class TestProjects(unittest.TestCase):
@classmethod
def setUpClass(self):
self.project= Project()
self.user= User()
self.chart= Chart()
self.url = ADMIN_CLIENT["endpoint"]
self.chart_api_url = CHART_API_CLIENT['endpoint']
self.user_push_chart_password = "******"
self.chart_file = "https://storage.googleapis.com/harbor-builds/helm-chart-test-files/harbor-0.2.0.tgz"
self.archive = "harbor/"
self.CHART_NAME=self.archive.replace("/", "")
self.verion = "0.2.0"
self.chart_repo_name = "chart_local"
self.repo_name = "harbor_api_test"
@classmethod
def tearDownClass(self):
print("Case completed")
@unittest.skipIf(TEARDOWN == False, "Test data won't be erased.")
def test_ClearData(self):
#1. Delete user(UA).
self.user.delete_user(TestProjects.user_id, **ADMIN_CLIENT)
def testPushChartToChartRepoByHelm2WithRobotAccount(self):
"""
Test case:
Push Chart File To Chart Repository By Helm V2 With Robot Account
Test step and expected result:
1. Create a new user(UA);
2. Create private project(PA) with user(UA);
3. Create a new robot account(RA) with full priviliges in project(PA) with user(UA);
4. Push chart to project(PA) by Helm2 CLI with robot account(RA);
5. Get chart repositry from project(PA) successfully;
Tear down:
1. Delete user(UA).
"""
#1. Create user(UA);
TestProjects.user_id, user_name = self.user.create_user(user_password = self.user_push_chart_password, **ADMIN_CLIENT)
TestProjects.USER_CLIENT=dict(endpoint = self.url, username = user_name, password = self.user_push_chart_password)
TestProjects.API_CHART_CLIENT=dict(endpoint = self.chart_api_url, username = user_name, password = self.user_push_chart_password)
#2. Create private project(PA) with user(UA);
TestProjects.project_id, TestProjects.project_name = self.project.create_project(metadata = {"public": "false"}, **TestProjects.USER_CLIENT)
#3. Create a new robot account(RA) with full priviliges in project(PA) with user(UA);
robot_id, robot_account = self.project.add_project_robot_account(TestProjects.project_id, TestProjects.project_name,
2441000531 ,**TestProjects.USER_CLIENT)
#4. Push chart to project(PA) by Helm2 CLI with robot account(RA);"
library.helm.helm2_add_repo(self.chart_repo_name, "https://"+harbor_server, TestProjects.project_name, robot_account.name, robot_account.token)
library.helm.helm2_push(self.chart_repo_name, self.chart_file, TestProjects.project_name, robot_account.name, robot_account.token)
#5. Get chart repositry from project(PA) successfully;
self.chart.chart_should_exist(TestProjects.project_name, self.CHART_NAME, **TestProjects.API_CHART_CLIENT)
#6. Push chart to project(PA) by Helm3 CLI with robot account(RA);
chart_cli_ret = library.helm.helm_chart_push_to_harbor(self.chart_file, self.archive, harbor_server, TestProjects.project_name, self.repo_name, self.verion, robot_account.name, robot_account.token)
class TestProjects(unittest.TestCase):
@suppress_urllib3_warning
def setUp(self):
self.project = Project()
self.user = User()
self.artifact = Artifact()
self.repo = Repository()
self.repo_name = "hello-artifact"
self.tag = "test_v2"
@unittest.skipIf(TEARDOWN == False, "Test data won't be erased.")
def tearDown(self):
#1. Delete user(UA);
self.user.delete_user(TestProjects.user_sign_image_id, **ADMIN_CLIENT)
def testOrasCli(self):
"""
Test case:
Push Artifact With ORAS CLI
Test step and expected result:
1. Create user-001
2. Create a new private project(PA) by user(UA);
3. ORAS CLI push artifacts;
4. Get repository from Harbor successfully, and verfiy repository name is repo pushed by ORAS CLI;
5. Get and verify artifacts by tag;
6. ORAS CLI pull artifacts index by tag;
7. Verfiy MD5 between artifacts pushed by ORAS and artifacts pulled by ORAS;
Tear down:
NA
"""
url = ADMIN_CLIENT["endpoint"]
user_001_password = "******"
#1. Create user-001
TestProjects.user_sign_image_id, user_name = self.user.create_user(user_password = user_001_password, **ADMIN_CLIENT)
TestProjects.USER_CLIENT=dict(with_signature = True, endpoint = url, username = user_name, password = user_001_password)
#2. Create a new private project(PA) by user(UA);
TestProjects.project_id, TestProjects.project_name = self.project.create_project(metadata = {"public": "false"}, **TestProjects.USER_CLIENT)
#3. ORAS CLI push artifacts;
md5_list_push = library.oras.oras_push(harbor_server, user_name, user_001_password, TestProjects.project_name, self.repo_name, self.tag)
#4. Get repository from Harbor successfully, and verfiy repository name is repo pushed by ORAS CLI;
repo_data = self.repo.get_repository(TestProjects.project_name, self.repo_name, **TestProjects.USER_CLIENT)
self.assertEqual(repo_data.name, TestProjects.project_name + "/" + self.repo_name)
#5. Get and verify artifacts by tag;
artifact = self.artifact.get_reference_info(TestProjects.project_name, self.repo_name, self.tag, **TestProjects.USER_CLIENT)
self.assertEqual(artifact.tags[0].name, self.tag)
#6. ORAS CLI pull artifacts index by tag;
md5_list_pull = library.oras.oras_pull(harbor_server, user_name, user_001_password, TestProjects.project_name, self.repo_name, self.tag)
#7. Verfiy MD5 between artifacts pushed by ORAS and artifacts pulled by ORAS;
if set(md5_list_push) != set(md5_list_pull):
raise Exception(r"MD5 check failed with {} and {}.".format(str(md5_list_push), str(md5_list_pull)))
class TestProjects(unittest.TestCase):
@classmethod
def setUpClass(self):
self.project= Project()
self.user= User()
self.repo= Repository()
@classmethod
def tearDownClass(self):
print "Case completed"
@unittest.skipIf(TEARDOWN == False, "Test data won't be erased.")
def test_ClearData(self):
#1. Delete project(PA);
self.project.delete_project(TestProjects.project_del_repo_id, **TestProjects.USER_del_repo_CLIENT)
#2. Delete user(UA).
self.user.delete_user(TestProjects.user_del_repo_id, **ADMIN_CLIENT)
def testDelRepo(self):
"""
Test case:
Delete a repository
Test step and expected result:
1. Create a new user(UA);
2. Create a new project(PA) by user(UA);
3. Create a new repository(RA) in project(PA) by user(UA);
4. Get repository in project(PA), there should be one repository which was created by user(UA);
5. Delete repository(RA) by user(UA);
6. Get repository by user(UA), it should get nothing;
Tear down:
1. Delete project(PA);
2. Delete user(UA).
"""
url = ADMIN_CLIENT["endpoint"]
user_del_repo_password = "******"
#1. Create a new user(UA);
TestProjects.user_del_repo_id, user_del_repo_name = self.user.create_user(user_password = user_del_repo_password, **ADMIN_CLIENT)
TestProjects.USER_del_repo_CLIENT=dict(endpoint = url, username = user_del_repo_name, password = user_del_repo_password)
#2. Create a new project(PA) by user(UA);
TestProjects.project_del_repo_id, TestProjects.project_del_repo_name = self.project.create_project(metadata = {"public": "false"}, **TestProjects.USER_del_repo_CLIENT)
#3. Create a new repository(RA) in project(PA) by user(UA);
repo_name, _ = push_image_to_project(TestProjects.project_del_repo_name, harbor_server, 'admin', 'Harbor12345', "hello-world", "latest")
#4. Get repository in project(PA), there should be one repository which was created by user(UA);
repo_data = self.repo.list_repositories(TestProjects.project_del_repo_name, **TestProjects.USER_del_repo_CLIENT)
_assert_status_code(repo_name, repo_data[0].name)
#5. Delete repository(RA) by user(UA);
self.repo.delete_repoitory(TestProjects.project_del_repo_name, repo_name.split('/')[1], **TestProjects.USER_del_repo_CLIENT)
#6. Get repository by user(UA), it should get nothing;
repo_data = self.repo.list_repositories(TestProjects.project_del_repo_name, **TestProjects.USER_del_repo_CLIENT)
_assert_status_code(len(repo_data), 0)
class TestProjects(unittest.TestCase):
@classmethod
def setUp(self):
self.conf = Configurations()
self.user = User()
@classmethod
def tearDown(self):
print "Case completed"
@unittest.skipIf(TEARDOWN == False, "Test data won't be erased.")
def test_ClearData(self):
#1. Delete user(UA);
self.user.delete_user(TestProjects.user_assign_sys_admin_id,
**ADMIN_CLIENT)
def testAssignSysAdmin(self):
"""
Test case:
Assign Sys Admin
Test step and expected result:
1. Create a new user(UA);
2. Set user(UA) has sysadmin role by admin, check user(UA) can modify system configuration;
3. 3. Set user(UA) has no sysadmin role by admin, check user(UA) can not modify system configuration;
4. Set user(UA) has sysadmin role by admin, check user(UA) can modify system configuration.
Tear down:
1. Delete user(UA).
"""
url = ADMIN_CLIENT["endpoint"]
user_assign_sys_admin_password = "******"
#1. Create a new user(UA);
TestProjects.user_assign_sys_admin_id, user_assign_sys_admin_name = self.user.create_user(
user_password=user_assign_sys_admin_password, **ADMIN_CLIENT)
USER_ASSIGN_SYS_ADMIN_CLIENT = dict(
endpoint=url,
username=user_assign_sys_admin_name,
password=user_assign_sys_admin_password)
#2. Set user(UA) has sysadmin role by admin, check user(UA) can modify system configuration;
self.user.update_user_role_as_sysadmin(
TestProjects.user_assign_sys_admin_id, True, **ADMIN_CLIENT)
self.conf.set_configurations_of_token_expiration(
60, **USER_ASSIGN_SYS_ADMIN_CLIENT)
#3. Set user(UA) has no sysadmin role by admin, check user(UA) can not modify system configuration;
self.user.update_user_role_as_sysadmin(
TestProjects.user_assign_sys_admin_id, False, **ADMIN_CLIENT)
self.conf.set_configurations_of_token_expiration(
70, expect_status_code=403, **USER_ASSIGN_SYS_ADMIN_CLIENT)
#4. Set user(UA) has sysadmin role by admin, check user(UA) can modify system configuration.
self.user.update_user_role_as_sysadmin(
TestProjects.user_assign_sys_admin_id, True, **ADMIN_CLIENT)
self.conf.set_configurations_of_token_expiration(
80, **USER_ASSIGN_SYS_ADMIN_CLIENT)
def created_user(password):
from library.user import User
api = User()
user_id, user_name = api.create_user(user_password=password, **ADMIN_CLIENT)
try:
yield (user_id, user_name)
finally:
if TEARDOWN:
api.delete_user(user_id, **ADMIN_CLIENT)
class TestProjects(unittest.TestCase):
@classmethod
def setUp(self):
self.conf= Configurations()
self.project= Project()
self.user= User()
@classmethod
def tearDown(self):
print "Case completed"
@unittest.skipIf(TEARDOWN == False, "Test data won't be erased.")
def test_ClearData(self):
print "Clear trace"
#1. Delete project(PA);
self.project.delete_project(TestProjects.project_edit_project_creation_id, **TestProjects.USER_edit_project_creation_CLIENT)
#2. Delete user(UA);
self.user.delete_user(TestProjects.user_edit_project_creation_id, **ADMIN_CLIENT)
def testEditProjectCreation(self):
"""
Test case:
Edit Project Creation
Test step and expected result:
1. Create a new user(UA);
2. Set project creation to "admin only";
3. Create a new project(PA) by user(UA), and fail to create a new project;
4. Set project creation to "everyone";
5. Create a new project(PA) by user(UA), success to create a project.
Tear down:
1. Delete project(PA);
2. Delete user(UA);
"""
url = ADMIN_CLIENT["endpoint"]
user_edit_project_creation_password = "******"
#1. Create a new user(UA);
TestProjects.user_edit_project_creation_id, user_edit_project_creation_name = self.user.create_user(user_password = user_edit_project_creation_password, **ADMIN_CLIENT)
TestProjects.USER_edit_project_creation_CLIENT=dict(endpoint = url, username = user_edit_project_creation_name, password = user_edit_project_creation_password)
#2. Set project creation to "admin only";
self.conf.set_configurations_of_project_creation_restriction("adminonly", **ADMIN_CLIENT)
#3. Create a new project(PA) by user(UA), and fail to create a new project;
self.project.create_project(metadata = {"public": "false"}, expect_status_code = 403,
expect_response_body = "{\"errors\":[{\"code\":\"FORBIDDEN\",\"message\":\"Only system admin can create project\"}]}", **TestProjects.USER_edit_project_creation_CLIENT)
#4. Set project creation to "everyone";
self.conf.set_configurations_of_project_creation_restriction("everyone", **ADMIN_CLIENT)
#5. Create a new project(PA) by user(UA), success to create a project.
TestProjects.project_edit_project_creation_id, _ = self.project.create_project(metadata = {"public": "false"}, **TestProjects.USER_edit_project_creation_CLIENT)
def created_user(password, _teardown=None):
from library.user import User
api = User()
is_teardown = TEARDOWN
if _teardown in (True, False):
is_teardown = _teardown
user_id, user_name = api.create_user(user_password=password, **ADMIN_CLIENT)
try:
yield (user_id, user_name)
finally:
if is_teardown:
api.delete_user(user_id, **ADMIN_CLIENT)
class TestProjects(unittest.TestCase):
@suppress_urllib3_warning
def setUp(self):
self.project = Project()
self.user = User()
self.repo = Repository()
@unittest.skipIf(TEARDOWN == False, "Test data won't be erased.")
def tearDown(self):
#1. Delete repository(RA) by admin;
self.repo.delete_repository(TestProjects.project_alice_name, TestProjects.repo_name.split('/')[1], **ADMIN_CLIENT)
#2. Delete project(Alice);
self.project.delete_project(TestProjects.project_alice_id, **ADMIN_CLIENT)
#3. Delete user Alice, Bob and Carol.
self.user.delete_user(TestProjects.user_alice_id, **ADMIN_CLIENT)
self.user.delete_user(TestProjects.user_bob_id, **ADMIN_CLIENT)
self.user.delete_user(TestProjects.user_carol_id, **ADMIN_CLIENT)
def testManageProjectMember(self):
"""
Test case:
Manage Project members
Test step and expected result:
1. Create user Alice, Bob, Carol;
2. Create private project(Alice) by Alice, Add a repository to project(Alice) by Alice;
3. Bob is not a member of project(Alice);
4. Alice Add Bob as a guest member of project(Alice), Check Bob is a guest member of project(Alice);
5. Update role of Bob to developer of project(Alice), Check Bob is developer member of project(Alice);
6. Update role of Bob to admin member of project(Alice), Check Bob is admin member of project(Alice);
7. Bob add Carol to project(Alice) as a guest member, Carol is a member of project(Alice) as a guest;
8. Alice delete Bob from project(Alice),
Bob is no longer a member of project(Alice) and Bob can see project(Alice),
Carol is still a member of project(Alice) as a guest.
