def create_system_robot(self,
permission_list,
duration,
robot_name=None,
robot_desc=None,
expect_status_code=201,
**kwargs):
if robot_name is None:
robot_name = base._random_name("robot")
if robot_desc is None:
robot_desc = base._random_name("robot_desc")
robotAccountCreate = v2_swagger_client.RobotCreate(
name=robot_name,
description=robot_desc,
duration=duration,
level="system",
disable=False,
permissions=permission_list)
print("robotAccountCreate:", robotAccountCreate)
client = self._get_client(**kwargs)
data = []
data, status_code, header = client.create_robot_with_http_info(
robotAccountCreate)
base._assert_status_code(expect_status_code, status_code)
base._assert_status_code(201, status_code)
return base._get_id_from_header(header), data
def create_user(self,
name=None,
email=None,
user_password=None,
realname=None,
expect_status_code=201,
**kwargs):
if name is None:
name = base._random_name("user")
if realname is None:
realname = base._random_name("realname")
if email is None:
email = '%s@%s.com' % (realname, "vmware")
if user_password is None:
user_password = "******"
user_req = v2_swagger_client.UserCreationReq(username=name,
email=email,
password=user_password,
realname=realname)
try:
_, status_code, header = self._get_client(
**kwargs).create_user_with_http_info(user_req)
except ApiException as e:
base._assert_status_code(expect_status_code, e.status)
else:
base._assert_status_code(expect_status_code, status_code)
return base._get_id_from_header(header), name
def create_user(self,
name=None,
email=None,
user_password=None,
realname=None,
role_id=None,
**kwargs):
if name is None:
name = base._random_name("user")
if realname is None:
realname = base._random_name("realname")
if email is None:
email = '%s@%s.com' % (realname, "vmware")
if user_password is None:
user_password = "******"
if role_id is None:
role_id = 0
client = self._get_client(**kwargs)
user = swagger_client.User(username=name,
email=email,
password=user_password,
realname=realname,
role_id=role_id)
_, status_code, header = client.users_post_with_http_info(user)
base._assert_status_code(201, status_code)
return base._get_id_from_header(header), name
def create_project_robot(self,
project_name,
expires_at,
robot_name=None,
robot_desc=None,
has_pull_right=True,
has_push_right=True,
has_chart_read_right=True,
has_chart_create_right=True,
expect_status_code=201,
**kwargs):
if robot_name is None:
robot_name = base._random_name("robot")
if robot_desc is None:
robot_desc = base._random_name("robot_desc")
if has_pull_right is False and has_push_right is False:
has_pull_right = True
access_list = []
action_pull = "pull"
action_push = "push"
action_read = "read"
action_create = "create"
if has_pull_right is True:
robotAccountAccess = v2_swagger_client.Access(
resource="repository", action=action_pull)
access_list.append(robotAccountAccess)
if has_push_right is True:
robotAccountAccess = v2_swagger_client.Access(
resource="repository", action=action_push)
access_list.append(robotAccountAccess)
if has_chart_read_right is True:
robotAccountAccess = v2_swagger_client.Access(
resource="helm-chart", action=action_read)
access_list.append(robotAccountAccess)
if has_chart_create_right is True:
robotAccountAccess = v2_swagger_client.Access(
resource="helm-chart-version", action=action_create)
access_list.append(robotAccountAccess)
robotaccountPermissions = v2_swagger_client.Permission(
kind="project", namespace=project_name, access=access_list)
permission_list = []
permission_list.append(robotaccountPermissions)
robotAccountCreate = v2_swagger_client.RobotCreate(
name=robot_name,
description=robot_desc,
expires_at=expires_at,
level="project",
permissions=permission_list)
client = self._get_client(**kwargs)
data = []
data, status_code, header = client.create_robot_with_http_info(
robotAccountCreate)
base._assert_status_code(expect_status_code, status_code)
base._assert_status_code(201, status_code)
return base._get_id_from_header(header), data
