Esempio n. 1
0
 def setUp(self):
     self.system = System()
     self.project = Project()
     self.user = User()
     self.repo = Repository(api_type='repository')
Esempio n. 2
0
class TestRobotAccount(unittest.TestCase):
    @suppress_urllib3_warning
    def setUp(self):
        self.project = Project()
        self.user = User()
        self.repo = Repository()
        self.artifact = Artifact()
        self.robot = Robot()
        self.scan = Scan()
        self.label = Label()
        self.chart = Chart()

        TestRobotAccount.url = ADMIN_CLIENT["endpoint"]
        TestRobotAccount.user_ra_password = "******"
        print("setup")

    @unittest.skipIf(TEARDOWN == True, "Test data won't be erased.")
    def do_01_tearDown(self):
        #1. Delete repository(RA) by user(UA);
        self.repo.delete_repository(self.project_ra_name_a,
                                    self.repo_name_in_project_a.split('/')[1],
                                    **self.USER_RA_CLIENT)
        self.repo.delete_repository(self.project_ra_name_b,
                                    self.repo_name_in_project_b.split('/')[1],
                                    **self.USER_RA_CLIENT)
        self.repo.delete_repository(self.project_ra_name_c,
                                    self.repo_name_in_project_c.split('/')[1],
                                    **self.USER_RA_CLIENT)
        self.repo.delete_repository(self.project_ra_name_a,
                                    self.repo_name_pa.split('/')[1],
                                    **self.USER_RA_CLIENT)

        #2. Delete project(PA);
        self.project.delete_project(self.project_ra_id_a,
                                    **self.USER_RA_CLIENT)
        self.project.delete_project(self.project_ra_id_b,
                                    **self.USER_RA_CLIENT)
        self.project.delete_project(self.project_ra_id_c,
                                    **self.USER_RA_CLIENT)

        #3. Delete user(UA).
        self.user.delete_user(self.user_ra_id, **ADMIN_CLIENT)

    def test_01_ProjectlevelRobotAccount(self):
        """
        Test case:
            Robot Account
        Test step and expected result:
			1. Create user(UA);
			2. Create private project(PA), private project(PB) and public project(PC) by user(UA);
			3. Push image(ImagePA) to project(PA), image(ImagePB) to project(PB) and image(ImagePC) to project(PC) by user(UA);
			4. Create a new robot account(RA) with pull and push privilige in project(PA) by user(UA);
			5. Check robot account info, it should has both pull and push priviliges;
			6. Pull image(ImagePA) from project(PA) by robot account(RA), it must be successful;
			7. Push image(ImageRA) to project(PA) by robot account(RA), it must be successful;
			8. Push image(ImageRA) to project(PB) by robot account(RA), it must be not successful;
			9. Pull image(ImagePB) from project(PB) by robot account(RA), it must be not successful;
			10. Pull image from project(PC), it must be successful;
			11. Push image(ImageRA) to project(PC) by robot account(RA), it must be not successful;
			12. Update action property of robot account(RA);
			13. Pull image(ImagePA) from project(PA) by robot account(RA), it must be not successful;
			14. Push image(ImageRA) to project(PA) by robot account(RA), it must be not successful;
			15. Delete robot account(RA), it must be not successful.
        Tear down:
            1. Delete repository(RA) by user(UA);
            2. Delete project(PA);
            3. Delete user(UA).
        """
        image_project_a = "haproxy"
        image_project_b = "hello-world"
        image_project_c = "httpd"
        image_robot_account = "alpine"
        tag = "latest"

        #1. Create user(UA);"
        self.user_ra_id, user_ra_name = self.user.create_user(
            user_password=TestRobotAccount.user_ra_password, **ADMIN_CLIENT)
        self.USER_RA_CLIENT = dict(endpoint=TestRobotAccount.url,
                                   username=user_ra_name,
                                   password=TestRobotAccount.user_ra_password)

        #2. Create private project(PA), private project(PB) and public project(PC) by user(UA);
        self.project_ra_id_a, self.project_ra_name_a = self.project.create_project(
            metadata={"public": "false"}, **self.USER_RA_CLIENT)
        self.project_ra_id_b, self.project_ra_name_b = self.project.create_project(
            metadata={"public": "false"}, **self.USER_RA_CLIENT)
        self.project_ra_id_c, self.project_ra_name_c = self.project.create_project(
            metadata={"public": "true"}, **self.USER_RA_CLIENT)

        #3. Push image(ImagePA) to project(PA), image(ImagePB) to project(PB) and image(ImagePC) to project(PC) by user(UA);
        self.repo_name_in_project_a, tag_a = push_self_build_image_to_project(
            self.project_ra_name_a, harbor_server, user_ra_name,
            TestRobotAccount.user_ra_password, image_project_a, tag)
        self.repo_name_in_project_b, tag_b = push_self_build_image_to_project(
            self.project_ra_name_b, harbor_server, user_ra_name,
            TestRobotAccount.user_ra_password, image_project_b, tag)
        self.repo_name_in_project_c, tag_c = push_self_build_image_to_project(
            self.project_ra_name_c, harbor_server, user_ra_name,
            TestRobotAccount.user_ra_password, image_project_c, tag)

        #4. Create a new robot account(RA) with pull and push privilege in project(PA) by user(UA);
        robot_id, robot_account = self.robot.create_project_robot(
            self.project_ra_name_a, 30, **self.USER_RA_CLIENT)

        #5. Check robot account info, it should has both pull and push privilege;
        data = self.robot.get_robot_account_by_id(robot_id,
                                                  **self.USER_RA_CLIENT)
        _assert_status_code(robot_account.name, data.name)

        #6. Pull image(ImagePA) from project(PA) by robot account(RA), it must be successful;
        pull_harbor_image(harbor_server, robot_account.name,
                          robot_account.secret, self.repo_name_in_project_a,
                          tag_a)

        #7. Push image(ImageRA) to project(PA) by robot account(RA), it must be successful;
        self.repo_name_pa, _ = push_self_build_image_to_project(
            self.project_ra_name_a, harbor_server, robot_account.name,
            robot_account.secret, image_robot_account, tag)

        #8. Push image(ImageRA) to project(PB) by robot account(RA), it must be not successful;
        push_self_build_image_to_project(
            self.project_ra_name_b,
            harbor_server,
            robot_account.name,
            robot_account.secret,
            image_robot_account,
            tag,
            expected_error_message="unauthorized to access repository")

        #9. Pull image(ImagePB) from project(PB) by robot account(RA), it must be not successful;
        pull_harbor_image(
            harbor_server,
            robot_account.name,
            robot_account.secret,
            self.repo_name_in_project_b,
            tag_b,
            expected_error_message="unauthorized to access repository")

        #10. Pull image from project(PC), it must be successful;
        pull_harbor_image(harbor_server, robot_account.name,
                          robot_account.secret, self.repo_name_in_project_c,
                          tag_c)

        #11. Push image(ImageRA) to project(PC) by robot account(RA), it must be not successful;
        push_self_build_image_to_project(
            self.project_ra_name_c,
            harbor_server,
            robot_account.name,
            robot_account.secret,
            image_robot_account,
            tag,
            expected_error_message="unauthorized to access repository")

        #12. Update action property of robot account(RA);"
        self.robot.disable_robot_account(robot_id, True, **self.USER_RA_CLIENT)

        #13. Pull image(ImagePA) from project(PA) by robot account(RA), it must be not successful;
        pull_harbor_image(
            harbor_server,
            robot_account.name,
            robot_account.secret,
            self.repo_name_in_project_a,
            tag_a,
            expected_login_error_message="unauthorized: authentication required"
        )

        #14. Push image(ImageRA) to project(PA) by robot account(RA), it must be not successful;
        push_self_build_image_to_project(
            self.project_ra_name_a,
            harbor_server,
            robot_account.name,
            robot_account.secret,
            image_robot_account,
            tag,
            expected_login_error_message="unauthorized: authentication required"
        )

        #15. Delete robot account(RA), it must be not successful.
        self.robot.delete_robot_account(robot_id, **self.USER_RA_CLIENT)

        self.do_01_tearDown()

    def verify_repository_pushable(self, project_access_list,
                                   system_ra_client):
        for project_access in project_access_list:
            print(r"project_access:", project_access)
            if project_access["check_list"][1]:  #---repository:push---
                repo = push_self_build_image_to_project(
                    project_access["project_name"], harbor_server,
                    system_ra_client["username"], system_ra_client["password"],
                    "test_pushable" + base._random_name("repo"),
                    "v6.8.1" + base._random_name("tag"))
            else:
                push_self_build_image_to_project(
                    project_access["project_name"],
                    harbor_server,
                    system_ra_client["username"],
                    system_ra_client["password"],
                    "test_unpushable" + base._random_name("repo"),
                    "v6.8.1" + base._random_name("tag"),
                    expected_error_message="unauthorized to access repository")

    def verify_repository_unpushable(
            self,
            project_access_list,
            system_ra_client,
            expected_login_error_message="unauthorized: authentication required"
    ):
        for project_access in project_access_list:  #---repository:push---
            push_self_build_image_to_project(
                project_access["project_name"],
                harbor_server,
                system_ra_client["username"],
                system_ra_client["password"],
                "test_unpushable" + base._random_name("repo"),
                "v6.8.1" + base._random_name("tag"),
                expected_login_error_message=expected_login_error_message)

    def test_02_SystemlevelRobotAccount(self):
        """
        Test case:
            Robot Account
        Test step and expected result:
			1. Define a number of access lists;
            2. Create the same number of private projects;
			3. Create a system robot account has permission for those projects;
            4. Verify the system robot account has the corresponding rights;
			5. Disable the system robot account;
            6. Verify the system robot account has no the corresponding rights;
			7. Enable the system robot account;
            8. Verify the system robot account has the corresponding rights;
			9. Refresh secret for the system robot account;
            10. Verify the system robot account has no the corresponding right with the old secret already;
            11. Verify the system robot account still has the corresponding right with the new secret;
			12. List system robot account, then add a new project to the system robot account project permission list;
            13. Delete this project;
            14. List system robot account successfully;
			15. Delete the system robot account;
            16. Verify the system robot account has no the corresponding right;
            17. Add a system robot account with all project coverd;
            18. Verify the system robot account has no the corresponding right;
        """
        #1. Define a number of access lists;
        CHART_FILE_LIST = [
            dict(name='prometheus', version='7.0.2'),
            dict(name='harbor', version='0.2.0')
        ]
        for i in range(2):
            base.run_command([
                "curl", r"-o", "./tests/apitests/python/{}-{}.tgz".format(
                    CHART_FILE_LIST[i]["name"], CHART_FILE_LIST[i]["version"]),
                "https://storage.googleapis.com/harbor-builds/helm-chart-test-files/{}-{}.tgz"
                .format(CHART_FILE_LIST[i]["name"],
                        CHART_FILE_LIST[i]["version"])
            ])

        #Make sure that whether 'True' or 'False' must be included in each line or row.
        check_list = [
            [True, True, True, True, True, True, False, True, False, True],
            [False, False, False, False, True, True, False, True, True, False],
            [True, False, True, False, True, False, True, False, True, True],
            [False, False, False, True, False, True, False, True, True, False]
        ]
        access_list_list = []
        for i in range(len(check_list)):
            access_list_list.append(
                self.robot.create_access_list(check_list[i]))

        #2. Create the same number of private projects;
        robot_account_Permissions_list = []
        project_access_list = []
        for i in range(len(check_list)):
            with created_user(TestRobotAccount.user_ra_password,
                              _teardown=False) as (user_id, username):
                with created_project(metadata={"public": "false"},
                                     user_id=user_id,
                                     _teardown=False) as (project_id,
                                                          project_name):
                    project_access_list.append(
                        dict(project_name=project_name,
                             project_id=project_id,
                             check_list=check_list[i]))
                    robot_account_Permissions = v2_swagger_client.Permission(
                        kind="project",
                        namespace=project_name,
                        access=access_list_list[i])
                    robot_account_Permissions_list.append(
                        robot_account_Permissions)

        #3. Create a system robot account has permission for those projects;
        system_robot_account_id, system_robot_account = self.robot.create_system_robot(
            robot_account_Permissions_list, 300)
        print("system_robot_account:", system_robot_account)
        SYSTEM_RA_CLIENT = dict(endpoint=TestRobotAccount.url,
                                username=system_robot_account.name,
                                password=system_robot_account.secret)
        SYSTEM_RA_CHART_CLIENT = dict(endpoint=CHART_API_CLIENT["endpoint"],
                                      username=SYSTEM_RA_CLIENT["username"],
                                      password=SYSTEM_RA_CLIENT["password"])

        #4. Verify the system robot account has the corresponding rights;
        for project_access in project_access_list:
            print(r"project_access:", project_access)
            if project_access["check_list"][1]:  #---repository:push---
                repo = push_self_build_image_to_project(
                    project_access["project_name"], harbor_server,
                    SYSTEM_RA_CLIENT["username"], SYSTEM_RA_CLIENT["password"],
                    "test_pushable", "v6.8.1")
            else:
                push_self_build_image_to_project(
                    project_access["project_name"],
                    harbor_server,
                    SYSTEM_RA_CLIENT["username"],
                    SYSTEM_RA_CLIENT["password"],
                    "test_unpushable",
                    "v6.8.1",
                    expected_error_message="unauthorized to access repository")

            tag_for_del = "v1.0.0"
            repo_name, tag = push_self_build_image_to_project(
                project_access["project_name"], harbor_server,
                ADMIN_CLIENT["username"], ADMIN_CLIENT["password"],
                "test_del_artifact", tag_for_del)
            if project_access["check_list"][0]:  #---repository:pull---
                pull_harbor_image(harbor_server, SYSTEM_RA_CLIENT["username"],
                                  SYSTEM_RA_CLIENT["password"], repo_name,
                                  tag_for_del)
            else:
                pull_harbor_image(
                    harbor_server,
                    SYSTEM_RA_CLIENT["username"],
                    SYSTEM_RA_CLIENT["password"],
                    repo_name,
                    tag_for_del,
                    expected_error_message=
                    "action: pull: unauthorized to access repository")

            if project_access["check_list"][2]:  #---artifact:delete---
                self.artifact.delete_artifact(project_access["project_name"],
                                              repo_name.split('/')[1],
                                              tag_for_del, **SYSTEM_RA_CLIENT)
            else:
                self.artifact.delete_artifact(project_access["project_name"],
                                              repo_name.split('/')[1],
                                              tag_for_del,
                                              expect_status_code=403,
                                              **SYSTEM_RA_CLIENT)