Tear down:
1. Delete repository(RA) by admin;
2. Delete project(Alice);
3. Delete user Alice, Bob and Carol.
"""
url = ADMIN_CLIENT["endpoint"]
user_alice_password = "******"
user_bob_password = "******"
user_carol_password = "******"
#1.1 Create user Alice
TestProjects.user_alice_id, user_alice_name = self.user.create_user(user_password = user_alice_password, **ADMIN_CLIENT)
USER_ALICE_CLIENT=dict(endpoint = url, username = user_alice_name, password = user_alice_password)
#1.2 Create user Bob
TestProjects.user_bob_id, user_bob_name = self.user.create_user(user_password = user_bob_password, **ADMIN_CLIENT)
USER_BOB_CLIENT=dict(endpoint = url, username = user_bob_name, password = user_bob_password)
#1.3 Create user Carol
TestProjects.user_carol_id, user_carol_name = self.user.create_user(user_password = user_carol_password, **ADMIN_CLIENT)
#2.1 Create private project(PA) by Alice
TestProjects.project_alice_id, TestProjects.project_alice_name = self.project.create_project(metadata = {"public": "false"}, **USER_ALICE_CLIENT)
#2.2 Add a repository to project(PA) by Alice
TestProjects.repo_name, _ = push_self_build_image_to_project(TestProjects.project_alice_name, harbor_server, user_alice_name, user_alice_password, "hello-world", "latest")
#3. Bob is not a member of project(PA);
self.project.check_project_member_not_exist(TestProjects.project_alice_id, user_bob_name, **USER_ALICE_CLIENT)
#4.1 Alice Add Bob as a guest member of project(PA)
member_id_bob = self.project.add_project_members(TestProjects.project_alice_id, user_id=TestProjects.user_bob_id, member_role_id = 3, **USER_ALICE_CLIENT)
#4.2 Check Bob is a guest member of project(PA)
self.project.check_project_members_exist(TestProjects.project_alice_id, user_bob_name, expected_member_role_id = 3, user_name = user_bob_name, user_password = user_bob_password, **USER_ALICE_CLIENT)
#5.1 Update role of Bob to developer of project(PA)
self.project.update_project_member_role(TestProjects.project_alice_id, member_id_bob, 2, **USER_ALICE_CLIENT)
#5.2 Check Bob is developer member of project(PA)
self.project.check_project_members_exist(TestProjects.project_alice_id, user_bob_name, expected_member_role_id = 2, user_name = user_bob_name, user_password = user_bob_password, **USER_ALICE_CLIENT)
#6.1 Update role of Bob to admin member of project(PA)
self.project.update_project_member_role(TestProjects.project_alice_id, member_id_bob, 1, **USER_ALICE_CLIENT)
#6.2 Check Bob is admin member of project(PA)
self.project.check_project_members_exist(TestProjects.project_alice_id, user_bob_name, expected_member_role_id = 1, user_name = user_bob_name, user_password = user_bob_password, **USER_ALICE_CLIENT)
#7.1 Bob add Carol to project(PA) as a guest member.
self.project.add_project_members(TestProjects.project_alice_id, TestProjects.user_carol_id, member_role_id = 3, **USER_BOB_CLIENT)
#7.2 Carol is a member of project(PA) as a guest.
self.project.check_project_members_exist(TestProjects.project_alice_id, user_carol_name, expected_member_role_id = 3, user_name = user_carol_name, user_password = user_carol_password, **USER_ALICE_CLIENT)
#8.1 Alice delete Bob from project(PA).
self.project.delete_project_member(TestProjects.project_alice_id, member_id_bob, **USER_ALICE_CLIENT)
#8.2 Bob is no longer a member of project(PA) and Bob can see project(PA).
self.project.check_project_member_not_exist(TestProjects.project_alice_id, user_bob_name, **USER_ALICE_CLIENT)
#8.3 Carol is still a member of project(PA) as a guest.
self.project.check_project_members_exist(TestProjects.project_alice_id, user_carol_name, expected_member_role_id = 3, user_name = user_carol_name, user_password = user_carol_password, **USER_ALICE_CLIENT)
class TestStopScanAll(unittest.TestCase):
@suppress_urllib3_warning
def setUp(self):
self.project = Project()
self.user = User()
self.artifact = Artifact()
self.repo = Repository()
self.scan_all = ScanAll()
self.stop_scan_all = StopScanAll()
@unittest.skipIf(TEARDOWN == False, "Test data won't be erased.")
def tearDown(self):
#1. Delete Alice's repository and Luca's repository;
self.repo.delete_repository(
TestStopScanAll.project_Alice_name,
TestStopScanAll.repo_Alice_name.split('/')[1], **ADMIN_CLIENT)
self.repo.delete_repository(
TestStopScanAll.project_Luca_name,
TestStopScanAll.repo_Luca_name.split('/')[1], **ADMIN_CLIENT)
#2. Delete Alice's project and Luca's project;
self.project.delete_project(TestStopScanAll.project_Alice_id,
**ADMIN_CLIENT)
self.project.delete_project(TestStopScanAll.project_Luca_id,
**ADMIN_CLIENT)
#3. Delete user Alice and Luca.
self.user.delete_user(TestStopScanAll.user_Alice_id, **ADMIN_CLIENT)
self.user.delete_user(TestStopScanAll.user_Luca_id, **ADMIN_CLIENT)
print("Case completed")
def testSystemLevelScanALL(self):
"""
Test case:
System level Stop Scan All
Test step and expected result:
1. Create user Alice and Luca;
2. Create 2 new private projects project_Alice and project_Luca;
3. Push a image to project_Alice and push another image to project_Luca;
4. Trigger scan all event;
5. Send stop scan all request.
Tear down:
1. Delete Alice's repository and Luca's repository;
2. Delete Alice's project and Luca's project;
3. Delete user Alice and Luca.
"""
url = ADMIN_CLIENT["endpoint"]
user_common_password = "******"
#1. Create user Alice and Luca;
TestStopScanAll.user_Alice_id, user_Alice_name = self.user.create_user(
user_password=user_common_password, **ADMIN_CLIENT)
TestStopScanAll.user_Luca_id, user_Luca_name = self.user.create_user(
user_password=user_common_password, **ADMIN_CLIENT)
USER_ALICE_CLIENT = dict(endpoint=url,
username=user_Alice_name,
password=user_common_password,
with_scan_overview=True)
USER_LUCA_CLIENT = dict(endpoint=url,
username=user_Luca_name,
password=user_common_password,
with_scan_overview=True)
#2. Create 2 new private projects project_Alice and project_Luca;
TestStopScanAll.project_Alice_id, TestStopScanAll.project_Alice_name = self.project.create_project(
metadata={"public": "false"}, **USER_ALICE_CLIENT)
TestStopScanAll.project_Luca_id, TestStopScanAll.project_Luca_name = self.project.create_project(
metadata={"public": "false"}, **USER_LUCA_CLIENT)
#3. Push a image to project_Alice and push another image to project_Luca;
#Note: Please make sure that this Image has never been pulled before by any other cases,
# so it is a not-scanned image rigth after repository creation.
#image = "tomcat"
image_a = "mariadb"
src_tag = "latest"
#3.1 Push a image to project_Alice;
TestStopScanAll.repo_Alice_name, tag_Alice = push_self_build_image_to_project(
TestStopScanAll.project_Alice_name, harbor_server, user_Alice_name,
user_common_password, image_a, src_tag)
#Note: Please make sure that this Image has never been pulled before by any other cases,
# so it is a not-scanned image rigth after repository creation.
image_b = "httpd"
src_tag = "latest"
#3.2 push another image to project_Luca;
TestStopScanAll.repo_Luca_name, tag_Luca = push_self_build_image_to_project(
TestStopScanAll.project_Luca_name, harbor_server, user_Luca_name,
user_common_password, image_b, src_tag)
#4. Trigger scan all event;
self.scan_all.scan_all_now(**ADMIN_CLIENT)
# self.scan_all.wait_until_scans_all_finish(**ADMIN_CLIENT)
#5. Send stop scan all request.
self.stop_scan_all.stop_scan_all()
class TestProjects(unittest.TestCase):
@classmethod
def setUpClass(self):
self.project = Project()
self.user = User()
self.artifact = Artifact(api_type='artifact')
self.repo = Repository(api_type='repository')
@classmethod
def tearDownClass(self):
print "Case completed"
@unittest.skipIf(TEARDOWN == False, "Test data won't be erased.")
def test_ClearData(self):
#1. Delete repository(RA);
self.repo.delete_repoitory(TestProjects.project_src_repo_name,
(TestProjects.src_repo_name).split('/')[1],
**TestProjects.USER_RETAG_CLIENT)
#2. Delete repository by retag;
self.repo.delete_repoitory(TestProjects.project_dst_repo_name,
(TestProjects.dst_repo_name).split('/')[1],
**TestProjects.USER_RETAG_CLIENT)
#3. Delete project(PA);
self.project.delete_project(TestProjects.project_src_repo_id,
**TestProjects.USER_RETAG_CLIENT)
self.project.delete_project(TestProjects.project_dst_repo_id,
**TestProjects.USER_RETAG_CLIENT)
#4. Delete user(UA).
self.user.delete_user(TestProjects.user_retag_id, **ADMIN_CLIENT)
def testRetag(self):
"""
Test case:
Retag Image
Test step and expected result:
1. Create a new user(UA);
2. Create a new project(PA) by user(UA);
3. Create a new project(PB) by user(UA);
4. Update role of user-retag as guest member of project(PB);
5. Create a new repository(RA) in project(PA) by user(UA);
6. Get repository in project(PA), there should be one repository which was created by user(UA);
7. Get repository(RA)'s image tag detail information;
8. Retag image in project(PA) to project(PB), it should be forbidden;
9. Update role of user-retag as admin member of project(PB);
10. Retag image in project(PA) to project(PB), it should be successful;
11. Get repository(RB)'s image tag detail information;
12. Read digest of retaged image, it must be the same with the image in repository(RA);
13. Pull image from project(PB) by user_retag, it must be successful;
Tear down:
1. Delete repository(RA);
2. Delete repository by retag;
3. Delete project(PA);
4. Delete user(UA).
"""
url = ADMIN_CLIENT["endpoint"]
user_retag_password = "******"
pull_tag_name = "latest"
dst_repo_sub_name = "repo"
#1. Create a new user(UA);
TestProjects.user_retag_id, user_retag_name = self.user.create_user(
user_password=user_retag_password, **ADMIN_CLIENT)
TestProjects.USER_RETAG_CLIENT = dict(endpoint=url,
username=user_retag_name,
password=user_retag_password)
#2. Create a new project(PA) by user(UA);
TestProjects.project_src_repo_id, TestProjects.project_src_repo_name = self.project.create_project(
metadata={"public": "false"}, **TestProjects.USER_RETAG_CLIENT)
#3. Create a new project(PB) by user(UA);
TestProjects.project_dst_repo_id, TestProjects.project_dst_repo_name = self.project.create_project(
metadata={"public": "false"}, **TestProjects.USER_RETAG_CLIENT)
retag_member_id = self.project.get_project_member_id(
TestProjects.project_dst_repo_id, user_retag_name,
**TestProjects.USER_RETAG_CLIENT)
#4. Update role of user-retag as guest member of project(PB);
self.project.update_project_member_role(
TestProjects.project_dst_repo_id, retag_member_id, 3,
**ADMIN_CLIENT)
#5. Create a new repository(RA) in project(PA) by user(UA);
TestProjects.src_repo_name, tag_name = push_image_to_project(
TestProjects.project_src_repo_name, harbor_server, 'admin',
'Harbor12345', "hello-world", pull_tag_name)
#6. Get repository in project(PA), there should be one repository which was created by user(UA);
src_repo_data = self.repo.get_repository(
TestProjects.project_src_repo_name,
**TestProjects.USER_RETAG_CLIENT)
_assert_status_code(TestProjects.src_repo_name, src_repo_data[0].name)
#7. Get repository(RA)'s image tag detail information;
src_tag_data = self.artifact.get_reference_info(
TestProjects.project_src_repo_name,
TestProjects.src_repo_name.split('/')[1], tag_name,
**TestProjects.USER_RETAG_CLIENT)
TestProjects.dst_repo_name = TestProjects.project_dst_repo_name + "/" + dst_repo_sub_name
#8. Retag image in project(PA) to project(PB), it should be forbidden;
self.artifact.copy_artifact(TestProjects.project_dst_repo_name,
dst_repo_sub_name,
TestProjects.src_repo_name + "@" +
src_tag_data[0].digest,
expect_status_code=403,
**TestProjects.USER_RETAG_CLIENT)
#9. Update role of user-retag as admin member of project(PB);
self.project.update_project_member_role(
TestProjects.project_dst_repo_id, retag_member_id, 1,
**ADMIN_CLIENT)
#10. Retag image in project(PA) to project(PB), it should be successful;
self.artifact.copy_artifact(
TestProjects.project_dst_repo_name, dst_repo_sub_name,
TestProjects.src_repo_name + "@" + src_tag_data[0].digest,
**TestProjects.USER_RETAG_CLIENT)
#11. Get repository(RB)'s image tag detail information;
dst_tag_data = self.artifact.get_reference_info(
TestProjects.project_dst_repo_name, dst_repo_sub_name, tag_name,
**TestProjects.USER_RETAG_CLIENT)
#12. Read digest of retaged image, it must be the same with the image in repository(RA);
self.assertEqual(src_tag_data[0].digest, dst_tag_data[0].digest)
#13. Pull image from project(PB) by user_retag, it must be successful;"
pull_harbor_image(harbor_server, user_retag_name, user_retag_password,
TestProjects.dst_repo_name, tag_name)
class TestProjects(unittest.TestCase):
"""
Test case:
Tag Retention
Setup:
Create Project test-retention
Push image test1:1.0, test1:2.0, test1:3.0,latest, test2:1.0, test2:latest, test3:1.0, test4:1.0
Test Steps:
1. Create Retention Policy
2. Add rule "For the repositories matching **, retain always with tags matching latest*"
3. Add rule "For the repositories matching test3*, retain always with tags matching **"
4. Dry run, check execution and tasks
5. Real run, check images retained
Tear Down:
1. Delete project test-retention
"""
@classmethod
def setUpClass(self):
self.user = User()
self.system = System()
self.repo = Repository()
self.project = Project()
self.retention = Retention()
def testTagRetention(self):
user_ra_password = "******"
user_ra_id, user_ra_name = self.user.create_user(
user_password=user_ra_password, **ADMIN_CLIENT)
print("Created user: %s, id: %s" % (user_ra_name, user_ra_id))
TestProjects.USER_RA_CLIENT = dict(endpoint=ADMIN_CLIENT["endpoint"],
username=user_ra_name,
password=user_ra_password)
TestProjects.user_ra_id = int(user_ra_id)
TestProjects.project_src_repo_id, project_src_repo_name = self.project.create_project(
metadata={"public": "false"}, **TestProjects.USER_RA_CLIENT)
# Push image test1:1.0, test1:2.0, test1:3.0,latest, test2:1.0, test2:latest, test3:1.0
push_special_image_to_project(project_src_repo_name, harbor_server,
user_ra_name, user_ra_password, "test1",
['1.0'])
push_special_image_to_project(project_src_repo_name, harbor_server,
user_ra_name, user_ra_password, "test1",
['2.0'])
push_special_image_to_project(project_src_repo_name, harbor_server,
user_ra_name, user_ra_password, "test1",
['3.0', 'latest'])
push_special_image_to_project(project_src_repo_name, harbor_server,
user_ra_name, user_ra_password, "test2",
['1.0'])
push_special_image_to_project(project_src_repo_name, harbor_server,
user_ra_name, user_ra_password, "test2",
['latest'])
push_special_image_to_project(project_src_repo_name, harbor_server,
user_ra_name, user_ra_password, "test3",
['1.0'])
push_special_image_to_project(project_src_repo_name, harbor_server,
user_ra_name, user_ra_password, "test4",
['1.0'])
resp = self.repo.get_repository(TestProjects.project_src_repo_id,
**TestProjects.USER_RA_CLIENT)
self.assertEqual(len(resp), 4)
# Create Retention Policy
retention_id = self.retention.create_retention_policy(
TestProjects.project_src_repo_id,
selector_repository="**",
selector_tag="latest*",
expect_status_code=201,
**TestProjects.USER_RA_CLIENT)
# Add rule
self.retention.update_retention_add_rule(retention_id,
selector_repository="test3*",
selector_tag="**",
expect_status_code=200,
**TestProjects.USER_RA_CLIENT)
# Dry run
self.retention.trigger_retention_policy(retention_id,
dry_run=True,
**TestProjects.USER_RA_CLIENT)
time.sleep(2)
resp = self.retention.get_retention_executions(
retention_id, **TestProjects.USER_RA_CLIENT)
self.assertTrue(len(resp) > 0)
execution = resp[0]
resp = self.retention.get_retention_exec_tasks(
retention_id, execution.id, **TestProjects.USER_RA_CLIENT)
self.assertEqual(len(resp), 4)
resp = self.retention.get_retention_exec_task_log(
retention_id, execution.id, resp[0].id,
**TestProjects.USER_RA_CLIENT)
print(resp)
# Real run
self.retention.trigger_retention_policy(retention_id,
dry_run=False,
**TestProjects.USER_RA_CLIENT)
time.sleep(10)
resp = self.retention.get_retention_executions(
retention_id, **TestProjects.USER_RA_CLIENT)
self.assertTrue(len(resp) > 1)
execution = resp[0]
resp = self.retention.get_retention_exec_tasks(
retention_id, execution.id, **TestProjects.USER_RA_CLIENT)
self.assertEqual(len(resp), 4)
resp = self.retention.get_retention_exec_task_log(
retention_id, execution.id, resp[0].id,
**TestProjects.USER_RA_CLIENT)
print(resp)
resp = self.repo.get_repository(TestProjects.project_src_repo_id,
**TestProjects.USER_RA_CLIENT)
self.assertEqual(len(resp), 3)
@classmethod
def tearDownClass(self):
print "Case completed"
@unittest.skipIf(TEARDOWN == False, "Test data won't be erased.")
