class TestProjects(unittest.TestCase): @classmethod def setUpClass(self): self.project = Project() self.user = User() self.artifact = Artifact(api_type='artifact') self.repo = Repository(api_type='repository') @classmethod def tearDownClass(self): print "Case completed" @unittest.skipIf(TEARDOWN == False, "Test data won't be erased.") def test_ClearData(self): #1. Delete repository(RA); self.repo.delete_repoitory(TestProjects.project_src_repo_name, (TestProjects.src_repo_name).split('/')[1], **TestProjects.USER_RETAG_CLIENT) #2. Delete repository by retag; self.repo.delete_repoitory(TestProjects.project_dst_repo_name, (TestProjects.dst_repo_name).split('/')[1], **TestProjects.USER_RETAG_CLIENT) #3. Delete project(PA); self.project.delete_project(TestProjects.project_src_repo_id, **TestProjects.USER_RETAG_CLIENT) self.project.delete_project(TestProjects.project_dst_repo_id, **TestProjects.USER_RETAG_CLIENT) #4. Delete user(UA). self.user.delete_user(TestProjects.user_retag_id, **ADMIN_CLIENT) def testRetag(self): """ Test case: Retag Image Test step and expected result: 1. Create a new user(UA); 2. Create a new project(PA) by user(UA); 3. Create a new project(PB) by user(UA); 4. Update role of user-retag as guest member of project(PB); 5. Create a new repository(RA) in project(PA) by user(UA); 6. Get repository in project(PA), there should be one repository which was created by user(UA); 7. Get repository(RA)'s image tag detail information; 8. Retag image in project(PA) to project(PB), it should be forbidden; 9. Update role of user-retag as admin member of project(PB); 10. Retag image in project(PA) to project(PB), it should be successful; 11. Get repository(RB)'s image tag detail information; 12. Read digest of retaged image, it must be the same with the image in repository(RA); 13. Pull image from project(PB) by user_retag, it must be successful; Tear down: 1. Delete repository(RA); 2. Delete repository by retag; 3. Delete project(PA); 4. Delete user(UA). """ url = ADMIN_CLIENT["endpoint"] user_retag_password = "******" pull_tag_name = "latest" dst_repo_sub_name = "repo" #1. Create a new user(UA); TestProjects.user_retag_id, user_retag_name = self.user.create_user( user_password=user_retag_password, **ADMIN_CLIENT) TestProjects.USER_RETAG_CLIENT = dict(endpoint=url, username=user_retag_name, password=user_retag_password) #2. Create a new project(PA) by user(UA); TestProjects.project_src_repo_id, TestProjects.project_src_repo_name = self.project.create_project( metadata={"public": "false"}, **TestProjects.USER_RETAG_CLIENT) #3. Create a new project(PB) by user(UA); TestProjects.project_dst_repo_id, TestProjects.project_dst_repo_name = self.project.create_project( metadata={"public": "false"}, **TestProjects.USER_RETAG_CLIENT) retag_member_id = self.project.get_project_member_id( TestProjects.project_dst_repo_id, user_retag_name, **TestProjects.USER_RETAG_CLIENT) #4. Update role of user-retag as guest member of project(PB); self.project.update_project_member_role( TestProjects.project_dst_repo_id, retag_member_id, 3, **ADMIN_CLIENT) #5. Create a new repository(RA) in project(PA) by user(UA); TestProjects.src_repo_name, tag_name = push_image_to_project( TestProjects.project_src_repo_name, harbor_server, 'admin', 'Harbor12345', "hello-world", pull_tag_name) #6. Get repository in project(PA), there should be one repository which was created by user(UA); src_repo_data = self.repo.get_repository( TestProjects.project_src_repo_name, **TestProjects.USER_RETAG_CLIENT) _assert_status_code(TestProjects.src_repo_name, src_repo_data[0].name) #7. Get repository(RA)'s image tag detail information; src_tag_data = self.artifact.get_reference_info( TestProjects.project_src_repo_name, TestProjects.src_repo_name.split('/')[1], tag_name, **TestProjects.USER_RETAG_CLIENT) TestProjects.dst_repo_name = TestProjects.project_dst_repo_name + "/" + dst_repo_sub_name #8. Retag image in project(PA) to project(PB), it should be forbidden; self.artifact.copy_artifact(TestProjects.project_dst_repo_name, dst_repo_sub_name, TestProjects.src_repo_name + "@" + src_tag_data[0].digest, expect_status_code=403, **TestProjects.USER_RETAG_CLIENT) #9. Update role of user-retag as admin member of project(PB); self.project.update_project_member_role( TestProjects.project_dst_repo_id, retag_member_id, 1, **ADMIN_CLIENT) #10. Retag image in project(PA) to project(PB), it should be successful; self.artifact.copy_artifact( TestProjects.project_dst_repo_name, dst_repo_sub_name, TestProjects.src_repo_name + "@" + src_tag_data[0].digest, **TestProjects.USER_RETAG_CLIENT) #11. Get repository(RB)'s image tag detail information; dst_tag_data = self.artifact.get_reference_info( TestProjects.project_dst_repo_name, dst_repo_sub_name, tag_name, **TestProjects.USER_RETAG_CLIENT) #12. Read digest of retaged image, it must be the same with the image in repository(RA); self.assertEqual(src_tag_data[0].digest, dst_tag_data[0].digest) #13. Pull image from project(PB) by user_retag, it must be successful;" pull_harbor_image(harbor_server, user_retag_name, user_retag_password, TestProjects.dst_repo_name, tag_name)
class TestTagImmutability(unittest.TestCase): @suppress_urllib3_warning def setUp(self): self.url = ADMIN_CLIENT["endpoint"] self.user_password = "******" self.project= Project() self.user= User() self.repo= Repository() self.registry = Registry() self.artifact = Artifact() self.tag_immutability = Tag_Immutability() self.project_id, self.project_name, self.user_id, self.user_name = [None] * 4 self.user_id, self.user_name = self.user.create_user(user_password = self.user_password, **ADMIN_CLIENT) self.USER_CLIENT = dict(with_signature = True, with_immutable_status = True, endpoint = self.url, username = self.user_name, password = self.user_password) self.exsiting_rule = dict(selector_repository="rel*", selector_tag="v2.*") self.project_id, self.project_name = self.project.create_project(metadata = {"public": "false"}, **self.USER_CLIENT) @unittest.skipIf(TEARDOWN == False, "Test data won't be erased.") def tearDown(self): print("Case completed") def check_tag_immutability(self, artifact, tag_name, status = True): for tag in artifact.tags: if tag.name == tag_name: self.assertTrue(tag.immutable == status) return raise Exception("No tag {} found in artifact {}".format(tag, artifact)) def test_disability_of_rules(self): """ Test case: Test Disability Of Rules Test step and expected result: 1. Create a new project; 2. Push image A to the project with 2 tags A and B; 3. Create a disabled rule matched image A with tag A; 4. Both tags of image A should not be immutable; 5. Enable this rule; 6. image A with tag A should be immutable. """ image_a = dict(name="image_disability_a", tag1="latest", tag2="6.2.2") #1. Create a new project; project_id, project_name = self.project.create_project(metadata = {"public": "false"}, **self.USER_CLIENT) #2. Push image A to the project with 2 tags; push_special_image_to_project(project_name, harbor_server, self.user_name, self.user_password, image_a["name"], [image_a["tag1"], image_a["tag2"]]) #3. Create a disabled rule matched image A; rule_id = self.tag_immutability.create_rule(project_id, disabled = True, selector_repository=image_a["name"], selector_tag=str(image_a["tag1"])[0:2] + "*", **self.USER_CLIENT) #4. Both tags of image A should not be immutable; artifact_a = self.artifact.get_reference_info(project_name, image_a["name"], image_a["tag2"], **self.USER_CLIENT) print("[test_disability_of_rules] - artifact:{}".format(artifact_a)) self.assertTrue(artifact_a) self.check_tag_immutability(artifact_a, image_a["tag1"], status = False) self.check_tag_immutability(artifact_a, image_a["tag2"], status = False) #5. Enable