def testProjectLevelPolicyContentTrust(self): """ Test case: Project Level Policy Content Trust Test step and expected result: 1. Create a new user(UA); 2. Create a new project(PA) by user(UA); 3. Push a new image(IA) in project(PA) by admin; 4. Image(IA) should exist; 5. Pull image(IA) successfully; 6. Enable content trust in project(PA) configuration; 7. Pull image(IA) failed and the reason is "The image is not signed in Notary". Tear down: 1. Delete repository(RA) by user(UA); 2. Delete project(PA); 3. Delete user(UA); """ url = ADMIN_CLIENT["endpoint"] image = "hello-world" admin_name = ADMIN_CLIENT["username"] admin_password = ADMIN_CLIENT["password"] user_content_trust_password = "******" #1. Create a new user(UA); TestProjects.user_content_trust_id, user_content_trust_name = self.user.create_user(user_password = user_content_trust_password, **ADMIN_CLIENT) TestProjects.USER_CONTENT_TRUST_CLIENT=dict(endpoint = url, username = user_content_trust_name, password = user_content_trust_password) #2. Create a new project(PA) by user(UA); TestProjects.project_content_trust_id, TestProjects.project_content_trust_name = self.project.create_project(metadata = {"public": "false"}, **TestProjects.USER_CONTENT_TRUST_CLIENT) #3. Push a new image(IA) in project(PA) by admin; TestProjects.repo_name, tag = push_image_to_project(TestProjects.project_content_trust_name, harbor_server, admin_name, admin_password, image, "latest") #4. Image(IA) should exist; artifact = self.artifact.get_reference_info(TestProjects.project_content_trust_name, image, tag, **TestProjects.USER_CONTENT_TRUST_CLIENT) self.assertEqual(artifact.tags[0].name, tag) #5. Pull image(IA) successfully; pull_harbor_image(harbor_server, admin_name, admin_password, TestProjects.repo_name, tag) #6. Enable content trust in project(PA) configuration; self.project.update_project(TestProjects.project_content_trust_id, metadata = {"enable_content_trust": "true"}, **TestProjects.USER_CONTENT_TRUST_CLIENT) #7. Pull image(IA) failed and the reason is "The image is not signed in Notary". pull_harbor_image(harbor_server, admin_name, admin_password, TestProjects.repo_name, tag, expected_error_message = "The image is not signed in Notary")
def testRetag(self): """ Test case: Retag Image Test step and expected result: 1. Create a new user(UA); 2. Create a new project(PA) by user(UA); 3. Create a new project(PB) by user(UA); 4. Update role of user-retag as guest member of project(PB); 5. Create a new repository(RA) in project(PA) by user(UA); 6. Get repository in project(PA), there should be one repository which was created by user(UA); 7. Get repository(RA)'s image tag detail information; 8. Retag image in project(PA) to project(PB), it should be forbidden; 9. Update role of user-retag as admin member of project(PB); 10. Retag image in project(PA) to project(PB), it should be successful; 11. Get repository(RB)'s image tag detail information; 12. Read digest of retaged image, it must be the same with the image in repository(RA); 13. Pull image from project(PB) by user_retag, it must be successful; Tear down: 1. Delete repository(RA); 2. Delete repository by retag; 3. Delete project(PA); 4. Delete user(UA). """ url = ADMIN_CLIENT["endpoint"] user_retag_password = "******" pull_tag_name = "latest" dst_repo_sub_name = "repo" #1. Create a new user(UA); TestProjects.user_retag_id, user_retag_name = self.user.create_user( user_password=user_retag_password, **ADMIN_CLIENT) TestProjects.USER_RETAG_CLIENT = dict(endpoint=url, username=user_retag_name, password=user_retag_password) #2. Create a new project(PA) by user(UA); TestProjects.project_src_repo_id, TestProjects.project_src_repo_name = self.project.create_project( metadata={"public": "false"}, **TestProjects.USER_RETAG_CLIENT) #3. Create a new project(PB) by user(UA); TestProjects.project_dst_repo_id, TestProjects.project_dst_repo_name = self.project.create_project( metadata={"public": "false"}, **TestProjects.USER_RETAG_CLIENT) retag_member_id = self.project.get_project_member_id( TestProjects.project_dst_repo_id, user_retag_name, **TestProjects.USER_RETAG_CLIENT) #4. Update role of user-retag as guest member of project(PB); self.project.update_project_member_role( TestProjects.project_dst_repo_id, retag_member_id, 3, **ADMIN_CLIENT) #5. Create a new repository(RA) in project(PA) by user(UA); TestProjects.src_repo_name, tag_name = push_image_to_project( TestProjects.project_src_repo_name, harbor_server, 'admin', 'Harbor12345', "hello-world", pull_tag_name) #6. Get repository in project(PA), there should be one repository which was created by user(UA); src_repo_data = self.repo.get_repository( TestProjects.project_src_repo_name, **TestProjects.USER_RETAG_CLIENT) _assert_status_code(TestProjects.src_repo_name, src_repo_data[0].name) #7. Get repository(RA)'s image tag detail information; src_tag_data = self.artifact.get_reference_info( TestProjects.project_src_repo_name, TestProjects.src_repo_name.split('/')[1], tag_name, **TestProjects.USER_RETAG_CLIENT) TestProjects.dst_repo_name = TestProjects.project_dst_repo_name + "/" + dst_repo_sub_name #8. Retag image in project(PA) to project(PB), it should be forbidden; self.artifact.copy_artifact(TestProjects.project_dst_repo_name, dst_repo_sub_name, TestProjects.src_repo_name + "@" + src_tag_data[0].digest, expect_status_code=403, **TestProjects.USER_RETAG_CLIENT) #9. Update role of user-retag as admin member of project(PB); self.project.update_project_member_role( TestProjects.project_dst_repo_id, retag_member_id, 1, **ADMIN_CLIENT) #10. Retag image in project(PA) to project(PB), it should be successful; self.artifact.copy_artifact( TestProjects.project_dst_repo_name, dst_repo_sub_name, TestProjects.src_repo_name + "@" + src_tag_data[0].digest, **TestProjects.USER_RETAG_CLIENT) #11. Get repository(RB)'s image tag detail information; dst_tag_data = self.artifact.get_reference_info( TestProjects.project_dst_repo_name, dst_repo_sub_name, tag_name, **TestProjects.USER_RETAG_CLIENT) #12. Read digest of retaged image, it must be the same with the image in repository(RA); self.assertEqual(src_tag_data[0].digest, dst_tag_data[0].digest) #13. Pull image from project(PB) by user_retag, it must be successful;" pull_harbor_image(harbor_server, user_retag_name, user_retag_password, TestProjects.dst_repo_name, tag_name)