def test_ClearData(self):
resp = self.repo.get_repository(TestProjects.project_src_repo_id,
**TestProjects.USER_RA_CLIENT)
for repo in resp:
self.repo.delete_repoitory(repo.name,
**TestProjects.USER_RA_CLIENT)
self.project.delete_project(TestProjects.project_src_repo_id,
**TestProjects.USER_RA_CLIENT)
self.user.delete_user(TestProjects.user_ra_id, **ADMIN_CLIENT)
class TestProjects(unittest.TestCase):
@classmethod
def setUp(self):
self.project = Project()
self.user = User()
self.artifact = Artifact()
self.repo = Repository()
@classmethod
def tearDown(self):
print("Case completed")
@unittest.skipIf(TEARDOWN == False, "Test data won't be erased.")
def test_ClearData(self):
# remove the deletion as the signed image cannot be deleted.
#1. Delete repository(RA) by user(UA);
#self.repo.delete_repoitory(TestProjects.project_sign_image_name, TestProjects.repo_name.split('/')[1], **TestProjects.USER_sign_image_CLIENT)
#2. Delete project(PA);
#self.project.delete_project(TestProjects.project_sign_image_id, **TestProjects.USER_sign_image_CLIENT)
#3. Delete user(UA);
self.user.delete_user(TestProjects.user_sign_image_id, **ADMIN_CLIENT)
def testPushImageWithSpecialName(self):
"""
Test case:
Push Image With Special Name
Test step and expected result:
1. Create a new user(UA);
2. Create a new private project(PA) by user(UA);
3. Add user(UA) as a member of project(PA) with project-admin role;
4. Get private project of user(UA), user(UA) can see only one private project which is project(PA);
5. Create a new repository(RA) and tag(TA) in project(PA) by user(UA);
6. Sign image with tag(TA) which was tagged by step #5;
7. Get signature of image with tag(TA), it should be exist.
Tear down:
NA
"""
url = ADMIN_CLIENT["endpoint"]
user_001_password = "******"
#1. Create user-001
TestProjects.user_sign_image_id, user_sign_image_name = self.user.create_user(
user_password=user_001_password, **ADMIN_CLIENT)
TestProjects.USER_sign_image_CLIENT = dict(
with_signature=True,
endpoint=url,
username=user_sign_image_name,
password=user_001_password)
#2. Create a new private project(PA) by user(UA);
TestProjects.project_sign_image_id, TestProjects.project_sign_image_name = self.project.create_project(
metadata={"public": "false"}, **ADMIN_CLIENT)
#3. Add user(UA) as a member of project(PA) with project-admin role;
self.project.add_project_members(
TestProjects.project_sign_image_id,
user_id=TestProjects.user_sign_image_id,
**ADMIN_CLIENT)
#4. Get private project of user(UA), user(UA) can see only one private project which is project(PA);
self.project.projects_should_exist(
dict(public=False),
expected_count=1,
expected_project_id=TestProjects.project_sign_image_id,
**TestProjects.USER_sign_image_CLIENT)
image = "hello-world"
src_tag = "latest"
profix = "aaa/bbb"
#5. Create a new repository(RA) and tag(TA) in project(PA) by user(UA);
TestProjects.repo_name, tag = push_image_to_project(
TestProjects.project_sign_image_name,
harbor_server,
user_sign_image_name,
user_001_password,
image,
src_tag,
profix_for_image=profix)
#7. Get signature of image with tag(TA), it should be exist.
full_name = urllib.parse.quote(profix + "/" + image, 'utf-8')
artifact = self.artifact.get_reference_info(
TestProjects.project_sign_image_name, full_name, tag,
**TestProjects.USER_sign_image_CLIENT)
self.assertEqual(artifact[0].type, 'IMAGE')
class TestProjects(unittest.TestCase):
"""
Test case:
Tag Retention
Setup:
Create Project test-retention
Push image test1:1.0, test1:2.0, test1:3.0,latest, test2:1.0, test2:latest, test3:1.0, test4:1.0
Test Steps:
1. Create Retention Policy
2. Add rule "For the repositories matching **, retain always with tags matching latest*"
3. Add rule "For the repositories matching test3*, retain always with tags matching **"
4. Dry run, check execution and tasks
5. Real run, check images retained
Tear Down:
1. Delete project test-retention
"""
@suppress_urllib3_warning
def setUp(self):
self.user = User()
self.system = System()
self.repo = Repository()
self.project = Project()
self.retention = Retention()
self.artifact = Artifact()
self.repo_name_1 = "test1"
self.repo_name_2 = "test2"
@unittest.skipIf(TEARDOWN == False, "Test data won't be erased.")
def tearDown(self):
#TODO delete_repository will fail when no tags left anymore
resp = self.repo.list_repositories(TestProjects.project_src_repo_name,
**TestProjects.USER_RA_CLIENT)
for repo in resp:
self.repo.delete_repository(TestProjects.project_src_repo_name,
repo.name.split('/')[1],
**TestProjects.USER_RA_CLIENT)
self.project.delete_project(TestProjects.project_src_repo_id,
**TestProjects.USER_RA_CLIENT)
self.user.delete_user(TestProjects.user_ra_id, **ADMIN_CLIENT)
print("Case completed")
def testTagRetention(self):
user_ra_password = "******"
user_ra_id, user_ra_name = self.user.create_user(
user_password=user_ra_password, **ADMIN_CLIENT)
print("Created user: %s, id: %s" % (user_ra_name, user_ra_id))
TestProjects.USER_RA_CLIENT = dict(endpoint=ADMIN_CLIENT["endpoint"],
username=user_ra_name,
password=user_ra_password)
TestProjects.user_ra_id = int(user_ra_id)
TestProjects.project_src_repo_id, TestProjects.project_src_repo_name = self.project.create_project(
metadata={"public": "false"}, **TestProjects.USER_RA_CLIENT)
# Push image test1:1.0, test1:2.0, test1:3.0,latest, test2:1.0, test2:latest, test3:1.0
push_special_image_to_project(TestProjects.project_src_repo_name,
harbor_server, user_ra_name,
user_ra_password, self.repo_name_1,
['1.0'])
push_special_image_to_project(TestProjects.project_src_repo_name,
harbor_server, user_ra_name,
user_ra_password, self.repo_name_1,
['2.0'])
push_special_image_to_project(TestProjects.project_src_repo_name,
harbor_server, user_ra_name,
user_ra_password, self.repo_name_1,
['3.0', 'latest'])
push_special_image_to_project(TestProjects.project_src_repo_name,
harbor_server, user_ra_name,
user_ra_password, self.repo_name_2,
['1.0'])
push_special_image_to_project(TestProjects.project_src_repo_name,
harbor_server, user_ra_name,
user_ra_password, self.repo_name_2,
['latest'])
push_special_image_to_project(TestProjects.project_src_repo_name,
harbor_server, user_ra_name,
user_ra_password, "test3", ['1.0'])
push_special_image_to_project(TestProjects.project_src_repo_name,
harbor_server, user_ra_name,
user_ra_password, "test4", ['1.0'])
tag_data_artifact3_image1 = self.artifact.get_reference_info(
TestProjects.project_src_repo_name, self.repo_name_1, "3.0",
**TestProjects.USER_RA_CLIENT)
tag_data_artifact2_image2 = self.artifact.get_reference_info(
TestProjects.project_src_repo_name, self.repo_name_2, "latest",
**TestProjects.USER_RA_CLIENT)
tags = list_image_tags(
harbor_server,
TestProjects.project_src_repo_name + "/" + self.repo_name_1,
user_ra_name, user_ra_password)
#Delete all 2 tags of "artifact3" in repostory "image1";
self.artifact.delete_tag(TestProjects.project_src_repo_name,
self.repo_name_1, "3.0", "latest",
**TestProjects.USER_RA_CLIENT)
self.artifact.delete_tag(TestProjects.project_src_repo_name,
self.repo_name_1, "3.0", "3.0",
**TestProjects.USER_RA_CLIENT)
tags = list_image_tags(
harbor_server,
TestProjects.project_src_repo_name + "/" + self.repo_name_1,
user_ra_name, user_ra_password)
resp = self.repo.list_repositories(TestProjects.project_src_repo_name,
**TestProjects.USER_RA_CLIENT)
self.assertEqual(len(resp), 4)
# Create Retention Policy
retention_id = self.retention.create_retention_policy(
TestProjects.project_src_repo_id,
selector_repository="**",
selector_tag="latest*",
expect_status_code=201,
**TestProjects.USER_RA_CLIENT)
# Add rule
self.retention.update_retention_add_rule(retention_id,
selector_repository="test3*",
selector_tag="**",
expect_status_code=200,
**TestProjects.USER_RA_CLIENT)
# Dry run
self.retention.trigger_retention_policy(retention_id,
dry_run=True,
**TestProjects.USER_RA_CLIENT)
time.sleep(10)
resp = self.retention.get_retention_executions(
retention_id, **TestProjects.USER_RA_CLIENT)
self.assertTrue(len(resp) > 0)
execution = resp[0]
resp = self.retention.get_retention_exec_tasks(
retention_id, execution.id, **TestProjects.USER_RA_CLIENT)
self.assertEqual(len(resp), 4)
resp = self.retention.get_retention_exec_task_log(
retention_id, execution.id, resp[0].id,
**TestProjects.USER_RA_CLIENT)
#For Debug:
print("Task 0 log begin:-----------------------------")
i = 0
for line in resp.split("\n"):
print("Line" + str(i) + ": " + line)
i = i + 1
print("Task 0 log end:-----------------------------")
# Real run
self.retention.trigger_retention_policy(retention_id,
dry_run=False,
**TestProjects.USER_RA_CLIENT)
time.sleep(10)
resp = self.retention.get_retention_executions(
retention_id, **TestProjects.USER_RA_CLIENT)
self.assertTrue(len(resp) > 1)
execution = resp[0]
resp = self.retention.get_retention_exec_tasks(
retention_id, execution.id, **TestProjects.USER_RA_CLIENT)
self.assertEqual(len(resp), 4)
resp = self.retention.get_retention_exec_task_log(
retention_id, execution.id, resp[0].id,
**TestProjects.USER_RA_CLIENT)
print(resp)
#List artifacts successfully, and untagged artifact in test1 should be the only one retained;
artifacts_1 = self.artifact.list_artifacts(
TestProjects.project_src_repo_name, self.repo_name_1,
**TestProjects.USER_RA_CLIENT)
self.assertTrue(len(artifacts_1) == 1)
self.assertEqual(artifacts_1[0].digest,
tag_data_artifact3_image1.digest)
#List artifacts successfully, and artifact with latest tag in test2 should be the only one retained;
artifacts_2 = self.artifact.list_artifacts(
TestProjects.project_src_repo_name, self.repo_name_2,
**TestProjects.USER_RA_CLIENT)
self.assertTrue(len(artifacts_2) == 1)
self.assertEqual(artifacts_2[0].digest,
tag_data_artifact2_image2.digest)
class TestProjects(unittest.TestCase):
@classmethod
def setUp(self):
self.system = System()
self.project = Project()
self.user = User()
self.repo = Repository()
self.artifact = Artifact()
self.repo_name = "test_repo"
self.repo_name_untag = "test_untag"
self.tag = "v1.0"
@classmethod
def tearDown(self):
print("Case completed")
@unittest.skipIf(TEARDOWN == True, "Test data won't be erased.")
def test_ClearData(self):
#2. Delete project(PA);
self.project.delete_project(TestProjects.project_gc_id, **TestProjects.USER_GC_CLIENT)
#3. Delete user(UA);
self.user.delete_user(TestProjects.user_gc_id, **ADMIN_CLIENT)
def testGarbageCollection(self):
"""
Test case:
Garbage Collection
Test step and expected result:
1. Create a new user(UA);
2. Create project(PA) and project(PB) by user(UA);
3. Push a image in project(PA) and then delete repository by admin;
4. Get repository by user(UA), it should get nothing;
5. Tigger garbage collection operation;
6. Check garbage collection job was finished;
7. Get garbage collection log, check there is a number of files was deleted;
8. Push a image in project(PB) by admin and delete the only tag;
9. Tigger garbage collection operation;
10. Check garbage collection job was finished;
11. Repository with untag image should be still there;
12. But no any artifact in repository anymore.
Tear down:
1. Delete project(PA);
2. Delete user(UA).
"""
url = ADMIN_CLIENT["endpoint"]
admin_name = ADMIN_CLIENT["username"]
admin_password = ADMIN_CLIENT["password"]
user_gc_password = "******"
#1. Create a new user(UA);
TestProjects.user_gc_id, user_gc_name = self.user.create_user(user_password = user_gc_password, **ADMIN_CLIENT)
TestProjects.USER_GC_CLIENT=dict(endpoint = url, username = user_gc_name, password = user_gc_password)
#2. Create project(PA) and project(PB) by user(UA);
TestProjects.project_gc_id, TestProjects.project_gc_name = self.project.create_project(metadata = {"public": "false"}, **TestProjects.USER_GC_CLIENT)
TestProjects.project_gc_untag_id, TestProjects.project_gc_untag_name = self.project.create_project(metadata = {"public": "false"}, **TestProjects.USER_GC_CLIENT)
#3. Push a image in project(PA) and then delete repository by admin;
push_special_image_to_project(TestProjects.project_gc_name, harbor_server, admin_name, admin_password, self.repo_name, ["latest", "v1.2.3"])
self.repo.delete_repoitory(TestProjects.project_gc_name, self.repo_name, **TestProjects.USER_GC_CLIENT)
#4. Get repository by user(UA), it should get nothing;
repo_data = self.repo.list_repositories(TestProjects.project_gc_name, **TestProjects.USER_GC_CLIENT)
_assert_status_code(len(repo_data), 0)
#8. Push a image in project(PB) by admin and delete the only tag;
push_special_image_to_project(TestProjects.project_gc_untag_name, harbor_server, admin_name, admin_password, self.repo_name_untag, [self.tag])
self.artifact.delete_tag(TestProjects.project_gc_untag_name, self.repo_name_untag, self.tag, self.tag, **ADMIN_CLIENT)
#5. Tigger garbage collection operation;
gc_id = self.system.gc_now(**ADMIN_CLIENT)
#6. Check garbage collection job was finished;
self.system.validate_gc_job_status(gc_id, "finished", **ADMIN_CLIENT)
#7. Get garbage collection log, check there is a number of files was deleted;
self.system.validate_deletion_success(gc_id, **ADMIN_CLIENT)
artifacts = self.artifact.list_artifacts(TestProjects.project_gc_untag_name, self.repo_name_untag, **TestProjects.USER_GC_CLIENT)
_assert_status_code(len(artifacts), 1)
time.sleep(5)
#9. Tigger garbage collection operation;
gc_id = self.system.gc_now(is_delete_untagged=True, **ADMIN_CLIENT)
#10. Check garbage collection job was finished;
self.system.validate_gc_job_status(gc_id, "finished", **ADMIN_CLIENT)
#7. Get garbage collection log, check there is a number of files was deleted;
self.system.validate_deletion_success(gc_id, **ADMIN_CLIENT)
#11. Repository with untag image should be still there;
repo_data_untag = self.repo.list_repositories(TestProjects.project_gc_untag_name, **TestProjects.USER_GC_CLIENT)
_assert_status_code(len(repo_data_untag), 1)
self.assertEqual(TestProjects.project_gc_untag_name + "/" + self.repo_name_untag , repo_data_untag[0].name)
#12. But no any artifact in repository anymore.
artifacts = self.artifact.list_artifacts(TestProjects.project_gc_untag_name, self.repo_name_untag, **TestProjects.USER_GC_CLIENT)
self.assertEqual(artifacts,[])
class TestProjects(unittest.TestCase):
@classmethod
def setUpClass(self):
self.project = Project()
self.user = User()
self.artifact = Artifact()
self.repo = Repository()
self.url = ADMIN_CLIENT["endpoint"]
self.user_push_index_password = "******"
self.index_name = "ci_test_index"
self.index_tag = "test_tag"
self.image_a = "alpine"
self.image_b = "busybox"
@classmethod
def tearDownClass(self):
print("Case completed")
@unittest.skipIf(TEARDOWN == False, "Test data won't be erased.")
def test_ClearData(self):
#1. Delete repository(RA,RB,IA) by user(UA);
self.repo.delete_repoitory(TestProjects.project_push_index_name,
self.index_name, **TestProjects.USER_CLIENT)
self.repo.delete_repoitory(TestProjects.project_push_index_name,
self.image_a, **TestProjects.USER_CLIENT)
self.repo.delete_repoitory(TestProjects.project_push_index_name,
self.image_b, **TestProjects.USER_CLIENT)
#2. Delete project(PA);
self.project.delete_project(TestProjects.project_push_index_id,
**TestProjects.USER_CLIENT)
#3. Delete user(UA).
