def test_push_with_dist_perms(self):
"""
Test that it's enough to have container distribution and namespace perms to perform push.
It also checks read abilities for users with different set of permissions.
"""
repo_name = "test/perms"
local_url = "/".join([self.registry_name, f"{repo_name}:2.0"])
image_path = f"{DOCKERHUB_PULP_FIXTURE_1}:manifest_a"
self._push(image_path, local_url, self.user_creator)
distributions = self.user_creator["distribution_api"].list(
name="test/perms")
add_user_to_distribution_group(
self.user_dist_collaborator,
distributions.results[0],
"collaborators",
self.user_creator,
)
distributions = self.user_creator["distribution_api"].list(
name="test/perms")
add_user_to_distribution_group(
self.user_dist_consumer,
distributions.results[0],
"consumers",
self.user_creator,
)
add_user_to_namespace_group(
self.user_namespace_collaborator,
"test",
"collaborators",
self.user_creator,
)
self.assertEqual(self.pushrepository_api.list(name=repo_name).count, 1)
self.assertEqual(
self.user_creator["pushrepository_api"].list(name=repo_name).count,
1)
self.assertEqual(
self.user_dist_collaborator["pushrepository_api"].list(
name=repo_name).count, 1)
self.assertEqual(
self.user_dist_consumer["pushrepository_api"].list(
name=repo_name).count, 1)
self.assertEqual(
self.user_namespace_collaborator["pushrepository_api"].list(
name=repo_name).count, 1)
self.assertEqual(
self.user_reader["pushrepository_api"].list(name=repo_name).count,
1)
# cleanup, namespace removal also removes related distributions
namespace = self.namespace_api.list(name="test").results[0]
self.addCleanup(self.namespace_api.delete, namespace.pulp_href)
def test_private_repository(self):
"""
Test that you can create a private distribution and push to it.
Test that the same user can pull, but another cannot.
Test that the other user can pull after marking it non-private.
"""
# cleanup, namespace removal also removes related distributions
try:
namespace = self.namespace_api.list(name="test").results[0]
namespace_response = self.namespace_api.delete(namespace.pulp_href)
monitor_task(namespace_response.task)
except Exception:
pass
repo_name = "test/private"
local_url = "/".join([self.registry_name, f"{repo_name}:2.0"])
image_path = f"{DOCKERHUB_PULP_FIXTURE_1}:manifest_a"
distribution = {
"name": "test/private",
"base_path": "test/private",
"private": True
}
distribution_response = self.user_creator["distribution_api"].create(
distribution)
created_resources = monitor_task(
distribution_response.task).created_resources
distribution = self.user_creator["distribution_api"].read(
created_resources[0])
self._push(image_path, local_url, self.user_creator)
self._pull(local_url, self.user_creator)
add_user_to_distribution_group(self.user_dist_consumer, distribution,
"consumers", self.user_creator)
self._pull(local_url, self.user_dist_consumer)
with self.assertRaises(exceptions.CalledProcessError):
self._pull(local_url, self.user_reader)
with self.assertRaises(exceptions.CalledProcessError):
self._pull(local_url, self.user_helpless)
distribution.private = False
distribution_response = self.user_creator[
"distribution_api"].partial_update(distribution.pulp_href,
{"private": False})
monitor_task(distribution_response.task)
self._pull(local_url, self.user_reader)
self._pull(local_url, self.user_helpless)
# cleanup, namespace removal also removes related distributions
namespace = self.namespace_api.list(name="test").results[0]
self.addCleanup(self.namespace_api.delete, namespace.pulp_href)
def test_push_to_existing_namespace(self):
"""
Test the push to existing namespace with collaborator permissions.
Container distribution perms and manage-namespace one should be enough
to push a new distribution.
Container distribution perms shouls be enough to push to the existing
distribution.
"""
repo_name = "team/owner"
local_url = "/".join([self.registry_name, f"{repo_name}:2.0"])
image_path = f"{DOCKERHUB_PULP_FIXTURE_1}:manifest_a"
self._push(image_path, local_url, self.user_creator)
# Add user_dist_collaborator to the collaborator group
distributions = self.user_creator["distribution_api"].list(
name="team/owner")
add_user_to_distribution_group(
self.user_dist_collaborator,
distributions.results[0],
"collaborators",
self.user_creator,
)
collab_repo_name = "team/owner"
local_url = "/".join([self.registry_name, f"{collab_repo_name}:2.0"])
image_path = f"{DOCKERHUB_PULP_FIXTURE_1}:manifest_b"
self._push(image_path, local_url, self.user_dist_collaborator)
collab_repo_name = "team/collab"
local_url = "/".join([self.registry_name, f"{collab_repo_name}:2.0"])
image_path = f"{DOCKERHUB_PULP_FIXTURE_1}:manifest_d"
with self.assertRaises(exceptions.CalledProcessError):
self._push(image_path, local_url, self.user_dist_collaborator)
add_user_to_namespace_group(self.user_namespace_collaborator, "team",
"collaborators", self.user_creator)
collab_repo_name = "team/collab"
local_url = "/".join([self.registry_name, f"{collab_repo_name}:2.0"])
image_path = f"{DOCKERHUB_PULP_FIXTURE_1}:manifest_c"
self._push(image_path, local_url, self.user_namespace_collaborator)
# cleanup, namespace removal also removes related distributions
namespace = self.namespace_api.list(name="team").results[0]
self.addCleanup(self.namespace_api.delete, namespace.pulp_href)
