def created_project(name=None,
metadata=None,
user_id=None,
member_role_id=None,
_teardown=None):
from library.project import Project
api = Project()
is_teardown = TEARDOWN
if _teardown in (True, False):
is_teardown = _teardown
project_id, project_name = api.create_project(name=name,
metadata=metadata,
**ADMIN_CLIENT)
if user_id:
api.add_project_members(project_id,
user_id=user_id,
member_role_id=member_role_id,
**ADMIN_CLIENT)
try:
yield (project_id, project_name)
finally:
if is_teardown:
api.delete_project(project_id, **ADMIN_CLIENT)
def created_project(name=None, metadata=None, user_id=None, member_role_id=None):
from library.project import Project
api = Project()
project_id, project_name = api.create_project(name=None, metadata=None, **ADMIN_CLIENT)
if user_id:
api.add_project_members(project_id, user_id, member_role_id=member_role_id, **ADMIN_CLIENT)
try:
yield (project_id, project_name)
finally:
if TEARDOWN:
api.delete_project(project_id, **ADMIN_CLIENT)
class TestProjects(unittest.TestCase):
"""UserGroup unit test stubs"""
def setUp(self):
self.project = Project()
self.user= User()
def tearDown(self):
pass
def testAddProjectMember(self):
"""
Test case:
Add a new user to a certain private project as member
Test step and Expectation:
1. Login harbor as admin, then to create a user(UA) with non-admin role;
2. Login harbor as admin, then to create a private project(PA);
3. Login harbor as user(UA), then to get all private projects, projects count must be zero;
4. Login harbor as admin, then to add user(UA) in project(PA);
5. Login harbor as user(UA), then to get all private project, there must be project(PA) only.
"""
url = ADMIN_CLIENT["endpoint"]
user_001_password = "******"
#1. Create user-001
user_001_id, user_001_name = self.user.create_user(user_password = user_001_password, **ADMIN_CLIENT)
self.assertNotEqual(user_001_id, None, msg="Failed to create user, return user is {}".format(user_001_id))
USER_001_CLIENT=dict(endpoint = url, username = user_001_name, password = user_001_password)
#2. Create private project-001
project_001_id, project_001_name = self.project.create_project(metadata = {"public": "false"}, **ADMIN_CLIENT)
self.assertNotEqual(project_001_name, None, msg="Project was created failed, return project name is {} and id is {}.".format(project_001_name, project_001_id))
#3.1 Get private projects of user-001
project_001_data = self.project.get_projects(dict(public=False), **USER_001_CLIENT)
#3.2 Check user-001 has no any private project
self.assertEqual(project_001_data, None, msg="user-001 should has no any private project, but we got {}".format(project_001_data))
#4. Add user-001 as a member of project-001
result = self.project.add_project_members(project_001_id, user_001_id, **ADMIN_CLIENT)
self.assertNotEqual(result, False, msg="Failed to add member user_001 to project_001, result is {}".format(result))
#5 Get private project of uesr-001, uesr-001 can see only one private project which is project-001
project_data = self.project.get_projects(dict(public=False), **USER_001_CLIENT)
self.assertEqual(len(project_data), 1, msg="Private project count should be 1.")
self.assertEqual(str(project_data[0].project_id), str(project_001_id), msg="Project-id check failed, please check this test case.")
class TestProjects(unittest.TestCase):
@suppress_urllib3_warning
def setUp(self):
self.project = Project()
self.user = User()
self.repo = Repository()
@unittest.skipIf(TEARDOWN == False, "Test data won't be erased.")
def tearDown(self):
#1. Delete repository(RA) by admin;
self.repo.delete_repository(TestProjects.project_alice_name, TestProjects.repo_name.split('/')[1], **ADMIN_CLIENT)
#2. Delete project(Alice);
self.project.delete_project(TestProjects.project_alice_id, **ADMIN_CLIENT)
#3. Delete user Alice, Bob and Carol.
self.user.delete_user(TestProjects.user_alice_id, **ADMIN_CLIENT)
self.user.delete_user(TestProjects.user_bob_id, **ADMIN_CLIENT)
self.user.delete_user(TestProjects.user_carol_id, **ADMIN_CLIENT)
def testManageProjectMember(self):
"""
Test case:
Manage Project members
Test step and expected result:
1. Create user Alice, Bob, Carol;
2. Create private project(Alice) by Alice, Add a repository to project(Alice) by Alice;
3. Bob is not a member of project(Alice);
4. Alice Add Bob as a guest member of project(Alice), Check Bob is a guest member of project(Alice);
5. Update role of Bob to developer of project(Alice), Check Bob is developer member of project(Alice);
6. Update role of Bob to admin member of project(Alice), Check Bob is admin member of project(Alice);
7. Bob add Carol to project(Alice) as a guest member, Carol is a member of project(Alice) as a guest;
8. Alice delete Bob from project(Alice),
Bob is no longer a member of project(Alice) and Bob can see project(Alice),
Carol is still a member of project(Alice) as a guest.
Tear down:
1. Delete repository(RA) by admin;
2. Delete project(Alice);
3. Delete user Alice, Bob and Carol.
"""
url = ADMIN_CLIENT["endpoint"]
user_alice_password = "******"
user_bob_password = "******"
user_carol_password = "******"
#1.1 Create user Alice
TestProjects.user_alice_id, user_alice_name = self.user.create_user(user_password = user_alice_password, **ADMIN_CLIENT)
USER_ALICE_CLIENT=dict(endpoint = url, username = user_alice_name, password = user_alice_password)
#1.2 Create user Bob
TestProjects.user_bob_id, user_bob_name = self.user.create_user(user_password = user_bob_password, **ADMIN_CLIENT)
USER_BOB_CLIENT=dict(endpoint = url, username = user_bob_name, password = user_bob_password)
#1.3 Create user Carol
TestProjects.user_carol_id, user_carol_name = self.user.create_user(user_password = user_carol_password, **ADMIN_CLIENT)
#2.1 Create private project(PA) by Alice
TestProjects.project_alice_id, TestProjects.project_alice_name = self.project.create_project(metadata = {"public": "false"}, **USER_ALICE_CLIENT)
#2.2 Add a repository to project(PA) by Alice
TestProjects.repo_name, _ = push_self_build_image_to_project(TestProjects.project_alice_name, harbor_server, user_alice_name, user_alice_password, "hello-world", "latest")
#3. Bob is not a member of project(PA);
self.project.check_project_member_not_exist(TestProjects.project_alice_id, user_bob_name, **USER_ALICE_CLIENT)
#4.1 Alice Add Bob as a guest member of project(PA)
member_id_bob = self.project.add_project_members(TestProjects.project_alice_id, user_id=TestProjects.user_bob_id, member_role_id = 3, **USER_ALICE_CLIENT)
#4.2 Check Bob is a guest member of project(PA)
self.project.check_project_members_exist(TestProjects.project_alice_id, user_bob_name, expected_member_role_id = 3, user_name = user_bob_name, user_password = user_bob_password, **USER_ALICE_CLIENT)
#5.1 Update role of Bob to developer of project(PA)
self.project.update_project_member_role(TestProjects.project_alice_id, member_id_bob, 2, **USER_ALICE_CLIENT)
#5.2 Check Bob is developer member of project(PA)
self.project.check_project_members_exist(TestProjects.project_alice_id, user_bob_name, expected_member_role_id = 2, user_name = user_bob_name, user_password = user_bob_password, **USER_ALICE_CLIENT)
#6.1 Update role of Bob to admin member of project(PA)
self.project.update_project_member_role(TestProjects.project_alice_id, member_id_bob, 1, **USER_ALICE_CLIENT)
#6.2 Check Bob is admin member of project(PA)
self.project.check_project_members_exist(TestProjects.project_alice_id, user_bob_name, expected_member_role_id = 1, user_name = user_bob_name, user_password = user_bob_password, **USER_ALICE_CLIENT)
#7.1 Bob add Carol to project(PA) as a guest member.
self.project.add_project_members(TestProjects.project_alice_id, TestProjects.user_carol_id, member_role_id = 3, **USER_BOB_CLIENT)
#7.2 Carol is a member of project(PA) as a guest.
self.project.check_project_members_exist(TestProjects.project_alice_id, user_carol_name, expected_member_role_id = 3, user_name = user_carol_name, user_password = user_carol_password, **USER_ALICE_CLIENT)
#8.1 Alice delete Bob from project(PA).
self.project.delete_project_member(TestProjects.project_alice_id, member_id_bob, **USER_ALICE_CLIENT)
#8.2 Bob is no longer a member of project(PA) and Bob can see project(PA).
self.project.check_project_member_not_exist(TestProjects.project_alice_id, user_bob_name, **USER_ALICE_CLIENT)
#8.3 Carol is still a member of project(PA) as a guest.
self.project.check_project_members_exist(TestProjects.project_alice_id, user_carol_name, expected_member_role_id = 3, user_name = user_carol_name, user_password = user_carol_password, **USER_ALICE_CLIENT)
class TestProjects(unittest.TestCase):
@suppress_urllib3_warning
def setUp(self):
self.project = Project()
self.user = User()
self.artifact = Artifact()
self.repo = Repository()
self.label = Label()
@unittest.skipIf(TEARDOWN == False, "Test data won't be erased.")
def tearDown(self):
#1. Delete repository(RA) by user(UA);
self.repo.delete_repository(TestProjects.project_add_g_lbl_name,
TestProjects.repo_name.split('/')[1],
**TestProjects.USER_add_g_lbl_CLIENT)
#2. Delete project(PA);
self.project.delete_project(TestProjects.project_add_g_lbl_id,
**TestProjects.USER_add_g_lbl_CLIENT)
#3. Delete user(UA);
self.user.delete_user(TestProjects.user_add_g_lbl_id, **ADMIN_CLIENT)
#4. Delete label(LA).
self.label.delete_label(TestProjects.label_id, **ADMIN_CLIENT)
def testAddSysLabelToRepo(self):
"""
Test case:
Add Global Label To Tag
Test step and expected result:
1. Create a new user(UA);
2. Create a new private project(PA) by user(UA);
3. Add user(UA) as a member of project(PA) with project-admin role;
4. Get private project of user(UA), user(UA) can see only one private project which is project(PA);
5. Create a new repository(RA) and tag(TA) in project(PA) by user(UA);
6. Create a new label(LA) in project(PA) by admin;;
7. Add this system global label to repository(RA)/tag(TA);
Tear down:
1. Delete repository(RA) by user(UA);
2. Delete project(PA);
3. Delete user(UA);
4. Delete label(LA).
"""
url = ADMIN_CLIENT["endpoint"]
user_001_password = "******"
#1. Create user-001
TestProjects.user_add_g_lbl_id, user_add_g_lbl_name = self.user.create_user(
user_password=user_001_password, **ADMIN_CLIENT)
TestProjects.USER_add_g_lbl_CLIENT = dict(endpoint=url,
username=user_add_g_lbl_name,
password=user_001_password)
#2. Create private project-001
TestProjects.project_add_g_lbl_id, TestProjects.project_add_g_lbl_name = self.project.create_project(
metadata={"public": "false"}, **ADMIN_CLIENT)
#3. Add user-001 as a member of project-001 with project-admin role
self.project.add_project_members(
TestProjects.project_add_g_lbl_id,
user_id=TestProjects.user_add_g_lbl_id,
**ADMIN_CLIENT)
#4. Get private project of user(UA), user(UA) can see only one private project which is project(PA);
self.project.projects_should_exist(
dict(public=False),
expected_count=1,
expected_project_id=TestProjects.project_add_g_lbl_id,
**TestProjects.USER_add_g_lbl_CLIENT)
#5. Create a new repository(RA) and tag(TA) in project(PA) by user(UA);
TestProjects.repo_name, tag = push_self_build_image_to_project(
TestProjects.project_add_g_lbl_name, harbor_server,
user_add_g_lbl_name, user_001_password, "test_sys_label", "latest")
#6. Create a new label(LA) in project(PA) by admin;
TestProjects.label_id, _ = self.label.create_label(**ADMIN_CLIENT)
#7. Add this system global label to repository(RA)/tag(TA).