            #Prepare for chart read and delete
            self.chart.upload_chart(
                project_access["project_name"],
                r'./tests/apitests/python/{}-{}.tgz'.format(
                    CHART_FILE_LIST[1]["name"],
                    CHART_FILE_LIST[1]["version"]), **CHART_API_CLIENT)
            if project_access["check_list"][3]:  #---helm-chart:read---
                library.helm.helm2_fetch_chart_file(
                    "chart_repo_" + base._random_name("repo"), harbor_url,
                    project_access["project_name"],
                    SYSTEM_RA_CLIENT["username"], SYSTEM_RA_CLIENT["password"],
                    CHART_FILE_LIST[1]["name"])
            else:
                library.helm.helm2_fetch_chart_file(
                    "chart_repo_" + base._random_name("repo"),
                    harbor_url,
                    project_access["project_name"],
                    SYSTEM_RA_CLIENT["username"],
                    SYSTEM_RA_CLIENT["password"],
                    CHART_FILE_LIST[1]["name"],
                    expected_add_repo_error_message="403 Forbidden")

            if project_access["check_list"][
                    4]:  #---helm-chart-version:create---
                self.chart.upload_chart(
                    project_access["project_name"],
                    r'./tests/apitests/python/{}-{}.tgz'.format(
                        CHART_FILE_LIST[0]["name"],
                        CHART_FILE_LIST[0]["version"]),
                    **SYSTEM_RA_CHART_CLIENT)
            else:
                self.chart.upload_chart(
                    project_access["project_name"],
                    r'./tests/apitests/python/{}-{}.tgz'.format(
                        CHART_FILE_LIST[0]["name"],
                        CHART_FILE_LIST[0]["version"]),
                    expect_status_code=403,
                    **SYSTEM_RA_CHART_CLIENT)

            if project_access["check_list"][
                    5]:  #---helm-chart-version:delete---
                self.chart.delete_chart_with_version(
                    project_access["project_name"], CHART_FILE_LIST[1]["name"],
                    CHART_FILE_LIST[1]["version"], **SYSTEM_RA_CHART_CLIENT)
            else:
                self.chart.delete_chart_with_version(
                    project_access["project_name"],
                    CHART_FILE_LIST[1]["name"],
                    CHART_FILE_LIST[1]["version"],
                    expect_status_code=403,
                    **SYSTEM_RA_CHART_CLIENT)

            repo_name, tag = push_self_build_image_to_project(
                project_access["project_name"], harbor_server,
                ADMIN_CLIENT["username"], ADMIN_CLIENT["password"],
                "test_create_tag", "latest_1")
            self.artifact.create_tag(project_access["project_name"],
                                     repo_name.split('/')[1], tag,
                                     "for_delete", **ADMIN_CLIENT)
            if project_access["check_list"][6]:  #---tag:create---
                self.artifact.create_tag(project_access["project_name"],
                                         repo_name.split('/')[1], tag, "1.0",
                                         **SYSTEM_RA_CLIENT)
            else:
                self.artifact.create_tag(project_access["project_name"],
                                         repo_name.split('/')[1],
                                         tag,
                                         "1.0",
                                         expect_status_code=403,
                                         **SYSTEM_RA_CLIENT)

            if project_access["check_list"][7]:  #---tag:delete---
                self.artifact.delete_tag(project_access["project_name"],
                                         repo_name.split('/')[1], tag,
                                         "for_delete", **SYSTEM_RA_CLIENT)
            else:
                self.artifact.delete_tag(project_access["project_name"],
                                         repo_name.split('/')[1],
                                         tag,
                                         "for_delete",
                                         expect_status_code=403,
                                         **SYSTEM_RA_CLIENT)

            repo_name, tag = push_self_build_image_to_project(
                project_access["project_name"], harbor_server,
                ADMIN_CLIENT["username"], ADMIN_CLIENT["password"],
                "test_create_artifact_label", "latest_1")
            #Add project level label to artifact
            label_id, _ = self.label.create_label(
                project_id=project_access["project_id"],
                scope="p",
                **ADMIN_CLIENT)
            if project_access["check_list"][8]:  #---artifact-label:create---
                self.artifact.add_label_to_reference(
                    project_access["project_name"],
                    repo_name.split('/')[1], tag, int(label_id),
                    **SYSTEM_RA_CLIENT)
            else:
                self.artifact.add_label_to_reference(
                    project_access["project_name"],
                    repo_name.split('/')[1],
                    tag,
                    int(label_id),
                    expect_status_code=403,
                    **SYSTEM_RA_CLIENT)

            if project_access["check_list"][9]:  #---scan:create---
                self.scan.scan_artifact(project_access["project_name"],
                                        repo_name.split('/')[1], tag,
                                        **SYSTEM_RA_CLIENT)
            else:
                self.scan.scan_artifact(project_access["project_name"],
                                        repo_name.split('/')[1],
                                        tag,
                                        expect_status_code=403,
                                        **SYSTEM_RA_CLIENT)

#5. Disable the system robot account;
        self.robot.update_system_robot_account(system_robot_account_id,
                                               system_robot_account.name,
                                               robot_account_Permissions_list,
                                               disable=True,
                                               **ADMIN_CLIENT)

        #6. Verify the system robot account has no the corresponding rights;
        self.verify_repository_unpushable(project_access_list,
                                          SYSTEM_RA_CLIENT)

        #7. Enable the system robot account;
        self.robot.update_system_robot_account(system_robot_account_id,
                                               system_robot_account.name,
                                               robot_account_Permissions_list,
                                               disable=False,
                                               **ADMIN_CLIENT)

        #8. Verify the system robot account has the corresponding rights;
        self.verify_repository_pushable(project_access_list, SYSTEM_RA_CLIENT)

        #9. Refresh secret for the system robot account;
        new_secret = "new_secret_At_321"
        self.robot.refresh_robot_account_secret(system_robot_account_id,
                                                new_secret, **ADMIN_CLIENT)

        #10. Verify the system robot account has no the corresponding right with the old secret already;
        self.verify_repository_unpushable(project_access_list,
                                          SYSTEM_RA_CLIENT)

        #11. Verify the system robot account still has the corresponding right with the new secret;
        SYSTEM_RA_CLIENT["password"] = new_secret
        self.verify_repository_pushable(project_access_list, SYSTEM_RA_CLIENT)

        #12. List system robot account, then add a new project to the system robot account project permission list;
        self.robot.list_robot(**ADMIN_CLIENT)
        project_for_del_id, project_for_del_name = self.project.create_project(
            metadata={"public": "true"}, **ADMIN_CLIENT)
        robot_account_Permissions = v2_swagger_client.Permission(
            kind="project",
            namespace=project_for_del_name,
            access=access_list_list[0])
        robot_account_Permissions_list.append(robot_account_Permissions)
        self.robot.update_system_robot_account(system_robot_account_id,
                                               system_robot_account.name,
                                               robot_account_Permissions_list,
                                               **ADMIN_CLIENT)
        self.robot.list_robot(**ADMIN_CLIENT)

        #13. Delete this project;
        self.project.delete_project(project_for_del_id, **ADMIN_CLIENT)

        #14. List system robot account successfully;
        self.robot.list_robot(**ADMIN_CLIENT)

        #15. Delete the system robot account;
        self.robot.delete_robot_account(system_robot_account_id,
                                        **ADMIN_CLIENT)

        #16. Verify the system robot account has no the corresponding right;
        self.verify_repository_unpushable(project_access_list,
                                          SYSTEM_RA_CLIENT)

        #17. Add a system robot account with all project coverd;
        all_true_access_list = self.robot.create_access_list([True] * 10)
        robot_account_Permissions_list = []
        robot_account_Permissions = v2_swagger_client.Permission(
            kind="project", namespace="*", access=all_true_access_list)
        robot_account_Permissions_list.append(robot_account_Permissions)
        _, system_robot_account_cover_all = self.robot.create_system_robot(
            robot_account_Permissions_list, 300)

        #18. Verify the system robot account has no the corresponding right;
        print("system_robot_account_cover_all:",
              system_robot_account_cover_all)
        SYSTEM_RA_CLIENT_COVER_ALL = dict(
            endpoint=TestRobotAccount.url,
            username=system_robot_account_cover_all.name,
            password=system_robot_account_cover_all.secret)
        projects = self.project.get_projects(dict(), **ADMIN_CLIENT)
        print("All projects:", projects)
        project_access_list = []
        for i in range(len(projects)):
            project_access_list.append(
                dict(project_name=projects[i].name,
                     project_id=projects[i].project_id,
                     check_list=all_true_access_list))
        self.verify_repository_pushable(project_access_list,
                                        SYSTEM_RA_CLIENT_COVER_ALL)
Esempio n. 3
0
class TestProjects(unittest.TestCase):
    @suppress_urllib3_warning
    def setUp(self):
        self.project = Project()
        self.user = User()
        self.repo = Repository()

    @unittest.skipIf(TEARDOWN == False, "Test data won't be erased.")
    def tearDown(self):
        #1. Delete project(PA);
        self.project.delete_project(TestProjects.project_del_repo_id,
                                    **TestProjects.USER_del_repo_CLIENT)

        #2. Delete user(UA).
        self.user.delete_user(TestProjects.user_del_repo_id, **ADMIN_CLIENT)

    def testDelRepo(self):
        """
        Test case:
            Delete a repository
        Test step and expected result:
            1. Create a new user(UA);
            2. Create a new project(PA) by user(UA);
            3. Create a new repository(RA) in project(PA) by user(UA);
            4. Get repository in project(PA), there should be one repository which was created by user(UA);
            5. Delete repository(RA) by user(UA);
            6. Get repository by user(UA), it should get nothing;
        Tear down:
            1. Delete project(PA);
            2. Delete user(UA).
        """
        url = ADMIN_CLIENT["endpoint"]
        user_del_repo_password = "******"

        #1. Create a new user(UA);
        TestProjects.user_del_repo_id, user_del_repo_name = self.user.create_user(
            user_password=user_del_repo_password, **ADMIN_CLIENT)

        TestProjects.USER_del_repo_CLIENT = dict(
            endpoint=url,
            username=user_del_repo_name,
            password=user_del_repo_password)

        #2. Create a new project(PA) by user(UA);
        TestProjects.project_del_repo_id, TestProjects.project_del_repo_name = self.project.create_project(
            metadata={"public": "false"}, **TestProjects.USER_del_repo_CLIENT)

        #3. Create a new repository(RA) in project(PA) by user(UA);
        repo_name, _ = push_self_build_image_to_project(
            TestProjects.project_del_repo_name,
            harbor_server,
            'admin',
            'Harbor12345',
            "test_del_repo",
            "latest",
            size=512)

        #4. Get repository in project(PA), there should be one repository which was created by user(UA);
        repo_data = self.repo.list_repositories(
            TestProjects.project_del_repo_name,
            **TestProjects.USER_del_repo_CLIENT)
        _assert_status_code(repo_name, repo_data[0].name)

        #5. Delete repository(RA) by user(UA);
        self.repo.delete_repository(TestProjects.project_del_repo_name,
                                    repo_name.split('/')[1],
                                    **TestProjects.USER_del_repo_CLIENT)

        #6. Get repository by user(UA), it should get nothing;
        repo_data = self.repo.list_repositories(
            TestProjects.project_del_repo_name,
            **TestProjects.USER_del_repo_CLIENT)
        _assert_status_code(len(repo_data), 0)
class TestProjects(unittest.TestCase):
    @classmethod
    def setUp(self):
        self.project = Project()
        self.user = User()
        self.artifact = Artifact()
        self.repo = Repository()
        self.label = Label()

    @classmethod
    def tearDown(self):
        print "Case completed"

    @unittest.skipIf(TEARDOWN == False, "Test data won't be erased.")
    def test_ClearData(self):
        #1. Delete repository(RA) by user(UA);
        self.repo.delete_repoitory(TestProjects.project_add_g_lbl_name,
                                   TestProjects.repo_name.split('/')[1],
                                   **TestProjects.USER_add_g_lbl_CLIENT)

        #2. Delete project(PA);
        self.project.delete_project(TestProjects.project_add_g_lbl_id,
                                    **TestProjects.USER_add_g_lbl_CLIENT)

        #3. Delete user(UA);
        self.user.delete_user(TestProjects.user_add_g_lbl_id, **ADMIN_CLIENT)

        #4. Delete label(LA).
        self.label.delete_label(TestProjects.label_id, **ADMIN_CLIENT)

    def testAddSysLabelToRepo(self):
        """
        Test case:
            Add Global Label To Tag
        Test step and expected result:
            1. Create a new user(UA);
            2. Create a new private project(PA) by user(UA);
            3. Add user(UA) as a member of project(PA) with project-admin role;
            4. Get private project of user(UA), user(UA) can see only one private project which is project(PA);
            5. Create a new repository(RA) and tag(TA) in project(PA) by user(UA);
            6. Create a new label(LA) in project(PA) by admin;;
            7. Add this system global label to repository(RA)/tag(TA);
        Tear down:
            1. Delete repository(RA) by user(UA);
            2. Delete project(PA);
            3. Delete user(UA);
            4. Delete label(LA).
        """
        url = ADMIN_CLIENT["endpoint"]
        user_001_password = "******"

        #1. Create user-001
        TestProjects.user_add_g_lbl_id, user_add_g_lbl_name = self.user.create_user(
            user_password=user_001_password, **ADMIN_CLIENT)

        TestProjects.USER_add_g_lbl_CLIENT = dict(endpoint=url,
                                                  username=user_add_g_lbl_name,
                                                  password=user_001_password)

        #2. Create private project-001
        TestProjects.project_add_g_lbl_id, TestProjects.project_add_g_lbl_name = self.project.create_project(
            metadata={"public": "false"}, **ADMIN_CLIENT)

        #3. Add user-001 as a member of project-001 with project-admin role
        self.project.add_project_members(TestProjects.project_add_g_lbl_id,
                                         TestProjects.user_add_g_lbl_id,
                                         **ADMIN_CLIENT)

        #4. Get private project of user(UA), user(UA) can see only one private project which is project(PA);
        self.project.projects_should_exist(
            dict(public=False),
            expected_count=1,
            expected_project_id=TestProjects.project_add_g_lbl_id,
            **TestProjects.USER_add_g_lbl_CLIENT)

        #5. Create a new repository(RA) and tag(TA) in project(PA) by user(UA);
        TestProjects.repo_name, tag = push_image_to_project(
            TestProjects.project_add_g_lbl_name, harbor_server,
            user_add_g_lbl_name, user_001_password, "hello-world", "latest")

        #6. Create a new label(LA) in project(PA) by admin;
        TestProjects.label_id, _ = self.label.create_label(**ADMIN_CLIENT)

        #7. Add this system global label to repository(RA)/tag(TA).
        self.artifact.add_label_to_reference(
            TestProjects.project_add_g_lbl_name,
            TestProjects.repo_name.split('/')[1], tag,
            int(TestProjects.label_id), **TestProjects.USER_add_g_lbl_CLIENT)
Esempio n. 5
0
class TestProjects(unittest.TestCase):
    @suppress_urllib3_warning
    def setUp(self):
        self.project = Project()
        self.user = User()
        self.artifact = Artifact()
        self.repo = Repository()
        self.url = ADMIN_CLIENT["endpoint"]
        self.user_password = "******"
        self.repo_name = "hello-world"

    @unittest.skipIf(TEARDOWN == False, "Test data won't be erased.")
    def tearDown(self):
        #1. Delete repository(RA,IA) by user(UA);
        self.repo.delete_repository(TestProjects.project_name, self.repo_name,
                                    **TestProjects.USER_CLIENT)

        #2. Delete project(PA);
        self.project.delete_project(TestProjects.project_id,
                                    **TestProjects.USER_CLIENT)

        #3. Delete user(UA).
        self.user.delete_user(TestProjects.user_id, **ADMIN_CLIENT)
        print("Case completed")

    def testCreateDeleteTag(self):
        """
        Test case:
            Create/Delete tag
        Test step and expected result:
            1. Create a new user(UA);
            2. Create a new project(PA) by user(UA);
            3. Push an image(IA) to Harbor by docker successfully;
            4. Create a tag(1.0) for the image(IA);
            5. Get the image(latest) from Harbor successfully;
            6. Verify the image(IA) contains tag named 1.0;
            7. Delete the tag(1.0) from image(IA);
            8. Get the image(IA) from Harbor successfully;
            9. Verify the image(IA) contains no tag named 1.0;
        Tear down:
            1. Delete repository(RA,IA) by user(UA);
            2. Delete project(PA);
            3. Delete user(UA).
        """
        #1. Create a new user(UA);
        TestProjects.user_id, user_name = self.user.create_user(
            user_password=self.user_password, **ADMIN_CLIENT)

        TestProjects.USER_CLIENT = dict(with_tag=True,
                                        endpoint=self.url,
                                        username=user_name,
                                        password=self.user_password)

        #2. Create a new project(PA) by user(UA);
        TestProjects.project_id, TestProjects.project_name = self.project.create_project(
            metadata={"public": "false"}, **TestProjects.USER_CLIENT)

        #3. Push an image(IA) to Harbor by docker successfully;
        repo_name, tag = push_self_build_image_to_project(
            TestProjects.project_name, harbor_server, 'admin', 'Harbor12345',
            self.repo_name, "latest")

        #4. Create a tag(1.0) for the image(IA)
        self.artifact.create_tag(TestProjects.project_name, self.repo_name,
                                 tag, "1.0", **TestProjects.USER_CLIENT)

        #5. Get the image(IA) from Harbor successfully;
        artifact = self.artifact.get_reference_info(TestProjects.project_name,
                                                    self.repo_name, tag,
                                                    **TestProjects.USER_CLIENT)

        #6. Verify the image(IA) contains tag named 1.0;
        self.assertEqual(artifact.tags[0].name, "1.0")
        self.assertEqual(artifact.tags[1].name, tag)

        #7. Delete the tag(1.0) from image(IA);
        self.artifact.delete_tag(TestProjects.project_name, self.repo_name,
                                 tag, "1.0", **TestProjects.USER_CLIENT)

        #8. Get the image(latest) from Harbor successfully;
        artifact = self.artifact.get_reference_info(TestProjects.project_name,
                                                    self.repo_name, tag,
                                                    **TestProjects.USER_CLIENT)

        #9. Verify the image(IA) contains no tag named 1.0;
        self.assertEqual(artifact.tags[0].name, tag)
class TestProjects(unittest.TestCase):
    @suppress_urllib3_warning
    def setUp(self):
        self.project = Project()
        self.user = User()
        self.repo = Repository()

    @unittest.skipIf(TEARDOWN == False, "Test data won't be erased.")
    def tearDown(self):
        #1. Delete repository(RA) by admin;
        self.repo.delete_repoitory(TestProjects.project_alice_name,
                                   TestProjects.repo_name.split('/')[1],
                                   **ADMIN_CLIENT)