def testRobotAccount(self): """ Test case: Robot Account Test step and expected result: 1. Create user(UA); 2. Create private project(PA), private project(PB) and public project(PC) by user(UA); 3. Push image(ImagePA) to project(PA), image(ImagePB) to project(PB) and image(ImagePC) to project(PC) by user(UA); 4. Create a new robot account(RA) with pull and push privilige in project(PA) by user(UA); 5. Check robot account info, it should has both pull and push priviliges; 6. Pull image(ImagePA) from project(PA) by robot account(RA), it must be successful; 7. Push image(ImageRA) to project(PA) by robot account(RA), it must be successful; 8. Push image(ImageRA) to project(PB) by robot account(RA), it must be not successful; 9. Pull image(ImagePB) from project(PB) by robot account(RA), it must be not successful; 10. Pull image from project(PC), it must be successful; 11. Push image(ImageRA) to project(PC) by robot account(RA), it must be not successful; 12. Update action property of robot account(RA); 13. Pull image(ImagePA) from project(PA) by robot account(RA), it must be not successful; 14. Push image(ImageRA) to project(PA) by robot account(RA), it must be not successful; 15. Delete robot account(RA), it must be not successful. Tear down: 1. Delete repository(RA) by user(UA); 2. Delete project(PA); 3. Delete user(UA). """ url = ADMIN_CLIENT["endpoint"] admin_name = ADMIN_CLIENT["username"] admin_password = ADMIN_CLIENT["password"] user_ra_password = "******" image_project_a = "haproxy" image_project_b = "hello-world" image_project_c = "httpd" image_robot_account = "alpine" tag = "latest" #1. Create user(UA);" TestProjects.user_ra_id, user_ra_name = self.user.create_user(user_password = user_ra_password, **ADMIN_CLIENT) TestProjects.USER_RA_CLIENT=dict(endpoint = url, username = user_ra_name, password = user_ra_password) #2. Create private project(PA), private project(PB) and public project(PC) by user(UA); TestProjects.project_ra_id_a, TestProjects.project_ra_name_a = self.project.create_project(metadata = {"public": "false"}, **TestProjects.USER_RA_CLIENT) TestProjects.project_ra_id_b, TestProjects.project_ra_name_b = self.project.create_project(metadata = {"public": "false"}, **TestProjects.USER_RA_CLIENT) TestProjects.project_ra_id_c, TestProjects.project_ra_name_c = self.project.create_project(metadata = {"public": "true"}, **TestProjects.USER_RA_CLIENT) #3. Push image(ImagePA) to project(PA), image(ImagePB) to project(PB) and image(ImagePC) to project(PC) by user(UA); TestProjects.repo_name_in_project_a, tag_a = push_self_build_image_to_project(TestProjects.project_ra_name_a, harbor_server, user_ra_name, user_ra_password, image_project_a, tag) TestProjects.repo_name_in_project_b, tag_b = push_self_build_image_to_project(TestProjects.project_ra_name_b, harbor_server, user_ra_name, user_ra_password, image_project_b, tag) TestProjects.repo_name_in_project_c, tag_c = push_self_build_image_to_project(TestProjects.project_ra_name_c, harbor_server, user_ra_name, user_ra_password, image_project_c, tag) #4. Create a new robot account(RA) with pull and push privilege in project(PA) by user(UA); robot_id, robot_account = self.robot.create_project_robot(TestProjects.project_ra_name_a, 30 ,**TestProjects.USER_RA_CLIENT) #5. Check robot account info, it should has both pull and push privilege; data = self.robot.get_robot_account_by_id(robot_id, **TestProjects.USER_RA_CLIENT) _assert_status_code(robot_account.name, data.name) #6. Pull image(ImagePA) from project(PA) by robot account(RA), it must be successful; pull_harbor_image(harbor_server, robot_account.name, robot_account.secret, TestProjects.repo_name_in_project_a, tag_a) #7. Push image(ImageRA) to project(PA) by robot account(RA), it must be successful; TestProjects.repo_name_pa, _ = push_self_build_image_to_project(TestProjects.project_ra_name_a, harbor_server, robot_account.name, robot_account.secret, image_robot_account, tag) #8. Push image(ImageRA) to project(PB) by robot account(RA), it must be not successful; push_self_build_image_to_project(TestProjects.project_ra_name_b, harbor_server, robot_account.name, robot_account.secret, image_robot_account, tag, expected_error_message = "unauthorized to access repository") #9. Pull image(ImagePB) from project(PB) by robot account(RA), it must be not successful; pull_harbor_image(harbor_server, robot_account.name, robot_account.secret, TestProjects.repo_name_in_project_b, tag_b, expected_error_message = "unauthorized to access repository") #10. Pull image from project(PC), it must be successful; pull_harbor_image(harbor_server, robot_account.name, robot_account.secret, TestProjects.repo_name_in_project_c, tag_c) #11. Push image(ImageRA) to project(PC) by robot account(RA), it must be not successful; push_self_build_image_to_project(TestProjects.project_ra_name_c, harbor_server, robot_account.name, robot_account.secret, image_robot_account, tag, expected_error_message = "unauthorized to access repository") #12. Update action property of robot account(RA);" self.robot.disable_robot_account(robot_id, True, **TestProjects.USER_RA_CLIENT) #13. Pull image(ImagePA) from project(PA) by robot account(RA), it must be not successful; pull_harbor_image(harbor_server, robot_account.name, robot_account.secret, TestProjects.repo_name_in_project_a, tag_a, expected_login_error_message = "unauthorized: authentication required") #14. Push image(ImageRA) to project(PA) by robot account(RA), it must be not successful; push_self_build_image_to_project(TestProjects.project_ra_name_a, harbor_server, robot_account.name, robot_account.secret, image_robot_account, tag, expected_login_error_message = "unauthorized: authentication required") #15. Delete robot account(RA), it must be not successful. self.robot.delete_robot_account(robot_id, **TestProjects.USER_RA_CLIENT)
