA); TestProjects.repo_name_in_project_a, tag_a = push_image_to_project( TestProjects.project_ra_name_a, harbor_server, user_ra_name, user_ra_password, image_project_a, tag) TestProjects.repo_name_in_project_b, tag_b = push_image_to_project( TestProjects.project_ra_name_b, harbor_server, user_ra_name, user_ra_password, image_project_b, tag) TestProjects.repo_name_in_project_c, tag_c = push_image_to_project( TestProjects.project_ra_name_c, harbor_server, user_ra_name, user_ra_password, image_project_c, tag) #4. Create a new robot account(RA) with pull and push privilege in project(PA) by user(UA); robot_id, robot_account = self.robot.create_project_robot( TestProjects.project_ra_name_a, 2441000531, **TestProjects.USER_RA_CLIENT) #5. Check robot account info, it should has both pull and push privilege; data = self.robot.get_robot_account_by_id( robot_id, **TestProjects.USER_RA_CLIENT) _assert_status_code(robot_account.name, data.name) #6. Pull image(ImagePA) from project(PA) by robot account(RA), it must be successful; pull_harbor_image(harbor_server, robot_account.name, robot_account.secret, TestProjects.repo_name_in_project_a, tag_a) #7. Push image(ImageRA) to project(PA) by robot account(RA), it must be successful; TestProjects.repo_name_pa, _ = push_image_to_project( TestProjects.project_ra_name_a, harbor_server, robot_account.name, robot_account.secret, image_robot_account, tag) #8. Push image(ImageRA) to project(PB) by robot account(RA), it must be not successful; push_image_to_project( TestProjects.project_ra_name_b, harbor_server, robot_account.name, robot_account.secret, image_robot_account, tag, expected_error_message="unauthorized to access repository") #9. Pull image(ImagePB) from project(PB) by robot account(RA), it must be not successful; pull_harbor_image( harbor_server, robot_account.name, robot_account.secret, TestProjects.repo_name_in_project_b, tag_b, expected_error_message="unauthorized to access repository") #10. Pull image from project(PC), it must be successful; pull_harbor_image(harbor_server, robot_account.name, robot_account.secret, TestProjects.repo_name_in_project_c, tag_c) #11. Push image(ImageRA) to project(PC) by robot account(RA), it must be not successful; push_image_to_project( TestProjects.project_ra_name_c, harbor_server, robot_account.name, robot_account.secret, image_robot_account, tag, expected_error_message="unauthorized to access repository") #12. Update action property of robot account(RA);" self.robot.disable_robot_account(robot_id, True, **TestProjects.USER_RA_CLIENT) #13. Pull image(ImagePA) from project(PA) by robot account(RA), it must be not successful; pull_harbor_image( harbor_server, robot_account.name, robot_account.secret, TestProjects.repo_name_in_project_a, tag_a, expected_login_error_message="unauthorized: authentication required" ) #14. Push image(ImageRA) to project(PA) by robot account(RA), it must be not successful; push_image_to_project( TestProjects.project_ra_name_a, harbor_server, robot_account.name, robot_account.secret, image_robot_account, tag, expected_login_error_message="unauthorized: authentication required" ) #15. Delete robot account(RA), it must be not successful. self.robot.delete_robot_account(robot_id, **TestProjects.USER_RA_CLIENT)