        #2. Delete project(Alice);
        self.project.delete_project(TestProjects.project_alice_id,
                                    **ADMIN_CLIENT)

        #3. Delete user Alice, Bob and Carol.
        self.user.delete_user(TestProjects.user_alice_id, **ADMIN_CLIENT)
        self.user.delete_user(TestProjects.user_bob_id, **ADMIN_CLIENT)
        self.user.delete_user(TestProjects.user_carol_id, **ADMIN_CLIENT)

    def testManageProjectMember(self):
        """
        Test case:
            Manage Project members
        Test step and expected result:
            1. Create user Alice, Bob, Carol;
            2. Create private project(Alice) by Alice, Add a repository to project(Alice) by Alice;
            3. Bob is not a member of project(Alice);
            4. Alice Add Bob as a guest member of project(Alice), Check Bob is a guest member of project(Alice);
            5. Update role of Bob to developer of project(Alice), Check Bob is developer member of project(Alice);
            6. Update role of Bob to admin member of project(Alice), Check Bob is admin member of project(Alice);
            7. Bob add Carol to project(Alice) as a guest member, Carol is a member of project(Alice) as a guest;
            8. Alice delete Bob from project(Alice),
               Bob is no longer a member of project(Alice) and Bob can see project(Alice),
               Carol is still a member of project(Alice) as a guest.
        Tear down:
            1. Delete repository(RA) by admin;
            2. Delete project(Alice);
            3. Delete user Alice, Bob and Carol.
        """
        url = ADMIN_CLIENT["endpoint"]
        user_alice_password = "******"
        user_bob_password = "******"
        user_carol_password = "******"

        #1.1 Create user Alice
        TestProjects.user_alice_id, user_alice_name = self.user.create_user(
            user_password=user_alice_password, **ADMIN_CLIENT)
        USER_ALICE_CLIENT = dict(endpoint=url,
                                 username=user_alice_name,
                                 password=user_alice_password)

        #1.2 Create user Bob
        TestProjects.user_bob_id, user_bob_name = self.user.create_user(
            user_password=user_bob_password, **ADMIN_CLIENT)
        USER_BOB_CLIENT = dict(endpoint=url,
                               username=user_bob_name,
                               password=user_bob_password)

        #1.3 Create user Carol
        TestProjects.user_carol_id, user_carol_name = self.user.create_user(
            user_password=user_carol_password, **ADMIN_CLIENT)

        #2.1 Create private project(PA) by Alice
        TestProjects.project_alice_id, TestProjects.project_alice_name = self.project.create_project(
            metadata={"public": "false"}, **USER_ALICE_CLIENT)

        #2.2 Add a repository to project(PA) by Alice
        TestProjects.repo_name, _ = push_image_to_project(
            TestProjects.project_alice_name, harbor_server, user_alice_name,
            user_alice_password, "hello-world", "latest")

        #3. Bob is not a member of project(PA);
        self.project.check_project_member_not_exist(
            TestProjects.project_alice_id, user_bob_name, **USER_ALICE_CLIENT)

        #4.1 Alice Add Bob as a guest member of project(PA)
        member_id_bob = self.project.add_project_members(
            TestProjects.project_alice_id,
            user_id=TestProjects.user_bob_id,
            member_role_id=3,
            **USER_ALICE_CLIENT)

        #4.2 Check Bob is a guest member of project(PA)
        self.project.check_project_members_exist(
            TestProjects.project_alice_id,
            user_bob_name,
            expected_member_role_id=3,
            user_name=user_bob_name,
            user_password=user_bob_password,
            **USER_ALICE_CLIENT)

        #5.1 Update role of Bob to developer of project(PA)
        self.project.update_project_member_role(TestProjects.project_alice_id,
                                                member_id_bob, 2,
                                                **USER_ALICE_CLIENT)

        #5.2 Check Bob is developer member of project(PA)
        self.project.check_project_members_exist(
            TestProjects.project_alice_id,
            user_bob_name,
            expected_member_role_id=2,
            user_name=user_bob_name,
            user_password=user_bob_password,
            **USER_ALICE_CLIENT)

        #6.1 Update role of Bob to admin member of project(PA)
        self.project.update_project_member_role(TestProjects.project_alice_id,
                                                member_id_bob, 1,
                                                **USER_ALICE_CLIENT)

        #6.2 Check Bob is admin member of project(PA)
        self.project.check_project_members_exist(
            TestProjects.project_alice_id,
            user_bob_name,
            expected_member_role_id=1,
            user_name=user_bob_name,
            user_password=user_bob_password,
            **USER_ALICE_CLIENT)

        #7.1 Bob add Carol to project(PA) as a guest member.
        self.project.add_project_members(TestProjects.project_alice_id,
                                         TestProjects.user_carol_id,
                                         member_role_id=3,
                                         **USER_BOB_CLIENT)

        #7.2 Carol is a member of project(PA) as a guest.
        self.project.check_project_members_exist(
            TestProjects.project_alice_id,
            user_carol_name,
            expected_member_role_id=3,
            user_name=user_carol_name,
            user_password=user_carol_password,
            **USER_ALICE_CLIENT)

        #8.1 Alice delete Bob from project(PA).
        self.project.delete_project_member(TestProjects.project_alice_id,
                                           member_id_bob, **USER_ALICE_CLIENT)

        #8.2 Bob is no longer a member of project(PA) and Bob can see project(PA).
        self.project.check_project_member_not_exist(
            TestProjects.project_alice_id, user_bob_name, **USER_ALICE_CLIENT)

        #8.3 Carol is still a member of project(PA) as a guest.
        self.project.check_project_members_exist(
            TestProjects.project_alice_id,
            user_carol_name,
            expected_member_role_id=3,
            user_name=user_carol_name,
            user_password=user_carol_password,
            **USER_ALICE_CLIENT)
class TestProjects(unittest.TestCase):
    @classmethod
    def setUp(self):
        self.system = System()
        self.project = Project()
        self.user = User()
        self.repo = Repository()
        self.artifact = Artifact()
        self.repo_name = "test_repo"
        self.repo_name_untag = "test_untag"
        self.tag = "v1.0"

    @classmethod
    def tearDown(self):
        print "Case completed"

    @unittest.skipIf(TEARDOWN == True, "Test data won't be erased.")
    def test_ClearData(self):
        #2. Delete project(PA);
        self.project.delete_project(TestProjects.project_gc_id, **TestProjects.USER_GC_CLIENT)

        #3. Delete user(UA);
        self.user.delete_user(TestProjects.user_gc_id, **ADMIN_CLIENT)

    def testGarbageCollection(self):
        """
        Test case:
            Garbage Collection
        Test step and expected result:
            1. Create a new user(UA);
            2. Create project(PA) and project(PB) by user(UA);
            3. Push a image in project(PA) and then delete repository by admin;
            4. Get repository by user(UA), it should get nothing;
            5. Tigger garbage collection operation;
            6. Check garbage collection job was finished;
            7. Get garbage collection log, check there is a number of files was deleted;
            8. Push a image in project(PB) by admin and delete the only tag;
            9. Tigger garbage collection operation;
            10. Check garbage collection job was finished;
            11. Repository with untag image should be still there;
            12. But no any artifact in repository anymore.
        Tear down:
            1. Delete project(PA);
            2. Delete user(UA).
        """
        url = ADMIN_CLIENT["endpoint"]
        admin_name = ADMIN_CLIENT["username"]
        admin_password = ADMIN_CLIENT["password"]
        user_gc_password = "******"

        #1. Create a new user(UA);
        TestProjects.user_gc_id, user_gc_name = self.user.create_user(user_password = user_gc_password, **ADMIN_CLIENT)

        TestProjects.USER_GC_CLIENT=dict(endpoint = url, username = user_gc_name, password = user_gc_password)

        #2. Create project(PA) and project(PB) by user(UA);
        TestProjects.project_gc_id, TestProjects.project_gc_name = self.project.create_project(metadata = {"public": "false"}, **TestProjects.USER_GC_CLIENT)
        TestProjects.project_gc_untag_id, TestProjects.project_gc_untag_name = self.project.create_project(metadata = {"public": "false"}, **TestProjects.USER_GC_CLIENT)

        #3. Push a image in project(PA) and then delete repository by admin;
        push_special_image_to_project(TestProjects.project_gc_name, harbor_server, admin_name, admin_password, self.repo_name, ["latest", "v1.2.3"])
        self.repo.delete_repoitory(TestProjects.project_gc_name, self.repo_name, **TestProjects.USER_GC_CLIENT)

        #4. Get repository by user(UA), it should get nothing;
        repo_data = self.repo.list_repositories(TestProjects.project_gc_name, **TestProjects.USER_GC_CLIENT)
        _assert_status_code(len(repo_data), 0)

        #8. Push a image in project(PB) by admin and delete the only tag;
        push_special_image_to_project(TestProjects.project_gc_untag_name, harbor_server, admin_name, admin_password, self.repo_name_untag, [self.tag])
        self.artifact.delete_tag(TestProjects.project_gc_untag_name, self.repo_name_untag, self.tag, self.tag, **ADMIN_CLIENT)

        #5. Tigger garbage collection operation;
        gc_id = self.system.gc_now(**ADMIN_CLIENT)

        #6. Check garbage collection job was finished;
        self.system.validate_gc_job_status(gc_id, "finished", **ADMIN_CLIENT)

        #7. Get garbage collection log, check there is a number of files was deleted;
        self.system.validate_deletion_success(gc_id, **ADMIN_CLIENT)

        artifacts = self.artifact.list_artifacts(TestProjects.project_gc_untag_name, self.repo_name_untag, **TestProjects.USER_GC_CLIENT)
        print artifacts
        _assert_status_code(len(artifacts), 1)

        time.sleep(5)

        #9. Tigger garbage collection operation;
        gc_id = self.system.gc_now(is_delete_untagged=True, **ADMIN_CLIENT)

        #10. Check garbage collection job was finished;
        self.system.validate_gc_job_status(gc_id, "finished", **ADMIN_CLIENT)

        #7. Get garbage collection log, check there is a number of files was deleted;
        self.system.validate_deletion_success(gc_id, **ADMIN_CLIENT)

        #11. Repository with untag image should be still there;
        repo_data_untag = self.repo.list_repositories(TestProjects.project_gc_untag_name, **TestProjects.USER_GC_CLIENT)
        print "repo_data_untag:", repo_data_untag
        _assert_status_code(len(repo_data_untag), 1)
        self.assertEqual(TestProjects.project_gc_untag_name + "/" + self.repo_name_untag , repo_data_untag[0].name)

        #12. But no any artifact in repository anymore.
        artifacts = self.artifact.list_artifacts(TestProjects.project_gc_untag_name, self.repo_name_untag, **TestProjects.USER_GC_CLIENT)
        self.assertEqual(artifacts,[])
Esempio n. 8
0
class TestProjects(unittest.TestCase):
    @classmethod
    def setUp(self):
        self.project = Project()
        self.user = User()
        self.repo = Repository()
        self.system = System()

    @classmethod
    def tearDown(self):
        print "Case completed"

    @unittest.skipIf(TEARDOWN == False, "Test data won't be erased.")
    def test_ClearData(self):
        #1. Delete project(PA);
        self.project.delete_project(TestProjects.project_test_quota_id,
                                    **ADMIN_CLIENT)

        #2. Delete user(UA);
        self.user.delete_user(TestProjects.user_test_quota_id, **ADMIN_CLIENT)

    def testProjectQuota(self):
        """
        Test case:
            Project Quota
        Test step and expected result:
            1. Create a new user(UA);
            2. Create a new private project(PA) by user(UA);
            3. Add user(UA) as a member of project(PA) with project-admin role;
            4. Push an image to project(PA) by user(UA), then check the project quota usage;
            5. Check quota change
            6. Delete image, the quota should be changed to 0.
        Tear down:
            1. Delete repository(RA) by user(UA);
            2. Delete project(PA);
            3. Delete user(UA);
        """
        url = ADMIN_CLIENT["endpoint"]
        user_001_password = "******"

        #1. Create user-001
        TestProjects.user_test_quota_id, user_test_quota_name = self.user.create_user(
            user_password=user_001_password, **ADMIN_CLIENT)
        TestProjects.USER_TEST_QUOTA_CLIENT = dict(
            endpoint=url,
            username=user_test_quota_name,
            password=user_001_password)

        #2. Create a new private project(PA) by user(UA);
        TestProjects.project_test_quota_id, project_test_quota_name = self.project.create_project(
            metadata={"public": "false"}, **ADMIN_CLIENT)

        #3. Add user(UA) as a member of project(PA) with project-admin role;
        self.project.add_project_members(TestProjects.project_test_quota_id,
                                         TestProjects.user_test_quota_id,
                                         **ADMIN_CLIENT)

        #4.Push an image to project(PA) by user(UA), then check the project quota usage; -- {"count": 1, "storage": 2791709}
        image = "goharbor/alpine"
        src_tag = "3.10"
        TestProjects.repo_name, _ = push_image_to_project(
            project_test_quota_name, harbor_server, user_test_quota_name,
            user_001_password, image, src_tag)

        #5. Get project quota
        quota = self.system.get_project_quota(
            "project", TestProjects.project_test_quota_id, **ADMIN_CLIENT)
        self.assertEqual(quota[0].used["count"], 1)
        self.assertEqual(quota[0].used["storage"], 2789002)

        #6. Delete repository(RA) by user(UA);
        self.repo.delete_repoitory(TestProjects.repo_name, **ADMIN_CLIENT)

        #6. Quota should be 0
        quota = self.system.get_project_quota(
            "project", TestProjects.project_test_quota_id, **ADMIN_CLIENT)
        self.assertEqual(quota[0].used["count"], 0)
        self.assertEqual(quota[0].used["storage"], 0)
class TestProjects(unittest.TestCase):
    @classmethod
    def setUpClass(self):
        self.project = Project()
        self.user = User()
        self.artifact = Artifact()
        self.repo = Repository()

    @classmethod
    def tearDownClass(self):
        print("Case completed")

    @unittest.skipIf(TEARDOWN == False, "Test data won't be erased.")
    def test_ClearData(self):
        #1. Delete repository(RA);
        self.repo.delete_repoitory(TestProjects.project_src_repo_name,
                                   (TestProjects.src_repo_name).split('/')[1],
                                   **TestProjects.USER_RETAG_CLIENT)

        #2. Delete repository by retag;
        self.repo.delete_repoitory(TestProjects.project_dst_repo_name,
                                   (TestProjects.dst_repo_name).split('/')[1],
                                   **TestProjects.USER_RETAG_CLIENT)

        #3. Delete project(PA);
        self.project.delete_project(TestProjects.project_src_repo_id,
                                    **TestProjects.USER_RETAG_CLIENT)
        self.project.delete_project(TestProjects.project_dst_repo_id,
                                    **TestProjects.USER_RETAG_CLIENT)

        #4. Delete user(UA).
        self.user.delete_user(TestProjects.user_retag_id, **ADMIN_CLIENT)

    def testRetag(self):
        """
        Test case:
            Retag Image
        Test step and expected result:
            1. Create a new user(UA);
            2. Create a new project(PA) by user(UA);
            3. Create a new project(PB) by user(UA);
            4. Update role of user-retag as guest member of project(PB);
            5. Create a new repository(RA) in project(PA) by user(UA);
            6. Get repository in project(PA), there should be one repository which was created by user(UA);
            7. Get repository(RA)'s image tag detail information;
            8. Retag image in project(PA) to project(PB), it should be forbidden;
            9. Update role of user-retag as admin member of project(PB);
            10. Retag image in project(PA) to project(PB), it should be successful;
            11. Get repository(RB)'s image tag detail information;
            12. Read digest of retaged image, it must be the same with the image in repository(RA);
            13. Pull image from project(PB) by user_retag, it must be successful;
        Tear down:
            1. Delete repository(RA);
            2. Delete repository by retag;
            3. Delete project(PA);
            4. Delete user(UA).
        """
        url = ADMIN_CLIENT["endpoint"]
        user_retag_password = "******"
        pull_tag_name = "latest"
        dst_repo_sub_name = "repo"

        #1. Create a new user(UA);
        TestProjects.user_retag_id, user_retag_name = self.user.create_user(
            user_password=user_retag_password, **ADMIN_CLIENT)

        TestProjects.USER_RETAG_CLIENT = dict(endpoint=url,
                                              username=user_retag_name,
                                              password=user_retag_password)

        #2. Create a new project(PA) by user(UA);
        TestProjects.project_src_repo_id, TestProjects.project_src_repo_name = self.project.create_project(
            metadata={"public": "false"}, **TestProjects.USER_RETAG_CLIENT)