def testRobotAccount(self): """ Test case: Robot Account Test step and expected result: 1. Create user(UA); 2. Create private project(PA), private project(PB) and public project(PC) by user(UA); 3. Push image(ImagePA) to project(PA), image(ImagePB) to project(PB) and image(ImagePC) to project(PC) by user(UA); 4. Create a new robot account(RA) with pull and push privilige in project(PA) by user(UA); 5. Check robot account info, it should has both pull and push priviliges; 6. Pull image(ImagePA) from project(PA) by robot account(RA), it must be successful; 7. Push image(ImageRA) to project(PA) by robot account(RA), it must be successful; 8. Push image(ImageRA) to project(PB) by robot account(RA), it must be not successful; 9. Pull image(ImagePB) from project(PB) by robot account(RA), it must be not successful; 10. Pull image from project(PC), it must be successful; 11. Push image(ImageRA) to project(PC) by robot account(RA), it must be not successful; 12. Update action property of robot account(RA); 13. Pull image(ImagePA) from project(PA) by robot account(RA), it must be not successful; 14. Push image(ImageRA) to project(PA) by robot account(RA), it must be not successful; 15. Push image(ImageRA) to project(PA) by robot account(RA), it must be not successful; Tear down: 1. Delete project(PA) (PB) (PC); 2. Delete user(UA). """ url = ADMIN_CLIENT["endpoint"] admin_name = ADMIN_CLIENT["username"] admin_password = ADMIN_CLIENT["password"] user_ra_password = "******" image_project_a = "tomcat" image_project_b = "hello-world" image_project_c = "mysql" image_robot_account = "mariadb" tag = "latest" print "#1. Create user(UA);" TestProjects.user_ra_id, user_ra_name = self.user.create_user( user_password=user_ra_password, **ADMIN_CLIENT) TestProjects.USER_RA_CLIENT = dict(endpoint=url, username=user_ra_name, password=user_ra_password) print "#2. Create private project(PA), private project(PB) and public project(PC) by user(UA);" TestProjects.project_ra_id_a, project_ra_name_a = self.project.create_project( metadata={"public": "false"}, **TestProjects.USER_RA_CLIENT) TestProjects.project_ra_id_b, project_ra_name_b = self.project.create_project( metadata={"public": "false"}, **TestProjects.USER_RA_CLIENT) TestProjects.project_ra_id_c, project_ra_name_c = self.project.create_project( metadata={"public": "true"}, **TestProjects.USER_RA_CLIENT) print "#3. Push image(ImagePA) to project(PA), image(ImagePB) to project(PB) and image(ImagePC) to project(PC) by user(UA);" TestProjects.repo_name_in_project_a, tag_a = push_image_to_project( project_ra_name_a, harbor_server, user_ra_name, user_ra_password, image_project_a, tag) TestProjects.repo_name_in_project_b, tag_b = push_image_to_project( project_ra_name_b, harbor_server, user_ra_name, user_ra_password, image_project_b, tag) TestProjects.repo_name_in_project_c, tag_c = push_image_to_project( project_ra_name_c, harbor_server, user_ra_name, user_ra_password, image_project_c, tag) print "#4. Create a new robot account(RA) with pull and push privilige in project(PA) by user(UA);" robot_id, robot_account = self.project.add_project_robot_account( TestProjects.project_ra_id_a, project_ra_name_a, 2441000531, **TestProjects.USER_RA_CLIENT) print robot_account.name print robot_account.token print "#5. Check robot account info, it should has both pull and push priviliges;" data = self.project.get_project_robot_account_by_id( TestProjects.project_ra_id_a, robot_id, **TestProjects.USER_RA_CLIENT) _assert_status_code(robot_account.name, data.name) print "#6. Pull image(ImagePA) from project(PA) by robot account(RA), it must be successful;" pull_harbor_image(harbor_server, robot_account.name, robot_account.token, TestProjects.repo_name_in_project_a, tag_a) print "#7. Push image(ImageRA) to project(PA) by robot account(RA), it must be successful;" TestProjects.repo_name_pa, _ = push_image_to_project( project_ra_name_a, harbor_server, robot_account.name, robot_account.token, image_robot_account, tag) print "#8. Push image(ImageRA) to project(PB) by robot account(RA), it must be not successful;" push_image_to_project( project_ra_name_b, harbor_server, robot_account.name, robot_account.token, image_robot_account, tag, expected_error_message= "denied: requested access to the resource is denied") print "#9. Pull image(ImagePB) from project(PB) by robot account(RA), it must be not successful;" pull_harbor_image(harbor_server, robot_account.name, robot_account.token, TestProjects.repo_name_in_project_b, tag_b, expected_error_message=r"pull access denied for " + harbor_server + "/" + TestProjects.repo_name_in_project_b) print "#10. Pull image from project(PC), it must be successful;" pull_harbor_image(harbor_server, robot_account.name, robot_account.token, TestProjects.repo_name_in_project_c, tag_c) print "#11. Push image(ImageRA) to project(PC) by robot account(RA), it must be not successful;" push_image_to_project( project_ra_name_c, harbor_server, robot_account.name, robot_account.token, image_robot_account, tag, expected_error_message= "denied: requested access to the resource is denied") print "#12. Update action property of robot account(RA);" self.project.disable_project_robot_account( TestProjects.project_ra_id_a, robot_id, True, **TestProjects.USER_RA_CLIENT) print "#13. Pull image(ImagePA) from project(PA) by robot account(RA), it must be not successful;" pull_harbor_image( harbor_server, robot_account.name, robot_account.token, TestProjects.repo_name_in_project_a, tag_a, expected_login_error_message="401 Client Error: Unauthorized") print "#14. Push image(ImageRA) to project(PA) by robot account(RA), it must be not successful;" push_image_to_project( project_ra_name_a, harbor_server, robot_account.name, robot_account.token, image_robot_account, tag, expected_login_error_message="401 Client Error: Unauthorized") print "#15. Delete robot account(RA), it must be not successful;" self.project.delete_project_robot_account( TestProjects.project_ra_id_a, robot_id, **TestProjects.USER_RA_CLIENT)
