class TestLdapAdminRole(unittest.TestCase):
@classmethod
def setUp(self):
url = ADMIN_CLIENT["endpoint"]
self.conf = Configurations()
self.uesr = User()
self.project = Project()
self.USER_MIKE = dict(endpoint=url,
username="******",
password="******")
@classmethod
def tearDown(self):
self.project.delete_project(TestLdapAdminRole.project_id,
**self.USER_MIKE)
print("Case completed")
def testLdapAdminRole(self):
"""
Test case:
LDAP Admin Role
Test step and expected result:
1. Set LDAP Auth configurations;
2. Create a new public project(PA) by LDAP user mike;
3. Check project is created successfully;
4. Check mike is not admin;
5. Delete project(PA);
"""
self.conf.set_configurations_of_ldap(
ldap_group_admin_dn="cn=harbor_users,ou=groups,dc=example,dc=com",
**ADMIN_CLIENT)
TestLdapAdminRole.project_id, project_name = self.project.create_project(
metadata={"public": "false"}, **self.USER_MIKE)
self.project.check_project_name_exist(name=project_name,
**self.USER_MIKE)
_user = self.uesr.get_user_by_name(self.USER_MIKE["username"],
**ADMIN_CLIENT)
self.assertFalse(_user.sysadmin_flag)
class TestAssignRoleToLdapGroup(unittest.TestCase):
@suppress_urllib3_warning
def setUp(self):
self.conf = Configurations()
self.project = Project()
self.artifact = Artifact()
self.repo = Repository()
self.user = User()
@unittest.skipIf(TEARDOWN == False, "Test data won't be erased.")
def tearDown(self):
print("Case completed")
def testAssignRoleToLdapGroup(self):
"""
Test case:
Assign Role To Ldap Group
Test step and expected result:
1. Set LDAP Auth configurations;
2. Create a new public project(PA) by Admin;
3. Add 3 member groups to project(PA);
4. Push image by each member role;
5. Verfify that admin_user can add project member, dev_user and guest_user can not add project member;
6. Verfify that admin_user and dev_user can push image, guest_user can not push image;
7. Verfify that admin_user, dev_user and guest_user can view logs, test user can not view logs.
8. Delete repository(RA) by user(UA);
9. Delete project(PA);
"""
url = ADMIN_CLIENT["endpoint"]
USER_ADMIN = dict(endpoint=url,
username="******",
password="******",
repo="haproxy")
USER_DEV = dict(endpoint=url,
username="******",
password="******",
repo="alpine")
USER_GUEST = dict(endpoint=url,
username="******",
password="******",
repo="busybox")
USER_TEST = dict(endpoint=url, username="******", password="******")
USER_MIKE = dict(endpoint=url, username="******", password="******")
#USER001 is in group harbor_group3
self.conf.set_configurations_of_ldap(
ldap_filter="",
ldap_group_attribute_name="cn",
ldap_group_base_dn="ou=groups,dc=example,dc=com",
ldap_group_search_filter="objectclass=groupOfNames",
ldap_group_search_scope=2,
**ADMIN_CLIENT)
with created_project(metadata={"public": "false"}) as (project_id,
project_name):
self.project.add_project_members(
project_id,
member_role_id=1,
_ldap_group_dn="cn=harbor_admin,ou=groups,dc=example,dc=com",
**ADMIN_CLIENT)
self.project.add_project_members(
project_id,
member_role_id=2,
_ldap_group_dn="cn=harbor_dev,ou=groups,dc=example,dc=com",
**ADMIN_CLIENT)
self.project.add_project_members(
project_id,
member_role_id=3,
_ldap_group_dn="cn=harbor_guest,ou=groups,dc=example,dc=com",
**ADMIN_CLIENT)
projects = self.project.get_projects(dict(name=project_name),
**USER_ADMIN)
self.assertTrue(len(projects) == 1)
self.assertEqual(1, projects[0].current_user_role_id)
#Mike has logged in harbor in previous test.
mike = self.user.get_user_by_name(USER_MIKE["username"],
**ADMIN_CLIENT)
#Verify role difference in add project member feature, to distinguish between admin and dev role
self.project.add_project_members(project_id,
user_id=mike.user_id,
member_role_id=3,
**USER_ADMIN)
self.project.add_project_members(project_id,
user_id=mike.user_id,
member_role_id=3,
expect_status_code=403,
**USER_DEV)
self.project.add_project_members(project_id,
user_id=mike.user_id,
member_role_id=3,
expect_status_code=403,
**USER_GUEST)
repo_name_admin, _ = push_image_to_project(
project_name, harbor_server, USER_ADMIN["username"],
USER_ADMIN["password"], USER_ADMIN["repo"], "latest")
artifacts = self.artifact.list_artifacts(project_name,
USER_ADMIN["repo"],
**USER_ADMIN)
self.assertTrue(len(artifacts) == 1)
repo_name_dev, _ = push_image_to_project(
project_name, harbor_server, USER_DEV["username"],
USER_DEV["password"], USER_DEV["repo"], "latest")
artifacts = self.artifact.list_artifacts(project_name,
USER_DEV["repo"],
**USER_DEV)
self.assertTrue(len(artifacts) == 1)
push_image_to_project(
project_name,
harbor_server,
USER_GUEST["username"],
USER_GUEST["password"],
USER_GUEST["repo"],
"latest",
expected_error_message="unauthorized to access repository")
artifacts = self.artifact.list_artifacts(project_name,
USER_GUEST["repo"],
**USER_GUEST)
self.assertTrue(len(artifacts) == 0)
self.assertTrue(
self.project.query_user_logs(project_name, **USER_ADMIN) > 0,
"admin user can see logs")
self.assertTrue(
self.project.query_user_logs(project_name, **USER_DEV) > 0,
"dev user can see logs")
self.assertTrue(
self.project.query_user_logs(project_name, **USER_GUEST) > 0,
"guest user can see logs")
self.assertTrue(
self.project.query_user_logs(project_name,
status_code=403,
**USER_TEST) == 0,
"test user can not see any logs")
self.repo.delete_repository(project_name,
repo_name_admin.split('/')[1],
**USER_ADMIN)
self.repo.delete_repository(project_name,
repo_name_dev.split('/')[1],
**USER_ADMIN)