def testRobotAccount(self): """ Test case: Robot Account Test step and expected result: 1. Create user(UA); 2. Create private project(PA), private project(PB) and public project(PC) by user(UA); 3. Push image(ImagePA) to project(PA), image(ImagePB) to project(PB) and image(ImagePC) to project(PC) by user(UA); 4. Create a new robot account(RA) with pull and push privilige in project(PA) by user(UA); 5. Check robot account info, it should has both pull and push priviliges; 6. Pull image(ImagePA) from project(PA) by robot account(RA), it must be successful; 7. Push image(ImageRA) to project(PA) by robot account(RA), it must be successful; 8. Push image(ImageRA) to project(PB) by robot account(RA), it must be not successful; 9. Pull image(ImagePB) from project(PB) by robot account(RA), it must be not successful; 10. Pull image from project(PC), it must be successful; 11. Push image(ImageRA) to project(PC) by robot account(RA), it must be not successful; 12. Update action property of robot account(RA); 13. Pull image(ImagePA) from project(PA) by robot account(RA), it must be not successful; 14. Push image(ImageRA) to project(PA) by robot account(RA), it must be not successful; 15. Push image(ImageRA) to project(PA) by robot account(RA), it must be not successful; Tear down: 1. Delete project(PA) (PB) (PC); 2. Delete user(UA). """ url = ADMIN_CLIENT["endpoint"] admin_name = ADMIN_CLIENT["username"] admin_password = ADMIN_CLIENT["password"] user_ra_password = "******" image_project_a = "tomcat" image_project_b = "hello-world" image_project_c = "mysql" image_robot_account = "mariadb" tag = "latest" print "#1. Create user(UA);" TestProjects.user_ra_id, user_ra_name = self.user.create_user( user_password=user_ra_password, **ADMIN_CLIENT) TestProjects.USER_RA_CLIENT = dict(endpoint=url, username=user_ra_name, password=user_ra_password) print "#2. Create private project(PA), private project(PB) and public project(PC) by user(UA);" TestProjects.project_ra_id_a, project_ra_name_a = self.project.create_project( metadata={"public": "false"}, **TestProjects.USER_RA_CLIENT) TestProjects.project_ra_id_b, project_ra_name_b = self.project.create_project( metadata={"public": "false"}, **TestProjects.USER_RA_CLIENT) TestProjects.project_ra_id_c, project_ra_name_c = self.project.create_project( metadata={"public": "true"}, **TestProjects.USER_RA_CLIENT) print "#3. Push image(ImagePA) to project(PA), image(ImagePB) to project(PB) and image(ImagePC) to project(PC) by user(UA);" TestProjects.repo_name_in_project_a, tag_a = push_image_to_project( project_ra_name_a, harbor_server, user_ra_name, user_ra_password, image_project_a, tag) TestProjects.repo_name_in_project_b, tag_b = push_image_to_project( project_ra_name_b, harbor_server, user_ra_name, user_ra_password, image_project_b, tag) TestProjects.repo_name_in_project_c, tag_c = push_image_to_project( project_ra_name_c, harbor_server, user_ra_name, user_ra_password, image_project_c, tag) print "#4. Create a new robot account(RA) with pull and push privilige in project(PA) by user(UA);" robot_id, robot_account = self.project.add_project_robot_account( TestProjects.project_ra_id_a, project_ra_name_a, 2441000531, **TestProjects.USER_RA_CLIENT) print robot_account.name print robot_account.token print "#5. Check robot account info, it should has both pull and push priviliges;" data = self.project.get_project_robot_account_by_id( TestProjects.project_ra_id_a, robot_id, **TestProjects.USER_RA_CLIENT) _assert_status_code(robot_account.name, data.name) print "#6. Pull image(ImagePA) from project(PA) by robot account(RA), it must be successful;" pull_harbor_image(harbor_server, robot_account.name, robot_account.token, TestProjects.repo_name_in_project_a, tag_a) print "#7. Push image(ImageRA) to project(PA) by robot account(RA), it must be successful;" TestProjects.repo_name_pa, _ = push_image_to_project( project_ra_name_a, harbor_server, robot_account.name, robot_account.token, image_robot_account, tag) print "#8. Push image(ImageRA) to project(PB) by robot account(RA), it must be