def test_02_SystemlevelRobotAccount(self): """ Test case: Robot Account Test step and expected result: 1. Define a number of access lists; 2. Create the same number of private projects; 3. Create a system robot account has permission for those projects; 4. Verify the system robot account has the corresponding rights; 5. Disable the system robot account; 6. Verify the system robot account has no the corresponding rights; 7. Enable the system robot account; 8. Verify the system robot account has the corresponding rights; 9. Refresh secret for the system robot account; 10. Verify the system robot account has no the corresponding right with the old secret already; 11. Verify the system robot account still has the corresponding right with the new secret; 12. List system robot account, then add a new project to the system robot account project permission list; 13. Delete this project; 14. List system robot account successfully; 15. Delete the system robot account; 16. Verify the system robot account has no the corresponding right; 17. Add a system robot account with all project coverd; 18. Verify the system robot account has no the corresponding right; """ #1. Define a number of access lists; CHART_FILE_LIST = [ dict(name='prometheus', version='7.0.2'), dict(name='harbor', version='0.2.0') ] for i in range(2): base.run_command([ "curl", r"-o", "./tests/apitests/python/{}-{}.tgz".format( CHART_FILE_LIST[i]["name"], CHART_FILE_LIST[i]["version"]), "https://storage.googleapis.com/harbor-builds/helm-chart-test-files/{}-{}.tgz" .format(CHART_FILE_LIST[i]["name"], CHART_FILE_LIST[i]["version"]) ]) #Make sure that whether 'True' or 'False' must be included in each line or row. check_list = [ [True, True, True, True, True, True, False, True, False, True], [False, False, False, False, True, True, False, True, True, False], [True, False, True, False, True, False, True, False, True, True], [False, False, False, True, False, True, False, True, True, False] ] access_list_list = [] for i in range(len(check_list)): access_list_list.append( self.robot.create_access_list(check_list[i])) #2. Create the same number of private projects; robot_account_Permissions_list = [] project_access_list = [] for i in range(len(check_list)): with created_user(TestRobotAccount.user_ra_password, _teardown=False) as (user_id, username): with created_project(metadata={"public": "false"}, user_id=user_id, _teardown=False) as (project_id, project_name): project_access_list.append( dict(project_name=project_name, project_id=project_id, check_list=check_list[i])) robot_account_Permissions = v2_swagger_client.Permission( kind="project", namespace=project_name, access=access_list_list[i]) robot_account_Permissions_list.append( robot_account_Permissions) #3. Create a system robot account has permission for those projects; system_robot_account_id, system_robot_account = self.robot.create_system_robot( robot_account_Permissions_list, 300) print("system_robot_account:", system_robot_account) SYSTEM_RA_CLIENT = dict(endpoint=TestRobotAccount.url, username=system_robot_account.name, password=system_robot_account.secret) SYSTEM_RA_CHART_CLIENT = dict(endpoint=CHART_API_CLIENT["endpoint"], username=SYSTEM_RA_CLIENT["username"], password=SYSTEM_RA_CLIENT["password"]) #4. Verify the system robot account has the corresponding rights; for project_access in project_access_list: print(r"project_access:", project_access) if project_access["check_list"][1]: #---repository:push--- repo = push_self_build_image_to_project( project_access["project_name"], harbor_server, SYSTEM_RA_CLIENT["username"], SYSTEM_RA_CLIENT["password"], "test_pushable", "v6.8.1") else: push_self_build_image_to_project( project_access["project_name"], harbor_server, SYSTEM_RA_CLIENT["username"], SYSTEM_RA_CLIENT["password"], "test_unpushable", "v6.8.1", expected_error_message="unauthorized to access repository") tag_for_del = "v1.0.0" repo_name, tag = push_self_build_image_to_project( project_access["project_name"], harbor_server, ADMIN_CLIENT["username"], ADMIN_CLIENT["password"], "test_del_artifact", tag_for_del) if project_access["check_list"][0]: #---repository:pull--- pull_harbor_image(harbor_server, SYSTEM_RA_CLIENT["username"], SYSTEM_RA_CLIENT["password"], repo_name, tag_for_del) else: pull_harbor_image( harbor_server, SYSTEM_RA_CLIENT["username"], SYSTEM_RA_CLIENT["password"], repo_name, tag_for_del, expected_error_message= "action: pull: unauthorized to access repository") if project_access["check_list"][2]: #---artifact:delete--- self.artifact.delete_artifact(project_access["project_name"], repo_name.split('/')[1], tag_for_del, **SYSTEM_RA_CLIENT) else: self.artifact.delete_artifact(project_access["project_name"], repo_name.split('/')[1], tag_for_del, expect_status_code=403, **SYSTEM_RA_CLIENT) #Prepare for chart read and delete self.chart.upload_chart( project_access["project_name"], r'./tests/apitests/python/{}-{}.tgz'.format( CHART_FILE_LIST[1]["name"], CHART_FILE_LIST[1]["version"]), **CHART_API_CLIENT) if project_access["check_list"][3]: #---helm-chart:read--- library.helm.helm2_fetch_chart_file( "chart_repo_" + base._random_name("repo"), harbor_url, project_access["project_name"], SYSTEM_RA_CLIENT["username"], SYSTEM_RA_CLIENT["password"], CHART_FILE_LIST[1]["name"]) else: library.helm.helm2_fetch_chart_file( "chart_repo_" + base._random_name("repo"), harbor_url, project_access["project_name"], SYSTEM_RA_CLIENT["username"], SYSTEM_RA_CLIENT["password"], CHART_FILE_LIST[1]["name"], expected_add_repo_error_message="403 Forbidden") if project_access["check_list"][ 4]: #---helm-chart-version:create--- self.chart.upload_chart( project_access["project_name"], r'./tests/apitests/python/{}-{}.tgz'.format( CHART_FILE_LIST[0]["name"], CHART_FILE_LIST[0]["version"]), **SYSTEM_RA_CHART_CLIENT) else: self.chart.upload_chart( project_access["project_name"], r'./tests/apitests/python/{}-{}.tgz'.format( CHART_FILE_LIST[0]["name"], CHART_FILE_LIST[0]["version"]), expect_status_code=403, **SYSTEM_RA_CHART_CLIENT) if project_access["check_list"][ 5]: #---helm-chart-version:delete--- self.chart.delete_chart_with_version( project_access["project_name"], CHART_FILE_LIST[1]["name"], CHART_FILE_LIST[1]["version"], **SYSTEM_RA_CHART_CLIENT) else: self.chart.delete_chart_with_version( project_access["project_name"], CHART_FILE_LIST[1]["name"], CHART_FILE_LIST[1]["version"], expect_status_code=403, **SYSTEM_RA_CHART_CLIENT) repo_name, tag = push_self_build_image_to_project( project_access["project_name"], harbor_server, ADMIN_CLIENT["username"], ADMIN_CLIENT["password"], "test_create_tag", "latest_1") self.artifact.create_tag(project_access["project_name"], repo_name.split('/')[1], tag, "for_delete", **ADMIN_CLIENT) if project_access["check_list"][6]: #---tag:create--- self.artifact.create_tag(project_access["project_name"], repo_name.split('/')[1], tag, "1.0", **SYSTEM_RA_CLIENT) else: self.artifact.create_tag(project_access["project_name"], repo_name.split('/')[1], tag, "1.0", expect_status_code=403, **SYSTEM_RA_CLIENT) if project_access["check_list"][7]: #---tag:delete--- self.artifact.delete_tag(project_access["project_name"], repo_name.split('/')[1], tag, "for_delete", **SYSTEM_RA_CLIENT) else: self.artifact.delete_tag(project_access["project_name"], repo_name.split('/')[1], tag, "for_delete", expect_status_code=403, **SYSTEM_RA_CLIENT) repo_name, tag = push_self_build_image_to_project( project_access["project_name"], harbor_server, ADMIN_CLIENT["username"], ADMIN_CLIENT["password"], "test_create_artifact_label", "latest_1") #Add project level label to artifact label_id, _ = self.label.create_label( project_id=project_access["project_id"], scope="p", **ADMIN_CLIENT) if project_access["check_list"][8]: #---artifact-label:create--- self.artifact.add_label_to_reference( project_access["project_name"], repo_name.split('/')[1], tag, int(label_id), **SYSTEM_RA_CLIENT) else: self.artifact.add_label_to_reference( project_access["project_name"], repo_name.split('/')[1], tag, int(label_id), expect_status_code=403, **SYSTEM_RA_CLIENT) if project_access["check_list"][9]: #---scan:create--- self.scan.scan_artifact(project_access["project_name"], repo_name.split('/')[1], tag, **SYSTEM_RA_CLIENT) else: self.scan.scan_artifact(project_access["project_name"], repo_name.split('/')[1], tag, expect_status_code=403, **SYSTEM_RA_CLIENT) #5. Disable the system robot account; self.robot.update_system_robot_account(system_robot_account_id, system_robot_account.name, robot_account_Permissions_list, disable=True, **ADMIN_CLIENT) #6. Verify the system robot account has no the corresponding rights; self.verify_repository_unpushable(project_access_list, SYSTEM_RA_CLIENT) #7. Enable the system robot account; self.robot.update_system_robot_account(system_robot_account_id, system_robot_account.name, robot_account_Permissions_list, disable=False, **ADMIN_CLIENT) #8. Verify the system robot account has the corresponding rights; self.verify_repository_pushable(project_access_list, SYSTEM_RA_CLIENT) #9. Refresh secret for the system robot account; new_secret = "new_secret_At_321" self.robot.refresh_robot_account_secret(system_robot_account_id, new_secret, **ADMIN_CLIENT) #10. Verify the system robot account has no the corresponding right with the old secret already; self.verify_repository_unpushable(project_access_list, SYSTEM_RA_CLIENT) #11. Verify the system robot account still has the corresponding right with the new secret; SYSTEM_RA_CLIENT["password"] = new_secret self.verify_repository_pushable(project_access_list, SYSTEM_RA_CLIENT) #12. List system robot account, then add a new project to the system robot account project permission list; self.robot.list_robot(**ADMIN_CLIENT) project_for_del_id, project_for_del_name = self.project.create_project( metadata={"public": "true"}, **ADMIN_CLIENT) robot_account_Permissions = v2_swagger_client.Permission( kind="project", namespace=project_for_del_name, access=access_list_list[0]) robot_account_Permissions_list.append(robot_account_Permissions) self.robot.update_system_robot_account(system_robot_account_id, system_robot_account.name, robot_account_Permissions_list, **ADMIN_CLIENT) self.robot.list_robot(**ADMIN_CLIENT) #13. Delete this project; self.project.delete_project(project_for_del_id, **ADMIN_CLIENT) #14. List system robot account successfully; self.robot.list_robot(**ADMIN_CLIENT) #15. Delete the system robot account; self.robot.delete_robot_account(system_robot_account_id, **ADMIN_CLIENT) #16. Verify the system robot account has no the corresponding right; self.verify_repository_unpushable(project_access_list, SYSTEM_RA_CLIENT) #17. Add a system robot account with all project coverd; all_true_access_list = self.robot.create_access_list([True] * 10) robot_account_Permissions_list = [] robot_account_Permissions = v2_swagger_client.Permission( kind="project", namespace="*", access=all_true_access_list) robot_account_Permissions_list.append(robot_account_Permissions) _, system_robot_account_cover_all = self.robot.create_system_robot( robot_account_Permissions_list, 300) #18. Verify the system robot account has no the corresponding right; print("system_robot_account_cover_all:", system_robot_account_cover_all) SYSTEM_RA_CLIENT_COVER_ALL = dict( endpoint=TestRobotAccount.url, username=system_robot_account_cover_all.name, password=system_robot_account_cover_all.secret) projects = self.project.get_projects(dict(), **ADMIN_CLIENT) print("All projects:", projects) project_access_list = [] for i in range(len(projects)): project_access_list.append( dict(project_name=projects[i].name, project_id=projects[i].project_id, check_list=all_true_access_list)) self.verify_repository_pushable(project_access_list, SYSTEM_RA_CLIENT_COVER_ALL)
