def test_push_with_dist_perms(self): """ Test that it's enough to have container distribution and namespace perms to perform push. It also checks read abilities for users with different set of permissions. """ repo_name = "test/perms" local_url = "/".join([self.registry_name, f"{repo_name}:2.0"]) image_path = f"{DOCKERHUB_PULP_FIXTURE_1}:manifest_a" self._push(image_path, local_url, self.user_creator) distributions = self.user_creator["distribution_api"].list( name="test/perms") add_user_to_distribution_group( self.user_dist_collaborator, distributions.results[0], "collaborators", self.user_creator, ) distributions = self.user_creator["distribution_api"].list( name="test/perms") add_user_to_distribution_group( self.user_dist_consumer, distributions.results[0], "consumers", self.user_creator, ) add_user_to_namespace_group( self.user_namespace_collaborator, "test", "collaborators", self.user_creator, ) self.assertEqual(self.pushrepository_api.list(name=repo_name).count, 1) self.assertEqual( self.user_creator["pushrepository_api"].list(name=repo_name).count, 1) self.assertEqual( self.user_dist_collaborator["pushrepository_api"].list( name=repo_name).count, 1) self.assertEqual( self.user_dist_consumer["pushrepository_api"].list( name=repo_name).count, 1) self.assertEqual( self.user_namespace_collaborator["pushrepository_api"].list( name=repo_name).count, 1) self.assertEqual( self.user_reader["pushrepository_api"].list(name=repo_name).count, 1) # cleanup, namespace removal also removes related distributions namespace = self.namespace_api.list(name="test").results[0] self.addCleanup(self.namespace_api.delete, namespace.pulp_href)
def test_private_repository(self): """ Test that you can create a private distribution and push to it. Test that the same user can pull, but another cannot. Test that the other user can pull after marking it non-private. """ # cleanup, namespace removal also removes related distributions try: namespace = self.namespace_api.list(name="test").results[0] namespace_response = self.namespace_api.delete(namespace.pulp_href) monitor_task(namespace_response.task) except Exception: pass repo_name = "test/private" local_url = "/".join([self.registry_name, f"{repo_name}:2.0"]) image_path = f"{DOCKERHUB_PULP_FIXTURE_1}:manifest_a" distribution = { "name": "test/private", "base_path": "test/private", "private": True } distribution_response = self.user_creator["distribution_api"].create( distribution) created_resources = monitor_task( distribution_response.task).created_resources distribution = self.user_creator["distribution_api"].read( created_resources[0]) self._push(image_path, local_url, self.user_creator) self._pull(local_url, self.user_creator) add_user_to_distribution_group(self.user_dist_consumer, distribution, "consumers", self.user_creator) self._pull(local_url, self.user_dist_consumer) with self.assertRaises(exceptions.CalledProcessError): self._pull(local_url, self.user_reader) with self.assertRaises(exceptions.CalledProcessError): self._pull(local_url, self.user_helpless) distribution.private = False distribution_response = self.user_creator[ "distribution_api"].partial_update(distribution.pulp_href, {"private": False}) monitor_task(distribution_response.task) self._pull(local_url, self.user_reader) self._pull(local_url, self.user_helpless) # cleanup, namespace removal also removes related distributions namespace = self.namespace_api.list(name="test").results[0] self.addCleanup(self.namespace_api.delete, namespace.pulp_href)
def test_push_to_existing_namespace(self): """ Test the push to existing namespace with collaborator permissions. Container distribution perms and manage-namespace one should be enough to push a new distribution. Container distribution perms shouls be enough to push to the existing distribution. """ repo_name = "team/owner" local_url = "/".join([self.registry_name, f"{repo_name}:2.0"]) image_path = f"{DOCKERHUB_PULP_FIXTURE_1}:manifest_a" self._push(image_path, local_url, self.user_creator) # Add user_dist_collaborator to the collaborator group distributions = self.user_creator["distribution_api"].list( name="team/owner") add_user_to_distribution_group( self.user_dist_collaborator, distributions.results[0], "collaborators", self.user_creator, ) collab_repo_name = "team/owner" local_url = "/".join([self.registry_name, f"{collab_repo_name}:2.0"]) image_path = f"{DOCKERHUB_PULP_FIXTURE_1}:manifest_b" self._push(image_path, local_url, self.user_dist_collaborator) collab_repo_name = "team/collab" local_url = "/".join([self.registry_name, f"{collab_repo_name}:2.0"]) image_path = f"{DOCKERHUB_PULP_FIXTURE_1}:manifest_d" with self.assertRaises(exceptions.CalledProcessError): self._push(image_path, local_url, self.user_dist_collaborator) add_user_to_namespace_group(self.user_namespace_collaborator, "team", "collaborators", self.user_creator) collab_repo_name = "team/collab" local_url = "/".join([self.registry_name, f"{collab_repo_name}:2.0"]) image_path = f"{DOCKERHUB_PULP_FIXTURE_1}:manifest_c" self._push(image_path, local_url, self.user_namespace_collaborator) # cleanup, namespace removal also removes related distributions namespace = self.namespace_api.list(name="team").results[0] self.addCleanup(self.namespace_api.delete, namespace.pulp_href)