        #3. Create a new project(PB) by user(UA);
        TestProjects.project_dst_repo_id, TestProjects.project_dst_repo_name = self.project.create_project(
            metadata={"public": "false"}, **TestProjects.USER_RETAG_CLIENT)

        retag_member_id = self.project.get_project_member_id(
            TestProjects.project_dst_repo_id, user_retag_name,
            **TestProjects.USER_RETAG_CLIENT)

        #4. Update role of user-retag as guest member of project(PB);
        self.project.update_project_member_role(
            TestProjects.project_dst_repo_id, retag_member_id, 3,
            **ADMIN_CLIENT)

        #5. Create a new repository(RA) in project(PA) by user(UA);
        TestProjects.src_repo_name, tag_name = push_image_to_project(
            TestProjects.project_src_repo_name, harbor_server, 'admin',
            'Harbor12345', "hello-world", pull_tag_name)

        #6. Get repository in project(PA), there should be one repository which was created by user(UA);
        src_repo_data = self.repo.list_repositories(
            TestProjects.project_src_repo_name,
            **TestProjects.USER_RETAG_CLIENT)
        _assert_status_code(TestProjects.src_repo_name, src_repo_data[0].name)

        #7. Get repository(RA)'s image tag detail information;
        src_tag_data = self.artifact.get_reference_info(
            TestProjects.project_src_repo_name,
            TestProjects.src_repo_name.split('/')[1], tag_name,
            **TestProjects.USER_RETAG_CLIENT)
        TestProjects.dst_repo_name = TestProjects.project_dst_repo_name + "/" + dst_repo_sub_name
        #8. Retag image in project(PA) to project(PB), it should be forbidden;
        self.artifact.copy_artifact(TestProjects.project_dst_repo_name,
                                    dst_repo_sub_name,
                                    TestProjects.src_repo_name + "@" +
                                    src_tag_data[0].digest,
                                    expect_status_code=403,
                                    **TestProjects.USER_RETAG_CLIENT)

        #9. Update role of user-retag as admin member of project(PB);
        self.project.update_project_member_role(
            TestProjects.project_dst_repo_id, retag_member_id, 1,
            **ADMIN_CLIENT)

        #10. Retag image in project(PA) to project(PB), it should be successful;
        self.artifact.copy_artifact(
            TestProjects.project_dst_repo_name, dst_repo_sub_name,
            TestProjects.src_repo_name + "@" + src_tag_data[0].digest,
            **TestProjects.USER_RETAG_CLIENT)

        #11. Get repository(RB)'s image tag detail information;
        dst_tag_data = self.artifact.get_reference_info(
            TestProjects.project_dst_repo_name, dst_repo_sub_name, tag_name,
            **TestProjects.USER_RETAG_CLIENT)

        #12. Read digest of retaged image, it must be the same with the image in repository(RA);
        self.assertEqual(src_tag_data[0].digest, dst_tag_data[0].digest)

        #13. Pull image from project(PB) by user_retag, it must be successful;"
        pull_harbor_image(harbor_server, user_retag_name, user_retag_password,
                          TestProjects.dst_repo_name, tag_name)
Esempio n. 10
0
class TestProjects(unittest.TestCase):
    @classmethod
    def setUpClass(self):
        self.project = Project()
        self.user = User()
        self.artifact = Artifact(api_type='artifact')
        self.repo = Repository(api_type='repository')
        self.url = ADMIN_CLIENT["endpoint"]
        self.user_push_index_password = "******"
        self.index_name = "ci_test_index"
        self.index_tag = "test_tag"
        self.image_a = "alpine"
        self.image_b = "busybox"

    @classmethod
    def tearDownClass(self):
        print "Case completed"

    @unittest.skipIf(TEARDOWN == False, "Test data won't be erased.")
    def test_ClearData(self):
        #1. Delete repository(RA,RB,IA) by user(UA);
        self.repo.delete_repoitory(TestProjects.project_push_index_name,
                                   self.index_name, **TestProjects.USER_CLIENT)
        self.repo.delete_repoitory(TestProjects.project_push_index_name,
                                   self.image_a, **TestProjects.USER_CLIENT)
        self.repo.delete_repoitory(TestProjects.project_push_index_name,
                                   self.image_b, **TestProjects.USER_CLIENT)

        #2. Delete project(PA);
        self.project.delete_project(TestProjects.project_push_index_id,
                                    **TestProjects.USER_CLIENT)

        #3. Delete user(UA).
        self.user.delete_user(TestProjects.user_id, **ADMIN_CLIENT)

    def testAddIndexByDockerManifest(self):
        """
        Test case:
            Push Index By Docker Manifest
        Test step and expected result:
            1. Create a new user(UA);
            2. Create a new project(PA) by user(UA);
            3. Create 2 new repositorys(RA,RB) in project(PA) by user(UA);
            4. Push an index(IA) to Harbor by docker manifest CLI successfully;
            5. Get index(IA) from Harbor successfully;
            6. Verify harbor index is index(IA) pushed by docker manifest CLI;
            7. Verify harbor index(IA) can be pulled by docker CLI successfully.
        Tear down:
            1. Delete repository(RA,RB,IA) by user(UA);
            2. Delete project(PA);
            3. Delete user(UA).
        """
        #1. Create a new user(UA);
        TestProjects.user_id, user_name = self.user.create_user(
            user_password=self.user_push_index_password, **ADMIN_CLIENT)

        TestProjects.USER_CLIENT = dict(endpoint=self.url,
                                        username=user_name,
                                        password=self.user_push_index_password)

        #2. Create a new project(PA) by user(UA);
        TestProjects.project_push_index_id, TestProjects.project_push_index_name = self.project.create_project(
            metadata={"public": "false"}, **TestProjects.USER_CLIENT)

        #3. Create 2 new repositorys(RA,RB) in project(PA) by user(UA);
        repo_name_a, tag_a = push_image_to_project(
            TestProjects.project_push_index_name, harbor_server, 'admin',
            'Harbor12345', self.image_a, "latest")
        repo_name_b, tag_b = push_image_to_project(
            TestProjects.project_push_index_name, harbor_server, 'admin',
            'Harbor12345', self.image_b, "latest")

        #4. Push an index(IA) to Harbor by docker manifest CLI successfully;
        manifests = [
            harbor_server + "/" + repo_name_a + ":" + tag_a,
            harbor_server + "/" + repo_name_b + ":" + tag_b
        ]
        index = harbor_server + "/" + TestProjects.project_push_index_name + "/" + self.index_name + ":" + self.index_tag
        index_sha256_cli_ret, manifests_sha256_cli_ret = library.docker_api.docker_manifest_push_to_harbor(
            index, manifests, harbor_server, user_name,
            self.user_push_index_password)

        #5. Get index(IA) from Harbor successfully;
        index_data = self.artifact.get_reference_info(
            TestProjects.project_push_index_name, self.index_name,
            self.index_tag, **TestProjects.USER_CLIENT)
        manifests_sha256_harbor_ret = [
            index_data[0].references[1].child_digest,
            index_data[0].references[0].child_digest
        ]

        #6. Verify harbor index is index(IA) pushed by docker manifest CLI;
        self.assertEqual(index_data[0].digest, index_sha256_cli_ret)
        self.assertEqual(
            manifests_sha256_harbor_ret.count(manifests_sha256_cli_ret[0]), 1)
        self.assertEqual(
            manifests_sha256_harbor_ret.count(manifests_sha256_cli_ret[1]), 1)

        #7. Verify harbor index(IA) can be pulled by docker CLI successfully;
        pull_harbor_image(
            harbor_server, user_name, self.user_push_index_password,
            TestProjects.project_push_index_name + "/" + self.index_name,
            self.index_tag)
Esempio n. 11
0
class TestProjects(unittest.TestCase):
    @classmethod
    def setUp(self):
        self.project = Project()
        self.user = User()
        self.artifact = Artifact()
        self.repo = Repository()
        self.repo_name = "busybox"
        self.tag = "1.28"

    @classmethod
    def tearDown(self):
        print "Case completed"

    @unittest.skipIf(TEARDOWN == False, "Test data won't be erased.")
    def test_ClearData(self):
        #1. Delete user(UA);
        self.user.delete_user(TestProjects.user_sign_image_id, **ADMIN_CLIENT)

    def testPushSingularity(self):
        """
        Test case:
            Push Singularity file With Singularity CLI
        Test step and expected result:
            1. Create user-001
            2. Create a new private project(PA) by user(UA);
            3. Push a sif file to harbor by singularity;
            4. Get repository from Harbor successfully, and verfiy repository name is repo pushed by singularity CLI;
            5. Get and verify artifacts by tag;
            6. Pull sif file from harbor by singularity;
        Tear down:
            NA
        """
        url = ADMIN_CLIENT["endpoint"]
        user_001_password = "******"

        #1. Create user-001
        TestProjects.user_sign_image_id, user_name = self.user.create_user(
            user_password=user_001_password, **ADMIN_CLIENT)

        TestProjects.USER_CLIENT = dict(with_signature=True,
                                        endpoint=url,
                                        username=user_name,
                                        password=user_001_password)

        #2. Create a new private project(PA) by user(UA);
        TestProjects.project_id, TestProjects.project_name = self.project.create_project(
            metadata={"public": "false"}, **TestProjects.USER_CLIENT)

        #3. Push a sif file to harbor by singularity;
        library.singularity.push_singularity_to_harbor(
            "library:", "library/default/", harbor_server, user_name,
            user_001_password, TestProjects.project_name, self.repo_name,
            self.tag)

        #4. Get repository from Harbor successfully, and verfiy repository name is repo pushed by singularity CLI;
        repo_data = self.repo.get_repository(TestProjects.project_name,
                                             self.repo_name,
                                             **TestProjects.USER_CLIENT)
        print "repo_data:", repo_data
        self.assertEqual(repo_data.name,
                         TestProjects.project_name + "/" + self.repo_name)

        #5. Get and verify artifacts by tag;
        artifact = self.artifact.get_reference_info(TestProjects.project_name,
                                                    self.repo_name, self.tag,
                                                    **TestProjects.USER_CLIENT)
        print "artifact:", artifact
        self.assertEqual(artifact[0].tags[0].name, self.tag)

        #6. Pull sif file from harbor by singularity;
        library.singularity.singularity_pull(
            TestProjects.project_name + ".sif",
            "oras://" + harbor_server + "/" + TestProjects.project_name + "/" +
            self.repo_name + ":" + self.tag)
Esempio n. 12
0
class TestProjects(unittest.TestCase):
    @classmethod
    def setUp(self):
        self.project = Project()
        self.user = User()
        self.artifact = Artifact(api_type='artifact')
        self.repo = Repository(api_type='repository')

    @classmethod
    def tearDown(self):
        print "Case completed"

    @unittest.skipIf(TEARDOWN == False, "Test data won't be erased.")
    def test_ClearData(self):
        #1. Delete repository(RA) by user(UA);
        self.repo.delete_repoitory(TestProjects.project_content_trust_name,
                                   TestProjects.repo_name.split('/')[1],
                                   **TestProjects.USER_CONTENT_TRUST_CLIENT)

        #2. Delete project(PA);
        self.project.delete_project(TestProjects.project_content_trust_id,
                                    **TestProjects.USER_CONTENT_TRUST_CLIENT)

        #3. Delete user(UA);
        self.user.delete_user(TestProjects.user_content_trust_id,
                              **ADMIN_CLIENT)

    def testProjectLevelPolicyContentTrust(self):
        """
        Test case:
            Project Level Policy Content Trust
        Test step and expected result:
            1. Create a new user(UA);
            2. Create a new project(PA) by user(UA);
            3. Push a new image(IA) in project(PA) by admin;
            4. Image(IA) should exist;
            5. Pull image(IA) successfully;
            6. Enable content trust in project(PA) configuration;
            7. Pull image(IA) failed and the reason is "The image is not signed in Notary".
        Tear down:
            1. Delete repository(RA) by user(UA);
            2. Delete project(PA);
            3. Delete user(UA);
        """
        url = ADMIN_CLIENT["endpoint"]
        image = "hello-world"
        admin_name = ADMIN_CLIENT["username"]
        admin_password = ADMIN_CLIENT["password"]
        user_content_trust_password = "******"

        #1. Create a new user(UA);
        TestProjects.user_content_trust_id, user_content_trust_name = self.user.create_user(
            user_password=user_content_trust_password, **ADMIN_CLIENT)

        TestProjects.USER_CONTENT_TRUST_CLIENT = dict(
            endpoint=url,
            username=user_content_trust_name,
            password=user_content_trust_password)

        #2. Create a new project(PA) by user(UA);
        TestProjects.project_content_trust_id, TestProjects.project_content_trust_name = self.project.create_project(
            metadata={"public": "false"},
            **TestProjects.USER_CONTENT_TRUST_CLIENT)

        #3. Push a new image(IA) in project(PA) by admin;
        TestProjects.repo_name, tag = push_image_to_project(
            TestProjects.project_content_trust_name, harbor_server, admin_name,
            admin_password, image, "latest")

        #4. Image(IA) should exist;
        artifact = self.artifact.get_reference_info(
            TestProjects.project_content_trust_name, image, tag,
            **TestProjects.USER_CONTENT_TRUST_CLIENT)
        self.assertEqual(artifact[0].tags[0].name, tag)

        #5. Pull image(IA) successfully;
        pull_harbor_image(harbor_server, admin_name, admin_password,
                          TestProjects.repo_name, tag)

        #6. Enable content trust in project(PA) configuration;
        self.project.update_project(TestProjects.project_content_trust_id,
                                    metadata={"enable_content_trust": "true"},
                                    **TestProjects.USER_CONTENT_TRUST_CLIENT)

        #7. Pull image(IA) failed and the reason is "The image is not signed in Notary".
        pull_harbor_image(
            harbor_server,
            admin_name,
            admin_password,
            TestProjects.repo_name,
            tag,
            expected_error_message="The image is not signed in Notary")
class TestProjects(unittest.TestCase):
    @suppress_urllib3_warning
    def setUp(self):
        self.project = Project()
        self.user = User()
        self.artifact = Artifact()
        self.repo = Repository()

    @unittest.skipIf(TEARDOWN == True, "Test data won't be erased.")
    def tearDown(self):
        #1. Delete repository(RA) by user(UA);
        self.repo.delete_repository(TestProjects.project_content_trust_name,
                                    TestProjects.repo_name.split('/')[1],
                                    **TestProjects.USER_CONTENT_TRUST_CLIENT)

        #2. Delete project(PA);
        self.project.delete_project(TestProjects.project_content_trust_id,
                                    **TestProjects.USER_CONTENT_TRUST_CLIENT)

        #3. Delete user(UA);
        self.user.delete_user(TestProjects.user_content_trust_id,
                              **ADMIN_CLIENT)

    def testProjectLevelPolicyContentTrust(self):
        """
        Test case:
            Project Level Policy Content Trust
        Test step and expected result:
            1. Create a new user(UA);
            2. Create a new project(PA) by user(UA);
            3. Push a new image(IA) in project(PA) by admin;
            4. Image(IA) should exist;
            5. Pull image(IA) successfully;
            6. Enable content trust in project(PA) configuration;
            7. Pull image(IA) failed and the reason is "The image is not signed in Notary".
        Tear down:
            1. Delete repository(RA) by user(UA);
            2. Delete project(PA);
            3. Delete user(UA);
        """
        url = ADMIN_CLIENT["endpoint"]
        image = "test_content_trust"
        user_content_trust_password = "******"

        #1. Create a new user(UA);
        TestProjects.user_content_trust_id, user_content_trust_name = self.user.create_user(
            user_password=user_content_trust_password, **ADMIN_CLIENT)

        TestProjects.USER_CONTENT_TRUST_CLIENT = dict(
            endpoint=url,
            username=user_content_trust_name,
            password=user_content_trust_password)

        #2. Create a new project(PA) by user(UA);
        TestProjects.project_content_trust_id, TestProjects.project_content_trust_name = self.project.create_project(
            metadata={"public": "false"},
            **TestProjects.USER_CONTENT_TRUST_CLIENT)

        #3. Push a new image(IA) in project(PA) by admin;
        TestProjects.repo_name, tag = push_self_build_image_to_project(
            TestProjects.project_content_trust_name, harbor_server,
            ADMIN_CLIENT["username"], ADMIN_CLIENT["password"], image,
            "latest")