not successful;" push_image_to_project( project_ra_name_b, harbor_server, robot_account.name, robot_account.token, image_robot_account, tag, expected_error_message= "denied: requested access to the resource is denied") print "#9. Pull image(ImagePB) from project(PB) by robot account(RA), it must be not successful;" pull_harbor_image(harbor_server, robot_account.name, robot_account.token, TestProjects.repo_name_in_project_b, tag_b, expected_error_message=r"pull access denied for " + harbor_server + "/" + TestProjects.repo_name_in_project_b) print "#10. Pull image from project(PC), it must be successful;" pull_harbor_image(harbor_server, robot_account.name, robot_account.token, TestProjects.repo_name_in_project_c, tag_c) print "#11. Push image(ImageRA) to project(PC) by robot account(RA), it must be not successful;" push_image_to_project( project_ra_name_c, harbor_server, robot_account.name, robot_account.token, image_robot_account, tag, expected_error_message= "denied: requested access to the resource is denied") print "#12. Update action property of robot account(RA);" self.project.disable_project_robot_account( TestProjects.project_ra_id_a, robot_id, True, **TestProjects.USER_RA_CLIENT) print "#13. Pull image(ImagePA) from project(PA) by robot account(RA), it must be not successful;" pull_harbor_image( harbor_server, robot_account.name, robot_account.token, TestProjects.repo_name_in_project_a, tag_a, expected_login_error_message="401 Client Error: Unauthorized") print "#14. Push image(ImageRA) to project(PA) by robot account(RA), it must be not successful;" push_image_to_project( project_ra_name_a, harbor_server, robot_account.name, robot_account.token, image_robot_account, tag, expected_login_error_message="401 Client Error: Unauthorized") print "#15. Delete robot account(RA), it must be not successful;" self.project.delete_project_robot_account( TestProjects.project_ra_id_a, robot_id, **TestProjects.USER_RA_CLIENT)
def testAddIndexByDockerManifest(self): """ Test case: Push Index By Docker Manifest Test step and expected result: 1. Create a new user(UA); 2. Create a new project(PA) by user(UA); 3. Create 2 new repositorys(RA,RB) in project(PA) by user(UA); 4. Push an index(IA) to Harbor by docker manifest CLI successfully; 5. Get index(IA) from Harbor successfully; 6. Verify harbor index is index(IA) pushed by docker manifest CLI; 7. Verify harbor index(IA) can be pulled by docker CLI successfully. Tear down: 1. Delete repository(RA,RB,IA) by user(UA); 2. Delete project(PA); 3. Delete user(UA). """ #1. Create a new user(UA); TestProjects.user_id, user_name = self.user.create_user( user_password=self.user_push_index_password, **ADMIN_CLIENT) TestProjects.USER_CLIENT = dict(endpoint=self.url, username=user_name, password=self.user_push_index_password) #2. Create a new project(PA) by user(UA); TestProjects.project_push_index_id, TestProjects.project_push_index_name = self.project.create_project( metadata={"public": "false"}, **TestProjects.USER_CLIENT) #3. Create 2 new repositorys(RA,RB) in project(PA) by user(UA); repo_name_a, tag_a = push_image_to_project( TestProjects.project_push_index_name, harbor_server, 'admin', 'Harbor12345', self.image_a, "latest") repo_name_b, tag_b = push_image_to_project( TestProjects.project_push_index_name, harbor_server, 'admin', 'Harbor12345', self.image_b, "latest") #4. Push an index(IA) to Harbor by docker manifest CLI successfully; manifests = [ harbor_server + "/" + repo_name_a + ":" + tag_a, harbor_server + "/" + repo_name_b + ":" + tag_b ] index = harbor_server + "/" + TestProjects.project_push_index_name + "/" + self.index_name + ":" + self.index_tag