self.user.delete_user(TestProjects.user_id, **ADMIN_CLIENT)
def testAddIndexByDockerManifest(self):
"""
Test case:
Push Index By Docker Manifest
Test step and expected result:
1. Create a new user(UA);
2. Create a new project(PA) by user(UA);
3. Create 2 new repositorys(RA,RB) in project(PA) by user(UA);
4. Push an index(IA) to Harbor by docker manifest CLI successfully;
5. Get Artifacts successfully;
6. Get index(IA) by reference successfully;
7. Verify harbor index is index(IA) pushed by docker manifest CLI;
8.1 Verify harbor index(IA) can be pulled by docker CLI successfully;
8.2 Verify harbor index(IA) can be pulled by docker CLI successfully;
9. Get addition successfully;
10. Unable to Delete artifact in manifest list;
11. Delete index successfully.
Tear down:
1. Delete repository(RA,RB,IA) by user(UA);
2. Delete project(PA);
3. Delete user(UA).
"""
#1. Create a new user(UA);
TestProjects.user_id, user_name = self.user.create_user(
user_password=self.user_push_index_password, **ADMIN_CLIENT)
TestProjects.USER_CLIENT = dict(endpoint=self.url,
username=user_name,
password=self.user_push_index_password)
#2. Create a new project(PA) by user(UA);
TestProjects.project_push_index_id, TestProjects.project_push_index_name = self.project.create_project(
metadata={"public": "false"}, **TestProjects.USER_CLIENT)
#3. Create 2 new repositorys(RA,RB) in project(PA) by user(UA);
repo_name_a, tag_a = push_image_to_project(
TestProjects.project_push_index_name, harbor_server, 'admin',
'Harbor12345', self.image_a, "latest")
repo_name_b, tag_b = push_image_to_project(
TestProjects.project_push_index_name, harbor_server, 'admin',
'Harbor12345', self.image_b, "latest")
#4. Push an index(IA) to Harbor by docker manifest CLI successfully;
manifests = [
harbor_server + "/" + repo_name_a + ":" + tag_a,
harbor_server + "/" + repo_name_b + ":" + tag_b
]
index = harbor_server + "/" + TestProjects.project_push_index_name + "/" + self.index_name + ":" + self.index_tag
index_sha256_cli_ret, manifests_sha256_cli_ret = library.docker_api.docker_manifest_push_to_harbor(
index, manifests, harbor_server, user_name,
self.user_push_index_password)
#5. Get Artifacts successfully;
artifacts = self.artifact.list_artifacts(
TestProjects.project_push_index_name, self.index_name,
**TestProjects.USER_CLIENT)
artifacts_ref_child_list = [
artifacts[0].references[1].child_digest,
artifacts[0].references[0].child_digest
]
self.assertEqual(
artifacts_ref_child_list.count(manifests_sha256_cli_ret[0]), 1)
self.assertEqual(
artifacts_ref_child_list.count(manifests_sha256_cli_ret[1]), 1)
#6. Get index(IA) by reference successfully;
index_data = self.artifact.get_reference_info(
TestProjects.project_push_index_name, self.index_name,
self.index_tag, **TestProjects.USER_CLIENT)
manifests_sha256_harbor_ret = [
index_data[0].references[1].child_digest,
index_data[0].references[0].child_digest
]
#7. Verify harbor index is index(IA) pushed by docker manifest CLI;
self.assertEqual(index_data[0].digest, index_sha256_cli_ret)
self.assertEqual(
manifests_sha256_harbor_ret.count(manifests_sha256_cli_ret[0]), 1)
self.assertEqual(
manifests_sha256_harbor_ret.count(manifests_sha256_cli_ret[1]), 1)
#8.1 Verify harbor index(IA) can be pulled by docker CLI successfully;
pull_harbor_image(
harbor_server, user_name, self.user_push_index_password,
TestProjects.project_push_index_name + "/" + self.index_name,
self.index_tag)
#8.2 Verify harbor index(IA) can be pulled by ctr successfully;
oci_ref = harbor_server + "/" + TestProjects.project_push_index_name + "/" + self.index_name + ":" + self.index_tag
library.containerd.ctr_images_pull(user_name,
self.user_push_index_password,
oci_ref)
library.containerd.ctr_images_list(oci_ref=oci_ref)
#9. Get addition successfully;
addition_v = self.artifact.get_addition(
TestProjects.project_push_index_name, self.index_name,
self.index_tag, "vulnerabilities", **TestProjects.USER_CLIENT)
self.assertEqual(addition_v[0], '{}')
#This artifact has no build history
addition_v = self.artifact.get_addition(
TestProjects.project_push_index_name, self.index_name,
manifests_sha256_cli_ret[0], "vulnerabilities",
**TestProjects.USER_CLIENT)
self.assertEqual(addition_v[0], '{}')
addition_b = self.artifact.get_addition(
TestProjects.project_push_index_name, self.index_name,
manifests_sha256_cli_ret[0], "build_history",
**TestProjects.USER_CLIENT)
self.assertIn("ADD file:", addition_b[0])
image_data = self.artifact.get_reference_info(
TestProjects.project_push_index_name, self.index_name,
manifests_sha256_cli_ret[0], **TestProjects.USER_CLIENT)
addition_v = self.artifact.get_addition(
TestProjects.project_push_index_name, self.index_name,
manifests_sha256_cli_ret[1], "vulnerabilities",
**TestProjects.USER_CLIENT)
self.assertEqual(addition_v[0], '{}')
addition_b = self.artifact.get_addition(
TestProjects.project_push_index_name, self.index_name,
manifests_sha256_cli_ret[1], "build_history",
**TestProjects.USER_CLIENT)
self.assertIn("ADD file:", addition_b[0])
image_data = self.artifact.get_reference_info(
TestProjects.project_push_index_name, self.index_name,
manifests_sha256_cli_ret[0], **TestProjects.USER_CLIENT)
#10. Unable to Delete artifact in manifest list;
self.artifact.delete_artifact(TestProjects.project_push_index_name,
self.index_name,
manifests_sha256_cli_ret[0],
expect_status_code=412,
**TestProjects.USER_CLIENT)
#11. Delete index successfully.
self.artifact.delete_artifact(TestProjects.project_push_index_name,
self.index_name, self.index_tag,
**TestProjects.USER_CLIENT)
class TestProjects(unittest.TestCase):
@classmethod
def setUpClass(self):
self.project= Project()
self.user= User()
self.artifact = Artifact()
self.repo= Repository()
self.url = ADMIN_CLIENT["endpoint"]
self.user_push_chart_password = "******"
self.chart_file = "https://storage.googleapis.com/harbor-builds/helm-chart-test-files/harbor-0.2.0.tgz"
self.archive = "harbor/"
self.verion = "0.2.0"
self.repo_name = "harbor_api_test"
@classmethod
def tearDownClass(self):
print "Case completed"
@unittest.skipIf(TEARDOWN == False, "Test data won't be erased.")
def test_ClearData(self):
#1. Delete repository chart(CA) by user(UA);
self.repo.delete_repoitory(TestProjects.project_push_chart_name, self.repo_name, **TestProjects.USER_CLIENT)
#2. Delete project(PA);
self.project.delete_project(TestProjects.project_push_chart_id, **TestProjects.USER_CLIENT)
#3. Delete user(UA).
self.user.delete_user(TestProjects.user_id, **ADMIN_CLIENT)
def testPushChartByHelmChartCLI(self):
"""
Test case:
Push Chart File By Helm Chart CLI
Test step and expected result:
1. Create a new user(UA);
2. Create a new project(PA) by user(UA);
3. Push an chart(CA) to Harbor by helm3 registry/chart CLI successfully;
4. List artifacts successfully;
5. Get chart(CA) by reference successfully;
6. Get addtion successfully;
7. Delete chart by reference successfully.
Tear down:
1. Delete repository chart(CA) by user(UA);
2. Delete project(PA);
3. Delete user(UA).
"""
#1. Create a new user(UA);
TestProjects.user_id, user_name = self.user.create_user(user_password = self.user_push_chart_password, **ADMIN_CLIENT)
TestProjects.USER_CLIENT=dict(endpoint = self.url, username = user_name, password = self.user_push_chart_password)
#2. Create a new project(PA) by user(UA);
TestProjects.project_push_chart_id, TestProjects.project_push_chart_name = self.project.create_project(metadata = {"public": "false"}, **TestProjects.USER_CLIENT)
#3. Push an chart(CA) to Harbor by helm3 registry/chart CLI successfully;
chart_cli_ret = library.helm.helm_chart_push_to_harbor(self.chart_file, self.archive, harbor_server, TestProjects.project_push_chart_name, self.repo_name, self.verion, user_name, self.user_push_chart_password)
print "chart_cli_ret:", chart_cli_ret
#4. List artifacts successfully;
artifacts = self.artifact.list_artifacts(TestProjects.project_push_chart_name, self.repo_name, **TestProjects.USER_CLIENT)
self.assertEqual(artifacts[0].type, 'CHART')
self.assertEqual(artifacts[0].tags[0].name, self.verion)
#5. Get chart(CA) by reference successfully;
artifact = self.artifact.get_reference_info(TestProjects.project_push_chart_name, self.repo_name, self.verion, **TestProjects.USER_CLIENT)
self.assertEqual(artifact[0].type, 'CHART')
self.assertEqual(artifact[0].tags[0].name, self.verion)
#6. Get addtion successfully;
addition_r = self.artifact.get_addition(TestProjects.project_push_chart_name, self.repo_name, self.verion, "readme.md", **TestProjects.USER_CLIENT)
self.assertIn("Helm Chart for Harbor", addition_r[0])
addition_d = self.artifact.get_addition(TestProjects.project_push_chart_name, self.repo_name, self.verion, "dependencies", **TestProjects.USER_CLIENT)
self.assertIn("https://kubernetes-charts.storage.googleapis.com", addition_d[0])
addition_v = self.artifact.get_addition(TestProjects.project_push_chart_name, self.repo_name, self.verion, "values.yaml", **TestProjects.USER_CLIENT)
self.assertIn("adminserver", addition_v[0])
#7. Delete chart by reference successfully.
self.artifact.delete_artifact(TestProjects.project_push_chart_name, self.repo_name, self.verion, **TestProjects.USER_CLIENT)
class TestSysCVEAllowlist(unittest.TestCase):
"""
Test case:
System Level CVE Allowlist
Setup:
Create user(RA)
Test Steps:
1. User(RA) reads the system level CVE allowlist and it's empty.
2. User(RA) updates the system level CVE allowlist, verify it's failed.
3. Update user(RA) to system admin
4. User(RA) updates the system level CVE allowlist, verify it's successful.
5. User(RA) reads the system level CVE allowlist, verify the CVE list is updated.
6. User(RA) updates the expiration date of system level CVE allowlist.
7. User(RA) reads the system level CVE allowlist, verify the expiration date is updated.
Tear Down:
1. Clear the system level CVE allowlist.
2. Delete User(RA)
"""
@suppress_urllib3_warning
def setUp(self):
self.user = User()
self.system = System()
user_ra_password = "******"
print("Setup: Creating user for test")
user_ra_id, user_ra_name = self.user.create_user(
user_password=user_ra_password, **ADMIN_CLIENT)
print("Created user: %s, id: %s" % (user_ra_name, user_ra_id))
self.USER_RA_CLIENT = dict(endpoint=ADMIN_CLIENT["endpoint"],
username=user_ra_name,
password=user_ra_password)
self.user_ra_id = int(user_ra_id)
@unittest.skipIf(TEARDOWN == False, "Test data won't be erased.")
def tearDown(self):
print("TearDown: Clearing the Allowlist")
self.system.set_cve_allowlist(**ADMIN_CLIENT)
print("TearDown: Deleting user: %d" % self.user_ra_id)
self.user.delete_user(self.user_ra_id, **ADMIN_CLIENT)
def testSysCVEAllowlist(self):
# 1. User(RA) reads the system level CVE allowlist and it's empty.
wl = self.system.get_cve_allowlist(**self.USER_RA_CLIENT)
self.assertEqual(
0, len(wl.items),
"The initial system level CVE allowlist is not empty: %s" %
wl.items)
# 2. User(RA) updates the system level CVE allowlist, verify it's failed.
cves = ['CVE-2019-12310']
self.system.set_cve_allowlist(None, 403, *cves, **self.USER_RA_CLIENT)
# 3. Update user(RA) to system admin
self.user.update_user_role_as_sysadmin(self.user_ra_id, True,
**ADMIN_CLIENT)
# 4. User(RA) updates the system level CVE allowlist, verify it's successful.
self.system.set_cve_allowlist(None, 200, *cves, **self.USER_RA_CLIENT)
# 5. User(RA) reads the system level CVE allowlist, verify the CVE list is updated.
expect_wl = [swagger_client.CVEAllowlistItem(cve_id='CVE-2019-12310')]
wl = self.system.get_cve_allowlist(**self.USER_RA_CLIENT)
self.assertIsNone(wl.expires_at)
self.assertEqual(expect_wl, wl.items)
# 6. User(RA) updates the expiration date of system level CVE allowlist.
exp = int(time.time()) + 3600
self.system.set_cve_allowlist(exp, 200, *cves, **self.USER_RA_CLIENT)
# 7. User(RA) reads the system level CVE allowlist, verify the expiration date is updated.
wl = self.system.get_cve_allowlist(**self.USER_RA_CLIENT)
self.assertEqual(exp, wl.expires_at)
class TestProjects(unittest.TestCase):
@classmethod
def setUpClass(self):
self.project = Project()
self.user = User()
self.artifact = Artifact(api_type='artifact')
self.repo = Repository(api_type='repository')
self.url = ADMIN_CLIENT["endpoint"]
self.user_push_chart_password = "******"
self.cnab_repo_name = "test_cnab"
@classmethod
def tearDownClass(self):
print "Case completed"
@unittest.skipIf(TEARDOWN == False, "Test data won't be erased.")
def test_ClearData(self):
#1. Delete repository(RA) by user(UA);
self.repo.delete_repoitory(TestProjects.project_push_bundle_name,
self.cnab_repo_name,
**TestProjects.USER_CLIENT)
#2. Delete project(PA);
self.project.delete_project(TestProjects.project_push_bundle_id,
**TestProjects.USER_CLIENT)
#3. Delete user(UA).
self.user.delete_user(TestProjects.user_id, **ADMIN_CLIENT)
def testPushBundleByCnab(self):
"""
Test case:
Push Bundle By Cnab
Test step and expected result:
1. Create a new user(UA);
2. Create a new project(PA) by user(UA);
3. Pull images for bundle;
4. Push bundle to harbor as repository(RA);
5. Get repository from Harbor successfully;
6. Verfiy bundle name;
7. Get artifact by sha256;
8. Verify artifact information.
Tear down:
1. Delete repository(RA) by user(UA);
2. Delete project(PA);
3. Delete user(UA).
"""
#1. Create a new user(UA);
TestProjects.user_id, user_name = self.user.create_user(
user_password=self.user_push_chart_password, **ADMIN_CLIENT)
TestProjects.USER_CLIENT = dict(endpoint=self.url,
username=user_name,
password=self.user_push_chart_password)
#2. Create a new project(PA) by user(UA);
TestProjects.project_push_bundle_id, TestProjects.project_push_bundle_name = self.project.create_project(
metadata={"public": "false"}, **TestProjects.USER_CLIENT)
#3. Pull images for bundle;
_docker_api = DockerAPI()
_docker_api.docker_image_pull("hello-world", tag="latest")
_docker_api.docker_image_pull("busybox", tag="latest")
#4. Push bundle to harbor as repository(RA);
target = harbor_server + "/" + TestProjects.project_push_bundle_name + "/" + self.cnab_repo_name
reference_sha256 = library.cnab.push_cnab_bundle(
harbor_server, user_name, self.user_push_chart_password,
"hello-world:latest", "busybox:latest", target)
#5. Get repository from Harbor successfully;
index_data = self.repo.get_repository(
TestProjects.project_push_bundle_name, self.cnab_repo_name,
**TestProjects.USER_CLIENT)
print "index_data:", index_data
#6. Verfiy bundle name;
self.assertEqual(
index_data.name,
TestProjects.project_push_bundle_name + "/" + self.cnab_repo_name)
#7. Get artifact by sha256;
artifact = self.artifact.get_reference_info(
TestProjects.project_push_bundle_name, self.cnab_repo_name,
reference_sha256, **TestProjects.USER_CLIENT)
#8. Verify artifact information;
self.assertEqual(artifact[0].type, 'CNAB')
self.assertEqual(artifact[0].digest, reference_sha256)
class TestProjects(unittest.TestCase):
@classmethod
def setUp(self):
self.project = Project()
self.user = User()
self.repo = Repository()
@classmethod
def tearDown(self):
print "Case completed"
@unittest.skipIf(TEARDOWN == True, "Test data won't be erased.")