def testAddIndexByDockerManifest(self): """ Test case: Push Index By Docker Manifest Test step and expected result: 1. Create a new user(UA); 2. Create a new project(PA) by user(UA); 3. Create 2 new repositorys(RA,RB) in project(PA) by user(UA); 4. Push an index(IA) to Harbor by docker manifest CLI successfully; 5. Get Artifacts successfully; 6. Get index(IA) by reference successfully; 7. Verify harbor index is index(IA) pushed by docker manifest CLI; 8.1 Verify harbor index(IA) can be pulled by docker CLI successfully; 8.2 Verify harbor index(IA) can be pulled by docker CLI successfully; 9. Get addition successfully; 10. Unable to Delete artifact in manifest list; 11. Delete index successfully. Tear down: 1. Delete repository(RA,RB,IA) by user(UA); 2. Delete project(PA); 3. Delete user(UA). """ #1. Create a new user(UA); TestProjects.user_id, user_name = self.user.create_user( user_password=self.user_push_index_password, **ADMIN_CLIENT) TestProjects.USER_CLIENT = dict(endpoint=self.url, username=user_name, password=self.user_push_index_password) #2. Create a new project(PA) by user(UA); TestProjects.project_push_index_id, TestProjects.project_push_index_name = self.project.create_project( metadata={"public": "false"}, **TestProjects.USER_CLIENT) #3. Create 2 new repositorys(RA,RB) in project(PA) by user(UA); repo_name_a, tag_a = push_image_to_project( TestProjects.project_push_index_name, harbor_server, 'admin', 'Harbor12345', self.image_a, "latest") repo_name_b, tag_b = push_image_to_project( TestProjects.project_push_index_name, harbor_server, 'admin', 'Harbor12345', self.image_b, "latest") #4. Push an index(IA) to Harbor by docker manifest CLI successfully; manifests = [ harbor_server + "/" + repo_name_a + ":" + tag_a, harbor_server + "/" + repo_name_b + ":" + tag_b ] index = harbor_server + "/" + TestProjects.project_push_index_name + "/" + self.index_name + ":" + self.index_tag index_sha256_cli_ret, manifests_sha256_cli_ret = library.docker_api.docker_manifest_push_to_harbor( index, manifests, harbor_server, user_name, self.user_push_index_password) #5. Get Artifacts successfully; artifacts = self.artifact.list_artifacts( TestProjects.project_push_index_name, self.index_name, **TestProjects.USER_CLIENT) artifacts_ref_child_list = [ artifacts[0].references[1].child_digest, artifacts[0].references[0].child_digest ] self.assertEqual( artifacts_ref_child_list.count(manifests_sha256_cli_ret[0]), 1) self.assertEqual( artifacts_ref_child_list.count(manifests_sha256_cli_ret[1]), 1) #6. Get index(IA) by reference successfully; index_data = self.artifact.get_reference_info( TestProjects.project_push_index_name, self.index_name, self.index_tag, **TestProjects.USER_CLIENT) manifests_sha256_harbor_ret = [ index_data[0].references[1].child_digest, index_data[0].references[0].child_digest ] #7. Verify harbor index is index(IA) pushed by docker manifest CLI; self.assertEqual(index_data[0].digest, index_sha256_cli_ret) self.assertEqual( manifests_sha256_harbor_ret.count(manifests_sha256_cli_ret[0]), 1) self.assertEqual( manifests_sha256_harbor_ret.count(manifests_sha256_cli_ret[1]), 1) #8.1 Verify harbor index(IA) can be pulled by docker CLI successfully; pull_harbor_image( harbor_server, user_name, self.user_push_index_password, TestProjects.project_push_index_name + "/" + self.index_name, self.index_tag) #8.2 Verify harbor index(IA) can be pulled by ctr successfully; oci_ref = harbor_server + "/" + TestProjects.project_push_index_name + "/" + self.index_name + ":" + self.index_tag library.containerd.ctr_images_pull(user_name, self.user_push_index_password, oci_ref) library.containerd.ctr_images_list(oci_ref=oci_ref) #9. Get addition successfully; addition_v = self.artifact.get_addition( TestProjects.project_push_index_name, self.index_name, self.index_tag, "vulnerabilities", **TestProjects.USER_CLIENT) self.assertEqual(addition_v[0], '{}') #This artifact has no build history addition_v = self.artifact.get_addition( TestProjects.project_push_index_name, self.index_name, manifests_sha256_cli_ret[0], "vulnerabilities", **TestProjects.USER_CLIENT) self.assertEqual(addition_v[0], '{}') addition_b = self.artifact.get_addition( TestProjects.project_push_index_name, self.index_name, manifests_sha256_cli_ret[0], "build_history", **TestProjects.USER_CLIENT) self.assertIn("ADD file:", addition_b[0]) image_data = self.artifact.get_reference_info( TestProjects.project_push_index_name, self.index_name, manifests_sha256_cli_ret[0], **TestProjects.USER_CLIENT) addition_v = self.artifact.get_addition( TestProjects.project_push_index_name, self.index_name, manifests_sha256_cli_ret[1], "vulnerabilities", **TestProjects.USER_CLIENT) self.assertEqual(addition_v[0], '{}') addition_b = self.artifact.get_addition( TestProjects.project_push_index_name, self.index_name, manifests_sha256_cli_ret[1], "build_history", **TestProjects.USER_CLIENT) self.assertIn("ADD file:", addition_b[0]) image_data = self.artifact.get_reference_info( TestProjects.project_push_index_name, self.index_name, manifests_sha256_cli_ret[0], **TestProjects.USER_CLIENT) #10. Unable to Delete artifact in manifest list; self.artifact.delete_artifact(TestProjects.project_push_index_name, self.index_name, manifests_sha256_cli_ret[0], expect_status_code=412, **TestProjects.USER_CLIENT) #11. Delete index successfully. self.artifact.delete_artifact(TestProjects.project_push_index_name, self.index_name, self.index_tag, **TestProjects.USER_CLIENT)
def do_validate(self, registry_type): """ Test case: Proxy Cache Image From Harbor Test step and expected result: 1. Create a new registry; 2. Create a new project; 3. Add a new user as a member of project; 4. Pull image from this project by docker CLI; 5. Pull image from this project by ctr CLI; 6. Pull manifest index from this project by docker CLI; 7. Pull manifest from this project by ctr CLI; 8. Image pulled by docker CLI should be cached; 9. Image pulled by ctr CLI should be cached; 10. Manifest index pulled by docker CLI should be cached; 11. Manifest index pulled by ctr CLI should be cached; Tear down: 1. Delete project(PA); 2. Delete user(UA). """ user_id, user_name = self.user.create_user( user_password=self.user_password, **ADMIN_CLIENT) USER_CLIENT = dict(with_signature=True, endpoint=self.url, username=user_name, password=self.user_password) image_for_docker = dict(image="for_proxy", tag="1.0") image_for_ctr = dict(image="redis", tag="latest") index_for_docker = dict(image="index081597864867", tag="index_tag081597864867") access_key = "" access_secret = "" #1. Create a new registry; if registry_type == "docker-hub": user_namespace = "danfengliu" access_key = user_namespace access_secret = "Aa123456" registry = "https://hub.docker.com" # Memo: ctr will not send image pull request