def verify_repository_unpushable(self, project_access_list, system_ra_client, expected_login_error_message = "unauthorized: authentication required", expected_error_message = ""):
for project_access in project_access_list: #---repository:push---
push_self_build_image_to_project(
project_access["project_name"],
harbor_server, system_ra_client["username"], system_ra_client["password"],
"test_unpushable"+base._random_name("repo"), "v6.8.1"+base._random_name("tag"),
expected_login_error_message = expected_login_error_message,
expected_error_message = expected_error_message
)
def add_project_robot_account(self,
project_id,
project_name,
expires_at,
robot_name=None,
robot_desc=None,
has_pull_right=True,
has_push_right=True,
has_chart_read_right=True,
has_chart_create_right=True,
expect_status_code=201,
**kwargs):
kwargs['api_type'] = 'products'
if robot_name is None:
robot_name = base._random_name("robot")
if robot_desc is None:
robot_desc = base._random_name("robot_desc")
if has_pull_right is False and has_push_right is False:
has_pull_right = True
access_list = []
resource_by_project_id = "/project/" + str(project_id) + "/repository"
resource_helm_by_project_id = "/project/" + str(
project_id) + "/helm-chart"
resource_helm_create_by_project_id = "/project/" + str(
project_id) + "/helm-chart-version"
action_pull = "pull"
action_push = "push"
action_read = "read"
action_create = "create"
if has_pull_right is True:
robotAccountAccess = swagger_client.RobotAccountAccess(
resource=resource_by_project_id, action=action_pull)
access_list.append(robotAccountAccess)
if has_push_right is True:
robotAccountAccess = swagger_client.RobotAccountAccess(
resource=resource_by_project_id, action=action_push)
access_list.append(robotAccountAccess)
if has_chart_read_right is True:
robotAccountAccess = swagger_client.RobotAccountAccess(
resource=resource_helm_by_project_id, action=action_read)
access_list.append(robotAccountAccess)
if has_chart_create_right is True:
robotAccountAccess = swagger_client.RobotAccountAccess(
resource=resource_helm_create_by_project_id,
action=action_create)
access_list.append(robotAccountAccess)
robotAccountCreate = swagger_client.RobotAccountCreate(
robot_name, robot_desc, expires_at, access_list)
client = self._get_client(**kwargs)
data = []
data, status_code, header = client.projects_project_id_robots_post_with_http_info(
project_id, robotAccountCreate)
base._assert_status_code(expect_status_code, status_code)
base._assert_status_code(201, status_code)
return base._get_id_from_header(header), data
def create_registry(self,
url,
registry_type="harbor",
description="",
credentialType="basic",
access_key="admin",
access_secret="Harbor12345",
name=base._random_name("registry"),
insecure=True,
expect_status_code=201,
**kwargs):
client = self._get_client(**kwargs)
registryCredential = v2_swagger_client.RegistryCredential(
type=credentialType,
access_key=access_key,
access_secret=access_secret)
registry = v2_swagger_client.Registry(name=name,
url=url,
description=description,
type=registry_type,
insecure=insecure,
credential=registryCredential)
print("registry:", registry)
_, status_code, header = client.create_registry_with_http_info(
registry)
base._assert_status_code(expect_status_code, status_code)
return base._get_id_from_header(header), _
def create_project(self,
name=None,
metadata=None,
expect_status_code=201,
expect_response_body=None,
**kwargs):
if name is None:
name = base._random_name("project")
if metadata is None:
metadata = {}
client = self._get_client(**kwargs)
try:
_, status_code, header = client.projects_post_with_http_info(
swagger_client.ProjectReq(name, metadata))
except ApiException as e:
if e.status == expect_status_code:
if expect_response_body is not None and e.body.strip(
) != expect_response_body.strip():
raise Exception(
r"Create project result body is not as expected {} actual status is {}."
.format(expect_response_body.strip(), e.body.strip()))
else:
return e.reason, e.body
else:
raise Exception(
r"Create project result is not as expected {} actual status is {}."
