def testLdapAdminRole(self):
"""Test LdapAdminRole"""
_project_name = _random_name("test_private")
result = self.product_api.configurations_put(
configurations=Configurations(
ldap_group_admin_dn=
"cn=harbor_users,ou=groups,dc=example,dc=com"))
# Create a private project
result = self.product_api.projects_post(project=ProjectReq(
project_name=_project_name))
# query project with ldap user mike
projects = self.mike_product_api.projects_get(name=_project_name)
print("=================", projects)
self.assertTrue(len(projects) == 1)
self.project_id = projects[0].project_id
# check the mike is not admin in Database
user_list = self.product_api.users_get(username="******")
pprint(user_list[0])
self.assertFalse(user_list[0].sysadmin_flag)
pass
class TestAssignRoleToLdapGroup(unittest.TestCase):
harbor_host = os.environ["HARBOR_HOST"]
"""AssignRoleToLdapGroup unit test stubs"""
product_api = testutils.GetProductApi("admin", "Harbor12345")
repository_api = testutils.GetRepositoryApi("admin", "Harbor12345")
project_id = 0
docker_client = docker.from_env()
_project_name = _random_name("test_private")
def setUp(self):
self.projectv2 = ProjectV2()
#login with admin, create a project and assign role to ldap group
result = self.product_api.configurations_put(
configurations=Configurations(
ldap_filter="",
ldap_group_attribute_name="cn",
ldap_group_base_dn="ou=groups,dc=example,dc=com",
ldap_group_search_filter="objectclass=groupOfNames",
ldap_group_search_scope=2))
pprint(result)
cfgs = self.product_api.configurations_get()
pprint(cfgs)
req = ProjectReq()
req.project_name = self._project_name
req.metadata = ProjectMetadata(public="false")
result = self.product_api.projects_post(req)
pprint(result)
projs = self.product_api.projects_get(name=self._project_name)
if len(projs) > 0:
project = projs[0]
self.project_id = project.project_id
# asign role to project with dn
group_dn = "cn=harbor_admin,ou=groups,dc=example,dc=com"
projectmember = ProjectMember()
projectmember.role_id = 1
projectmember.member_group = UserGroup(ldap_group_dn=group_dn)
result = self.product_api.projects_project_id_members_post(
project_id=self.project_id, project_member=projectmember)
pprint(result)
group_dn = "cn=harbor_dev,ou=groups,dc=example,dc=com"
projectmember = ProjectMember()
projectmember.role_id = 2
projectmember.member_group = UserGroup(ldap_group_dn=group_dn)
result = self.product_api.projects_project_id_members_post(
project_id=self.project_id, project_member=projectmember)
pprint(result)
group_dn = "cn=harbor_guest,ou=groups,dc=example,dc=com"
projectmember = ProjectMember()
projectmember.role_id = 3
projectmember.member_group = UserGroup(ldap_group_dn=group_dn)
result = self.product_api.projects_project_id_members_post(
project_id=self.project_id, project_member=projectmember)
pprint(result)
pass
def tearDown(self):
#delete images in project
result = self.repository_api.delete_repository(self._project_name,
"busybox")
pprint(result)
result = self.repository_api.delete_repository(self._project_name,
"busyboxdev")
pprint(result)
if self.project_id > 0:
self.product_api.projects_project_id_delete(self.project_id)
pass
def testAssignRoleToLdapGroup(self):
"""Test AssignRoleToLdapGroup"""
admin_product_api = testutils.GetProductApi(username="******",
password="******")
projects = admin_product_api.projects_get(name=self._project_name)
self.assertTrue(len(projects) == 1)
self.assertEqual(1, projects[0].current_user_role_id)
dev_product_api = testutils.GetProductApi("dev_user", "zhu88jie")
projects = dev_product_api.projects_get(name=self._project_name)
self.assertTrue(len(projects) == 1)
self.assertEqual(2, projects[0].current_user_role_id)
guest_product_api = testutils.GetProductApi("guest_user", "zhu88jie")
projects = guest_product_api.projects_get(name=self._project_name)
self.assertTrue(len(projects) == 1)