if manifest list already exist, so we pull different manifest list for different registry; index_for_ctr = dict(image="alpine", tag="3.12.0") else: user_namespace = "nightly" registry = "https://cicd.harbor.vmwarecna.net" index_for_ctr = dict(image="busybox", tag="1.32.0") registry_id, _ = self.registry.create_registry( registry, name=_random_name(registry_type), registry_type=registry_type, access_key=access_key, access_secret=access_secret, insecure=False, **ADMIN_CLIENT) print("registry_id:", registry_id) #2. Create a new project; project_id, project_name = self.project.create_project( registry_id=registry_id, metadata={"public": "false"}, **ADMIN_CLIENT) print("project_id:", project_id) print("project_name:", project_name) #3. Add a new user as a member of project; self.project.add_project_members(project_id, user_id=user_id, **ADMIN_CLIENT) #4. Pull image from this project by docker CLI; pull_harbor_image( harbor_server, USER_CLIENT["username"], USER_CLIENT["password"], project_name + "/" + user_namespace + "/" + image_for_docker["image"], image_for_docker["tag"]) #5. Pull image from this project by ctr CLI; oci_ref = harbor_server + "/" + project_name + "/" + user_namespace + "/" + image_for_ctr[ "image"] + ":" + image_for_ctr["tag"] library.containerd.ctr_images_pull(user_name, self.user_password, oci_ref) library.containerd.ctr_images_list(oci_ref=oci_ref) #6. Pull manifest index from this project by docker CLI; index_repo_name = user_namespace + "/" + index_for_docker["image"] pull_harbor_image(harbor_server, user_name, self.user_password, project_name + "/" + index_repo_name, index_for_docker["tag"]) #7. Pull manifest from this project by ctr CLI; index_repo_name_for_ctr = user_namespace + "/" + index_for_ctr["image"] oci_ref = harbor_server + "/" + project_name + "/" + index_repo_name_for_ctr + ":" + index_for_ctr[ "tag"] library.containerd.ctr_images_pull(user_name, self.user_password, oci_ref) library.containerd.ctr_images_list(oci_ref=oci_ref) #8. Image pulled by docker CLI should be cached; self.artifact.waiting_for_reference_exist( project_name, urllib.parse.quote( user_namespace + "/" + image_for_docker["image"], 'utf-8'), image_for_docker["tag"], **USER_CLIENT) #9. Image pulled by ctr CLI should be cached; self.artifact.waiting_for_reference_exist( project_name, urllib.parse.quote(user_namespace + "/" + image_for_ctr["image"], 'utf-8'), image_for_ctr["tag"], **USER_CLIENT) #10. Manifest index pulled by docker CLI should be cached; ret_index_by_d = self.artifact.waiting_for_reference_exist( project_name, urllib.parse.quote(index_repo_name, 'utf-8'), index_for_docker["tag"], **USER_CLIENT) print("Index's reference by docker CLI:", ret_index_by_d[0].references) self.assertTrue(len(ret_index_by_d[0].references) == 1) #11. Manifest index pulled by ctr CLI should be cached; ret_index_by_c = self.artifact.waiting_for_reference_exist( project_name, urllib.parse.quote(index_repo_name_for_ctr, 'utf-8'), index_for_ctr["tag"], **USER_CLIENT) print("Index's reference by ctr CLI:", ret_index_by_c[0].references) self.assertTrue(len(ret_index_by_c[0].references) == 1)
def test_01_ProjectlevelRobotAccount(self): """ Test case: Robot Account Test step and expected result: 1. Create user(UA); 2. Create private project(PA), private project(PB) and public project(PC) by user(UA); 3. Push image(ImagePA) to project(PA), image(ImagePB) to project(PB) and image(ImagePC) to project(PC) by user(UA); 4. Create a new robot account(RA) with pull and push privilige in project(PA) by user(UA); 5. Check robot account info, it should has both pull and push priviliges; 6. Pull image(ImagePA) from project(PA) by robot account(RA), it must be successful; 7. Push image(ImageRA) to project(PA) by robot account(RA), it must be successful; 8. Push image(ImageRA) to project(PB) by robot account(RA), it must be not successful; 9. Pull image(ImagePB) from project(PB) by robot account(RA), it must be not successful; 10. Pull image from project(PC), it must be successful; 11. Push image(ImageRA) to project(PC) by robot account(RA), it must be not successful; 12. Update action property of robot account(RA); 13. Pull image(ImagePA) from project(PA) by robot account(RA), it must be not successful; 14. Push image(ImageRA) to project(PA) by robot account(RA), it must be not successful; 15. Delete robot account(RA). 16. Create user(UB), Create public project(PD) by user(UB), user(UA) can't create robot account for project(PD). Tear down: 1. Delete repository(RA) by user(UA); 2. Delete project(PA); 3. Delete user(UA). """ image_project_a = "haproxy" image_project_b = "image_project_b" image_project_c = "httpd" image_robot_account = "alpine" tag = "latest" #1. Create user(UA);" self.user_ra_id, user_ra_name = self.user.create_user( user_password=TestRobotAccount.user_ra_password, **ADMIN_CLIENT) self.USER_RA_CLIENT = dict(endpoint=TestRobotAccount.url, username=user_ra_name, password=TestRobotAccount.user_ra_password) #2. Create private project(PA), private project(PB) and public project(PC) by user(UA); self.project_ra_id_a, self.project_ra_name_a = self.project.create_project( metadata={"public": "false"}, **self.USER_RA_CLIENT) self.project_ra_id_b, self.project_ra_name_b = self.project.create_project( metadata={"public": "false"}, **self.USER_RA_CLIENT) self.project_ra_id_c, self.project_ra_name_c = self.project.create_project( metadata={"public": "true"}, **self.USER_RA_CLIENT) #3. Push image(ImagePA) to project(PA), image(ImagePB) to project(PB) and image(ImagePC) to project(PC) by user(UA); self.repo_name_in_project_a, tag_a = push_self_build_image_to_project( self.project_ra_name_a, harbor_server, user_ra_name, TestRobotAccount.user_ra_password, image_project_a, tag) self.repo_name_in_project_b, tag_b = push_self_build_image_to_project( self.project_ra_name_b, harbor_server, user_ra_name, TestRobotAccount.user_ra_password, image_project_b, tag) self.repo_name_in_project_c, tag_c = push_self_build_image_to_project( self.project_ra_name_c, harbor_server, user_ra_name, TestRobotAccount.user_ra_password, image_project_c, tag) #4. Create a new