this rule; self.tag_immutability.update_tag_immutability_policy_rule(project_id, rule_id, disabled = False, **self.USER_CLIENT) #6. image A with tag A should be immutable. artifact_a = self.artifact.get_reference_info(project_name, image_a["name"], image_a["tag2"], **self.USER_CLIENT) print("[test_disability_of_rules] - artifact:{}".format(artifact_a)) self.assertTrue(artifact_a) self.check_tag_immutability(artifact_a, image_a["tag1"], status = True) self.check_tag_immutability(artifact_a, image_a["tag2"], status = False) def test_artifact_and_repo_is_undeletable(self): """ Test case: Test Artifact And Repo is Undeleteable Test step and expected result: 1. Create a new project; 2. Push image A to the project with 2 tags A and B; 3. Create a enabled rule matched image A with tag A; 4. Tag A should be immutable; 5. Artifact is undeletable; 6. Repository is undeletable. """ image_a = dict(name="image_repo_undeletable_a", tag1="latest", tag2="1.3.2") #1. Create a new project; project_id, project_name = self.project.create_project(metadata = {"public": "false"}, **self.USER_CLIENT) #2. Push image A to the project with 2 tags A and B; push_special_image_to_project(project_name, harbor_server, self.user_name, self.user_password, image_a["name"], [image_a["tag1"], image_a["tag2"]]) #3. Create a enabled rule matched image A with tag A; self.tag_immutability.create_rule(project_id, selector_repository=image_a["name"], selector_tag=str(image_a["tag1"])[0:2] + "*", **self.USER_CLIENT) #4. Tag A should be immutable; artifact_a = self.artifact.get_reference_info(project_name, image_a["name"], image_a["tag2"], **self.USER_CLIENT) print("[test_artifact_and_repo_is_undeletable] - artifact:{}".format(artifact_a)) self.assertTrue(artifact_a) self.check_tag_immutability(artifact_a, image_a["tag1"], status = True) self.check_tag_immutability(artifact_a, image_a["tag2"], status = False) #5. Artifact is undeletable; self.artifact.delete_artifact(project_name, image_a["name"], image_a["tag1"], expect_status_code = 412,expect_response_body = "configured as immutable, cannot be deleted", **self.USER_CLIENT) #6. Repository is undeletable. self.repo.delete_repository(project_name, image_a["name"], expect_status_code = 412, expect_response_body = "configured as immutable, cannot be deleted", **self.USER_CLIENT) def test_tag_is_undeletable(self): """ Test case: Test Tag is Undeleteable Test step and expected result: 1. Push image A to the project with 2 tags A and B; 2. Create a enabled rule matched image A with tag A; 3. Tag A should be immutable; 4. Tag A is undeletable; 5. Tag B is deletable. """ image_a = dict(name="image_undeletable_a", tag1="latest", tag2="9.3.2") #1. Push image A to the project with 2 tags A and B; push_special_image_to_project(self.project_name, harbor_server, self.user_name, self.user_password, image_a["name"], [image_a["tag1"], image_a["tag2"]]) #2. Create a enabled rule matched image A with tag A; self.tag_immutability.create_rule(self.project_id, selector_repository=image_a["name"], selector_tag=str(image_a["tag2"])[0:2] + "*", **self.USER_CLIENT) #3. Tag A should be immutable; artifact_a = self.artifact.get_reference_info(self.project_name, image_a["name"], image_a["tag2"], **self.USER_CLIENT) print("[test_tag_is_undeletable] - artifact:{}".format(artifact_a)) self.assertTrue(artifact_a) self.check_tag_immutability(artifact_a, image_a["tag2"], status = True) #4. Tag A is undeletable; self.artifact.delete_tag(self.project_name, image_a["name"], image_a["tag1"], image_a["tag2"], expect_status_code = 412, **self.USER_CLIENT) #5. Tag B is deletable. self.artifact.delete_tag(self.project_name, image_a["name"], image_a["tag1"], image_a["tag1"], **self.USER_CLIENT) def test_image_is_unpushable(self): """ Test case: Test Image is Unpushable Test step and expected result: 1. Create a new project; 