.format(expect_status_code, e.status))
base._assert_status_code(expect_status_code, status_code)
return base._get_id_from_header(header), name
def create_instance(self,
name=None,
description="It's a dragonfly instance",
vendor="dragonfly",
endpoint_url="http://20.32.244.16",
auth_mode="NONE",
enabled=True,
insecure=True,
expect_status_code=201,
expect_response_body=None,
**kwargs):
if name is None:
name = base._random_name("instance")
client = self._get_client(**kwargs)
instance = v2_swagger_client.Instance(name=name,
description=description,
vendor=vendor,
endpoint=endpoint_url,
auth_mode=auth_mode,
enabled=enabled)
print("instance:", instance)
try:
_, status_code, header = client.create_instance_with_http_info(
instance)
except ApiException as e:
base._assert_status_code(expect_status_code, e.status)
if expect_response_body is not None:
base._assert_status_body(expect_response_body, e.body)
return
base._assert_status_code(expect_status_code, status_code)
base._assert_status_code(201, status_code)
return base._get_id_from_header(header), name
def create_label(self,
name=None,
desc="",
color="",
scope="g",
project_id=0,
expect_status_code=201,
**kwargs):
if name is None:
name = base._random_name("label")
label = swagger_client.Label(name=name,
description=desc,
color=color,
scope=scope,
project_id=project_id)
client = self._get_client(**kwargs)
try:
_, status_code, header = client.labels_post_with_http_info(label)
except ApiException as e:
base._assert_status_code(expect_status_code, e.status)
else:
base._assert_status_code(expect_status_code, status_code)
base._assert_status_code(201, status_code)
return base._get_id_from_header(header), name
def create_project(self,
name=None,
registry_id=None,
metadata=None,
expect_status_code=201,
expect_response_body=None,
**kwargs):
if name is None:
name = base._random_name("project")
if metadata is None:
metadata = {}
if registry_id is None:
registry_id = registry_id
project = v2_swagger_client.ProjectReq(project_name=name,
registry_id=registry_id,
metadata=metadata)
try:
_, status_code, header = self._get_client(
**kwargs).create_project_with_http_info(project)
except ApiException as e:
base._assert_status_code(expect_status_code, e.status)
if expect_response_body is not None:
base._assert_status_body(expect_response_body, e.body)
return
base._assert_status_code(expect_status_code, status_code)
base._assert_status_code(201, status_code)
return base._get_id_from_header(header), name
def create_policy(
self,
project_name,
project_id,
provider_id,
name=None,
description="It's a dragonfly policy",
filters=r'[{"type":"repository","value":"re*"},{"type":"tag","value":"v1.0*"}]',
trigger=r'{"type":"manual","trigger_setting":{"cron":""}}',
enabled=True,
expect_status_code=201,
expect_response_body=None,
**kwargs):
if name is None:
name = base._random_name("policy")
client = self._get_client(**kwargs)
policy = v2_swagger_client.PreheatPolicy(name=name,
project_id=project_id,
provider_id=provider_id,
description=description,
filters=filters,
trigger=trigger,
enabled=enabled)
print("policy:", policy)
try:
data, status_code, header = client.create_policy_with_http_info(
project_name, policy)
except ApiException as e:
base._assert_status_code(expect_status_code, e.status)
if expect_response_body is not None:
base._assert_status_body(expect_response_body, e.body)
return
base._assert_status_code(expect_status_code, status_code)
base._assert_status_code(201, status_code)
return base._get_id_from_header(header), name
def create_project(self, name=None, metadata={}, **kwargs):
if name is None:
name = base._random_name("project")
client = self._get_client(**kwargs)
_, _, header = client.projects_post_with_http_info(
swagger_client.ProjectReq(name, metadata))
return base._get_id_from_header(header), name
def docker_image_tag(self, image, harbor_registry, tag = None):
_tag = base._random_name("tag")
if tag is not None:
_tag = tag
try:
self.DCLIENT.tag(image, harbor_registry, _tag, force=True)
return harbor_registry, _tag
except docker.errors.APIError, e:
raise Exception(r" Docker tag image {} failed, error is [{}]".format (image, e.message))
def verify_repository_pushable(self, project_access_list,
system_ra_client):
for project_access in project_access_list:
print(r"project_access:", project_access)
if project_access["check_list"][1]: #---repository:push---
repo = push_self_build_image_to_project(
project_access["project_name"], harbor_server,
system_ra_client["username"], system_ra_client["password"],
"test_pushable" + base._random_name("repo"),
"v6.8.1" + base._random_name("tag"))
else:
push_self_build_image_to_project(
project_access["project_name"],
harbor_server,
system_ra_client["username"],
system_ra_client["password"],
"test_unpushable" + base._random_name("repo"),
"v6.8.1" + base._random_name("tag"),
expected_error_message="unauthorized to access repository")
def docker_image_tag(self, image, harbor_registry, tag = None):
_tag = base._random_name("tag")
if tag is not None:
_tag = tag
ret = ""
try:
ret = self.DCLIENT.tag(image, harbor_registry, _tag, force=True)
print("Docker image tag commond return:", ret)
return harbor_registry, _tag
except docker.errors.APIError as err:
raise Exception(r" Docker tag image {} failed, error is [{}]".format (image, str(err)))
def create_project(self, name=None, metadata=None, **kwargs):
if name is None:
name = base._random_name("project")
if metadata is None:
metadata = {}
client = self._get_client(**kwargs)
_, status_code, header = client.projects_post_with_http_info(
swagger_client.ProjectReq(name, metadata))
base._assert_status_code(201, status_code)
project_id = base._get_id_from_header(header)
return name, project_id
def create_user(self,
name=None,
email=None,
password=None,
realname=None,
**kwargs):
if name is None:
name = base._random_name("user")
if realname is None:
realname = base._random_name("realname")
if email is None:
email = '%s@%s.com' % (realname, "vmware")
if password is None:
password = "******"
client = self._get_client(**kwargs)
user = swagger_client.User(None, name, email, password, realname, None,
None, None, None, None, None, None, None,
None)
print user
_, _, header = client.users_post_with_http_info(user)
return base._get_id_from_header(header), name
def create_webhook(self,
project_id,
targets,
event_types=[
"DELETE_ARTIFACT", "PULL_ARTIFACT", "PUSH_ARTIFACT",
"DELETE_CHART", "DOWNLOAD_CHART", "UPLOAD_CHART",
"QUOTA_EXCEED", "QUOTA_WARNING", "SCANNING_FAILED",
"TAG_RETENTION"
],
name=None,
desc=None,
enabled=True,
expect_status_code=201,
expect_response_body=None,
**kwargs):
if name is None:
name = base._random_name("webhook") + (str(project_id))
if desc is None:
desc = base._random_name("webhook desc") + (str(project_id))
policy = v2_swagger_client.WebhookPolicy(name=name,
description=desc,
project_id=project_id,
targets=targets,
event_types=event_types,
enabled=enabled)
try:
_, status_code, header = self._get_client(
**kwargs).create_webhook_policy_of_project_with_http_info(
project_id, policy)
except ApiException as e:
base._assert_status_code(expect_status_code, e.status)
if expect_response_body is not None:
base._assert_status_body(expect_response_body, e.body)
return
base._assert_status_code(expect_status_code, status_code)
base._assert_status_code(201, status_code)
return base._get_id_from_header(header), name
def docker_image_pull(self, image, tag=None):
_tag = "latest"
if tag is not None:
_tag = tag
try:
tag = base._random_name("tag")
pull_ret = base._get_string_from_unicode(
self.DCLIENT.pull('{}:{}'.format(image, _tag)))
print "pull_ret:", pull_ret
except docker.errors.APIError, e:
raise Exception(
r" Docker pull image {} failed, error is [{}]".format(
image, e.message))
def create_replication_policy(self, dest_registry=None, src_registry=None, name=None, description="",
dest_namespace = "", filters=None, trigger=v2_swagger_client.ReplicationTrigger(type="manual",trigger_settings=v2_swagger_client.ReplicationTriggerSettings(cron="")),
deletion=False, override=True, enabled=True, expect_status_code = 201, **kwargs):
if name is None:
name = base._random_name("rule")
if filters is None:
filters = []
policy = v2_swagger_client.ReplicationPolicy(name=name, description=description,dest_namespace=dest_namespace,
dest_registry=dest_registry, src_registry=src_registry,filters=filters,
trigger=trigger, deletion=deletion, override=override, enabled=enabled)
_, status_code, header = self._get_client(**kwargs).create_replication_policy_with_http_info(policy)