index_sha256_cli_ret, manifests_sha256_cli_ret = library.docker_api.docker_manifest_push_to_harbor( index, manifests, harbor_server, user_name, self.user_push_index_password) #5. Get index(IA) from Harbor successfully; index_data = self.artifact.get_reference_info( TestProjects.project_push_index_name, self.index_name, self.index_tag, **TestProjects.USER_CLIENT) manifests_sha256_harbor_ret = [ index_data[0].references[1].child_digest, index_data[0].references[0].child_digest ] #6. Verify harbor index is index(IA) pushed by docker manifest CLI; self.assertEqual(index_data[0].digest, index_sha256_cli_ret) self.assertEqual( manifests_sha256_harbor_ret.count(manifests_sha256_cli_ret[0]), 1) self.assertEqual( manifests_sha256_harbor_ret.count(manifests_sha256_cli_ret[1]), 1) #7. Verify harbor index(IA) can be pulled by docker CLI successfully; pull_harbor_image( harbor_server, user_name, self.user_push_index_password, TestProjects.project_push_index_name + "/" + self.index_name, self.index_tag)
def testAddIndexByDockerManifest(self): """ Test case: Push Index By Docker Manifest Test step and expected result: 1. Create a new user(UA); 2. Create a new project(PA) by user(UA); 3. Create 2 new repositorys(RA,RB) in project(PA) by user(UA); 4. Push an index(IA) to Harbor by docker manifest CLI successfully; 5. Get Artifacts successfully; 6. Get index(IA) by reference successfully; 7. Verify harbor index is index(IA) pushed by docker manifest CLI; 8.1 Verify harbor index(IA) can be pulled by docker CLI successfully; 8.2 Verify harbor index(IA) can be pulled by docker CLI successfully; 9. Get addition successfully; 10. Unable to Delete artifact in manifest list; 11. Delete index successfully. Tear down: 1. Delete repository(RA,RB,IA) by user(UA); 2. Delete project(PA); 3. Delete user(UA). """ #1. Create a new user(UA); TestProjects.user_id, user_name = self.user.create_user( user_password=self.user_push_index_password, **ADMIN_CLIENT) TestProjects.USER_CLIENT = dict(endpoint=self.url, username=user_name, password=self.user_push_index_password) #2. Create a new project(PA) by user(UA); TestProjects.project_push_index_id, TestProjects.project_push_index_name = self.project.create_project( metadata={"public": "false"}, **TestProjects.USER_CLIENT) #3. Create 2 new repositorys(RA,RB) in project(PA) by user(UA); repo_name_a, tag_a = push_image_to_project( TestProjects.project_push_index_name, harbor_server, 'admin', 'Harbor12345', self.image_a, "latest") repo_name_b, tag_b = push_image_to_project( TestProjects.project_push_index_name, harbor_server, 'admin', 'Harbor12345', self.image_b, "latest") #4. Push an index(IA) to Harbor by docker manifest CLI successfully; manifests = [ harbor_server + "/" + repo_name_a + ":" + tag_a, harbor_server + "/" + repo_name_b + ":" + tag_b ] index = harbor_server + "/" + TestProjects.project_push_index_name + "/" + self.index_name + ":" + self.index_tag index_sha256_cli_ret, manifests_sha256_cli_ret = library.docker_api.docker_manifest_push_to_harbor( index, manifests, harbor_server, user_name, self.user_push_index_password) #5. Get Artifacts successfully; artifacts = self.artifact.list_artifacts( TestProjects.project_push_index_name, self.index_name, **TestProjects.USER_CLIENT) artifacts_ref_child_list = [ artifacts[0].references[1].child_digest, artifacts[0].references[0].child_digest ] self.assertEqual( artifacts_ref_child_list.count(manifests_sha256_cli_ret[0]), 1) self.assertEqual( artifacts_ref_child_list.count(manifests_sha256_cli_ret[1]), 1) #6. Get index(IA) by reference successfully; index_data = self.artifact.get_reference_info( TestProjects.project_push_index_name, self.index_name, self.index_tag, **TestProjects.USER_CLIENT) manifests_sha256_harbor_ret = [ index_data[0].references[1].child_digest, index_data[0].references[0].child_digest ] #7. Verify harbor index is index(IA) pushed by docker manifest CLI; self.assertEqual(index_data[0].digest, index_sha256_cli_ret) self.assertEqual( manifests_sha256_harbor_ret.count(manifests_sha256_cli_ret[0]), 1) self.assertEqual( manifests_sha256_harbor_ret.count(manifests_sha256_cli_ret[1]), 1) #8.1 Verify harbor index(IA) can be pulled by docker CLI successfully; pull_harbor_image( harbor_server, user_name, self.user_push_index_password, TestProjects.project_push_index_name + "/" + self.index_name, self.index_tag) #8.2 Verify harbor index(IA) can be pulled by ctr successfully; oci_ref = harbor_server + "/" + TestProjects.project_push_index_name + "/" + self.index_name + ":" + self.index_tag library.containerd.ctr_images_pull(user_name, self.user_push_index_password, oci_ref) library.containerd.ctr_images_list(oci_ref=oci_ref) #9. Get addition successfully; addition_v = self.artifact.get_addition( TestProjects.project_push_index_name, self.index_name, self.index_tag, "vulnerabilities", **TestProjects.USER_CLIENT) self.assertEqual(addition_v[0], '{}') #This artifact has no build history addition_v = self.artifact.get_addition( TestProjects.project_push_index_name, self.index_name, manifests_sha256_cli_ret[0], "vulnerabilities", **TestProjects.USER_CLIENT) self.assertEqual(addition_v[0], '{}') addition_b = self.artifact.get_addition( TestProjects.project_push_index_name, self.index_name, manifests_sha256_cli_ret[0], "build_history", **TestProjects.USER_CLIENT) self.assertIn("ADD file:", addition_b[0]) image_data = self.artifact.get_reference_info( TestProjects.project_push_index_name, self.index_name, manifests_sha256_cli_ret[0], **TestProjects.USER_CLIENT) addition_v = self.artifact.get_addition( TestProjects.project_push_index_name, self.index_name, manifests_sha256_cli_ret[1], "vulnerabilities", **TestProjects.USER_CLIENT) self.assertEqual(addition_v[0], '{}') addition_b = self.artifact.get_addition( TestProjects.project_push_index_name, self.index_name, manifests_sha256_cli_ret[1], "build_history", **TestProjects.USER_CLIENT) self.assertIn("ADD file:", addition_b[0]) image_data = self.artifact.get_reference_info( TestProjects.project_push_index_name, self.index_name, manifests_sha256_cli_ret[0], **TestProjects.USER_CLIENT) #10. Unable to Delete artifact in manifest list; self.artifact.delete_artifact(TestProjects.project_push_index_name, self.index_name, manifests_sha256_cli_ret[0], expect_status_code=412, **TestProjects.USER_CLIENT) #11. Delete index successfully. self.artifact.delete_artifact(TestProjects.project_push_index_name, self.index_name, self.index_tag, **TestProjects.USER_CLIENT)
def testManageProjectMember(self): """ Test case: Manage Project members Test step and expected result: 1. Create user Alice, Bob, Carol; 2. Create private project(Alice) by Alice, Add a repository to project(Alice) by Alice; 3. Bob is not a member of project(Alice); 4. Alice Add Bob as a guest member of project(Alice), Check Bob is a guest member of project(Alice); 5. Update role of Bob to developer of project(Alice), Check Bob is developer member of project(Alice); 6. Update role of Bob to admin member of project(Alice), Check Bob is admin member of project(Alice); 7. Bob add Carol to project(Alice) as a guest member, Carol is a member of project(Alice) as a guest; 8. Alice delete Bob from project(Alice), Bob is no longer a member of project(Alice) and Bob can see project(Alice), Carol is still a member of project(Alice) as a guest. Tear down: 1. Delete