robot account(RA) with pull and push privilege in project(PA) by user(UA); robot_id_a, robot_account_a = self.robot.create_project_robot( self.project_ra_name_a, 30, **self.USER_RA_CLIENT) robot_id_b, robot_account_b = self.robot.create_project_robot( self.project_ra_name_b, 30, **self.USER_RA_CLIENT) #5. Check robot account info, it should has both pull and push privilege; data = self.robot.get_robot_account_by_id(robot_id_a, **self.USER_RA_CLIENT) _assert_status_code(robot_account_a.name, data.name) #6. Pull image(ImagePA) from project(PA) by robot account(RA), it must be successful; pull_harbor_image(harbor_server, robot_account_a.name, robot_account_a.secret, self.repo_name_in_project_a, tag_a) #7. Push image(ImageRA) to project(PA) by robot account(RA), it must be successful; self.repo_name_pa, _ = push_self_build_image_to_project( self.project_ra_name_a, harbor_server, robot_account_a.name, robot_account_a.secret, image_robot_account, tag) #8. Push image(ImageRA) to project(PB) by robot account(RA), it must be not successful; push_self_build_image_to_project( self.project_ra_name_b, harbor_server, robot_account_a.name, robot_account_a.secret, image_robot_account, tag, expected_error_message="unauthorized to access repository") #9. Pull image(ImagePB) from project(PB) by robot account(RA), it must be not successful; pull_harbor_image( harbor_server, robot_account_a.name, robot_account_a.secret, self.repo_name_in_project_b, tag_b, expected_error_message="unauthorized to access repository") #10. Pull image from project(PC), it must be successful; pull_harbor_image(harbor_server, robot_account_a.name, robot_account_a.secret, self.repo_name_in_project_c, tag_c) #11. Push image(ImageRA) to project(PC) by robot account(RA), it must be not successful; push_self_build_image_to_project( self.project_ra_name_c, harbor_server, robot_account_a.name, robot_account_a.secret, image_robot_account, tag, expected_error_message="unauthorized to access repository") #12. Update action property of robot account(RA);" self.robot.disable_robot_account(robot_id_a, True, **self.USER_RA_CLIENT) #13. Pull image(ImagePA) from project(PA) by robot account(RA), it must be not successful; pull_harbor_image( harbor_server, robot_account_a.name, robot_account_a.secret, self.repo_name_in_project_a, tag_a, expected_login_error_message="unauthorized: authentication required" ) #14. Push image(ImageRA) to project(PA) by robot account(RA), it must be not successful; push_self_build_image_to_project( self.project_ra_name_a, harbor_server, robot_account_a.name, robot_account_a.secret, image_robot_account, tag, expected_login_error_message="unauthorized: authentication required" ) #15. Delete robot account(RA). self.robot.delete_robot_account(robot_id_a, **self.USER_RA_CLIENT) #16. Create user(UB), Create public project(PD) by user(UB), user(UA) can't create robot account for project(PD). self.user_ra_id_b, user_ra_name_b = self.user.create_user( user_password=TestRobotAccount.user_ra_password, **ADMIN_CLIENT) self.USER_RA_CLIENT_B = dict( endpoint=TestRobotAccount.url, username=user_ra_name_b, password=TestRobotAccount.user_ra_password) self.project_ra_id_d, self.project_ra_name_d = self.project.create_project( metadata={"public": "true"}, **self.USER_RA_CLIENT_B) self.robot.create_project_robot(self.project_ra_name_d, 30, expect_status_code=403, **self.USER_RA_CLIENT) self.do_01_tearDown()
def testAddIndexByDockerManifest(self): """ Test case: Push Index By Docker Manifest Test step and expected result: 1. Create a new user(UA); 2. Create a new project(PA) by user(UA); 3. Create 2 new repositorys(RA,RB) in project(PA) by user(UA); 4. Push an index(IA) to Harbor by docker manifest CLI successfully; 5. Get index(IA) from Harbor successfully; 6. Verify harbor index is index(IA) pushed by docker manifest CLI; 7. Verify harbor index(IA) can be pulled by docker CLI successfully. Tear down: 1. Delete repository(RA,RB,IA) by user(UA); 2. Delete project(PA); 3. Delete user(UA). """ #1. Create a new user(UA); TestProjects.user_id, user_name = self.user.create_user( user_password=self.user_push_index_password, **ADMIN_CLIENT) TestProjects.USER_CLIENT = dict(endpoint=self.url, username=user_name, password=self.user_push_index_password) #2. Create a new project(PA) by user(UA); TestProjects.project_push_index_id, TestProjects.project_push_index_name = self.project.create_project( metadata={"public": "false"}, **TestProjects.USER_CLIENT) #3. Create 2 new repositorys(RA,RB) in project(PA) by user(UA); repo_name_a, tag_a = push_image_to_project( TestProjects.project_push_index_name, harbor_server, 'admin', 'Harbor12345', self.image_a, "latest") repo_name_b, tag_b = push_image_to_project( TestProjects.project_push_index_name, harbor_server, 'admin', 'Harbor12345', self.image_b, "latest") #4. Push an index(IA) to Harbor by docker manifest CLI successfully; manifests = [ harbor_server + "/" + repo_name_a + ":" + tag_a, harbor_server + "/" + repo_name_b + ":" + tag_b ] index = harbor_server + "/" + TestProjects.project_push_index_name + "/" + self.index_name + ":" + self.index_tag index_sha256_cli_ret, manifests_sha256_cli_ret = library.docker_api.docker_manifest_push_to_harbor( index, manifests, harbor_server, user_name, self.user_push_index_password) #5. Get index(IA) from Harbor successfully; index_data = self.artifact.get_reference_info( TestProjects.project_push_index_name, self.index_name, self.index_tag, **TestProjects.USER_CLIENT) manifests_sha256_harbor_ret = [ index_data[0].references[1].child_digest, index_data[0].references[0].child_digest ] #6. Verify harbor index is index(IA) pushed by docker manifest CLI; self.assertEqual(index_data[0].digest, index_sha256_cli_ret) self.assertEqual( manifests_sha256_harbor_ret.count(manifests_sha256_cli_ret[0]), 1) self.assertEqual( manifests_sha256_harbor_ret.count(manifests_sha256_cli_ret[1]), 1) #7. Verify harbor index(IA) can be pulled by docker CLI successfully; pull_harbor_image( harbor_server, user_name, self.user_push_index_password, TestProjects.project_push_index_name + "/" + self.index_name, self.index_tag)