def test_ClearData(self):
#1. Delete repository(RA) by user(UA);
self.repo.delete_repoitory(TestProjects.repo_name,
**TestProjects.USER_SCAN_IMAGE_CLIENT)
#2. Delete project(PA);
self.project.delete_project(TestProjects.project_scan_image_id,
**TestProjects.USER_SCAN_IMAGE_CLIENT)
#3. Delete user(UA);
self.user.delete_user(TestProjects.user_scan_image_id, **ADMIN_CLIENT)
def testScanImage(self):
"""
Test case:
Scan A Image
Test step and expected result:
1. Create a new user(UA);
2. Create a new private project(PA) by user(UA);
3. Add user(UA) as a member of project(PA) with project-admin role;
4. Get private project of user(UA), user(UA) can see only one private project which is project(PA);
5. Create a new repository(RA) and tag(TA) in project(PA) by user(UA);
6. Send scan image command and get tag(TA) information to check scan result, it should be finished;
Tear down:
1. Delete repository(RA) by user(UA);
2. Delete project(PA);
3. Delete user(UA);
"""
url = ADMIN_CLIENT["endpoint"]
user_001_password = "******"
#1. Create user-001
TestProjects.user_scan_image_id, user_scan_image_name = self.user.create_user(
user_password=user_001_password, **ADMIN_CLIENT)
TestProjects.USER_SCAN_IMAGE_CLIENT = dict(
endpoint=url,
username=user_scan_image_name,
password=user_001_password)
#2. Create a new private project(PA) by user(UA);
TestProjects.project_scan_image_id, project_scan_image_name = self.project.create_project(
metadata={"public": "false"}, **ADMIN_CLIENT)
#3. Add user(UA) as a member of project(PA) with project-admin role;
self.project.add_project_members(TestProjects.project_scan_image_id,
TestProjects.user_scan_image_id,
**ADMIN_CLIENT)
#4. Get private project of user(UA), user(UA) can see only one private project which is project(PA);
self.project.projects_should_exist(
dict(public=False),
expected_count=1,
expected_project_id=TestProjects.project_scan_image_id,
**TestProjects.USER_SCAN_IMAGE_CLIENT)
#Note: Please make sure that this Image has never been pulled before by any other cases,
# so it is a not-scanned image right after repository creation.
#image = "tomcat"
image = "docker"
src_tag = "1.13"
#5. Create a new repository(RA) and tag(TA) in project(PA) by user(UA);
TestProjects.repo_name, tag = push_image_to_project(
project_scan_image_name, harbor_server, user_scan_image_name,
user_001_password, image, src_tag)
#6. Send scan image command and get tag(TA) information to check scan result, it should be finished;
self.repo.scan_image(TestProjects.repo_name, tag,
**TestProjects.USER_SCAN_IMAGE_CLIENT)
self.repo.check_image_scan_result(
TestProjects.repo_name, tag, **TestProjects.USER_SCAN_IMAGE_CLIENT)
class TestRobotAccount(unittest.TestCase):
@suppress_urllib3_warning
def setUp(self):
self.project = Project()
self.user = User()
self.repo = Repository()
self.artifact = Artifact()
self.robot = Robot()
self.scan = Scan()
self.label = Label()
self.chart = Chart()
TestRobotAccount.url = ADMIN_CLIENT["endpoint"]
TestRobotAccount.user_ra_password = "******"
print("setup")
@unittest.skipIf(TEARDOWN == True, "Test data won't be erased.")
def do_01_tearDown(self):
#1. Delete repository(RA) by user(UA);
self.repo.delete_repoitory(self.project_ra_name_a,
self.repo_name_in_project_a.split('/')[1],
**self.USER_RA_CLIENT)
self.repo.delete_repoitory(self.project_ra_name_b,
self.repo_name_in_project_b.split('/')[1],
**self.USER_RA_CLIENT)
self.repo.delete_repoitory(self.project_ra_name_c,
self.repo_name_in_project_c.split('/')[1],
**self.USER_RA_CLIENT)
self.repo.delete_repoitory(self.project_ra_name_a,
self.repo_name_pa.split('/')[1],
**self.USER_RA_CLIENT)
#2. Delete project(PA);
self.project.delete_project(self.project_ra_id_a,
**self.USER_RA_CLIENT)
self.project.delete_project(self.project_ra_id_b,
**self.USER_RA_CLIENT)
self.project.delete_project(self.project_ra_id_c,
**self.USER_RA_CLIENT)
#3. Delete user(UA).
self.user.delete_user(self.user_ra_id, **ADMIN_CLIENT)
def test_01_ProjectlevelRobotAccount(self):
"""
Test case:
Robot Account
Test step and expected result:
1. Create user(UA);
2. Create private project(PA), private project(PB) and public project(PC) by user(UA);
3. Push image(ImagePA) to project(PA), image(ImagePB) to project(PB) and image(ImagePC) to project(PC) by user(UA);
4. Create a new robot account(RA) with pull and push privilige in project(PA) by user(UA);
5. Check robot account info, it should has both pull and push priviliges;
6. Pull image(ImagePA) from project(PA) by robot account(RA), it must be successful;
7. Push image(ImageRA) to project(PA) by robot account(RA), it must be successful;
8. Push image(ImageRA) to project(PB) by robot account(RA), it must be not successful;
9. Pull image(ImagePB) from project(PB) by robot account(RA), it must be not successful;
10. Pull image from project(PC), it must be successful;
11. Push image(ImageRA) to project(PC) by robot account(RA), it must be not successful;
12. Update action property of robot account(RA);
13. Pull image(ImagePA) from project(PA) by robot account(RA), it must be not successful;
14. Push image(ImageRA) to project(PA) by robot account(RA), it must be not successful;
15. Delete robot account(RA), it must be not successful.
Tear down:
1. Delete repository(RA) by user(UA);
2. Delete project(PA);
3. Delete user(UA).
"""
image_project_a = "haproxy"
image_project_b = "hello-world"
image_project_c = "httpd"
image_robot_account = "alpine"
tag = "latest"
#1. Create user(UA);"
self.user_ra_id, user_ra_name = self.user.create_user(
user_password=TestRobotAccount.user_ra_password, **ADMIN_CLIENT)
self.USER_RA_CLIENT = dict(endpoint=TestRobotAccount.url,
username=user_ra_name,
password=TestRobotAccount.user_ra_password)
#2. Create private project(PA), private project(PB) and public project(PC) by user(UA);
self.project_ra_id_a, self.project_ra_name_a = self.project.create_project(
metadata={"public": "false"}, **self.USER_RA_CLIENT)
self.project_ra_id_b, self.project_ra_name_b = self.project.create_project(
metadata={"public": "false"}, **self.USER_RA_CLIENT)
self.project_ra_id_c, self.project_ra_name_c = self.project.create_project(
metadata={"public": "true"}, **self.USER_RA_CLIENT)
#3. Push image(ImagePA) to project(PA), image(ImagePB) to project(PB) and image(ImagePC) to project(PC) by user(UA);
self.repo_name_in_project_a, tag_a = push_self_build_image_to_project(
self.project_ra_name_a, harbor_server, user_ra_name,
TestRobotAccount.user_ra_password, image_project_a, tag)
self.repo_name_in_project_b, tag_b = push_self_build_image_to_project(
self.project_ra_name_b, harbor_server, user_ra_name,
TestRobotAccount.user_ra_password, image_project_b, tag)
self.repo_name_in_project_c, tag_c = push_self_build_image_to_project(
self.project_ra_name_c, harbor_server, user_ra_name,
TestRobotAccount.user_ra_password, image_project_c, tag)
#4. Create a new robot account(RA) with pull and push privilege in project(PA) by user(UA);
robot_id, robot_account = self.robot.create_project_robot(
self.project_ra_name_a, 30, **self.USER_RA_CLIENT)
#5. Check robot account info, it should has both pull and push privilege;
data = self.robot.get_robot_account_by_id(robot_id,
**self.USER_RA_CLIENT)
_assert_status_code(robot_account.name, data.name)
#6. Pull image(ImagePA) from project(PA) by robot account(RA), it must be successful;
pull_harbor_image(harbor_server, robot_account.name,
robot_account.secret, self.repo_name_in_project_a,
tag_a)
#7. Push image(ImageRA) to project(PA) by robot account(RA), it must be successful;
self.repo_name_pa, _ = push_self_build_image_to_project(
self.project_ra_name_a, harbor_server, robot_account.name,
robot_account.secret, image_robot_account, tag)
#8. Push image(ImageRA) to project(PB) by robot account(RA), it must be not successful;
push_self_build_image_to_project(
self.project_ra_name_b,
harbor_server,
robot_account.name,
robot_account.secret,
image_robot_account,
tag,
expected_error_message="unauthorized to access repository")
#9. Pull image(ImagePB) from project(PB) by robot account(RA), it must be not successful;
pull_harbor_image(
harbor_server,
robot_account.name,
robot_account.secret,
self.repo_name_in_project_b,
tag_b,
expected_error_message="unauthorized to access repository")
#10. Pull image from project(PC), it must be successful;
pull_harbor_image(harbor_server, robot_account.name,
robot_account.secret, self.repo_name_in_project_c,
tag_c)
#11. Push image(ImageRA) to project(PC) by robot account(RA), it must be not successful;
push_self_build_image_to_project(
self.project_ra_name_c,
harbor_server,
robot_account.name,
robot_account.secret,
image_robot_account,
tag,
expected_error_message="unauthorized to access repository")
#12. Update action property of robot account(RA);"
self.robot.disable_robot_account(robot_id, True, **self.USER_RA_CLIENT)
#13. Pull image(ImagePA) from project(PA) by robot account(RA), it must be not successful;
pull_harbor_image(
harbor_server,
robot_account.name,
robot_account.secret,
self.repo_name_in_project_a,
tag_a,
expected_login_error_message="unauthorized: authentication required"
)
#14. Push image(ImageRA) to project(PA) by robot account(RA), it must be not successful;
push_self_build_image_to_project(
self.project_ra_name_a,
harbor_server,
robot_account.name,
robot_account.secret,
image_robot_account,
tag,
expected_login_error_message="unauthorized: authentication required"
)
#15. Delete robot account(RA), it must be not successful.
self.robot.delete_robot_account(robot_id, **self.USER_RA_CLIENT)
self.do_01_tearDown()
def verify_repository_pushable(self, project_access_list,
system_ra_client):
for project_access in project_access_list:
print(r"project_access:", project_access)
if project_access["check_list"][1]: #---repository:push---
repo = push_self_build_image_to_project(
project_access["project_name"], harbor_server,
system_ra_client["username"], system_ra_client["password"],
"test_pushable" + base._random_name("repo"),
"v6.8.1" + base._random_name("tag"))
else:
push_self_build_image_to_project(
project_access["project_name"],
harbor_server,
system_ra_client["username"],
system_ra_client["password"],
"test_unpushable" + base._random_name("repo"),
"v6.8.1" + base._random_name("tag"),
expected_error_message="unauthorized to access repository")
def verify_repository_unpushable(
self,
project_access_list,
system_ra_client,
expected_login_error_message="unauthorized: authentication required"
):
for project_access in project_access_list: #---repository:push---
push_self_build_image_to_project(
project_access["project_name"],
harbor_server,
system_ra_client["username"],
system_ra_client["password"],
"test_unpushable" + base._random_name("repo"),
"v6.8.1" + base._random_name("tag"),
expected_login_error_message=expected_login_error_message)
def test_02_SystemlevelRobotAccount(self):
"""
Test case:
Robot Account
Test step and expected result:
1. Define a number of access lists;
2. Create the same number of private projects;
3. Create a system robot account has permission for those projects;
4. Verify the system robot account has the corresponding rights;
5. Disable the system robot account;
6. Verify the system robot account has no the corresponding rights;
7. Enable the system robot account;
8. Verify the system robot account has the corresponding rights;
9. Refresh secret for the system robot account;
10. Verify the system robot account has no the corresponding right with the old secret already;
11. Verify the system robot account still has the corresponding right with the new secret;
12. List system robot account, then add a new project to the system robot account project permission list;
13. Delete this project;
14. List system robot account successfully;
15. Delete the system robot account;
16. Verify the system robot account has no the corresponding right;
17. Add a system robot account with all project coverd;
18. Verify the system robot account has no the corresponding right;
"""
#1. Define a number of access lists;
CHART_FILE_LIST = [
dict(name='prometheus', version='7.0.2'),
dict(name='harbor', version='0.2.0')
]
for i in range(2):
base.run_command([
"curl", r"-o", "./tests/apitests/python/{}-{}.tgz".format(
CHART_FILE_LIST[i]["name"], CHART_FILE_LIST[i]["version"]),
"https://storage.googleapis.com/harbor-builds/helm-chart-test-files/{}-{}.tgz"
.format(CHART_FILE_LIST[i]["name"],
CHART_FILE_LIST[i]["version"])
])
#Make sure that whether 'True' or 'False' must be included in each line or row.