repository(RA) by admin; 2. Delete project(Alice); 3. Delete user Alice, Bob and Carol. """ url = ADMIN_CLIENT["endpoint"] user_alice_password = "******" user_bob_password = "******" user_carol_password = "******" #1.1 Create user Alice TestProjects.user_alice_id, user_alice_name = self.user.create_user(user_password = user_alice_password, **ADMIN_CLIENT) USER_ALICE_CLIENT=dict(endpoint = url, username = user_alice_name, password = user_alice_password) #1.2 Create user Bob TestProjects.user_bob_id, user_bob_name = self.user.create_user(user_password = user_bob_password, **ADMIN_CLIENT) USER_BOB_CLIENT=dict(endpoint = url, username = user_bob_name, password = user_bob_password) #1.3 Create user Carol TestProjects.user_carol_id, user_carol_name = self.user.create_user(user_password = user_carol_password, **ADMIN_CLIENT) #2.1 Create private project(PA) by Alice TestProjects.project_alice_id, TestProjects.project_alice_name = self.project.create_project(metadata = {"public": "false"}, **USER_ALICE_CLIENT) #2.2 Add a repository to project(PA) by Alice TestProjects.repo_name, _ = push_image_to_project(TestProjects.project_alice_name, harbor_server, user_alice_name, user_alice_password, "hello-world", "latest") #3. Bob is not a member of project(PA); self.project.check_project_member_not_exist(TestProjects.project_alice_id, user_bob_name, **USER_ALICE_CLIENT) #4.1 Alice Add Bob as a guest member of project(PA) member_id_bob = self.project.add_project_members(TestProjects.project_alice_id, TestProjects.user_bob_id, member_role_id = 3, **USER_ALICE_CLIENT) #4.2 Check Bob is a guest member of project(PA) self.project.check_project_members_exist(TestProjects.project_alice_id, user_bob_name, expected_member_role_id = 3, user_name = user_bob_name, user_password = user_bob_password, **USER_ALICE_CLIENT) #5.1 Update role of Bob to developer of project(PA) self.project.update_project_member_role(TestProjects.project_alice_id, member_id_bob, 2, **USER_ALICE_CLIENT) #5.2 Check Bob is developer member of project(PA) self.project.check_project_members_exist(TestProjects.project_alice_id, user_bob_name, expected_member_role_id = 2, user_name = user_bob_name, user_password = user_bob_password, **USER_ALICE_CLIENT) #6.1 Update role of Bob to admin member of project(PA) self.project.update_project_member_role(TestProjects.project_alice_id, member_id_bob, 1, **USER_ALICE_CLIENT) #6.2 Check Bob is admin member of project(PA) self.project.check_project_members_exist(TestProjects.project_alice_id, user_bob_name, expected_member_role_id = 1, user_name = user_bob_name, user_password = user_bob_password, **USER_ALICE_CLIENT) #7.1 Bob add Carol to project(PA) as a guest member. self.project.add_project_members(TestProjects.project_alice_id, TestProjects.user_carol_id, member_role_id = 3, **USER_BOB_CLIENT) #7.2 Carol is a member of project(PA) as a guest. self.project.check_project_members_exist(TestProjects.project_alice_id, user_carol_name, expected_member_role_id = 3, user_name = user_carol_name, user_password = user_carol_password, **USER_ALICE_CLIENT) #8.1 Alice delete Bob from project(PA). self.project.delete_project_member(TestProjects.project_alice_id, member_id_bob, **USER_ALICE_CLIENT) #8.2 Bob is no longer a member of project(PA) and Bob can see project(PA). self.project.check_project_member_not_exist(TestProjects.project_alice_id, user_bob_name, **USER_ALICE_CLIENT) #8.3 Carol is still a member of project(PA) as a guest. self.project.check_project_members_exist(TestProjects.project_alice_id, user_carol_name, expected_member_role_id = 3, user_name = user_carol_name, user_password = user_carol_password, **USER_ALICE_CLIENT)