base._assert_status_code(expect_status_code, status_code)
return base._get_id_from_header(header), name
def create_registry(self,
endpoint,
name=base._random_name("registry"),
username="",
password="",
insecure=True,
**kwargs):
client = self._get_client(**kwargs)
registry = swagger_client.RepTargetPost(name=name,
endpoint=endpoint,
username=username,
password=password,
insecure=insecure)
_, _, header = client.targets_post_with_http_info(registry)
return base._get_id_from_header(header), name
def create_label(self,
name=base._random_name("label"),
desc="",
color="",
scope="g",
project_id=0,
**kwargs):
label = swagger_client.Label(name=name,
description=desc,
color=color,
scope=scope,
project_id=project_id)
client = self._get_client(**kwargs)
_, _, header = client.labels_post_with_http_info(label)
return base._get_id_from_header(header), name
def create_replication_rule(self,
projectIDList, targetIDList, name=base._random_name("rule"), desc="",
filters=[], trigger=swagger_client.RepTrigger(kind="Manual"),
replicate_deletion=True,
replicate_existing_image_now=False,
**kwargs):
projects = []
for projectID in projectIDList:
projects.append(swagger_client.Project(project_id=int(projectID)))
targets = []
for targetID in targetIDList:
targets.append(swagger_client.RepTarget(id=int(targetID)))
for filter in filters:
filter["value"] = int(filter["value"])
client = self._get_client(**kwargs)
policy = swagger_client.RepPolicy(name=name, description=desc,
projects=projects, targets=targets, filters=filters,
trigger=trigger, replicate_deletion=replicate_deletion,
replicate_existing_image_now=replicate_existing_image_now)
_, _, header = client.policies_replication_post_with_http_info(policy)
return base._get_id_from_header(header), name
def create_target(self,
endpoint_target = None,
username_target = "target_user", password_target = "Aa123456", name_target=base._random_name("target"),
target_type=0, insecure_target=True, expect_status_code = 201,
**kwargs):
if endpoint_target is None:
endpoint_target = r"https://{}.{}.{}.{}".format(int(round(time.time() * 1000)) % 100,
int(round(time.time() * 1000)) % 200,
int(round(time.time() * 1000)) % 100,
int(round(time.time() * 1000)) % 254)
client = self._get_client(**kwargs)
policy = swagger_client.RepTarget(name=name_target, endpoint=endpoint_target,
username=username_target, password=password_target, type=target_type,
insecure=insecure_target)
_, status_code, header = client.targets_post_with_http_info(policy)
base._assert_status_code(expect_status_code, status_code)
return base._get_id_from_header(header), name_target
def test_02_SystemlevelRobotAccount(self):
"""
Test case:
Robot Account
Test step and expected result:
1. Define a number of access lists;
2. Create the same number of private projects;
3. Create a system robot account has permission for those projects;
4. Verify the system robot account has the corresponding rights;
5. Disable the system robot account;
6. Verify the system robot account has no the corresponding rights;
7. Enable the system robot account;
8. Verify the system robot account has the corresponding rights;
9. Refresh secret for the system robot account;
10. Verify the system robot account has no the corresponding right with the old secret already;
11. Verify the system robot account still has the corresponding right with the new secret;
12. List system robot account, then add a new project to the system robot account project permission list;
13. Delete this project;
14. List system robot account successfully;
15. Delete the system robot account;
16. Verify the system robot account has no the corresponding right;
17. Add a system robot account with all project coverd;
18. Verify the system robot account has no the corresponding right;
"""
#1. Define a number of access lists;
CHART_FILE_LIST = [
dict(name='prometheus', version='7.0.2'),
dict(name='harbor', version='0.2.0')
]
for i in range(2):
base.run_command([
"curl", r"-o", "./tests/apitests/python/{}-{}.tgz".format(
CHART_FILE_LIST[i]["name"], CHART_FILE_LIST[i]["version"]),
"https://storage.googleapis.com/harbor-builds/helm-chart-test-files/{}-{}.tgz"
.format(CHART_FILE_LIST[i]["name"],
CHART_FILE_LIST[i]["version"])
])
#Make sure that whether 'True' or 'False' must be included in each line or row.