check_list = [
[True, True, True, True, True, True, False, True, False, True],
[False, False, False, False, True, True, False, True, True, False],
[True, False, True, False, True, False, True, False, True, True],
[False, False, False, True, False, True, False, True, True, False]
]
access_list_list = []
for i in range(len(check_list)):
access_list_list.append(
self.robot.create_access_list(check_list[i]))
#2. Create the same number of private projects;
robot_account_Permissions_list = []
project_access_list = []
for i in range(len(check_list)):
with created_user(TestRobotAccount.user_ra_password,
_teardown=False) as (user_id, username):
with created_project(metadata={"public": "false"},
user_id=user_id,
_teardown=False) as (project_id,
project_name):
project_access_list.append(
dict(project_name=project_name,
project_id=project_id,
check_list=check_list[i]))
robot_account_Permissions = v2_swagger_client.Permission(
kind="project",
namespace=project_name,
access=access_list_list[i])
robot_account_Permissions_list.append(
robot_account_Permissions)
#3. Create a system robot account has permission for those projects;
system_robot_account_id, system_robot_account = self.robot.create_system_robot(
robot_account_Permissions_list, 300)
print("system_robot_account:", system_robot_account)
SYSTEM_RA_CLIENT = dict(endpoint=TestRobotAccount.url,
username=system_robot_account.name,
password=system_robot_account.secret)
SYSTEM_RA_CHART_CLIENT = dict(endpoint=CHART_API_CLIENT["endpoint"],
username=SYSTEM_RA_CLIENT["username"],
password=SYSTEM_RA_CLIENT["password"])
#4. Verify the system robot account has the corresponding rights;
for project_access in project_access_list:
print(r"project_access:", project_access)
if project_access["check_list"][1]: #---repository:push---
repo = push_self_build_image_to_project(
project_access["project_name"], harbor_server,
SYSTEM_RA_CLIENT["username"], SYSTEM_RA_CLIENT["password"],
"test_pushable", "v6.8.1")
else:
push_self_build_image_to_project(
project_access["project_name"],
harbor_server,
SYSTEM_RA_CLIENT["username"],
SYSTEM_RA_CLIENT["password"],
"test_unpushable",
"v6.8.1",
expected_error_message="unauthorized to access repository")
tag_for_del = "v1.0.0"
repo_name, tag = push_self_build_image_to_project(
project_access["project_name"], harbor_server,
ADMIN_CLIENT["username"], ADMIN_CLIENT["password"],
"test_del_artifact", tag_for_del)
if project_access["check_list"][0]: #---repository:pull---
pull_harbor_image(harbor_server, SYSTEM_RA_CLIENT["username"],
SYSTEM_RA_CLIENT["password"], repo_name,
tag_for_del)
else:
pull_harbor_image(
harbor_server,
SYSTEM_RA_CLIENT["username"],
SYSTEM_RA_CLIENT["password"],
repo_name,
tag_for_del,
expected_error_message=
"action: pull: unauthorized to access repository")
if project_access["check_list"][2]: #---artifact:delete---
self.artifact.delete_artifact(project_access["project_name"],
repo_name.split('/')[1],
tag_for_del, **SYSTEM_RA_CLIENT)
else:
self.artifact.delete_artifact(project_access["project_name"],
repo_name.split('/')[1],
tag_for_del,
expect_status_code=403,
**SYSTEM_RA_CLIENT)
#Prepare for chart read and delete
self.chart.upload_chart(
project_access["project_name"],
r'./tests/apitests/python/{}-{}.tgz'.format(
CHART_FILE_LIST[1]["name"],
CHART_FILE_LIST[1]["version"]), **CHART_API_CLIENT)
if project_access["check_list"][3]: #---helm-chart:read---
library.helm.helm2_fetch_chart_file(
"chart_repo_" + base._random_name("repo"), harbor_url,
project_access["project_name"],
SYSTEM_RA_CLIENT["username"], SYSTEM_RA_CLIENT["password"],
CHART_FILE_LIST[1]["name"])
else:
library.helm.helm2_fetch_chart_file(
"chart_repo_" + base._random_name("repo"),
harbor_url,
project_access["project_name"],
SYSTEM_RA_CLIENT["username"],
SYSTEM_RA_CLIENT["password"],
CHART_FILE_LIST[1]["name"],
expected_add_repo_error_message="403 Forbidden")
if project_access["check_list"][
4]: #---helm-chart-version:create---
self.chart.upload_chart(
project_access["project_name"],
r'./tests/apitests/python/{}-{}.tgz'.format(
CHART_FILE_LIST[0]["name"],
CHART_FILE_LIST[0]["version"]),
**SYSTEM_RA_CHART_CLIENT)
else:
self.chart.upload_chart(
project_access["project_name"],
r'./tests/apitests/python/{}-{}.tgz'.format(
CHART_FILE_LIST[0]["name"],
CHART_FILE_LIST[0]["version"]),
expect_status_code=403,
**SYSTEM_RA_CHART_CLIENT)
if project_access["check_list"][
5]: #---helm-chart-version:delete---
self.chart.delete_chart_with_version(
project_access["project_name"], CHART_FILE_LIST[1]["name"],
CHART_FILE_LIST[1]["version"], **SYSTEM_RA_CHART_CLIENT)
else:
self.chart.delete_chart_with_version(
project_access["project_name"],
CHART_FILE_LIST[1]["name"],
CHART_FILE_LIST[1]["version"],
expect_status_code=403,
**SYSTEM_RA_CHART_CLIENT)
repo_name, tag = push_self_build_image_to_project(
project_access["project_name"], harbor_server,
ADMIN_CLIENT["username"], ADMIN_CLIENT["password"],
"test_create_tag", "latest_1")
self.artifact.create_tag(project_access["project_name"],
repo_name.split('/')[1], tag,
"for_delete", **ADMIN_CLIENT)
if project_access["check_list"][6]: #---tag:create---
self.artifact.create_tag(project_access["project_name"],
repo_name.split('/')[1], tag, "1.0",
**SYSTEM_RA_CLIENT)
else:
self.artifact.create_tag(project_access["project_name"],
repo_name.split('/')[1],
tag,
"1.0",
expect_status_code=403,
**SYSTEM_RA_CLIENT)
if project_access["check_list"][7]: #---tag:delete---
self.artifact.delete_tag(project_access["project_name"],
repo_name.split('/')[1], tag,
"for_delete", **SYSTEM_RA_CLIENT)
else:
self.artifact.delete_tag(project_access["project_name"],
repo_name.split('/')[1],
tag,
"for_delete",
expect_status_code=403,
**SYSTEM_RA_CLIENT)
repo_name, tag = push_self_build_image_to_project(
project_access["project_name"], harbor_server,
ADMIN_CLIENT["username"], ADMIN_CLIENT["password"],
"test_create_artifact_label", "latest_1")
#Add project level label to artifact
label_id, _ = self.label.create_label(
project_id=project_access["project_id"],
scope="p",
**ADMIN_CLIENT)
if project_access["check_list"][8]: #---artifact-label:create---
self.artifact.add_label_to_reference(
project_access["project_name"],
repo_name.split('/')[1], tag, int(label_id),
**SYSTEM_RA_CLIENT)
else:
self.artifact.add_label_to_reference(
project_access["project_name"],
repo_name.split('/')[1],
tag,
int(label_id),
expect_status_code=403,
**SYSTEM_RA_CLIENT)
if project_access["check_list"][9]: #---scan:create---
self.scan.scan_artifact(project_access["project_name"],
repo_name.split('/')[1], tag,
**SYSTEM_RA_CLIENT)
else:
self.scan.scan_artifact(project_access["project_name"],
repo_name.split('/')[1],
tag,
expect_status_code=403,
**SYSTEM_RA_CLIENT)
#5. Disable the system robot account;
self.robot.update_system_robot_account(system_robot_account_id,
system_robot_account.name,
robot_account_Permissions_list,
disable=True,
**ADMIN_CLIENT)
#6. Verify the system robot account has no the corresponding rights;
self.verify_repository_unpushable(project_access_list,
SYSTEM_RA_CLIENT)
#7. Enable the system robot account;
self.robot.update_system_robot_account(system_robot_account_id,
system_robot_account.name,
robot_account_Permissions_list,
disable=False,
**ADMIN_CLIENT)
#8. Verify the system robot account has the corresponding rights;
self.verify_repository_pushable(project_access_list, SYSTEM_RA_CLIENT)
#9. Refresh secret for the system robot account;
new_secret = "new_secret_At_321"
self.robot.refresh_robot_account_secret(system_robot_account_id,
new_secret, **ADMIN_CLIENT)
#10. Verify the system robot account has no the corresponding right with the old secret already;
self.verify_repository_unpushable(project_access_list,
SYSTEM_RA_CLIENT)
#11. Verify the system robot account still has the corresponding right with the new secret;
SYSTEM_RA_CLIENT["password"] = new_secret
self.verify_repository_pushable(project_access_list, SYSTEM_RA_CLIENT)
#12. List system robot account, then add a new project to the system robot account project permission list;
self.robot.list_robot(**ADMIN_CLIENT)
project_for_del_id, project_for_del_name = self.project.create_project(
metadata={"public": "true"}, **ADMIN_CLIENT)
robot_account_Permissions = v2_swagger_client.Permission(
kind="project",
namespace=project_for_del_name,
access=access_list_list[0])
robot_account_Permissions_list.append(robot_account_Permissions)
self.robot.update_system_robot_account(system_robot_account_id,
system_robot_account.name,
robot_account_Permissions_list,
**ADMIN_CLIENT)
self.robot.list_robot(**ADMIN_CLIENT)
#13. Delete this project;
self.project.delete_project(project_for_del_id, **ADMIN_CLIENT)
#14. List system robot account successfully;
self.robot.list_robot(**ADMIN_CLIENT)
#15. Delete the system robot account;
self.robot.delete_robot_account(system_robot_account_id,
**ADMIN_CLIENT)
#16. Verify the system robot account has no the corresponding right;
self.verify_repository_unpushable(project_access_list,
SYSTEM_RA_CLIENT)
#17. Add a system robot account with all project coverd;
all_true_access_list = self.robot.create_access_list([True] * 10)
robot_account_Permissions_list = []
robot_account_Permissions = v2_swagger_client.Permission(
kind="project", namespace="*", access=all_true_access_list)
robot_account_Permissions_list.append(robot_account_Permissions)
_, system_robot_account_cover_all = self.robot.create_system_robot(
robot_account_Permissions_list, 300)
#18. Verify the system robot account has no the corresponding right;
print("system_robot_account_cover_all:",
system_robot_account_cover_all)
SYSTEM_RA_CLIENT_COVER_ALL = dict(
endpoint=TestRobotAccount.url,
username=system_robot_account_cover_all.name,
password=system_robot_account_cover_all.secret)
projects = self.project.get_projects(dict(), **ADMIN_CLIENT)
print("All projects:", projects)
project_access_list = []
for i in range(len(projects)):
project_access_list.append(
dict(project_name=projects[i].name,
project_id=projects[i].project_id,
check_list=all_true_access_list))
self.verify_repository_pushable(project_access_list,
SYSTEM_RA_CLIENT_COVER_ALL)
class TestProjects(unittest.TestCase):
@suppress_urllib3_warning
def setUp(self):
self.project = Project()
self.user = User()
self.repo = Repository()
self.robot = Robot()
@unittest.skipIf(TEARDOWN == False, "Test data won't be erased.")
def tearDown(self):
#1. Delete repository(RA) by user(UA);
self.repo.delete_repoitory(TestProjects.project_ra_name_a, TestProjects.repo_name_in_project_a.split('/')[1], **TestProjects.USER_RA_CLIENT)
self.repo.delete_repoitory(TestProjects.project_ra_name_b, TestProjects.repo_name_in_project_b.split('/')[1], **TestProjects.USER_RA_CLIENT)
self.repo.delete_repoitory(TestProjects.project_ra_name_c, TestProjects.repo_name_in_project_c.split('/')[1], **TestProjects.USER_RA_CLIENT)
self.repo.delete_repoitory(TestProjects.project_ra_name_a, TestProjects.repo_name_pa.split('/')[1], **TestProjects.USER_RA_CLIENT)
#2. Delete project(PA);
self.project.delete_project(TestProjects.project_ra_id_a, **TestProjects.USER_RA_CLIENT)
self.project.delete_project(TestProjects.project_ra_id_b, **TestProjects.USER_RA_CLIENT)
self.project.delete_project(TestProjects.project_ra_id_c, **TestProjects.USER_RA_CLIENT)
#3. Delete user(UA).
self.user.delete_user(TestProjects.user_ra_id, **ADMIN_CLIENT)
def testRobotAccount(self):
"""
Test case:
Robot Account
Test step and expected result:
1. Create user(UA);
2. Create private project(PA), private project(PB) and public project(PC) by user(UA);
3. Push image(ImagePA) to project(PA), image(ImagePB) to project(PB) and image(ImagePC) to project(PC) by user(UA);
4. Create a new robot account(RA) with pull and push privilige in project(PA) by user(UA);
5. Check robot account info, it should has both pull and push priviliges;
6. Pull image(ImagePA) from project(PA) by robot account(RA), it must be successful;
7. Push image(ImageRA) to project(PA) by robot account(RA), it must be successful;
8. Push image(ImageRA) to project(PB) by robot account(RA), it must be not successful;
9. Pull image(ImagePB) from project(PB) by robot account(RA), it must be not successful;
10. Pull image from project(PC), it must be successful;
11. Push image(ImageRA) to project(PC) by robot account(RA), it must be not successful;
12. Update action property of robot account(RA);
13. Pull image(ImagePA) from project(PA) by robot account(RA), it must be not successful;
14. Push image(ImageRA) to project(PA) by robot account(RA), it must be not successful;
15. Delete robot account(RA), it must be not successful.
Tear down:
1. Delete repository(RA) by user(UA);
2. Delete project(PA);
3. Delete user(UA).
"""
url = ADMIN_CLIENT["endpoint"]
admin_name = ADMIN_CLIENT["username"]
admin_password = ADMIN_CLIENT["password"]
user_ra_password = "******"
image_project_a = "haproxy"
image_project_b = "hello-world"
image_project_c = "httpd"
image_robot_account = "alpine"
tag = "latest"
#1. Create user(UA);"
TestProjects.user_ra_id, user_ra_name = self.user.create_user(user_password = user_ra_password, **ADMIN_CLIENT)
TestProjects.USER_RA_CLIENT=dict(endpoint = url, username = user_ra_name, password = user_ra_password)
#2. Create private project(PA), private project(PB) and public project(PC) by user(UA);
TestProjects.project_ra_id_a, TestProjects.project_ra_name_a = self.project.create_project(metadata = {"public": "false"}, **TestProjects.USER_RA_CLIENT)
TestProjects.project_ra_id_b, TestProjects.project_ra_name_b = self.project.create_project(metadata = {"public": "false"}, **TestProjects.USER_RA_CLIENT)
TestProjects.project_ra_id_c, TestProjects.project_ra_name_c = self.project.create_project(metadata = {"public": "true"}, **TestProjects.USER_RA_CLIENT)
#3. Push image(ImagePA) to project(PA), image(ImagePB) to project(PB) and image(ImagePC) to project(PC) by user(UA);
TestProjects.repo_name_in_project_a, tag_a = push_self_build_image_to_project(TestProjects.project_ra_name_a, harbor_server, user_ra_name, user_ra_password, image_project_a, tag)
TestProjects.repo_name_in_project_b, tag_b = push_self_build_image_to_project(TestProjects.project_ra_name_b, harbor_server, user_ra_name, user_ra_password, image_project_b, tag)
TestProjects.repo_name_in_project_c, tag_c = push_self_build_image_to_project(TestProjects.project_ra_name_c, harbor_server, user_ra_name, user_ra_password, image_project_c, tag)
#4. Create a new robot account(RA) with pull and push privilege in project(PA) by user(UA);
robot_id, robot_account = self.robot.create_project_robot(TestProjects.project_ra_name_a,
30 ,**TestProjects.USER_RA_CLIENT)
#5. Check robot account info, it should has both pull and push privilege;
data = self.robot.get_robot_account_by_id(robot_id, **TestProjects.USER_RA_CLIENT)
_assert_status_code(robot_account.name, data.name)
#6. Pull image(ImagePA) from project(PA) by robot account(RA), it must be successful;
pull_harbor_image(harbor_server, robot_account.name, robot_account.secret, TestProjects.repo_name_in_project_a, tag_a)
#7. Push image(ImageRA) to project(PA) by robot account(RA), it must be successful;
TestProjects.repo_name_pa, _ = push_self_build_image_to_project(TestProjects.project_ra_name_a, harbor_server, robot_account.name, robot_account.secret, image_robot_account, tag)
#8. Push image(ImageRA) to project(PB) by robot account(RA), it must be not successful;
push_self_build_image_to_project(TestProjects.project_ra_name_b, harbor_server, robot_account.name, robot_account.secret, image_robot_account, tag, expected_error_message = "unauthorized to access repository")
#9. Pull image(ImagePB) from project(PB) by robot account(RA), it must be not successful;
pull_harbor_image(harbor_server, robot_account.name, robot_account.secret, TestProjects.repo_name_in_project_b, tag_b, expected_error_message = "unauthorized to access repository")
#10. Pull image from project(PC), it must be successful;
pull_harbor_image(harbor_server, robot_account.name, robot_account.secret, TestProjects.repo_name_in_project_c, tag_c)
#11. Push image(ImageRA) to project(PC) by robot account(RA), it must be not successful;
push_self_build_image_to_project(TestProjects.project_ra_name_c, harbor_server, robot_account.name, robot_account.secret, image_robot_account, tag, expected_error_message = "unauthorized to access repository")
#12. Update action property of robot account(RA);"
self.robot.disable_robot_account(robot_id, True, **TestProjects.USER_RA_CLIENT)
#13. Pull image(ImagePA) from project(PA) by robot account(RA), it must be not successful;
pull_harbor_image(harbor_server, robot_account.name, robot_account.secret, TestProjects.repo_name_in_project_a, tag_a, expected_login_error_message = "unauthorized: authentication required")
#14. Push image(ImageRA) to project(PA) by robot account(RA), it must be not successful;
push_self_build_image_to_project(TestProjects.project_ra_name_a, harbor_server, robot_account.name, robot_account.secret, image_robot_account, tag, expected_login_error_message = "unauthorized: authentication required")
#15. Delete robot account(RA), it must be not successful.
self.robot.delete_robot_account(robot_id, **TestProjects.USER_RA_CLIENT)
class TestProjects(unittest.TestCase):
@suppress_urllib3_warning
def setUp(self):
self.project = Project()
self.user = User()
self.replication = Replication()
self.replication_v2 = ReplicationV2()
self.registry = Registry()
self.artifact = Artifact()
self.repo = Repository()
self.image = "alpine"
self.tag = "latest"
@unittest.skipIf(TEARDOWN == False, "Test data won't be erased.")
def tearDown(self):
#1. Delete rule(RA);
self.replication.delete_replication_rule(TestProjects.rule_id,
**ADMIN_CLIENT)
#2. Delete registry(TA);
self.registry.delete_registry(TestProjects.registry_id, **ADMIN_CLIENT)
#1. Delete repository(RA);
self.repo.delete_repoitory(TestProjects.project_name, self.image,
**TestProjects.USER_add_rule_CLIENT)
#3. Delete project(PA);
self.project.delete_project(TestProjects.project_add_rule_id,
**TestProjects.USER_add_rule_CLIENT)
#4. Delete user(UA);
self.user.delete_user(TestProjects.user_add_rule_id, **ADMIN_CLIENT)
def testReplicationFromDockerhub(self):
"""
Test case:
Replication From Dockerhub
Test step and expected result:
1. Create a new user(UA);
2. Create a new private project(PA) by user(UA);
3. Create a new registry;
4. Create a new rule for this registry;
5. Check rule should be exist;
6. Trigger the rule;
7. Wait for completion of this replication job;
8. Check image is replicated into target project successfully.
Tear down:
1. Delete rule(RA);
2. Delete registry(TA);
3. Delete project(PA);
4. Delete user(UA).
"""
url = ADMIN_CLIENT["endpoint"]
user_add_rule_password = "******"
#1. Create user(UA)
TestProjects.user_add_rule_id, user_add_rule_name = self.user.create_user(
user_password=user_add_rule_password, **ADMIN_CLIENT)
TestProjects.USER_add_rule_CLIENT = dict(
endpoint=url,
username=user_add_rule_name,
password=user_add_rule_password)
#2.1. Create private project(PA) by user(UA)
TestProjects.project_add_rule_id, TestProjects.project_name = self.project.create_project(
metadata={"public": "false"}, **TestProjects.USER_add_rule_CLIENT)
#2.2. Get private project of uesr-001, uesr-001 can see only one private project which is project-001
self.project.projects_should_exist(
dict(public=False),
expected_count=1,
expected_project_id=TestProjects.project_add_rule_id,
**TestProjects.USER_add_rule_CLIENT)
#3. Create a new registry;
TestProjects.registry_id, _ = self.registry.create_registry(
"https://hub.docker.com",
registry_type="docker-hub",
access_key=DOCKER_USER,
access_secret=DOCKER_PWD,
insecure=False,
**ADMIN_CLIENT)
#4. Create a pull-based rule for this registry;
TestProjects.rule_id, rule_name = self.replication.create_replication_policy(
src_registry=swagger_client.Registry(
id=int(TestProjects.registry_id)),
dest_namespace=TestProjects.project_name,
filters=[
swagger_client.ReplicationFilter(type="name",
value="library/" +
self.image),
swagger_client.ReplicationFilter(type="tag", value=self.tag)
],
**ADMIN_CLIENT)
#5. Check rule should be exist;
self.replication.check_replication_rule_should_exist(
TestProjects.rule_id, rule_name, **ADMIN_CLIENT)
#6. Trigger the rule;
self.replication_v2.trigger_replication_executions(
TestProjects.rule_id, **ADMIN_CLIENT)
#7. Wait for completion of this replication job;
self.replication_v2.wait_until_jobs_finish(TestProjects.rule_id,
interval=30,
**ADMIN_CLIENT)
#8. Check image is replicated into target project successfully.