        #4. Image(IA) should exist;
        artifact = self.artifact.get_reference_info(
            TestProjects.project_content_trust_name, image, tag,
            **TestProjects.USER_CONTENT_TRUST_CLIENT)
        self.assertEqual(artifact.tags[0].name, tag)

        docker_image_clean_all()
        #5. Pull image(IA) successfully;
        pull_harbor_image(harbor_server, ADMIN_CLIENT["username"],
                          ADMIN_CLIENT["password"], TestProjects.repo_name,
                          tag)

        self.project.get_project(TestProjects.project_content_trust_id)
        #6. Enable content trust in project(PA) configuration;
        self.project.update_project(TestProjects.project_content_trust_id,
                                    metadata={"enable_content_trust": "true"},
                                    **TestProjects.USER_CONTENT_TRUST_CLIENT)
        self.project.get_project(TestProjects.project_content_trust_id)

        #7. Pull image(IA) failed and the reason is "The image is not signed in Notary".
        docker_image_clean_all()
        restart_process("containerd")
        restart_process("dockerd")
        time.sleep(30)
        pull_harbor_image(
            harbor_server,
            ADMIN_CLIENT["username"],
            ADMIN_CLIENT["password"],
            TestProjects.repo_name,
            tag,
            expected_error_message="The image is not signed in Notary")
class TestProjects(unittest.TestCase):
    @suppress_urllib3_warning
    def setUp(self):
        self.project= Project()
        self.user= User()
        self.artifact = Artifact()
        self.repo= Repository()
        self.url = ADMIN_CLIENT["endpoint"]
        self.user_push_index_password = "******"
        self.index_name = "ci_test_index"
        self.index_tag = "test_tag"
        self.image_a = "alpine"
        self.image_b = "busybox"

    @unittest.skipIf(TEARDOWN == False, "Test data won't be erased.")
    def tearDown(self):
        #1. Delete repository(RA,RB,IA) by user(UA);
        self.repo.delete_repoitory(TestProjects.project_push_index_name, self.index_name, **TestProjects.USER_CLIENT)
        self.repo.delete_repoitory(TestProjects.project_push_index_name, self.image_a, **TestProjects.USER_CLIENT)
        self.repo.delete_repoitory(TestProjects.project_push_index_name, self.image_b, **TestProjects.USER_CLIENT)

        #2. Delete project(PA);
        self.project.delete_project(TestProjects.project_push_index_id, **TestProjects.USER_CLIENT)

        #3. Delete user(UA).
        self.user.delete_user(TestProjects.user_id, **ADMIN_CLIENT)

    def testAddIndexByDockerManifest(self):
        """
        Test case:
            Push Index By Docker Manifest
        Test step and expected result:
            1. Create a new user(UA);
            2. Create a new project(PA) by user(UA);
            3. Create 2 new repositorys(RA,RB) in project(PA) by user(UA);
            4. Push an index(IA) to Harbor by docker manifest CLI successfully;
            5. Get Artifacts successfully;
            6. Get index(IA) by reference successfully;
            7. Verify harbor index is index(IA) pushed by docker manifest CLI;
            8.1 Verify harbor index(IA) can be pulled by docker CLI successfully;
            8.2 Verify harbor index(IA) can be pulled by docker CLI successfully;
            9. Get addition successfully;
            10. Unable to Delete artifact in manifest list;
            11. Delete index successfully.
        Tear down:
            1. Delete repository(RA,RB,IA) by user(UA);
            2. Delete project(PA);
            3. Delete user(UA).
        """
        #1. Create a new user(UA);
        TestProjects.user_id, user_name = self.user.create_user(user_password = self.user_push_index_password, **ADMIN_CLIENT)

        TestProjects.USER_CLIENT=dict(endpoint = self.url, username = user_name, password = self.user_push_index_password)

        #2. Create a new project(PA) by user(UA);
        TestProjects.project_push_index_id, TestProjects.project_push_index_name = self.project.create_project(metadata = {"public": "false"}, **TestProjects.USER_CLIENT)

        #3. Create 2 new repositorys(RA,RB) in project(PA) by user(UA);
        repo_name_a, tag_a = push_self_build_image_to_project(TestProjects.project_push_index_name, harbor_server, 'admin', 'Harbor12345', self.image_a, "latest")
        repo_name_b, tag_b = push_self_build_image_to_project(TestProjects.project_push_index_name, harbor_server, 'admin', 'Harbor12345', self.image_b, "latest")

        #4. Push an index(IA) to Harbor by docker manifest CLI successfully;
        manifests = [harbor_server+"/"+repo_name_a+":"+tag_a, harbor_server+"/"+repo_name_b+":"+tag_b]
        index = harbor_server+"/"+TestProjects.project_push_index_name+"/"+self.index_name+":"+self.index_tag
        index_sha256_cli_ret, manifests_sha256_cli_ret = library.docker_api.docker_manifest_push_to_harbor(index, manifests, harbor_server, user_name, self.user_push_index_password)

        #5. Get Artifacts successfully;
        artifacts = self.artifact.list_artifacts(TestProjects.project_push_index_name, self.index_name, **TestProjects.USER_CLIENT)
        artifacts_ref_child_list = [artifacts[0].references[1].child_digest, artifacts[0].references[0].child_digest]
        self.assertEqual(artifacts_ref_child_list.count(manifests_sha256_cli_ret[0]), 1)
        self.assertEqual(artifacts_ref_child_list.count(manifests_sha256_cli_ret[1]), 1)

        #6. Get index(IA) by reference successfully;
        index_data = self.artifact.get_reference_info(TestProjects.project_push_index_name, self.index_name, self.index_tag, **TestProjects.USER_CLIENT)
        print("===========index_data:",index_data)
        manifests_sha256_harbor_ret = [index_data.references[1].child_digest, index_data.references[0].child_digest]

        #7. Verify harbor index is index(IA) pushed by docker manifest CLI;
        self.assertEqual(index_data.digest, index_sha256_cli_ret)
        self.assertEqual(manifests_sha256_harbor_ret.count(manifests_sha256_cli_ret[0]), 1)
        self.assertEqual(manifests_sha256_harbor_ret.count(manifests_sha256_cli_ret[1]), 1)

        #8.1 Verify harbor index(IA) can be pulled by docker CLI successfully;
        pull_harbor_image(harbor_server, user_name, self.user_push_index_password, TestProjects.project_push_index_name+"/"+self.index_name, self.index_tag)

        #8.2 Verify harbor index(IA) can be pulled by ctr successfully;
        oci_ref = harbor_server+"/"+TestProjects.project_push_index_name+"/"+self.index_name+":"+self.index_tag
        library.containerd.ctr_images_pull(user_name, self.user_push_index_password, oci_ref)
        library.containerd.ctr_images_list(oci_ref = oci_ref)

        #9. Get addition successfully;
        addition_v = self.artifact.get_addition(TestProjects.project_push_index_name, self.index_name, self.index_tag, "vulnerabilities", **TestProjects.USER_CLIENT)
        self.assertEqual(addition_v[0], '{}')
        #This artifact has no build history

        addition_v = self.artifact.get_addition(TestProjects.project_push_index_name, self.index_name, manifests_sha256_cli_ret[0], "vulnerabilities", **TestProjects.USER_CLIENT)
        self.assertEqual(addition_v[0], '{}')
        addition_b = self.artifact.get_addition(TestProjects.project_push_index_name, self.index_name, manifests_sha256_cli_ret[0], "build_history", **TestProjects.USER_CLIENT)
        self.assertIn("ADD file:", addition_b[0])
        image_data = self.artifact.get_reference_info(TestProjects.project_push_index_name, self.index_name, manifests_sha256_cli_ret[0], **TestProjects.USER_CLIENT)

        addition_v = self.artifact.get_addition(TestProjects.project_push_index_name, self.index_name, manifests_sha256_cli_ret[1], "vulnerabilities", **TestProjects.USER_CLIENT)
        self.assertEqual(addition_v[0], '{}')
        addition_b = self.artifact.get_addition(TestProjects.project_push_index_name, self.index_name, manifests_sha256_cli_ret[1], "build_history", **TestProjects.USER_CLIENT)
        self.assertIn("ADD file:", addition_b[0])
        image_data = self.artifact.get_reference_info(TestProjects.project_push_index_name, self.index_name, manifests_sha256_cli_ret[0], **TestProjects.USER_CLIENT)

        #10. Unable to Delete artifact in manifest list;
        self.artifact.delete_artifact(TestProjects.project_push_index_name, self.index_name, manifests_sha256_cli_ret[0], expect_status_code = 412, **TestProjects.USER_CLIENT)

        #11. Delete index successfully.
        self.artifact.delete_artifact(TestProjects.project_push_index_name, self.index_name, self.index_tag, **TestProjects.USER_CLIENT)
Esempio n. 15
0
class TestAssignRoleToLdapGroup(unittest.TestCase):
    @classmethod
    def setUp(self):
        self.conf = Configurations()
        self.project = Project()
        self.artifact = Artifact()
        self.repo = Repository()
        self.user = User()

    @classmethod
    def tearDown(self):
        print("Case completed")

    def testAssignRoleToLdapGroup(self):
        """
        Test case:
            Assign Role To Ldap Group
        Test step and expected result:
            1. Set LDAP Auth configurations;
            2. Create a new public project(PA) by Admin;
            3. Add 3 member groups to project(PA);
            4. Push image by each member role;
            5. Verfify that admin_user can add project member, dev_user and guest_user can not add project member;
            6. Verfify that admin_user and dev_user can push image, guest_user can not push image;
            7. Verfify that admin_user, dev_user and guest_user can view logs, test user can not view logs.
            8. Delete repository(RA) by user(UA);
            9. Delete project(PA);
        """
        url = ADMIN_CLIENT["endpoint"]
        USER_ADMIN = dict(endpoint=url,
                          username="******",
                          password="******",
                          repo="hello-world")
        USER_DEV = dict(endpoint=url,
                        username="******",
                        password="******",
                        repo="alpine")
        USER_GUEST = dict(endpoint=url,
                          username="******",
                          password="******",
                          repo="busybox")
        USER_TEST = dict(endpoint=url, username="******", password="******")
        USER_MIKE = dict(endpoint=url, username="******", password="******")
        #USER001 is in group harbor_group3
        self.conf.set_configurations_of_ldap(
            ldap_filter="",
            ldap_group_attribute_name="cn",
            ldap_group_base_dn="ou=groups,dc=example,dc=com",
            ldap_group_search_filter="objectclass=groupOfNames",
            ldap_group_search_scope=2,
            **ADMIN_CLIENT)

        with created_project(metadata={"public": "false"}) as (project_id,
                                                               project_name):
            self.project.add_project_members(
                project_id,
                member_role_id=1,
                _ldap_group_dn="cn=harbor_admin,ou=groups,dc=example,dc=com",
                **ADMIN_CLIENT)
            self.project.add_project_members(
                project_id,
                member_role_id=2,
                _ldap_group_dn="cn=harbor_dev,ou=groups,dc=example,dc=com",
                **ADMIN_CLIENT)
            self.project.add_project_members(
                project_id,
                member_role_id=3,
                _ldap_group_dn="cn=harbor_guest,ou=groups,dc=example,dc=com",
                **ADMIN_CLIENT)

            projects = self.project.get_projects(dict(name=project_name),
                                                 **USER_ADMIN)
            self.assertTrue(len(projects) == 1)
            self.assertEqual(1, projects[0].current_user_role_id)

            #Mike has logged in harbor in previous test.
            mike = self.user.get_user_by_name(USER_MIKE["username"],
                                              **ADMIN_CLIENT)

            #Verify role difference in add project member feature, to distinguish between admin and dev role
            self.project.add_project_members(project_id,
                                             user_id=mike.user_id,
                                             member_role_id=3,
                                             **USER_ADMIN)
            self.project.add_project_members(project_id,
                                             user_id=mike.user_id,
                                             member_role_id=3,
                                             expect_status_code=403,
                                             **USER_DEV)
            self.project.add_project_members(project_id,
                                             user_id=mike.user_id,
                                             member_role_id=3,
                                             expect_status_code=403,
                                             **USER_GUEST)

            repo_name_admin, _ = push_image_to_project(
                project_name, harbor_server, USER_ADMIN["username"],
                USER_ADMIN["password"], USER_ADMIN["repo"], "latest")
            artifacts = self.artifact.list_artifacts(project_name,
                                                     USER_ADMIN["repo"],
                                                     **USER_ADMIN)
            self.assertTrue(len(artifacts) == 1)
            repo_name_dev, _ = push_image_to_project(
                project_name, harbor_server, USER_DEV["username"],
                USER_DEV["password"], USER_DEV["repo"], "latest")
            artifacts = self.artifact.list_artifacts(project_name,
                                                     USER_DEV["repo"],
                                                     **USER_DEV)
            self.assertTrue(len(artifacts) == 1)
            push_image_to_project(
                project_name,
                harbor_server,
                USER_GUEST["username"],
                USER_GUEST["password"],
                USER_GUEST["repo"],
                "latest",
                expected_error_message="unauthorized to access repository")
            artifacts = self.artifact.list_artifacts(project_name,
                                                     USER_GUEST["repo"],
                                                     **USER_GUEST)
            self.assertTrue(len(artifacts) == 0)

            self.assertTrue(
                self.project.query_user_logs(project_name, **USER_ADMIN) > 0,
                "admin user can see logs")
            self.assertTrue(
                self.project.query_user_logs(project_name, **USER_DEV) > 0,
                "dev user can see logs")
            self.assertTrue(
                self.project.query_user_logs(project_name, **USER_GUEST) > 0,
                "guest user can see logs")
            self.assertTrue(
                self.project.query_user_logs(project_name,
                                             status_code=403,
                                             **USER_TEST) == 0,
                "test user can not see any logs")

            self.repo.delete_repoitory(project_name,
                                       repo_name_admin.split('/')[1],
                                       **USER_ADMIN)
            self.repo.delete_repoitory(project_name,
                                       repo_name_dev.split('/')[1],
                                       **USER_ADMIN)
 def setUpClass(self):
     self.project = Project()
     self.user = User()
     self.artifact = Artifact()
     self.repo = Repository()
Esempio n. 17
0
 def setUp(self):
     self.conf = Configurations()
     self.project = Project()
     self.artifact = Artifact()
     self.repo = Repository()
     self.user = User()
Esempio n. 18
0
class TestProjects(unittest.TestCase):
    @classmethod
    def setUpClass(self):
        self.project = Project()
        self.user = User()
        self.artifact = Artifact(api_type='artifact')
        self.repo = Repository(api_type='repository')
        self.url = ADMIN_CLIENT["endpoint"]
        self.user_push_chart_password = "******"
        self.chart_file = "https://storage.googleapis.com/harbor-builds/helm-chart-test-files/harbor-0.2.0.tgz"
        self.archive = "harbor/"
        self.verion = "0.2.0"
        self.repo_name = "harbor_api_test"

    @classmethod
    def tearDownClass(self):
        print "Case completed"

    @unittest.skipIf(TEARDOWN == False, "Test data won't be erased.")
    def test_ClearData(self):
        #1. Delete repository chart(CA) by user(UA);
        self.repo.delete_repoitory(TestProjects.project_push_chart_name,
                                   self.repo_name, **TestProjects.USER_CLIENT)

        #2. Delete project(PA);
        self.project.delete_project(TestProjects.project_push_chart_id,
                                    **TestProjects.USER_CLIENT)

        #3. Delete user(UA).
        self.user.delete_user(TestProjects.user_id, **ADMIN_CLIENT)

    def testPushChartByHelmChartCLI(self):
        """
        Test case:
            Push Chart File By Helm Chart CLI
        Test step and expected result:
            1. Create a new user(UA);
            2. Create a new project(PA) by user(UA);
            3. Push an chart(CA) to Harbor by helm3 registry/chart CLI successfully;
            4. Get chart(CA) from Harbor successfully;
            5. TO_DO: Verify this chart artifact information, like digest.
        Tear down:
            1. Delete repository chart(CA) by user(UA);
            2. Delete project(PA);
            3. Delete user(UA).
        """
        #1. Create a new user(UA);
        TestProjects.user_id, user_name = self.user.create_user(
            user_password=self.user_push_chart_password, **ADMIN_CLIENT)
        TestProjects.USER_CLIENT = dict(endpoint=self.url,
                                        username=user_name,
                                        password=self.user_push_chart_password)

        #2. Create a new project(PA) by user(UA);
        TestProjects.project_push_chart_id, TestProjects.project_push_chart_name = self.project.create_project(
            metadata={"public": "false"}, **TestProjects.USER_CLIENT)

        #3. Push an chart(CA) to Harbor by helm3 registry/chart CLI successfully;
        chart_cli_ret = library.helm.helm_chart_push_to_harbor(
            self.chart_file, self.archive, harbor_server,
            TestProjects.project_push_chart_name, self.repo_name, self.verion,
            user_name, self.user_push_chart_password)
        print "chart_cli_ret:", chart_cli_ret