self.artifact.add_label_to_reference(
TestProjects.project_add_g_lbl_name,
TestProjects.repo_name.split('/')[1], tag,
int(TestProjects.label_id), **TestProjects.USER_add_g_lbl_CLIENT)
class TestProjects(unittest.TestCase):
@classmethod
def setUp(self):
self.project = Project()
self.user = User()
self.artifact = Artifact()
self.repo = Repository()
@classmethod
def tearDown(self):
print("Case completed")
@unittest.skipIf(TEARDOWN == False, "Test data won't be erased.")
def test_ClearData(self):
# remove the deletion as the signed image cannot be deleted.
#1. Delete repository(RA) by user(UA);
#self.repo.delete_repoitory(TestProjects.project_sign_image_name, TestProjects.repo_name.split('/')[1], **TestProjects.USER_sign_image_CLIENT)
#2. Delete project(PA);
#self.project.delete_project(TestProjects.project_sign_image_id, **TestProjects.USER_sign_image_CLIENT)
#3. Delete user(UA);
self.user.delete_user(TestProjects.user_sign_image_id, **ADMIN_CLIENT)
def testPushImageWithSpecialName(self):
"""
Test case:
Push Image With Special Name
Test step and expected result:
1. Create a new user(UA);
2. Create a new private project(PA) by user(UA);
3. Add user(UA) as a member of project(PA) with project-admin role;
4. Get private project of user(UA), user(UA) can see only one private project which is project(PA);
5. Create a new repository(RA) and tag(TA) in project(PA) by user(UA);
6. Sign image with tag(TA) which was tagged by step #5;
7. Get signature of image with tag(TA), it should be exist.
Tear down:
NA
"""
url = ADMIN_CLIENT["endpoint"]
user_001_password = "******"
#1. Create user-001
TestProjects.user_sign_image_id, user_sign_image_name = self.user.create_user(
user_password=user_001_password, **ADMIN_CLIENT)
TestProjects.USER_sign_image_CLIENT = dict(
with_signature=True,
endpoint=url,
username=user_sign_image_name,
password=user_001_password)
#2. Create a new private project(PA) by user(UA);
TestProjects.project_sign_image_id, TestProjects.project_sign_image_name = self.project.create_project(
metadata={"public": "false"}, **ADMIN_CLIENT)
#3. Add user(UA) as a member of project(PA) with project-admin role;
self.project.add_project_members(
TestProjects.project_sign_image_id,
user_id=TestProjects.user_sign_image_id,
**ADMIN_CLIENT)
#4. Get private project of user(UA), user(UA) can see only one private project which is project(PA);
self.project.projects_should_exist(
dict(public=False),
expected_count=1,
expected_project_id=TestProjects.project_sign_image_id,
**TestProjects.USER_sign_image_CLIENT)
image = "hello-world"
src_tag = "latest"
profix = "aaa/bbb"
#5. Create a new repository(RA) and tag(TA) in project(PA) by user(UA);
TestProjects.repo_name, tag = push_image_to_project(
TestProjects.project_sign_image_name,
harbor_server,
user_sign_image_name,
user_001_password,
image,
src_tag,
profix_for_image=profix)
#7. Get signature of image with tag(TA), it should be exist.
full_name = urllib.parse.quote(profix + "/" + image, 'utf-8')
artifact = self.artifact.get_reference_info(
TestProjects.project_sign_image_name, full_name, tag,
**TestProjects.USER_sign_image_CLIENT)
self.assertEqual(artifact[0].type, 'IMAGE')
class TestProjects(unittest.TestCase):
@classmethod
def setUp(self):
self.project = Project()
self.user = User()
self.repo = Repository()
@classmethod
def tearDown(self):
print "Case completed"
@unittest.skipIf(TEARDOWN == True, "Test data won't be erased.")
def test_ClearData(self):
#1. Delete repository(RA) by user(UA);
self.repo.delete_repoitory(TestProjects.repo_name,
**TestProjects.USER_SCAN_IMAGE_CLIENT)
#2. Delete project(PA);
self.project.delete_project(TestProjects.project_scan_image_id,
**TestProjects.USER_SCAN_IMAGE_CLIENT)
#3. Delete user(UA);
self.user.delete_user(TestProjects.user_scan_image_id, **ADMIN_CLIENT)
def testScanImage(self):
"""
Test case:
Scan A Image
Test step and expected result:
1. Create a new user(UA);
2. Create a new private project(PA) by user(UA);
3. Add user(UA) as a member of project(PA) with project-admin role;
4. Get private project of user(UA), user(UA) can see only one private project which is project(PA);
5. Create a new repository(RA) and tag(TA) in project(PA) by user(UA);
6. Send scan image command and get tag(TA) information to check scan result, it should be finished;
Tear down:
1. Delete repository(RA) by user(UA);
2. Delete project(PA);
3. Delete user(UA);
"""
url = ADMIN_CLIENT["endpoint"]
user_001_password = "******"
#1. Create user-001
TestProjects.user_scan_image_id, user_scan_image_name = self.user.create_user(
user_password=user_001_password, **ADMIN_CLIENT)
TestProjects.USER_SCAN_IMAGE_CLIENT = dict(
endpoint=url,
username=user_scan_image_name,
password=user_001_password)
#2. Create a new private project(PA) by user(UA);
TestProjects.project_scan_image_id, project_scan_image_name = self.project.create_project(
metadata={"public": "false"}, **ADMIN_CLIENT)
#3. Add user(UA) as a member of project(PA) with project-admin role;
self.project.add_project_members(TestProjects.project_scan_image_id,
TestProjects.user_scan_image_id,
**ADMIN_CLIENT)
#4. Get private project of user(UA), user(UA) can see only one private project which is project(PA);
self.project.projects_should_exist(
dict(public=False),
expected_count=1,
expected_project_id=TestProjects.project_scan_image_id,
**TestProjects.USER_SCAN_IMAGE_CLIENT)
#Note: Please make sure that this Image has never been pulled before by any other cases,