artifact = self.artifact.get_reference_info(TestProjects.project_name,
self.image, self.tag,
**ADMIN_CLIENT)
class TestProjects(unittest.TestCase):
@suppress_urllib3_warning
def setUp(self):
self.system = System()
self.project= Project()
self.user= User()
self.artifact = Artifact()
self.repo = Repository()
@unittest.skipIf(TEARDOWN == False, "Test data won't be erased.")
def tearDown(self):
#1. Delete Alice's repository and Luca's repository;
self.repo.delete_repository(TestProjects.project_Alice_name, TestProjects.repo_a.split('/')[1], **ADMIN_CLIENT)
self.repo.delete_repository(TestProjects.project_Alice_name, TestProjects.repo_b.split('/')[1], **ADMIN_CLIENT)
self.repo.delete_repository(TestProjects.project_Alice_name, TestProjects.repo_c.split('/')[1], **ADMIN_CLIENT)
#2. Delete Alice's project and Luca's project;
self.project.delete_project(TestProjects.project_Alice_id, **ADMIN_CLIENT)
#3. Delete user Alice and Luca.
self.user.delete_user(TestProjects.user_Alice_id, **ADMIN_CLIENT)
def testRegistryAPI(self):
"""
Test case:
Catalog API to list all repositories by system admin
Test step and expected result:G
1. Create user Alice;
2. Create 1 new private projects project_Alice;
3. Push 3 images to project_Alice and Add 3 tags to the 3rd image
4. Call the image_list_tag API
5. Call the catalog API using admin account without pagination, can get all 3 images
5.1 Call the catalog API using admin account with pagination n=1, page=2, twice to get all 3 images.
5.2 Call the catalog API using Alice account, no repos should be found.
Tear down:
1. Delete Alice's repository;
2. Delete Alice's project;
3. Delete user Alice.
"""
url = ADMIN_CLIENT["endpoint"]
user_common_password = "******"
#1. Create user Alice and Luca;
TestProjects.user_Alice_id, user_Alice_name = self.user.create_user(user_password = user_common_password, **ADMIN_CLIENT)
USER_ALICE_CLIENT=dict(endpoint = url, username = user_Alice_name, password = user_common_password)
#2. Create 2 new private projects project_Alice and project_Luca;
TestProjects.project_Alice_id, TestProjects.project_Alice_name = self.project.create_project(metadata = {"public": "false"}, **USER_ALICE_CLIENT)
#3. Push 3 images to project_Alice and Add 3 tags to the 3rd image.
src_tag = "latest"
image_a = "image_a"
TestProjects.repo_a, tag_a = push_self_build_image_to_project(TestProjects.project_Alice_name, harbor_server, user_Alice_name, user_common_password, image_a, src_tag)
image_b = "image_b"
TestProjects.repo_b, tag_b = push_self_build_image_to_project(TestProjects.project_Alice_name, harbor_server, user_Alice_name, user_common_password, image_b, src_tag)
image_c = "image_c"
TestProjects.repo_c, tag_c = push_self_build_image_to_project(TestProjects.project_Alice_name, harbor_server, user_Alice_name, user_common_password, image_c, src_tag)
create_tags = ["1.0","2.0","3.0"]
for tag in create_tags:
self.artifact.create_tag(TestProjects.project_Alice_name, image_c, tag_c, tag, **USER_ALICE_CLIENT)
#4. Call the image_list_tags API
tags = list_image_tags(harbor_server,TestProjects.repo_c,user_Alice_name,user_common_password)
for tag in create_tags:
self.assertTrue(tags.count(tag)>0, "Expect tag: %s is not listed"%tag)
page_tags = list_image_tags(harbor_server,TestProjects.repo_c,user_Alice_name,user_common_password,len(tags)/2+1)
page_tags += list_image_tags(harbor_server,TestProjects.repo_c,user_Alice_name,user_common_password,len(tags)/2+1,tags[int(len(tags)/2)])
for tag in create_tags:
self.assertTrue(page_tags.count(tag)>0, "Expect tag: %s is not listed by the pagination query"%tag)
#5. Call the catalog API;
repos = list_repositories(harbor_server,admin_user,admin_pwd)
self.assertTrue(repos.count(TestProjects.repo_a)>0 and repos.count(TestProjects.repo_b)>0 and repos.count(TestProjects.repo_c)>0, "Expected repo not found")
for repo in [TestProjects.repo_a,TestProjects.repo_b,TestProjects.repo_c]:
self.assertTrue(repos.count(repo)>0,"Expected repo: %s is not listed"%repo)
page_repos = list_repositories(harbor_server,admin_user,admin_pwd,len(repos)/2+1)
page_repos += list_repositories(harbor_server,admin_user,admin_pwd,len(repos)/2+1,repos[int(len(repos)/2)])
for repo in [TestProjects.repo_a,TestProjects.repo_b,TestProjects.repo_c]:
self.assertTrue(page_repos.count(repo)>0,"Expected repo: %s is not listed by the pagination query"%repo)
null_repos = list_repositories(harbor_server,user_Alice_name,user_common_password)
self.assertEqual(null_repos, "")
class TestProjects(unittest.TestCase):
@suppress_urllib3_warning
def setUp(self):
self.project= Project()
self.user= User()
self.artifact = Artifact()
self.repo= Repository()
self.url = ADMIN_CLIENT["endpoint"]
self.user_password = "******"
self.repo_name = "hello-world"
@unittest.skipIf(TEARDOWN == False, "Test data won't be erased.")
def tearDown(self):
#1. Delete repository(RA,IA) by user(UA);
self.repo.delete_repoitory(TestProjects.project_name, self.repo_name, **TestProjects.USER_CLIENT)
#2. Delete project(PA);
self.project.delete_project(TestProjects.project_id, **TestProjects.USER_CLIENT)
#3. Delete user(UA).
self.user.delete_user(TestProjects.user_id, **ADMIN_CLIENT)
print("Case completed")
def testCreateDeleteTag(self):
"""
Test case:
Create/Delete tag
Test step and expected result:
1. Create a new user(UA);
2. Create a new project(PA) by user(UA);
3. Push an image(IA) to Harbor by docker successfully;
4. Create a tag(1.0) for the image(IA);
5. Get the image(latest) from Harbor successfully;
6. Verify the image(IA) contains tag named 1.0;
7. Delete the tag(1.0) from image(IA);
8. Get the image(IA) from Harbor successfully;
9. Verify the image(IA) contains no tag named 1.0;
Tear down:
1. Delete repository(RA,IA) by user(UA);
2. Delete project(PA);
3. Delete user(UA).
"""
#1. Create a new user(UA);
TestProjects.user_id, user_name = self.user.create_user(user_password = self.user_password, **ADMIN_CLIENT)
TestProjects.USER_CLIENT=dict(with_tag = True, endpoint = self.url, username = user_name, password = self.user_password)
#2. Create a new project(PA) by user(UA);
TestProjects.project_id, TestProjects.project_name = self.project.create_project(metadata = {"public": "false"}, **TestProjects.USER_CLIENT)
#3. Push an image(IA) to Harbor by docker successfully;
repo_name, tag = push_self_build_image_to_project(TestProjects.project_name, harbor_server, 'admin', 'Harbor12345', self.repo_name, "latest")
#4. Create a tag(1.0) for the image(IA)
self.artifact.create_tag(TestProjects.project_name, self.repo_name, tag, "1.0",**TestProjects.USER_CLIENT)
#5. Get the image(IA) from Harbor successfully;
artifact = self.artifact.get_reference_info(TestProjects.project_name, self.repo_name, tag, **TestProjects.USER_CLIENT)
#6. Verify the image(IA) contains tag named 1.0;
self.assertEqual(artifact.tags[0].name, "1.0")
self.assertEqual(artifact.tags[1].name, tag)
#7. Delete the tag(1.0) from image(IA);
self.artifact.delete_tag(TestProjects.project_name, self.repo_name, tag, "1.0",**TestProjects.USER_CLIENT)
#8. Get the image(latest) from Harbor successfully;
artifact = self.artifact.get_reference_info(TestProjects.project_name, self.repo_name, tag, **TestProjects.USER_CLIENT)
#9. Verify the image(IA) contains no tag named 1.0;
self.assertEqual(artifact.tags[0].name, tag)
class TestProjects(unittest.TestCase):
@suppress_urllib3_warning
def setUp(self):
self.project = Project()
self.user = User()
self.artifact = Artifact()
self.repo = Repository()
self.label = Label()
@unittest.skipIf(TEARDOWN == False, "Test data won't be erased.")
def tearDown(self):
#1. Delete repository(RA) by user(UA);
self.repo.delete_repository(TestProjects.project_add_g_lbl_name,
TestProjects.repo_name.split('/')[1],
**TestProjects.USER_add_g_lbl_CLIENT)
#2. Delete project(PA);
self.project.delete_project(TestProjects.project_add_g_lbl_id,
**TestProjects.USER_add_g_lbl_CLIENT)
#3. Delete user(UA);
self.user.delete_user(TestProjects.user_add_g_lbl_id, **ADMIN_CLIENT)
#4. Delete label(LA).
self.label.delete_label(TestProjects.label_id, **ADMIN_CLIENT)
def testAddSysLabelToRepo(self):
"""
Test case:
Add Global Label To Tag
Test step and expected result:
1. Create a new user(UA);
2. Create a new private project(PA) by user(UA);
3. Add user(UA) as a member of project(PA) with project-admin role;
4. Get private project of user(UA), user(UA) can see only one private project which is project(PA);
5. Create a new repository(RA) and tag(TA) in project(PA) by user(UA);
6. Create a new label(LA) in project(PA) by admin;;
7. Add this system global label to repository(RA)/tag(TA);
Tear down:
1. Delete repository(RA) by user(UA);
2. Delete project(PA);
3. Delete user(UA);
4. Delete label(LA).
"""
url = ADMIN_CLIENT["endpoint"]
user_001_password = "******"
#1. Create user-001
TestProjects.user_add_g_lbl_id, user_add_g_lbl_name = self.user.create_user(
user_password=user_001_password, **ADMIN_CLIENT)
TestProjects.USER_add_g_lbl_CLIENT = dict(endpoint=url,
username=user_add_g_lbl_name,
password=user_001_password)
#2. Create private project-001
TestProjects.project_add_g_lbl_id, TestProjects.project_add_g_lbl_name = self.project.create_project(
metadata={"public": "false"}, **ADMIN_CLIENT)
#3. Add user-001 as a member of project-001 with project-admin role
self.project.add_project_members(
TestProjects.project_add_g_lbl_id,
user_id=TestProjects.user_add_g_lbl_id,
**ADMIN_CLIENT)
#4. Get private project of user(UA), user(UA) can see only one private project which is project(PA);
self.project.projects_should_exist(
dict(public=False),
expected_count=1,
expected_project_id=TestProjects.project_add_g_lbl_id,
**TestProjects.USER_add_g_lbl_CLIENT)
#5. Create a new repository(RA) and tag(TA) in project(PA) by user(UA);
TestProjects.repo_name, tag = push_self_build_image_to_project(
TestProjects.project_add_g_lbl_name, harbor_server,
user_add_g_lbl_name, user_001_password, "test_sys_label", "latest")
#6. Create a new label(LA) in project(PA) by admin;
TestProjects.label_id, _ = self.label.create_label(**ADMIN_CLIENT)
#7. Add this system global label to repository(RA)/tag(TA).
self.artifact.add_label_to_reference(
TestProjects.project_add_g_lbl_name,
TestProjects.repo_name.split('/')[1], tag,
int(TestProjects.label_id), **TestProjects.USER_add_g_lbl_CLIENT)
class TestProjects(unittest.TestCase):
@suppress_urllib3_warning
def setUp(self):
self.project = Project()
self.user = User()
self.repo = Repository()
self.projectv2 = ProjectV2()
@unittest.skipIf(TEARDOWN == False, "Test data won't be erased.")
def tearDown(self):
print("Case completed")
#1. Delete project(PA);
self.project.delete_project(TestProjects.project_user_view_logs_id,
**TestProjects.USER_USER_VIEW_LOGS_CLIENT)
#2. Delete user(UA);
self.user.delete_user(TestProjects.user_user_view_logs_id,
**ADMIN_CLIENT)
def testUserViewLogs(self):
"""
Test case:
User View Logs
Test step and expected result:
1. Create a new user(UA);
2. Create a new project(PA) by user(UA), in project(PA), there should be 1 'create' log record;;
3. Push a new image(IA) in project(PA) by admin, in project(PA), there should be 1 'push' log record;;
4. Delete repository(RA) by user(UA), in project(PA), there should be 1 'delete' log record;;
Tear down:
1. Delete project(PA);
2. Delete user(UA).
"""
test_result = TestResult()
url = ADMIN_CLIENT["endpoint"]
admin_name = ADMIN_CLIENT["username"]
admin_password = ADMIN_CLIENT["password"]
user_content_trust_password = "******"
#1. Create a new user(UA);
TestProjects.user_user_view_logs_id, user_user_view_logs_name = self.user.create_user(
user_password=user_content_trust_password, **ADMIN_CLIENT)
TestProjects.USER_USER_VIEW_LOGS_CLIENT = dict(
endpoint=url,
username=user_user_view_logs_name,
password=user_content_trust_password)
#2.1 Create a new project(PA) by user(UA);
TestProjects.project_user_view_logs_id, project_user_view_logs_name = self.project.create_project(
metadata={"public": "false"},
**TestProjects.USER_USER_VIEW_LOGS_CLIENT)
time.sleep(2)
#2.2 In project(PA), there should be 1 'create' log record;
operation = "create"
log_count = self.projectv2.filter_project_logs(
project_user_view_logs_name, user_user_view_logs_name,
project_user_view_logs_name, "project", operation,
**TestProjects.USER_USER_VIEW_LOGS_CLIENT)
if log_count != 1:
test_result.add_test_result(
"1 - Failed to get log with user:{}, resource:{}, resource_type:{} and operation:{}, expect count 1, but actual is {}."
.format(user_user_view_logs_name, project_user_view_logs_name,
"project", operation, log_count))
#3.1 Push a new image(IA) in project(PA) by admin;
repo_name, tag = push_image_to_project(project_user_view_logs_name,
harbor_server, admin_name,
admin_password, "tomcat",
"latest")
time.sleep(2)
#3.2 In project(PA), there should be 1 'push' log record;
operation = "create"
log_count = self.projectv2.filter_project_logs(
project_user_view_logs_name, admin_name,
r'{}:{}'.format(repo_name, tag), "artifact", operation,
**TestProjects.USER_USER_VIEW_LOGS_CLIENT)
if log_count != 1:
test_result.add_test_result(
"2 - Failed to get log with user:{}, resource:{}, resource_type:{} and operation:{}, expect count 1, but actual is {}."
.format(user_user_view_logs_name, project_user_view_logs_name,
"artifact", operation, log_count))
#4.1 Delete repository(RA) by user(UA);
self.repo.delete_repoitory(project_user_view_logs_name,
repo_name.split('/')[1],
**TestProjects.USER_USER_VIEW_LOGS_CLIENT)
time.sleep(6)
#4.2 In project(PA), there should be 1 'delete' log record;
operation = "delete"
log_count = self.projectv2.filter_project_logs(
project_user_view_logs_name, user_user_view_logs_name, repo_name,
"repository", operation, **TestProjects.USER_USER_VIEW_LOGS_CLIENT)
if log_count != 1:
test_result.add_test_result(
"5 - Failed to get log with user:{}, resource:{}, resource_type:{} and operation:{}, expect count 1, but actual is {}."