check_list = [
[True, True, True, True, True, True, False, True, False, True],
[False, False, False, False, True, True, False, True, True, False],
[True, False, True, False, True, False, True, False, True, True],
[False, False, False, True, False, True, False, True, True, False]
]
access_list_list = []
for i in range(len(check_list)):
access_list_list.append(
self.robot.create_access_list(check_list[i]))
#2. Create the same number of private projects;
robot_account_Permissions_list = []
project_access_list = []
for i in range(len(check_list)):
with created_user(TestRobotAccount.user_ra_password,
_teardown=False) as (user_id, username):
with created_project(metadata={"public": "false"},
user_id=user_id,
_teardown=False) as (project_id,
project_name):
project_access_list.append(
dict(project_name=project_name,
project_id=project_id,
check_list=check_list[i]))
robot_account_Permissions = v2_swagger_client.Permission(
kind="project",
namespace=project_name,
access=access_list_list[i])
robot_account_Permissions_list.append(
robot_account_Permissions)
#3. Create a system robot account has permission for those projects;
system_robot_account_id, system_robot_account = self.robot.create_system_robot(
robot_account_Permissions_list, 300)
print("system_robot_account:", system_robot_account)
SYSTEM_RA_CLIENT = dict(endpoint=TestRobotAccount.url,
username=system_robot_account.name,
password=system_robot_account.secret)
SYSTEM_RA_CHART_CLIENT = dict(endpoint=CHART_API_CLIENT["endpoint"],
username=SYSTEM_RA_CLIENT["username"],
password=SYSTEM_RA_CLIENT["password"])
#4. Verify the system robot account has the corresponding rights;
for project_access in project_access_list:
print(r"project_access:", project_access)
if project_access["check_list"][1]: #---repository:push---
repo = push_self_build_image_to_project(
project_access["project_name"], harbor_server,
SYSTEM_RA_CLIENT["username"], SYSTEM_RA_CLIENT["password"],
"test_pushable", "v6.8.1")
else:
push_self_build_image_to_project(
project_access["project_name"],
harbor_server,
SYSTEM_RA_CLIENT["username"],
SYSTEM_RA_CLIENT["password"],
"test_unpushable",
"v6.8.1",
expected_error_message="unauthorized to access repository")
tag_for_del = "v1.0.0"
repo_name, tag = push_self_build_image_to_project(
project_access["project_name"], harbor_server,
ADMIN_CLIENT["username"], ADMIN_CLIENT["password"],
"test_del_artifact", tag_for_del)
if project_access["check_list"][0]: #---repository:pull---
pull_harbor_image(harbor_server, SYSTEM_RA_CLIENT["username"],
SYSTEM_RA_CLIENT["password"], repo_name,
tag_for_del)
else:
pull_harbor_image(
harbor_server,
SYSTEM_RA_CLIENT["username"],
SYSTEM_RA_CLIENT["password"],
repo_name,
tag_for_del,
expected_error_message=
"action: pull: unauthorized to access repository")
if project_access["check_list"][2]: #---artifact:delete---
self.artifact.delete_artifact(project_access["project_name"],
repo_name.split('/')[1],
tag_for_del, **SYSTEM_RA_CLIENT)
else:
self.artifact.delete_artifact(project_access["project_name"],
repo_name.split('/')[1],
tag_for_del,
expect_status_code=403,
**SYSTEM_RA_CLIENT)
#Prepare for chart read and delete
self.chart.upload_chart(
project_access["project_name"],
r'./tests/apitests/python/{}-{}.tgz'.format(
CHART_FILE_LIST[1]["name"],
CHART_FILE_LIST[1]["version"]), **CHART_API_CLIENT)
if project_access["check_list"][3]: #---helm-chart:read---