# so it is a not-scanned image right after repository creation.
#image = "tomcat"
image = "docker"
src_tag = "1.13"
#5. Create a new repository(RA) and tag(TA) in project(PA) by user(UA);
TestProjects.repo_name, tag = push_image_to_project(
project_scan_image_name, harbor_server, user_scan_image_name,
user_001_password, image, src_tag)
#6. Send scan image command and get tag(TA) information to check scan result, it should be finished;
self.repo.scan_image(TestProjects.repo_name, tag,
**TestProjects.USER_SCAN_IMAGE_CLIENT)
self.repo.check_image_scan_result(
TestProjects.repo_name, tag, **TestProjects.USER_SCAN_IMAGE_CLIENT)
class TestScan(unittest.TestCase):
@suppress_urllib3_warning
def setUp(self):
self.project = Project()
self.user = User()
self.artifact = Artifact()
self.repo = Repository()
self.scan = Scan()
self.url = ADMIN_CLIENT["endpoint"]
self.user_password = "******"
self.project_id, self.project_name, self.user_id, self.user_name, self.repo_name1, self.repo_name2 = [
None
] * 6
self.user_id, self.user_name = self.user.create_user(
user_password=self.user_password, **ADMIN_CLIENT)
self.USER_CLIENT = dict(with_signature=True,
with_immutable_status=True,
endpoint=self.url,
username=self.user_name,
password=self.user_password,
with_scan_overview=True)
#2. Create a new private project(PA) by user(UA);
self.project_id, self.project_name = self.project.create_project(
metadata={"public": "false"}, **ADMIN_CLIENT)
#3. Add user(UA) as a member of project(PA) with project-admin role;
self.project.add_project_members(self.project_id,
user_id=self.user_id,
**ADMIN_CLIENT)
@unittest.skipIf(TEARDOWN == True, "Test data won't be erased.")
def do_tearDown(self):
#1. Delete repository(RA) by user(UA);
self.repo.delete_repoitory(self.project_name,
self.repo_name1.split('/')[1],
**self.USER_CLIENT)
self.repo.delete_repoitory(self.project_name,
self.repo_name2.split('/')[1],
**self.USER_CLIENT)
#2. Delete project(PA);
self.project.delete_project(self.project_id, **self.USER_CLIENT)
#3. Delete user(UA);
self.user.delete_user(self.user_id, **ADMIN_CLIENT)
def testScanImageArtifact(self):
"""
Test case:
Scan An Image Artifact
Test step and expected result:
1. Create a new user(UA);
2. Create a new private project(PA) by user(UA);
3. Add user(UA) as a member of project(PA) with project-admin role;
4. Get private project of user(UA), user(UA) can see only one private project which is project(PA);
5. Create a new repository(RA) and tag(TA) in project(PA) by user(UA);
6. Send scan image command and get tag(TA) information to check scan result, it should be finished;
7. Swith Scanner;
8. Send scan another image command and get tag(TA) information to check scan result, it should be finished.
Tear down:
1. Delete repository(RA) by user(UA);
2. Delete project(PA);
3. Delete user(UA);
"""
#4. Get private project of user(UA), user(UA) can see only one private project which is project(PA);
self.project.projects_should_exist(dict(public=False),
expected_count=1,
expected_project_id=self.project_id,
**self.USER_CLIENT)
#Note: Please make sure that this Image has never been pulled before by any other cases,
# so it is a not-scanned image right after repository creation.
image = "docker"
src_tag = "1.13"
#5. Create a new repository(RA) and tag(TA) in project(PA) by user(UA);
self.repo_name1, tag = push_self_build_image_to_project(
self.project_name, harbor_server, self.user_name,
self.user_password, image, src_tag)
#6. Send scan image command and get tag(TA) information to check scan result, it should be finished;
self.scan.scan_artifact(self.project_name,
self.repo_name1.split('/')[1], tag,
**self.USER_CLIENT)
self.artifact.check_image_scan_result(self.project_name, image, tag,
**self.USER_CLIENT)
self.do_tearDown()
def testScanSignedImage(self):
"""
Test case:
Scan A Signed Image
Test step and expected result:
1. Create a new user(UA);
2. Create a new private project(PA) by user(UA);
3. Add user(UA) as a member of project(PA) with project-admin role;
4. Get private project of user(UA), user(UA) can see only one private project which is project(PA);
5. Create a new repository(RA) and tag(TA) in project(PA) by user(UA);
6. Send scan image command and get tag(TA) information to check scan result, it should be finished;
7. Swith Scanner;
8. Send scan another image command and get tag(TA) information to check scan result, it should be finished.
Tear down:
1. Delete repository(RA) by user(UA);
2. Delete project(PA);
3. Delete user(UA);
"""
#Note: Please make sure that this Image has never been pulled before by any other cases,
# so it is a not-scanned image right after repository creation.
#Note:busybox is pulled in setup phase, and setup is a essential phase.
image = "busybox"
tag = "latest"
#5. Create a new repository(RA) and tag(TA) in project(PA) by user(UA);
#TestScan.repo_name_1, tag = push_self_build_image_to_project(self.project_name, harbor_server, self.user_name, self.user_password, image, tag)
sign_image(harbor_server, self.project_name, image, tag)
#6. Send scan image command and get tag(TA) information to check scan result, it should be finished;
self.scan.scan_artifact(self.project_name, image, tag,
**self.USER_CLIENT)
self.artifact.check_image_scan_result(self.project_name, image, tag,
**self.USER_CLIENT)
class TestProjects(unittest.TestCase):
@suppress_urllib3_warning
def setUp(self):
self.project = Project()
self.user = User()
self.artifact = Artifact()
self.repo = Repository()
self.repo_name_1 = "test1_sign"
@unittest.skipIf(TEARDOWN == False, "Test data won't be erased.")