2. Push image A to the project with 2 tags A and B; 3. Create a enabled rule matched image A with tag A; 4. Tag A should be immutable; 5. Can not push image with the same image name and with the same tag name. """ image_a = dict(name="image_unpushable_a", tag1="latest", tag2="1.3.2") #1. Create a new project; project_id, project_name = self.project.create_project(metadata = {"public": "false"}, **self.USER_CLIENT) #2. Push image A to the project with 2 tags A and B; push_special_image_to_project(project_name, harbor_server, self.user_name, self.user_password, image_a["name"], [image_a["tag1"], image_a["tag2"]]) #3. Create a enabled rule matched image A with tag A; self.tag_immutability.create_rule(project_id, selector_repository=image_a["name"], selector_tag=str(image_a["tag1"])[0:2] + "*", **self.USER_CLIENT) #4. Tag A should be immutable; artifact_a = self.artifact.get_reference_info(project_name, image_a["name"], image_a["tag2"], **self.USER_CLIENT) print("[test_image_is_unpushable] - artifact:{}".format(artifact_a)) self.assertTrue(artifact_a) self.check_tag_immutability(artifact_a, image_a["tag1"], status = True) self.check_tag_immutability(artifact_a, image_a["tag2"], status = False) #5. Can not push image with the same image name and with the same tag name. push_special_image_to_project(project_name, harbor_server, self.user_name, self.user_password, image_a["name"], [image_a["tag1"]], size=10 , expected_error_message = "configured as immutable") def test_copy_disability(self): """ Test case: Test Copy Disability Test step and expected result: 1. Create 2 projects; 2. Push image A with tag A and B to project A, push image B which has the same image name and tag name to project B; 3. Create a enabled rule matched image A with tag A; 4. Tag A should be immutable; 5. Can not copy artifact from project A to project B with the same repository name. """ image_a = dict(name="image_copy_disability_a", tag1="latest", tag2="1.3.2") #1. Create 2 projects; project_id, project_name = self.project.create_project(metadata = {"public": "false"}, **self.USER_CLIENT) _, project_name_src = self.project.create_project(metadata = {"public": "false"}, **self.USER_CLIENT) #2. Push image A with tag A and B to project A, push image B which has the same image name and tag name to project B; push_special_image_to_project(project_name, harbor_server, self.user_name, self.user_password, image_a["name"], [image_a["tag1"], image_a["tag2"]]) push_special_image_to_project(project_name_src, harbor_server, self.user_name, self.user_password, image_a["name"], [image_a["tag1"], image_a["tag2"]]) #3. Create a enabled rule matched image A with tag A; self.tag_immutability.create_rule(project_id, selector_repository=image_a["name"], selector_tag=str(image_a["tag1"])[0:2] + "*", **self.USER_CLIENT) #4. Tag A should be immutable; artifact_a = self.artifact.get_reference_info(project_name, image_a["name"], image_a["tag2"], **self.USER_CLIENT) print("[test_copy_disability] - artifact:{}".format(artifact_a)) self.assertTrue(artifact_a) self.check_tag_immutability(artifact_a, image_a["tag1"], status = True) self.check_tag_immutability(artifact_a, image_a["tag2"], status = False) #5. Can not copy artifact from project A to project B with the same repository name. artifact_a_src = self.artifact.get_reference_info(project_name_src, image_a["name"], image_a["tag2"], **self.USER_CLIENT) print("[test_copy_disability] - artifact_a_src:{}".format(artifact_a_src)) self.artifact.copy_artifact(project_name, image_a["name"], project_name_src+"/"+ image_a["name"] + "@" + artifact_a_src.digest, expect_status_code=412, expect_response_body = "configured as immutable, cannot be updated", **self.USER_CLIENT) #def test_replication_disability(self): # pass def test_priority_of_rules(self): """ Test case: Test Priority Of Rules(excluding rule will not affect