self.assertEqual(3, projects[0].current_user_role_id)
self.dockerCmdLoginAdmin(username="******", password="******")
self.dockerCmdLoginDev(username="******", password="******")
self.dockerCmdLoginGuest(username="******", password="******")
self.assertTrue(
self.queryUserLogs(username="******", password="******") > 0,
"admin user can see logs")
self.assertTrue(
self.queryUserLogs(username="******", password="******") > 0,
"dev user can see logs")
self.assertTrue(
self.queryUserLogs(username="******", password="******") > 0,
"guest user can see logs")
self.assertTrue(
self.queryUserLogs(username="******",
password="******",
status_code=403) == 0,
"test user can not see any logs")
pass
# admin user can push, pull images
def dockerCmdLoginAdmin(self, username, password):
pprint(self.docker_client.info())
self.docker_client.login(username=username,
password=password,
registry=self.harbor_host)
self.docker_client.images.pull("busybox:latest")
image = self.docker_client.images.get("busybox:latest")
image.tag(repository=self.harbor_host + "/" + self._project_name +
"/busybox",
tag="latest")
output = self.docker_client.images.push(repository=self.harbor_host +
"/" + self._project_name +
"/busybox",
tag="latest")
if output.find("error") > 0:
self.fail("Should not fail to push image for admin_user")
self.docker_client.images.pull(repository=self.harbor_host + "/" +
self._project_name + "/busybox",
tag="latest")
pass
# dev user can push, pull images
def dockerCmdLoginDev(self, username, password, harbor_server=harbor_host):
self.docker_client.login(username=username,
password=password,
registry=self.harbor_host)
self.docker_client.images.pull("busybox:latest")
image = self.docker_client.images.get("busybox:latest")
image.tag(repository=self.harbor_host + "/" + self._project_name +
"/busyboxdev",
tag="latest")
output = self.docker_client.images.push(repository=self.harbor_host +
"/" + self._project_name +
"/busyboxdev",
tag="latest")
if output.find("error") > 0:
self.fail("Should not fail to push images for dev_user")
pass
# guest user can pull images
def dockerCmdLoginGuest(self,
username,
password,
harbor_server=harbor_host):
self.docker_client.login(username=username,
password=password,
registry=self.harbor_host)
self.docker_client.images.pull("busybox:latest")
image = self.docker_client.images.get("busybox:latest")
image.tag(repository=self.harbor_host + "/" + self._project_name +
"/busyboxguest",
tag="latest")
output = self.docker_client.images.push(repository=self.harbor_host +
"1/" + self._project_name +
"/busyboxguest",
tag="latest")
if output.find("error") < 0:
self.fail("Should failed to push image for guest user")
self.docker_client.images.pull(repository=self.harbor_host + "/" +
self._project_name + "/busybox",
tag="latest")
pass
# check can see his log in current project
def queryUserLogs(self, username, password, status_code=200):
client = dict(endpoint=ADMIN_CLIENT["endpoint"],
username=username,
password=password)
try:
logs = self.projectv2.get_project_log(self._project_name,
status_code, **client)
count = 0
for log in list(logs):
count = count + 1
return count
except ApiException as e:
_assert_status_code(status_code, e.status)
return 0
def do_validate(self, registry_type):
"""
Test case:
Proxy Cache Image From Harbor
Test step and expected result:
1. Create a new registry;
2. Create a new project;
3. Add a new user as a member of project;
4. Pull image from this project by docker CLI;
5. Pull image from this project by ctr CLI;
6. Pull manifest index from this project by docker CLI;
7. Pull manifest from this project by ctr CLI;
8. Image pulled by docker CLI should be cached;
9. Image pulled by ctr CLI should be cached;
10. Manifest index pulled by docker CLI should be cached;
11. Manifest index pulled by ctr CLI should be cached;
Tear down:
1. Delete project(PA);
2. Delete user(UA).
"""
user_id, user_name = self.user.create_user(
user_password=self.user_password, **ADMIN_CLIENT)
USER_CLIENT = dict(with_signature=True,
endpoint=self.url,
username=user_name,
password=self.user_password)
image_for_docker = dict(image="for_proxy", tag="1.0")
image_for_ctr = dict(image="redis", tag="latest")
index_for_docker = dict(image="index081597864867",
tag="index_tag081597864867")
access_key = ""
access_secret = ""
#1. Create a new registry;
if registry_type == "docker-hub":
user_namespace = "danfengliu"
access_key = user_namespace
access_secret = "Aa123456"
registry = "https://hub.docker.com"
# Memo: ctr will not send image pull request if manifest list already exist, so we pull different manifest list for different registry;
index_for_ctr = dict(image="alpine", tag="3.12.0")
else:
user_namespace = "nightly"
registry = "https://cicd.harbor.vmwarecna.net"
index_for_ctr = dict(image="busybox", tag="1.32.0")
registry_id, _ = self.registry.create_registry(
registry,
name=_random_name(registry_type),
registry_type=registry_type,
access_key=access_key,
access_secret=access_secret,
insecure=False,
**ADMIN_CLIENT)
print("registry_id:", registry_id)
#2. Create a new project;
project_id, project_name = self.project.create_project(
registry_id=registry_id,
metadata={"public": "false"},
**ADMIN_CLIENT)
print("project_id:", project_id)
print("project_name:", project_name)
#3. Add a new user as a member of project;
self.project.add_project_members(project_id,
user_id=user_id,
**ADMIN_CLIENT)
#4. Pull image from this project by docker CLI;
pull_harbor_image(
harbor_server, USER_CLIENT["username"], USER_CLIENT["password"],
project_name + "/" + user_namespace + "/" +
image_for_docker["image"], image_for_docker["tag"])
#5. Pull image from this project by ctr CLI;
oci_ref = harbor_server + "/" + project_name + "/" + user_namespace + "/" + image_for_ctr[
"image"] + ":" + image_for_ctr["tag"]
library.containerd.ctr_images_pull(user_name, self.user_password,
oci_ref)
library.containerd.ctr_images_list(oci_ref=oci_ref)
#6. Pull manifest index from this project by docker CLI;
index_repo_name = user_namespace + "/" + index_for_docker["image"]
pull_harbor_image(harbor_server, user_name, self.user_password,
project_name + "/" + index_repo_name,
index_for_docker["tag"])
#7. Pull manifest from this project by ctr CLI;
index_repo_name_for_ctr = user_namespace + "/" + index_for_ctr["image"]
oci_ref = harbor_server + "/" + project_name + "/" + index_repo_name_for_ctr + ":" + index_for_ctr[
"tag"]
library.containerd.ctr_images_pull(user_name, self.user_password,
oci_ref)
library.containerd.ctr_images_list(oci_ref=oci_ref)
#8. Image pulled by docker CLI should be cached;
self.artifact.waiting_for_reference_exist(
project_name,
urllib.parse.quote(
user_namespace + "/" + image_for_docker["image"], 'utf-8'),
image_for_docker["tag"], **USER_CLIENT)
#9. Image pulled by ctr CLI should be cached;
self.artifact.waiting_for_reference_exist(
project_name,
urllib.parse.quote(user_namespace + "/" + image_for_ctr["image"],
'utf-8'), image_for_ctr["tag"], **USER_CLIENT)
#10. Manifest index pulled by docker CLI should be cached;
ret_index_by_d = self.artifact.waiting_for_reference_exist(
project_name, urllib.parse.quote(index_repo_name, 'utf-8'),
index_for_docker["tag"], **USER_CLIENT)
print("Index's reference by docker CLI:", ret_index_by_d[0].references)
self.assertTrue(len(ret_index_by_d[0].references) == 1)
#11. Manifest index pulled by ctr CLI should be cached;
ret_index_by_c = self.artifact.waiting_for_reference_exist(
project_name, urllib.parse.quote(index_repo_name_for_ctr, 'utf-8'),
index_for_ctr["tag"], **USER_CLIENT)
print("Index's reference by ctr CLI:", ret_index_by_c[0].references)
self.assertTrue(len(ret_index_by_c[0].references) == 1)