def tearDown(self):
# remove the deletion as the signed image cannot be deleted.
#1. Delete repository(RA) by user(UA);
#self.repo.delete_repoitory(TestProjects.project_sign_image_name, TestProjects.repo_name.split('/')[1], **TestProjects.USER_sign_image_CLIENT)
#2. Delete project(PA);
#self.project.delete_project(TestProjects.project_sign_image_id, **TestProjects.USER_sign_image_CLIENT)
#3. Delete user(UA);
self.user.delete_user(TestProjects.user_sign_image_id, **ADMIN_CLIENT)
def testSignImage(self):
"""
Test case:
Sign A Image
Test step and expected result:
1. Create a new user(UA);
2. Create a new private project(PA) by user(UA);
3. Add user(UA) as a member of project(PA) with project-admin role;
4. Get private project of user(UA), user(UA) can see only one private project which is project(PA);
5. Create a new repository(RA) and tag(TA) in project(PA) by user(UA);
6. Sign image with tag(TA) which was tagged by step #5;
7. Get signature of image with tag(TA), it should be exist.
Tear down:
NA
"""
url = ADMIN_CLIENT["endpoint"]
user_001_password = "******"
#1. Create user-001
TestProjects.user_sign_image_id, user_sign_image_name = self.user.create_user(
user_password=user_001_password, **ADMIN_CLIENT)
TestProjects.USER_sign_image_CLIENT = dict(
with_signature=True,
endpoint=url,
username=user_sign_image_name,
password=user_001_password)
#2. Create a new private project(PA) by user(UA);
TestProjects.project_sign_image_id, TestProjects.project_sign_image_name = self.project.create_project(
metadata={"public": "false"}, **ADMIN_CLIENT)
#3. Add user(UA) as a member of project(PA) with project-admin role;
self.project.add_project_members(
TestProjects.project_sign_image_id,
user_id=TestProjects.user_sign_image_id,
**ADMIN_CLIENT)
#4. Get private project of user(UA), user(UA) can see only one private project which is project(PA);
self.project.projects_should_exist(
dict(public=False),
expected_count=1,
expected_project_id=TestProjects.project_sign_image_id,
**TestProjects.USER_sign_image_CLIENT)
#Note:busybox is pulled in setup phase, and setup is a essential phase.
image = "busybox"
tag = "latest"
#5. Create a new repository(RA) and tag(TA) in project(PA) by user(UA);
#TestProjects.repo_name, tag = push_self_build_image_to_project(TestProjects.project_sign_image_name, harbor_server, user_sign_image_name, user_001_password, image, src_tag)
#6. Sign image with tag(TA) which was tagged by step #5;
sign_image(harbor_server, TestProjects.project_sign_image_name, image,
tag)
#7. Get signature of image with tag(TA), it should be exist.
artifact = self.artifact.get_reference_info(
TestProjects.project_sign_image_name, image, tag,
**TestProjects.USER_sign_image_CLIENT)
self.assertEqual(artifact.tags[0].signed, True)
push_special_image_to_project(TestProjects.project_sign_image_name,
harbor_server, user_sign_image_name,
user_001_password, self.repo_name_1,
['1.0'])
self.repo.delete_repoitory(TestProjects.project_sign_image_name,
self.repo_name_1,
**TestProjects.USER_sign_image_CLIENT)
self.repo.delete_repoitory(
TestProjects.project_sign_image_name,
image,
expect_status_code=412,
expect_response_body="with signature cannot be deleted",
**TestProjects.USER_sign_image_CLIENT)
class TestAssignRoleToLdapGroup(unittest.TestCase):
@classmethod
def setUp(self):
self.conf = Configurations()
self.project = Project()
self.artifact = Artifact()
self.repo = Repository()
self.scan = Scan()
@classmethod
def tearDown(self):
print("Case completed")
def TestAssignRoleToLdapGroup(self):
"""
Test case:
Assign Role To Ldap Group
Test step and expected result:
1. Set LDAP Auth configurations;
2. Create a new public project(PA) by Admin;
3. Add 3 member groups to project(PA);
4. Push image by each member role;
5. Verfify that admin_user and dev_user can push image, guest_user can not push image;
6. Verfify that admin_user, dev_user and guest_user can view logs, test user can not view logs.
7. Delete repository(RA) by user(UA);
8. Delete project(PA);
"""
url = ADMIN_CLIENT["endpoint"]
USER_ADMIN = dict(endpoint=url,
username="******",
password="******",
repo="hello-world")
USER_DEV = dict(endpoint=url,
username="******",
password="******",
repo="alpine")
USER_GUEST = dict(endpoint=url,
username="******",
password="******",
repo="busybox")
USER_TEST = dict(endpoint=url, username="******", password="******")
self.conf.set_configurations_of_ldap(
ldap_filter="",
ldap_group_attribute_name="cn",
ldap_group_base_dn="ou=groups,dc=example,dc=com",
ldap_group_search_filter="objectclass=groupOfNames",
ldap_group_search_scope=2,
**ADMIN_CLIENT)
with created_project(metadata={"public": "false"}) as (project_id,
project_name):
self.project.add_project_members(
project_id,
member_role_id=1,
_ldap_group_dn="cn=harbor_admin,ou=groups,dc=example,dc=com",
**ADMIN_CLIENT)
self.project.add_project_members(
project_id,
member_role_id=2,
_ldap_group_dn="cn=harbor_dev,ou=groups,dc=example,dc=com",
**ADMIN_CLIENT)
self.project.add_project_members(
project_id,
member_role_id=3,
_ldap_group_dn="cn=harbor_guest,ou=groups,dc=example,dc=com",
**ADMIN_CLIENT)
projects = self.project.get_projects(dict(name=project_name),
**USER_ADMIN)
self.assertTrue(len(projects) == 1)
self.assertEqual(1, projects[0].current_user_role_id)
repo_name_admin, _ = push_image_to_project(
project_name, harbor_server, USER_ADMIN["username"],
USER_ADMIN["password"], USER_ADMIN["repo"], "latest")
artifacts = self.artifact.list_artifacts(project_name,
USER_ADMIN["repo"],
**USER_ADMIN)
self.assertTrue(len(artifacts) == 1)
repo_name_dev, _ = push_image_to_project(
project_name, harbor_server, USER_DEV["username"],
USER_DEV["password"], USER_DEV["repo"], "latest")
artifacts = self.artifact.list_artifacts(project_name,
USER_DEV["repo"],
**USER_DEV)
self.assertTrue(len(artifacts) == 1)
push_image_to_project(project_name, harbor_server,
USER_GUEST["username"],
USER_GUEST["password"], USER_GUEST["repo"],
"latest")
artifacts = self.artifact.list_artifacts(project_name,
USER_GUEST["repo"],
**USER_GUEST)
self.assertTrue(len(artifacts) == 0)
self.assertTrue(
self.project.query_user_logs(project_name, **USER_ADMIN) > 0,
"admin user can see logs")
self.assertTrue(
self.project.query_user_logs(project_name, **USER_DEV) > 0,
"dev user can see logs")
self.assertTrue(
self.project.query_user_logs(project_name, **USER_GUEST) > 0,
"guest user can see logs")
self.assertTrue(
self.project.query_user_logs(project_name,
status_code=403,
**USER_TEST) == 0,
"test user can not see any logs")
self.repo.delete_repoitory(project_name,
repo_name_admin.split('/')[1],
**USER_ADMIN)
self.repo.delete_repoitory(project_name,
repo_name_dev.split('/')[1],
**USER_ADMIN)
class TestProxyCache(unittest.TestCase):
@classmethod
def setUpClass(self):
self.url = ADMIN_CLIENT["endpoint"]
self.user_password = "******"
self.project = Project()
self.user = User()
self.repo = Repository()
self.registry = Registry()
self.artifact = Artifact()
@classmethod
def tearDownClass(self):
print("Case completed")
def do_validate(self, registry_type):
"""
Test case:
Proxy Cache Image From Harbor
Test step and expected result:
1. Create a new registry;
2. Create a new project;
3. Add a new user as a member of project;
4. Pull image from this project by docker CLI;
5. Pull image from this project by ctr CLI;
6. Pull manifest index from this project by docker CLI;
7. Pull manifest from this project by ctr CLI;
8. Image pulled by docker CLI should be cached;
9. Image pulled by ctr CLI should be cached;
10. Manifest index pulled by docker CLI should be cached;
11. Manifest index pulled by ctr CLI should be cached;
Tear down:
1. Delete project(PA);
2. Delete user(UA).
"""
user_id, user_name = self.user.create_user(
user_password=self.user_password, **ADMIN_CLIENT)
USER_CLIENT = dict(with_signature=True,
endpoint=self.url,
username=user_name,
password=self.user_password)
image_for_docker = dict(image="for_proxy", tag="1.0")
image_for_ctr = dict(image="redis", tag="latest")
index_for_docker = dict(image="index081597864867",
tag="index_tag081597864867")
access_key = ""
access_secret = ""
#1. Create a new registry;
if registry_type == "docker-hub":
user_namespace = "danfengliu"
access_key = user_namespace
access_secret = "Aa123456"
registry = "https://hub.docker.com"
# Memo: ctr will not send image pull request if manifest list already exist, so we pull different manifest list for different registry;
index_for_ctr = dict(image="alpine", tag="3.12.0")
else:
user_namespace = "nightly"
registry = "https://cicd.harbor.vmwarecna.net"
index_for_ctr = dict(image="busybox", tag="1.32.0")
registry_id, _ = self.registry.create_registry(
registry,
name=_random_name(registry_type),
registry_type=registry_type,
access_key=access_key,
access_secret=access_secret,
insecure=False,
**ADMIN_CLIENT)
print("registry_id:", registry_id)
#2. Create a new project;
project_id, project_name = self.project.create_project(
registry_id=registry_id,
metadata={"public": "false"},
**ADMIN_CLIENT)
print("project_id:", project_id)
print("project_name:", project_name)
#3. Add a new user as a member of project;
self.project.add_project_members(project_id,
user_id=user_id,
**ADMIN_CLIENT)
#4. Pull image from this project by docker CLI;
pull_harbor_image(
harbor_server, USER_CLIENT["username"], USER_CLIENT["password"],
project_name + "/" + user_namespace + "/" +
image_for_docker["image"], image_for_docker["tag"])
#5. Pull image from this project by ctr CLI;
oci_ref = harbor_server + "/" + project_name + "/" + user_namespace + "/" + image_for_ctr[
"image"] + ":" + image_for_ctr["tag"]
library.containerd.ctr_images_pull(user_name, self.user_password,
oci_ref)
library.containerd.ctr_images_list(oci_ref=oci_ref)
#6. Pull manifest index from this project by docker CLI;
index_repo_name = user_namespace + "/" + index_for_docker["image"]
pull_harbor_image(harbor_server, user_name, self.user_password,
project_name + "/" + index_repo_name,
index_for_docker["tag"])
#7. Pull manifest from this project by ctr CLI;
index_repo_name_for_ctr = user_namespace + "/" + index_for_ctr["image"]
oci_ref = harbor_server + "/" + project_name + "/" + index_repo_name_for_ctr + ":" + index_for_ctr[
"tag"]
library.containerd.ctr_images_pull(user_name, self.user_password,
oci_ref)
library.containerd.ctr_images_list(oci_ref=oci_ref)
#8. Image pulled by docker CLI should be cached;
self.artifact.waiting_for_reference_exist(
project_name,
urllib.parse.quote(
user_namespace + "/" + image_for_docker["image"], 'utf-8'),
image_for_docker["tag"], **USER_CLIENT)
#9. Image pulled by ctr CLI should be cached;
self.artifact.waiting_for_reference_exist(
project_name,
urllib.parse.quote(user_namespace + "/" + image_for_ctr["image"],
'utf-8'), image_for_ctr["tag"], **USER_CLIENT)
#10. Manifest index pulled by docker CLI should be cached;
ret_index_by_d = self.artifact.waiting_for_reference_exist(
project_name, urllib.parse.quote(index_repo_name, 'utf-8'),
index_for_docker["tag"], **USER_CLIENT)
print("Index's reference by docker CLI:", ret_index_by_d[0].references)
self.assertTrue(len(ret_index_by_d[0].references) == 1)
#11. Manifest index pulled by ctr CLI should be cached;
ret_index_by_c = self.artifact.waiting_for_reference_exist(
project_name, urllib.parse.quote(index_repo_name_for_ctr, 'utf-8'),
index_for_ctr["tag"], **USER_CLIENT)
print("Index's reference by ctr CLI:", ret_index_by_c[0].references)
self.assertTrue(len(ret_index_by_c[0].references) == 1)
def test_proxy_cache_from_harbor(self):
self.do_validate("harbor")
def test_proxy_cache_from_dockerhub(self):
self.do_validate("docker-hub")
def suite():
suite = unittest.TestSuite(unittest.makeSuite(TestProxyCache))
return suite
class TestProjectCVEAllowlist(unittest.TestCase):
"""
Test case:
Project Level CVE Allowlist
Setup:
1.Admin creates project(PA)
2.Create user(RA)
3.Add user(RA) as a guest of project(PA)
Test Steps:
1. User(RA) reads the project(PA), verify the "reuse_sys_cve_allowlist" is empty in the metadata, and the CVE allowlist is empty