matching rule) Test step and expected result: 1. Push image A, B and C, image A has only 1 tag named tag1; 2. Create a matching rule that matches image A and tag named tag2 which is not exist; 3. Create a excluding rule to exlude image A and B; 4. Add a tag named tag2 to image A, tag2 should be immutable; 5. Tag2 should be immutable; 6. All tags in image B should be immutable; 7. All tags in image C should not be immutable; 8. Disable all rules. """ image_a = dict(name="image_priority_a", tag1="latest", tag2="6.3.2") image_b = dict(name="image_priority_b", tag1="latest", tag2="0.12.0") image_c = dict(name="image_priority_c", tag1="latest", tag2="3.12.0") #1. Push image A, B and C, image A has only 1 tag named tag1; push_special_image_to_project(self.project_name, harbor_server, self.user_name, self.user_password, image_a["name"], [image_a["tag1"]]) push_special_image_to_project(self.project_name, harbor_server, self.user_name, self.user_password, image_b["name"], [image_b["tag1"],image_b["tag2"]]) push_special_image_to_project(self.project_name, harbor_server, self.user_name, self.user_password, image_c["name"], [image_c["tag1"],image_c["tag2"]]) #2. Create a matching rule that matches image A and tag named tag2 which is not exist; rule_id_1 = self.tag_immutability.create_rule(self.project_id, selector_repository=image_a["name"], selector_tag=image_a["tag2"], **self.USER_CLIENT) #3. Create a excluding rule to exlude image A and B; rule_id_2 = self.tag_immutability.create_rule(self.project_id, selector_repository_decoration = "repoExcludes", selector_repository="{image_priority_a,image_priority_b}", selector_tag="**", **self.USER_CLIENT) #4. Add a tag named tag2 to image A, tag2 should be immutable; self.artifact.create_tag(self.project_name, image_a["name"], image_a["tag1"], image_a["tag2"], **self.USER_CLIENT) #5. Tag2 should be immutable; artifact_a = self.artifact.get_reference_info(self.project_name, image_a["name"], image_a["tag2"], **self.USER_CLIENT) print("[test_priority_of_rules] - artifact:{}".format(artifact_a)) self.assertTrue(artifact_a) self.check_tag_immutability(artifact_a, image_a["tag2"], status = True) self.check_tag_immutability(artifact_a, image_a["tag1"], status = False) #6. All tags in image B should be immutable; artifact_b = self.artifact.get_reference_info(self.project_name, image_b["name"], image_b["tag2"], **self.USER_CLIENT) print("[test_priority_of_rules] - artifact:{}".format(artifact_b)) self.assertTrue(artifact_b) self.check_tag_immutability(artifact_b, image_b["tag2"], status = False) self.check_tag_immutability(artifact_b, image_b["tag1"], status = False) #7. All tags in image C should not be immutable; artifact_c = self.artifact.get_reference_info(self.project_name, image_c["name"], image_c["tag2"], **self.USER_CLIENT) print("[test_priority_of_rules] - artifact:{}".format(artifact_c)) self.assertTrue(artifact_c) self.check_tag_immutability(artifact_c, image_c["tag2"], status = True) self.check_tag_immutability(artifact_c, image_c["tag1"], status = True) #8. Disable all rules. self.tag_immutability.update_tag_immutability_policy_rule(self.project_id, rule_id_1, disabled = True, **self.USER_CLIENT) self.tag_immutability.update_tag_immutability_policy_rule(self.project_id, rule_id_2, disabled = True, **self.USER_CLIENT) def test_add_exsiting_rule(self): """ Test case: Test Priority Of Rules(excluding rule will not affect matching rule) Test step and expected result: 1. Push image A and B with no tag; 2. Create a immutability policy rule A; 3. Fail to create rule B which has the same config as rule A; """ self.tag_immutability.create_tag_immutability_policy_rule(self.project_id, **self.exsiting_rule, **self.USER_CLIENT) self.tag_immutability.create_tag_immutability_policy_rule(self.project_id, **self.exsiting_rule, expect_status_code = 409, **self.USER_CLIENT)