        #4. Get chart(CA) from Harbor successfully;
        artifact = self.artifact.get_reference_info(
            TestProjects.project_push_chart_name, self.repo_name, self.verion,
            **TestProjects.USER_CLIENT)
        print "artifact:", artifact

        #5. TO_DO: Verify this chart artifact information, like digest;
        self.assertEqual(artifact[0].type, 'CHART')
        self.assertEqual(artifact[0].tags[0].name, self.verion)
Esempio n. 19
0
class TestProjects(unittest.TestCase):
    @suppress_urllib3_warning
    def setUp(self):
        self.project = Project()
        self.user = User()
        self.replication = Replication()
        self.registry = Registry()
        self.artifact = Artifact()
        self.repo = Repository()
        self.image = "alpine"
        self.tag = "latest"

    @unittest.skipIf(TEARDOWN == False, "Test data won't be erased.")
    def tearDown(self):
        #1. Delete rule(RA);
        self.replication.delete_replication_rule(TestProjects.rule_id,
                                                 **ADMIN_CLIENT)

        #2. Delete registry(TA);
        self.registry.delete_registry(TestProjects.registry_id, **ADMIN_CLIENT)

        #1. Delete repository(RA);
        self.repo.delete_repository(TestProjects.project_name, self.image,
                                    **TestProjects.USER_add_rule_CLIENT)

        #3. Delete project(PA);
        self.project.delete_project(TestProjects.project_add_rule_id,
                                    **TestProjects.USER_add_rule_CLIENT)

        #4. Delete user(UA);
        self.user.delete_user(TestProjects.user_add_rule_id, **ADMIN_CLIENT)

    def testReplicationFromDockerhub(self):
        """
        Test case:
            Replication From Dockerhub
        Test step and expected result:
            1. Create a new user(UA);
            2. Create a new private project(PA) by user(UA);
            3. Create a new registry;
            4. Create a new rule for this registry;
            5. Check rule should be exist;
            6. Trigger the rule;
            7. Wait for completion of this replication job;
            8. Check image is replicated into target project successfully.
        Tear down:
            1. Delete rule(RA);
            2. Delete registry(TA);
            3. Delete project(PA);
            4. Delete user(UA).
        """
        url = ADMIN_CLIENT["endpoint"]
        user_add_rule_password = "******"

        #1. Create user(UA)
        TestProjects.user_add_rule_id, user_add_rule_name = self.user.create_user(
            user_password=user_add_rule_password, **ADMIN_CLIENT)

        TestProjects.USER_add_rule_CLIENT = dict(
            endpoint=url,
            username=user_add_rule_name,
            password=user_add_rule_password)

        #2.1. Create private project(PA) by user(UA)
        TestProjects.project_add_rule_id, TestProjects.project_name = self.project.create_project(
            metadata={"public": "false"}, **TestProjects.USER_add_rule_CLIENT)

        #2.2. Get private project of uesr-001, uesr-001 can see only one private project which is project-001
        self.project.projects_should_exist(
            dict(public=False),
            expected_count=1,
            expected_project_id=TestProjects.project_add_rule_id,
            **TestProjects.USER_add_rule_CLIENT)

        #3. Create a new registry;
        TestProjects.registry_id, _ = self.registry.create_registry(
            "https://hub.docker.com",
            registry_type="docker-hub",
            access_key=DOCKER_USER,
            access_secret=DOCKER_PWD,
            insecure=False,
            **ADMIN_CLIENT)

        #4. Create a pull-based rule for this registry;
        TestProjects.rule_id, rule_name = self.replication.create_replication_policy(
            src_registry=swagger_client.Registry(
                id=int(TestProjects.registry_id)),
            dest_namespace=TestProjects.project_name,
            filters=[
                v2_swagger_client.ReplicationFilter(type="name",
                                                    value="library/" +
                                                    self.image),
                v2_swagger_client.ReplicationFilter(type="tag", value=self.tag)
            ],
            **ADMIN_CLIENT)

        #5. Check rule should be exist;
        self.replication.check_replication_rule_should_exist(
            TestProjects.rule_id, rule_name, **ADMIN_CLIENT)

        #6. Trigger the rule;
        self.replication.trigger_replication_executions(
            TestProjects.rule_id, **ADMIN_CLIENT)

        #7. Wait for completion of this replication job;
        self.replication.wait_until_jobs_finish(TestProjects.rule_id,
                                                interval=30,
                                                **ADMIN_CLIENT)

        #8. Check image is replicated into target project successfully.
        artifact = self.artifact.get_reference_info(TestProjects.project_name,
                                                    self.image, self.tag,
                                                    **ADMIN_CLIENT)
class TestProjects(unittest.TestCase):
    @classmethod
    def setUp(self):
        self.system = System()
        self.project = Project()
        self.user = User()
        self.artifact = Artifact()
        self.repo = Repository()
        self.scanner = Scanner()

    @classmethod
    def tearDown(self):
        print("Case completed")

    @unittest.skipIf(TEARDOWN == False, "Test data won't be erased.")
    def test_ClearData(self):
        #1. Delete Alice's repository and Luca's repository;
        self.repo.delete_repoitory(TestProjects.project_Alice_name,
                                   TestProjects.repo_Alice_name.split('/')[1],
                                   **ADMIN_CLIENT)
        self.repo.delete_repoitory(TestProjects.project_Luca_name,
                                   TestProjects.repo_Luca_name.split('/')[1],
                                   **ADMIN_CLIENT)

        #2. Delete Alice's project and Luca's project;
        self.project.delete_project(TestProjects.project_Alice_id,
                                    **ADMIN_CLIENT)
        self.project.delete_project(TestProjects.project_Luca_id,
                                    **ADMIN_CLIENT)

        #3. Delete user Alice and Luca.
        self.user.delete_user(TestProjects.user_Alice_id, **ADMIN_CLIENT)
        self.user.delete_user(TestProjects.user_Luca_id, **ADMIN_CLIENT)

    def testSystemLevelScanALL(self):
        """
        Test case:
            System level Scan All
        Test step and expected result:
            1. Create user Alice and Luca;
            2. Create 2 new private projects project_Alice and project_Luca;
            3. Push a image to project_Alice and push another image to project_Luca;
            4. Trigger scan all event;
            5. Check if image in project_Alice and another image in project_Luca were both scanned.
        Tear down:
            1. Delete Alice's repository and Luca's repository;
            2. Delete Alice's project and Luca's project;
            3. Delete user Alice and Luca.
        """
        url = ADMIN_CLIENT["endpoint"]
        user_common_password = "******"

        #1. Create user Alice and Luca;
        TestProjects.user_Alice_id, user_Alice_name = self.user.create_user(
            user_password=user_common_password, **ADMIN_CLIENT)
        TestProjects.user_Luca_id, user_Luca_name = self.user.create_user(
            user_password=user_common_password, **ADMIN_CLIENT)

        USER_ALICE_CLIENT = dict(endpoint=url,
                                 username=user_Alice_name,
                                 password=user_common_password,
                                 with_scan_overview=True)
        USER_LUCA_CLIENT = dict(endpoint=url,
                                username=user_Luca_name,
                                password=user_common_password,
                                with_scan_overview=True)

        #2. Create 2 new private projects project_Alice and project_Luca;
        TestProjects.project_Alice_id, TestProjects.project_Alice_name = self.project.create_project(
            metadata={"public": "false"}, **USER_ALICE_CLIENT)
        TestProjects.project_Luca_id, TestProjects.project_Luca_name = self.project.create_project(
            metadata={"public": "false"}, **USER_LUCA_CLIENT)

        #3. Push a image to project_Alice and push another image to project_Luca;

        #Note: Please make sure that this Image has never been pulled before by any other cases,
        #          so it is a not-scanned image rigth after repository creation.
        #image = "tomcat"
        image_a = "mariadb"
        src_tag = "latest"
        #3.1 Push a image to project_Alice;
        TestProjects.repo_Alice_name, tag_Alice = push_image_to_project(
            TestProjects.project_Alice_name, harbor_server, user_Alice_name,
            user_common_password, image_a, src_tag)

        #Note: Please make sure that this Image has never been pulled before by any other cases,
        #          so it is a not-scanned image rigth after repository creation.
        image_b = "httpd"
        src_tag = "latest"
        #3.2 push another image to project_Luca;
        TestProjects.repo_Luca_name, tag_Luca = push_image_to_project(
            TestProjects.project_Luca_name, harbor_server, user_Luca_name,
            user_common_password, image_b, src_tag)

        #4. Trigger scan all event;
        self.system.scan_now(**ADMIN_CLIENT)

        #5. Check if image in project_Alice and another image in project_Luca were both scanned.
        self.artifact.check_image_scan_result(TestProjects.project_Alice_name,
                                              image_a, tag_Alice,
                                              **USER_ALICE_CLIENT)
        self.artifact.check_image_scan_result(TestProjects.project_Luca_name,
                                              image_b, tag_Luca,
                                              **USER_LUCA_CLIENT)

        #6. Swith Scanner;
        uuid = self.scanner.scanners_get_uuid(**ADMIN_CLIENT)
        self.scanner.scanners_registration_id_patch(uuid, **ADMIN_CLIENT)

        #7. Trigger scan all event;
        self.system.scan_now(**ADMIN_CLIENT)

        #8. Check if image in project_Alice and another image in project_Luca were both scanned.
        self.artifact.check_image_scan_result(TestProjects.project_Alice_name,
                                              image_a, tag_Alice,
                                              **USER_ALICE_CLIENT)
        self.artifact.check_image_scan_result(TestProjects.project_Luca_name,
                                              image_b, tag_Luca,
                                              **USER_LUCA_CLIENT)
Esempio n. 21
0
class TestProjects(unittest.TestCase):
    """
    Test case:
        Tag Retention
    Setup:
        Create Project test-retention
        Push image test1:1.0, test1:2.0, test1:3.0,latest, test2:1.0, test2:latest, test3:1.0, test4:1.0
    Test Steps:
        1. Create Retention Policy
        2. Add rule "For the repositories matching **, retain always with tags matching latest*"
        3. Add rule "For the repositories matching test3*, retain always with tags matching **"
        4. Dry run, check execution and tasks
        5. Real run, check images retained
    Tear Down:
        1. Delete project test-retention
    """
    @classmethod
    def setUpClass(self):
        self.user = User()
        self.system = System()
        self.repo = Repository()
        self.project = Project()
        self.retention = Retention()
        self.artifact = Artifact()
        self.repo_name_1 = "test1"
        self.repo_name_2 = "test2"

    def testTagRetention(self):
        user_ra_password = "******"
        user_ra_id, user_ra_name = self.user.create_user(
            user_password=user_ra_password, **ADMIN_CLIENT)
        print("Created user: %s, id: %s" % (user_ra_name, user_ra_id))
        TestProjects.USER_RA_CLIENT = dict(endpoint=ADMIN_CLIENT["endpoint"],
                                           username=user_ra_name,
                                           password=user_ra_password)
        TestProjects.user_ra_id = int(user_ra_id)

        TestProjects.project_src_repo_id, TestProjects.project_src_repo_name = self.project.create_project(
            metadata={"public": "false"}, **TestProjects.USER_RA_CLIENT)

        # Push image test1:1.0, test1:2.0, test1:3.0,latest, test2:1.0, test2:latest, test3:1.0
        push_special_image_to_project(TestProjects.project_src_repo_name,
                                      harbor_server, user_ra_name,
                                      user_ra_password, self.repo_name_1,
                                      ['1.0'])
        push_special_image_to_project(TestProjects.project_src_repo_name,
                                      harbor_server, user_ra_name,
                                      user_ra_password, self.repo_name_1,
                                      ['2.0'])
        push_special_image_to_project(TestProjects.project_src_repo_name,
                                      harbor_server, user_ra_name,
                                      user_ra_password, self.repo_name_1,
                                      ['3.0', 'latest'])
        push_special_image_to_project(TestProjects.project_src_repo_name,
                                      harbor_server, user_ra_name,
                                      user_ra_password, self.repo_name_2,
                                      ['1.0'])
        push_special_image_to_project(TestProjects.project_src_repo_name,
                                      harbor_server, user_ra_name,
                                      user_ra_password, self.repo_name_2,
                                      ['latest'])
        push_special_image_to_project(TestProjects.project_src_repo_name,
                                      harbor_server, user_ra_name,
                                      user_ra_password, "test3", ['1.0'])
        push_special_image_to_project(TestProjects.project_src_repo_name,
                                      harbor_server, user_ra_name,
                                      user_ra_password, "test4", ['1.0'])

        tag_data_artifact3_image1 = self.artifact.get_reference_info(
            TestProjects.project_src_repo_name, self.repo_name_1, "3.0",
            **TestProjects.USER_RA_CLIENT)

        tag_data_artifact2_image2 = self.artifact.get_reference_info(
            TestProjects.project_src_repo_name, self.repo_name_2, "latest",
            **TestProjects.USER_RA_CLIENT)

        tags = list_image_tags(
            harbor_server,
            TestProjects.project_src_repo_name + "/" + self.repo_name_1,
            user_ra_name, user_ra_password)
        #Delete all 2 tags of "artifact3" in repostory "image1";
        self.artifact.delete_tag(TestProjects.project_src_repo_name,
                                 self.repo_name_1, "3.0", "latest",
                                 **TestProjects.USER_RA_CLIENT)
        self.artifact.delete_tag(TestProjects.project_src_repo_name,
                                 self.repo_name_1, "3.0", "3.0",
                                 **TestProjects.USER_RA_CLIENT)
        tags = list_image_tags(
            harbor_server,
            TestProjects.project_src_repo_name + "/" + self.repo_name_1,
            user_ra_name, user_ra_password)

        resp = self.repo.list_repositories(TestProjects.project_src_repo_name,
                                           **TestProjects.USER_RA_CLIENT)
        self.assertEqual(len(resp), 4)

        # Create Retention Policy
        retention_id = self.retention.create_retention_policy(
            TestProjects.project_src_repo_id,
            selector_repository="**",
            selector_tag="latest*",
            expect_status_code=201,
            **TestProjects.USER_RA_CLIENT)

        # Add rule
        self.retention.update_retention_add_rule(retention_id,
                                                 selector_repository="test3*",
                                                 selector_tag="**",
                                                 expect_status_code=200,
                                                 **TestProjects.USER_RA_CLIENT)

        # Dry run
        self.retention.trigger_retention_policy(retention_id,
                                                dry_run=True,
                                                **TestProjects.USER_RA_CLIENT)
        time.sleep(10)
        resp = self.retention.get_retention_executions(
            retention_id, **TestProjects.USER_RA_CLIENT)
        self.assertTrue(len(resp) > 0)
        execution = resp[0]
        resp = self.retention.get_retention_exec_tasks(
            retention_id, execution.id, **TestProjects.USER_RA_CLIENT)
        self.assertEqual(len(resp), 4)
        resp = self.retention.get_retention_exec_task_log(
            retention_id, execution.id, resp[0].id,
            **TestProjects.USER_RA_CLIENT)
        #For Debug:
        print("Task 0 log begin:-----------------------------")
        i = 0
        for line in resp.split("\n"):
            print("Line" + str(i) + ": " + line)
            i = i + 1
        print("Task 0 log end:-----------------------------")

        # Real run
        self.retention.trigger_retention_policy(retention_id,
                                                dry_run=False,
                                                **TestProjects.USER_RA_CLIENT)
        time.sleep(10)
        resp = self.retention.get_retention_executions(
            retention_id, **TestProjects.USER_RA_CLIENT)
        self.assertTrue(len(resp) > 1)
        execution = resp[0]
        resp = self.retention.get_retention_exec_tasks(
            retention_id, execution.id, **TestProjects.USER_RA_CLIENT)
        self.assertEqual(len(resp), 4)
        resp = self.retention.get_retention_exec_task_log(
            retention_id, execution.id, resp[0].id,
            **TestProjects.USER_RA_CLIENT)
        print(resp)

        #List artifacts successfully, and untagged artifact in test1 should be the only one retained;
        artifacts_1 = self.artifact.list_artifacts(
            TestProjects.project_src_repo_name, self.repo_name_1,
            **TestProjects.USER_RA_CLIENT)
        self.assertTrue(len(artifacts_1) == 1)
        self.assertEqual(artifacts_1[0].digest,
                         tag_data_artifact3_image1[0].digest)

        #List artifacts successfully, and artifact with latest tag in test2 should be the only one retained;
        artifacts_2 = self.artifact.list_artifacts(
            TestProjects.project_src_repo_name, self.repo_name_2,
            **TestProjects.USER_RA_CLIENT)
        self.assertTrue(len(artifacts_2) == 1)
        self.assertEqual(artifacts_2[0].digest,
                         tag_data_artifact2_image2[0].digest)