2. User(RA) updates the project CVE allowlist, verify it fails with Forbidden error.
3. Admin user updates User(RA) as project admin.
4. User(RA) updates the project CVE allowlist with expiration date and one item in the items list.
5. User(RA) reads the project(PA), verify the CVE allowlist is updated as step 4
6. User(RA) updates the project CVE allowlist removes expiration date and clean the items.
7. User(RA) reads the project(PA), verify the CVE allowlist is updated as step 6
8. User(RA) updates the project metadata to set "reuse_sys_cve_allowlist" to true.
9. User(RA) reads the project(PA) verify the project metadata is updated.
Tear Down:
1. Remove User(RA) from project(PA) as member
2. Delete project(PA)
3. Delete User(RA)
"""
def setUp(self):
self.user = User()
self.project = Project()
user_ra_password = "******"
print("Setup: Creating user for test")
user_ra_id, user_ra_name = self.user.create_user(
user_password=user_ra_password, **ADMIN_CLIENT)
print("Created user: %s, id: %s" % (user_ra_name, user_ra_id))
self.USER_RA_CLIENT = dict(endpoint=ADMIN_CLIENT["endpoint"],
username=user_ra_name,
password=user_ra_password)
self.user_ra_id = int(user_ra_id)
p_id, _ = self.project.create_project(metadata={"public": "false"},
**ADMIN_CLIENT)
self.project_pa_id = int(p_id)
m_id = self.project.add_project_members(self.project_pa_id,
self.user_ra_id,
member_role_id=3,
**ADMIN_CLIENT)
self.member_id = int(m_id)
def tearDown(self):
print("Tearing down...")
self.project.delete_project_member(self.project_pa_id, self.member_id,
**ADMIN_CLIENT)
self.project.delete_project(self.project_pa_id, **ADMIN_CLIENT)
self.user.delete_user(self.user_ra_id, **ADMIN_CLIENT)
def testProjectLevelCVEAllowlist(self):
# User(RA) reads the project(PA), verify the "reuse_sys_cve_allowlist" is empty in the metadata,
# and the CVE allowlist is empty
p = self.project.get_project(self.project_pa_id, **self.USER_RA_CLIENT)
self.assertIsNone(p.metadata.reuse_sys_cve_allowlist)
self.assertEqual(0, len(p.cve_allowlist.items))
# User(RA) updates the project CVE allowlist, verify it fails with Forbidden error.
item_list = [swagger_client.CVEAllowlistItem(cve_id="CVE-2019-12310")]
exp = int(time.time()) + 1000
wl = swagger_client.CVEAllowlist(expires_at=exp, items=item_list)
self.project.update_project(self.project_pa_id,
cve_allowlist=wl,
expect_status_code=403,
**self.USER_RA_CLIENT)
# Admin user updates User(RA) as project admin.
self.project.update_project_member_role(self.project_pa_id,
self.member_id, 1,
**ADMIN_CLIENT)
# User(RA) updates the project CVE allowlist with expiration date and one item in the items list.
self.project.update_project(self.project_pa_id,
cve_allowlist=wl,
**self.USER_RA_CLIENT)
p = self.project.get_project(self.project_pa_id, **self.USER_RA_CLIENT)
self.assertEqual("CVE-2019-12310", p.cve_allowlist.items[0].cve_id)
self.assertEqual(exp, p.cve_allowlist.expires_at)
# User(RA) updates the project CVE allowlist with empty items list
wl2 = swagger_client.CVEAllowlist(items=[])
self.project.update_project(self.project_pa_id,
cve_allowlist=wl2,
**self.USER_RA_CLIENT)
p = self.project.get_project(self.project_pa_id, **self.USER_RA_CLIENT)
self.assertEqual(0, len(p.cve_allowlist.items))
self.assertIsNone(p.cve_allowlist.expires_at)
# User(RA) updates the project metadata to set "reuse_sys_cve_allowlist" to true.
meta = swagger_client.ProjectMetadata(reuse_sys_cve_allowlist="true")
self.project.update_project(self.project_pa_id,
metadata=meta,
**self.USER_RA_CLIENT)
p = self.project.get_project(self.project_pa_id, **self.USER_RA_CLIENT)
self.assertEqual("true", p.metadata.reuse_sys_cve_allowlist)
class TestAssignRoleToLdapGroup(unittest.TestCase):
@suppress_urllib3_warning
def setUp(self):
self.conf = Configurations()
self.project = Project()
self.artifact = Artifact()
self.repo = Repository()
self.user = User()
@unittest.skipIf(TEARDOWN == False, "Test data won't be erased.")
def tearDown(self):
print("Case completed")
def testAssignRoleToLdapGroup(self):
"""
Test case:
Assign Role To Ldap Group
Test step and expected result:
1. Set LDAP Auth configurations;
2. Create a new public project(PA) by Admin;
3. Add 3 member groups to project(PA);
4. Push image by each member role;
5. Verfify that admin_user can add project member, dev_user and guest_user can not add project member;
6. Verfify that admin_user and dev_user can push image, guest_user can not push image;
7. Verfify that admin_user, dev_user and guest_user can view logs, test user can not view logs.
8. Delete repository(RA) by user(UA);
9. Delete project(PA);
"""
url = ADMIN_CLIENT["endpoint"]
USER_ADMIN = dict(endpoint=url,
username="******",
password="******",
repo="haproxy")
USER_DEV = dict(endpoint=url,
username="******",
password="******",
repo="alpine")
USER_GUEST = dict(endpoint=url,
username="******",
password="******",
repo="busybox")
USER_TEST = dict(endpoint=url, username="******", password="******")
USER_MIKE = dict(endpoint=url, username="******", password="******")
#USER001 is in group harbor_group3
self.conf.set_configurations_of_ldap(
ldap_filter="",
ldap_group_attribute_name="cn",
ldap_group_base_dn="ou=groups,dc=example,dc=com",
ldap_group_search_filter="objectclass=groupOfNames",
ldap_group_search_scope=2,
**ADMIN_CLIENT)
with created_project(metadata={"public": "false"}) as (project_id,
project_name):
self.project.add_project_members(
project_id,
member_role_id=1,
_ldap_group_dn="cn=harbor_admin,ou=groups,dc=example,dc=com",
**ADMIN_CLIENT)
self.project.add_project_members(
project_id,
member_role_id=2,
_ldap_group_dn="cn=harbor_dev,ou=groups,dc=example,dc=com",
**ADMIN_CLIENT)
self.project.add_project_members(
project_id,
member_role_id=3,
_ldap_group_dn="cn=harbor_guest,ou=groups,dc=example,dc=com",
**ADMIN_CLIENT)
projects = self.project.get_projects(dict(name=project_name),
**USER_ADMIN)
self.assertTrue(len(projects) == 1)
self.assertEqual(1, projects[0].current_user_role_id)
#Mike has logged in harbor in previous test.
mike = self.user.get_user_by_name(USER_MIKE["username"],
**ADMIN_CLIENT)
#Verify role difference in add project member feature, to distinguish between admin and dev role
self.project.add_project_members(project_id,
user_id=mike.user_id,
member_role_id=3,
**USER_ADMIN)
self.project.add_project_members(project_id,
user_id=mike.user_id,
member_role_id=3,
expect_status_code=403,
**USER_DEV)
self.project.add_project_members(project_id,
user_id=mike.user_id,
member_role_id=3,
expect_status_code=403,
**USER_GUEST)
repo_name_admin, _ = push_image_to_project(
project_name, harbor_server, USER_ADMIN["username"],
USER_ADMIN["password"], USER_ADMIN["repo"], "latest")
artifacts = self.artifact.list_artifacts(project_name,
USER_ADMIN["repo"],
**USER_ADMIN)
self.assertTrue(len(artifacts) == 1)
repo_name_dev, _ = push_image_to_project(
project_name, harbor_server, USER_DEV["username"],
USER_DEV["password"], USER_DEV["repo"], "latest")
artifacts = self.artifact.list_artifacts(project_name,
USER_DEV["repo"],
**USER_DEV)
self.assertTrue(len(artifacts) == 1)
push_image_to_project(
project_name,
harbor_server,
USER_GUEST["username"],
USER_GUEST["password"],
USER_GUEST["repo"],
"latest",
expected_error_message="unauthorized to access repository")
artifacts = self.artifact.list_artifacts(project_name,
USER_GUEST["repo"],
**USER_GUEST)
self.assertTrue(len(artifacts) == 0)
self.assertTrue(
self.project.query_user_logs(project_name, **USER_ADMIN) > 0,
"admin user can see logs")
self.assertTrue(
self.project.query_user_logs(project_name, **USER_DEV) > 0,
"dev user can see logs")
self.assertTrue(
self.project.query_user_logs(project_name, **USER_GUEST) > 0,
"guest user can see logs")
self.assertTrue(
self.project.query_user_logs(project_name,
status_code=403,
**USER_TEST) == 0,
"test user can not see any logs")
self.repo.delete_repository(project_name,
repo_name_admin.split('/')[1],
**USER_ADMIN)
self.repo.delete_repository(project_name,
repo_name_dev.split('/')[1],
**USER_ADMIN)
class TestProjects(unittest.TestCase):
@classmethod
def setUp(self):
self.project = Project()
self.user = User()
self.repo = Repository()
self.system = System()
@classmethod
def tearDown(self):
print "Case completed"
@unittest.skipIf(TEARDOWN == False, "Test data won't be erased.")
def test_ClearData(self):
#1. Delete project(PA);
self.project.delete_project(TestProjects.project_test_quota_id,
**ADMIN_CLIENT)
#2. Delete user(UA);
self.user.delete_user(TestProjects.user_test_quota_id, **ADMIN_CLIENT)
def testProjectQuota(self):
"""
Test case:
Project Quota
Test step and expected result:
1. Create a new user(UA);
2. Create a new private project(PA) by user(UA);
3. Add user(UA) as a member of project(PA) with project-admin role;
4. Push an image to project(PA) by user(UA), then check the project quota usage;
5. Check quota change
6. Delete image, the quota should be changed to 0.
Tear down:
1. Delete repository(RA) by user(UA);
2. Delete project(PA);
3. Delete user(UA);
"""
url = ADMIN_CLIENT["endpoint"]
user_001_password = "******"
#1. Create user-001
TestProjects.user_test_quota_id, user_test_quota_name = self.user.create_user(
user_password=user_001_password, **ADMIN_CLIENT)
TestProjects.USER_TEST_QUOTA_CLIENT = dict(
endpoint=url,
username=user_test_quota_name,
password=user_001_password)
#2. Create a new private project(PA) by user(UA);
TestProjects.project_test_quota_id, project_test_quota_name = self.project.create_project(
metadata={"public": "false"}, **ADMIN_CLIENT)
#3. Add user(UA) as a member of project(PA) with project-admin role;
self.project.add_project_members(TestProjects.project_test_quota_id,
TestProjects.user_test_quota_id,
**ADMIN_CLIENT)
#4.Push an image to project(PA) by user(UA), then check the project quota usage; -- {"count": 1, "storage": 2791709}
image = "goharbor/alpine"
src_tag = "3.10"
TestProjects.repo_name, _ = push_image_to_project(
project_test_quota_name, harbor_server, user_test_quota_name,
user_001_password, image, src_tag)
#5. Get project quota
quota = self.system.get_project_quota(
"project", TestProjects.project_test_quota_id, **ADMIN_CLIENT)
self.assertEqual(quota[0].used["count"], 1)
self.assertEqual(quota[0].used["storage"], 2789002)
#6. Delete repository(RA) by user(UA);
self.repo.delete_repoitory(TestProjects.repo_name, **ADMIN_CLIENT)
#6. Quota should be 0
quota = self.system.get_project_quota(
"project", TestProjects.project_test_quota_id, **ADMIN_CLIENT)
self.assertEqual(quota[0].used["count"], 0)
self.assertEqual(quota[0].used["storage"], 0)