class TestUserGroup(unittest.TestCase): """UserGroup unit test stubs""" product_api = testutils.GetProductApi("admin", "Harbor12345") groupId = 0 def setUp(self): self.conf = Configurations() self.conf.set_configurations_of_ldap( ldap_filter="", ldap_group_attribute_name="cn", ldap_group_base_dn="ou=groups,dc=example,dc=com", ldap_group_search_filter="objectclass=groupOfNames", ldap_group_search_scope=2, **ADMIN_CLIENT) pass def tearDown(self): if self.groupId > 0: self.product_api.usergroups_group_id_delete(group_id=self.groupId) pass def testAddUpdateUserGroup(self): """Test UserGroup""" user_group = UserGroup( group_name="harbor_group123", group_type=1, ldap_group_dn="cn=harbor_group,ou=groups,dc=example,dc=com") result = self.product_api.usergroups_post(usergroup=user_group) pprint(result) user_groups = self.product_api.usergroups_get() found = False for ug in user_groups: if ug.group_name == "harbor_group123": found = True print("Found usergroup") pprint(ug) self.groupId = ug.id self.assertTrue(found) result = self.product_api.usergroups_group_id_put( self.groupId, usergroup=UserGroup(group_name="newharbor_group")) new_user_group = self.product_api.usergroups_group_id_get( group_id=self.groupId) self.assertEqual("newharbor_group", new_user_group.group_name) pass
class TestLdapAdminRole(unittest.TestCase): @classmethod def setUp(self): url = ADMIN_CLIENT["endpoint"] self.conf = Configurations() self.user = User() self.project = Project() self.USER_MIKE = dict(endpoint=url, username="******", password="******") @classmethod def tearDown(self): self.project.delete_project(TestLdapAdminRole.project_id, **self.USER_MIKE) print("Case completed") def testLdapAdminRole(self): """ Test case: LDAP Admin Role Test step and expected result: 1. Set LDAP Auth configurations; 2. Create a new public project(PA) by LDAP user mike; 3. Check project is created successfully; 4. Check mike's SysAdminFlag is false, but AdminRoleInAuth should be true 5. Delete project(PA); """ self.conf.set_configurations_of_ldap( ldap_group_admin_dn="cn=harbor_users,ou=groups,dc=example,dc=com", **ADMIN_CLIENT) TestLdapAdminRole.project_id, project_name = self.project.create_project( metadata={"public": "false"}, **self.USER_MIKE) self.project.check_project_name_exist(name=project_name, **self.USER_MIKE) _user = self.user.get_user_current(**self.USER_MIKE) print(_user) self.assertFalse(_user.sysadmin_flag) self.assertTrue(_user.admin_role_in_auth)
class TestAssignRoleToLdapGroup(unittest.TestCase): @classmethod def setUp(self): self.conf = Configurations() self.project = Project() self.artifact = Artifact() self.repo = Repository() self.scan = Scan() @classmethod def tearDown(self): print("Case completed") def TestAssignRoleToLdapGroup(self): """ Test case: Assign Role To Ldap Group Test step and expected result: 1. Set LDAP Auth configurations; 2. Create a new public project(PA) by Admin; 3. Add 3 member groups to project(PA); 4. Push image by each member role; 5. Verfify that admin_user and dev_user can push image, guest_user can not push image; 6. Verfify that admin_user, dev_user and guest_user can view logs, test user can not view logs. 7. Delete repository(RA) by user(UA); 8. Delete project(PA); """ url = ADMIN_CLIENT["endpoint"] USER_ADMIN = dict(endpoint=url, username="******", password="******", repo="hello-world") USER_DEV = dict(endpoint=url, username="******", password="******", repo="alpine") USER_GUEST = dict(endpoint=url, username="******", password="******", repo="busybox") USER_TEST = dict(endpoint=url, username="******", password="******") self.conf.set_configurations_of_ldap( ldap_filter="", ldap_group_attribute_name="cn", ldap_group_base_dn="ou=groups,dc=example,dc=com", ldap_group_search_filter="objectclass=groupOfNames", ldap_group_search_scope=2, **ADMIN_CLIENT) with created_project(metadata={"public": "false"}) as (project_id, project_name): self.project.add_project_members( project_id, member_role_id=1, _ldap_group_dn="cn=harbor_admin,ou=groups,dc=example,dc=com", **ADMIN_CLIENT) self.project.add_project_members( project_id, member_role_id=2, _ldap_group_dn="cn=harbor_dev,ou=groups,dc=example,dc=com", **ADMIN_CLIENT) self.project.add_project_members( project_id, member_role_id=3, _ldap_group_dn="cn=harbor_guest,ou=groups,dc=example,dc=com", **ADMIN_CLIENT) projects = self.project.get_projects(dict(name=project_name), **USER_ADMIN) self.assertTrue(len(projects) == 1) self.assertEqual(1, projects[0].current_user_role_id) repo_name_admin, _ = push_image_to_project( project_name, harbor_server, USER_ADMIN["username"], USER_ADMIN["password"], USER_ADMIN["repo"], "latest") artifacts = self.artifact.list_artifacts(project_name, USER_ADMIN["repo"], **USER_ADMIN) self.assertTrue(len(artifacts) == 1) repo_name_dev, _ = push_image_to_project( project_name, harbor_server, USER_DEV["username"], USER_DEV["password"], USER_DEV["repo"], "latest") artifacts = self.artifact.list_artifacts(project_name, USER_DEV["repo"], **USER_DEV) self.assertTrue(len(artifacts) == 1) push_image_to_project(project_name, harbor_server, USER_GUEST["username"], USER_GUEST["password"], USER_GUEST["repo"], "latest") artifacts = self.artifact.list_artifacts(project_name, USER_GUEST["repo"], **USER_GUEST) self.assertTrue(len(artifacts) == 0) self.assertTrue( self.project.query_user_logs(project_name, **USER_ADMIN) > 0, "admin user can see logs") self.assertTrue( self.project.query_user_logs(project_name, **USER_DEV) > 0, "dev user can see logs") self.assertTrue( self.project.query_user_logs(project_name, **USER_GUEST) > 0, "guest user can see logs") self.assertTrue( self.project.query_user_logs(project_name, status_code=403, **USER_TEST) == 0, "test user can not see any logs") self.repo.delete_repoitory(project_name, repo_name_admin.split('/')[1], **USER_ADMIN) self.repo.delete_repoitory(project_name, repo_name_dev.split('/')[1], **USER_ADMIN)
class TestAssignRoleToLdapGroup(unittest.TestCase): @suppress_urllib3_warning def setUp(self): self.conf = Configurations() self.project = Project() self.artifact = Artifact() self.repo = Repository() self.user = User() @unittest.skipIf(TEARDOWN == False, "Test data won't be erased.") def tearDown(self): print("Case completed") def testAssignRoleToLdapGroup(self): """ Test case: Assign Role To Ldap Group Test step and expected result: 1. Set LDAP Auth configurations; 2. Create a new public project(PA) by Admin; 3. Add 3 member groups to project(PA); 4. Push image by each member role; 5. Verfify that admin_user can add project member, dev_user and guest_user can not add project member; 6. Verfify that admin_user and dev_user can push image, guest_user can not push image; 7. Verfify that admin_user, dev_user and guest_user can view logs, test user can not view logs. 8. Delete repository(RA) by user(UA); 9. Delete project(PA); """ url = ADMIN_CLIENT["endpoint"] USER_ADMIN = dict(endpoint=url, username="******", password="******", repo="haproxy") USER_DEV = dict(endpoint=url, username="******", password="******", repo="alpine") USER_GUEST = dict(endpoint=url, username="******", password="******", repo="busybox") USER_TEST = dict(endpoint=url, username="******", password="******") USER_MIKE = dict(endpoint=url, username="******", password="******") #USER001 is in group harbor_group3 self.conf.set_configurations_of_ldap( ldap_filter="", ldap_group_attribute_name="cn", ldap_group_base_dn="ou=groups,dc=example,dc=com", ldap_group_search_filter="objectclass=groupOfNames", ldap_group_search_scope=2, **ADMIN_CLIENT) with created_project(metadata={"public": "false"}) as (project_id, project_name): self.project.add_project_members( project_id, member_role_id=1, _ldap_group_dn="cn=harbor_admin,ou=groups,dc=example,dc=com", **ADMIN_CLIENT) self.project.add_project_members( project_id, member_role_id=2, _ldap_group_dn="cn=harbor_dev,ou=groups,dc=example,dc=com", **ADMIN_CLIENT) self.project.add_project_members( project_id, member_role_id=3, _ldap_group_dn="cn=harbor_guest,ou=groups,dc=example,dc=com", **ADMIN_CLIENT) projects = self.project.get_projects(dict(name=project_name), **USER_ADMIN) self.assertTrue(len(projects) == 1) self.assertEqual(1, projects[0].current_user_role_id) #Mike has logged in harbor in previous test. mike = self.user.get_user_by_name(USER_MIKE["username"], **ADMIN_CLIENT) #Verify role difference in add project member feature, to distinguish between admin and dev role self.project.add_project_members(project_id, user_id=mike.user_id, member_role_id=3, **USER_ADMIN) self.project.add_project_members(project_id, user_id=mike.user_id, member_role_id=3, expect_status_code=403, **USER_DEV) self.project.add_project_members(project_id, user_id=mike.user_id, member_role_id=3, expect_status_code=403, **USER_GUEST) repo_name_admin, _ = push_image_to_project( project_name, harbor_server, USER_ADMIN["username"], USER_ADMIN["password"], USER_ADMIN["repo"], "latest") artifacts = self.artifact.list_artifacts(project_name, USER_ADMIN["repo"], **USER_ADMIN) self.assertTrue(len(artifacts) == 1) repo_name_dev, _ = push_image_to_project( project_name, harbor_server, USER_DEV["username"], USER_DEV["password"], USER_DEV["repo"], "latest") artifacts = self.artifact.list_artifacts(project_name, USER_DEV["repo"], **USER_DEV) self.assertTrue(len(artifacts) == 1) push_image_to_project( project_name, harbor_server, USER_GUEST["username"], USER_GUEST["password"], USER_GUEST["repo"], "latest", expected_error_message="unauthorized to access repository") artifacts = self.artifact.list_artifacts(project_name, USER_GUEST["repo"], **USER_GUEST) self.assertTrue(len(artifacts) == 0) self.assertTrue( self.project.query_user_logs(project_name, **USER_ADMIN) > 0, "admin user can see logs") self.assertTrue( self.project.query_user_logs(project_name, **USER_DEV) > 0, "dev user can see logs") self.assertTrue( self.project.query_user_logs(project_name, **USER_GUEST) > 0, "guest user can see logs") self.assertTrue( self.project.query_user_logs(project_name, status_code=403, **USER_TEST) == 0, "test user can not see any logs") self.repo.delete_repository(project_name, repo_name_admin.split('/')[1], **USER_ADMIN) self.repo.delete_repository(project_name, repo_name_dev.split('/')[1], **USER_ADMIN)