    @classmethod
    def tearDownClass(self):
        print("Case completed")
Esempio n. 22
0
class TestProjects(unittest.TestCase):
    @classmethod
    def setUp(self):
        self.project = Project()
        self.user = User()
        self.artifact = Artifact()
        self.repo = Repository()
        self.scan = Scan()
        self.scanner = Scanner()

    @classmethod
    def tearDown(self):
        print("Case completed")

    @unittest.skipIf(TEARDOWN == True, "Test data won't be erased.")
    def test_ClearData(self):
        #1. Delete repository(RA) by user(UA);
        self.repo.delete_repoitory(TestProjects.project_scan_image_name,
                                   TestProjects.repo_name.split('/')[1],
                                   **TestProjects.USER_SCAN_IMAGE_CLIENT)

        #2. Delete project(PA);
        self.project.delete_project(TestProjects.project_scan_image_id,
                                    **TestProjects.USER_SCAN_IMAGE_CLIENT)

        #3. Delete user(UA);
        self.user.delete_user(TestProjects.user_scan_image_id, **ADMIN_CLIENT)

    def testScanImageArtifact(self):
        """
        Test case:
            Scan An Image Artifact
        Test step and expected result:
            1. Create a new user(UA);
            2. Create a new private project(PA) by user(UA);
            3. Add user(UA) as a member of project(PA) with project-admin role;
            4. Get private project of user(UA), user(UA) can see only one private project which is project(PA);
            5. Create a new repository(RA) and tag(TA) in project(PA) by user(UA);
            6. Send scan image command and get tag(TA) information to check scan result, it should be finished;
            7. Swith Scanner;
            8. Send scan another image command and get tag(TA) information to check scan result, it should be finished.
        Tear down:
            1. Delete repository(RA) by user(UA);
            2. Delete project(PA);
            3. Delete user(UA);
        """
        url = ADMIN_CLIENT["endpoint"]
        user_001_password = "******"

        #1. Create user-001
        TestProjects.user_scan_image_id, user_scan_image_name = self.user.create_user(
            user_password=user_001_password, **ADMIN_CLIENT)

        TestProjects.USER_SCAN_IMAGE_CLIENT = dict(
            endpoint=url,
            username=user_scan_image_name,
            password=user_001_password,
            with_scan_overview=True)

        #2. Create a new private project(PA) by user(UA);
        TestProjects.project_scan_image_id, TestProjects.project_scan_image_name = self.project.create_project(
            metadata={"public": "false"}, **ADMIN_CLIENT)

        #3. Add user(UA) as a member of project(PA) with project-admin role;
        self.project.add_project_members(
            TestProjects.project_scan_image_id,
            user_id=TestProjects.user_scan_image_id,
            **ADMIN_CLIENT)

        #4. Get private project of user(UA), user(UA) can see only one private project which is project(PA);
        self.project.projects_should_exist(
            dict(public=False),
            expected_count=1,
            expected_project_id=TestProjects.project_scan_image_id,
            **TestProjects.USER_SCAN_IMAGE_CLIENT)

        #Note: Please make sure that this Image has never been pulled before by any other cases,
        #      so it is a not-scanned image right after repository creation.
        image = "docker"
        src_tag = "1.13"
        #5. Create a new repository(RA) and tag(TA) in project(PA) by user(UA);
        TestProjects.repo_name, tag = push_image_to_project(
            TestProjects.project_scan_image_name, harbor_server,
            user_scan_image_name, user_001_password, image, src_tag)

        #6. Send scan image command and get tag(TA) information to check scan result, it should be finished;
        self.scan.scan_artifact(TestProjects.project_scan_image_name,
                                TestProjects.repo_name.split('/')[1], tag,
                                **TestProjects.USER_SCAN_IMAGE_CLIENT)
        self.artifact.check_image_scan_result(
            TestProjects.project_scan_image_name, image, tag,
            **TestProjects.USER_SCAN_IMAGE_CLIENT)

        #7. Swith Scanner;
        uuid = self.scanner.scanners_get_uuid(**ADMIN_CLIENT)
        self.scanner.scanners_registration_id_patch(uuid, **ADMIN_CLIENT)

        image = "tomcat"
        src_tag = "latest"
        TestProjects.repo_name, tag = push_image_to_project(
            TestProjects.project_scan_image_name, harbor_server,
            user_scan_image_name, user_001_password, image, src_tag)
        #8. Send scan another image command and get tag(TA) information to check scan result, it should be finished.
        self.scan.scan_artifact(TestProjects.project_scan_image_name,
                                TestProjects.repo_name.split('/')[1], tag,
                                **TestProjects.USER_SCAN_IMAGE_CLIENT)
        self.artifact.check_image_scan_result(
            TestProjects.project_scan_image_name, image, tag,
            **TestProjects.USER_SCAN_IMAGE_CLIENT)
 def setUp(self):
     self.project = Project()
     self.user = User()
     self.artifact = Artifact()
     self.repo = Repository()
     self.label = Label()
Esempio n. 24
0
class TestProjects(unittest.TestCase):
    @classmethod
    def setUp(self):
        self.project = Project()
        self.user = User()
        self.artifact = Artifact(api_type='artifact')
        self.repo = Repository(api_type='repository')

    @classmethod
    def tearDown(self):
        print "Case completed"

    @unittest.skipIf(TEARDOWN == False, "Test data won't be erased.")
    def test_ClearData(self):
        # remove the deletion as the signed image cannot be deleted.
        #1. Delete repository(RA) by user(UA);
        #self.repo.delete_repoitory(TestProjects.project_sign_image_name, TestProjects.repo_name.split('/')[1], **TestProjects.USER_sign_image_CLIENT)

        #2. Delete project(PA);
        #self.project.delete_project(TestProjects.project_sign_image_id, **TestProjects.USER_sign_image_CLIENT)

        #3. Delete user(UA);
        self.user.delete_user(TestProjects.user_sign_image_id, **ADMIN_CLIENT)

    def testSignImage(self):
        """
        Test case:
            Sign A Image
        Test step and expected result:
            1. Create a new user(UA);
            2. Create a new private project(PA) by user(UA);
            3. Add user(UA) as a member of project(PA) with project-admin role;
            4. Get private project of user(UA), user(UA) can see only one private project which is project(PA);
            5. Create a new repository(RA) and tag(TA) in project(PA) by user(UA);
            6. Sign image with tag(TA) which was tagged by step #5;
            7. Get signature of image with tag(TA), it should be exist.
        Tear down:
            NA
        """
        url = ADMIN_CLIENT["endpoint"]
        user_001_password = "******"

        #1. Create user-001
        TestProjects.user_sign_image_id, user_sign_image_name = self.user.create_user(user_password = user_001_password, **ADMIN_CLIENT)

        TestProjects.USER_sign_image_CLIENT=dict(with_signature = True, endpoint = url, username = user_sign_image_name, password = user_001_password)

        #2. Create a new private project(PA) by user(UA);
        TestProjects.project_sign_image_id, TestProjects.project_sign_image_name = self.project.create_project(metadata = {"public": "false"}, **ADMIN_CLIENT)

        #3. Add user(UA) as a member of project(PA) with project-admin role;
        self.project.add_project_members(TestProjects.project_sign_image_id, TestProjects.user_sign_image_id, **ADMIN_CLIENT)

        #4. Get private project of user(UA), user(UA) can see only one private project which is project(PA);
        self.project.projects_should_exist(dict(public=False), expected_count = 1,
            expected_project_id = TestProjects.project_sign_image_id, **TestProjects.USER_sign_image_CLIENT)

        image = "hello-world"
        src_tag = "latest"
        #5. Create a new repository(RA) and tag(TA) in project(PA) by user(UA);
        TestProjects.repo_name, tag = push_image_to_project(TestProjects.project_sign_image_name, harbor_server, user_sign_image_name, user_001_password, image, src_tag)

        #6. Sign image with tag(TA) which was tagged by step #5;
        sign_image(harbor_server, TestProjects.project_sign_image_name, image, tag)

        #7. Get signature of image with tag(TA), it should be exist.
        artifact = self.artifact.get_reference_info(TestProjects.project_sign_image_name, image, tag, **TestProjects.USER_sign_image_CLIENT)
        self.assertEqual(artifact[0].tags[0].signed, True)
Esempio n. 25
0
class TestTagImmutability(unittest.TestCase):
    @suppress_urllib3_warning
    def setUp(self):
        self.url = ADMIN_CLIENT["endpoint"]
        self.user_password = "******"
        self.project = Project()
        self.user = User()
        self.repo = Repository()
        self.registry = Registry()
        self.artifact = Artifact()
        self.tag_immutability = Tag_Immutability()
        self.project_id, self.project_name, self.user_id, self.user_name = [
            None
        ] * 4
        self.user_id, self.user_name = self.user.create_user(
            user_password=self.user_password, **ADMIN_CLIENT)
        self.USER_CLIENT = dict(with_signature=True,
                                with_immutable_status=True,
                                endpoint=self.url,
                                username=self.user_name,
                                password=self.user_password)
        self.exsiting_rule = dict(selector_repository="rel*",
                                  selector_tag="v2.*")
        self.project_id, self.project_name = self.project.create_project(
            metadata={"public": "false"}, **self.USER_CLIENT)

    @unittest.skipIf(TEARDOWN == False, "Test data won't be erased.")
    def tearDown(self):
        print("Case completed")

    def check_tag_immutability(self, artifact, tag_name, status=True):
        for tag in artifact.tags:
            if tag.name == tag_name:
                self.assertTrue(tag.immutable == status)
                return
        raise Exception("No tag {} found in artifact {}".format(tag, artifact))

    def test_disability_of_rules(self):
        """
        Test case:
            Test Disability Of Rules
        Test step and expected result:
            1. Create a new project;
            2. Push image A to the project with 2 tags A and B;
            3. Create a disabled rule matched image A with tag A;
            4. Both tags of image A should not be immutable;
            5. Enable this rule;
            6. image A with tag A should be immutable.
        """
        image_a = dict(name="image_disability_a", tag1="latest", tag2="6.2.2")

        #1. Create a new project;
        project_id, project_name = self.project.create_project(
            metadata={"public": "false"}, **self.USER_CLIENT)

        #2. Push image A to the project with 2 tags;
        push_special_image_to_project(project_name, harbor_server,
                                      self.user_name, self.user_password,
                                      image_a["name"],
                                      [image_a["tag1"], image_a["tag2"]])

        #3. Create a disabled rule matched image A;
        rule_id = self.tag_immutability.create_rule(
            project_id,
            disabled=True,
            selector_repository=image_a["name"],
            selector_tag=str(image_a["tag1"])[0:2] + "*",
            **self.USER_CLIENT)

        #4. Both tags of image A should not be immutable;
        artifact_a = self.artifact.get_reference_info(project_name,
                                                      image_a["name"],
                                                      image_a["tag2"],
                                                      **self.USER_CLIENT)
        print("[test_disability_of_rules] - artifact:{}".format(artifact_a))
        self.assertTrue(artifact_a)
        self.check_tag_immutability(artifact_a, image_a["tag1"], status=False)
        self.check_tag_immutability(artifact_a, image_a["tag2"], status=False)

        #5. Enable this rule;
        self.tag_immutability.update_tag_immutability_policy_rule(
            project_id, rule_id, disabled=False, **self.USER_CLIENT)

        #6. image A with tag A should be immutable.
        artifact_a = self.artifact.get_reference_info(project_name,
                                                      image_a["name"],
                                                      image_a["tag2"],
                                                      **self.USER_CLIENT)
        print("[test_disability_of_rules] - artifact:{}".format(artifact_a))
        self.assertTrue(artifact_a)
        self.check_tag_immutability(artifact_a, image_a["tag1"], status=True)
        self.check_tag_immutability(artifact_a, image_a["tag2"], status=False)

    def test_artifact_and_repo_is_undeletable(self):
        """
        Test case:
            Test Artifact And Repo is Undeleteable
        Test step and expected result:
            1. Create a new project;
            2. Push image A to the project with 2 tags A and B;
            3. Create a enabled rule matched image A with tag A;
            4. Tag A should be immutable;
            5. Artifact is undeletable;
            6. Repository is undeletable.
        """
        image_a = dict(name="image_repo_undeletable_a",
                       tag1="latest",
                       tag2="1.3.2")

        #1. Create a new project;
        project_id, project_name = self.project.create_project(
            metadata={"public": "false"}, **self.USER_CLIENT)

        #2. Push image A to the project with 2 tags A and B;
        push_special_image_to_project(project_name, harbor_server,
                                      self.user_name, self.user_password,
                                      image_a["name"],
                                      [image_a["tag1"], image_a["tag2"]])

        #3. Create a enabled rule matched image A with tag A;
        self.tag_immutability.create_rule(
            project_id,
            selector_repository=image_a["name"],
            selector_tag=str(image_a["tag1"])[0:2] + "*",
            **self.USER_CLIENT)

        #4. Tag A should be immutable;
        artifact_a = self.artifact.get_reference_info(project_name,
                                                      image_a["name"],
                                                      image_a["tag2"],
                                                      **self.USER_CLIENT)
        print("[test_artifact_and_repo_is_undeletable] - artifact:{}".format(
            artifact_a))
        self.assertTrue(artifact_a)
        self.check_tag_immutability(artifact_a, image_a["tag1"], status=True)
        self.check_tag_immutability(artifact_a, image_a["tag2"], status=False)

        #5. Artifact is undeletable;
        self.artifact.delete_artifact(
            project_name,
            image_a["name"],
            image_a["tag1"],
            expect_status_code=412,
            expect_response_body="configured as immutable, cannot be deleted",
            **self.USER_CLIENT)

        #6. Repository is undeletable.
        self.repo.delete_repository(
            project_name,
            image_a["name"],
            expect_status_code=412,
            expect_response_body="configured as immutable, cannot be deleted",
            **self.USER_CLIENT)

    def test_tag_is_undeletable(self):
        """
        Test case:
            Test Tag is Undeleteable
        Test step and expected result:
            1. Push image A to the project with 2 tags A and B;
            2. Create a enabled rule matched image A with tag A;
            3. Tag A should be immutable;
            4. Tag A is undeletable;
            5. Tag B is deletable.
        """
        image_a = dict(name="image_undeletable_a", tag1="latest", tag2="9.3.2")

        #1. Push image A to the project with 2 tags A and B;
        push_special_image_to_project(self.project_name, harbor_server,
                                      self.user_name, self.user_password,
                                      image_a["name"],
                                      [image_a["tag1"], image_a["tag2"]])

        #2. Create a enabled rule matched image A with tag A;
        self.tag_immutability.create_rule(
            self.project_id,
            selector_repository=image_a["name"],
            selector_tag=str(image_a["tag2"])[0:2] + "*",
            **self.USER_CLIENT)

        #3. Tag A should be immutable;
        artifact_a = self.artifact.get_reference_info(self.project_name,
                                                      image_a["name"],
                                                      image_a["tag2"],
                                                      **self.USER_CLIENT)
        print("[test_tag_is_undeletable] - artifact:{}".format(artifact_a))
        self.assertTrue(artifact_a)
        self.check_tag_immutability(artifact_a, image_a["tag2"], status=True)

        #4. Tag A is undeletable;
        self.artifact.delete_tag(self.project_name,
                                 image_a["name"],
                                 image_a["tag1"],
                                 image_a["tag2"],
                                 expect_status_code=412,
                                 **self.USER_CLIENT)

        #5. Tag B is deletable.
        self.artifact.delete_tag(self.project_name, image_a["name"],
                                 image_a["tag1"], image_a["tag1"],
                                 **self.USER_CLIENT)

    def test_image_is_unpushable(self):
        """
        Test case:
            Test Image is Unpushable
        Test step and expected result:
            1. Create a new project;
            2. Push image A to the project with 2 tags A and B;
            3. Create a enabled rule matched image A with tag A;
            4. Tag A should be immutable;
            5. Can not push image with the same image name and with the same tag name.
        """
        image_a = dict(name="image_unpushable_a", tag1="latest", tag2="1.3.2")

        #1. Create a new project;
        project_id, project_name = self.project.create_project(
            metadata={"public": "false"}, **self.USER_CLIENT)

        #2. Push image A to the project with 2 tags A and B;
        push_special_image_to_project(project_name, harbor_server,
                                      self.user_name, self.user_password,
                                      image_a["name"],
                                      [image_a["tag1"], image_a["tag2"]])