.format(user_user_view_logs_name, project_user_view_logs_name,
"repository", operation, log_count))
test_result.get_final_result()
class TestProjects(unittest.TestCase):
@classmethod
def setUp(self):
self.system = System()
self.project = Project()
self.user = User()
self.artifact = Artifact()
self.repo = Repository()
self.scanner = Scanner()
@classmethod
def tearDown(self):
print "Case completed"
@unittest.skipIf(TEARDOWN == False, "Test data won't be erased.")
def test_ClearData(self):
#1. Delete Alice's repository and Luca's repository;
self.repo.delete_repoitory(TestProjects.project_Alice_name,
TestProjects.repo_Alice_name.split('/')[1],
**ADMIN_CLIENT)
self.repo.delete_repoitory(TestProjects.project_Luca_name,
TestProjects.repo_Luca_name.split('/')[1],
**ADMIN_CLIENT)
#2. Delete Alice's project and Luca's project;
self.project.delete_project(TestProjects.project_Alice_id,
**ADMIN_CLIENT)
self.project.delete_project(TestProjects.project_Luca_id,
**ADMIN_CLIENT)
#3. Delete user Alice and Luca.
self.user.delete_user(TestProjects.user_Alice_id, **ADMIN_CLIENT)
self.user.delete_user(TestProjects.user_Luca_id, **ADMIN_CLIENT)
def testSystemLevelScanALL(self):
"""
Test case:
System level Scan All
Test step and expected result:
1. Create user Alice and Luca;
2. Create 2 new private projects project_Alice and project_Luca;
3. Push a image to project_Alice and push another image to project_Luca;
4. Trigger scan all event;
5. Check if image in project_Alice and another image in project_Luca were both scanned.
Tear down:
1. Delete Alice's repository and Luca's repository;
2. Delete Alice's project and Luca's project;
3. Delete user Alice and Luca.
"""
url = ADMIN_CLIENT["endpoint"]
user_common_password = "******"
#1. Create user Alice and Luca;
TestProjects.user_Alice_id, user_Alice_name = self.user.create_user(
user_password=user_common_password, **ADMIN_CLIENT)
TestProjects.user_Luca_id, user_Luca_name = self.user.create_user(
user_password=user_common_password, **ADMIN_CLIENT)
USER_ALICE_CLIENT = dict(endpoint=url,
username=user_Alice_name,
password=user_common_password,
with_scan_overview=True)
USER_LUCA_CLIENT = dict(endpoint=url,
username=user_Luca_name,
password=user_common_password,
with_scan_overview=True)
#2. Create 2 new private projects project_Alice and project_Luca;
TestProjects.project_Alice_id, TestProjects.project_Alice_name = self.project.create_project(
metadata={"public": "false"}, **USER_ALICE_CLIENT)
TestProjects.project_Luca_id, TestProjects.project_Luca_name = self.project.create_project(
metadata={"public": "false"}, **USER_LUCA_CLIENT)
#3. Push a image to project_Alice and push another image to project_Luca;
#Note: Please make sure that this Image has never been pulled before by any other cases,
# so it is a not-scanned image rigth after repository creation.
#image = "tomcat"
image_a = "mariadb"
src_tag = "latest"
#3.1 Push a image to project_Alice;
TestProjects.repo_Alice_name, tag_Alice = push_image_to_project(
TestProjects.project_Alice_name, harbor_server, user_Alice_name,
user_common_password, image_a, src_tag)
#Note: Please make sure that this Image has never been pulled before by any other cases,
# so it is a not-scanned image rigth after repository creation.
image_b = "httpd"
src_tag = "latest"
#3.2 push another image to project_Luca;
TestProjects.repo_Luca_name, tag_Luca = push_image_to_project(
TestProjects.project_Luca_name, harbor_server, user_Luca_name,
user_common_password, image_b, src_tag)
#4. Trigger scan all event;
self.system.scan_now(**ADMIN_CLIENT)
#5. Check if image in project_Alice and another image in project_Luca were both scanned.
self.artifact.check_image_scan_result(TestProjects.project_Alice_name,
image_a, tag_Alice,
**USER_ALICE_CLIENT)
self.artifact.check_image_scan_result(TestProjects.project_Luca_name,
image_b, tag_Luca,
**USER_LUCA_CLIENT)
#6. Swith Scanner;
uuid = self.scanner.scanners_get_uuid(**ADMIN_CLIENT)
self.scanner.scanners_registration_id_patch(uuid, **ADMIN_CLIENT)
#7. Trigger scan all event;
self.system.scan_now(**ADMIN_CLIENT)
#8. Check if image in project_Alice and another image in project_Luca were both scanned.
self.artifact.check_image_scan_result(TestProjects.project_Alice_name,
image_a, tag_Alice,
**USER_ALICE_CLIENT)
self.artifact.check_image_scan_result(TestProjects.project_Luca_name,
image_b, tag_Luca,
**USER_LUCA_CLIENT)
class TestProjects(unittest.TestCase):
@suppress_urllib3_warning
def setUp(self):
self.project = Project()
self.user = User()
self.artifact = Artifact()
self.repo = Repository()
self.repo_name_1 = "test1_sign"
@unittest.skipIf(TEARDOWN == False, "Test data won't be erased.")
def tearDown(self):
# remove the deletion as the signed image cannot be deleted.
#1. Delete repository(RA) by user(UA);
#self.repo.delete_repoitory(TestProjects.project_sign_image_name, TestProjects.repo_name.split('/')[1], **TestProjects.USER_sign_image_CLIENT)
#2. Delete project(PA);
#self.project.delete_project(TestProjects.project_sign_image_id, **TestProjects.USER_sign_image_CLIENT)
#3. Delete user(UA);
self.user.delete_user(TestProjects.user_sign_image_id, **ADMIN_CLIENT)
def testSignImage(self):
"""
Test case:
Sign A Image
Test step and expected result:
1. Create a new user(UA);
2. Create a new private project(PA) by user(UA);
3. Add user(UA) as a member of project(PA) with project-admin role;
4. Get private project of user(UA), user(UA) can see only one private project which is project(PA);
5. Create a new repository(RA) and tag(TA) in project(PA) by user(UA);
6. Sign image with tag(TA) which was tagged by step #5;
7. Get signature of image with tag(TA), it should be exist.
Tear down:
NA
"""
url = ADMIN_CLIENT["endpoint"]
user_001_password = "******"
#1. Create user-001
TestProjects.user_sign_image_id, user_sign_image_name = self.user.create_user(
user_password=user_001_password, **ADMIN_CLIENT)
TestProjects.USER_sign_image_CLIENT = dict(
with_signature=True,
endpoint=url,
username=user_sign_image_name,
password=user_001_password)
#2. Create a new private project(PA) by user(UA);
TestProjects.project_sign_image_id, TestProjects.project_sign_image_name = self.project.create_project(
metadata={"public": "false"}, **ADMIN_CLIENT)
#3. Add user(UA) as a member of project(PA) with project-admin role;
self.project.add_project_members(
TestProjects.project_sign_image_id,
user_id=TestProjects.user_sign_image_id,
**ADMIN_CLIENT)
#4. Get private project of user(UA), user(UA) can see only one private project which is project(PA);
self.project.projects_should_exist(
dict(public=False),
expected_count=1,
expected_project_id=TestProjects.project_sign_image_id,
**TestProjects.USER_sign_image_CLIENT)
#Note:busybox is pulled in setup phase, and setup is a essential phase.
image = "busybox"
tag = "latest"
#5. Create a new repository(RA) and tag(TA) in project(PA) by user(UA);
#TestProjects.repo_name, tag = push_self_build_image_to_project(TestProjects.project_sign_image_name, harbor_server, user_sign_image_name, user_001_password, image, src_tag)
#6. Sign image with tag(TA) which was tagged by step #5;
sign_image(harbor_server, TestProjects.project_sign_image_name, image,
tag)
#7. Get signature of image with tag(TA), it should be exist.
artifact = self.artifact.get_reference_info(
TestProjects.project_sign_image_name, image, tag,
**TestProjects.USER_sign_image_CLIENT)
self.assertEqual(artifact.tags[0].signed, True)
push_special_image_to_project(TestProjects.project_sign_image_name,
harbor_server, user_sign_image_name,
user_001_password, self.repo_name_1,
['1.0'])
self.repo.delete_repoitory(TestProjects.project_sign_image_name,
self.repo_name_1,
**TestProjects.USER_sign_image_CLIENT)
self.repo.delete_repoitory(
TestProjects.project_sign_image_name,
image,
expect_status_code=412,
expect_response_body="with signature cannot be deleted",
**TestProjects.USER_sign_image_CLIENT)
class TestProjects(unittest.TestCase):
@suppress_urllib3_warning
def setUp(self):
self.project = Project()
self.user = User()
self.artifact = Artifact()
self.repo = Repository()
@unittest.skipIf(TEARDOWN == True, "Test data won't be erased.")
def tearDown(self):
#1. Delete repository(RA) by user(UA);
self.repo.delete_repository(TestProjects.project_content_trust_name,
TestProjects.repo_name.split('/')[1],
**TestProjects.USER_CONTENT_TRUST_CLIENT)
#2. Delete project(PA);
self.project.delete_project(TestProjects.project_content_trust_id,
**TestProjects.USER_CONTENT_TRUST_CLIENT)
#3. Delete user(UA);
self.user.delete_user(TestProjects.user_content_trust_id,
**ADMIN_CLIENT)
def testProjectLevelPolicyContentTrust(self):
"""
Test case:
Project Level Policy Content Trust
Test step and expected result:
1. Create a new user(UA);
2. Create a new project(PA) by user(UA);
3. Push a new image(IA) in project(PA) by admin;
4. Image(IA) should exist;
5. Pull image(IA) successfully;
6. Enable content trust in project(PA) configuration;
7. Pull image(IA) failed and the reason is "The image is not signed in Notary".
Tear down:
1. Delete repository(RA) by user(UA);
2. Delete project(PA);
3. Delete user(UA);
"""
url = ADMIN_CLIENT["endpoint"]
image = "test_content_trust"
user_content_trust_password = "******"
#1. Create a new user(UA);
TestProjects.user_content_trust_id, user_content_trust_name = self.user.create_user(
user_password=user_content_trust_password, **ADMIN_CLIENT)
TestProjects.USER_CONTENT_TRUST_CLIENT = dict(
endpoint=url,
username=user_content_trust_name,
password=user_content_trust_password)
#2. Create a new project(PA) by user(UA);
TestProjects.project_content_trust_id, TestProjects.project_content_trust_name = self.project.create_project(
metadata={"public": "false"},
**TestProjects.USER_CONTENT_TRUST_CLIENT)
#3. Push a new image(IA) in project(PA) by admin;
TestProjects.repo_name, tag = push_self_build_image_to_project(
TestProjects.project_content_trust_name, harbor_server,
ADMIN_CLIENT["username"], ADMIN_CLIENT["password"], image,
"latest")
#4. Image(IA) should exist;
artifact = self.artifact.get_reference_info(
TestProjects.project_content_trust_name, image, tag,
**TestProjects.USER_CONTENT_TRUST_CLIENT)
self.assertEqual(artifact.tags[0].name, tag)
docker_image_clean_all()
#5. Pull image(IA) successfully;
pull_harbor_image(harbor_server, ADMIN_CLIENT["username"],
ADMIN_CLIENT["password"], TestProjects.repo_name,
tag)
self.project.get_project(TestProjects.project_content_trust_id)
#6. Enable content trust in project(PA) configuration;
self.project.update_project(TestProjects.project_content_trust_id,
metadata={"enable_content_trust": "true"},
**TestProjects.USER_CONTENT_TRUST_CLIENT)
self.project.get_project(TestProjects.project_content_trust_id)
#7. Pull image(IA) failed and the reason is "The image is not signed in Notary".
docker_image_clean_all()
pull_harbor_image(
harbor_server,
ADMIN_CLIENT["username"],
ADMIN_CLIENT["password"],
TestProjects.repo_name,
tag,
expected_error_message="The image is not signed in Notary")
class TestScan(unittest.TestCase):
@suppress_urllib3_warning
def setUp(self):
self.project = Project()
self.user = User()
self.artifact = Artifact()
self.repo = Repository()
self.scan = Scan()
self.url = ADMIN_CLIENT["endpoint"]
self.user_password = "******"
self.project_id, self.project_name, self.user_id, self.user_name, self.repo_name1, self.repo_name2 = [
None
] * 6
self.user_id, self.user_name = self.user.create_user(
user_password=self.user_password, **ADMIN_CLIENT)
self.USER_CLIENT = dict(with_signature=True,
with_immutable_status=True,
endpoint=self.url,
username=self.user_name,
password=self.user_password,
with_scan_overview=True)
#2. Create a new private project(PA) by user(UA);
self.project_id, self.project_name = self.project.create_project(
metadata={"public": "false"}, **ADMIN_CLIENT)
#3. Add user(UA) as a member of project(PA) with project-admin role;
self.project.add_project_members(self.project_id,
user_id=self.user_id,
**ADMIN_CLIENT)
@unittest.skipIf(TEARDOWN == True, "Test data won't be erased.")
def do_tearDown(self):
#1. Delete repository(RA) by user(UA);
self.repo.delete_repoitory(self.project_name,
self.repo_name1.split('/')[1],
**self.USER_CLIENT)
self.repo.delete_repoitory(self.project_name,
self.repo_name2.split('/')[1],
**self.USER_CLIENT)
#2. Delete project(PA);
self.project.delete_project(self.project_id, **self.USER_CLIENT)
#3. Delete user(UA);
self.user.delete_user(self.user_id, **ADMIN_CLIENT)
def testScanImageArtifact(self):
"""
Test case:
Scan An Image Artifact
Test step and expected result:
1. Create a new user(UA);
2. Create a new private project(PA) by user(UA);
3. Add user(UA) as a member of project(PA) with project-admin role;
4. Get private project of user(UA), user(UA) can see only one private project which is project(PA);
5. Create a new repository(RA) and tag(TA) in project(PA) by user(UA);
6. Send scan image command and get tag(TA) information to check scan result, it should be finished;
7. Swith Scanner;
8. Send scan another image command and get tag(TA) information to check scan result, it should be finished.
Tear down:
1. Delete repository(RA) by user(UA);
2. Delete project(PA);
3. Delete user(UA);
"""
#4. Get private project of user(UA), user(UA) can see only one private project which is project(PA);
self.project.projects_should_exist(dict(public=False),
expected_count=1,
expected_project_id=self.project_id,
**self.USER_CLIENT)
#Note: Please make sure that this Image has never been pulled before by any other cases,
# so it is a not-scanned image right after repository creation.
image = "docker"
src_tag = "1.13"
#5. Create a new repository(RA) and tag(TA) in project(PA) by user(UA);
self.repo_name1, tag = push_self_build_image_to_project(
self.project_name, harbor_server, self.user_name,
self.user_password, image, src_tag)
#6. Send scan image command and get tag(TA) information to check scan result, it should be finished;
self.scan.scan_artifact(self.project_name,
self.repo_name1.split('/')[1], tag,
**self.USER_CLIENT)
self.artifact.check_image_scan_result(self.project_name, image, tag,
**self.USER_CLIENT)
self.do_tearDown()
def testScanSignedImage(self):
"""
Test case:
Scan A Signed Image
Test step and expected result:
1. Create a new user(UA);
2. Create a new private project(PA) by user(UA);
3. Add user(UA) as a member of project(PA) with project-admin role;
4. Get private project of user(UA), user(UA) can see only one private project which is project(PA);
5. Create a new repository(RA) and tag(TA) in project(PA) by user(UA);
6. Send scan image command and get tag(TA) information to check scan result, it should be finished;
7. Swith Scanner;
8. Send scan another image command and get tag(TA) information to check scan result, it should be finished.
Tear down:
1. Delete repository(RA) by user(UA);
2. Delete project(PA);
3. Delete user(UA);
"""
#Note: Please make sure that this Image has never been pulled before by any other cases,
# so it is a not-scanned image right after repository creation.
#Note:busybox is pulled in setup phase, and setup is a essential phase.
image = "busybox"
tag = "latest"
#5. Create a new repository(RA) and tag(TA) in project(PA) by user(UA);
#TestScan.repo_name_1, tag = push_self_build_image_to_project(self.project_name, harbor_server, self.user_name, self.user_password, image, tag)
sign_image(harbor_server, self.project_name, image, tag)
#6. Send scan image command and get tag(TA) information to check scan result, it should be finished;
self.scan.scan_artifact(self.project_name, image, tag,
**self.USER_CLIENT)
self.artifact.check_image_scan_result(self.project_name, image, tag,
**self.USER_CLIENT)