library.helm.helm2_fetch_chart_file(
"chart_repo_" + base._random_name("repo"), harbor_url,
project_access["project_name"],
SYSTEM_RA_CLIENT["username"], SYSTEM_RA_CLIENT["password"],
CHART_FILE_LIST[1]["name"])
else:
library.helm.helm2_fetch_chart_file(
"chart_repo_" + base._random_name("repo"),
harbor_url,
project_access["project_name"],
SYSTEM_RA_CLIENT["username"],
SYSTEM_RA_CLIENT["password"],
CHART_FILE_LIST[1]["name"],
expected_add_repo_error_message="403 Forbidden")
if project_access["check_list"][
4]: #---helm-chart-version:create---
self.chart.upload_chart(
project_access["project_name"],
r'./tests/apitests/python/{}-{}.tgz'.format(
CHART_FILE_LIST[0]["name"],
CHART_FILE_LIST[0]["version"]),
**SYSTEM_RA_CHART_CLIENT)
else:
self.chart.upload_chart(
project_access["project_name"],
r'./tests/apitests/python/{}-{}.tgz'.format(
CHART_FILE_LIST[0]["name"],
CHART_FILE_LIST[0]["version"]),
expect_status_code=403,
**SYSTEM_RA_CHART_CLIENT)
if project_access["check_list"][
5]: #---helm-chart-version:delete---
self.chart.delete_chart_with_version(
project_access["project_name"], CHART_FILE_LIST[1]["name"],
CHART_FILE_LIST[1]["version"], **SYSTEM_RA_CHART_CLIENT)
else:
self.chart.delete_chart_with_version(
project_access["project_name"],
CHART_FILE_LIST[1]["name"],
CHART_FILE_LIST[1]["version"],
expect_status_code=403,
**SYSTEM_RA_CHART_CLIENT)
repo_name, tag = push_self_build_image_to_project(
project_access["project_name"], harbor_server,
ADMIN_CLIENT["username"], ADMIN_CLIENT["password"],
"test_create_tag", "latest_1")
self.artifact.create_tag(project_access["project_name"],
repo_name.split('/')[1], tag,
"for_delete", **ADMIN_CLIENT)
if project_access["check_list"][6]: #---tag:create---
self.artifact.create_tag(project_access["project_name"],
repo_name.split('/')[1], tag, "1.0",
**SYSTEM_RA_CLIENT)
else:
self.artifact.create_tag(project_access["project_name"],
repo_name.split('/')[1],
tag,
"1.0",
expect_status_code=403,
**SYSTEM_RA_CLIENT)
if project_access["check_list"][7]: #---tag:delete---
self.artifact.delete_tag(project_access["project_name"],
repo_name.split('/')[1], tag,
"for_delete", **SYSTEM_RA_CLIENT)
else:
self.artifact.delete_tag(project_access["project_name"],
repo_name.split('/')[1],
tag,
"for_delete",
expect_status_code=403,
**SYSTEM_RA_CLIENT)
repo_name, tag = push_self_build_image_to_project(
project_access["project_name"], harbor_server,
ADMIN_CLIENT["username"], ADMIN_CLIENT["password"],
"test_create_artifact_label", "latest_1")
#Add project level label to artifact
label_id, _ = self.label.create_label(
project_id=project_access["project_id"],
scope="p",
**ADMIN_CLIENT)
if project_access["check_list"][8]: #---artifact-label:create---
self.artifact.add_label_to_reference(
project_access["project_name"],
repo_name.split('/')[1], tag, int(label_id),
**SYSTEM_RA_CLIENT)
else:
self.artifact.add_label_to_reference(
project_access["project_name"],
repo_name.split('/')[1],
tag,
int(label_id),
expect_status_code=403,
**SYSTEM_RA_CLIENT)
if project_access["check_list"][9]: #---scan:create---
self.scan.scan_artifact(project_access["project_name"],
repo_name.split('/')[1], tag,
**SYSTEM_RA_CLIENT)
else:
self.scan.scan_artifact(project_access["project_name"],
repo_name.split('/')[1],
tag,
expect_status_code=403,
**SYSTEM_RA_CLIENT)
#5. Disable the system robot account;