        #3. Create a enabled rule matched image A with tag A;
        self.tag_immutability.create_rule(
            project_id,
            selector_repository=image_a["name"],
            selector_tag=str(image_a["tag1"])[0:2] + "*",
            **self.USER_CLIENT)

        #4. Tag A should be immutable;
        artifact_a = self.artifact.get_reference_info(project_name,
                                                      image_a["name"],
                                                      image_a["tag2"],
                                                      **self.USER_CLIENT)
        print("[test_image_is_unpushable] - artifact:{}".format(artifact_a))
        self.assertTrue(artifact_a)
        self.check_tag_immutability(artifact_a, image_a["tag1"], status=True)
        self.check_tag_immutability(artifact_a, image_a["tag2"], status=False)

        #5. Can not push image with the same image name and with the same tag name.
        push_special_image_to_project(
            project_name,
            harbor_server,
            self.user_name,
            self.user_password,
            image_a["name"], [image_a["tag1"]],
            size=10,
            expected_error_message="configured as immutable")

    def test_copy_disability(self):
        """
        Test case:
            Test Copy Disability
        Test step and expected result:
            1. Create 2 projects;
            2. Push image A with tag A and B to project A, push image B which has the same image name and tag name to project B;
            3. Create a enabled rule matched image A with tag A;
            4. Tag A should be immutable;
            5. Can not copy artifact from project A to project B with the same repository name.
        """
        image_a = dict(name="image_copy_disability_a",
                       tag1="latest",
                       tag2="1.3.2")

        #1. Create 2 projects;
        project_id, project_name = self.project.create_project(
            metadata={"public": "false"}, **self.USER_CLIENT)
        _, project_name_src = self.project.create_project(
            metadata={"public": "false"}, **self.USER_CLIENT)

        #2. Push image A with tag A and B to project A, push image B which has the same image name and tag name to project B;
        push_special_image_to_project(project_name, harbor_server,
                                      self.user_name, self.user_password,
                                      image_a["name"],
                                      [image_a["tag1"], image_a["tag2"]])
        push_special_image_to_project(project_name_src, harbor_server,
                                      self.user_name, self.user_password,
                                      image_a["name"],
                                      [image_a["tag1"], image_a["tag2"]])

        #3. Create a enabled rule matched image A with tag A;
        self.tag_immutability.create_rule(
            project_id,
            selector_repository=image_a["name"],
            selector_tag=str(image_a["tag1"])[0:2] + "*",
            **self.USER_CLIENT)

        #4. Tag A should be immutable;
        artifact_a = self.artifact.get_reference_info(project_name,
                                                      image_a["name"],
                                                      image_a["tag2"],
                                                      **self.USER_CLIENT)
        print("[test_copy_disability] - artifact:{}".format(artifact_a))
        self.assertTrue(artifact_a)
        self.check_tag_immutability(artifact_a, image_a["tag1"], status=True)
        self.check_tag_immutability(artifact_a, image_a["tag2"], status=False)

        #5. Can not copy artifact from project A to project B with the same repository name.
        artifact_a_src = self.artifact.get_reference_info(
            project_name_src, image_a["name"], image_a["tag2"],
            **self.USER_CLIENT)
        print("[test_copy_disability] - artifact_a_src:{}".format(
            artifact_a_src))
        self.artifact.copy_artifact(
            project_name,
            image_a["name"],
            project_name_src + "/" + image_a["name"] + "@" +
            artifact_a_src.digest,
            expect_status_code=412,
            expect_response_body="configured as immutable, cannot be updated",
            **self.USER_CLIENT)

    #def test_replication_disability(self):
    #    pass

    def test_priority_of_rules(self):
        """
        Test case:
            Test Priority Of Rules(excluding rule will not affect matching rule)
        Test step and expected result:
            1. Push image A, B and C, image A has only 1 tag named tag1;
            2. Create a matching rule that matches image A and tag named tag2 which is not exist;
            3. Create a excluding rule to exlude image A and B;
            4. Add a tag named tag2 to image A, tag2 should be immutable;
            5. Tag2 should be immutable;
            6. All tags in image B should be immutable;
            7. All tags in image C should not be immutable;
            8. Disable all rules.
        """
        image_a = dict(name="image_priority_a", tag1="latest", tag2="6.3.2")
        image_b = dict(name="image_priority_b", tag1="latest", tag2="0.12.0")
        image_c = dict(name="image_priority_c", tag1="latest", tag2="3.12.0")

        #1. Push image A, B and C, image A has only 1 tag named tag1;
        push_special_image_to_project(self.project_name, harbor_server,
                                      self.user_name, self.user_password,
                                      image_a["name"], [image_a["tag1"]])
        push_special_image_to_project(self.project_name, harbor_server,
                                      self.user_name, self.user_password,
                                      image_b["name"],
                                      [image_b["tag1"], image_b["tag2"]])
        push_special_image_to_project(self.project_name, harbor_server,
                                      self.user_name, self.user_password,
                                      image_c["name"],
                                      [image_c["tag1"], image_c["tag2"]])

        #2. Create a matching rule that matches image A and tag named tag2 which is not exist;
        rule_id_1 = self.tag_immutability.create_rule(
            self.project_id,
            selector_repository=image_a["name"],
            selector_tag=image_a["tag2"],
            **self.USER_CLIENT)

        #3. Create a excluding rule to exlude image A and B;
        rule_id_2 = self.tag_immutability.create_rule(
            self.project_id,
            selector_repository_decoration="repoExcludes",
            selector_repository="{image_priority_a,image_priority_b}",
            selector_tag="**",
            **self.USER_CLIENT)

        #4. Add a tag named tag2 to image A, tag2 should be immutable;
        self.artifact.create_tag(self.project_name, image_a["name"],
                                 image_a["tag1"], image_a["tag2"],
                                 **self.USER_CLIENT)

        #5. Tag2 should be immutable;
        artifact_a = self.artifact.get_reference_info(self.project_name,
                                                      image_a["name"],
                                                      image_a["tag2"],
                                                      **self.USER_CLIENT)
        print("[test_priority_of_rules] - artifact:{}".format(artifact_a))
        self.assertTrue(artifact_a)
        self.check_tag_immutability(artifact_a, image_a["tag2"], status=True)
        self.check_tag_immutability(artifact_a, image_a["tag1"], status=False)

        #6. All tags in image B should be immutable;
        artifact_b = self.artifact.get_reference_info(self.project_name,
                                                      image_b["name"],
                                                      image_b["tag2"],
                                                      **self.USER_CLIENT)
        print("[test_priority_of_rules] - artifact:{}".format(artifact_b))
        self.assertTrue(artifact_b)
        self.check_tag_immutability(artifact_b, image_b["tag2"], status=False)
        self.check_tag_immutability(artifact_b, image_b["tag1"], status=False)

        #7. All tags in image C should not be immutable;
        artifact_c = self.artifact.get_reference_info(self.project_name,
                                                      image_c["name"],
                                                      image_c["tag2"],
                                                      **self.USER_CLIENT)
        print("[test_priority_of_rules] - artifact:{}".format(artifact_c))
        self.assertTrue(artifact_c)
        self.check_tag_immutability(artifact_c, image_c["tag2"], status=True)
        self.check_tag_immutability(artifact_c, image_c["tag1"], status=True)

        #8. Disable all rules.
        self.tag_immutability.update_tag_immutability_policy_rule(
            self.project_id, rule_id_1, disabled=True, **self.USER_CLIENT)
        self.tag_immutability.update_tag_immutability_policy_rule(
            self.project_id, rule_id_2, disabled=True, **self.USER_CLIENT)

    def test_add_exsiting_rule(self):
        """
        Test case:
            Test Priority Of Rules(excluding rule will not affect matching rule)
        Test step and expected result:
            1. Push image A and B with no tag;
            2. Create a immutability policy rule A;
            3. Fail to create rule B which has the same config as rule A;
        """
        self.tag_immutability.create_tag_immutability_policy_rule(
            self.project_id, **self.exsiting_rule, **self.USER_CLIENT)
        self.tag_immutability.create_tag_immutability_policy_rule(
            self.project_id,
            **self.exsiting_rule,
            expect_status_code=409,
            **self.USER_CLIENT)
Esempio n. 26
0
 def setUp(self):
     self.project = Project()
     self.user = User()
     self.artifact = Artifact(api_type='artifact')
     self.repo = Repository(api_type='repository')
Esempio n. 27
0
class TestProjects(unittest.TestCase):
    @classmethod
    def setUp(self):
        self.system = System()
        self.project= Project()
        self.user= User()
        self.artifact = Artifact()
        self.repo = Repository()
        self.repo_name = "hello-world"

    @classmethod
    def tearDown(self):
        print "Case completed"

    @unittest.skipIf(TEARDOWN == False, "Test data won't be erased.")
    def test_ClearData(self):
        #1. Delete Alice's repository and Luca's repository;
        self.repo.delete_repoitory(TestProjects.project_Alice_name, TestProjects.repo_a.split('/')[1], **ADMIN_CLIENT)
        self.repo.delete_repoitory(TestProjects.project_Alice_name, TestProjects.repo_b.split('/')[1], **ADMIN_CLIENT)
        self.repo.delete_repoitory(TestProjects.project_Alice_name, TestProjects.repo_c.split('/')[1], **ADMIN_CLIENT)

        #2. Delete Alice's project and Luca's project;
        self.project.delete_project(TestProjects.project_Alice_id, **ADMIN_CLIENT)

        #3. Delete user Alice and Luca.
        self.user.delete_user(TestProjects.user_Alice_id, **ADMIN_CLIENT)

    def testRegistryAPI(self):
        """
        Test case:
            Catalog API to list all repositories by system admin
        Test step and expected result:G
            1. Create user Alice;
            2. Create 1 new private projects project_Alice;
            3. Push 3 images to project_Alice and Add 3 tags to the 3rd image
            4. Call the image_list_tag API
            5. Call the catalog API using admin account without pagination, can get all 3 images
            5.1 Call the catalog API using admin account with pagination n=1, page=2, twice to get all 3 images.
            5.2 Call the catalog API using Alice account, no repos should be found.
        Tear down:
            1. Delete Alice's repository;
            2. Delete Alice's project;
            3. Delete user Alice.
        """
        url = ADMIN_CLIENT["endpoint"]
        user_common_password = "******"
        #1. Create user Alice and Luca;
        TestProjects.user_Alice_id, user_Alice_name = self.user.create_user(user_password = user_common_password, **ADMIN_CLIENT)

        USER_ALICE_CLIENT=dict(endpoint = url, username = user_Alice_name, password = user_common_password)

        #2. Create 2 new private projects project_Alice and project_Luca;
        TestProjects.project_Alice_id, TestProjects.project_Alice_name = self.project.create_project(metadata = {"public": "false"}, **USER_ALICE_CLIENT)

        #3. Push 3 images to project_Alice and Add 3 tags to the 3rd image.

        src_tag = "latest"
        image_a = "busybox"
        TestProjects.repo_a, tag_a = push_image_to_project(TestProjects.project_Alice_name, harbor_server, user_Alice_name, user_common_password, image_a, src_tag)
        image_b = "alpine"
        TestProjects.repo_b, tag_b = push_image_to_project(TestProjects.project_Alice_name, harbor_server, user_Alice_name, user_common_password, image_b, src_tag)
        image_c = "hello-world"
        TestProjects.repo_c, tag_c = push_image_to_project(TestProjects.project_Alice_name, harbor_server, user_Alice_name, user_common_password, image_c, src_tag)
        create_tags = ["1.0","2.0","3.0"]
        for tag in create_tags:
            self.artifact.create_tag(TestProjects.project_Alice_name, self.repo_name, tag_c, tag, **USER_ALICE_CLIENT)
        #4. Call the image_list_tags API
        tags = library.docker_api.list_image_tags(harbor_server,TestProjects.repo_c,user_Alice_name,user_common_password)
	for tag in create_tags:
            self.assertTrue(tags.count(tag)>0, "Expect tag: %s is not listed"%tag)
        page_tags = library.docker_api.list_image_tags(harbor_server,TestProjects.repo_c,user_Alice_name,user_common_password,len(tags)/2+1)
        page_tags += library.docker_api.list_image_tags(harbor_server,TestProjects.repo_c,user_Alice_name,user_common_password,len(tags)/2+1,tags[len(tags)/2])
	for tag in create_tags:
            self.assertTrue(page_tags.count(tag)>0, "Expect tag: %s is not listed by the pagination query"%tag)
        #5. Call the catalog API;
        repos = library.docker_api.list_repositories(harbor_server,admin_user,admin_pwd)
	self.assertTrue(repos.count(TestProjects.repo_a)>0 and repos.count(TestProjects.repo_b)>0 and repos.count(TestProjects.repo_c)>0, "Expected repo not found")
        for repo in [TestProjects.repo_a,TestProjects.repo_b,TestProjects.repo_c]:
            self.assertTrue(repos.count(repo)>0,"Expected repo: %s is not listed"%repo)
        page_repos = library.docker_api.list_repositories(harbor_server,admin_user,admin_pwd,len(repos)/2+1)
        page_repos += library.docker_api.list_repositories(harbor_server,admin_user,admin_pwd,len(repos)/2+1,repos[len(repos)/2])
        for repo in [TestProjects.repo_a,TestProjects.repo_b,TestProjects.repo_c]:
            self.assertTrue(page_repos.count(repo)>0,"Expected repo: %s is not listed by the pagination query"%repo)

        null_repos = library.docker_api.list_repositories(harbor_server,user_Alice_name,user_common_password)
        self.assertEqual(null_repos, "")
Esempio n. 28
0
 def setUpClass(self):
     self.project = Project()
     self.user = User()
     self.repo = Repository(api_type='repository')
Esempio n. 29
0
 def setUp(self):
     self.project = Project()
     self.user = User()
     self.repo = Repository()
Esempio n. 30
0
class TestProjects(unittest.TestCase):
    @classmethod
    def setUp(self):
        self.system = System()
        self.project = Project()
        self.user = User()
        self.repo = Repository(api_type='repository')

    @classmethod
    def tearDown(self):
        print "Case completed"

    @unittest.skipIf(TEARDOWN == False, "Test data won't be erased.")
    def test_ClearData(self):
        #2. Delete project(PA);
        self.project.delete_project(TestProjects.project_gc_id,
                                    **TestProjects.USER_GC_CLIENT)

        #3. Delete user(UA);
        self.user.delete_user(TestProjects.user_gc_id, **ADMIN_CLIENT)

    def testGarbageCollection(self):
        """
        Test case:
            Garbage Collection
        Test step and expected result:
            1. Create a new user(UA);
            2. Create a new project(PA) by user(UA);
            3. Push a new image(IA) in project(PA) by admin;
            4. Delete repository(RA) by user(UA);
            5. Get repository by user(UA), it should get nothing;
            6. Tigger garbage collection operation;
            7. Check garbage collection job was finished;
            8. Get garbage collection log, check there is number of files was deleted.
        Tear down:
            1. Delete project(PA);
            2. Delete user(UA).
        """
        url = ADMIN_CLIENT["endpoint"]
        admin_name = ADMIN_CLIENT["username"]
        admin_password = ADMIN_CLIENT["password"]
        user_gc_password = "******"

        #1. Create a new user(UA);
        TestProjects.user_gc_id, user_gc_name = self.user.create_user(
            user_password=user_gc_password, **ADMIN_CLIENT)

        TestProjects.USER_GC_CLIENT = dict(endpoint=url,
                                           username=user_gc_name,
                                           password=user_gc_password)

        #2. Create a new project(PA) by user(UA);
        TestProjects.project_gc_id, TestProjects.project_gc_name = self.project.create_project(
            metadata={"public": "false"}, **TestProjects.USER_GC_CLIENT)

        #3. Push a new image(IA) in project(PA) by admin;
        repo_name, _ = push_image_to_project(TestProjects.project_gc_name,
                                             harbor_server, admin_name,
                                             admin_password, "tomcat",
                                             "latest")

        #4. Delete repository(RA) by user(UA);
        self.repo.delete_repoitory(TestProjects.project_gc_name,
                                   repo_name.split('/')[1],
                                   **TestProjects.USER_GC_CLIENT)

        #5. Get repository by user(UA), it should get nothing;
        repo_data = self.repo.get_repository(TestProjects.project_gc_name,
                                             **TestProjects.USER_GC_CLIENT)
        _assert_status_code(len(repo_data), 0)

        #6. Tigger garbage collection operation;
        gc_id = self.system.gc_now(**ADMIN_CLIENT)

        #7. Check garbage collection job was finished;
        self.system.validate_gc_job_status(gc_id, "finished", **ADMIN_CLIENT)

        #8. Get garbage collection log, check there is number of files was deleted.
        self.system.validate_deletion_success(gc_id, **ADMIN_CLIENT)