self.robot.update_system_robot_account(system_robot_account_id,
system_robot_account.name,
robot_account_Permissions_list,
disable=True,
**ADMIN_CLIENT)
#6. Verify the system robot account has no the corresponding rights;
self.verify_repository_unpushable(project_access_list,
SYSTEM_RA_CLIENT)
#7. Enable the system robot account;
self.robot.update_system_robot_account(system_robot_account_id,
system_robot_account.name,
robot_account_Permissions_list,
disable=False,
**ADMIN_CLIENT)
#8. Verify the system robot account has the corresponding rights;
self.verify_repository_pushable(project_access_list, SYSTEM_RA_CLIENT)
#9. Refresh secret for the system robot account;
new_secret = "new_secret_At_321"
self.robot.refresh_robot_account_secret(system_robot_account_id,
new_secret, **ADMIN_CLIENT)
#10. Verify the system robot account has no the corresponding right with the old secret already;
self.verify_repository_unpushable(project_access_list,
SYSTEM_RA_CLIENT)
#11. Verify the system robot account still has the corresponding right with the new secret;
SYSTEM_RA_CLIENT["password"] = new_secret
self.verify_repository_pushable(project_access_list, SYSTEM_RA_CLIENT)
#12. List system robot account, then add a new project to the system robot account project permission list;
self.robot.list_robot(**ADMIN_CLIENT)
project_for_del_id, project_for_del_name = self.project.create_project(
metadata={"public": "true"}, **ADMIN_CLIENT)
robot_account_Permissions = v2_swagger_client.Permission(
kind="project",
namespace=project_for_del_name,
access=access_list_list[0])
robot_account_Permissions_list.append(robot_account_Permissions)
self.robot.update_system_robot_account(system_robot_account_id,
system_robot_account.name,
robot_account_Permissions_list,
**ADMIN_CLIENT)
self.robot.list_robot(**ADMIN_CLIENT)
#13. Delete this project;
self.project.delete_project(project_for_del_id, **ADMIN_CLIENT)
#14. List system robot account successfully;
self.robot.list_robot(**ADMIN_CLIENT)
#15. Delete the system robot account;
self.robot.delete_robot_account(system_robot_account_id,
**ADMIN_CLIENT)
#16. Verify the system robot account has no the corresponding right;
self.verify_repository_unpushable(project_access_list,
SYSTEM_RA_CLIENT)
#17. Add a system robot account with all project coverd;
all_true_access_list = self.robot.create_access_list([True] * 10)
robot_account_Permissions_list = []
robot_account_Permissions = v2_swagger_client.Permission(
kind="project", namespace="*", access=all_true_access_list)
robot_account_Permissions_list.append(robot_account_Permissions)
_, system_robot_account_cover_all = self.robot.create_system_robot(
robot_account_Permissions_list, 300)
#18. Verify the system robot account has no the corresponding right;
print("system_robot_account_cover_all:",
system_robot_account_cover_all)
SYSTEM_RA_CLIENT_COVER_ALL = dict(
endpoint=TestRobotAccount.url,
username=system_robot_account_cover_all.name,
password=system_robot_account_cover_all.secret)
projects = self.project.get_projects(dict(), **ADMIN_CLIENT)
print("All projects:", projects)
project_access_list = []
for i in range(len(projects)):
project_access_list.append(
dict(project_name=projects[i].name,
project_id=projects[i].project_id,
check_list=all_true_access_list))
self.verify_repository_pushable(project_access_list,
SYSTEM_RA_CLIENT_COVER_ALL)
